From 7113f87f32e368949a6821cd36a2201315d488ea Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 17 Dec 2021 04:10:31 -0600 Subject: [PATCH 001/344] Detect, recored if wifi can be AP and suppress installing supporting files --- roles/network/defaults/main.yml | 1 + roles/network/tasks/detected_network.yml | 12 ++++++++++++ roles/network/tasks/hostapd.yml | 16 +++++++++------- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index f647af6ec..8fb1226d6 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -59,6 +59,7 @@ virtual_network_devices: "-e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 # Set defaults for discovery process as strings wifi1: "not found-1" wifi2: "not found-2" +can_be_ap: False exclude_devices: none device_gw: none prior_gw_device: unset diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index bc37a341b..5a9bfcca9 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -101,6 +101,16 @@ set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" +- name: Check for Access Point capablility with 'iw list' + command: iw list | grep AP | wc -l + register: look_for_ap + when: discovered_wireless_iface != "none" + +- name: Setting can_be_ap + set_fact: + can_be_ap: True + when: look_for_ap|int != "0" + - name: Detect wifi gateway active shell: ip r | grep default | grep {{ discovered_wireless_iface }} | wc -l register: wifi_gateway_found @@ -260,6 +270,8 @@ value: "{{ iiab_lan_iface }}" - option: iiab_wan_iface value: "{{ iiab_wan_iface }}" + - option: can_be_ap + value: "{{ can_be_ap }}" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 33e0a6468..205b659c4 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -4,10 +4,10 @@ enabled: no masked: no -- name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present +- name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected set_fact: hostapd_enabled: False - when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" + when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 @@ -29,7 +29,7 @@ with_items: - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } - when: discovered_wireless_iface != "none" + when: can_be_ap - name: Generate new random mac address for ap0 shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' @@ -51,7 +51,7 @@ - { src: 'hostapd/iiab-clone-wifi.service.j2', dest: '/etc/systemd/system/iiab-clone-wifi.service', mode: '0644' } - { src: 'hostapd/iiab-wifi-test.service.j2', dest: '/etc/systemd/system/iiab-wifi-test.service', mode: '0644'} - { src: 'hostapd/iiab-test-wifi.j2', dest: '/usr/sbin/iiab-test-wifi', mode: '0755' } - when: discovered_wireless_iface != "none" + when: can_be_ap - name: Use custom 'hostapd' systemd service unit file for {{ discovered_wireless_iface }} when not wifi_up_down template: @@ -60,23 +60,25 @@ owner: root group: root mode: 0644 - when: discovered_wireless_iface != "none" and not wifi_up_down + when: not wifi_up_down and can_be_ap -- name: Create /usr/bin/iiab-hotspot-on from template +- name: Create /usr/bin/iiab-hotspot-on from template when hardware supports AP template: src: network/iiab-hotspot-on dest: /usr/bin/iiab-hotspot-on owner: root group: root mode: 0755 + when: can_be_ap -- name: Create /usr/bin/iiab-hotspot-off from template +- name: Create /usr/bin/iiab-hotspot-off from template when hardware supports AP template: src: network/iiab-hotspot-off dest: /usr/bin/iiab-hotspot-off owner: root group: root mode: 0755 + when: can_be_ap - name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True template: From 438cdf552ccdc67e6b9aaca88b47fd24b4195109 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 17 Dec 2021 04:45:22 -0600 Subject: [PATCH 002/344] tweak regexp for entries in Supported TX RX - forgot stdout --- roles/network/tasks/detected_network.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 5a9bfcca9..e03c47130 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -102,14 +102,14 @@ num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" - name: Check for Access Point capablility with 'iw list' - command: iw list | grep AP | wc -l + command: iw list | grep -v AP: | grep AP | wc -l register: look_for_ap when: discovered_wireless_iface != "none" - name: Setting can_be_ap set_fact: can_be_ap: True - when: look_for_ap|int != "0" + when: look_for_ap.stdout|int != 0 - name: Detect wifi gateway active shell: ip r | grep default | grep {{ discovered_wireless_iface }} | wc -l From 784c9d111af93d94da52ecd89239a23779e8d097 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Fri, 29 Apr 2022 20:45:38 -0400 Subject: [PATCH 003/344] copy fonts.css to maps assets --- roles/osm-vector-maps/tasks/install.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 9c304c88c..556be53a2 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -149,7 +149,7 @@ - bboxes.geojson - center.png - countries.json - - fonts.css + # - fonts.css - ol-layerswitcher.css - ol-contextmenu.css - pin_drop.png @@ -176,7 +176,7 @@ state: link force: yes -- name: Copy fonts (16 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) +- name: Copy noto-sans fonts (15 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) copy: src: "{{ item }}" dest: "{{ doc_root }}/common/fonts/" @@ -184,7 +184,12 @@ # owner: root # group: root with_fileglob: - - fonts/* + - fonts/noto-sans* + +- name: copy fonts.css to {{ vector_map_path }}/viewer/assets + copy: + src: fonts/fonts.css + dest: "{{ vector_map_path }}/viewer/assets/fonts.css" - name: Force Download redirect {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/installer-index.redirect to test page {{ vector_map_path }}/maplist/index.html get_url: From 748f9ec110966f98326e116b3f40651b6fcd8c83 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sat, 30 Apr 2022 07:07:09 -0400 Subject: [PATCH 004/344] Add initial draft of Matomo role --- roles/matomo/tasks/install.yml | 137 +++++++++++++++++++++++++++++++++ roles/matomo/tasks/main.yml | 9 +++ 2 files changed, 146 insertions(+) create mode 100644 roles/matomo/tasks/install.yml create mode 100644 roles/matomo/tasks/main.yml diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml new file mode 100644 index 000000000..53b2838f1 --- /dev/null +++ b/roles/matomo/tasks/install.yml @@ -0,0 +1,137 @@ +- name: Start MariaDB + action: service name=mysql state=started +- name: Create MariaDB Database for Matomo + community.mysql.mysql_db: + name: "{{ mdb_dbname }}" + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock +- name: Add Admin User to MariaDB Database + community.mysql.mysql_user: + name: "{{ mdb_username }}" + password: "{{ mdb_password }}" + host: localhost + state: present + update_password: on_create + priv: "{{ mdb_dbname }}.*:ALL" + login_unix_socket: /var/run/mysqld/mysqld.sock +- name: Download and Extract Matomo + unarchive: + src: https://builds.matomo.org/matomo.zip + dest: /var/www/html + remote_src: yes + creates: /var/www/html/matomo +- name: Set Matomo Directory Permissions + file: + path: /var/www/html/matomo + recurse: yes + owner: www-data + group: www-data +- name: HTTP Get Welcome + uri: + url: "{{ matomo_url }}index.php?action=welcome" + method: GET + status_code: 200 + register: matomo_welcome +- name: Set a variable for the MATOMO_SESSID cookie + set_fact: + matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" + when: cookie.key == "MATOMO_SESSID" + loop: "{{ matomo_welcome.cookies | dict2items }}" + loop_control: + loop_var: cookie +- name: Get Matomo System Check + uri: + url: "{{matomo_url}}index.php?action=systemCheck" + method: GET + headers: + Cookie: "{{ matomo_session_cookie }}" + return_content: true + timeout: 120 + status_code: 200 + register: matomo_system_check +- name: Matomo Database Setup + uri: + url: "{{ matomo_url }}index.php?action=databaseSetup" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + username: "{{ mdb_username }}" + password: "{{ mdb_password }}" + dbname: "{{ mdb_dbname }}" + adapter: "PDO\\MYSQL" + body_format: form-urlencoded + status_code: 302 + register: matomo_database_setup +- name: Matomo Table Creation + uri: + url: "{{ matomo_url }}index.php?action=tablesCreation&module=Installation" + method: GET + status_code: 200 + register: matomo_table_creation +- name: Matomo User Setup + uri: + url: "{{ matomo_url }}index.php?action=setupSuperUser&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + login: "{{ mdb_username }}" + password: "{{ mdb_password }}" + password_bis: "{{ mdb_password }}" + e-mail: "nobody@dev.null" + subscribe_newsletter_piwikorg: 0 + subscribe_newsletter_professionalservices: 0 + body_format: form-urlencoded + status_code: 302 + register: matomo_setup_superuser +- name: Configure Matomo to track IIAB + uri: + url: "{{ matomo_url }}index.php?action=firstWebsiteSetup&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + name: "IIAB" + url: "host_url" + timezone: "Europe/London" + ecommerce: 0 + body_format: form-urlencoded + status_code: 302 + register: matomo_first_website_setup +- name: Matomo Tracking Code + uri: + url: "{{ matomo_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name=http://10.0.0.72" + method: GET + headers: + Cookie: "{{ matomo_session_cookie }}" + return_content: true + status_code: 200 + register: matomo_tracking_code +- name: Finish Matomo Setup + uri: + url: "{{ matomo_url }}index.php?action=finished&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + do_not_track: 1 + anonymise_ip: 1 + submit: "Continue to Matomo" + body_format: form-urlencoded + status_code: 302 +- name: Start Collecting Matomo Data + cron: + name: "MatomoDataIngestionOnReboot" + special_time: reboot + job: "{{ matomo_cronjob }}" + user: root + cron_file: "matomo_reboot" +- name: Run Daily Job Collecting Matomo Data + cron: + name: "DailyMatomoDataIngestion" + minute: "0" + hour: "0" + job: "{{ matomo_cronjob }}" + user: root + cron_file: "matomo_daily" diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml new file mode 100644 index 000000000..a11d20b5f --- /dev/null +++ b/roles/matomo/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Install Matomo main + include_tasks: install.yml + vars: + mdb_dbname: "matomodb" + mdb_username: "mariadb_admin" + mdb_password: "pw_set_by_ansible" + host_url: "http://{{ ansible_default_ipv4.address}}" + matomo_url: "{{ host_url }}/matomo/" + matomo_cronjob: "sudo python3 /library/www/html/matomo/misc/log-analytics/import_logs.py --url={{ matomo_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log" From 74250b9dc8bb66ea7b08b0d3bdd4f9afe4ba3719 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 30 Apr 2022 11:48:47 -0400 Subject: [PATCH 005/344] osm-vector-maps: Lint + clarify for readability e.g. map_installer_url --- roles/osm-vector-maps/defaults/main.yml | 35 +++++++++----- roles/osm-vector-maps/tasks/install.yml | 63 +++++++++---------------- 2 files changed, 44 insertions(+), 54 deletions(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 5801e0773..984009c6e 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -1,23 +1,32 @@ # osm_vector_maps_install: True # osm_vector_maps_enabled: True -# iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden -# vector_map_path: "{{ content_base }}/www/osm-vector-maps" +# maps_from_internet_archive: False +# vector_map_path: "{{ content_base }}/www/osm-vector-maps" # /library/www/osm-vector-maps # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# The following soft coded variables allow testing, before pulling PR's into master -osm_repo_url: https://raw.githubusercontent.com/iiab/maps -maps_branch: 'master' # Quotes not required -#osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps -#maps_branch: 'maps7.3' -# soft code sources -archive_org_url: https://archive.org/download -#iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden -#map_catalog_url: http://download.iiab.io/content/OSM/vector-tiles -map_catalog_url: http://timmoody.com/iiab-files/maps -satellite_version: satellite_z0-z9_v3.mbtiles # 2021-12-20: Var unused, but hard-coded in 11 places within https://github.com/iiab/iiab-admin-console -- #3077 discusses map-catalog.json & adm-map-catalog.json +# Pulls in ~38 files thx to @jvonau's #3192 -- change these 2 during testing: +osm_repo_url: https://raw.githubusercontent.com/iiab/maps +maps_branch: master # Quotes not required +#osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps +#maps_branch: maps7.3 + +# 2022-04-30 -- Bluehost (timmoody.com) has become extremely slow! +#map_installer_url: http://timmoody.com/iiab-files/maps +map_installer_url: http://download.iiab.io/content/OSM/vector-tiles + installer_planet: planet_z0-z6_2020.mbtiles installer_satellite: satellite_z0-z6_2020.mbtiles + + +# 2022-04-30 WIP -- CLI approach to installing larger .mbtiles OSM "continents" a.k.a. regions: +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region +# 2022-04-30 WIP -- This var might be used in future: (with boolean var maps_from_internet_archive) +archive_org_url: https://archive.org/download + + +# 2022-04-30 -- Unused, but URL illustrates legacy approach: +#iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 556be53a2..c42473a21 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -1,3 +1,13 @@ +- name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" + package: + state: present + name: + - python3-geojson + - python3-pil + - python3-wget + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-sqlite3 + - name: Make 5 directories (0755 by default) file: path: "{{ item }}" @@ -10,29 +20,12 @@ - "{{ vector_map_path }}/viewer/tiles" - "{{ vector_map_path }}/installer" -- name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" - package: - state: present - name: - - python3-geojson - - python3-pil - - python3-wget - #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-sqlite3 - -# - name: Does 26M cities database {{ vector_map_path }}/viewer/cities1000.sqlite exist? -# stat: -# path: "{{ vector_map_path }}/viewer/cities1000.sqlite" -# register: cities_installed - -# - name: If not, download {{ iiab_map_url }}/regional-resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ -# At this point, fetches from github.com/'REPO'/maps from maps_branch - name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" + url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" # e.g. https://raw.githubusercontent.com/iiab/maps + / + master + ... dest: "{{ vector_map_path }}/viewer/" timeout: "{{ download_timeout }}" -# when: not cities_installed.stat.exists + - name: Download {{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json to {{ iiab_etc_path }} get_url: @@ -52,17 +45,6 @@ path: "{{ vector_map_path }}/test-page/assets/map-catalog.json" state: link -#- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} -# get_url: -# url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json" -# dest: "{{ iiab_etc_path }}" -# timeout: "{{ download_timeout }}" - -#- name: Symlink {{ vector_map_path }}/maplist/assets/regions.json -> /etc/iiab/regions.json -# file: -# src: /etc/iiab/regions.json -# path: "{{ vector_map_path }}/maplist/assets/regions.json" -# state: link - name: Download OpenLayers test page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/* to {{ vector_map_path }}/test-page/ -- for test page http://box/osm-vector-maps/installer/ get_url: @@ -74,7 +56,6 @@ - index.html - name: Download OpenLayers viewer page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/build/* to {{ vector_map_path }}/viewer/ -# At this point, fetches from github.com/iiab/maps from {{ maps_branch }} branch get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/build/{{ item }}" dest: "{{ vector_map_path }}/viewer/" @@ -95,9 +76,10 @@ - searchapi.php - tileserver.php -- name: Download 34MB {{ map_catalog_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer + +- name: Download 48MB {{ map_installer_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer get_url: - url: "{{ map_catalog_url }}/{{ installer_planet }}" + url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. http://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/installer/" timeout: "{{ download_timeout }}" @@ -113,12 +95,13 @@ path: "{{ vector_map_path }}/viewer/tiles/{{ installer_planet }}" state: link -- name: Download abbreviated satellite images from {{ map_catalog_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ +- name: Download 25MB {{ map_installer_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ -- basic satellite photos get_url: - url: "{{ map_catalog_url }}/{{ installer_satellite }}" + url: "{{ map_installer_url }}/{{ installer_satellite }}" # e.g. satellite_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/viewer/tiles/" timeout: "{{ download_timeout }}" + - name: Download {index.html, installer-bundle.js} from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/installer/build/* to {{ vector_map_path }}/installer/ -- for map installer get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/installer/build/{{ item }}" @@ -139,7 +122,6 @@ - installer-functions.js - tileserver.php -# the following was changed to grab from the iiab/maps repo - name: Download 15 common assets from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/assets/* to {{ vector_map_path }}/viewer/assets/ -- for the general purpose map viewer get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/assets/{{ item }}" @@ -176,20 +158,19 @@ state: link force: yes + - name: Copy noto-sans fonts (15 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) copy: src: "{{ item }}" dest: "{{ doc_root }}/common/fonts/" - # mode: 0644 - # owner: root - # group: root with_fileglob: - fonts/noto-sans* -- name: copy fonts.css to {{ vector_map_path }}/viewer/assets +- name: Copy fonts.css to {{ vector_map_path }}/viewer/assets/ copy: src: fonts/fonts.css - dest: "{{ vector_map_path }}/viewer/assets/fonts.css" + dest: "{{ vector_map_path }}/viewer/assets/" + - name: Force Download redirect {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/installer-index.redirect to test page {{ vector_map_path }}/maplist/index.html get_url: From 763dea95573303c01743db5f8442693d3878bf0b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 12:16:39 -0400 Subject: [PATCH 006/344] Avoid comment repetition of e.g. {{ osm_repo_url }}/{{ maps_branch }} for PR #3204 --- roles/osm-vector-maps/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index c42473a21..65b261718 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -48,7 +48,7 @@ - name: Download OpenLayers test page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/* to {{ vector_map_path }}/test-page/ -- for test page http://box/osm-vector-maps/installer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/{{ item }}" # https://raw.githubusercontent.com/iiab/maps / master + url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/{{ item }}" dest: "{{ vector_map_path }}/test-page/" timeout: "{{ download_timeout }}" with_items: From f13d98a404cbacf676fb7992098fe99ca2f73e3e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 21:03:20 -0400 Subject: [PATCH 007/344] Begin updating osm-vector-maps/README.md e.g. "How to upgrade IIAB Maps" (ENTIRELY AT YOUR OWN RISK) --- roles/osm-vector-maps/README.md | 48 ++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 1aff222c9..816f8cbbb 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -1,13 +1,13 @@ -## What's New with IIAB Maps in IIAB 7.2? +## What's New with IIAB Maps? -1. If you install [IIAB 7.2](https://github.com/iiab/iiab/wiki/IIAB-7.2-Release-Notes) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps), a new **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-72-), separate from IIAB's Admin Console: +1. If you install [IIAB 8.0](https://github.com/iiab/iiab/wiki/IIAB-8.0-Release-Notes) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps), an **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-72-), separate from IIAB's Admin Console: 1. This [very visual page](https://user-images.githubusercontent.com/2458907/94740848-46c4eb00-0341-11eb-93ea-e3e4758dce48.png) facilitates selecting/downloading/installing of Map Pack(s) for your favorite "continent(s)". (SEE 2. BELOW) 2. If you've installed at least one Map Pack, you can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) 3. All these downloads can now happen 10X to 100X faster, thanks to [PR #38](https://github.com/iiab/maps/pull/38) ! 2. **Map Packs** no longer bundle both data and program in a .zip file. All Map Packs are really now just a collection of 3 .mbtiles files: 1. The main focus of a Map Pack remains Hi-Res Vector Map data from OpenStreetMap, for your selected "continent" — but Lo-Res vector map tiles (1.74GB .mbtiles) and Lo-Res satellite photos (932MB .mbtiles) are also included for the entire planet. Read more at: https://github.com/iiab/iiab/wiki/IIAB-Maps - 2. Every Map Pack's OSM vector tile data (originally from 2017) was updated to [September 2019](https://archive.org/details/osm-vector-mbtiles). + 2. Every Map Pack's OSM vector tile data (originally from 2017, and then September 2019) was updated to [November 2020](https://archive.org/details/osm-vector-mbtiles). 3. The world view (planetwide OSM vector maps included with all Map Packs) increased zoom levels from 0-9 to 0-10 (1.74GB osm-planet_z0-z10_2019.mbtiles) so that city search is successful more of the time. 4. Multiple Map Packs can be downloaded/installed (one "continent" at a time). However this can waste disk space with duplicate data, and potentially cause rendering slowness in areas where Map Packs overlap ("continent" bounding boxes have been designed to overlap on purpose, so multiple Map Packs are rarely necessary!) @@ -17,8 +17,8 @@ 3. Multiple Hi-Res Satellite Photo Regions can be downloaded/installed (one "square" region at a time, thankfully duplicate disk space is avoided when such "squares" overlap!) 4. Some variables have newer meanings: - 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) means install the map program and 7 levels of zoom (about 40MB ?) - 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) is once again standardized, solving #2484 install delays. + 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) means install the map program and 7 basic levels of zoom (48MB for OSM + 25 MB for satellite photos). + 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) is once again standardized, solving #2484 install delays. 3. `osm_vector_maps_installed` in `/etc/iiab/iiab_state.yml` means a functioning world map with 7 levels of zoom (z0-z6) has been installed — i.e. a preview of IIAB's mapping system that helps you select Maps Pack(s) and Hi-Res Satellite Photo Region(s) to download and install on your IIAB. (SEE 1. ABOVE) 5. **Drag-and-Drop Map Overlays** — try this by dragging and dropping any relevant GeoJSON file onto the IIAB Maps (http://box/maps) in your browser! For example try this GeoJSON file, to explore the shape of gerrymandered US Congressional districts: https://eric.clst.org/assets/wiki/uploads/Stuff/gz_2010_us_500_11_20m.json @@ -26,15 +26,31 @@ #### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps -#### Notes on upgrading from maps 7.2 to maps 7.3 +#### How to upgrade IIAB Maps + -The format of the map-catalog.json has changed. And the programs need to be updated also. This can be accomplished by the following: -``` - cd /library/www/ - rm -rf osm-vector-maps/ - vim /etc/iiab/iiab_state.yml (and delete the line osm-vector-maps) - git remote add ghunt git@github.com:/georgejhunt/iiab - git fetch --all - git checkout -b maps7.3 ghunt/maps7.3 - ./runroles osm-vector-maps -``` +In April 2022, IIAB revised `/etc/iiab/map-catalog.json`, `/library/www/html/common/assets/adm-map-catalog.json`, associated programs, and OSM continent/region `.mbtiles` files. + +_It's best to start fresh with a new install of IIAB if you want the latest maps!_ + +Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run the following — to attempt to delete your existing maps — and then add new IIAB Maps: + + ``` + sudo rm -rf /library/www/osm-vector-maps + cd /opt/iiab/iiab + sudo git pull + sudo ./runrole --reinstall osm-vector-maps + sudo iiab-install-map-region .mbtiles + ``` + +Where `.mbtiles` is one of the major region files (with "2020" in its filename) that you choose from: http://timmoody.com/iiab-files/maps/ + + From c7ebf5752f3b0372e8599f4b78a98c23c6b82e28 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 22:03:54 -0400 Subject: [PATCH 008/344] osm-vector-maps/README.md: Update 1.2G + 2.0G filenames/sizes, outline d/l speedup options, etc --- roles/osm-vector-maps/README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 816f8cbbb..8c07295d4 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -2,18 +2,19 @@ 1. If you install [IIAB 8.0](https://github.com/iiab/iiab/wiki/IIAB-8.0-Release-Notes) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps), an **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-72-), separate from IIAB's Admin Console: 1. This [very visual page](https://user-images.githubusercontent.com/2458907/94740848-46c4eb00-0341-11eb-93ea-e3e4758dce48.png) facilitates selecting/downloading/installing of Map Pack(s) for your favorite "continent(s)". (SEE 2. BELOW) - 2. If you've installed at least one Map Pack, you can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) - 3. All these downloads can now happen 10X to 100X faster, thanks to [PR #38](https://github.com/iiab/maps/pull/38) ! + 2. You can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) + 3. All these downloads can now happen 10X to 100X faster, thanks to PR's [iiab/maps#38](https://github.com/iiab/maps/pull/38), [iiab/maps#58](https://github.com/iiab/maps/pull/58) and [iiab/iiab-admin-console#478](https://github.com/iiab/iiab-admin-console/pull/478) ! + 4. _When installing OpenStreetMap "continents" (a.k.a. regions), consider either the command-line ([/usr/bin/iiab-install-map-region](https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region)) or the visual alternative provided by IIAB's Admin Console: http://box.lan/admin > Install Content > Get Map Regions._ 2. **Map Packs** no longer bundle both data and program in a .zip file. All Map Packs are really now just a collection of 3 .mbtiles files: - 1. The main focus of a Map Pack remains Hi-Res Vector Map data from OpenStreetMap, for your selected "continent" — but Lo-Res vector map tiles (1.74GB .mbtiles) and Lo-Res satellite photos (932MB .mbtiles) are also included for the entire planet. Read more at: https://github.com/iiab/iiab/wiki/IIAB-Maps + 1. The main focus of a Map Pack remains Hi-Res Vector Map data from OpenStreetMap, for your selected "continent" — but Lo-Res vector map tiles (2.0 GB .mbtiles) and Lo-Res satellite photos (1.2 GB .mbtiles) are also included for the entire planet. Read more at: https://github.com/iiab/iiab/wiki/IIAB-Maps 2. Every Map Pack's OSM vector tile data (originally from 2017, and then September 2019) was updated to [November 2020](https://archive.org/details/osm-vector-mbtiles). - 3. The world view (planetwide OSM vector maps included with all Map Packs) increased zoom levels from 0-9 to 0-10 (1.74GB osm-planet_z0-z10_2019.mbtiles) so that city search is successful more of the time. + 3. The world view (planetwide OSM vector maps included with all Map Packs) increased zoom levels from 0-9 to 0-10 (2.0 GB osm-planet_z0-z10_2020.mbtiles) so that city search is successful more of the time. 4. Multiple Map Packs can be downloaded/installed (one "continent" at a time). However this can waste disk space with duplicate data, and potentially cause rendering slowness in areas where Map Packs overlap ("continent" bounding boxes have been designed to overlap on purpose, so multiple Map Packs are rarely necessary!) 3. **Hi-Res Satellite Photos** can be downloaded/installed for any 100 x 100 km, 300 x 300 km, or 1000 x 1000 km square region (around any map point that you click!) 1. These new Hi-Res Satellite Photo Regions are "squares" with 4 additional levels of satellite photo zoom (i.e. zoom levels 10-13) giving you 16X the resolution (i.e. 19 x 19 m pixels) and 256X more photographic information density. - 2. As compared to Lo-Res Satellite Photos i.e. zoom levels 0-9 (305 x 305 m pixels) everywhere else on the planet (932MB satellite_z0-z9_v3.mbtiles is included with all Map Packs). (SEE 2. ABOVE) + 2. As compared to Lo-Res Satellite Photos i.e. zoom levels 0-9 (305 x 305 m pixels) everywhere else on the planet (1.2 GB satellite_z0-z9_2020.mbtiles is included with all Map Packs). (SEE 2. ABOVE) 3. Multiple Hi-Res Satellite Photo Regions can be downloaded/installed (one "square" region at a time, thankfully duplicate disk space is avoided when such "squares" overlap!) 4. Some variables have newer meanings: From bf4d4cfa85b0db889e12940dede8493571523483 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 22:19:56 -0400 Subject: [PATCH 009/344] osm-vector-maps/README.md: Fix top-line link and IIAB install tip --- roles/osm-vector-maps/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 8c07295d4..43e8c1b37 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -1,6 +1,6 @@ ## What's New with IIAB Maps? -1. If you install [IIAB 8.0](https://github.com/iiab/iiab/wiki/IIAB-8.0-Release-Notes) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps), an **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-72-), separate from IIAB's Admin Console: +1. If you install [IIAB 8.0+](https://github.com/iiab/iiab/wiki/IIAB-8.0-Release-Notes) (a pre-release is fine!) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps) an **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-80-), separate from IIAB's Admin Console: 1. This [very visual page](https://user-images.githubusercontent.com/2458907/94740848-46c4eb00-0341-11eb-93ea-e3e4758dce48.png) facilitates selecting/downloading/installing of Map Pack(s) for your favorite "continent(s)". (SEE 2. BELOW) 2. You can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) 3. All these downloads can now happen 10X to 100X faster, thanks to PR's [iiab/maps#38](https://github.com/iiab/maps/pull/38), [iiab/maps#58](https://github.com/iiab/maps/pull/58) and [iiab/iiab-admin-console#478](https://github.com/iiab/iiab-admin-console/pull/478) ! From 76cbe7e5b065f5e2d62d0125efe46c765e7a3f5e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 22:40:55 -0400 Subject: [PATCH 010/344] osm-vector-maps/README.md: "How to (wipe and) upgrade IIAB Maps" for PR #3205 --- roles/osm-vector-maps/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 43e8c1b37..4c1ed43cf 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -27,7 +27,7 @@ #### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps -#### How to upgrade IIAB Maps +#### How to (wipe and) upgrade IIAB Maps In April 2022, IIAB revised `/etc/iiab/map-catalog.json`, `/library/www/html/common/assets/adm-map-catalog.json`, associated programs, and OSM continent/region `.mbtiles` files. From 37e750417d0a4d873a8924cfa707564382a78c28 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sun, 1 May 2022 06:09:49 -0400 Subject: [PATCH 011/344] Add citation for website interaction section. --- roles/matomo/tasks/install.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 53b2838f1..06fdaa9ed 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -1,3 +1,7 @@ +# The sections of code interacting with the Matomo website are modified from code found at https://git.coop/webarch/matomo/. This code is distributed under +# Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running +# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 29 through 126. + - name: Start MariaDB action: service name=mysql state=started - name: Create MariaDB Database for Matomo From 1f2bd60002d74070d68d19ea1411bb7571a0ae50 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sun, 1 May 2022 06:10:39 -0400 Subject: [PATCH 012/344] Update password to IIAB default. --- roles/matomo/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index a11d20b5f..77442e50e 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -2,8 +2,8 @@ include_tasks: install.yml vars: mdb_dbname: "matomodb" - mdb_username: "mariadb_admin" - mdb_password: "pw_set_by_ansible" + mdb_username: "iiab-admin" + mdb_password: "g0adm1n" host_url: "http://{{ ansible_default_ipv4.address}}" matomo_url: "{{ host_url }}/matomo/" matomo_cronjob: "sudo python3 /library/www/html/matomo/misc/log-analytics/import_logs.py --url={{ matomo_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log" From 6eddfd3c90e975611bcc644b5e3c37e533307496 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 May 2022 13:39:40 -0400 Subject: [PATCH 013/344] osm-vector-maps/README.md: Catalog links/details for PR #3205 --- roles/osm-vector-maps/README.md | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 4c1ed43cf..5f0f5947f 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -24,15 +24,12 @@ 5. **Drag-and-Drop Map Overlays** — try this by dragging and dropping any relevant GeoJSON file onto the IIAB Maps (http://box/maps) in your browser! For example try this GeoJSON file, to explore the shape of gerrymandered US Congressional districts: https://eric.clst.org/assets/wiki/uploads/Stuff/gz_2010_us_500_11_20m.json - -#### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps - -#### How to (wipe and) upgrade IIAB Maps +#### How to (Wipe and) Upgrade IIAB Maps -In April 2022, IIAB revised `/etc/iiab/map-catalog.json`, `/library/www/html/common/assets/adm-map-catalog.json`, associated programs, and OSM continent/region `.mbtiles` files. +In April 2022, IIAB revised our legacy catalog [/etc/iiab/map-catalog.json](https://github.com/iiab/maps/blob/master/2020/map-catalog.json), our new catalog [/library/www/html/common/assets/adm-map-catalog.json](https://github.com/iiab/iiab-admin-console/blob/master/roles/common/files/map/adm-map-catalog.json), associated programs — and the dozen core [OSM continent/region .mbtiles files](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored) listed in our catalog. -_It's best to start fresh with a new install of IIAB if you want the latest maps!_ +_It's always best to start fresh with a new install of IIAB if you want the latest maps!_ Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run the following — to attempt to delete your existing maps — and then add new IIAB Maps: @@ -41,17 +38,17 @@ Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run th cd /opt/iiab/iiab sudo git pull sudo ./runrole --reinstall osm-vector-maps - sudo iiab-install-map-region .mbtiles + sudo iiab-install-map-region .mbtiles ``` -Where `.mbtiles` is one of the major region files (with "2020" in its filename) that you choose from: http://timmoody.com/iiab-files/maps/ +Where `.mbtiles` is one of the major region files (with "2020" in its filename) that you choose from IIAB's [map catalog](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored). - + ~cd /library/www/
+ rm -rf osm-vector-maps/
+ nano /etc/iiab/iiab_state.yml # Delete line 'osm_vector_maps_installed: True'
+ git remote add ghunt git@github.com:/georgejhunt/iiab
+ git fetch --all
+ git checkout -b maps7.3 ghunt/maps7.3
+ ./runroles osm-vector-maps~ + +#### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps From 24bae0a24ee146dc08bb4a6b9338c0cbb34b61c3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 May 2022 23:32:25 -0400 Subject: [PATCH 014/344] osm-vector-maps/README.md: Link to d.iiab.io for PR #3205 --- roles/osm-vector-maps/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 5f0f5947f..b8549ac69 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -29,7 +29,7 @@ In April 2022, IIAB revised our legacy catalog [/etc/iiab/map-catalog.json](https://github.com/iiab/maps/blob/master/2020/map-catalog.json), our new catalog [/library/www/html/common/assets/adm-map-catalog.json](https://github.com/iiab/iiab-admin-console/blob/master/roles/common/files/map/adm-map-catalog.json), associated programs — and the dozen core [OSM continent/region .mbtiles files](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored) listed in our catalog. -_It's always best to start fresh with a new install of IIAB if you want the latest maps!_ +_It's always best to start fresh with a [new install of IIAB](https://download.iiab.io) if you want the latest maps!_ Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run the following — to attempt to delete your existing maps — and then add new IIAB Maps: From 46c947f7bfef42a70fc114f83edb6f0ad4d1b577 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 May 2022 23:49:01 -0400 Subject: [PATCH 015/344] osm-vector-maps/README.md: Link to ~12 "2020" regions + catalog for #3205 --- roles/osm-vector-maps/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index b8549ac69..b87a11dd1 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -41,7 +41,7 @@ Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run th sudo iiab-install-map-region .mbtiles ``` -Where `.mbtiles` is one of the major region files (with "2020" in its filename) that you choose from IIAB's [map catalog](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored). +Where `.mbtiles` is one of the [major region files](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored) (e.g. with "2020" in its filename) that you choose from IIAB's [map catalog](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-upgrade-an-iiab-map-pack). ~cd /library/www/
rm -rf osm-vector-maps/
From 30620a803409e76a14f5a72b7f909fbc97cb58da Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Mon, 2 May 2022 06:24:50 -0400 Subject: [PATCH 016/344] changes to Matomo role to record state --- roles/matomo/tasks/install.yml | 8 ++++++++ roles/matomo/tasks/main.yml | 1 + 2 files changed, 9 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 06fdaa9ed..fdf8fa823 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -139,3 +139,11 @@ job: "{{ matomo_cronjob }}" user: root cron_file: "matomo_daily" +- name: Set Matomo state variable + set_fact: + matomo_installed: True +- name: Set Matomo state variable in IIAB state file + lineinfile: + path: "{{ iiab_state_file }}" + regexp: '^matomo_installed' + line: 'matomo_installed: True' diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 77442e50e..36272833a 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -1,5 +1,6 @@ - name: Install Matomo main include_tasks: install.yml + when: matomo_installed is undefined vars: mdb_dbname: "matomodb" mdb_username: "iiab-admin" From c4abc856bc4186e67d940825fb0d8eab5978ca20 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 2 May 2022 22:04:53 -0400 Subject: [PATCH 017/344] Nextcloud 24.0.0 work w/ PHP 8.1 on Ubuntu 22.04 --- roles/6-generic-apps/tasks/main.yml | 2 +- roles/nextcloud/tasks/install.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 152ff6358..f241095f6 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -59,7 +59,7 @@ - name: NEXTCLOUD include_role: name: nextcloud - when: nextcloud_install and not is_ubuntu_2204 # TEMPORARY + when: nextcloud_install - name: WORDPRESS include_role: diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f1896a263..babd9e1b7 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~133 MB) to {{ nextcloud_root_dir }} (~476 MB initially, 498+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~118 MB) to {{ nextcloud_root_dir }} (~406 MB initially, 428+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From ccff8a793ce3aa0fc1f2b648a35f95ae7c267177 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 2 May 2022 22:14:16 -0400 Subject: [PATCH 018/344] nextcloud/tasks/install.yml: Link to official/evolving Nextcloud 24 reqs --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index babd9e1b7..1f7b0b649 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -43,7 +43,7 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From 04fbec1f4b2da564b503d048c1617271676ba678 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Mon, 2 May 2022 06:26:55 -0400 Subject: [PATCH 019/344] changes for matomo in mgmt tools --- roles/8-mgmt-tools/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index e75f97e23..d9ea58dc1 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -13,6 +13,11 @@ name: awstats when: awstats_install +- name: MATOMO + include_role: + name: matomo + when: matomo_install + - name: MONIT include_role: name: monit From ba33825d6ad7d7a114e171b26b220eeaecf49e7e Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Tue, 3 May 2022 06:03:03 -0400 Subject: [PATCH 020/344] changes for matomo in validate vars --- roles/0-init/tasks/validate_vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f29525daf..2ccd77860 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -111,6 +111,7 @@ - osm_vector_maps - transmission - awstats + - matomo - monit - munin - phpmyadmin From 45e1fd2c0efeb67fb1f9bddf6255a54eeb500488 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Tue, 3 May 2022 06:33:15 -0400 Subject: [PATCH 021/344] correct matomo path and move to variable --- roles/matomo/tasks/install.yml | 4 ++-- roles/matomo/tasks/main.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index fdf8fa823..1fa5ab147 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -23,10 +23,10 @@ src: https://builds.matomo.org/matomo.zip dest: /var/www/html remote_src: yes - creates: /var/www/html/matomo + creates: "{{ matomo_nginx_loc }}" - name: Set Matomo Directory Permissions file: - path: /var/www/html/matomo + path: "{{ matomo_nginx_loc }}" recurse: yes owner: www-data group: www-data diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 36272833a..b926afc3f 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -2,6 +2,7 @@ include_tasks: install.yml when: matomo_installed is undefined vars: + matomo_nginx_loc: "/library/www/html/matomo" mdb_dbname: "matomodb" mdb_username: "iiab-admin" mdb_password: "g0adm1n" From 6e93095e1e6311ff04177bb53459f9cb27e712e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 3 May 2022 15:12:12 -0400 Subject: [PATCH 022/344] scripts/iiab-diagnostics: Redact wep-key[0-3]=PASSWORD --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 42a3ca703..d67a21f29 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -38,12 +38,12 @@ function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail echo "FILE EXISTS BUT IS EMPTY!" >> $outfile elif [ $# -eq 1 ]; then echo >> $outfile - # Redact most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') - cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + # Redact (mask) most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/*, /etc/NetworkManager/system-connections/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') + cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile else # e.g. last 100 lines, maximum echo " ...ITS LAST $2 LINES FOLLOW..." >> $outfile echo >> $outfile - tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile fi echo >> $outfile elif [ -h "$1" ]; then @@ -178,7 +178,7 @@ echo -e "\n 3. Content of Directories: (1-level deep)\n" echo -e "\n\n\n\n3. CONTENT OF DIRECTORIES (1-LEVEL DEEP)\n" >> $outfile cat_dir /etc/network/interfaces.d cat_dir /etc/systemd/network -cat_dir /etc/NetworkManager/system-connections +cat_dir /etc/NetworkManager/system-connections # Redacts most passwords above cat_dir /etc/netplan # Redacts most passwords above #cat_dir /etc/sysconfig/network-scripts/if-cfg* # No longer common #cat_dir /etc/network # Above file /etc/network/interfaces suffices From bd989dbbe2e6e2a18bd6e0d44e7696ee3057af40 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Wed, 4 May 2022 06:25:16 -0400 Subject: [PATCH 023/344] Fix some bugs in paths/URLs --- roles/matomo/tasks/install.yml | 9 ++++----- roles/matomo/tasks/main.yml | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 1fa5ab147..5d8240905 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -21,12 +21,11 @@ - name: Download and Extract Matomo unarchive: src: https://builds.matomo.org/matomo.zip - dest: /var/www/html + dest: "{{ nginx_loc }}" remote_src: yes - creates: "{{ matomo_nginx_loc }}" - name: Set Matomo Directory Permissions file: - path: "{{ matomo_nginx_loc }}" + path: "{{ nginx_loc }}/matomo" recurse: yes owner: www-data group: www-data @@ -97,7 +96,7 @@ Cookie: "{{ matomo_session_cookie }}" body: name: "IIAB" - url: "host_url" + url: "{{ host_url }}" timezone: "Europe/London" ecommerce: 0 body_format: form-urlencoded @@ -105,7 +104,7 @@ register: matomo_first_website_setup - name: Matomo Tracking Code uri: - url: "{{ matomo_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name=http://10.0.0.72" + url: "{{ matomo_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name={{ host_url }}" method: GET headers: Cookie: "{{ matomo_session_cookie }}" diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index b926afc3f..799b171cf 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -2,7 +2,7 @@ include_tasks: install.yml when: matomo_installed is undefined vars: - matomo_nginx_loc: "/library/www/html/matomo" + nginx_loc: "/library/www/html" mdb_dbname: "matomodb" mdb_username: "iiab-admin" mdb_password: "g0adm1n" From d456ec3b919a0cde303ae8350c66780b982d603e Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Wed, 4 May 2022 06:29:21 -0400 Subject: [PATCH 024/344] revert breaking change in 0-init role --- roles/0-init/tasks/validate_vars.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 2ccd77860..f29525daf 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -111,7 +111,6 @@ - osm_vector_maps - transmission - awstats - - matomo - monit - munin - phpmyadmin From 6a445bd4d826e229b45aa5e738a583edca3aca58 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 10:54:25 -0400 Subject: [PATCH 025/344] Try wget workaround (Ansible's get_url can be blocked by WordPress.org) --- roles/wordpress/tasks/install.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index f0af250be..521c133c5 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -39,10 +39,16 @@ # when: php_version is version('8.0', '<') - name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }} - get_url: - url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" - dest: "{{ downloads_dir }}" - timeout: "{{ download_timeout }}" + command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -P {{ downloads_dir }} + # 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429 + # (Too Many Requests) b/c Ansible's User-Agent string? Affecting 1 user in + # England and another user in Scotland, but not affecting many other + # countries/ISP's apparently? WordPress must have recently changed their + # hosting arrangements for https://wordpress.org/latest.tar.gz + # get_url: + # url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" + # dest: "{{ downloads_dir }}" + # timeout: "{{ download_timeout }}" register: wp_download_output - name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }} From 2499e28ac125c13328fc0c26cd6c60238e2b60e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 11:11:06 -0400 Subject: [PATCH 026/344] 'wget -P' inadequate, so try: wget -O /opt/iiab/downloads/wordpress.tar.gz --- roles/wordpress/tasks/install.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 521c133c5..a64758d63 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -38,8 +38,8 @@ # state: present # when: php_version is version('8.0', '<') -- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }} - command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -P {{ downloads_dir }} +- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz + command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -O {{ downloads_dir }}/wordpress.tar.gz # 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429 # (Too Many Requests) b/c Ansible's User-Agent string? Affecting 1 user in # England and another user in Scotland, but not affecting many other @@ -49,14 +49,14 @@ # url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" # dest: "{{ downloads_dir }}" # timeout: "{{ download_timeout }}" - register: wp_download_output +# register: wp_download_output -- name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }} - file: - src: "{{ wp_download_output.dest }}" - path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads - state: link - when: wp_download_output.dest is defined +# - name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }} +# file: +# src: "{{ wp_download_output.dest }}" +# path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads +# state: link +# when: wp_download_output.dest is defined - name: Does {{ downloads_dir }}/wordpress.tar.gz link exist? stat: From 87ef66bdee910272329a7080816ca6efc99f587c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 11:33:49 -0400 Subject: [PATCH 027/344] Generally safer to delete prior /opt/iiab/downloads/wordpress.tar.gz --- roles/wordpress/tasks/install.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index a64758d63..fb56f886b 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -38,6 +38,11 @@ # state: present # when: php_version is version('8.0', '<') +- name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists + file: + path: "{{ downloads_dir }}"/wordpress.tar.gz + state: absent + - name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -O {{ downloads_dir }}/wordpress.tar.gz # 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429 @@ -58,15 +63,15 @@ # state: link # when: wp_download_output.dest is defined -- name: Does {{ downloads_dir }}/wordpress.tar.gz link exist? +- name: Does {{ downloads_dir }}/wordpress.tar.gz exist? stat: path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads - register: wp_link + register: wp_tar_gz - name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist fail: msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress." - when: not wp_link.stat.exists + when: not wp_tar_gz.stat.exists - name: "Unpack {{ downloads_dir }}/wordpress.tar.gz to permanent location {{ wp_install_path }}/wordpress - owner: root, group: {{ apache_user }}, mode: '0664', keep_newer: yes" unarchive: From 79052db75b1e3bdad3085e4c6ad9d803593690d3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 11:39:51 -0400 Subject: [PATCH 028/344] wordpress/tasks/install.yml: "{{ downloads_dir }}/wordpress.tar.gz" --- roles/wordpress/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index fb56f886b..a22710438 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -40,7 +40,7 @@ - name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists file: - path: "{{ downloads_dir }}"/wordpress.tar.gz + path: "{{ downloads_dir }}/wordpress.tar.gz" state: absent - name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz From 5f33849fcac998dba31dc346bcf81a614e6d6c62 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 17:42:59 -0400 Subject: [PATCH 029/344] Revise /opt/iiab/jupyterhub size estimate to ~217 MB (was ~229 MB) --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 38f98b370..ffb4aabcf 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~229 MB)" +- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~217 MB)" pip: name: - pip From 17960e2b206ba14ad28717affaf2482a0e065c82 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 5 May 2022 21:45:16 -0400 Subject: [PATCH 030/344] kiwix/tasks/kiwix-apk.yml: Update comments --- roles/kiwix/tasks/kiwix-apk.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kiwix/tasks/kiwix-apk.yml b/roles/kiwix/tasks/kiwix-apk.yml index 667a45fa8..e81711013 100644 --- a/roles/kiwix/tasks/kiwix-apk.yml +++ b/roles/kiwix/tasks/kiwix-apk.yml @@ -6,12 +6,12 @@ - name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }} get_url: - url: "{{ kiwix_apk_src }}" # https://download.kiwix.org/release/kiwix-android/kiwix.apk + url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix.apk dest: "{{ doc_root }}{{ kiwix_apk_url }}" timeout: "{{ download_timeout }}" - name: Symlink {{ doc_root }}{{ kiwix_apk_url }}/zims -> {{ iiab_zim_path }}/content file: src: "{{ iiab_zim_path }}/content" # /library/zims/content - path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/softare/kiwix/zims + path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/software/kiwix/zims state: link From 890cb94af27d3c63fd8dcb6fcac69ba2b11835f0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 7 May 2022 07:44:17 -0400 Subject: [PATCH 031/344] kiwix-tools 3.2.0-4: fixes for diacritics (accents) etc --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 074e593dc..caf4b318b 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-3 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-3 -kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-3 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-4 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-4 +kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-4 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From bd870a0e26967504862c08ff76d6ed4cac6edf8a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 7 May 2022 13:22:21 -0400 Subject: [PATCH 032/344] default_vars.yml: 'kiwix_apk_src: [full URL]/kiwix-android/kiwix-3.4.5.apk' for now --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bba0ad763..6b731bcba 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -470,7 +470,7 @@ kiwix_port: 3000 iiab_zim_path: "{{ content_base }}/zims" # /library/zims kiwix_incl_apk: False kiwix_apk_url: /software/kiwix -kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk +kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix-3.4.5.apk # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as PostgreSQL is installed on # demand as a dependency -- by Moodle &/or Pathagar From 6695a22d53451d09e2b4cdeb2d59d86c67bbfdd6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 8 May 2022 09:43:14 -0400 Subject: [PATCH 033/344] mongodb/tasks/install.yml: Try 5.0.x (was 4.4.x) on all 4 64-bit OS's --- roles/mongodb/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 061a27751..6218c0cea 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -66,7 +66,7 @@ - block: - name: Add mongodb.org signing key (only 64-bit support available) - shell: wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add - + shell: wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add - args: warn: false @@ -75,7 +75,7 @@ # 2020-10-28: http://repo.mongodb.org/apt/debian/dists/ supports only # {buster 10, stretch 9, jessie 8, wheezy 7} # so Debian 11 "Bullseye" (testing branch) can revert to buster for now: - repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main + repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org @@ -84,14 +84,14 @@ # Debian 10 aarch64 might work below but is blocked in main.yml - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse + repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse state: present filename: mongodb-org when: is_raspbian and (ansible_architecture == "aarch64") - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse + repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse state: present filename: mongodb-org when: is_linuxmint @@ -101,7 +101,7 @@ # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse + repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse state: present filename: mongodb-org From 0a7327afd7ca1e9f7dc979c1b6de85906003b0f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 May 2022 07:35:22 -0400 Subject: [PATCH 034/344] nextcloud/README.md: Warn about Nextcloud News app's 32-bit requirement --- roles/nextcloud/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index da5ab374f..99cdc4b02 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -48,6 +48,10 @@ Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://17 Username: Admin Password: changeme +## Known Issues + +Do not install the [Nextcloud News](https://apps.nextcloud.com/apps/news) app (an RSS/Atom Feed reader) if your OS is 32-bits: [#3069](https://github.com/iiab/iiab/issues/3069) + ## Future Directions Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? @@ -56,4 +60,4 @@ Going forward, should Internet-in-a-Box consider integrating optimizations (or m - https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ - https://github.com/nextcloud/nextcloudpi -Please [contact us](http://internet-in-a-box.org/pages/contributing.html) if you can help! +Please [contact us](https://internet-in-a-box.org/contributing.html) if you can help! From 454edfbe020ff818ecbd15c7d9c8de27b874d70e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 May 2022 19:40:53 -0400 Subject: [PATCH 035/344] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 622024750..3994a938d 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds! -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From 9bcbbc135a126e584e87cad7d8c0ea6d42a40f7f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 May 2022 13:01:40 -0400 Subject: [PATCH 036/344] phpMyAdmin 5.2.0 --- roles/phpmyadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index 00c694aef..ff6343c56 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.1.3 +phpmyadmin_version: 5.2.0 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" From c03e8dfa82330dd0bf05d571064cf150e7be27f9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 12 May 2022 14:00:00 -0400 Subject: [PATCH 037/344] iiab-diagnostics: journalctl -t IIAB-CMDSRV --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d67a21f29..277b40802 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -213,8 +213,9 @@ cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' -cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'env' 'Environment variables' +cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' +cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV commands' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" From 6565171e31d5168f988ffbad6b0f4e296cbefd7d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 12 May 2022 16:05:15 -0400 Subject: [PATCH 038/344] iiab-diagnostics: 'Admin Console CMDSRV log' --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 277b40802..633d467df 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -215,7 +215,7 @@ cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' cat_cmd 'env' 'Environment variables' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' -cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV commands' +cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" From 3e9541ab7e937d6ec3917ec9dd3face0aca2944b Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sat, 14 May 2022 14:19:14 -0400 Subject: [PATCH 039/344] Add missing field in Matomo cURL command --- roles/matomo/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 5d8240905..0a5684f4b 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -62,6 +62,7 @@ username: "{{ mdb_username }}" password: "{{ mdb_password }}" dbname: "{{ mdb_dbname }}" + tables_prefix: "matomo_" adapter: "PDO\\MYSQL" body_format: form-urlencoded status_code: 302 From 4b6a3a02e5ff4938e4010239f4a402905b00b7b5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 May 2022 13:16:04 -0400 Subject: [PATCH 040/344] Recommend ansible-core 2.13.0 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index cb5ec6a5f..e02e59b7d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.12.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From e70d408488ddeb251114547666adac0d03391ab7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 May 2022 13:30:57 -0400 Subject: [PATCH 041/344] Clarify CURR_VER (Ansible version you have installed) e.g. [core 2.13.0] --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index e02e59b7d..564a262dd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,7 +7,7 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you currently have installed +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] GOOD_VER=2.13.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and From f45b3574edb81136a889831c374bc1137a05d287 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 17 May 2022 07:33:22 -0400 Subject: [PATCH 042/344] scripts/ansible: Mention ansible-base 2.10.17 for #3220 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 564a262dd..7d8d16617 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -59,9 +59,9 @@ GOOD_VER=2.13.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) #pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works #ansible-galaxy collection install -r collections.yml -# TEMPORARILY USE ansible-base 2.10.16 (REMOVE W/ "pip3 uninstall ansible-base") +# TEMPORARILY USE ansible-base 2.10.17 (REMOVE W/ "pip3 uninstall ansible-base") #apt install python3-pip -#pip3 install ansible-base==2.10.16 # Start new shell, so /usr/local/bin works +#pip3 install ansible-base==2.10.17 # Start new shell, so /usr/local/bin works # TEMPORARILY USE ANSIBLE 2.9.27 (REMOVE IT WITH "pip3 uninstall ansible") #apt install python3-pip From a6edf6d6798fc4d79046eca8be70046675b982c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 May 2022 07:03:39 -0400 Subject: [PATCH 043/344] Try kiwix-tools 3.2.0-5 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index caf4b318b..100999da2 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-4 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-4 -kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-4 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-5 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-5 +kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-5 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From 91b0f9ceedc69c59c381fa65f962787537be940a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 May 2022 08:12:53 -0400 Subject: [PATCH 044/344] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3994a938d..b87a4a25e 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,9 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. ## Community -Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds! +Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** + +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From 4d5143e2de59c3926350e1f48cf9a938395f7506 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 18 May 2022 23:48:54 -0400 Subject: [PATCH 045/344] network/tasks/detected_network.yml: Refine AP detection --- roles/network/tasks/detected_network.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index e03c47130..a3a3b7854 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -101,15 +101,16 @@ set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" -- name: Check for Access Point capablility with 'iw list' - command: iw list | grep -v AP: | grep AP | wc -l +- name: Run 'iw list' to check for Access Point capability + #command: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc + shell: iw list | grep '^[[:space:]]*\* AP$' register: look_for_ap when: discovered_wireless_iface != "none" -- name: Setting can_be_ap +- name: Set can_be_ap if 'iw list' output contains suitable '* AP' set_fact: can_be_ap: True - when: look_for_ap.stdout|int != 0 + when: look_for_ap is defined and not look_for_ap.failed - name: Detect wifi gateway active shell: ip r | grep default | grep {{ discovered_wireless_iface }} | wc -l From 1df026328171be6eaa7c62c0dfe06591b5330e19 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 00:04:57 -0400 Subject: [PATCH 046/344] detected_network.yml: 'when: look_for_ap.failed is defined and...' --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index a3a3b7854..531eb4f65 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -110,7 +110,7 @@ - name: Set can_be_ap if 'iw list' output contains suitable '* AP' set_fact: can_be_ap: True - when: look_for_ap is defined and not look_for_ap.failed + when: look_for_ap.failed is defined and not look_for_ap.failed - name: Detect wifi gateway active shell: ip r | grep default | grep {{ discovered_wireless_iface }} | wc -l From 739bfd59f3577e883f8df070130e3dedf8a8a432 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 09:35:35 -0400 Subject: [PATCH 047/344] Tolerate Ubuntu 22.10 Kinetic Kudu to help with testing --- scripts/local_facts.fact | 1 + vars/default_vars.yml | 1 + vars/ubuntu-2210.yml | 29 +++++++++++++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 vars/ubuntu-2210.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 164efbb89..bf1833340 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -77,6 +77,7 @@ case $OS_VER in "ubuntu-2004" | \ "ubuntu-2110" | \ "ubuntu-2204" | \ + "ubuntu-2210" | \ "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 6b731bcba..3dcce06d0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -735,6 +735,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2210: False is_ubuntu_2204: False is_ubuntu_2110: False is_ubuntu_2104: False diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml new file mode 100644 index 000000000..bdcd73967 --- /dev/null +++ b/vars/ubuntu-2210.yml @@ -0,0 +1,29 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2210: True + +# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True +# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) +dns_service: bind9 +dns_user: bind +dhcp_service: isc-dhcp-server + +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_user: www-data +apache_conf_dir: apache2/sites-available +apache_log_dir: /var/log/apache2 +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +mysql_service: mariadb +apache_log: /var/log/apache2/access.log +sshd_package: openssh-server +sshd_service: ssh +php_version: 8.1 +postgresql_version: 14 +systemd_location: /lib/systemd/system +python_ver: 3.10 From 7f50ad8365df8f5bdbb9dbcfeb8ebbabe6e49c50 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 19 May 2022 11:20:24 -0400 Subject: [PATCH 048/344] network/tasks/hostapd.yml: Install /usr/bin/iiab-hotspot-{on|off} in all cases! --- roles/network/tasks/hostapd.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 205b659c4..daf190211 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -69,7 +69,6 @@ owner: root group: root mode: 0755 - when: can_be_ap - name: Create /usr/bin/iiab-hotspot-off from template when hardware supports AP template: @@ -78,7 +77,6 @@ owner: root group: root mode: 0755 - when: can_be_ap - name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True template: From 9bf4404e50d2a45514b5e36635c849c961fd4182 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 19 May 2022 11:25:00 -0400 Subject: [PATCH 049/344] hostapd.yml: Clean up Ansible output re: iiab-hotspot-{on|off} --- roles/network/tasks/hostapd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index daf190211..537f58980 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -62,7 +62,7 @@ mode: 0644 when: not wifi_up_down and can_be_ap -- name: Create /usr/bin/iiab-hotspot-on from template when hardware supports AP +- name: Create /usr/bin/iiab-hotspot-on from template template: src: network/iiab-hotspot-on dest: /usr/bin/iiab-hotspot-on @@ -70,7 +70,7 @@ group: root mode: 0755 -- name: Create /usr/bin/iiab-hotspot-off from template when hardware supports AP +- name: Create /usr/bin/iiab-hotspot-off from template template: src: network/iiab-hotspot-off dest: /usr/bin/iiab-hotspot-off From fb26c42c766c450861395e4c1f85c00b36a6ffb3 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 13:17:17 -0400 Subject: [PATCH 050/344] 7-edu-apps: TEMPORARY 'and not is_ubuntu_2210' for #3189 --- roles/7-edu-apps/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index ba3ac6911..327b1ca3f 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and not is_ubuntu_2204 # TEMPORARY + when: kolibri_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: KIWIX include_role: @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install and not is_ubuntu_2204 # TEMPORARY + when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: OSM-VECTOR-MAPS include_role: @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install and not is_ubuntu_2204 # TEMPORARY + when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: From 422b1c0197c714262e1c6b7c5a75b735d088c8dc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Apr 2022 08:21:41 -0500 Subject: [PATCH 051/344] set 'host_country_code' to value found in wpa_supplicant.conf host_country_code becomes a fallback value if undetected --- roles/network/tasks/rpi_debian.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 1887a7d15..48497cfd0 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -25,6 +25,11 @@ register: country_code ignore_errors: True +- name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf + set_fact: + host_country_code: "{{ country_code.stdout }}" + when: country_code is defined and country_code.stdout != "" + - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf From 4a30d7e15d906219b5ec2071468e6f60594d8653 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Apr 2022 09:09:27 -0500 Subject: [PATCH 052/344] supply hostapd template later to pickup changed fact --- roles/network/tasks/hostapd.yml | 12 ------------ roles/network/tasks/restart.yml | 18 ++++++++++++++++++ roles/network/tasks/rpi_debian.yml | 6 ------ roles/network/tasks/sysd-netd-debian.yml | 6 ------ 4 files changed, 18 insertions(+), 24 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 537f58980..fdf6438d9 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -19,18 +19,6 @@ host_channel: "{{ current_client_channel.stdout }}" when: current_client_channel.stdout is defined and current_client_channel.stdout != "" and current_client_channel.stdout|int <= 13 -- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template - template: - owner: root - group: root - mode: 0644 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } - when: can_be_ap - - name: Generate new random mac address for ap0 shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' register: ap0_mac diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index d286e987c..83e67ce55 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -6,6 +6,24 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled +- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed + template: + owner: root + group: root + mode: 0644 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } + when: can_be_ap + +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False + systemd: + name: hostapd + state: restarted + when: hostapd_enabled and (wifi_up_down or not no_net_restart) + - name: Reload netplan for Wifi gateway on Ubuntu 18+ shell: netplan apply when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 48497cfd0..96ba180e4 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -76,12 +76,6 @@ state: restarted when: iiab_wired_lan_iface is defined -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False - systemd: - name: hostapd - state: restarted - when: hostapd_enabled and (wifi_up_down or not no_net_restart) - #- name: Stop wpa_supplicant on Raspbian # shell: killall wpa_supplicant diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 4b3048256..c32b966a1 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -70,9 +70,3 @@ state: restarted enabled: yes masked: no - -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False - systemd: - name: hostapd - state: restarted - when: hostapd_enabled and (wifi_up_down or not no_net_restart) From dfb9eea05d5d5f7b13117a15e3737ff6d6fa86d7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 15 Apr 2022 19:21:53 -0500 Subject: [PATCH 053/344] isolate returned value --- roles/network/tasks/rpi_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 96ba180e4..6582d278d 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -21,7 +21,7 @@ src: network/dhcpcd.conf.j2 - name: New Raspbian requires country code -- check for it - shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf + shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' register: country_code ignore_errors: True From 9f699d19fec038bbd71b9314b084b860323827f0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 15 Apr 2022 19:28:58 -0500 Subject: [PATCH 054/344] should be a drop-in replacement --- roles/network/tasks/rpi_debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 6582d278d..cfdddfef8 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -28,14 +28,14 @@ - name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf set_fact: host_country_code: "{{ country_code.stdout }}" - when: country_code is defined and country_code.stdout != "" + when: country_code is defined and country_code.stdout | length > 0 - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} - when: country_code is defined and country_code.stdout == "" + when: country_code is defined and country_code.stdout | length = 0 - name: Enable the WiFi with rfkill shell: rfkill unblock 0 From 6e2493a2d4d59f0d45d76b71a03ff6a152080cc3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 15 Apr 2022 19:32:14 -0500 Subject: [PATCH 055/344] think that was a bug report in the past --- roles/network/tasks/rpi_debian.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index cfdddfef8..d0427bcd1 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -65,9 +65,7 @@ systemd: name: iiab-clone-wifi state: started - when: discovered_wireless_iface != "none" - # Whereas sysd-netd-debian.yml uses... - # when: wifi_up_down and discovered_wireless_iface != "none" + when: wifi_up_down and discovered_wireless_iface != "none" - name: Restart the networking service if appropriate systemd: From 8924b6668c350ce6f4da759ca8f72ab13ac731cd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 15 Apr 2022 19:57:18 -0500 Subject: [PATCH 056/344] reload might be needed to register the new templates if they changed --- roles/network/tasks/restart.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 83e67ce55..0dda30a6f 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -22,6 +22,7 @@ systemd: name: hostapd state: restarted + daemon_reload: yes when: hostapd_enabled and (wifi_up_down or not no_net_restart) - name: Reload netplan for Wifi gateway on Ubuntu 18+ From ed2a0f3027d1cd61e0fa201108599fe43342b80b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 20 Apr 2022 07:50:40 -0500 Subject: [PATCH 057/344] wip on the fly --- roles/network/templates/hostapd/50-hostapd | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/network/templates/hostapd/50-hostapd b/roles/network/templates/hostapd/50-hostapd index 37a363b72..a59f787ee 100644 --- a/roles/network/templates/hostapd/50-hostapd +++ b/roles/network/templates/hostapd/50-hostapd @@ -12,6 +12,9 @@ if [ "$interface" = "wlan0" ]; then # FREQ=`iw wlan0 info|grep channel|cut -d' ' -f9` FREQ=`iw wlan0 info|grep channel|cut -d' ' -f2` FREQ2="" + WPA=`grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}'` + AP=`grep country_code /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` + for result in $FREQ; do echo "frequency is $result for carrier" if [ $result -lt 13 ]; then @@ -32,6 +35,15 @@ if [ "$interface" = "wlan0" ]; then syslog info "THIS MACHINE SHOULD BE REBOOTED" # systemctl restart hostapd fi + if ! [ "$WPA" = "$AP" ]; then + sed -i -e "s/^country_code.*/country_code=$WPA /" /etc/hostapd/hostapd.conf + echo "50-iiab set country_code $WPA" + syslog info "50-iiab set country_code $WPA" + echo "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED" +# systemctl restart hostapd + fi + fi # spams the logging #syslog info "50-iiab set ap0 spam $REASON" From c01c6ac73bb708f03446b97bb508d4fcb1ee0828 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 13:27:40 -0400 Subject: [PATCH 058/344] network/tasks/rpi_debian.yml: 'country_code.stdout | length == 0' --- roles/network/tasks/rpi_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index d0427bcd1..9c245a5f6 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -35,7 +35,7 @@ path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} - when: country_code is defined and country_code.stdout | length = 0 + when: country_code is defined and country_code.stdout | length == 0 - name: Enable the WiFi with rfkill shell: rfkill unblock 0 From 743d8f260157178faa588870efda4f215a1ad153 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 13:02:15 -0400 Subject: [PATCH 059/344] wpa_supplicant.conf country code authoritative, espec for RasPiOS --- vars/default_vars.yml | 12 +++++++++++- vars/local_vars_large.yml | 12 +++++++++++- vars/local_vars_medium.yml | 12 +++++++++++- vars/local_vars_small.yml | 12 +++++++++++- vars/local_vars_unittest.yml | 12 +++++++++++- 5 files changed, 55 insertions(+), 5 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3dcce06d0..7851b6cac 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -106,7 +106,17 @@ lan_netmask: 255.255.224.0 # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country -- SET THIS IN /etc/iiab/local_vars.yml +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 6478638c3..9681208c9 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 6c56bf89e..5c2f667d9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index a3c7ed0bc..8098f8bfb 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 585277444..0fcc6aaa4 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: unittest host_wifi_mode: g From a8ca92a9b3bacda715b8a8514fe1897364807d17 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 19 May 2022 13:01:02 -0500 Subject: [PATCH 060/344] move country_code - replace '' with $() --- roles/network/templates/hostapd/50-hostapd | 25 +++++++++++----------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/roles/network/templates/hostapd/50-hostapd b/roles/network/templates/hostapd/50-hostapd index a59f787ee..b1bccaaaa 100644 --- a/roles/network/templates/hostapd/50-hostapd +++ b/roles/network/templates/hostapd/50-hostapd @@ -1,4 +1,14 @@ if [ "$interface" = "br0" ] && [ $if_up = "true" ]; then + WPA=$(grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}') + AP=$(grep country_code /etc/hostapd/hostapd.conf | awk -F = '{print $2}') + if ! [ "$WPA" = "$AP" ]; then + sed -i -e "s/^country_code.*/country_code=$WPA /" /etc/hostapd/hostapd.conf + echo "50-iiab set country_code $WPA" + syslog info "50-iiab set country_code $WPA" + echo "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED" +# systemctl restart hostapd + fi syslog info "50-iiab IF_UP br0 restarting dnsmasq - kicking ap0" ip link set ap0 up systemctl --no-block restart dnsmasq @@ -10,10 +20,8 @@ if [ "$interface" = "wlan0" ]; then syslog info "50-iiab CARRIER change wlan0" # wpa_supplicant wants MHz for frequency= while hostapd wants channel..... whatever # FREQ=`iw wlan0 info|grep channel|cut -d' ' -f9` - FREQ=`iw wlan0 info|grep channel|cut -d' ' -f2` + FREQ=$(iw wlan0 info|grep channel|cut -d' ' -f2) FREQ2="" - WPA=`grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}'` - AP=`grep country_code /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` for result in $FREQ; do echo "frequency is $result for carrier" @@ -25,7 +33,7 @@ if [ "$interface" = "wlan0" ]; then done echo "Using $FREQ2 for carrier" syslog info "50-iiab set channel $FREQ2" - HOSTAPD=`grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` + HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" if [ $FREQ2 -ne $HOSTAPD ] && [ ! -z $FREQ2 ]; then echo "Editing Hostapd for channel $FREQ2" @@ -35,15 +43,6 @@ if [ "$interface" = "wlan0" ]; then syslog info "THIS MACHINE SHOULD BE REBOOTED" # systemctl restart hostapd fi - if ! [ "$WPA" = "$AP" ]; then - sed -i -e "s/^country_code.*/country_code=$WPA /" /etc/hostapd/hostapd.conf - echo "50-iiab set country_code $WPA" - syslog info "50-iiab set country_code $WPA" - echo "THIS MACHINE SHOULD BE REBOOTED" - syslog info "THIS MACHINE SHOULD BE REBOOTED" -# systemctl restart hostapd - fi - fi # spams the logging #syslog info "50-iiab set ap0 spam $REASON" From 39bf6fe32cbd48290087bf7bc86ddb5392956b41 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 19 May 2022 14:01:25 -0500 Subject: [PATCH 061/344] feedback --- roles/network/templates/hostapd/50-hostapd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/50-hostapd b/roles/network/templates/hostapd/50-hostapd index b1bccaaaa..5b13b14b5 100644 --- a/roles/network/templates/hostapd/50-hostapd +++ b/roles/network/templates/hostapd/50-hostapd @@ -6,7 +6,7 @@ if [ "$interface" = "br0" ] && [ $if_up = "true" ]; then echo "50-iiab set country_code $WPA" syslog info "50-iiab set country_code $WPA" echo "THIS MACHINE SHOULD BE REBOOTED" - syslog info "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED 50-iiab country_code" # systemctl restart hostapd fi syslog info "50-iiab IF_UP br0 restarting dnsmasq - kicking ap0" @@ -40,7 +40,7 @@ if [ "$interface" = "wlan0" ]; then cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$FREQ /" /etc/hostapd/hostapd.conf echo "THIS MACHINE SHOULD BE REBOOTED" - syslog info "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED 50-iiab channel" # systemctl restart hostapd fi fi From 7c72b2f983e24009428dc68bb17febf3d28f6020 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 19 May 2022 14:05:21 -0500 Subject: [PATCH 062/344] move iiab-hotspot-on|off - can_be_ap in template --- roles/network/tasks/hostapd.yml | 4 ++-- roles/network/templates/{network => hostapd}/iiab-hotspot-off | 0 roles/network/templates/{network => hostapd}/iiab-hotspot-on | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) rename roles/network/templates/{network => hostapd}/iiab-hotspot-off (100%) rename roles/network/templates/{network => hostapd}/iiab-hotspot-on (91%) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index fdf6438d9..07e534b66 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -52,7 +52,7 @@ - name: Create /usr/bin/iiab-hotspot-on from template template: - src: network/iiab-hotspot-on + src: hostapd/iiab-hotspot-on dest: /usr/bin/iiab-hotspot-on owner: root group: root @@ -60,7 +60,7 @@ - name: Create /usr/bin/iiab-hotspot-off from template template: - src: network/iiab-hotspot-off + src: hostapd/iiab-hotspot-off dest: /usr/bin/iiab-hotspot-off owner: root group: root diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off similarity index 100% rename from roles/network/templates/network/iiab-hotspot-off rename to roles/network/templates/hostapd/iiab-hotspot-off diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on similarity index 91% rename from roles/network/templates/network/iiab-hotspot-on rename to roles/network/templates/hostapd/iiab-hotspot-on index d92cb5f21..055915fef 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -1,4 +1,7 @@ #!/bin/bash +{% if not can_be_ap %} +AP support was not detected please see https://github.com/iiab/iiab/pull/3179 +{% else %} sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} systemctl enable iiab-clone-wifi.service @@ -38,3 +41,4 @@ exit 0 {% endif %} #wifi_up_down {% endif %} +{% endif %} From 35750850ac3c387b3a356371440ff48138f64123 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 19 May 2022 15:11:58 -0500 Subject: [PATCH 063/344] From @holta user facing feedback Co-authored-by: A Holt --- roles/network/templates/hostapd/iiab-hotspot-on | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 055915fef..41b5357a7 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -1,6 +1,9 @@ #!/bin/bash {% if not can_be_ap %} -AP support was not detected please see https://github.com/iiab/iiab/pull/3179 +echo -e "\nUH-OH: Your Wi-Fi firmware doesn't support AP mode, according to 'iw list'\n" +echo -e "If you add Wi-Fi hardware, run 'cd /opt/iiab/iiab' then 'sudo ./iiab-network'\n" +echo -e "For details, see: https://github.com/iiab/iiab/pull/3179\n" +exit 1 {% else %} sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} From 215624d14729596d5722c7557a26cc069e2f4d90 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 19 May 2022 19:45:42 -0400 Subject: [PATCH 064/344] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b87a4a25e..92b7d9d3d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Install Internet-in-a-Box (IIAB) from [download.iiab.io](https://download.iiab.i Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). -- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. +- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. Our [HOW-TO videos](https://www.youtube.com/channel/UC0cBGCxr_WPBPa3IqPVEe3g) can be very helpful and the [Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) wiki page has more intricate details e.g. if you're trying to install Internet-in-a-Box (IIAB) onto a [another Linux](https://github.com/iiab/iiab/wiki/IIAB-Platforms) that has not yet been tried. From 319b5a2342566c310842af96c925afe33f4f021d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 23 May 2022 19:51:01 -0400 Subject: [PATCH 065/344] Lint www_options/tasks/main.yml --- roles/www_options/tasks/main.yml | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b2c1afbc5..90f5cc6b6 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -25,29 +25,27 @@ - name: Make home page autostart on localhost (the server's console) if session manager is LXDE (rpi) stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart + path: /etc/xdg/lxsession/LXDE-pi/autostart register: lxde_present - name: Check for Chromium name change stat: - path: /usr/bin/chromium + path: /usr/bin/chromium register: chromium_present - name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium-browser' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: - lxde_present.stat.exists and not chromium_present.stat.exists + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/bin/chromium-browser' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: lxde_present.stat.exists and not chromium_present.stat.exists - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium --disable-restore-session-state http://box/home' - when: - lxde_present.stat.exists and chromium_present.stat.exists + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/bin/chromium' + line: '/usr/bin/chromium --disable-restore-session-state http://box/home' + when: lxde_present.stat.exists and chromium_present.stat.exists - debug: From fb326651a001b592dc04f6a035200a16922c128d Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Wed, 25 May 2022 06:51:24 -0400 Subject: [PATCH 066/344] Add section for cookie resetting --- roles/matomo/tasks/install.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 0a5684f4b..5c2303519 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -89,6 +89,16 @@ body_format: form-urlencoded status_code: 302 register: matomo_setup_superuser +- name: Set a variable for the MATOMO_SESSID cookie + set_fact: + matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" + when: + - matomo_table_creation.cookies is defined + - matomo_table_creation.cookies | length > 0 + - cookie.key == "MATOMO_SESSID" + loop: "{{ matomo_table_creation.cookies | dict2items }}" + loop_control: + loop_var: cookie - name: Configure Matomo to track IIAB uri: url: "{{ matomo_url }}index.php?action=firstWebsiteSetup&module=Installation" From ee20486ea5f9cad725dd7f6b550e057324b63dd8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 13:36:31 -0400 Subject: [PATCH 067/344] nextcloud/tasks/install.yml: Clarify /library/www/nextcloud is 405MB initially --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 1f7b0b649..c576daf13 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~118 MB) to {{ nextcloud_root_dir }} (~406 MB initially, 428+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~118 MB) to {{ nextcloud_root_dir }} (~405 MB initially, 428+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 50fd06d0a8fed5b13e4803d8db2b767278647778 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 15:34:17 -0400 Subject: [PATCH 068/344] #3228 interim/manual workaround as freepbx-16.0-latest.tgz is NOT the latest --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 3767f690e..35944bae0 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -23,7 +23,7 @@ asterisk_src_file: asterisk-19-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 -freepbx_src_file: freepbx-16.0-latest.tgz # Beta as of 2021-06-21 but looking great! Does NOT support PHP < 7.4 (you've been warned!) Please review https://github.com/iiab/iiab/blob/master/roles/pbx/README.rst +freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25: Filename is bogus (as it's not really the latest!) but manually unpacking the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx does appear to work -- instead of https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 -- until a proper fix arrive (#3228). FYI PHP 7.4 IS MANDATORY FOR NOW (you've been warned!) Please also review https://github.com/iiab/iiab/tree/master/roles/pbx#readme freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From 1d0d6bd753bd8a6aff68d93ea2ddbf72c6c83845 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 15:36:00 -0400 Subject: [PATCH 069/344] pbx/defaults/main.yml: Fix typo explaining #3228 --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 35944bae0..6213f29cc 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -23,7 +23,7 @@ asterisk_src_file: asterisk-19-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 -freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25: Filename is bogus (as it's not really the latest!) but manually unpacking the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx does appear to work -- instead of https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 -- until a proper fix arrive (#3228). FYI PHP 7.4 IS MANDATORY FOR NOW (you've been warned!) Please also review https://github.com/iiab/iiab/tree/master/roles/pbx#readme +freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25: Filename is bogus (as it's not really the latest!) but manually unpacking the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx does appear to work -- instead of https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 -- until a proper fix arrives (#3228). FYI PHP 7.4 IS MANDATORY FOR NOW (you've been warned!) Please also review https://github.com/iiab/iiab/tree/master/roles/pbx#readme freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From a3734201c1adbc6ac632307a4ea1f884f2a5ab1e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 15:48:20 -0400 Subject: [PATCH 070/344] pbx/README.adoc: Explain #3228 in the Known Issues section --- roles/pbx/README.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 6a3d643f6..4ba6c887f 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -291,6 +291,9 @@ _If there's a bug or serious problem with IIAB, please do https://internet-in-a- . As of 2021-11-05, FreePBX 16 needed 2 lines to be manually patched in order to work with the new Asterisk 19 (https://github.com/iiab/iiab/issues/2934#issuecomment-962137815[#2934]). + As of 2021-11-06, these 2 lines are live-patched (automatically) by IIAB when installing FreePBX (https://github.com/iiab/iiab/pull/3019[PR #3019]). We hope that this workaround becomes unnecessary in coming weeks, thanks to subsequent https://github.com/FreePBX/framework/tags[FreePBX 16 point releases]. ++ +As of 2022-05-25, this issue remains (despite https://github.com/iiab/iiab/pull/3187[PR #3187]) and unnecessarily so as their `freepbx-16.0-latest.tgz` installer filename is unfortunately bogus (it's not really the latest, rather it's an earlier version of FreePBX from September 2021!) So a manual workaround is to unpack the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to `/opt/iiab/freepbx` — _instead of_ https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 — until a proper fix arrive (https://github.com/iiab/iiab/issues/3228[#3228]). + . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + From fc87110d6174f3ace4d3a9d6139a086e21599d0e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 15:50:52 -0400 Subject: [PATCH 071/344] pbx/README.adoc: Make #3228 warning *bold* --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 4ba6c887f..7bc3b2302 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -292,7 +292,7 @@ _If there's a bug or serious problem with IIAB, please do https://internet-in-a- + As of 2021-11-06, these 2 lines are live-patched (automatically) by IIAB when installing FreePBX (https://github.com/iiab/iiab/pull/3019[PR #3019]). We hope that this workaround becomes unnecessary in coming weeks, thanks to subsequent https://github.com/FreePBX/framework/tags[FreePBX 16 point releases]. + -As of 2022-05-25, this issue remains (despite https://github.com/iiab/iiab/pull/3187[PR #3187]) and unnecessarily so as their `freepbx-16.0-latest.tgz` installer filename is unfortunately bogus (it's not really the latest, rather it's an earlier version of FreePBX from September 2021!) So a manual workaround is to unpack the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to `/opt/iiab/freepbx` — _instead of_ https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 — until a proper fix arrive (https://github.com/iiab/iiab/issues/3228[#3228]). +*As of 2022-05-25, this issue remains (despite https://github.com/iiab/iiab/pull/3187[PR #3187]) and unnecessarily so as their `freepbx-16.0-latest.tgz` installer filename is unfortunately bogus (it's not really the latest, rather it's an earlier version of FreePBX from September 2021!) So a manual workaround is to unpack the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to `/opt/iiab/freepbx` — _instead of_ https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 — until a proper fix arrive (https://github.com/iiab/iiab/issues/3228[#3228]).* . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? From c96844ec5f38999f59828e05746e005d051cd915 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 17:59:13 -0400 Subject: [PATCH 072/344] pbx/README.adoc: asterisk -rx "core show version" --- roles/pbx/README.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7bc3b2302..495ade871 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -238,6 +238,7 @@ sudo fwconsole reload * Exit the Asterisk CLI, and try Linux commands like: + ---- +asterisk -rx "core show version" asterisk -rx "pjsip show endpoints" asterisk -rx "cdr show status" ---- From a81def476c582706617fa012e89f60246e7cf893 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 25 May 2022 20:06:06 -0400 Subject: [PATCH 073/344] freepbx-16.0-latest.tgz STALE so git clone to /opt/iiab/freepbx --- roles/pbx/README.adoc | 11 ++----- roles/pbx/defaults/main.yml | 11 +++++-- roles/pbx/tasks/asterisk.yml | 4 +-- roles/pbx/tasks/freepbx.yml | 64 ++++++++++++++++++++---------------- roles/pbx/tasks/install.yml | 2 +- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 10 files changed, 54 insertions(+), 48 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 495ade871..5673041f9 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -289,18 +289,11 @@ Please also check the "Known Issues" at the bottom of https://github.com/iiab/ii _If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/pages/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ -. As of 2021-11-05, FreePBX 16 needed 2 lines to be manually patched in order to work with the new Asterisk 19 (https://github.com/iiab/iiab/issues/2934#issuecomment-962137815[#2934]). -+ -As of 2021-11-06, these 2 lines are live-patched (automatically) by IIAB when installing FreePBX (https://github.com/iiab/iiab/pull/3019[PR #3019]). We hope that this workaround becomes unnecessary in coming weeks, thanks to subsequent https://github.com/FreePBX/framework/tags[FreePBX 16 point releases]. -+ -*As of 2022-05-25, this issue remains (despite https://github.com/iiab/iiab/pull/3187[PR #3187]) and unnecessarily so as their `freepbx-16.0-latest.tgz` installer filename is unfortunately bogus (it's not really the latest, rather it's an earlier version of FreePBX from September 2021!) So a manual workaround is to unpack the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to `/opt/iiab/freepbx` — _instead of_ https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 — until a proper fix arrive (https://github.com/iiab/iiab/issues/3228[#3228]).* - - . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + -If not, the https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L151-L163[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` +If not, the https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L174-L186[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` -. The https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L208-L211[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? +. The https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L213-L220[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? + See the output of `asterisk -rx "cdr show status"` as mentioned at https://github.com/iiab/iiab/pull/2938#issuecomment-898693126[#2938] and https://github.com/iiab/iiab/pull/2942[PR #2942]. diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 6213f29cc..d66575a83 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -1,6 +1,9 @@ # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# 2019: Worked on Ubuntu 18.04, Debian 9 w/ Node.js 10.x, and seemingly RPi 3+. +# +# 2022-05-25: PHP 7.4 REQUIRED -- PLEASE READ: +# https://github.com/iiab/iiab/tree/master/roles/pbx#readme # 2021-08-03: Attempts FreePBX 16 Beta -- as required w/ PHP 7.4 OS's for #2897 +# 2019: Worked on Ubuntu 18.04, Debian 9 w/ Node.js 10.x, and seemingly RPi 3+. # pbx_install: False # pbx_enabled: False @@ -22,8 +25,10 @@ asterisk_url: http://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-19-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab -freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 -freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25: Filename is bogus (as it's not really the latest!) but manually unpacking the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx does appear to work -- instead of https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 -- until a proper fix arrives (#3228). FYI PHP 7.4 IS MANDATORY FOR NOW (you've been warned!) Please also review https://github.com/iiab/iiab/tree/master/roles/pbx#readme +# freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 +# freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. +freepbx_git_url: https://github.com/FreePBX/framework +freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 56ece2541..f79b360c5 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -1,5 +1,5 @@ -# 2021-08-16 README.adoc, with screenshots: -# https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# 2022-05-25 README.adoc, with screenshots: +# https://github.com/iiab/iiab/tree/master/roles/pbx#readme # 2021-08-05: Asterisk's own install_prereq (below) handles essentially all of these diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 9a7f34a5a..12e6fd7b5 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -1,5 +1,5 @@ -# 2021-08-16 README.adoc, with screenshots: -# https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# 2022-05-25 README.adoc, with screenshots: +# https://github.com/iiab/iiab/tree/master/roles/pbx#readme # 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via @@ -66,35 +66,43 @@ include_tasks: apache.yml when: pbx_use_apache -- name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} - get_url: - url: "{{ freepbx_url }}/{{ freepbx_src_file }}" - dest: "{{ downloads_dir }}" # e.g. /opt/iiab/downloads/freepbx-16.0-latest.tgz - timeout: "{{ download_timeout }}" +# - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} +# get_url: +# url: "{{ freepbx_url }}/{{ freepbx_src_file }}" +# dest: "{{ downloads_dir }}" # e.g. /opt/iiab/downloads/freepbx-16.0-latest.tgz +# timeout: "{{ download_timeout }}" -- name: FreePBX - Check for {{ downloads_dir }}/{{ freepbx_src_file }} - stat: - path: "{{ downloads_dir }}/{{ freepbx_src_file }}" - register: freepbx_src +# - name: FreePBX - Check for {{ downloads_dir }}/{{ freepbx_src_file }} +# stat: +# path: "{{ downloads_dir }}/{{ freepbx_src_file }}" +# register: freepbx_src -- name: FreePBX - FAIL (force Ansible to exit) IF {{ downloads_dir }}/{{ freepbx_src_file }} doesn't exist - fail: - msg: "{{ downloads_dir }}/{{ freepbx_src_file }} is REQUIRED to install FreePBX." - when: not freepbx_src.stat.exists +# - name: FreePBX - FAIL (force Ansible to exit) IF {{ downloads_dir }}/{{ freepbx_src_file }} doesn't exist +# fail: +# msg: "{{ downloads_dir }}/{{ freepbx_src_file }} is REQUIRED to install FreePBX." +# when: not freepbx_src.stat.exists -- name: FreePBX - Create source dir {{ freepbx_src_dir }} - file: - path: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx - state: directory +# - name: FreePBX - Create source dir {{ freepbx_src_dir }} +# file: +# path: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx +# state: directory -- name: FreePBX - Extract to source dir (root:root) - unarchive: - src: "{{ downloads_dir }}/{{ freepbx_src_file }}" - dest: "{{ freepbx_src_dir }}" - owner: root - group: root - extra_opts: [--strip-components=1] - creates: "{{ freepbx_src_dir }}/install" +# - name: FreePBX - Extract to source dir (root:root) +# unarchive: +# src: "{{ downloads_dir }}/{{ freepbx_src_file }}" +# dest: "{{ freepbx_src_dir }}" +# owner: root +# group: root +# extra_opts: [--strip-components=1] +# creates: "{{ freepbx_src_dir }}/install" + +- name: FreePBX - git clone {{ freepbx_git_url }} -b {{ freepbx_git_branch }} --depth 1 {{ freepbx_src_dir }} (force) + git: + repo: "{{ freepbx_git_url }}" # https://github.com/FreePBX/framework + dest: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx + version: "{{ freepbx_git_branch }}" # e.g. release/16.0 + depth: 1 + force: yes # No longer needed since approx 2022-01-31 / 2022-02-14, as confirmed by: # https://github.com/FreePBX/framework/blob/release/16.0/install.php#L27 @@ -190,7 +198,7 @@ create: yes -- name: FreePBX - git clone https://github.com/mariadb-corporation/mariadb-connector-odbc to /usr/src/mariadb-connector-odbc +- name: FreePBX - git clone https://github.com/mariadb-corporation/mariadb-connector-odbc --depth 1 /usr/src/mariadb-connector-odbc (force) git: repo: https://github.com/mariadb-corporation/mariadb-connector-odbc dest: /usr/src/mariadb-connector-odbc diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index eb3163fe4..474ddb58d 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "ONLY PHP 7.4 IS SUPPORTED AS OF AUG 2021 -- PLEASE READ: https://github.com/iiab/iiab/tree/master/roles/pbx/#pbx-readme" +- name: "ONLY PHP 7.4 IS SUPPORTED AS OF MAY 2022 -- PLEASE READ: https://github.com/iiab/iiab/tree/master/roles/pbx#readme" meta: noop diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 7851b6cac..17b614453 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -657,7 +657,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 9681208c9..c5cda1688 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -408,7 +408,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 5c2f667d9..0958e1470 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -408,7 +408,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8098f8bfb..dc2e25bcb 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -408,7 +408,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 0fcc6aaa4..14e90b185 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -408,7 +408,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False From e7f8d57b9647f8777ca042109ad4e42def0c2bd4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 20:16:12 -0400 Subject: [PATCH 074/344] pbx/README.adoc: Update 2 stale URL's --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 5673041f9..f4a3876b7 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -285,9 +285,9 @@ image::files/password_change.jpg[] == Known Issues -Please also check the "Known Issues" at the bottom of https://github.com/iiab/iiab/wiki#our-evolution[IIAB's latest release notes]. +Please also check the "Known Issues" at the bottom of https://github.com/iiab/iiab/wiki#past-releases[IIAB's latest release notes]. -_If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/pages/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ +_If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + From 47bd30d480f874f1a733f617fbd4507b060e4f9a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 20:31:12 -0400 Subject: [PATCH 075/344] Update pbx/README.adoc & use relative URL's (so readable offline) --- roles/pbx/README.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f4a3876b7..51625fd7e 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of April 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11, or Raspberry Pi OS 11 "Bullseye"]. @@ -55,7 +55,7 @@ Or, if you want to use FreePBX with Apache alone (http://box:83/freepbx), option pbx_use_nginx: False ---- + -If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/php/X.Y/cli/php.ini` and/or `/etc/php/X.Y/nginx/php.ini` (where `X.Y` is typically 7.4) as outlined within https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L88-L131[/opt/iiab/iiab/roles/www_options/tasks/main.yml] — some of which happens automatically if you also set: +If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/php/X.Y/cli/php.ini` and/or `/etc/php/X.Y/nginx/php.ini` (where `X.Y` is typically 7.4) as outlined within link:../www_options/tasks/main.yml#L86-L129[/opt/iiab/iiab/roles/www_options/tasks/main.yml] — some of which happens automatically if you also set: + ---- nginx_high_php_limits: True @@ -291,15 +291,15 @@ _If there's a bug or serious problem with IIAB, please do https://internet-in-a- . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + -If not, the https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L174-L186[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` +If not, the link:tasks/freepbx.yml#L175-L187[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` -. The https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L213-L220[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? +. The link:tasks/freepbx.yml#L214-L221[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? + See the output of `asterisk -rx "cdr show status"` as mentioned at https://github.com/iiab/iiab/pull/2938#issuecomment-898693126[#2938] and https://github.com/iiab/iiab/pull/2942[PR #2942]. . Raspberry Pi Zero W Warning + -Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then (https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards[attempt!]) to https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml[install Node.js] _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at https://github.com/iiab/iiab/issues/2082#issuecomment-569344617[#2082]). You might also need `apt install npm`. Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer. https://github.com/iiab/iiab/issues/1799[#1799] +Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then (https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards[attempt!]) to link:../nodejs/tasks/main.yml[install Node.js] _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at https://github.com/iiab/iiab/issues/2082#issuecomment-569344617[#2082]). You might also need `apt install npm`. Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer. https://github.com/iiab/iiab/issues/1799[#1799] //// From 8c0a9819676b14e44fd1bfb2fc6f81f50824f858 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 25 May 2022 22:54:43 -0400 Subject: [PATCH 076/344] freepbx.yml: Install official versions of 1 + 15 FreePBX modules --- roles/pbx/tasks/freepbx.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 12e6fd7b5..a94c30681 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -273,8 +273,18 @@ dest: /etc/systemd/system/ # Default module list https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 -- name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! - command: fwconsole ma upgradeall +# - name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! +# command: fwconsole ma upgradeall + +# 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 +- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help the ~15 modules below to install!) + command: fwconsole ma downloadinstall framework + +- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 + command: fwconsole reload + +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - NOTE THIS CAN TAKE SEVERAL MINUTES + command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail # - name: FreePBX - Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_use_nginx" # lineinfile: From 75b5e6d91f3287df5d759d7abaaece2a1b0f4cc1 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 May 2022 01:12:29 -0400 Subject: [PATCH 077/344] freepbx.yml: Skip 'fwconsole reload' for now (requires Asterisk live) --- roles/pbx/tasks/asterisk.yml | 6 +++--- roles/pbx/tasks/freepbx.yml | 11 ++++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index f79b360c5..bf4eb87e2 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -55,7 +55,7 @@ # name: aptitude # state: latest -- name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 5 MIN OR LONGER! +- name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install args: chdir: "{{ asterisk_src_dir }}" @@ -88,13 +88,13 @@ args: chdir: "{{ asterisk_src_dir }}" -- name: Asterisk - Run 'make' - CAN TAKE 8-30 MIN OR LONGER! +- name: Asterisk - Run 'make' - CAN TAKE 4-30 MIN OR LONGER! command: make args: chdir: "{{ asterisk_src_dir }}" creates: defaults.h -- name: Asterisk - Run 'make install' - CAN TAKE 2 MIN OR LONGER! +- name: Asterisk - Run 'make install' - CAN TAKE TIME 1-2 MIN W/ SLOW DISKS? command: make install args: chdir: "{{ asterisk_src_dir }}" diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index a94c30681..5481a734c 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -226,7 +226,7 @@ dest: /etc/asterisk/cdr_mysql.conf -- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - CAN TAKE 3-12 MIN OR LONGER! +- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) command: "{{ item }}" args: chdir: "{{ freepbx_src_dir }}" @@ -277,13 +277,14 @@ # command: fwconsole ma upgradeall # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 -- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help the ~15 modules below to install!) +- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help the ~15 modules below install!) command: fwconsole ma downloadinstall framework -- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 - command: fwconsole reload +# ERROR: "Unable to connect to remote asterisk" +# - name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +# command: fwconsole reload -- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - NOTE THIS CAN TAKE SEVERAL MINUTES +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail # - name: FreePBX - Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_use_nginx" From d98a6c70a4fc121fc50eee666bea6403029a08fe Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 May 2022 01:53:52 -0400 Subject: [PATCH 078/344] Try installing 1+15 FreePBX modules BEFORE forcing off Asterisk --- roles/pbx/tasks/freepbx.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 5481a734c..4c98133a4 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -236,6 +236,18 @@ - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} +# 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 +- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!) + command: fwconsole ma downloadinstall framework + +# ERROR IF RUN BELOW: "Unable to connect to remote asterisk" +- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 + command: fwconsole reload + +# DEFAULT MODULE LIST: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! + command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail + - name: FreePBX - Run 'fwconsole stop', 'killall -9 safe_asterisk' to stop both main Asterisk processes - this avoids "Unable to run Pre-Asterisk hooks, because Asterisk is already running" in 'journalctl -u freepbx' logs command: "{{ item }}" with_items: @@ -276,17 +288,6 @@ # - name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! # command: fwconsole ma upgradeall -# 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 -- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help the ~15 modules below install!) - command: fwconsole ma downloadinstall framework - -# ERROR: "Unable to connect to remote asterisk" -# - name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 -# command: fwconsole reload - -- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! - command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail - # - name: FreePBX - Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_use_nginx" # lineinfile: # path: /etc/freepbx.conf From 1f2eab54f4fe39b52e7fa4bf6ba0a1562358f135 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 May 2022 01:57:38 -0400 Subject: [PATCH 079/344] pbx/tasks/asterisk.yml: Typo in 'make install' output --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index bf4eb87e2..7c52248bf 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -94,7 +94,7 @@ chdir: "{{ asterisk_src_dir }}" creates: defaults.h -- name: Asterisk - Run 'make install' - CAN TAKE TIME 1-2 MIN W/ SLOW DISKS? +- name: Asterisk - Run 'make install' - CAN TAKE 1-2 MIN W/ SLOW DISKS? command: make install args: chdir: "{{ asterisk_src_dir }}" From 066837fe160792f39bbd44f6ca93150f0325a850 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 May 2022 02:06:14 -0400 Subject: [PATCH 080/344] Delineate sections in 336-line freepbx.yml --- roles/pbx/tasks/freepbx.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 4c98133a4..9ee2ed7a9 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -66,6 +66,7 @@ include_tasks: apache.yml when: pbx_use_apache + # - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} # get_url: # url: "{{ freepbx_url }}/{{ freepbx_src_file }}" @@ -104,6 +105,7 @@ depth: 1 force: yes + # No longer needed since approx 2022-01-31 / 2022-02-14, as confirmed by: # https://github.com/FreePBX/framework/blob/release/16.0/install.php#L27 # https://github.com/FreePBX/framework/blob/release/16.0/installlib/installcommand.class.php#L300 @@ -236,6 +238,7 @@ - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} + # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 - name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!) command: fwconsole ma downloadinstall framework @@ -248,6 +251,7 @@ - name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail + - name: FreePBX - Run 'fwconsole stop', 'killall -9 safe_asterisk' to stop both main Asterisk processes - this avoids "Unable to run Pre-Asterisk hooks, because Asterisk is already running" in 'journalctl -u freepbx' logs command: "{{ item }}" with_items: @@ -284,7 +288,8 @@ src: freepbx.service dest: /etc/systemd/system/ -# Default module list https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 + +# 2022-05-25: Replaced by 'fwconsole ma downloadinstall' commands above # - name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! # command: fwconsole ma upgradeall From 55e673e518f984872b66f43ec08a3e809e6c555c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 26 May 2022 09:36:29 -0400 Subject: [PATCH 081/344] freepbx.yml: Mention 2 new auto-installed FreePBX modules --- roles/pbx/tasks/freepbx.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 9ee2ed7a9..69d6eaf86 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -247,7 +247,8 @@ - name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 command: fwconsole reload -# DEFAULT MODULE LIST: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 +# DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 +# YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 - name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail From 58566cb8ca50caa95e265f41cb587501fb0f970b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 26 May 2022 11:23:34 -0400 Subject: [PATCH 082/344] pbx/README.adoc: THX Ron Raikes for his GitHub approach to installing FreePBX (PR #3229) --- roles/pbx/README.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 51625fd7e..81a2c5403 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -321,4 +321,8 @@ In August 2021 it was overhauled, with thanks to these 3 sources especially: * Comprehensive & recent recipe for Raspberry Pi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html * Popular but dated recipe: https://computingforgeeks.com/how-to-install-asterisk-16-with-freepbx-15-on-ubuntu-debian/ +In May 2022, installation of FreePBX was made more resilient in https://github.com/iiab/iiab/pull/3229[PR #3229] thanks to: + +* Ron Raikes' routine to install FreePBX from GitHub: https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 + Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 858895c50b5b9716378a9ddc7bd4a9669f7a2153 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 26 May 2022 13:56:33 -0400 Subject: [PATCH 083/344] pbx/README.adoc: Update FAQ.IIAB.IO URL's --- roles/pbx/README.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 81a2c5403..36c0f6cbf 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -34,7 +34,7 @@ https://en.wikipedia.org/wiki/FreePBX[FreePBX] is a web-based open source GUI (g Edit /etc/iiab/local_vars.yml to customize your Internet-in-a-Box? [Y/n] ---- + -Accept the challenge! Make sure your IIAB configuration file (http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]) contains: +Accept the challenge! Make sure your IIAB configuration file (https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]) contains: + ---- pbx_install: True @@ -43,7 +43,7 @@ pbx_enabled: True + FreePBX can be used with either or both web servers, NGINX on port 80 (as is new) and/or Apache on port 83 (as is traditional). + -If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB: +If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB: + ---- pbx_use_apache: False @@ -305,9 +305,9 @@ Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on //// == Raspberry Pi Known Issues -As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a http://wiki.laptop.org/go/IIAB/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. +As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. -It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support.3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] +It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support.3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] //// From 876f4461de94bc4e0c7289c6eaff0557549ed9ae Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 27 May 2022 18:55:28 -0400 Subject: [PATCH 084/344] Update kiwix/README.rst --- roles/kiwix/README.rst | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/kiwix/README.rst b/roles/kiwix/README.rst index 0a6aa1741..64c73aaa6 100644 --- a/roles/kiwix/README.rst +++ b/roles/kiwix/README.rst @@ -3,21 +3,21 @@ Kiwix README ============ Kiwix develops ZIM file creation & rendering tools for offline action, -as summarized at: http://wiki.kiwix.org/wiki/Software +as summarized at: https://wiki.kiwix.org/wiki/Software -Internet-in-a-Box uses the kiwix-serve and kiwix-manage executables (in -/opt/iiab/kiwix/bin) to set up and render ZIM files such as Wikipedia, and -other educational materials: http://download.kiwix.org/zim/ +Internet-in-a-Box uses executables like kiwix-manage, kiwix-serve and kiwix-search (in +``/opt/iiab/kiwix/bin``) to set up and render ZIM files (such as Wikipedia, and +other educational materials) typically from https://download.kiwix.org/zim/ Locations --------- -- Your ZIM files go in /library/zims/content -- Your ZIM index files go in directories under /library/zims/index (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!) +- Your ZIM files go in ``/library/zims/content`` +- Your ZIM index files used to go in directories under ``/library/zims/index`` (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!) - The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats) -- Use URL http://box:3000/kiwix/ if you want to avoid the proxy +- Use URL http://box:3000/kiwix if you want to avoid the proxy -Your local ZIM catalog (at /library/zims/library.xml) can be regenerated by running: -/usr/bin/iiab-make-kiwix-lib +Your ``/library/zims/library.xml`` (containing essential metadata for the ZIM files you've installed) can be regenerated if necessary, by running: +``/usr/bin/iiab-make-kiwix-lib`` -See "How do I add ZIM files, like Wikipedia?" at http://FAQ.IIAB.IO +See also "How do I add ZIM files, like Wikipedia?" at http://FAQ.IIAB.IO From 2678d79b2fdaaa5354191e09910bcf3e11694ac7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 27 May 2022 19:53:15 -0400 Subject: [PATCH 085/344] Update kiwix/README.rst --- roles/kiwix/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/README.rst b/roles/kiwix/README.rst index 64c73aaa6..e635be2de 100644 --- a/roles/kiwix/README.rst +++ b/roles/kiwix/README.rst @@ -5,7 +5,7 @@ Kiwix README Kiwix develops ZIM file creation & rendering tools for offline action, as summarized at: https://wiki.kiwix.org/wiki/Software -Internet-in-a-Box uses executables like kiwix-manage, kiwix-serve and kiwix-search (in +Internet-in-a-Box uses `kiwix-tools `_ executables like kiwix-manage, kiwix-serve and kiwix-search (in ``/opt/iiab/kiwix/bin``) to set up and render ZIM files (such as Wikipedia, and other educational materials) typically from https://download.kiwix.org/zim/ From 61ada786cdd6173e68df88c06feda539907ea2ae Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 May 2022 14:57:32 -0400 Subject: [PATCH 086/344] iiab-diagnostics: (1) Show commits even if non-root (2) Cleaner "/CANONICAL-PATH/CMD PARAMS" output (3) Lint to [[ $VAR == "" ]] --- scripts/iiab-diagnostics | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 633d467df..c79afa252 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -6,11 +6,14 @@ IIAB_RELEASE=`cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2` OS_VER=`cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2` -#HASH=`cd /opt/iiab/iiab; git log --pretty=format:'%h' -n 1` -HASH1=`cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1` -HASH2=`cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1` YMDT=$(date +%F_%T_%Z) +#HASH=`cd /opt/iiab/iiab; git log --pretty=format:'%h' -n 1` +git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root +HASH1=`cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1` +git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root +HASH2=`cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1` + echo -e "\nGathers IIAB diagnostics into 1 file, to accelerate troubleshooting. USAGE:" echo echo -e " iiab-diagnostics" @@ -19,7 +22,7 @@ echo -e " sudo iiab-diagnostics PATH/FILE1 PATH/FILE2 ... # COMPLETE RESU echo echo -ne "Can you provide a \e[1mshort public nickname:\e[0m (no spaces!) " read nickname < /dev/tty -if [ "$nickname" = "" ]; then +if [[ $nickname == "" ]]; then nickname="NONAME" fi @@ -82,18 +85,21 @@ function cat_dir() { fi } -function cat_cmd() { # $1 = command + params, $2 = explanation +function cat_cmd() { # $1 = command + params, $2 = explanation echo " $1 # $2" echo "=IIAB==========================================================================" >> $outfile - cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right - pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command on right - if [ "$2" = "" ]; then - echo "COMMAND: $pth$1" >> $outfile + #cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right (NOT NEC, 'command -v' does this!) + #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right + pthcmd=$(command -v $1) # Use canonical path on left; Drop params on right + spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between + #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) + if [[ $2 == "" ]]; then + echo "COMMAND: $pthcmd$spc_params" >> $outfile else - echo "COMMAND: $pth$1 # $2" >> $outfile + echo "COMMAND: $pthcmd$spc_params # $2" >> $outfile fi echo >> $outfile - if [ "$pth" = "" ]; then + if [[ $pthcmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else $(echo "eval $1") >> $outfile # eval is nec within backticks, so | (pipes) work: https://stackoverflow.com/a/7184782 @@ -101,7 +107,7 @@ function cat_cmd() { # $1 = command + params, $2 = explan echo >> $outfile } -function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail +function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail echo " $1" echo "=IIAB==========================================================================" >> $outfile cat_file_raw "$1" $2 # e.g. last 100 lines, maximum From 0654e5f6dcf36338638c1335ac87de22b0b24b67 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 29 May 2022 16:37:45 -0400 Subject: [PATCH 087/344] iiab-diagnostics: bash -c "$1" instead of eval/exec to fix globbing --- scripts/iiab-diagnostics | 5 ++++- scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index c79afa252..0002c7ea1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -102,7 +102,10 @@ function cat_cmd() { # $1 = command + params, $2 = explanation if [[ $pthcmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else - $(echo "eval $1") >> $outfile # eval is nec within backticks, so | (pipes) work: https://stackoverflow.com/a/7184782 + bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! + #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. + #eval $1 >> $outfile # Should be identical to below, i.e. insufficient -- "eval" combine ARGs into a single string. + #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT commands like 'ls -l /lib/firmware/brcm/*43455*' FAIL to output lines w/ filenames that contains spaces (ugly IFS issues!) fi echo >> $outfile } diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 715d99b14..f4aef576c 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 110-233 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 119-243 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From fc50d0995121001adc7d3c5b741e96fd99f26e55 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 29 May 2022 16:50:27 -0400 Subject: [PATCH 088/344] iiab-diagnostics: Avoid eval due to globbing "filenames that contain spaces (ugly IFS issues!)" --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 0002c7ea1..1f51df8b1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -105,7 +105,7 @@ function cat_cmd() { # $1 = command + params, $2 = explanation bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. #eval $1 >> $outfile # Should be identical to below, i.e. insufficient -- "eval" combine ARGs into a single string. - #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT commands like 'ls -l /lib/firmware/brcm/*43455*' FAIL to output lines w/ filenames that contains spaces (ugly IFS issues!) + #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT globbing like 'ls -l /lib/firmware/brcm/*43455*' FAILS to output lines w/ filenames that contain spaces (ugly IFS issues!) fi echo >> $outfile } From 4edc6c22bd7175e3c60a226b4f38e1a97b98bd2c Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Tue, 31 May 2022 06:51:57 -0400 Subject: [PATCH 089/344] Fix bug in cookie placement --- roles/matomo/tasks/install.yml | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 5c2303519..ac3aa0e9c 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -35,6 +35,10 @@ method: GET status_code: 200 register: matomo_welcome +- name: debug welcome + debug: + var: matomo_welcome + verbosity: 2 - name: Set a variable for the MATOMO_SESSID cookie set_fact: matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" @@ -52,6 +56,10 @@ timeout: 120 status_code: 200 register: matomo_system_check +- name: debug syscheck + debug: + var: matomo_system_check + verbosity: 2 - name: Matomo Database Setup uri: url: "{{ matomo_url }}index.php?action=databaseSetup" @@ -73,6 +81,20 @@ method: GET status_code: 200 register: matomo_table_creation +- name: Set a variable for the MATOMO_SESSID cookie + set_fact: + matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" + when: + - matomo_table_creation.cookies is defined + - matomo_table_creation.cookies | length > 0 + - cookie.key == "MATOMO_SESSID" + loop: "{{ matomo_table_creation.cookies | dict2items }}" + loop_control: + loop_var: cookie +- name: debug tablecreation + debug: + var: matomo_table_creation + verbosity: 2 - name: Matomo User Setup uri: url: "{{ matomo_url }}index.php?action=setupSuperUser&module=Installation" @@ -89,16 +111,6 @@ body_format: form-urlencoded status_code: 302 register: matomo_setup_superuser -- name: Set a variable for the MATOMO_SESSID cookie - set_fact: - matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" - when: - - matomo_table_creation.cookies is defined - - matomo_table_creation.cookies | length > 0 - - cookie.key == "MATOMO_SESSID" - loop: "{{ matomo_table_creation.cookies | dict2items }}" - loop_control: - loop_var: cookie - name: Configure Matomo to track IIAB uri: url: "{{ matomo_url }}index.php?action=firstWebsiteSetup&module=Installation" From 26727d23d407edd721564a9bb6b062bcb7a9b98a Mon Sep 17 00:00:00 2001 From: tim-moody Date: Tue, 31 May 2022 15:45:38 -0400 Subject: [PATCH 090/344] no services --- vars/local_vars_none.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 vars/local_vars_none.yml diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml new file mode 100644 index 000000000..86401c167 --- /dev/null +++ b/vars/local_vars_none.yml @@ -0,0 +1,11 @@ +# turn off defaults +remoteit_install: False +openvpn_install: False +kalite_install: False +kalite_enabled: False +kiwix_install: False +kiwix_enabled: False +osm_vector_maps_install: False +awstats_install: False +awstats_enabled: False +captiveportal_install: False From fba4bf3ba1659200d9be63306d85b88a0e27ddba Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 2 Jun 2022 19:33:05 -0400 Subject: [PATCH 091/344] mediawiki/defaults/main.yml: new release 1.38.0 --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index b49ce8a83..508208373 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.37 # "1.35" also works -mediawiki_minor_version: 2 +mediawiki_major_version: 1.38 # "1.35" also works +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From f0a5ca750be48f33b736ec4334f2988446d5ffc1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Jun 2022 10:45:48 -0400 Subject: [PATCH 092/344] mediawiki/defaults/main.yml: MediaWiki 1.38.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 508208373..b6c008387 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 2ffbde9b41730b2a71877d850edfcad4dffb78ae Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Jun 2022 12:01:14 -0400 Subject: [PATCH 093/344] kiwix/defaults/main.yml: kiwix-tools 3.3.0 (coming soon) --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 100999da2..66f2de5c5 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-5 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-5 -kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-5 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0 +kiwix_version_i686: kiwix-tools_linux-i586-3.3.0 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From cb1f00467a0c575d5fa22fbeb77498e1a76b9d01 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Jun 2022 19:58:21 -0400 Subject: [PATCH 094/344] mongodb/tasks/install.yml: Remove ancient comment --- roles/mongodb/tasks/install.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 6218c0cea..307b28cf4 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -51,9 +51,6 @@ template: src: mongod.conf.j2 dest: "{{ mongodb_conf }}" # /etc/mongod.conf - #owner: root - #group: root - #mode: 0644 # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") From edb26161db055b724edac5637d2113d4336ada7c Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 01:06:29 -0400 Subject: [PATCH 095/344] test.yml: Document ansible_local.local_facts, ansible_architecture etc --- test.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test.yml b/test.yml index 0b50a13b0..f00fd3b3c 100644 --- a/test.yml +++ b/test.yml @@ -55,4 +55,13 @@ - debug: var: f + - debug: + var: ansible_local.local_facts + - debug: + var: ansible_local.local_facts.os_ver + - debug: + var: ansible_architecture + - debug: + var: ansible_machine + # TEST ANSIBLE COMMANDS/MODULES HERE! From 71beb2c588422655739417baa6f8ac610aacaade Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 03:57:15 -0400 Subject: [PATCH 096/344] WIP: MongoDB Spring Cleaning (bug fixes) for #3236 --- roles/mongodb/tasks/install.yml | 46 ++++++++++++---- .../iiab-mongodb-repair-if-no-lock.j2 | 2 + roles/mongodb/templates/mongodb.service.j2 | 52 +++++++++++++++++-- 3 files changed, 87 insertions(+), 13 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 307b28cf4..2ce01e197 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -55,11 +55,11 @@ # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") -# 32-bit OS's are handled above: this should handle aarch32 including 32-bit Ubuntu -# from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04 32-bit might fail -# untested, and 32-bit Intel might puke as this was orginally deployed for Raspbian. -# (Haven't seen bootable 32-bit Intel installers for a while now.) -# 64-bit OS's proceed below. +# 32-bit OS's are handled above: this should handle aarch32 including 32-bit +# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04 32-bit +# might fail untested, and 32-bit Intel might puke as this was orginally +# deployed for Raspbian. (Haven't seen bootable 32-bit Intel installers for a +# while now.) 64-bit OS's proceed below. - block: - name: Add mongodb.org signing key (only 64-bit support available) @@ -111,15 +111,43 @@ - mongodb-org-server state: present - - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} (mongodb_conf) -- takes effect on next (re)start of the service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + - name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand lineinfile: path: "{{ mongodb_conf }}" - regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899 - #backrefs: yes + regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 + line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb + + # GRATUITOUS (port 27017 is already the default) + - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + lineinfile: + path: "{{ mongodb_conf }}" + regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899 line: " port: {{ mongodb_port }}" # 27017 + # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4 also reveals: + # (1) dbPath fix in /etc/mongod.conf (~12 lines above) from /var/lib/mongodb + # to /library/dbdata/mongodb + # (2) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID + # file (it may be zero bytes, but never goes away) as confirmed with + # MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now + # 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock + # (3) mongodb.service should really use a more graceful way to shut down + # than 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). + # (4) MongoDB 6.0 is likely imminent but in the meantime a 2022-01-12 option + # (stanza below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: + # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz + # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ + + - name: OVERWRITING AN APT PACKAGE IS RISKY (IT MIGHT LATER UPDATE + OVERWRITE THIS!) BUT FOR NOW download & unzip 76MB http://download.iiab.io/packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + unarchive: + remote_src: yes + src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" + dest: /usr/bin + when: rpi_model != "none" + # end block - when: (ansible_architecture == "aarch64") or (ansible_architecture == "x86_64") + when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + # 2. CONFIGURE MongoDB FOR IIAB diff --git a/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 b/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 index 790748103..433b98c5d 100644 --- a/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 +++ b/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 @@ -1,5 +1,7 @@ #!/bin/bash +# 2022-06-07: 100% BOGUS+USELESS with MongoDB 4+ -- SEE mongodb.service & #3236 + if [ -f {{ mongodb_db_lock_file }} ]; then echo '"mongod --repair" cannot run when {{ mongodb_db_lock_file }} present.' >&2 # Output to STDERR but keep going, so /etc/systems/system/mongodb.service continues else diff --git a/roles/mongodb/templates/mongodb.service.j2 b/roles/mongodb/templates/mongodb.service.j2 index 1ae050ae8..6e371da7d 100644 --- a/roles/mongodb/templates/mongodb.service.j2 +++ b/roles/mongodb/templates/mongodb.service.j2 @@ -1,3 +1,40 @@ +# 2022-06-07: IS MongoDB's OFFICIAL /lib/systemd/system/mongod.service USEFUL? + +# [Unit] +# Description=MongoDB Database Server +# Documentation=https://docs.mongodb.org/manual +# After=network-online.target +# Wants=network-online.target + +# [Service] +# User=mongodb +# Group=mongodb +# EnvironmentFile=-/etc/default/mongod +# ExecStart=/usr/bin/mongod --config /etc/mongod.conf +# PIDFile=/var/run/mongodb/mongod.pid +# # file size +# LimitFSIZE=infinity +# # cpu time +# LimitCPU=infinity +# # virtual memory size +# LimitAS=infinity +# # open files +# LimitNOFILE=64000 +# # processes/threads +# LimitNPROC=64000 +# # locked memory +# LimitMEMLOCK=infinity +# # total threads (user+kernel) +# TasksMax=infinity +# TasksAccounting=false + +# # Recommended limits for mongod as specified in +# # https://docs.mongodb.com/manual/reference/ulimit/#recommended-ulimit-settings + +# [Install] +# WantedBy=multi-user.target + + [Unit] Description=High-performance, schema-free document-oriented database After=syslog.target network.target @@ -6,15 +43,22 @@ After=syslog.target network.target Type=simple User=mongodb Group=mongodb -# FAILS (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942) +{% if not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") %} +# USED TO FAIL (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942) #ExecStartPre=/usr/bin/mongod --repair --dbpath /library/dbdata/mongodb # FAILS as systemd cannot run bash here: #ExecStartPre=if [ ! -f /library/dbdata/mongodb/mongod.lock ]; then /usr/bin/mongod --repair --dbpath {{ mongodb_db_path }}; fi +# 2022-06-07: MIGHT STILL BE USEFUL for MongoDB 3.x (i.e. on 32-bit RasPiOS) ExecStartPre=/usr/bin/iiab-mongodb-repair-if-no-lock +{% endif %} ExecStart=/usr/bin/mongod -f {{ mongodb_conf }} -ExecStop=/usr/bin/killall mongod -# killall's SIGTERM (15) seems fine, to induce a graceful stop. This would work too: -#ExecStop=mongod --dbpath {{ mongodb_db_path }} --shutdown +#ExecStop=/usr/bin/killall mongod +# killall's SIGTERM (15) above no longer induces a graceful stop w/ MongoDB 5+ +# https://www.mongodb.com/docs/manual/reference/method/db.shutdownServer/ +# https://www.mongodb.com/docs/v5.0/reference/command/shutdown/ +# https://www.mongodb.com/docs/v6.0/reference/command/shutdown/ +ExecStop=/usr/bin/mongod -f {{ mongodb_conf }} --shutdown +#ExecStop=/usr/bin/mongod --dbpath {{ mongodb_db_path }} --shutdown [Install] WantedBy=multi-user.target From 64e178c822a32961a6538392eba65e973afe95fa Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 13:52:20 -0400 Subject: [PATCH 097/344] test.yml: Document ansible_facts['distribution'] etc --- test.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/test.yml b/test.yml index f00fd3b3c..ad68e07da 100644 --- a/test.yml +++ b/test.yml @@ -56,9 +56,19 @@ var: f - debug: - var: ansible_local.local_facts + var: ansible_local.local_facts # SEE: /opt/iiab/iiab/scripts/local_facts.fact - debug: var: ansible_local.local_facts.os_ver + + # Since Ansible 2.7, avoid ansible_distribution: https://github.com/iiab/iiab/pull/3237 + # https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html#commonly-used-facts + + - debug: + var: ansible_facts['distribution'] # ansible_facts.distribution ? + - debug: + var: ansible_facts['os_family'] # ansible_facts.os_family ? + - debug: + var: ansible_facts['distribution_major_version'] # ansible_facts.distribution_major_version ? - debug: var: ansible_architecture - debug: From 4084fd1ade21f913503dd2c2cdc94dbc1e99c84d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 7 Jun 2022 14:05:51 -0400 Subject: [PATCH 098/344] test.yml: YAML disallows tab indentation, #3239 --- test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.yml b/test.yml index ad68e07da..5364223a5 100644 --- a/test.yml +++ b/test.yml @@ -38,7 +38,7 @@ #a: b: c: # Space - #d: # Tab + #d: # Tabs NO LONGER ALLOWED, in strict YAML: https://stackoverflow.com/a/19976827 e: '' f: "" From 35fa7634d90e9089370b76ca42979f0446a202f3 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 15:47:04 -0400 Subject: [PATCH 099/344] Unblock Kolibri 0.15.3 install on Ubuntu 22.04+ --- roles/7-edu-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 327b1ca3f..b7dd56855 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: kolibri_install - name: KIWIX include_role: From 56e5cc48b9c0eec3415ac73741224b3297ca4104 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 23:22:35 -0400 Subject: [PATCH 100/344] WIP: Tighten up roles/mongodb --- roles/mongodb/tasks/install.yml | 80 ++++++++++++++++++++------------- roles/mongodb/tasks/main.yml | 15 ++++--- 2 files changed, 57 insertions(+), 38 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 2ce01e197..fa5f94ac7 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -67,7 +67,7 @@ args: warn: false - - name: Use mongodb-org's Debian repo for Debian (only amd64 support available) + - name: Use mongodb-org's Debian repo for Debian on x86_64 (only amd64 support available) apt_repository: # 2020-10-28: http://repo.mongodb.org/apt/debian/dists/ supports only # {buster 10, stretch 9, jessie 8, wheezy 7} @@ -76,38 +76,45 @@ #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org - when: is_debian and (ansible_architecture == "x86_64") + when: is_debian and ansible_architecture == "x86_64" - # Debian 10 aarch64 might work below but is blocked in main.yml - - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 + - name: Otherwise use mongodb-org's Ubuntu focal repo [ arch=amd64,arm64 ] apt_repository: repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse state: present filename: mongodb-org - when: is_raspbian and (ansible_architecture == "aarch64") + when: not (is_debian and ansible_architecture == "x86_64") - - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only - apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - state: present - filename: mongodb-org - when: is_linuxmint + # # Debian 10 aarch64 might work below but is blocked in main.yml + # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 + # apt_repository: + # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + # state: present + # filename: mongodb-org + # when: is_raspbian and (ansible_architecture == "aarch64") - - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only - apt_repository: - # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only - # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} - # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse - state: present - filename: mongodb-org - when: is_ubuntu and not is_linuxmint + # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only + # apt_repository: + # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + # state: present + # filename: mongodb-org + # when: is_linuxmint + + # - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only + # apt_repository: + # # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only + # # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} + # # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: + # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + # #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse + # state: present + # filename: mongodb-org + # when: is_ubuntu and not is_linuxmint - name: "Install packages: mongodb-org, mongodb-org-server" package: name: - - mongodb-org + - mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?) - mongodb-org-server state: present @@ -124,21 +131,32 @@ regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899 line: " port: {{ mongodb_port }}" # 27017 - # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4 also reveals: - # (1) dbPath fix in /etc/mongod.conf (~12 lines above) from /var/lib/mongodb - # to /library/dbdata/mongodb - # (2) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID + # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... + # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 + # ...as ARM v8-A < ARM v8.2-A ...also reveals: + # + # (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. + # For AMD x86_64, MongoDB 5.x requires Bulldozer or later. + # Roughly speaking, this means CPUs with AVX instructions: + # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 + # (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from + # /var/lib/mongodb to /library/dbdata/mongodb + # (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID # file (it may be zero bytes, but never goes away) as confirmed with # MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now # 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock - # (3) mongodb.service should really use a more graceful way to shut down - # than 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). - # (4) MongoDB 6.0 is likely imminent but in the meantime a 2022-01-12 option - # (stanza below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: + # (4) mongodb.service needed a more graceful way to shut down than + # 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). + # (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12 + # lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - name: OVERWRITING AN APT PACKAGE IS RISKY (IT MIGHT LATER UPDATE + OVERWRITE THIS!) BUT FOR NOW download & unzip 76MB http://download.iiab.io/packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + - name: Run 'apt-mark hold mongodb-org mongodb-org-server' if hardware is Raspberry Pi (any 64-bit OS) so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + command: apt-mark hold mongodb-org mongodb-org-server + when: rpi_model != "none" + + - name: Unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin, if hardware is Raspberry Pi (any 64-bit OS) unarchive: remote_src: yes src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index e5e2f20ba..b728aac82 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -35,18 +35,19 @@ - debug: var: is_raspbian -# might be able to lift this once we know using bionic would work -- name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64 - fail: # FORCE IT RED THIS ONCE! - msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) - when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian - ignore_errors: yes +# # might be able to lift this once we know using bionic would work +# - name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64 +# fail: # FORCE IT RED THIS ONCE! +# msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) +# when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian +# ignore_errors: yes # ELSE... - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml - when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) + when: mongodb_installed is undefined + # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) - name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) From 56d428ede0ffaa21c0edb3e504bffc5b5d1e7904 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 8 Jun 2022 16:22:32 -0400 Subject: [PATCH 101/344] mongodb/tasks/install.yml: Clean comments & spacing --- roles/mongodb/tasks/install.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index fa5f94ac7..e9ff59322 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -1,4 +1,4 @@ -# 1. INSTALL MongoDB PACKAGES OR BINARIES +# 1. INSTALL MongoDB PACKAGES AND/OR BINARIES # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so # https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/ is @@ -56,10 +56,10 @@ when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # 32-bit OS's are handled above: this should handle aarch32 including 32-bit -# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04 32-bit -# might fail untested, and 32-bit Intel might puke as this was orginally -# deployed for Raspbian. (Haven't seen bootable 32-bit Intel installers for a -# while now.) 64-bit OS's proceed below. +# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and +# 22.04+ 32-bit might fail untested, and 32-bit Intel might puke as this was +# orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel +# installers for a while now.) 64-bit OS's proceed below. - block: - name: Add mongodb.org signing key (only 64-bit support available) @@ -91,7 +91,7 @@ # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse # state: present # filename: mongodb-org - # when: is_raspbian and (ansible_architecture == "aarch64") + # when: is_raspbian and ansible_architecture == "aarch64" # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only # apt_repository: @@ -167,7 +167,6 @@ when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" - # 2. CONFIGURE MongoDB FOR IIAB - name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}' From 14adcdd6c992f2cd77603eb14d98de26f84cff4e Mon Sep 17 00:00:00 2001 From: root Date: Wed, 8 Jun 2022 16:43:59 -0400 Subject: [PATCH 102/344] nodered/tasks/rpi_desk.yml: Interim patch comments out 'pi' on RasPiOS --- roles/nodered/tasks/rpi_desk.yml | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/roles/nodered/tasks/rpi_desk.yml b/roles/nodered/tasks/rpi_desk.yml index bc61c971f..1686994e8 100644 --- a/roles/nodered/tasks/rpi_desk.yml +++ b/roles/nodered/tasks/rpi_desk.yml @@ -30,18 +30,21 @@ - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log -- name: Create /home/pi/.node-red/ directory (rpi) - file: - path: /home/pi/.node-red - state: directory - owner: pi - group: pi - mode: 0775 +# 2022-06-08 #3245: Raspberry Pi OS recently removed the 'pi' user. For now, +# until converging on a longer-term strategy, let's comment out both stanzas. -- name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) - template: - src: settings.js.j2 - dest: /home/pi/.node-red/settings.js - owner: pi - group: pi - mode: 0755 +# - name: Create /home/pi/.node-red/ directory (rpi) +# file: +# path: /home/pi/.node-red +# state: directory +# owner: pi +# group: pi +# mode: 0775 + +# - name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) +# template: +# src: settings.js.j2 +# dest: /home/pi/.node-red/settings.js +# owner: pi +# group: pi +# mode: 0755 From 840eca85cef4d36028e5f7cbb510e5f9d11c47ba Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 15:58:49 -0400 Subject: [PATCH 103/344] Rework + modernize roles/nodered (no more 'pi', ETC) --- .../{nginx.yml => enable-or-disable.yml} | 16 +++ roles/calibre-web/tasks/main.yml | 18 +-- roles/cups/tasks/install.yml | 2 +- .../{nginx.yml => enable-or-disable.yml} | 16 +++ roles/kolibri/tasks/main.yml | 18 +-- roles/nextcloud/tasks/main.yml | 1 - roles/nodered/defaults/main.yml | 7 +- .../{nginx.yml => enable-or-disable.yml} | 18 ++- roles/nodered/tasks/group.yml | 26 ---- roles/nodered/tasks/install.yml | 65 +++++++--- roles/nodered/tasks/main.yml | 18 +-- roles/nodered/tasks/os-integration.yml | 68 +++++++++++ roles/nodered/tasks/rpi_desk.yml | 50 -------- roles/nodered/tasks/settings.yml | 112 ++++++++++++++++++ ...d.service.j2 => nodered.service.j2.unused} | 0 .../{settings.js.j2 => settings.js.j2.unused} | 4 +- roles/pbx/tasks/freepbx.yml | 4 +- roles/sugarizer/tasks/main2.yml | 3 +- 18 files changed, 288 insertions(+), 158 deletions(-) rename roles/calibre-web/tasks/{nginx.yml => enable-or-disable.yml} (67%) rename roles/kolibri/tasks/{nginx.yml => enable-or-disable.yml} (64%) rename roles/nodered/tasks/{nginx.yml => enable-or-disable.yml} (54%) delete mode 100644 roles/nodered/tasks/group.yml create mode 100644 roles/nodered/tasks/os-integration.yml delete mode 100644 roles/nodered/tasks/rpi_desk.yml create mode 100644 roles/nodered/tasks/settings.yml rename roles/nodered/templates/{nodered.service.j2 => nodered.service.j2.unused} (100%) rename roles/nodered/templates/{settings.js.j2 => settings.js.j2.unused} (99%) diff --git a/roles/calibre-web/tasks/nginx.yml b/roles/calibre-web/tasks/enable-or-disable.yml similarity index 67% rename from roles/calibre-web/tasks/nginx.yml rename to roles/calibre-web/tasks/enable-or-disable.yml index 046bc65b8..b196176f9 100644 --- a/roles/calibre-web/tasks/nginx.yml +++ b/roles/calibre-web/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled + systemd: + name: calibre-web + daemon_reload: yes + enabled: yes + state: restarted + when: calibreweb_enabled + +- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled + systemd: + name: calibre-web + enabled: no + state: stopped + when: not calibreweb_enabled + + # TO DO: restore http://box/libros & http://box/livres etc, alongside English (#2195) # RELATED: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index e8be74274..9d6e53333 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -24,23 +24,7 @@ when: calibreweb_installed is undefined -- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled - systemd: - name: calibre-web - daemon_reload: yes - enabled: yes - state: restarted - when: calibreweb_enabled - -- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled - systemd: - name: calibre-web - enabled: no - state: stopped - when: not calibreweb_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'calibre-web' variable values to {{ iiab_ini_file }} diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index ea073de16..d585b42e0 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -49,7 +49,7 @@ blockinfile: path: /etc/cups/cupsd.conf insertafter: '^$' - block: |2 # Indent with 2 spaces, and surround block with 2 comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK" + block: |2 # |n MEANS: Set the block's left edge n CHARACTERS TO THE RIGHT of *this line's* indentation -- where n is {1..9} -- instead of setting its left edge to the 1st non-blank line's indentation below. Also surround block with comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK" AuthType Default Require user @SYSTEM diff --git a/roles/kolibri/tasks/nginx.yml b/roles/kolibri/tasks/enable-or-disable.yml similarity index 64% rename from roles/kolibri/tasks/nginx.yml rename to roles/kolibri/tasks/enable-or-disable.yml index 379339b68..8204b3aee 100644 --- a/roles/kolibri/tasks/nginx.yml +++ b/roles/kolibri/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled + systemd: + name: kolibri + daemon_reload: yes + enabled: yes + state: started + when: kolibri_enabled + +- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled + systemd: + name: kolibri + enabled: no + state: stopped + when: not kolibri_enabled + + - name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_conf_dir }}/kolibri-nginx.conf from template # http://box/kolibri template: src: kolibri-nginx.conf.j2 diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index aebecece9..680724179 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -29,23 +29,7 @@ when: kolibri_installed is undefined -- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled - systemd: - name: kolibri - daemon_reload: yes - enabled: yes - state: started - when: kolibri_enabled - -- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled - systemd: - name: kolibri - enabled: no - state: stopped - when: not kolibri_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 83877e92e..ae5587642 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -26,7 +26,6 @@ - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - when: nginx_enabled - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} diff --git a/roles/nodered/defaults/main.yml b/roles/nodered/defaults/main.yml index f68a595d3..f7cf092a5 100644 --- a/roles/nodered/defaults/main.yml +++ b/roles/nodered/defaults/main.yml @@ -9,9 +9,10 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -nodered_user: Admin -nodered_password: changeme # REMOVE THIS PASSWORD REMINDER LINE AS NECESSARY -nodered_password_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPMNz7q +nodered_linux_user: nodered + +nodered_admin_user: Admin +nodered_admin_pwd_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPMNz7q # Password itself is "changeme" # TO GENERATE A NEW PASSWORD HASH, run 'node-red-admin hash-pw' and enter # the new password. Paste the resulting hash as above, but into your own: diff --git a/roles/nodered/tasks/nginx.yml b/roles/nodered/tasks/enable-or-disable.yml similarity index 54% rename from roles/nodered/tasks/nginx.yml rename to roles/nodered/tasks/enable-or-disable.yml index e7affdab7..87a1c8d2a 100644 --- a/roles/nodered/tasks/nginx.yml +++ b/roles/nodered/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & (Re)start 'nodered' systemd service, if nodered_enabled + systemd: + name: nodered + daemon_reload: yes + enabled: yes + state: restarted + when: nodered_enabled + +- name: Disable & Stop 'nodered' systemd service, if not nodered_enabled + systemd: + name: nodered + enabled: no + state: stopped + when: not nodered_enabled + + - name: Enable http://box/nodered via NGINX, by installing {{ nginx_conf_dir }}/nodered-nginx.conf from template template: src: nodered-nginx.conf.j2 @@ -6,7 +22,7 @@ - name: Disable http://box/nodered via NGINX, by removing {{ nginx_conf_dir }}/nodered-nginx.conf file: - path: "{{ nginx_conf_dir }}/nodered-nginx.conf" # /etc/nginx/conf.d + path: "{{ nginx_conf_dir }}/nodered-nginx.conf" state: absent when: not nodered_enabled diff --git a/roles/nodered/tasks/group.yml b/roles/nodered/tasks/group.yml deleted file mode 100644 index ad4499023..000000000 --- a/roles/nodered/tasks/group.yml +++ /dev/null @@ -1,26 +0,0 @@ -- name: Ensure Linux group 'nodered' exists (if not rpi) - group: - name: nodered - state: present - -- name: Ensure Linux user 'nodered' exists and is added to group 'nodered' (if not rpi) - user: - name: nodered - group: nodered - -- name: Ensure directory /home/nodered/.node-red/ exists (if not rpi) - file: - path: /home/nodered/.node-red - state: directory - owner: nodered - group: nodered - mode: 0775 - -- name: Install /home/nodered/.node-red/settings.js from template, with authentication (if not rpi) - template: - backup: yes - src: settings.js.j2 - dest: /home/nodered/.node-red/settings.js - owner: nodered - group: nodered - mode: 0755 diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 3c95f7408..7ee0a7d73 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -16,7 +16,7 @@ msg: "Node-RED install cannot proceed, as Node.js is not installed." when: nodejs_installed is undefined -# 2020-10-29: not really be nec as Node-RED supports recent Node.js versions +# 2020-10-29: not really nec as Node-RED supports recent Node.js versions #- name: FAIL (STOP THE INSTALL) IF 'nodejs_version != "12.x"' # fail: # msg: "Node-RED install cannot proceed, as it currently requires Node.js 12.x, whereas nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc." @@ -36,7 +36,6 @@ package: name: nodered state: absent - when: nodered_install # 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED # environment, inspired by: @@ -44,15 +43,22 @@ # https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered # https://github.com/iiab/iiab/pull/1497 -- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" - command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard - #command: npm install -g --unsafe-perm node-red@latest node-red-admin@latest node-red-dashboard@latest - # Above "@latest" is recommended by https://nodered.org/docs/hardware/raspberrypi (SHOULD WE CONSIDER?) - when: nodered_install +# https://nodered.org/docs/user-guide/node-red-admin built in since Node-RED +# 1.1.0 (2020-06-30). Run it using: node-red admin +# If you install it separately, run: node-red-admin +# +#- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" +- name: "Globally 'npm install' 2 Node-RED packages: node-red, node-red-dashboard" + #command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard + command: npm install -g --unsafe-perm node-red@latest node-red-dashboard@latest + # Above "@latest" recommended by https://nodered.org/docs/hardware/raspberrypi back in 2019 -- name: "Globally 'npm install' 8 Node-RED learning examples for RPi: node-red-contrib-ibm-watson-iot, node-red-contrib-play-audio, node-red-node-ledborg, node-red-node-ping, node-red-node-pi-sense-hat, node-red-node-random, node-red-node-serialport, node-red-node-smooth" - command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth - when: nodered_install and is_raspbian +# 2022-06-08: New list copied from $EXTRANODES in https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +- name: "Globally 'npm install' 6 Node-RED learning examples IF Raspberry Pi hardware detected: node-red-node-pi-gpio, node-red-node-random, node-red-node-ping, node-red-contrib-play-audio, node-red-node-smooth, node-red-node-serialport" + #command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth + command: npm install -g --unsafe-perm node-red-node-pi-gpio@latest node-red-node-random@latest node-red-node-ping@latest node-red-contrib-play-audio@latest node-red-node-smooth@latest node-red-node-serialport@latest + #command: npm i --unsafe-perm --save --no-progress --no-update-notifier --no-audit --no-fund node-red-node-pi-gpio@latest node-red-node-random@latest node-red-node-ping@latest node-red-contrib-play-audio@latest node-red-node-smooth@latest node-red-node-serialport@latest 2>&1 + when: rpi_model != "none" ## To protect pre-installed packages within /usr/lib/node_modules in graphical ## desktop OS's like Raspbian Desktop & Ubermix, we now only install those that @@ -89,18 +95,39 @@ # creates: /usr/lib/node_modules/node-red-dashboard # when: nodered_install and internet_available -- include_tasks: group.yml - when: nodered_install and not is_raspbian +- include_tasks: settings.yml + #when: not is_raspbian -- include_tasks: rpi_desk.yml - when: nodered_install and is_raspbian +- include_tasks: os-integration.yml +#- include_tasks: rpi_desk.yml +# when: is_raspbian -- name: Install /etc/systemd/system/nodered.service systemd unit file from template - template: - backup: no - src: nodered.service.j2 +# 2022-06-08 OFFICIALLY RECOMMENDED /lib/systemd/system/nodered.service IS: +# https://github.com/node-red/linux-installers/blob/master/resources/nodered.service +# EXPLAINED AT https://nodered.org/docs/faq/customising-systemd-on-pi +# +# AS RECOMMENDED BY OFFICIAL INSTALLER SCRIPT: +# https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +# OFFICIAL INSTRUCTIONS: https://nodered.org/docs/getting-started/local +# https://nodered.org/docs/getting-started/raspberrypi +# +# Should /lib be considered instead of /etc ? +# - name: Install /etc/systemd/system/nodered.service systemd unit file from template +# template: +# src: nodered.service.j2 +# dest: /etc/systemd/system/nodered.service + +- name: Start by downloading https://github.com/node-red/linux-installers/blob/master/resources/nodered.service to /etc/systemd/system/nodered.service + get_url: + url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/nodered.service dest: /etc/systemd/system/nodered.service - # mode: '0666' + timeout: "{{ download_timeout }}" + +- name: Replace every '[=/]pi' with '[=/]{{ nodered_linux_user }}' (nodered_linux_user) in /etc/systemd/system/nodered.service + replace: + path: /etc/systemd/system/nodered.service + regexp: '([=/])pi' # e.g. nodered_linux_user: nodered + replace: '\1{{ nodered_linux_user }}' # \1 is a back-reference to above '=' or '/' -- like sed, but Ansible uses https://docs.python.org/3/library/re.html # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml #- name: Enable proxy_wstunnel apache2 module diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 2add807b2..2b5e3525b 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -24,23 +24,7 @@ when: nodered_installed is undefined -- name: Enable & (Re)start 'nodered' systemd service, if nodered_enabled - systemd: - name: nodered - daemon_reload: yes - enabled: yes - state: restarted - when: nodered_enabled - -- name: Disable & Stop 'nodered' systemd service, if not nodered_enabled - systemd: - name: nodered - enabled: no - state: stopped - when: not nodered_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'nodered' variable values to {{ iiab_ini_file }} diff --git a/roles/nodered/tasks/os-integration.yml b/roles/nodered/tasks/os-integration.yml new file mode 100644 index 000000000..c7b008da3 --- /dev/null +++ b/roles/nodered/tasks/os-integration.yml @@ -0,0 +1,68 @@ +# 2022-06-08: This file used to be rpi_desk.yml + +# 2022-06-09: Crucially, the 3 "dest" dirs (below) exist on all mainline OS's +- name: "Download 3 Node-RED enhancements: Node-RED icon, start menu item, /etc/logrotate.d/nodered" + get_url: + url: "{{ item.url }}" + dest: "{{ item.dest }}" + force: yes + timeout: "{{ download_timeout }}" + with_items: + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-icon.svg + dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/Node-RED.desktop + dest: /usr/share/applications/Node-RED.desktop + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/nodered.rotate + dest: /etc/logrotate.d/nodered + # 2022-06-08: New versions above, pasted from https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg + # dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop + # dest: /usr/share/applications/Node-RED.desktop + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate + # dest: /etc/logrotate.d/nodered + # - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' + # dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' + +#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) +# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' +# when: nodered_install and internet_available and is_raspbian + +#- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' +- name: 'Install 5 executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-reload, node-red-log' + get_url: + url: "{{ item }}" + dest: /usr/bin + mode: a+x + force: yes + timeout: "{{ download_timeout }}" + with_items: + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-start + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-stop + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-restart + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-reload + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-log + # 2022-08-06: New versions above, pasted from https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log + +# 2022-06-08 #3245: Raspberry Pi OS recently removed the 'pi' user. For now, +# until converging on a longer-term strategy, let's comment out both stanzas: + +# - name: Create /home/pi/.node-red/ directory (rpi) +# file: +# path: /home/pi/.node-red +# state: directory +# owner: pi +# group: pi +# mode: 0775 + +# - name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) +# template: +# src: settings.js.j2 +# dest: /home/pi/.node-red/settings.js +# owner: pi +# group: pi +# mode: 0755 diff --git a/roles/nodered/tasks/rpi_desk.yml b/roles/nodered/tasks/rpi_desk.yml deleted file mode 100644 index 1686994e8..000000000 --- a/roles/nodered/tasks/rpi_desk.yml +++ /dev/null @@ -1,50 +0,0 @@ -# TEST UNNEC ICON/MENU FILE PLACEMENT ON RASPIAN LITE TOO ! -- name: 'Download/Install 4 useful items for RPi: Node-RED icon, start menu item, /etc/logrotate.d/nodered, tweaked "Pi cpu temperature.json"' - get_url: - url: "{{ item.url }}" - dest: "{{ item.dest }}" - timeout: "{{ download_timeout }}" - with_items: - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg - dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop - dest: /usr/share/applications/Node-RED.desktop - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate - dest: /etc/logrotate.d/nodered - - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' - dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' - -#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) -# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' -# when: nodered_install and internet_available and is_raspbian - -- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' - get_url: - url: "{{ item }}" - dest: /usr/bin - mode: a+x - timeout: "{{ download_timeout }}" - with_items: - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log - -# 2022-06-08 #3245: Raspberry Pi OS recently removed the 'pi' user. For now, -# until converging on a longer-term strategy, let's comment out both stanzas. - -# - name: Create /home/pi/.node-red/ directory (rpi) -# file: -# path: /home/pi/.node-red -# state: directory -# owner: pi -# group: pi -# mode: 0775 - -# - name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) -# template: -# src: settings.js.j2 -# dest: /home/pi/.node-red/settings.js -# owner: pi -# group: pi -# mode: 0755 diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml new file mode 100644 index 000000000..ade1b61f8 --- /dev/null +++ b/roles/nodered/tasks/settings.yml @@ -0,0 +1,112 @@ +- name: Ensure Linux group '{{ nodered_linux_user }}' exists + group: + name: "{{ nodered_linux_user }}" + state: present + +- name: Ensure nodered_linux_user '{{ nodered_linux_user }}' exists and is added to group '{{ nodered_linux_user }}' + user: + name: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" # Primary group + +- name: Ensure directory /home/{{ nodered_linux_user }}/.node-red/ exists + file: + path: /home/{{ nodered_linux_user }}/.node-red + state: directory + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + mode: 0775 + + +# - name: Install /home/{{ nodered_linux_user }}/.node-red/settings.js from template, with authentication +# template: +# backup: yes +# src: settings.js.j2 +# dest: /home/{{ nodered_linux_user }}/.node-red/settings.js +# owner: "{{ nodered_linux_user }}" +# group: "{{ nodered_linux_user }}" +# mode: 0755 + +# 2022-06-08 some alternative options arising from official installer +# https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +# +# 1) User {{ nodered_linux_user }} run 'node-red admin init' to create /home/{{ NODERED_LINUX_USER }}/.node-red/settings.js +# 2) Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ NODERED_LINUX_USER }}/.node-red/settings.js +# 3) https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js +# +# Approach 1) (THEIR VERY INTERACTIVE SCRIPT) can't be automated like this: +#- name: Run 'node-red admin init' as user '{{ nodered_linux_user }}' to create /home/{{ nodered_linux_user }}/.node-red/settings.js +# command: runuser -u {{ nodered_linux_user }} node-red admin init + +- name: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js + copy: + remote_src: yes + src: /usr/lib/node_modules/node-red/settings.js + dest: /home/{{ nodered_linux_user }}/.node-red/settings.js + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + #mode: preserve # Implied (and required) w/ remote_src, since Ansible 2.6 + + +- name: Splice username and password into /home/{{ nodered_linux_user }}/.node-red/settings.js + blockinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + block: |2 # |n MEANS: Set the block's left edge n CHARACTERS TO THE RIGHT of *this line's* indentation -- where n is {1..9} -- instead of setting its left edge to the 1st non-blank line's indentation below + adminAuth: { + type: "credentials", + users: [{ + username: "{{ nodered_admin_user }}", + password: "{{ nodered_admin_pwd_hash }}", + permissions: "*" + }] + }, + marker: "// {mark} ANSIBLE MANAGED BLOCK" # Surround block with comment lines: "// BEGIN ANSIBLE MANAGED BLOCK", "// END ANSIBLE MANAGED BLOCK" + insertafter: '^module.exports = {$' + #insertbefore: '^}$' + +# 2022-06-09: IF ABOVE SNIPPET ALREADY EXISTS *UNCOMMENTED* IN settings.js, +# THESE WOULD BE NEEDED INSTEAD OF blockinfile: + +# - name: Splice 'username: "{{ nodered_admin_user }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: 'username:' +# line: ' username: "{{ nodered_admin_user }}",' + +# - name: Splice 'password: "{{ nodered_admin_pwd_hash }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: 'password:' +# line: ' password: "{{ nodered_admin_pwd_hash }}",' + + +# 2022-06-09: httpRoot might be going away? Increasingly hidden from +# settings.js which used to say: "property can be used in place of +# 'httpAdminRoot' and 'httpNodeRoot', to apply the same root to both parts." +# +# "httpRoot sets the root url for both admin and node endpoints. +# It overrides the values set by httpAdminRoot and httpNodeRoot" +# https://nodered.org/docs/user-guide/runtime/configuration +# +# - name: Splice "httpRoot: '/{{ nodered_web_path }}'," into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: '^\s*httpRoot:' +# line: " httpRoot: '/{{ nodered_web_path }}'," +# insertafter: '^module.exports = {$' +# #insertbefore: '^}$' + +- name: 'Splice "httpNodeRoot: ''/{{ nodered_web_path }}''," into /home/{{ nodered_linux_user }}/.node-red/settings.js' + lineinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + regexp: '^\s*httpNodeRoot:' + line: " httpNodeRoot: '/{{ nodered_web_path }}'," + insertafter: '^module.exports = {$' + #insertbefore: '^}$' + +- name: 'Splice "httpAdminRoot: ''/{{ nodered_web_path }}''," into /home/{{ nodered_linux_user }}/.node-red/settings.js' + lineinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + regexp: '^\s*httpAdminRoot:' + line: " httpAdminRoot: '/{{ nodered_web_path }}'," + insertafter: '^module.exports = {$' + #insertbefore: '^}$' diff --git a/roles/nodered/templates/nodered.service.j2 b/roles/nodered/templates/nodered.service.j2.unused similarity index 100% rename from roles/nodered/templates/nodered.service.j2 rename to roles/nodered/templates/nodered.service.j2.unused diff --git a/roles/nodered/templates/settings.js.j2 b/roles/nodered/templates/settings.js.j2.unused similarity index 99% rename from roles/nodered/templates/settings.js.j2 rename to roles/nodered/templates/settings.js.j2.unused index 50923671c..c484a4bcb 100644 --- a/roles/nodered/templates/settings.js.j2 +++ b/roles/nodered/templates/settings.js.j2.unused @@ -118,8 +118,8 @@ module.exports = { adminAuth: { type: "credentials", users: [{ - username: "{{ nodered_user }}", - password: "{{ nodered_password_hash }}", + username: "{{ nodered_admin_user }}", + password: "{{ nodered_admin_pwd_hash }}", permissions: "*" }] }, diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 69d6eaf86..bbe5287d9 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -190,11 +190,11 @@ - name: "FreePBX - Populate /etc/asterisk/freepbx_chown.conf to prevent 'fwconsole chown' takeover of /var/lib/php/sessions" # And possibly later /etc/freepbx.conf, /var/log/asterisk/freepbx.log, /var/spool/asterisk/cache blockinfile: - content: | + path: /etc/asterisk/freepbx_chown.conf + block: | [blacklist] directory = /var/lib/php/sessions marker: "; {mark} ANSIBLE MANAGED BLOCK" - dest: /etc/asterisk/freepbx_chown.conf owner: asterisk group: asterisk create: yes diff --git a/roles/sugarizer/tasks/main2.yml b/roles/sugarizer/tasks/main2.yml index 88aa786f8..5a719e233 100644 --- a/roles/sugarizer/tasks/main2.yml +++ b/roles/sugarizer/tasks/main2.yml @@ -3,8 +3,7 @@ when: sugarizer_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: enable-or-disable.yml +- include_tasks: enable-or-disable.yml - name: Add 'sugarizer' variable values to {{ iiab_ini_file }} From f813408f05073c2ecbac0411b0813376def74e0b Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 16:07:18 -0400 Subject: [PATCH 104/344] git mv nodered/tasks/group.yml nodered/tasks/settings.yml --- roles/nodered/tasks/settings.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml index ade1b61f8..07b9b4e8b 100644 --- a/roles/nodered/tasks/settings.yml +++ b/roles/nodered/tasks/settings.yml @@ -1,3 +1,5 @@ +# 2022-06-09: This file used to be group.yml + - name: Ensure Linux group '{{ nodered_linux_user }}' exists group: name: "{{ nodered_linux_user }}" From c8e779ab772ec9135062ee3feb835ed5af13d974 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 16:36:22 -0400 Subject: [PATCH 105/344] CAUTION Re: blockinfile acting on /home/nodered/.node-red/settings.js --- roles/nodered/tasks/settings.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml index 07b9b4e8b..22b2f33a6 100644 --- a/roles/nodered/tasks/settings.yml +++ b/roles/nodered/tasks/settings.yml @@ -65,8 +65,8 @@ insertafter: '^module.exports = {$' #insertbefore: '^}$' -# 2022-06-09: IF ABOVE SNIPPET ALREADY EXISTS *UNCOMMENTED* IN settings.js, -# THESE WOULD BE NEEDED INSTEAD OF blockinfile: +# 2022-06-09: IF ABOVE SNIPPET ALREADY EXISTS *UNCOMMENTED* IN settings.js +# *WITHOUT* ANSIBLE MARKERS, THESE WOULD BE NEEDED INSTEAD OF blockinfile: # - name: Splice 'username: "{{ nodered_admin_user }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js # lineinfile: From a5d802ae7ff7edcee9550768d2419a3518b96268 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 17:10:51 -0400 Subject: [PATCH 106/344] Move to nodered/tasks/apache.yml.unused --- roles/nodered/tasks/{apache.yml => apache.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nodered/tasks/{apache.yml => apache.yml.unused} (100%) diff --git a/roles/nodered/tasks/apache.yml b/roles/nodered/tasks/apache.yml.unused similarity index 100% rename from roles/nodered/tasks/apache.yml rename to roles/nodered/tasks/apache.yml.unused From c095851eb2244719dee2e7067612a258a1ceecb7 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 22:50:21 -0400 Subject: [PATCH 107/344] WIP: Softcode 'mongodb_64bit_version: 4.4' --- roles/mongodb/defaults/main.yml | 3 ++ roles/mongodb/tasks/install.yml | 61 +++++++++++++++++++++------------ 2 files changed, 42 insertions(+), 22 deletions(-) diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 1c54103e7..75599850c 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,6 +20,9 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail + # on "pre-2011" CPU's that lack AVX. + mongodb_conf: /etc/mongod.conf mongodb_db_path: "{{ content_base }}/dbdata/mongodb" # /library/dbdata/mongodb mongodb_db_lock_file: "{{ mongodb_db_path }}/mongod.lock" diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index e9ff59322..024e1e438 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -52,6 +52,16 @@ src: mongod.conf.j2 dest: "{{ mongodb_conf }}" # /etc/mongod.conf + - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)' + file: + state: directory + path: "{{ item }}" + owner: mongodb + group: mongodb + with_items: + - /var/lib/mongodb + - /var/log/mongodb + # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") @@ -67,20 +77,20 @@ args: warn: false - - name: Use mongodb-org's Debian repo for Debian on x86_64 (only amd64 support available) + - name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} apt_repository: - # 2020-10-28: http://repo.mongodb.org/apt/debian/dists/ supports only - # {buster 10, stretch 9, jessie 8, wheezy 7} - # so Debian 11 "Bullseye" (testing branch) can revert to buster for now: - repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main + # 2020-10-28 and 2022-06-09: http://repo.mongodb.org/apt/debian/dists/ + # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye + # 11 and Bookworm 12 (testing branch) revert to buster for now: + repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" - - name: Otherwise use mongodb-org's Ubuntu focal repo [ arch=amd64,arm64 ] + - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse state: present filename: mongodb-org when: not (is_debian and ansible_architecture == "x86_64") @@ -128,7 +138,7 @@ - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand lineinfile: path: "{{ mongodb_conf }}" - regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899 + regexp: '^\s*port:' line: " port: {{ mongodb_port }}" # 27017 # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... @@ -137,7 +147,7 @@ # # (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. # For AMD x86_64, MongoDB 5.x requires Bulldozer or later. - # Roughly speaking, this means CPUs with AVX instructions: + # Roughly speaking, this means post-2011 CPUs with AVX instructions: # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 # (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from # /var/lib/mongodb to /library/dbdata/mongodb @@ -152,16 +162,16 @@ # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - name: Run 'apt-mark hold mongodb-org mongodb-org-server' if hardware is Raspberry Pi (any 64-bit OS) so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future command: apt-mark hold mongodb-org mongodb-org-server - when: rpi_model != "none" + when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') - - name: Unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin, if hardware is Raspberry Pi (any 64-bit OS) + - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin unarchive: remote_src: yes src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" dest: /usr/bin - when: rpi_model != "none" + when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') # end block when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" @@ -169,25 +179,32 @@ # 2. CONFIGURE MongoDB FOR IIAB -- name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}' +# - name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}' +# file: +# state: directory +# path: "{{ item }}" +# owner: mongodb +# group: mongodb +# with_items: +# #- { path: '/var/run/mongodb' } +# - /var/lib/mongodb +# - /var/log/mongodb +# - "{{ mongodb_db_path }}" # /library/dbdata/mongodb + +- name: 'Create dir {{ mongodb_db_path }} (mongodb:mongodb)' file: state: directory - path: "{{ item }}" + path: "{{ mongodb_db_path }}" # /library/dbdata/mongodb owner: mongodb group: mongodb - with_items: - #- { path: '/var/run/mongodb' } - - /var/lib/mongodb - - /var/log/mongodb - - "{{ mongodb_db_path }}" # /library/dbdata/mongodb - name: Install mongodb.service, /usr/bin/iiab-mongodb-repair-if-no-lock from templates template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root mode: "{{ item.mode }}" + #owner: root + #group: root with_items: - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' } - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' } From f7d3411df11a64e4a00114ab6051ab28e37fae04 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 23:49:54 -0400 Subject: [PATCH 108/344] Fix + Clarify apt signing key, mongodb_64bit_version --- roles/mongodb/defaults/main.yml | 7 +++++-- roles/mongodb/tasks/install.yml | 10 ++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 75599850c..f42149f8e 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,8 +20,11 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail - # on "pre-2011" CPU's that lack AVX. +mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail on +# "pre-2011" CPU's lacking AVX. VERIFY both X.Y versions exist (+ work!) below: +# +# 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com +# 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu mongodb_conf: /etc/mongod.conf mongodb_db_path: "{{ content_base }}/dbdata/mongodb" # /library/dbdata/mongodb diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 024e1e438..930bd6219 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -1,3 +1,8 @@ +# MongoDB Install Docs: +# https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/ +# https://www.mongodb.com/docs/manual/installation/ + + # 1. INSTALL MongoDB PACKAGES AND/OR BINARIES # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so @@ -72,8 +77,9 @@ # installers for a while now.) 64-bit OS's proceed below. - block: - - name: Add mongodb.org signing key (only 64-bit support available) - shell: wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add - + - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - + #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - args: warn: false From a1656ca6e7a7242e8af61aa82d94a5b5e027554d Mon Sep 17 00:00:00 2001 From: root Date: Sat, 11 Jun 2022 11:52:13 -0400 Subject: [PATCH 109/344] moodle/tasks/enable-or-disable.yml like other roles --- .../tasks/{nginx.yml => enable-or-disable.yml} | 15 +++++++++++++++ roles/moodle/tasks/main.yml | 18 +----------------- 2 files changed, 16 insertions(+), 17 deletions(-) rename roles/moodle/tasks/{nginx.yml => enable-or-disable.yml} (53%) diff --git a/roles/moodle/tasks/nginx.yml b/roles/moodle/tasks/enable-or-disable.yml similarity index 53% rename from roles/moodle/tasks/nginx.yml rename to roles/moodle/tasks/enable-or-disable.yml index 65a8eef08..687d6db1e 100644 --- a/roles/moodle/tasks/nginx.yml +++ b/roles/moodle/tasks/enable-or-disable.yml @@ -1,3 +1,18 @@ +- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" + set_fact: + postgresql_install: True + postgresql_enabled: True # Revert just below if... + +- name: "Set 'postgresql_enabled: False' if not moodle_enabled" + set_fact: + postgresql_enabled: False + when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled) + +- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) + include_role: + name: postgresql + + - name: Enable http://box/moodle via NGINX, by installing {{ nginx_conf_dir }}/moodle-nginx.conf from template template: src: moodle-nginx.conf.j2 diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 5c4e6bf73..56289248c 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -24,23 +24,7 @@ when: moodle_installed is undefined -- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" - set_fact: - postgresql_install: True - postgresql_enabled: True # Revert just below if... - -- name: "Set 'postgresql_enabled: False' if not moodle_enabled" - set_fact: - postgresql_enabled: False - when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled) - -- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) - include_role: - name: postgresql - - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'moodle' variable values to {{ iiab_ini_file }} From 8260890840031634e79fee32057a149551df8b8b Mon Sep 17 00:00:00 2001 From: root Date: Sat, 11 Jun 2022 13:19:57 -0400 Subject: [PATCH 110/344] iiab-diagnostics: 'df -ah' for disk usage detail --- scripts/iiab-diagnostics | 1 + scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 1f51df8b1..b6c834b42 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -198,6 +198,7 @@ cat_cmd 'uname -a' 'Linux kernel' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' cat_cmd 'df -h' 'Disk usage' +cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' cat_cmd 'blkid' 'Mount point details' cat_cmd 'ip addr' 'Network interfaces' diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index f4aef576c..6ba4c8ca2 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 119-243 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 119-244 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 0381225f531db6db3024fdef9ba2f7d760205868 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sun, 12 Jun 2022 06:27:27 -0400 Subject: [PATCH 111/344] Fix remaining bugs --- roles/matomo/tasks/install.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index ac3aa0e9c..4cad7236d 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -105,7 +105,7 @@ login: "{{ mdb_username }}" password: "{{ mdb_password }}" password_bis: "{{ mdb_password }}" - e-mail: "nobody@dev.null" + email: "nobody@dev.null" subscribe_newsletter_piwikorg: 0 subscribe_newsletter_professionalservices: 0 body_format: form-urlencoded @@ -118,7 +118,7 @@ headers: Cookie: "{{ matomo_session_cookie }}" body: - name: "IIAB" + siteName: "IIAB" url: "{{ host_url }}" timezone: "Europe/London" ecommerce: 0 @@ -161,11 +161,3 @@ job: "{{ matomo_cronjob }}" user: root cron_file: "matomo_daily" -- name: Set Matomo state variable - set_fact: - matomo_installed: True -- name: Set Matomo state variable in IIAB state file - lineinfile: - path: "{{ iiab_state_file }}" - regexp: '^matomo_installed' - line: 'matomo_installed: True' From 7c43cddedc3d58a1078c799f783e7e881153b82c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Jun 2022 23:41:56 -0400 Subject: [PATCH 112/344] pbx/tasks/freepbx.yml: Remove gratuitous 'state: present' from mysql_user, myqsl_db --- roles/pbx/tasks/freepbx.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index bbe5287d9..1fa9c98cc 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -151,7 +151,6 @@ # login_user: root # login_password: "{{ mysql_root_password }}" host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}" - state: present - name: FreePBX - Add MySQL db ({{ asterisk_db_dbname }}) mysql_db: @@ -161,7 +160,6 @@ login_host: "{{ asterisk_db_host }}" login_user: "{{ asterisk_db_user }}" login_password: "{{ asterisk_db_password }}" - state: present - name: FreePBX - Add CDR MySQL db ({{ asterisk_db_cdrdbname }}) mysql_db: @@ -171,7 +169,6 @@ login_host: "{{ asterisk_db_host }}" login_user: "{{ asterisk_db_user }}" login_password: "{{ asterisk_db_password }}" - state: present # 2021-08-16: DOES NGINX NEED THE NEXT 2 STANZAS? (If not, should 'when: pbx_use_apache' be added?) From 4e04780ec568e82483abde3377442f746b8c6fba Mon Sep 17 00:00:00 2001 From: root Date: Wed, 15 Jun 2022 02:40:28 -0400 Subject: [PATCH 113/344] Matomo-IIAB integration begins --- roles/0-init/tasks/validate_vars.yml | 3 +- roles/8-mgmt-tools/tasks/main.yml | 4 +- roles/matomo/README.adoc | 48 ++++++++++ roles/matomo/defaults/main.yml | 18 ++++ roles/matomo/tasks/install.yml | 128 +++++++++++++++++---------- roles/matomo/tasks/main.yml | 52 +++++++++-- vars/default_vars.yml | 4 + vars/local_vars_large.yml | 4 + vars/local_vars_medium.yml | 4 + vars/local_vars_small.yml | 4 + vars/local_vars_unittest.yml | 4 + 11 files changed, 214 insertions(+), 59 deletions(-) create mode 100644 roles/matomo/README.adoc create mode 100644 roles/matomo/defaults/main.yml diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f29525daf..764d39f31 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -95,6 +95,7 @@ - gitea - jupyterhub - lokole + - matomo - mediawiki - mosquitto - nodejs # Dependency - excluded from _installed check below diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index d9ea58dc1..61ac785ad 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -12,12 +12,12 @@ include_role: name: awstats when: awstats_install - + - name: MATOMO include_role: name: matomo when: matomo_install - + - name: MONIT include_role: name: monit diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc new file mode 100644 index 000000000..fa4f2e980 --- /dev/null +++ b/roles/matomo/README.adoc @@ -0,0 +1,48 @@ += Matomo README + +https://matomo.org/[Matomo] is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership, that you can use with https://internet-in-a-box.org[Internet-in-a-Box] (IIAB). + +== Install it + +Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] + +One way to do that is by changing these 2 lines: + +---- +iiab_hostname: box +iiab_domain: lan +---- + +Or, you can change the Matomo URL by putting your IIAB IP Address in a line like: + +---- +matomo_host_url: http://192.168.0.199 +---- + +Either way, consider setting a Matomo username and password using lines like: + +---- +matomo_db_user: Admin +matomo_db_pass: changeme +---- + +Also ensure that your `/etc/iiab/local_vars.yml` contains these lines: + +---- +matomo_install: True +matomo_enabled: True +---- + +_Finally, continue to https://download.iiab.io[install IIAB], e.g. by running `sudo iiab`, until software installation is complete._ + +== Use it + +Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged above. + +Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ + +WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) + +== Credits + +Carl Wivagg diff --git a/roles/matomo/defaults/main.yml b/roles/matomo/defaults/main.yml new file mode 100644 index 000000000..1ec6c8500 --- /dev/null +++ b/roles/matomo/defaults/main.yml @@ -0,0 +1,18 @@ +# matomo_install: True +# matomo_enabled: True + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! + +matomo_dl_url: https://builds.matomo.org/matomo.tar.gz +matomo_path: "{{ doc_root }}" # e.g. /library/www/html + +matomo_db_name: matomodb +matomo_db_user: Admin +matomo_db_pass: changeme + +#matomo_host_url: http://{{ ansible_default_ipv4.address }} +matomo_host_url: http://{{ iiab_hostname }}.{{ iiab_domain }} # e.g. http://box.lan +matomo_full_url: "{{ matomo_host_url }}/matomo/" + +matomo_cronjob: "sudo python3 {{ matomo_path }}/matomo/misc/log-analytics/import_logs.py --url={{ matomo_full_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log" diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 4cad7236d..a36e1d3ec 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -1,44 +1,57 @@ # The sections of code interacting with the Matomo website are modified from code found at https://git.coop/webarch/matomo/. This code is distributed under # Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running -# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 29 through 126. +# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156. + +- name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/html/matomo already exists" + meta: noop + +# EXAMPLE OF ABOVE ERROR: + +# TASK [matomo : HTTP Get Welcome] *************************************************************************************************************************************** +# fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} - name: Start MariaDB - action: service name=mysql state=started + #action: service name=mysql state=started + systemd: + name: "{{ mysql_service }}" + state: started + - name: Create MariaDB Database for Matomo community.mysql.mysql_db: - name: "{{ mdb_dbname }}" - state: present - login_unix_socket: /var/run/mysqld/mysqld.sock + name: "{{ matomo_db_name }}" + #login_unix_socket: /var/run/mysqld/mysqld.sock + - name: Add Admin User to MariaDB Database community.mysql.mysql_user: - name: "{{ mdb_username }}" - password: "{{ mdb_password }}" - host: localhost - state: present - update_password: on_create - priv: "{{ mdb_dbname }}.*:ALL" - login_unix_socket: /var/run/mysqld/mysqld.sock -- name: Download and Extract Matomo + name: "{{ matomo_db_user }}" + password: "{{ matomo_db_pass }}" + update_password: on_create # OR SHOULD './runrole --reinstall matomo' FORCE A COMPLETELY CLEAN INSTALL? + priv: "{{ matomo_db_name }}.*:ALL" + #login_unix_socket: /var/run/mysqld/mysqld.sock + +- name: Download and Extract Matomo (~1 min) unarchive: - src: https://builds.matomo.org/matomo.zip - dest: "{{ nginx_loc }}" + src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.zip + dest: "{{ matomo_path }}" # e.g. /library/www/html remote_src: yes + - name: Set Matomo Directory Permissions file: - path: "{{ nginx_loc }}/matomo" + path: "{{ matomo_path }}/matomo" recurse: yes - owner: www-data - group: www-data + owner: "{{ apache_user }}" # e.g. www-data + group: "{{ apache_user }}" + - name: HTTP Get Welcome uri: - url: "{{ matomo_url }}index.php?action=welcome" + url: "{{ matomo_full_url }}index.php?action=welcome" # e.g. http://box.lan/matomo method: GET status_code: 200 register: matomo_welcome -- name: debug welcome - debug: + +- debug: var: matomo_welcome - verbosity: 2 + - name: Set a variable for the MATOMO_SESSID cookie set_fact: matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" @@ -46,9 +59,10 @@ loop: "{{ matomo_welcome.cookies | dict2items }}" loop_control: loop_var: cookie + - name: Get Matomo System Check uri: - url: "{{matomo_url}}index.php?action=systemCheck" + url: "{{ matomo_full_url }}index.php?action=systemCheck" method: GET headers: Cookie: "{{ matomo_session_cookie }}" @@ -56,31 +70,33 @@ timeout: 120 status_code: 200 register: matomo_system_check -- name: debug syscheck - debug: + +- debug: var: matomo_system_check - verbosity: 2 + - name: Matomo Database Setup uri: - url: "{{ matomo_url }}index.php?action=databaseSetup" + url: "{{ matomo_full_url }}index.php?action=databaseSetup" method: POST headers: Cookie: "{{ matomo_session_cookie }}" body: - username: "{{ mdb_username }}" - password: "{{ mdb_password }}" - dbname: "{{ mdb_dbname }}" + username: "{{ matomo_db_user }}" + password: "{{ matomo_db_pass }}" + dbname: "{{ matomo_db_name }}" tables_prefix: "matomo_" adapter: "PDO\\MYSQL" body_format: form-urlencoded status_code: 302 - register: matomo_database_setup + #register: matomo_database_setup + - name: Matomo Table Creation uri: - url: "{{ matomo_url }}index.php?action=tablesCreation&module=Installation" + url: "{{ matomo_full_url }}index.php?action=tablesCreation&module=Installation" method: GET status_code: 200 register: matomo_table_creation + - name: Set a variable for the MATOMO_SESSID cookie set_fact: matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" @@ -91,52 +107,55 @@ loop: "{{ matomo_table_creation.cookies | dict2items }}" loop_control: loop_var: cookie -- name: debug tablecreation - debug: + +- debug: var: matomo_table_creation - verbosity: 2 + - name: Matomo User Setup uri: - url: "{{ matomo_url }}index.php?action=setupSuperUser&module=Installation" + url: "{{ matomo_full_url }}index.php?action=setupSuperUser&module=Installation" method: POST headers: Cookie: "{{ matomo_session_cookie }}" body: - login: "{{ mdb_username }}" - password: "{{ mdb_password }}" - password_bis: "{{ mdb_password }}" + login: "{{ matomo_db_user }}" + password: "{{ matomo_db_pass }}" + password_bis: "{{ matomo_db_pass }}" email: "nobody@dev.null" subscribe_newsletter_piwikorg: 0 subscribe_newsletter_professionalservices: 0 body_format: form-urlencoded status_code: 302 - register: matomo_setup_superuser + #register: matomo_setup_superuser + - name: Configure Matomo to track IIAB uri: - url: "{{ matomo_url }}index.php?action=firstWebsiteSetup&module=Installation" + url: "{{ matomo_full_url }}index.php?action=firstWebsiteSetup&module=Installation" method: POST headers: Cookie: "{{ matomo_session_cookie }}" body: siteName: "IIAB" - url: "{{ host_url }}" - timezone: "Europe/London" + url: "{{ matomo_host_url }}" + timezone: "Europe/London" # CONSIDER IIAB'S OWN TIMEZONE? (Or if that's too hard, UTC to avoid UK's March + October time changes?) ecommerce: 0 body_format: form-urlencoded status_code: 302 - register: matomo_first_website_setup + #register: matomo_first_website_setup + - name: Matomo Tracking Code uri: - url: "{{ matomo_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name={{ host_url }}" + url: "{{ matomo_full_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name={{ matomo_host_url }}" method: GET headers: Cookie: "{{ matomo_session_cookie }}" return_content: true status_code: 200 - register: matomo_tracking_code + #register: matomo_tracking_code + - name: Finish Matomo Setup uri: - url: "{{ matomo_url }}index.php?action=finished&module=Installation" + url: "{{ matomo_full_url }}index.php?action=finished&module=Installation" method: POST headers: Cookie: "{{ matomo_session_cookie }}" @@ -146,6 +165,7 @@ submit: "Continue to Matomo" body_format: form-urlencoded status_code: 302 + - name: Start Collecting Matomo Data cron: name: "MatomoDataIngestionOnReboot" @@ -153,6 +173,7 @@ job: "{{ matomo_cronjob }}" user: root cron_file: "matomo_reboot" + - name: Run Daily Job Collecting Matomo Data cron: name: "DailyMatomoDataIngestion" @@ -161,3 +182,16 @@ job: "{{ matomo_cronjob }}" user: root cron_file: "matomo_daily" + + +# RECORD Matomo AS INSTALLED + +- name: "Set 'matomo_installed: True'" + set_fact: + matomo_installed: True + +- name: "Add 'matomo_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^matomo_installed' + line: 'matomo_installed: True' diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 799b171cf..1c08e3fac 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -1,11 +1,45 @@ -- name: Install Matomo main +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 + +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "matomo_install is sameas true" (boolean not string etc) + assert: + that: matomo_install is sameas true + fail_msg: "PLEASE SET 'matomo_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "matomo_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: matomo_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'matomo_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: matomo_installed is undefined - vars: - nginx_loc: "/library/www/html" - mdb_dbname: "matomodb" - mdb_username: "iiab-admin" - mdb_password: "g0adm1n" - host_url: "http://{{ ansible_default_ipv4.address}}" - matomo_url: "{{ host_url }}/matomo/" - matomo_cronjob: "sudo python3 /library/www/html/matomo/misc/log-analytics/import_logs.py --url={{ matomo_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log" + + +# LET'S ADD THIS "ON/OFF SWITCH" IF POSS! +# - include_tasks: enable-or-disable.yml + + +- name: Add 'matomo' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: matomo + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Matomo + - option: description + value: '"Matomo is a web analytics alternative to Google Analytics, that focuses on data ownership and privacy."' + - option: matomo_install + value: "{{ matomo_install }}" + - option: matomo_enabled + value: "{{ matomo_enabled }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 17b614453..77f5b5d6c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -567,6 +567,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c5cda1688..dca172e6f 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -343,6 +343,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 0958e1470..f7a3a8642 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -343,6 +343,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index dc2e25bcb..423c2bc53 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -343,6 +343,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 14e90b185..24ae7074d 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -343,6 +343,10 @@ transmission_kalite_languages: awstats_install: False awstats_enabled: False +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: False +matomo_enabled: False + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False From 698e261220d99e6124f70c70abca8f011a0d488a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Jun 2022 03:19:36 -0400 Subject: [PATCH 114/344] validate_vars.yml: Preserve install order (awstats, matomo) --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 764d39f31..2a972370d 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -95,7 +95,6 @@ - gitea - jupyterhub - lokole - - matomo - mediawiki - mosquitto - nodejs # Dependency - excluded from _installed check below @@ -112,6 +111,7 @@ - osm_vector_maps - transmission - awstats + - matomo - monit - munin - phpmyadmin From 4074a75c0fcf3ed964676bb069ffade7f10f7ccb Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Jun 2022 04:01:58 -0400 Subject: [PATCH 115/344] install.yml: Mention matomo.tar.gz (download) --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index a36e1d3ec..becdbd5d7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -31,7 +31,7 @@ - name: Download and Extract Matomo (~1 min) unarchive: - src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.zip + src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz dest: "{{ matomo_path }}" # e.g. /library/www/html remote_src: yes From d4154e09a5721e31b0a241e442e452f44f031327 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Jun 2022 09:07:14 -0400 Subject: [PATCH 116/344] matomo/tasks/main.yml: Update description for iiab.ini --- roles/matomo/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 1c08e3fac..fa30b573f 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -38,7 +38,7 @@ - option: name value: Matomo - option: description - value: '"Matomo is a web analytics alternative to Google Analytics, that focuses on data ownership and privacy."' + value: '"Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership."' - option: matomo_install value: "{{ matomo_install }}" - option: matomo_enabled From c52b3a11342247fa6749cbac6ad974305e45c146 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Wed, 15 Jun 2022 09:58:40 -0400 Subject: [PATCH 117/344] add latest flavor of the month --- vars/local_vars_none.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 86401c167..871068689 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -8,4 +8,6 @@ kiwix_enabled: False osm_vector_maps_install: False awstats_install: False awstats_enabled: False +matomo_install: False +matomo_enabled: False captiveportal_install: False From 5cfebd8cc6b7849b0c0f245dc84b65878b69b8ae Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 16 Jun 2022 13:49:50 -0400 Subject: [PATCH 118/344] on usb mount no symlink if rootfs or /library on device --- roles/usb_lib/templates/mount.d/70-usb-library | 18 +++++++++++++++--- .../usb_lib/templates/umount.d/70-usb-library | 4 ++-- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library b/roles/usb_lib/templates/mount.d/70-usb-library index 11358220d..5b9cfefe8 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library +++ b/roles/usb_lib/templates/mount.d/70-usb-library @@ -12,7 +12,7 @@ source {{ iiab_env_file }} case $IIAB_USB_LIB_SHOW_ALL in 'True'|'true'|'TRUE') - logger -p user.notice -t "70-usb-library" -- "Displaying root directory on $UM_MOUNTPOINT." + logger -p user.notice -t "70-usb-library" -- "Display entire USB drive is True. Checking for rootfs or /library on $UM_MOUNTPOINT." # regularize the variable IIAB_USB_LIB_SHOW_ALL=True ;; @@ -41,8 +41,20 @@ fi if [ -d $UM_MOUNTPOINT/usb ]; then SHARE_DIR="$UM_MOUNTPOINT/usb" fi + if [ "$IIAB_USB_LIB_SHOW_ALL" == "True" ]; then - SHARE_DIR="$UM_MOUNTPOINT" + UM_DEV=`findmnt $UM_MOUNTPOINT | grep / | awk '{print $2}'` + LIB_DEV=`findmnt /library | grep / | awk '{print $2}' |awk -F '[' '{print $1}'` + ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` + if [ "$UM_DEV" == "$LIB_DEV" ]; then + logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing /library" + #echo "lib on dev" + elif [ "$UM_DEV" == "$ROOT_DEV" ]; then + logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing rootfs" + #echo "rootfs on dev" + else + SHARE_DIR="$UM_MOUNTPOINT" + fi fi if [ ! -z "$SHARE_DIR" ]; then @@ -50,7 +62,7 @@ if [ ! -z "$SHARE_DIR" ]; then else logger -p user.notice -t "70-usb-library" -- "did not find /share, /Share, /Piratebox/Share, /USB, or /usb on USB" fi - + if [ "$SHARE_DIR" != "" ];then CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` diff --git a/roles/usb_lib/templates/umount.d/70-usb-library b/roles/usb_lib/templates/umount.d/70-usb-library index 7803b880f..5af914c01 100644 --- a/roles/usb_lib/templates/umount.d/70-usb-library +++ b/roles/usb_lib/templates/umount.d/70-usb-library @@ -16,9 +16,9 @@ logger -p user.notice -t "70-usb-library" -- "Attempting to remove link $CONTENT if [ -L $CONTENT_LINK ]; then {% if is_debuntu %} - /bin/rm $CONTENT_LINK + /bin/rm -f $CONTENT_LINK {% else %} - /usr/bin/rm $CONTENT_LINK + /usr/bin/rm -f $CONTENT_LINK {% endif %} logger -p user.notice -t "70-usb-library" -- "$CONTENT_LINK removed." fi From 645a3e20db30ab88aad6d99b6ceb3c54ef2f487d Mon Sep 17 00:00:00 2001 From: root Date: Fri, 17 Jun 2022 10:53:44 -0400 Subject: [PATCH 119/344] Prototype 'skip_role_on_error: True' in 4 roles {lokole, moodle, mongodb, sugarizer} --- roles/7-edu-apps/tasks/main.yml | 4 +- roles/lokole/tasks/main.yml | 95 ++++++++++++++++++--------------- roles/mongodb/tasks/main.yml | 52 ++++++++++-------- roles/moodle/tasks/main.yml | 49 +++++++++-------- roles/sugarizer/tasks/main.yml | 68 +++++++++++++---------- vars/default_vars.yml | 2 + 6 files changed, 155 insertions(+), 115 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index b7dd56855..f4bdae83b 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: moodle_install # and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: OSM-VECTOR-MAPS include_role: @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: sugarizer_install # and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index 75cc0cc53..45d47d129 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -19,53 +19,62 @@ quiet: yes -- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: lokole_installed is undefined +- block: + + - name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: lokole_installed is undefined -- name: Do a 'systemctl daemon-reload' - systemd: - daemon_reload: yes - when: lokole_enabled + - name: Do a 'systemctl daemon-reload' + systemd: + daemon_reload: yes + when: lokole_enabled -- name: Enable & Restart supervisor systemd service, if lokole_enabled - systemd: - name: supervisor - enabled: yes - state: restarted - when: lokole_enabled + - name: Enable & Restart supervisor systemd service, if lokole_enabled + systemd: + name: supervisor + enabled: yes + state: restarted + when: lokole_enabled -- name: Disable & Stop supervisor systemd service, if not lokole_enabled - systemd: - name: supervisor - enabled: no - state: stopped - when: not lokole_enabled + - name: Disable & Stop supervisor systemd service, if not lokole_enabled + systemd: + name: supervisor + enabled: no + state: stopped + when: not lokole_enabled -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml -- name: Add 'lokole' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: lokole - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Lokole - - option: description - value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."' - #value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."' - - option: lokole_install - value: "{{ lokole_install }}" - - option: lokole_enabled - value: "{{ lokole_enabled }}" - - option: lokole_settings - value: "{{ lokole_settings }}" - - option: lokole_url - value: "{{ lokole_url }}" - - option: lokole_full_url - value: "{{ lokole_full_url }}" + - name: Add 'lokole' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: lokole + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Lokole + - option: description + value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."' + #value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."' + - option: lokole_install + value: "{{ lokole_install }}" + - option: lokole_enabled + value: "{{ lokole_enabled }}" + - option: lokole_settings + value: "{{ lokole_settings }}" + - option: lokole_url + value: "{{ lokole_url }}" + - option: lokole_full_url + value: "{{ lokole_full_url }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index b728aac82..f2ce63d49 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -44,29 +44,37 @@ # ELSE... -- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mongodb_installed is undefined - # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) +- block: -- name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) - include_tasks: enable-or-disable.yml - when: mongodb_installed is defined + - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mongodb_installed is undefined + # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) + - name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) + include_tasks: enable-or-disable.yml + when: mongodb_installed is defined -- name: Add 'mongodb' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mongodb - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: MongoDB - - option: description - value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' - - option: mongodb_install - value: "{{ mongodb_install }}" - - option: mongodb_enabled - value: "{{ mongodb_enabled }}" + - name: Add 'mongodb' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mongodb + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: MongoDB + - option: description + value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' + - option: mongodb_install + value: "{{ mongodb_install }}" + - option: mongodb_enabled + value: "{{ mongodb_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 56289248c..aeb40556f 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -19,28 +19,35 @@ quiet: yes -- name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: moodle_installed is undefined +- block: + - name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: moodle_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'moodle' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: moodle + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Moodle + - option: description + value: '"Access the Moodle learning management system."' + - option: moodle_install + value: "{{ moodle_install }}" + - option: moodle_enabled + value: "{{ moodle_enabled }}" + - option: moodle_base + value: "{{ moodle_base }}" -- name: Add 'moodle' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: moodle - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Moodle - - option: description - value: '"Access the Moodle learning management system."' - - option: moodle_install - value: "{{ moodle_install }}" - - option: moodle_enabled - value: "{{ moodle_enabled }}" - - option: moodle_base - value: "{{ moodle_base }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index e1e6b825b..d0c2ac55a 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -19,39 +19,53 @@ quiet: yes -# 3 stanzas moved up from install.yml, so Debian-or-any-OS-where-MongoDB-fails -# still finish their "LARGE-sized" IIAB install: (WITH LOUD RED WARNINGS!) +- block: -- name: "Set 'mongodb_install: True'" - set_fact: - mongodb_install: True + # 3 stanzas moved up from install.yml, so Debian-or-any-OS-where-MongoDB-fails + # still finish their "LARGE-sized" IIAB install: (WITH LOUD RED WARNINGS!) -- name: 'CAUTION: IF ''mongodb.service'' IS STOPPED FOR ANY REASON, IT WILL IMMEDIATELY CAUSE SUGARIZER TO FAIL ("502 Bad Gateway") !' - debug: - msg: "/etc/systemd/system/sugarizer.service Line 4 'Requires=mongodb.service' tries to auto-start MongoDB every time Sugarizer starts. IIAB (roles/mongodb/tasks/enable-or-disable.yml) tries its best to keep Ansible var 'mongodb_enabled' in sync with its systemd equivalent, i.e. the output of 'systemctl is-enabled mongodb' (as of 2020-10-29 both are typically disabled, unless other apps/services/operators choose to use MongoDB)." + - name: "Set 'mongodb_install: True'" + set_fact: + mongodb_install: True -- name: MONGODB - run 'mongodb' role (attempt to install MongoDB) - include_role: - name: mongodb + - name: 'CAUTION: IF ''mongodb.service'' IS STOPPED FOR ANY REASON, IT WILL IMMEDIATELY CAUSE SUGARIZER TO FAIL ("502 Bad Gateway") !' + debug: + msg: "/etc/systemd/system/sugarizer.service Line 4 'Requires=mongodb.service' tries to auto-start MongoDB every time Sugarizer starts. IIAB (roles/mongodb/tasks/enable-or-disable.yml) tries its best to keep Ansible var 'mongodb_enabled' in sync with its systemd equivalent, i.e. the output of 'systemctl is-enabled mongodb' (as of 2020-10-29 both are typically disabled, unless other apps/services/operators choose to use MongoDB)." + + - name: MONGODB - run 'mongodb' role (attempt to install MongoDB) + include_role: + name: mongodb -- name: EXIT 'sugarizer' ROLE & CONTINUE, IF 'mongodb_installed is undefined' - fail: # FORCE IT RED THIS ONCE! - msg: MongoDB INSTALLATION FAILED, perhaps because your OS is Debian 10 on aarch64? Nevertheless IIAB will continue (consider this a warning!) - when: mongodb_installed is undefined - ignore_errors: yes + # - name: EXIT 'sugarizer' ROLE & CONTINUE, IF 'mongodb_installed is undefined' + # fail: # FORCE IT RED THIS ONCE! + # msg: MongoDB INSTALLATION FAILED, perhaps because MongoDB doesn't yet support Ubuntu 22.04 with libssl3? Nevertheless IIAB will continue (consider this a warning!) + # when: mongodb_installed is undefined + # ignore_errors: yes # RESCUE (BELOW) NOW HANDLES THIS -# ELSE... + - name: Verify that mongodb_installed is defined + fail: + msg: MongoDB INSTALLATION FAILED, perhaps because MongoDB doesn't yet support Ubuntu 22.04 with libssl3? #3190 + when: mongodb_installed is undefined -- name: Install/Enable/Disable/Record Sugarizer (main2.yml) IF 'mongodb_installed is defined' - include_tasks: main2.yml - when: mongodb_installed is defined + # ELSE... -# THE block: APPROACH BELOW WORKS JUST LIKE main2.yml ABOVE. -# BUT IT VISUALLY POLLUTES: MANY BLUE "skipping:" MESSAGES IN ANSIBLE'S OUTPUT. + - name: Install/Enable/Disable/Record Sugarizer (main2.yml) IF 'mongodb_installed is defined' + include_tasks: main2.yml + when: mongodb_installed is defined -# - block: # ENTIRE BLOCK CONDITIONED ON 'when: mongodb_installed is defined' -# -# [MOVED TO main2.yml] -# -# when: mongodb_installed is defined # CONDITION FOR ENTIRE ABOVE block: + # THE block: APPROACH BELOW WORKS JUST LIKE main2.yml ABOVE. + # BUT IT VISUALLY POLLUTES: MANY BLUE "skipping:" MESSAGES IN ANSIBLE'S OUTPUT. + + # - block: # ENTIRE BLOCK CONDITIONED ON 'when: mongodb_installed is defined' + # + # [MOVED TO main2.yml] + # + # when: mongodb_installed is defined # CONDITION FOR ENTIRE ABOVE block: + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 17b614453..22d000eac 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,6 +16,8 @@ iiab_base_ver: 8.0 iiab_revision: 0 +skip_role_on_error: False + iiab_etc_path: /etc/iiab # Main configuration file From 0871592ed61704f9cb95048bd6ebf8760ebdf6be Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jun 2022 21:58:22 -0400 Subject: [PATCH 120/344] 6-generic-apps: Mark AzuraCast & Lokole as unmaintained (for now) --- roles/6-generic-apps/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index f241095f6..fca8899e6 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -3,6 +3,7 @@ - name: ...IS BEGINNING ==================================== meta: noop +# UNMAINTAINED - name: AZURACAST include_role: name: azuracast @@ -36,6 +37,7 @@ name: jupyterhub when: jupyterhub_install +# UNMAINTAINED - name: LOKOLE include_role: name: lokole From 18577c19e9bf75da9f8b6fca182bd083870dccca Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jun 2022 22:00:25 -0400 Subject: [PATCH 121/344] 6-generic-apps: "when: lokole_install is defined and..." --- roles/6-generic-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index fca8899e6..1c36cb5d3 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -41,7 +41,7 @@ - name: LOKOLE include_role: name: lokole - when: lokole_install + when: lokole_install is defined and lokole_install - name: MEDIAWIKI include_role: From bacef12a1f52776493be295d1a00b7cc52f71ba5 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jun 2022 13:23:42 +0000 Subject: [PATCH 122/344] update Matomo timezone to autodetect --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index becdbd5d7..ede730dbc 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -137,7 +137,7 @@ body: siteName: "IIAB" url: "{{ matomo_host_url }}" - timezone: "Europe/London" # CONSIDER IIAB'S OWN TIMEZONE? (Or if that's too hard, UTC to avoid UK's March + October time changes?) + timezone: "{{ ansible_date_time.tz }}" ecommerce: 0 body_format: form-urlencoded status_code: 302 From c431400a7fff40080d6d351bc56686e81964d062 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sat, 18 Jun 2022 13:43:43 -0400 Subject: [PATCH 123/344] first try at moving matomo to doc base --- roles/matomo/defaults/main.yml | 2 +- roles/matomo/tasks/install.yml | 4 ++-- roles/matomo/tasks/main.yml | 4 ++++ roles/matomo/tasks/nginx.yml | 16 ++++++++++++++++ roles/matomo/templates/matomo-nginx.conf.j2 | 17 +++++++++++++++++ 5 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 roles/matomo/tasks/nginx.yml create mode 100644 roles/matomo/templates/matomo-nginx.conf.j2 diff --git a/roles/matomo/defaults/main.yml b/roles/matomo/defaults/main.yml index 1ec6c8500..cf332c0e1 100644 --- a/roles/matomo/defaults/main.yml +++ b/roles/matomo/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! matomo_dl_url: https://builds.matomo.org/matomo.tar.gz -matomo_path: "{{ doc_root }}" # e.g. /library/www/html +matomo_path: "{{ doc_base }}" # e.g. /library/www matomo_db_name: matomodb matomo_db_user: Admin diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index ede730dbc..3e41602e2 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -2,7 +2,7 @@ # Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running # from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156. -- name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/html/matomo already exists" +- name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/matomo already exists" meta: noop # EXAMPLE OF ABOVE ERROR: @@ -32,7 +32,7 @@ - name: Download and Extract Matomo (~1 min) unarchive: src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz - dest: "{{ matomo_path }}" # e.g. /library/www/html + dest: "{{ matomo_path }}" # e.g. /library/www remote_src: yes - name: Set Matomo Directory Permissions diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index fa30b573f..eb19c533a 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -24,6 +24,10 @@ when: matomo_installed is undefined +- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml + + # LET'S ADD THIS "ON/OFF SWITCH" IF POSS! # - include_tasks: enable-or-disable.yml diff --git a/roles/matomo/tasks/nginx.yml b/roles/matomo/tasks/nginx.yml new file mode 100644 index 000000000..8d432ee8c --- /dev/null +++ b/roles/matomo/tasks/nginx.yml @@ -0,0 +1,16 @@ +- name: Enable http://box/maps & http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template + template: + src: matomo-nginx.conf.j2 + dest: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d + when: matomo_enabled + +- name: Disable http://box/maps & http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf + file: + path: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d + state: absent + when: not matomo_enabled + +- name: Reload 'nginx' systemd service + systemd: + name: nginx + state: reloaded diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 new file mode 100644 index 000000000..21ae9ddfa --- /dev/null +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -0,0 +1,17 @@ +location ~ ^/matomo(.*)\.php(.*)$ { + alias /library/www/matomo$1.php$2; # /library/www/matomo + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.html; + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param PATH_INFO $2; +} + +location ~ ^/matomo/ { + root /library/www; +} From a91b56169c9c318bef0f706ace7d39e4cc03cbcb Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sat, 18 Jun 2022 13:53:10 -0400 Subject: [PATCH 124/344] Add Matomo to nginx before install so web install works --- roles/matomo/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index eb19c533a..7453b4821 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -19,15 +19,15 @@ quiet: yes +- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml + + - name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: matomo_installed is undefined -- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled - include_tasks: nginx.yml - - # LET'S ADD THIS "ON/OFF SWITCH" IF POSS! # - include_tasks: enable-or-disable.yml From 8749e66a0b1af141d9af2e4248c7c3838f94eeeb Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jun 2022 13:55:05 -0400 Subject: [PATCH 125/344] Support skip_role_on_error in 23+2 more roles (Stages 6-9) --- roles/awstats/tasks/main.yml | 47 ++++++---- roles/calibre-web/tasks/main.yml | 73 +++++++------- roles/calibre/tasks/enable-or-disable.yml | 29 ++++++ roles/calibre/tasks/main.yml | 86 ++++++----------- roles/captiveportal/tasks/main.yml | 46 +++++---- .../{nginx.yml => enable-or-disable.yml} | 16 ++++ roles/gitea/tasks/main.yml | 67 ++++++------- .../{nginx.yml => enable-or-disable.yml} | 16 ++++ roles/internetarchive/tasks/main.yml | 94 ++++++++----------- roles/jupyterhub/tasks/main.yml | 45 +++++---- roles/kalite/tasks/enable-or-disable.yml | 14 +++ roles/kalite/tasks/main.yml | 64 ++++++------- roles/kiwix/tasks/main.yml | 69 ++++++++------ roles/kolibri/tasks/main.yml | 67 +++++++------ roles/mediawiki/tasks/main.yml | 71 +++++++------- roles/minetest/tasks/main.yml | 57 ++++++----- roles/mongodb/tasks/enable-or-disable.yml | 1 + roles/mongodb/tasks/main.yml | 3 +- roles/monit/tasks/main.yml | 77 ++++++++------- roles/mosquitto/tasks/main.yml | 45 +++++---- .../{nginx.yml => enable-or-disable.yml} | 16 ++++ roles/munin/tasks/main.yml | 59 +++++------- roles/nextcloud/tasks/main.yml | 67 +++++++------ roles/nodejs/tasks/main.yml | 44 +++++---- roles/nodered/tasks/main.yml | 45 +++++---- roles/osm-vector-maps/tasks/main.yml | 50 +++++----- roles/pbx/tasks/main.yml | 53 ++++++----- roles/phpmyadmin/tasks/main.yml | 51 +++++----- roles/postgresql/tasks/enable-or-disable.yml | 14 +++ roles/postgresql/tasks/main.yml | 56 +++++------ roles/transmission/tasks/main.yml | 91 +++++++++--------- roles/vnstat/tasks/main.yml | 45 +++++---- roles/wordpress/tasks/main.yml | 79 +++++++++------- 33 files changed, 914 insertions(+), 743 deletions(-) create mode 100644 roles/calibre/tasks/enable-or-disable.yml rename roles/gitea/tasks/{nginx.yml => enable-or-disable.yml} (61%) rename roles/internetarchive/tasks/{nginx.yml => enable-or-disable.yml} (62%) create mode 100644 roles/kalite/tasks/enable-or-disable.yml rename roles/munin/tasks/{nginx.yml => enable-or-disable.yml} (64%) create mode 100644 roles/postgresql/tasks/enable-or-disable.yml diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index 79615d71a..47ae7b247 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -19,27 +19,34 @@ quiet: yes -- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: awstats_installed is undefined +- block: + - name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: awstats_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml + - name: Add 'awstats' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: awstats + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: AWStats + - option: description + value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' + - option: awstats_install + value: "{{ awstats_install }}" + - option: awstats_enabled + value: "{{ awstats_enabled }}" -- name: Add 'awstats' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: awstats - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: AWStats - - option: description - value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' - - option: awstats_install - value: "{{ awstats_install }}" - - option: awstats_enabled - value: "{{ awstats_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 9d6e53333..cc0e89850 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -19,40 +19,47 @@ quiet: yes -- name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: calibreweb_installed is undefined +- block: + - name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: calibreweb_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'calibre-web' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre-web + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Calibre-Web + - option: description + value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."' + - option: calibreweb_install + value: "{{ calibreweb_install }}" + - option: calibreweb_enabled + value: "{{ calibreweb_enabled }}" + - option: calibreweb_url1 + value: "{{ calibreweb_url1 }}" + - option: calibreweb_url2 + value: "{{ calibreweb_url2 }}" + - option: calibreweb_url3 + value: "{{ calibreweb_url3 }}" + - option: calibreweb_path + value: "{{ calibreweb_venv_path }}" + - option: calibreweb_home + value: "{{ calibreweb_home }}" + - option: calibreweb_port + value: "{{ calibreweb_port }}" + - option: calibreweb_settings_database + value: "{{ calibreweb_settings_database }}" -- name: Add 'calibre-web' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: calibre-web - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Calibre-Web - - option: description - value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."' - - option: calibreweb_install - value: "{{ calibreweb_install }}" - - option: calibreweb_enabled - value: "{{ calibreweb_enabled }}" - - option: calibreweb_url1 - value: "{{ calibreweb_url1 }}" - - option: calibreweb_url2 - value: "{{ calibreweb_url2 }}" - - option: calibreweb_url3 - value: "{{ calibreweb_url3 }}" - - option: calibreweb_path - value: "{{ calibreweb_venv_path }}" - - option: calibreweb_home - value: "{{ calibreweb_home }}" - - option: calibreweb_port - value: "{{ calibreweb_port }}" - - option: calibreweb_settings_database - value: "{{ calibreweb_settings_database }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/calibre/tasks/enable-or-disable.yml b/roles/calibre/tasks/enable-or-disable.yml new file mode 100644 index 000000000..07a0cc911 --- /dev/null +++ b/roles/calibre/tasks/enable-or-disable.yml @@ -0,0 +1,29 @@ +# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) +# +# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: +# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 +# (anyway this works great for calibre-web, allowing http://box/books +# to work even better than http://box:8083 when box == 192.168.0.x !) +# +#- name: Attempt to enable http://box/calibre via Apache (UNTESTED) +# command: a2ensite calibre.conf +# when: apache_installed and calibre_enabled +# +#- name: Attempt to disable http://box/calibre via Apache (UNTESTED) +# command: a2dissite calibre.conf +# when: apache_installed and not calibre_enabled + +- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled + systemd: + daemon_reload: yes + name: calibre-serve + enabled: yes + state: restarted + when: calibre_enabled + +- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled + systemd: + name: calibre-serve + enabled: no + state: stopped + when: not calibre_enabled diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index bedb960de..a6504b658 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -19,65 +19,37 @@ quiet: yes -- name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: calibre_installed is undefined +- block: -# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) -# -# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: -# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 -# (anyway this works great for calibre-web, allowing http://box/books -# to work even better than http://box:8083 when box == 192.168.0.x !) -# -#- name: Attempt to enable http://box/calibre via Apache (UNTESTED) -# command: a2ensite calibre.conf -# when: apache_installed and calibre_enabled -# -#- name: Attempt to disable http://box/calibre via Apache (UNTESTED) -# command: a2dissite calibre.conf -# when: apache_installed and not calibre_enabled + - name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: calibre_installed is undefined -- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled - systemd: - daemon_reload: yes - name: calibre-serve - enabled: yes - state: restarted - when: calibre_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled - systemd: - name: calibre-serve - enabled: no - state: stopped - when: not calibre_enabled + - name: Add 'calibre' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Calibre + - option: description + value: '"Calibre is an extremely popular personal library system for e-books."' + - option: calibre_src_url + value: "{{ calibre_src_url }}" + - option: calibre_dbpath + value: "{{ calibre_dbpath }}" + - option: calibre_port + value: "{{ calibre_port }}" + - option: calibre_enabled + value: "{{ calibre_enabled }}" -#- name: Enable/Disable/Restart Apache if primary -# include_tasks: apache.yml -# when: not nginx_enabled -# -#- name: Enable/Disable/Restart NGINX if primary -# include_tasks: nginx.yml -# when: nginx_enabled + rescue: - -- name: Add 'calibre' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: calibre - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Calibre - - option: description - value: '"Calibre is an extremely popular personal library system for e-books."' - - option: calibre_src_url - value: "{{ calibre_src_url }}" - - option: calibre_dbpath - value: "{{ calibre_dbpath }}" - - option: calibre_port - value: "{{ calibre_port }}" - - option: calibre_enabled - value: "{{ calibre_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml index 0b3408b75..bd24b7186 100644 --- a/roles/captiveportal/tasks/main.yml +++ b/roles/captiveportal/tasks/main.yml @@ -19,27 +19,33 @@ quiet: yes -- name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: captiveportal_installed is undefined +- block: + - name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: captiveportal_installed is undefined -- name: Enable or Disable Captive Portal - include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'captiveportal' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: captiveportal + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Captive Portal + - option: description + value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."' + - option: captiveportal_install + value: "{{ captiveportal_install }}" + - option: captiveportal_enabled + value: "{{ captiveportal_enabled }}" -- name: Add 'captiveportal' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: captiveportal - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Captive Portal - - option: description - value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."' - - option: captiveportal_install - value: "{{ captiveportal_install }}" - - option: captiveportal_enabled - value: "{{ captiveportal_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/gitea/tasks/nginx.yml b/roles/gitea/tasks/enable-or-disable.yml similarity index 61% rename from roles/gitea/tasks/nginx.yml rename to roles/gitea/tasks/enable-or-disable.yml index 2014a0d03..d1e140781 100644 --- a/roles/gitea/tasks/nginx.yml +++ b/roles/gitea/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ + - name: Enable & Restart 'gitea' systemd service, if gitea_enabled + systemd: + name: gitea + daemon_reload: yes + enabled: yes + state: restarted + when: gitea_enabled + + - name: Disable & Stop 'gitea' systemd service, if not gitea_enabled + systemd: + name: gitea + enabled: no + state: stopped + when: not gitea_enabled + + - name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template template: src: gitea-nginx.conf.j2 diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 578c1e590..4fbd7359e 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -19,46 +19,37 @@ quiet: yes -- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: gitea_installed is undefined +- block: + - name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: gitea_installed is undefined -- name: Enable & Restart 'gitea' systemd service, if gitea_enabled - systemd: - name: gitea - daemon_reload: yes - enabled: yes - state: restarted - when: gitea_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled - systemd: - name: gitea - enabled: no - state: stopped - when: not gitea_enabled + - name: Add 'gitea' to list of services at {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: gitea + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Gitea + - option: description + value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"' + - option: gitea_install + value: "{{ gitea_install }}" + - option: gitea_enabled + value: "{{ gitea_enabled }}" + - option: gitea_run_directory + value: "{{ gitea_run_directory }}" + - option: gitea_url + value: "{{ gitea_url }}" -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + rescue: - -- name: Add 'gitea' to list of services at {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: gitea - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Gitea - - option: description - value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"' - - option: gitea_install - value: "{{ gitea_install }}" - - option: gitea_enabled - value: "{{ gitea_enabled }}" - - option: gitea_run_directory - value: "{{ gitea_run_directory }}" - - option: gitea_url - value: "{{ gitea_url }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/internetarchive/tasks/nginx.yml b/roles/internetarchive/tasks/enable-or-disable.yml similarity index 62% rename from roles/internetarchive/tasks/nginx.yml rename to roles/internetarchive/tasks/enable-or-disable.yml index 0469e58c4..47cebe214 100644 --- a/roles/internetarchive/tasks/nginx.yml +++ b/roles/internetarchive/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled + systemd: + name: internetarchive + daemon_reload: yes + enabled: yes + state: restarted + when: internetarchive_enabled + +- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled + systemd: + name: internetarchive + enabled: no + state: stopped + when: not internetarchive_enabled + + - name: Enable http://box/archive via NGINX, by installing {{ nginx_conf_dir }}/internetarchive-nginx.conf from template template: src: internetarchive-nginx.conf.j2 # TO DO: roles/internetarchive/templates/internetarchive-nginx.conf.j2 diff --git a/roles/internetarchive/tasks/main.yml b/roles/internetarchive/tasks/main.yml index c878287a3..7e3a8a2dd 100644 --- a/roles/internetarchive/tasks/main.yml +++ b/roles/internetarchive/tasks/main.yml @@ -19,76 +19,60 @@ quiet: yes -# 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza -# "UPDATE internetarchive" block should run whenever one isn't installing -# (or reinstalling) internetarchive, for now. We're aware this means slowness -# during "./runrole internetarchive" but that's very intentional for now -- as -# it leads to more testing of more recent versions of internetarchive, which -# is strongly desired. Finally, these current norms can and probably will be -# changed in future, when broader IIAB norms develop around "./runrole -# --upgrade internetarchive" or "./runrole --update internetarchive" or such, -# as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178 +- block: -- block: # BEGIN 2-STANZA BLOCK + # 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza + # "UPDATE internetarchive" portion should run whenever one isn't installing + # (or reinstalling) internetarchive, for now. We're aware this means slowness + # during "./runrole internetarchive" but that's very intentional for now -- as + # it leads to more testing of more recent versions of internetarchive, which + # is strongly desired. Finally, these current norms can and probably will be + # changed in future, when broader IIAB norms develop around "./runrole + # --upgrade internetarchive" or "./runrole --update internetarchive" or such, + # as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178 - name: "UPGRADE: Stop 'internetarchive' systemd service, if internetarchive_installed is defined" systemd: name: internetarchive daemon_reload: yes state: stopped + when: internetarchive_installed is defined - name: "UPGRADE: Run 'yarn upgrade' in {{ internetarchive_dir }}, if internetarchive_installed is defined" shell: yarn config set child-concurrency 1 && yarn install && yarn upgrade args: chdir: "{{ internetarchive_dir }}" + when: internetarchive_installed is defined - when: internetarchive_installed is defined # END 2-STANZA BLOCK + # "ELSE" INSTALL... -# "ELSE" INSTALL... - -- name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: internetarchive_installed is undefined + - name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: internetarchive_installed is undefined -# ENABLE/DISABLE/RESTART SYSTEMD SERVICE & WEB SERVERS AS NEC ? - -- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled - systemd: - name: internetarchive - daemon_reload: yes - enabled: yes - state: restarted - when: internetarchive_enabled - -- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled - systemd: - name: internetarchive - enabled: no - state: stopped - when: not internetarchive_enabled - -# - name: Enable/Disable/Restart Apache if primary -# include_tasks: apache.yml -# when: apache_installed is defined and not nginx_enabled - -- name: Enable/Disable/Restart NGINX if primary - include_tasks: nginx.yml - #when: nginx_enabled + - include_tasks: enable-or-disable.yml -- name: Add 'internetarchive' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: internetarchive - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Internet Archive - - option: description - value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"' - - option: internetarchive_install - value: "{{ internetarchive_install }}" - - option: internetarchive_enabled - value: "{{ internetarchive_enabled }}" + - name: Add 'internetarchive' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: internetarchive + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Internet Archive + - option: description + value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"' + - option: internetarchive_install + value: "{{ internetarchive_install }}" + - option: internetarchive_enabled + value: "{{ internetarchive_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/jupyterhub/tasks/main.yml b/roles/jupyterhub/tasks/main.yml index 01acf8154..9f2d31d13 100644 --- a/roles/jupyterhub/tasks/main.yml +++ b/roles/jupyterhub/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: jupyterhub_installed is undefined +- block: + - name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: jupyterhub_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'jupyterhub' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: jupyterhub + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: JupyterHub + - option: description + value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."' + - option: jupyterhub_install + value: "{{ jupyterhub_install }}" + - option: jupyterhub_enabled + value: "{{ jupyterhub_enabled }}" -- name: Add 'jupyterhub' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: jupyterhub - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: JupyterHub - - option: description - value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."' - - option: jupyterhub_install - value: "{{ jupyterhub_install }}" - - option: jupyterhub_enabled - value: "{{ jupyterhub_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/kalite/tasks/enable-or-disable.yml b/roles/kalite/tasks/enable-or-disable.yml new file mode 100644 index 000000000..fca843870 --- /dev/null +++ b/roles/kalite/tasks/enable-or-disable.yml @@ -0,0 +1,14 @@ +- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled + systemd: + daemon_reload: yes + name: kalite-serve + enabled: yes + state: restarted + when: kalite_enabled + +- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled + systemd: + name: kalite-serve + enabled: no + state: stopped + when: not kalite_enabled diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 35bea770c..3786a9c38 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -19,43 +19,37 @@ quiet: yes -- name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: kalite_installed is undefined +- block: + - name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kalite_installed is undefined -- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled - systemd: - daemon_reload: yes - name: kalite-serve - enabled: yes - state: restarted - when: kalite_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled - systemd: - name: kalite-serve - enabled: no - state: stopped - when: not kalite_enabled + - name: Add 'kalite' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kalite + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: "KA Lite" + - option: description + value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' + - option: kalite_install + value: "{{ kalite_install }}" + - option: kalite_enabled + value: "{{ kalite_enabled }}" + - option: path + value: "{{ kalite_root }}" + - option: port + value: "{{ kalite_server_port }}" + rescue: -- name: Add 'kalite' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: kalite - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: "KA Lite" - - option: description - value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' - - option: kalite_install - value: "{{ kalite_install }}" - - option: kalite_enabled - value: "{{ kalite_enabled }}" - - option: path - value: "{{ kalite_root }}" - - option: port - value: "{{ kalite_server_port }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 045707f37..ab5064fba 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -19,38 +19,45 @@ quiet: yes -- name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: kiwix_installed is undefined +- block: + - name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kiwix_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'kiwix' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: kiwix + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Kiwix + - option: description + value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' + - option: kiwix_install + value: "{{ kiwix_install }}" + - option: kiwix_enabled + value: "{{ kiwix_enabled }}" + - option: kiwix_url + value: "{{ kiwix_url }}" + - option: kiwix_url_plus_slash + value: "{{ kiwix_url_plus_slash }}" + - option: kiwix_path + value: "{{ kiwix_path }}" + - option: kiwix_port + value: "{{ kiwix_port }}" + - option: iiab_zim_path + value: "{{ iiab_zim_path }}" + - option: kiwix_library_xml + value: "{{ kiwix_library_xml }}" -- name: Add 'kiwix' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: kiwix - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Kiwix - - option: description - value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' - - option: kiwix_install - value: "{{ kiwix_install }}" - - option: kiwix_enabled - value: "{{ kiwix_enabled }}" - - option: kiwix_url - value: "{{ kiwix_url }}" - - option: kiwix_url_plus_slash - value: "{{ kiwix_url_plus_slash }}" - - option: kiwix_path - value: "{{ kiwix_path }}" - - option: kiwix_port - value: "{{ kiwix_port }}" - - option: iiab_zim_path - value: "{{ iiab_zim_path }}" - - option: kiwix_library_xml - value: "{{ kiwix_library_xml }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 680724179..1af098232 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -19,37 +19,46 @@ quiet: yes -#- name: "Set 'kolibri_provision: False' for a more lightweight (re)install" -# set_fact: -# kolibri_provision: False -# when: ??? +- block: -- name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: kolibri_installed is undefined + #- name: "Set 'kolibri_provision: False' for a more lightweight (re)install" + # set_fact: + # kolibri_provision: False + # when: ??? + + - name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kolibri_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml -- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: kolibri - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Kolibri - - option: description - value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' - - option: kolibri_install - value: "{{ kolibri_install }}" - - option: kolibri_enabled - value: "{{ kolibri_enabled }}" - - option: kolibri_url - value: "{{ kolibri_url }}" - - option: kolibri_path - value: "{{ kolibri_exec_path }}" - - option: kolibri_port - value: "{{ kolibri_http_port }}" + - name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kolibri + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Kolibri + - option: description + value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' + - option: kolibri_install + value: "{{ kolibri_install }}" + - option: kolibri_enabled + value: "{{ kolibri_enabled }}" + - option: kolibri_url + value: "{{ kolibri_url }}" + - option: kolibri_path + value: "{{ kolibri_exec_path }}" + - option: kolibri_port + value: "{{ kolibri_http_port }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index 2318a886d..1a0318e06 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -19,39 +19,46 @@ quiet: yes -- name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mediawiki_installed is undefined +- block: + - name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mediawiki_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml + - name: Add 'mediawiki' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mediawiki + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: MediaWiki + - option: description + value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."' + - option: mediawiki_install + value: "{{ mediawiki_install }}" + - option: mediawiki_enabled + value: "{{ mediawiki_enabled }}" + - option: mediawiki_src + value: "{{ mediawiki_src }}" + - option: mediawiki_abs_path + value: "{{ mediawiki_abs_path }}" + - option: mediawiki_db_name + value: "{{ mediawiki_db_name }}" + - option: mediawiki_db_user + value: "{{ mediawiki_db_user }}" + - option: mediawiki_url + value: "{{ mediawiki_url }}" + - option: mediawiki_full_url + value: "{{ mediawiki_full_url }}" -- name: Add 'mediawiki' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mediawiki - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: MediaWiki - - option: description - value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."' - - option: mediawiki_install - value: "{{ mediawiki_install }}" - - option: mediawiki_enabled - value: "{{ mediawiki_enabled }}" - - option: mediawiki_src - value: "{{ mediawiki_src }}" - - option: mediawiki_abs_path - value: "{{ mediawiki_abs_path }}" - - option: mediawiki_db_name - value: "{{ mediawiki_db_name }}" - - option: mediawiki_db_user - value: "{{ mediawiki_db_user }}" - - option: mediawiki_url - value: "{{ mediawiki_url }}" - - option: mediawiki_full_url - value: "{{ mediawiki_full_url }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml index a07d640c7..f5fad6cd1 100644 --- a/roles/minetest/tasks/main.yml +++ b/roles/minetest/tasks/main.yml @@ -19,32 +19,39 @@ quiet: yes -- name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: provision.yml # i.e. install.yml in other roles - when: minetest_installed is undefined +- block: + - name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: provision.yml # i.e. install.yml in other roles + when: minetest_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'minetest' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: minetest + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Minetest Server + - option: description + value: '"Minetest is an open source clone of the Minecraft building blocks game."' + - option: minetest_install + value: "{{ minetest_install }}" + - option: minetest_enabled + value: "{{ minetest_enabled }}" + - option: minetest_world_dir + value: "{{ minetest_world_dir }}" + - option: minetest_port + value: "{{ minetest_port }}" + - option: minetest_world_dir + value: "{{ minetest_world_dir }}" -- name: Add 'minetest' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: minetest - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Minetest Server - - option: description - value: '"Minetest is an open source clone of the Minecraft building blocks game."' - - option: minetest_install - value: "{{ minetest_install }}" - - option: minetest_enabled - value: "{{ minetest_enabled }}" - - option: minetest_world_dir - value: "{{ minetest_world_dir }}" - - option: minetest_port - value: "{{ minetest_port }}" - - option: minetest_world_dir - value: "{{ minetest_world_dir }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mongodb/tasks/enable-or-disable.yml b/roles/mongodb/tasks/enable-or-disable.yml index 68aaf9e84..851b4fb0e 100644 --- a/roles/mongodb/tasks/enable-or-disable.yml +++ b/roles/mongodb/tasks/enable-or-disable.yml @@ -1,6 +1,7 @@ - name: Enable & (Re)Start 'mongodb.service' if mongodb_enabled systemd: name: mongodb + daemon_reload: yes enabled: yes state: restarted when: mongodb_enabled diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index f2ce63d49..3365e818a 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -52,9 +52,8 @@ when: mongodb_installed is undefined # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) - - name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) + - name: Enable or Disable MongoDB (FYI sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) include_tasks: enable-or-disable.yml - when: mongodb_installed is defined - name: Add 'mongodb' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index 23340644d..c6c50d042 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -19,43 +19,52 @@ quiet: yes -# 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0 -# "Buster" during the very final days prior to release, as confirmed by the -# sudden disappearance of these 2 pages: -# -# https://packages.debian.org/buster/monit -# https://packages.debian.org/source/buster/monit -# -# And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to -# be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via -# apt -- so eliminating "Debian 10+" requires this funky conditional: +- block: -# 2020-09-21: The 'monit' package appears to be returning to Debian 11, per: -# -# https://packages.debian.org/bullseye/monit -# https://packages.debian.org/source/bullseye/monit -# -# SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc. + # 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0 + # "Buster" during the very final days prior to release, as confirmed by the + # sudden disappearance of these 2 pages: + # + # https://packages.debian.org/buster/monit + # https://packages.debian.org/source/buster/monit + # + # And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to + # be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via + # apt -- so eliminating "Debian 10+" requires this funky conditional: -- name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) - #when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) + # 2020-09-21: The 'monit' package appears to be returning to Debian 11, per: + # + # https://packages.debian.org/bullseye/monit + # https://packages.debian.org/source/bullseye/monit + # + # SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc. + + - name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) + #when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml -- name: Add 'monit' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: monit - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Monit - - option: description - value: '"Monit is a background service monitor which can correct problems, send email, restart services."' - - option: enabled - value: "{{ monit_enabled }}" + - name: Add 'monit' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: monit + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Monit + - option: description + value: '"Monit is a background service monitor which can correct problems, send email, restart services."' + - option: enabled + value: "{{ monit_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml index dd953d37a..1d38ab229 100644 --- a/roles/mosquitto/tasks/main.yml +++ b/roles/mosquitto/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mosquitto_installed is undefined +- block: + - name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mosquitto_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'mosquitto' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mosquitto + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Mosquitto service + - option: description + value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"' + - option: mosquitto_install + value: "{{ mosquitto_install }}" + - option: mosquitto_enabled + value: "{{ mosquitto_enabled }}" -- name: Add 'mosquitto' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mosquitto - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Mosquitto service - - option: description - value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"' - - option: mosquitto_install - value: "{{ mosquitto_install }}" - - option: mosquitto_enabled - value: "{{ mosquitto_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/munin/tasks/nginx.yml b/roles/munin/tasks/enable-or-disable.yml similarity index 64% rename from roles/munin/tasks/nginx.yml rename to roles/munin/tasks/enable-or-disable.yml index cd1094451..1b0d3ac28 100644 --- a/roles/munin/tasks/nginx.yml +++ b/roles/munin/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Start 'munin-node' systemd service + systemd: + name: munin-node + daemon_reload: yes + enabled: yes + state: started + when: munin_enabled + +- name: Disable & Stop 'munin-node' systemd service + systemd: + name: munin-node + enabled: no + state: stopped + when: not munin_enabled + + - name: Enable http://box/munin via NGINX, by installing {{ nginx_conf_dir }}/munin24-nginx.conf from template template: src: munin24-nginx.conf.j2 diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 22a07119a..0ff168fa5 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -19,42 +19,33 @@ quiet: yes -- name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: munin_installed is undefined +- block: + - name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: munin_installed is undefined -- name: Enable & Start 'munin-node' systemd service - systemd: - name: munin-node - daemon_reload: yes - enabled: yes - state: started - when: munin_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'munin-node' systemd service - systemd: - name: munin-node - enabled: no - state: stopped - when: not munin_enabled + - name: Add 'munin' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: munin + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Munin + - option: description + value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."' + - option: munin_install + value: "{{ munin_install }}" + - option: munin_enabled + value: "{{ munin_enabled }}" -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + rescue: - -- name: Add 'munin' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: munin - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Munin - - option: description - value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."' - - option: munin_install - value: "{{ munin_install }}" - - option: munin_enabled - value: "{{ munin_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index ae5587642..d98ae5b27 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -19,37 +19,44 @@ quiet: yes -- name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: nextcloud_installed is undefined +- block: + - name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nextcloud_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml + - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: Nextcloud + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Nextcloud + - option: description + value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' + - option: nextcloud_install + value: "{{ nextcloud_install }}" + - option: nextcloud_enabled + value: "{{ nextcloud_enabled }}" + - option: nextcloud_dl_url + value: "{{ nextcloud_dl_url }}" + - option: nextcloud_url + value: "{{ nextcloud_url }}" + - option: nextcloud_base_dir + value: "{{ nextcloud_base_dir }}" + - option: nextcloud_root_dir + value: "{{ nextcloud_root_dir }}" + - option: nextcloud_data_dir + value: "{{ nextcloud_data_dir }}" -- name: Add 'nextcloud' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: Nextcloud - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Nextcloud - - option: description - value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' - - option: nextcloud_install - value: "{{ nextcloud_install }}" - - option: nextcloud_enabled - value: "{{ nextcloud_enabled }}" - - option: nextcloud_dl_url - value: "{{ nextcloud_dl_url }}" - - option: nextcloud_url - value: "{{ nextcloud_url }}" - - option: nextcloud_base_dir - value: "{{ nextcloud_base_dir }}" - - option: nextcloud_root_dir - value: "{{ nextcloud_root_dir }}" - - option: nextcloud_data_dir - value: "{{ nextcloud_data_dir }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index 99250321b..07de2bcf8 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -35,23 +35,31 @@ var: nodejs_installed -- name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: nodejs_installed is undefined +- block: + - name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nodejs_installed is undefined -- name: Add 'nodejs' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: nodejs - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Node.js - - option: description - value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."' - - option: nodejs_install - value: "{{ nodejs_install }}" - - option: nodejs_enabled - value: "{{ nodejs_enabled }}" + - name: Add 'nodejs' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodejs + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Node.js + - option: description + value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."' + - option: nodejs_install + value: "{{ nodejs_install }}" + - option: nodejs_enabled + value: "{{ nodejs_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 2b5e3525b..2c197013e 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Node-RED if nodered_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: nodered_installed is undefined +- block: + - name: Install Node-RED if nodered_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nodered_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'nodered' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodered + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Node-RED + - option: description + value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."' + - option: nodered_install + value: "{{ nodered_install }}" + - option: nodered_enabled + value: "{{ nodered_enabled }}" -- name: Add 'nodered' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: nodered - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Node-RED - - option: description - value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."' - - option: nodered_install - value: "{{ nodered_install }}" - - option: nodered_enabled - value: "{{ nodered_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index a16cfcd34..388c594d6 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -11,28 +11,34 @@ quiet: yes -- name: Install OSM Vector Maps if 'osm_vector_maps_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: osm_vector_maps_installed is undefined - +- block: -- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled - include_tasks: nginx.yml - #when: nginx_enabled # NGINX is mandatory starting with IIAB 7.2 + - name: Install OSM Vector Maps if 'osm_vector_maps_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: osm_vector_maps_installed is undefined + - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml -- name: Add 'osm-vector-maps' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: osm-vector-maps - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: OSM Vector Maps - - option: description - value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising. Download detailed ''vector maps'' for an entire continent, or the entire world! Also includes 10+ zoom levels of satellite imagery!"' - - option: osm_vector_maps_install - value: "{{ osm_vector_maps_install }}" - - option: osm_vector_maps_enabled - value: "{{ osm_vector_maps_enabled }}" + - name: Add 'osm-vector-maps' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: osm-vector-maps + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: OSM Vector Maps + - option: description + value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising. Download detailed ''vector maps'' for an entire continent, or the entire world! Also includes 10+ zoom levels of satellite imagery!"' + - option: osm_vector_maps_install + value: "{{ osm_vector_maps_install }}" + - option: osm_vector_maps_enabled + value: "{{ osm_vector_maps_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 508691965..81a9dcebd 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -19,29 +19,38 @@ quiet: yes -- name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: pbx_installed is undefined +- block: -- name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle - include_tasks: chan_dongle.yml - when: asterisk_chan_dongle + - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: pbx_installed is undefined -- include_tasks: enable-or-disable.yml + - name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle + include_tasks: chan_dongle.yml + when: asterisk_chan_dongle + + - include_tasks: enable-or-disable.yml -- name: Add 'pbx' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: pbx - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: PBX - - option: description - value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' - - option: pbx_install - value: "{{ pbx_install }}" - - option: pbx_enabled - value: "{{ pbx_enabled }}" + - name: Add 'pbx' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: pbx + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: PBX + - option: description + value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' + - option: pbx_install + value: "{{ pbx_install }}" + - option: pbx_enabled + value: "{{ pbx_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index 55339f268..b4f04646d 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -19,29 +19,36 @@ quiet: yes -- name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: phpmyadmin_installed is undefined +- block: + - name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: phpmyadmin_installed is undefined -- name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06 - include_tasks: enable-or-disable.yml + - name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06 + include_tasks: enable-or-disable.yml + - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: phpmyadmin + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: phpMyAdmin + - option: description + value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' + - option: phpmyadmin_install + value: "{{ phpmyadmin_install }}" + - option: phpmyadmin_enabled + value: "{{ phpmyadmin_enabled }}" + - option: path + value: /opt/phpmyadmin -- name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: phpmyadmin - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: phpMyAdmin - - option: description - value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' - - option: phpmyadmin_install - value: "{{ phpmyadmin_install }}" - - option: phpmyadmin_enabled - value: "{{ phpmyadmin_enabled }}" - - option: path - value: /opt/phpmyadmin + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/postgresql/tasks/enable-or-disable.yml b/roles/postgresql/tasks/enable-or-disable.yml new file mode 100644 index 000000000..e9deb96d9 --- /dev/null +++ b/roles/postgresql/tasks/enable-or-disable.yml @@ -0,0 +1,14 @@ +- name: Enable & Start 'postgresql-iiab' systemd service, if postgresql_enabled + systemd: + name: postgresql-iiab + daemon_reload: yes + enabled: yes + state: started + when: postgresql_enabled + +- name: Disable & Stop 'postgresql-iiab' systemd service, if not postgresql_enabled + systemd: + name: postgresql-iiab + enabled: no + state: stopped + when: not postgresql_enabled diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index c69396d29..8d7070ea8 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -26,39 +26,33 @@ var: postgresql_installed -- name: Install PostgreSQL if 'postgresql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: postgresql_installed is undefined +- block: + - name: Install PostgreSQL if 'postgresql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: postgresql_installed is undefined -- name: Enable & Start 'postgresql-iiab' systemd service, if postgresql_enabled - systemd: - name: postgresql-iiab - daemon_reload: yes - enabled: yes - state: started - when: postgresql_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'postgresql-iiab' systemd service, if not postgresql_enabled - systemd: - name: postgresql-iiab - enabled: no - state: stopped - when: not postgresql_enabled + - name: Add 'postgresql' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: postgresql + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: PostgreSQL + - option: description + value: '"PostgreSQL is a powerful, open source object-relational database system."' + - option: postgresql_install + value: "{{ postgresql_install }}" + - option: postgresql_enabled + value: "{{ postgresql_enabled }}" + rescue: -- name: Add 'postgresql' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: postgresql - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: PostgreSQL - - option: description - value: '"PostgreSQL is a powerful, open source object-relational database system."' - - option: postgresql_install - value: "{{ postgresql_install }}" - - option: postgresql_enabled - value: "{{ postgresql_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index c2f599628..bee271ab3 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -19,49 +19,56 @@ quiet: yes -- name: Install Transmission if 'transmission_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: transmission_installed is undefined +- block: + - name: Install Transmission if 'transmission_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: transmission_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'transmission' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: transmission + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Transmission + - option: description + value: '"Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form)."' + - option: transmission_install + value: "{{ transmission_install }}" + - option: transmission_enabled + value: "{{ transmission_enabled }}" + - option: transmission_download_dir + value: "{{ transmission_download_dir }}" + - option: transmission_user + value: "{{ transmission_user }}" + - option: transmission_group + value: "{{ transmission_group }}" + - option: transmission_http_port + value: "{{ transmission_http_port }}" + - option: transmission_url + value: "{{ transmission_url }}" + - option: transmission_peer_port + value: "{{ transmission_peer_port }}" + - option: transmission_provision + value: "{{ transmission_provision }}" + - option: transmission_kalite_version + value: "{{ transmission_kalite_version }}" + - option: transmission_kalite_languages + value: "{{ transmission_kalite_languages }}" + - option: transmission_username + value: "{{ transmission_username }}" + # 2020-04-14: better to redact passwords from /etc/iiab/iiab.ini etc, so iiab-diagnostics command doesn't publish these, etc + #- option: transmission_password + # value: "{{ transmission_password }}" -- name: Add 'transmission' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: transmission - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Transmission - - option: description - value: '"Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form)."' - - option: transmission_install - value: "{{ transmission_install }}" - - option: transmission_enabled - value: "{{ transmission_enabled }}" - - option: transmission_download_dir - value: "{{ transmission_download_dir }}" - - option: transmission_user - value: "{{ transmission_user }}" - - option: transmission_group - value: "{{ transmission_group }}" - - option: transmission_http_port - value: "{{ transmission_http_port }}" - - option: transmission_url - value: "{{ transmission_url }}" - - option: transmission_peer_port - value: "{{ transmission_peer_port }}" - - option: transmission_provision - value: "{{ transmission_provision }}" - - option: transmission_kalite_version - value: "{{ transmission_kalite_version }}" - - option: transmission_kalite_languages - value: "{{ transmission_kalite_languages }}" - - option: transmission_username - value: "{{ transmission_username }}" - # 2020-04-14: better to redact passwords from /etc/iiab/iiab.ini etc, so iiab-diagnostics command doesn't publish these, etc - #- option: transmission_password - # value: "{{ transmission_password }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index 5e28f26aa..40ae032f4 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install vnStat if 'vnstat_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: vnstat_installed is undefined +- block: + - name: Install vnStat if 'vnstat_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: vnstat_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'vnstat' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: vnstat + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: vnStat + - option: description + value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."' + - option: vnstat_install + value: "{{ vnstat_install }}" + - option: vnstat_enabled + value: "{{ vnstat_enabled }}" -- name: Add 'vnstat' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: vnstat - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: vnStat - - option: description - value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."' - - option: vnstat_install - value: "{{ vnstat_install }}" - - option: vnstat_enabled - value: "{{ vnstat_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 7204f741e..aa93c6672 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -21,43 +21,52 @@ quiet: yes -- name: Provision MySQL DB for WordPress, if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: setup.yml - when: wordpress_installed is undefined # and not installing +- block: -- name: Install WordPress if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: wordpress_installed is undefined + - name: Provision MySQL DB for WordPress, if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: setup.yml + when: wordpress_installed is undefined # and not installing + + - name: Install WordPress if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: wordpress_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml -- name: Add 'wordpress' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: wordpress - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: WordPress - - option: description - value: '"WordPress is a blog and web site management application."' - - option: wordpress_install - value: "{{ wordpress_install }}" - - option: wordpress_enabled - value: "{{ wordpress_enabled }}" - - option: wordpress_src - value: "{{ wordpress_src }}" - - option: wp_abs_path - value: "{{ wp_abs_path }}" - - option: wp_db_name - value: "{{ wp_db_name }}" - - option: wp_db_user - value: "{{ wp_db_user }}" - - option: wp_url - value: "{{ wp_url }}" - - option: wp_full_url - value: "{{ wp_full_url }}" + - name: Add 'wordpress' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: wordpress + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: WordPress + - option: description + value: '"WordPress is a blog and web site management application."' + - option: wordpress_install + value: "{{ wordpress_install }}" + - option: wordpress_enabled + value: "{{ wordpress_enabled }}" + - option: wordpress_src + value: "{{ wordpress_src }}" + - option: wp_abs_path + value: "{{ wp_abs_path }}" + - option: wp_db_name + value: "{{ wp_db_name }}" + - option: wp_db_user + value: "{{ wp_db_user }}" + - option: wp_url + value: "{{ wp_url }}" + - option: wp_full_url + value: "{{ wp_full_url }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From 47aae3661fe66800f942b8af9c3a0c2071d30355 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jun 2022 14:49:45 -0400 Subject: [PATCH 126/344] gitea/tasks/enable-or-disable.yml: Fix indentation --- roles/gitea/tasks/enable-or-disable.yml | 26 ++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/gitea/tasks/enable-or-disable.yml b/roles/gitea/tasks/enable-or-disable.yml index d1e140781..3401c3fdd 100644 --- a/roles/gitea/tasks/enable-or-disable.yml +++ b/roles/gitea/tasks/enable-or-disable.yml @@ -1,17 +1,17 @@ - - name: Enable & Restart 'gitea' systemd service, if gitea_enabled - systemd: - name: gitea - daemon_reload: yes - enabled: yes - state: restarted - when: gitea_enabled +- name: Enable & Restart 'gitea' systemd service, if gitea_enabled + systemd: + name: gitea + daemon_reload: yes + enabled: yes + state: restarted + when: gitea_enabled - - name: Disable & Stop 'gitea' systemd service, if not gitea_enabled - systemd: - name: gitea - enabled: no - state: stopped - when: not gitea_enabled +- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled + systemd: + name: gitea + enabled: no + state: stopped + when: not gitea_enabled - name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template From 43147e3f59b5a3e3c597b66f6867ae7030905a4c Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jun 2022 17:04:13 -0400 Subject: [PATCH 127/344] yarn/tasks/main.yml: Support skip_role_on_error flag --- roles/yarn/tasks/main.yml | 44 +++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/roles/yarn/tasks/main.yml b/roles/yarn/tasks/main.yml index 5d8844ab9..c44758b22 100644 --- a/roles/yarn/tasks/main.yml +++ b/roles/yarn/tasks/main.yml @@ -26,23 +26,31 @@ var: yarn_installed -- name: Install Yarn if 'yarn_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: yarn_installed is undefined +- block: + - name: Install Yarn if 'yarn_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: yarn_installed is undefined -- name: Add 'yarn' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: yarn - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Yarn - - option: description - value: '"Fast, reliable, and secure dependency management. Comparable to npm. Released by Facebook in October 2016."' - - option: yarn_install - value: "{{ yarn_install }}" - - option: yarn_enabled - value: "{{ yarn_enabled }}" + - name: Add 'yarn' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: yarn + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Yarn + - option: description + value: '"Fast, reliable, and secure dependency management. Comparable to npm. Released by Facebook in October 2016."' + - option: yarn_install + value: "{{ yarn_install }}" + - option: yarn_enabled + value: "{{ yarn_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From 9dc838fdebe0537075314fa2bd54b4204bbcfd0c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 19 Jun 2022 00:43:43 -0400 Subject: [PATCH 128/344] /usr/bin/iiab-apps-to-be-installed: Quick scan to see what's not yet installed --- roles/0-init/tasks/main.yml | 2 +- roles/1-prep/tasks/main.yml | 6 ++++++ scripts/iiab-apps-to-be-installed | 32 +++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100755 scripts/iiab-apps-to-be-installed diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8d93f2441..328ad5629 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -38,7 +38,7 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy /opt/iiab/iiab/scripts/iiab-diagnostics to /usr/bin/iiab-diagnostics +- name: Copy /opt/iiab/iiab/scripts/iiab-diagnostics to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/iiab-diagnostics" dest: /usr/bin/ diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 9f44befc8..4fda2bf5f 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,6 +23,12 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? +- name: Copy /opt/iiab/iiab/scripts/iiab-apps-to-be-installed to /usr/bin/ + copy: + src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" + dest: /usr/bin/ + mode: '0755' + - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml #when: dnsmasq_install # Flag might be used in future? diff --git a/scripts/iiab-apps-to-be-installed b/scripts/iiab-apps-to-be-installed new file mode 100755 index 000000000..68d0295c1 --- /dev/null +++ b/scripts/iiab-apps-to-be-installed @@ -0,0 +1,32 @@ +#!/bin/bash + +# Lists IIAB Apps set to install BUT not yet installed (according to /etc/iiab/iiab_state.yml) + +iiab_var_value() { + v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") + v2=$(grep "^$1:\s" /etc/iiab/local_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") + [[ $v2 != "" ]] && echo $v2 || echo $v1 # [ "$v2" ] ALSO WORKS +} + +# 2022-06-18: 40 apps (list not quite complete) +#grep -l _installed: /opt/iiab/iiab/roles/*/tasks/install.yml | cut -d/ -f6 > /tmp/iiab-apps-list + +# 2022-06-18: 46 apps (list incorrect) -- adds these 6: iiab_admin, minetest, network (HAS NO _installed VAR), pylibs, www_base, www_options +#grep -l _installed: /opt/iiab/iiab/roles/*/tasks/* | cut -d/ -f6 | sort | uniq > /tmp/iiab-apps-list + +# 2022-06-18: 50 apps (list long but ok!) -- adds these 10: dansguardian, dhcpd, iiab_admin, minetest, named, pylibs, squid, wondershaper, www_base, www_options +grep -hro '[A-Za-z_][A-Za-z_]*_installed: True' --exclude-dir=0-DEPRECATED-ROLES /opt/iiab/iiab/roles | sed 's/_installed: True$//' | sort | uniq > /tmp/iiab-apps-list + +while read app; do + if [ $app == "calibre-web" ]; then + app=calibreweb + elif [ $app == "osm-vector-maps" ]; then + app=osm_vector_maps + fi + + # echo ${app}_install: $(iiab_var_value ${app}_install) + + if [[ $(iiab_var_value ${app}_install) =~ ^[Tt]rue$ ]] && ! grep -q "${app}_installed: True" /etc/iiab/iiab_state.yml; then + echo $app + fi +done < /tmp/iiab-apps-list From 6a8d4a45f6055e4881a2d951fc5deb028c160fb0 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 19 Jun 2022 19:59:23 -0400 Subject: [PATCH 129/344] iiab-diagnostics: Fix cat_cmd output + speed up prompt --- scripts/iiab-diagnostics | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index b6c834b42..89141194d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -88,18 +88,19 @@ function cat_dir() { function cat_cmd() { # $1 = command + params, $2 = explanation echo " $1 # $2" echo "=IIAB==========================================================================" >> $outfile - #cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right (NOT NEC, 'command -v' does this!) - #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right - pthcmd=$(command -v $1) # Use canonical path on left; Drop params on right - spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between + cmd=$(echo "$1" | sed 's/^\s*\(\S*\)\s.*/\1/') # Keep command on left; Drop params on right (NEC b/c 'command -v' interprets every word on the line!) + #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right + path_cmd=$(command -v $cmd) # Use canonical path on left; Drop params on right + spc_params=$(echo "$1" | sed 's/^\s*\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim + #spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) if [[ $2 == "" ]]; then - echo "COMMAND: $pthcmd$spc_params" >> $outfile + echo "COMMAND: $path_cmd$spc_params" >> $outfile else - echo "COMMAND: $pthcmd$spc_params # $2" >> $outfile + echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile fi echo >> $outfile - if [[ $pthcmd == "" ]]; then + if [[ $path_cmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! @@ -254,7 +255,8 @@ echo -e " $outfile\e[0m" #else echo echo -ne "\e[42;1mPublish it to a web pastebin? [Y/n]\e[0m " -read ans < /dev/tty +read -n 1 -r ans < /dev/tty +echo #fi echo -e "\e[1m" From f9a145309f8bb79ad6ee7a6be6bcab57004fa49b Mon Sep 17 00:00:00 2001 From: root Date: Sun, 19 Jun 2022 20:07:05 -0400 Subject: [PATCH 130/344] iiab-diagnostics: grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log --- scripts/iiab-diagnostics | 1 + scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 89141194d..a1f516125 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -236,6 +236,7 @@ cat_cmd 'sudo iptables-save' 'Firewall rules' echo -e "\n 6. Log Files: (last 100 lines of each)\n" echo -e "\n\n\n\n6. LOG FILES (LAST 100 LINES OF EACH)\n" >> $outfile +cat_cmd 'grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log' cat_tail /opt/iiab/iiab/iiab-install.log 100 cat_tail /opt/iiab/iiab/iiab-configure.log 100 cat_tail /opt/iiab/iiab/iiab-debug.log 100 diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 6ba4c8ca2..fad4fa31d 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 119-244 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 120-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From fa5d5d57b625cf5085bdbec17e8364ed7a397287 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 19 Jun 2022 20:55:59 -0400 Subject: [PATCH 131/344] iiab-diagnostics: Clean regex's, move/explain 'grep -B2', tighten prompt logic --- scripts/iiab-diagnostics | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a1f516125..ebd57b979 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -88,10 +88,10 @@ function cat_dir() { function cat_cmd() { # $1 = command + params, $2 = explanation echo " $1 # $2" echo "=IIAB==========================================================================" >> $outfile - cmd=$(echo "$1" | sed 's/^\s*\(\S*\)\s.*/\1/') # Keep command on left; Drop params on right (NEC b/c 'command -v' interprets every word on the line!) - #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right - path_cmd=$(command -v $cmd) # Use canonical path on left; Drop params on right - spc_params=$(echo "$1" | sed 's/^\s*\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim + cmd=$(echo "$1" | sed 's/^\s*\(\S\S*\)\b.*$/\1/') # Keep command on left; Drop params on right (NEC b/c 'command -v' interprets every word on the line!) + #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right + path_cmd=$(command -v $cmd) # Use canonical path on left (would drop params on right, but over-interpret each word as a cmd!) + spc_params=$(echo "$1" | sed 's/^\s*\S\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim #spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) if [[ $2 == "" ]]; then @@ -234,9 +234,9 @@ echo -e "\n\n\n\n5. FIREWALL RULES\n" >> $outfile #cat_file /usr/bin/iiab-gen-iptables cat_cmd 'sudo iptables-save' 'Firewall rules' -echo -e "\n 6. Log Files: (last 100 lines of each)\n" -echo -e "\n\n\n\n6. LOG FILES (LAST 100 LINES OF EACH)\n" >> $outfile -cat_cmd 'grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log' +echo -e "\n 6. Log Files: (e.g. last 100 lines of each)\n" +echo -e "\n\n\n\n6. LOG FILES (e.g. LAST 100 LINES OF EACH)\n" >> $outfile +cat_cmd 'grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log' 'for skip_role_on_error' cat_tail /opt/iiab/iiab/iiab-install.log 100 cat_tail /opt/iiab/iiab/iiab-configure.log 100 cat_tail /opt/iiab/iiab/iiab-debug.log 100 @@ -261,7 +261,8 @@ echo #fi echo -e "\e[1m" -if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then +#if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then +if ! [[ $ans =~ ^[nN]$ ]]; then echo -ne "PUBLISHING TO URL... " #pastebinit -b dpaste.com < $outfile pastebinit -b sprunge.us < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs From f098d8e5eb1828dda54db08bdfebbb595dccaf9e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Jun 2022 16:31:10 -0400 Subject: [PATCH 132/344] vars/ubuntu-2204.yml: python_ver: "3.10" --- vars/ubuntu-2204.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/ubuntu-2204.yml b/vars/ubuntu-2204.yml index 45228126e..bbe849b36 100644 --- a/vars/ubuntu-2204.yml +++ b/vars/ubuntu-2204.yml @@ -26,4 +26,4 @@ sshd_service: ssh php_version: 8.1 postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.10 +python_ver: "3.10" From 8a87034c72ac661deca4b6cd375892b008d8ef9e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Jun 2022 16:32:19 -0400 Subject: [PATCH 133/344] vars/ubuntu-2210.yml: python_ver: "3.10" --- vars/ubuntu-2210.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml index bdcd73967..e7ac7cc12 100644 --- a/vars/ubuntu-2210.yml +++ b/vars/ubuntu-2210.yml @@ -26,4 +26,4 @@ sshd_service: ssh php_version: 8.1 postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.10 +python_ver: "3.10" From f7a32070344e67a38b65b1569089b06602429c21 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Jun 2022 16:41:49 -0400 Subject: [PATCH 134/344] vars/debian-12.yml: Set PHP 8.1, PostgreSQL 14, Python 3.10 --- vars/debian-12.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 4ac59c25d..cf4fbfcea 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -23,7 +23,7 @@ mysql_service: mariadb apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh -php_version: 8.0 -postgresql_version: 13 +php_version: 8.1 +postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.9 +python_ver: "3.10" From 0036d8c17b3407693d0818c20cee6e86018fec03 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 20 Jun 2022 20:13:41 -0400 Subject: [PATCH 135/344] test.yml: float (drops outer zeros) vs AnsibleUnicode (String) --- test.yml | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/test.yml b/test.yml index 5364223a5..f346fb757 100644 --- a/test.yml +++ b/test.yml @@ -35,25 +35,42 @@ - name: a shows "VARIABLE IS NOT DEFINED!" -- whereas b (w/o whitespace) AND c (with space) AND d (with tab, STRICTLY DISALLOWED IN YAML BY ansible-core 2.11.6) showed null (without quotes!) -- whereas e (singlequotes) and f (doublequotes) show "" empty string set_fact: - #a: + #a: # Tabs NO LONGER ALLOWED, in strict YAML: https://stackoverflow.com/a/19976827 b: c: # Space - #d: # Tabs NO LONGER ALLOWED, in strict YAML: https://stackoverflow.com/a/19976827 - e: '' - f: "" + d: '' + e: "" + f: "3.10" # zero preserved b/c AnsibleUnicode (i.e. string) + g: +03.10 # plus sign & zeros dropped b/c float - debug: - var: a + var: a # "VARIABLE IS NOT DEFINED!" - debug: - var: b + var: a | type_debug # AnsibleUndefined - debug: - var: c + var: b # null - debug: - var: d + var: b | type_debug # NoneType - debug: - var: e + var: c # null - debug: - var: f + var: c | type_debug # NoneType + - debug: + var: d # "" + - debug: + var: d | type_debug # AnsibleUnicode + - debug: + var: e # "" + - debug: + var: e | type_debug # AnsibleUnicode + - debug: + var: f # "3.10" + - debug: + var: f | type_debug # AnsibleUnicode + - debug: + var: g # 3.1 + - debug: + var: g | type_debug # float - debug: var: ansible_local.local_facts # SEE: /opt/iiab/iiab/scripts/local_facts.fact @@ -75,3 +92,4 @@ var: ansible_machine # TEST ANSIBLE COMMANDS/MODULES HERE! + From 2d6943e9667d1bf8cba07b876ed69f6fad17da26 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 21 Jun 2022 11:01:01 -0400 Subject: [PATCH 136/344] Try 'skip_role_on_error: True' in default_vars --- iiab-install | 9 ++++++--- runrole | 7 ++++--- vars/default_vars.yml | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/iiab-install b/iiab-install index 037d61b24..49294dbc5 100755 --- a/iiab-install +++ b/iiab-install @@ -6,7 +6,7 @@ PLAYBOOK=iiab-stages.yml INVENTORY=ansible_hosts IIAB_STATE_FILE=/etc/iiab/iiab_state.yml -ARGS="" +ARGS="--extra-vars {\"skip_role_on_error\":False" # bash forces {...} to '{...}' for Ansible CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} @@ -127,7 +127,8 @@ if [ -f /etc/iiab/iiab.env ]; then if [ "$1" == "--reinstall" ]; then STAGE=0 - ARGS="$ARGS"" --extra-vars reinstall=True" + #ARGS="$ARGS"" --extra-vars reinstall=True" + ARGS="$ARGS,\"reinstall\":True" # Needs boolean not string so use JSON list sed -i 's/^STAGE=.*/STAGE=0/' /etc/iiab/iiab.env echo "Wrote STAGE=0 (counter) to /etc/iiab/iiab.env" elif [ "$STAGE" -ge 2 ] && [ "$1" == "--debug" ]; then @@ -168,6 +169,8 @@ export ANSIBLE_LOG_PATH="$CWD""/iiab-install.log" ansible -m setup -i $INVENTORY localhost --connection=local | grep python ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null # So vars are recorded in /opt/iiab/iiab/iiab-install.log -ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local +ARGS="$ARGS}" +echo -e "\nNOW RUN: ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local\n" +ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local echo -e "./iiab-install $* COMPLETED IN $CWD\n\n" diff --git a/runrole b/runrole index d29bb900b..644665d2f 100755 --- a/runrole +++ b/runrole @@ -8,7 +8,8 @@ INSTALL=false ENABLED=false REINSTALL=false CWD=`pwd` -ARGS="--extra-vars {" # bash forces {...} to '{...}' for Ansible, SEE BOTTOM +#ARGS="--extra-vars {" +ARGS="--extra-vars {\"skip_role_on_error\":False," # bash forces {...} to '{...}' for Ansible, SEE BOTTOM (IFS-like issue) INVENTORY=ansible_hosts PLAYBOOK=run-one-role.yml @@ -44,7 +45,7 @@ fi #fi if [ "$1" == "--reinstall" ]; then - ARGS="$ARGS\"reinstall\":True," # Needs boolean not string so use JSON list + ARGS="$ARGS\"reinstall\":True," # Needs boolean not string so use JSON list REINSTALL=true shift fi @@ -110,7 +111,7 @@ else export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log" fi -ARGS="$ARGS\"role_to_run\":\"$1\"}" # $1 works like \"$1\" if str validated +ARGS="$ARGS\"role_to_run\":\"$1\"}" # $1 works like \"$1\" if str type validated CMD="ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local $ARGS" echo -e "\e[1mbash will now run this, adding single quotes around the {...} curly braces:\e[0m\n\n$CMD\n" ansible -m setup -i $INVENTORY localhost --connection=local | grep python diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 22d000eac..68ba1ff32 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,7 +16,7 @@ iiab_base_ver: 8.0 iiab_revision: 0 -skip_role_on_error: False +skip_role_on_error: True iiab_etc_path: /etc/iiab From b4ba2f6a76a0d081f9a0c04f148bcf9b7b689bb1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 Jun 2022 18:05:47 -0400 Subject: [PATCH 137/344] scripts/ansible: Recommend ansible-core 2.13.1 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 7d8d16617..ea3ae3891 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] -GOOD_VER=2.13.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 07d6d7b0752236a61b3260a3ab697023a5a3b685 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 22 Jun 2022 11:58:22 -0400 Subject: [PATCH 138/344] Lint/Indent .yml files in /opt/iiab/iiab --- iiab-from-cmdline.yml | 8 ++++---- iiab-from-console.yml | 8 ++++---- iiab-network.yml | 8 ++++---- iiab-stages.yml | 10 +++++----- install-support.yml => install-support.yml.unused | 6 +++--- run-one-role.yml | 8 ++++---- runroles-base.yml | 6 +++--- test.yml | 10 +++++----- 8 files changed, 32 insertions(+), 32 deletions(-) rename install-support.yml => install-support.yml.unused (51%) diff --git a/iiab-from-cmdline.yml b/iiab-from-cmdline.yml index 74b507b56..68956b3ad 100644 --- a/iiab-from-cmdline.yml +++ b/iiab-from-cmdline.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/iiab-from-console.yml b/iiab-from-console.yml index e83aefdb9..fb8282580 100644 --- a/iiab-from-console.yml +++ b/iiab-from-console.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/iiab-network.yml b/iiab-network.yml index a72678367..2725a78c5 100644 --- a/iiab-network.yml +++ b/iiab-network.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/iiab-stages.yml b/iiab-stages.yml index 4b0940db6..32a6ca751 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -3,11 +3,11 @@ become: yes vars_files: - - roles/0-init/defaults/main.yml - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - roles/0-init/defaults/main.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml tasks: diff --git a/install-support.yml b/install-support.yml.unused similarity index 51% rename from install-support.yml rename to install-support.yml.unused index f8e6802f6..f2835214d 100644 --- a/install-support.yml +++ b/install-support.yml.unused @@ -2,9 +2,9 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml roles: - { role: 0-init } diff --git a/run-one-role.yml b/run-one-role.yml index c7dc1b98c..c10a42a2b 100644 --- a/run-one-role.yml +++ b/run-one-role.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/runroles-base.yml b/runroles-base.yml index 55bcb1efd..8df997790 100644 --- a/runroles-base.yml +++ b/runroles-base.yml @@ -3,9 +3,9 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml roles: - { role: 0-init } diff --git a/test.yml b/test.yml index f346fb757..032d35f23 100644 --- a/test.yml +++ b/test.yml @@ -5,11 +5,11 @@ become: yes # Optional privilege escalation #vars_files: - #- roles/0-init/defaults/main.yml - #- vars/default_vars.yml - #- vars/{{ ansible_local.local_facts.os_ver }}.yml - #- /etc/iiab/local_vars.yml - #- /etc/iiab/iiab_state.yml + # - roles/0-init/defaults/main.yml + # - vars/default_vars.yml + # - vars/{{ ansible_local.local_facts.os_ver }}.yml + # - /etc/iiab/local_vars.yml + # - /etc/iiab/iiab_state.yml #roles: # - { role: 0-init } From f63ef539985e109c9847e192c45bb23c435c7d39 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 22 Jun 2022 22:46:51 -0400 Subject: [PATCH 139/344] iiab-install: Parse flags cleanly, e.g. '--risky' for 'skip_role_on_error: True' --- iiab-install | 79 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 52 insertions(+), 27 deletions(-) diff --git a/iiab-install b/iiab-install index 49294dbc5..ec93b10b7 100755 --- a/iiab-install +++ b/iiab-install @@ -1,17 +1,57 @@ #!/bin/bash -e # Running from a git repo # Add cmdline options for passing to ansible -# Todo add proper shift to gobble up --debug --reinstall PLAYBOOK=iiab-stages.yml INVENTORY=ansible_hosts IIAB_STATE_FILE=/etc/iiab/iiab_state.yml -ARGS="--extra-vars {\"skip_role_on_error\":False" # bash forces {...} to '{...}' for Ansible +ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forces {...} to '{...}' for Ansible + CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` -OS=${OS//\"/} +OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.11.6 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.12.7 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. + +REINSTALL=false +DEBUG=false +SKIP_ROLE_ON_ERROR=false + +usage() { + echo -e "\n\e[1mUse './iiab-install' for regular installs, or to continue an install." + echo -e "Use './iiab-install --risky' to force 'skip_role_on_error: True'" + echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." + echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." + echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." + echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role." + echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\e[0m\n" +} + +# https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash/14203146#14203146 +while [[ $# -gt 0 ]]; do + case $1 in + --reinstall) + REINSTALL=true + shift + ;; + --debug) + DEBUG=true + shift + ;; + -r|--risky) + SKIP_ROLE_ON_ERROR=true + shift + ;; + *) + usage + exit 1 + ;; + esac +done + +ARGS="$ARGS\"skip_role_on_error\":$SKIP_ROLE_ON_ERROR" # Needs boolean not +# string so use JSON list. Ansible permits these boolean values: (refresher) +# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml#L19-L43 if [ ! -f /etc/iiab/local_vars.yml ]; then @@ -27,11 +67,11 @@ if [ ! -f /etc/iiab/local_vars.yml ]; then echo -e "\nEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\n" >&2 - echo -e "(1) Please read http://wiki.laptop.org/go/IIAB/local_vars.yml to learn more" >&2 - echo -e "(2) MIN/MEDIUM/BIG samples are included in /opt/iiab/iiab/vars" >&2 + echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 + echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2 - echo -e ' http://download.iiab.io\n' >&2 + echo -e ' https://download.iiab.io\n' >&2 exit 1 fi @@ -57,16 +97,6 @@ if [ ! -f $PLAYBOOK ]; then exit 1 fi -if [ "$1" != "--debug" ] && [ "$1" != "--reinstall" ] && [ "$1" != "" ]; then - echo "Use './iiab-install' for regular installs, or to continue an install." - echo "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." - echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." - echo "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." - echo "Use './runrole' to run Stage 0, followed by a single Stage or Role." - echo "Use './iiab-network' to run Stage 0, followed by the Network Role." - exit 1 -fi - # Subroutine compares software version numbers. Generates rare false positives # like "1.0 > 1" and "2.4.0 > 2.4". Avoid risks by structuring conditionals w/ # a consistent # of decimal points e.g. "if version_gt w.x.y.z a.b.c.d; then" @@ -125,28 +155,23 @@ if [ -f /etc/iiab/iiab.env ]; then fi fi - if [ "$1" == "--reinstall" ]; then + if $($REINSTALL); then STAGE=0 #ARGS="$ARGS"" --extra-vars reinstall=True" ARGS="$ARGS,\"reinstall\":True" # Needs boolean not string so use JSON list sed -i 's/^STAGE=.*/STAGE=0/' /etc/iiab/iiab.env echo "Wrote STAGE=0 (counter) to /etc/iiab/iiab.env" - elif [ "$STAGE" -ge 2 ] && [ "$1" == "--debug" ]; then + elif [ "$STAGE" -ge 2 ] && $($DEBUG); then STAGE=2 sed -i 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env echo "Wrote STAGE=2 (counter) to /etc/iiab/iiab.env" elif [ "$STAGE" -eq 9 ]; then - echo -e "\nEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done." - echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." - echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." - echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." - echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role." - echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\n\n" - + echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done." + usage exit 0 # Allows rerunning http://download.iiab.io/install.txt fi fi -if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then +if [ "$STAGE" -lt 2 ] && $($DEBUG); then echo -e "\n'--debug' *ignored* as STAGE (counter) < 2." fi From 41a91bd0f546bd4fc4ddef5bbbec17aca1296509 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Thu, 23 Jun 2022 04:55:56 +0100 Subject: [PATCH 140/344] get lan_ip soft coded everywhere --- .../templates/iiab-divert-to-nginx | 2 +- roles/cups/tasks/install.yml | 8 +++---- .../network/templates/dhcp/dhcpd-iiab.conf.j2 | 17 +++++++++----- .../templates/gateway/iiab-gen-iptables | 2 +- .../templates/named/school.internal.zone.db | 22 +++++++++---------- .../templates/named/school.local.zone.db | 22 +++++++++---------- roles/nextcloud/README.md | 2 +- roles/samba/templates/smb.conf.j2 | 2 +- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 9 +++++--- 10 files changed, 49 insertions(+), 39 deletions(-) diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx index c708de87a..8d6d06b2e 100755 --- a/roles/captiveportal/templates/iiab-divert-to-nginx +++ b/roles/captiveportal/templates/iiab-divert-to-nginx @@ -1,4 +1,4 @@ #!/bin/bash -x -awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture +awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index d585b42e0..6b8971f34 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -76,14 +76,14 @@ name: cups state: started -# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" # command: cupsctl --remote-admin --share-printers --user-cancel-any # 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER: # (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW. # (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!) -- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" command: cupsctl --remote-any --share-printers --user-cancel-any # 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml @@ -96,7 +96,7 @@ # command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging # when: not cups_enabled -# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631" +# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631" # lineinfile: # path: /etc/cups/cupsd.conf # line: "{{ item }}" @@ -105,7 +105,7 @@ # - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027 # - "ServerAlias *" # - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan -# - "#Listen {{ lan_ip }}:631" # 172.18.96.1 +# - "#Listen {{ lan_ip }}:631" # {{ lan_ip }} # - "#Listen 127.0.0.1:631" # - "#Listen 0.0.0.0:631" # - "#Listen *:631" diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index a3c844120..c6cdc6028 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -5,15 +5,22 @@ ddns-update-style interim; #ignore client-updates; option domain-name "{{ iiab_domain }}"; -option domain-name-servers 172.18.96.1; -option ntp-servers 172.18.96.1; +option domain-name-servers {{ lan_ip }}; +option ntp-servers {{ lan_ip }}; subnet 172.18.96.0 netmask 255.255.224.0 { {% if iiab_network_mode == "Gateway" %} - option routers 172.18.96.1; + option routers {{ lan_ip }}; {% endif %} - option subnet-mask 255.255.224.0; - option broadcast-address 172.18.127.255; + {% if 172_network %} + option subnet-mask 255.255.224.0; + option broadcast-address 172.18.127.255; + {% else %} + option subnet-mask 255.255.255.0; + option broadcast-address 10.10.10.255; + {% endif %} + + # Description of network allocations in old OLPC school server # this is the whole range we have available - 8K addresses # range 172.18.96.2 172.18.127.254; # instead, we'll save 510 addresses for later. diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 79a112b55..d784d38a9 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled" echo #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` #echo -e "Network Mode: $network_mode\n" -lan_ip=$(iiab_var_value lan_ip) # 172.18.96.1 +lan_ip=$(iiab_var_value lan_ip) # {{ lan_ip }} ports_externally_visible=$(iiab_var_value ports_externally_visible) gw_block_https=$(iiab_var_value gw_block_https) diff --git a/roles/network/templates/named/school.internal.zone.db b/roles/network/templates/named/school.internal.zone.db index 99a131aa2..ec930bee8 100644 --- a/roles/network/templates/named/school.internal.zone.db +++ b/roles/network/templates/named/school.internal.zone.db @@ -1,19 +1,19 @@ @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} -conference.schoolserver IN A 172.18.96.1 +conference.schoolserver IN A {{ lan_ip }} ; translations of school - in plain latin script diff --git a/roles/network/templates/named/school.local.zone.db b/roles/network/templates/named/school.local.zone.db index 3d0619e96..8b4bc384e 100644 --- a/roles/network/templates/named/school.local.zone.db +++ b/roles/network/templates/named/school.local.zone.db @@ -3,18 +3,18 @@ @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} -conference.schoolserver IN A 172.18.96.1 +conference.schoolserver IN A {{ lan_ip }} ; translations of school - in plain latin script diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 99cdc4b02..3759ad121 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre ## Using It -Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using: Username: Admin Password: changeme diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index acfc004a7..8dd667d05 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -92,7 +92,7 @@ ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 - hosts allow = 127. 172.18. + hosts allow = 127. 172.18. 10.10. ; max protocol = SMB2 diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 380ea6048..773ec65f4 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -12,7 +12,7 @@ # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # transmission_http_port: 9091 # transmission_url: /transmission/ -# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.* # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 22d000eac..9eac09d85 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -98,8 +98,11 @@ disregard_network: False # Use cache, or error out if cache does not exist. iiab_hostname: box iiab_domain: lan -lan_ip: 172.18.96.1 -lan_netmask: 255.255.224.0 +lan_ip: 10.10.10.10 +172_network: False +#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems +lan_netmask: 255.255.255.0 +#lan_netmask: 255.255.224.0 # Older networks were larger # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. @@ -540,7 +543,7 @@ transmission_group: debian-transmission # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme transmission_http_port: 9091 transmission_url: /transmission/ -transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 From 96521f9ad42a57828285e38c8f2dcdf8d47ffc0e Mon Sep 17 00:00:00 2001 From: root Date: Thu, 23 Jun 2022 01:12:19 -0400 Subject: [PATCH 141/344] Clarify './iiab-install --risky' for 'skip_role_on_error: True' in default_vars.yml --- vars/default_vars.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 68ba1ff32..4e8b9f2bc 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,6 +16,10 @@ iiab_base_ver: 8.0 iiab_revision: 0 +# 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear +# install path, intentionally overriding this value, until "SOFTWARE INSTALL IS +# COMPLETE". But you can run './iiab-install --risky' if you truly need +# iiab-install to run with 'skip_role_on_error: True' (PRs #3255, #3256, #3262) skip_role_on_error: True iiab_etc_path: /etc/iiab From 63f1363e21c5b44817b5f579b4ba521c63de93aa Mon Sep 17 00:00:00 2001 From: root Date: Thu, 23 Jun 2022 10:11:50 -0400 Subject: [PATCH 142/344] iiab-install: Show usage in bold more cleanly --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index ec93b10b7..f3f0bc830 100755 --- a/iiab-install +++ b/iiab-install @@ -166,7 +166,7 @@ if [ -f /etc/iiab/iiab.env ]; then sed -i 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env echo "Wrote STAGE=2 (counter) to /etc/iiab/iiab.env" elif [ "$STAGE" -eq 9 ]; then - echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done." + echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done.\e[0m" usage exit 0 # Allows rerunning http://download.iiab.io/install.txt fi From 1fec2559e919cfe925e55e4d18c9ab8d9bd4810e Mon Sep 17 00:00:00 2001 From: root Date: Fri, 24 Jun 2022 14:32:07 -0400 Subject: [PATCH 143/344] 22.04 & Mint 21: Avoid Sugarizer+Moodle initially (TEMPORARY) --- roles/7-edu-apps/tasks/main.yml | 4 ++-- vars/linuxmint-21.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index f4bdae83b..b7dd56855 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install # and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: OSM-VECTOR-MAPS include_role: @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install # and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index 5a1e79131..a6403ed91 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -2,7 +2,7 @@ # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now -is_ubuntu_22: True +is_ubuntu_2204: True is_linuxmint: True is_linuxmint_21: True From 18aef95d925aea2662169a87ee7b3a639c7ecb09 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 24 Jun 2022 14:42:32 -0400 Subject: [PATCH 144/344] vars/linuxmint-21.yml: python_ver: "3.10" advance fix re: PR #3260 & PR #3265 --- vars/linuxmint-21.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index a6403ed91..0135cd65f 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -28,4 +28,4 @@ sshd_service: ssh php_version: 8.1 postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.10 +python_ver: "3.10" From f898553346aa51b94fa57f318448b2a6daab3cdb Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Jun 2022 19:53:58 -0400 Subject: [PATCH 145/344] Record recent git tag, for 2 primary repos --- roles/0-init/tasks/create_iiab_ini.yml | 4 ++-- roles/0-init/tasks/main.yml | 7 ++----- scripts/iiab-diagnostics | 15 +++++++++------ scripts/local_facts.fact | 13 ++++++------- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index d29f791c8..22e69f096 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -33,10 +33,10 @@ value: "{{ ansible_local.local_facts.iiab_branch }}" - option: iiab_commit value: "{{ ansible_local.local_facts.iiab_commit }}" + - option: iiab_recent_tag + value: "{{ ansible_local.local_facts.iiab_recent_tag }}" - option: install_date value: "{{ ansible_date_time.iso8601 }}" - #- option: xo_model - # value: "{{ xo_model }}" - option: rpi_model value: "{{ rpi_model }}" - option: devicetree_model diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 328ad5629..2b1126220 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -11,7 +11,6 @@ set_fact: rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" - #xo_model: "{{ ansible_local.local_facts.xo_model }}" iiab_stage: "{{ ansible_local.local_facts.stage }}" # 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*) @@ -78,6 +77,8 @@ value: "{{ ansible_local.local_facts.iiab_branch }}" - option: runtime_commit value: "{{ ansible_local.local_facts.iiab_commit }}" + - option: iiab_recent_tag + value: "{{ ansible_local.local_facts.iiab_recent_tag }}" - option: runtime_date value: "{{ ansible_date_time.iso8601 }}" - option: ansible_version @@ -102,10 +103,6 @@ value: "{{ local_tz }}" - option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist value: "{{ etc_localtime.stdout }}" - #- option: no_NM_reload - # value: "{{ no_NM_reload }}" - #- option: is_F18 - # value: "{{ is_F18 }}" - option: FQDN_changed value: "{{ FQDN_changed }}" diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ebd57b979..f2a10b88f 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -4,15 +4,16 @@ # PLEASE SEE /opt/iiab/iiab/scripts/iiab-diagnostics.README.md OR ONLINE HERE: # https://github.com/iiab/iiab/blob/master/scripts/iiab-diagnostics.README.md -IIAB_RELEASE=`cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2` -OS_VER=`cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2` +IIAB_RELEASE=$(cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2) +OS_VER=$(cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2) YMDT=$(date +%F_%T_%Z) -#HASH=`cd /opt/iiab/iiab; git log --pretty=format:'%h' -n 1` git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root -HASH1=`cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1` +HASH1=$(cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1) # --pretty=format:'%h' (8 chars) +TAG1=$(cd /opt/iiab/iiab; git describe --tags --abbrev=0) git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root -HASH2=`cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1` +HASH2=$(cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1) +TAG2=$(cd /opt/iiab/iiab-admin-console; git describe --tags --abbrev=0) echo -e "\nGathers IIAB diagnostics into 1 file, to accelerate troubleshooting. USAGE:" echo @@ -123,10 +124,12 @@ echo -e "\nCompiling diagnostics..." echo -e "\n 0. Filename Header + Git Hashes + Raspberry Pi Model + OS" echo "This is: $outfile" >> $outfile echo >> $outfile -echo -e "\n\n\n\n0. GIT HASHES + RASPBERRY PI MODEL + OS" >> $outfile +echo -e "\n\n\n\n0. GIT HASHES/TAGS + RASPBERRY PI MODEL + OS" >> $outfile echo >> $outfile echo "iiab commit: $HASH1" >> $outfile +echo " recent git tag: $TAG1" >> $outfile echo "iiab-admin-console commit: $HASH2" >> $outfile +echo " recent git tag: $TAG2" >> $outfile echo >> $outfile cat_file /etc/iiab/pr-list-pulled cat_file /proc/device-tree/model # Should be identical to /sys/firmware/devicetree/base/model diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index bf1833340..332e97e13 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -3,7 +3,7 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -# 2020-10-27: Most of the 11 variables require a command[*] to be run to +# 2020-10-27: Most of the 12 variables require a command[*] to be run to # establish the var's value. WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE. # # [*] DOESN'T MATTER WHAT COMMAND: so long as it fails with Return Code != 0 @@ -14,7 +14,7 @@ OS="none" VERSION_ID="none" # This var's combined with the above, before being output IIAB_BRANCH="none" IIAB_COMMIT="none" -#XO_MODEL="none" +IIAB_RECENT_TAG="none" RPI_MODEL="none" DEVICETREE_MODEL="none" ANSIBLE_VERSION="none" @@ -86,15 +86,15 @@ case $OS_VER in ;; esac -# These next 2 help indicate what version of IIAB +# These next 3 help indicate what version of IIAB tmp=$(git rev-parse --abbrev-ref HEAD) && IIAB_BRANCH=$tmp tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp -#tmp=$(cat /proc/device-tree/mfg-data/MN) && -# XO_MODEL=$tmp +tmp=$(git describe --tags --abbrev=0) && + IIAB_RECENT_TAG=$tmp grep -iq raspberry /proc/device-tree/model && RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') @@ -143,11 +143,10 @@ cat < Date: Sun, 26 Jun 2022 06:21:30 -0400 Subject: [PATCH 146/344] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index fad4fa31d..7bbabcc3a 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 120-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 121-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 17aa26a4acb168c7a2c123d12c02ff5753500dfe Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 26 Jun 2022 21:20:50 +0100 Subject: [PATCH 147/344] jinja2 variable must start with non-numeric --- roles/network/templates/dhcp/dhcpd-iiab.conf.j2 | 2 +- roles/network/templates/network/dnsmasq.conf.j2 | 7 ++++++- vars/default_vars.yml | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index c6cdc6028..4b452a163 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -12,7 +12,7 @@ subnet 172.18.96.0 netmask 255.255.224.0 { {% if iiab_network_mode == "Gateway" %} option routers {{ lan_ip }}; {% endif %} - {% if 172_network %} + {% if network_172 %} option subnet-mask 255.255.224.0; option broadcast-address 172.18.127.255; {% else %} diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index 782f38049..056830267 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -18,7 +18,12 @@ addn-hosts=/etc/hosts.dnsmasq expand-hosts # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease -dhcp-range=172.18.100.1,172.18.126.254,1h +{% if network_172 %} + dhcp-range=172.18.100.1,172.18.126.254,1h +{% else %} + dhcp-range=10.10.10.21,10.10.10.253,1h +{% endif %} + # Specify the default route dhcp-option=3,{{ lan_ip }} # Specify the DNS server address diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9eac09d85..3b223320c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -99,7 +99,7 @@ disregard_network: False # Use cache, or error out if cache does not exist. iiab_hostname: box iiab_domain: lan lan_ip: 10.10.10.10 -172_network: False +network_172: False #lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems lan_netmask: 255.255.255.0 #lan_netmask: 255.255.224.0 # Older networks were larger From 40c60d9596038e2366d73ce9a66e6e842fdcae9e Mon Sep 17 00:00:00 2001 From: root Date: Mon, 27 Jun 2022 16:02:21 -0400 Subject: [PATCH 148/344] iiab-diagnostics: Show Git details for 2 primary repos --- scripts/iiab-diagnostics | 25 ++++++++++++++++++------- scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f2a10b88f..55f783919 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -10,10 +10,16 @@ YMDT=$(date +%F_%T_%Z) git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root HASH1=$(cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1) # --pretty=format:'%h' (8 chars) -TAG1=$(cd /opt/iiab/iiab; git describe --tags --abbrev=0) +BRANCH1=$(cd /opt/iiab/iiab; git branch --show-current) +REMOTE_URL1=$(cd /opt/iiab/iiab; git config remote.$(git config branch.$BRANCH1.remote).url) +PR_COUNT1=$(cd /opt/iiab/iiab; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +TAG_COMMITS1=$(cd /opt/iiab/iiab; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root HASH2=$(cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1) -TAG2=$(cd /opt/iiab/iiab-admin-console; git describe --tags --abbrev=0) +BRANCH2=$(cd /opt/iiab/iiab-admin-console; git branch --show-current) +REMOTE_URL2=$(cd /opt/iiab/iiab-admin-console; git config remote.$(git config branch.$BRANCH2.remote).url) +PR_COUNT2=$(cd /opt/iiab/iiab-admin-console; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +TAG_COMMITS2=$(cd /opt/iiab/iiab-admin-console; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') echo -e "\nGathers IIAB diagnostics into 1 file, to accelerate troubleshooting. USAGE:" echo @@ -124,12 +130,17 @@ echo -e "\nCompiling diagnostics..." echo -e "\n 0. Filename Header + Git Hashes + Raspberry Pi Model + OS" echo "This is: $outfile" >> $outfile echo >> $outfile -echo -e "\n\n\n\n0. GIT HASHES/TAGS + RASPBERRY PI MODEL + OS" >> $outfile +echo -e "\n\n\n\n0. GIT INFO + RASPBERRY PI MODEL + OS" >> $outfile echo >> $outfile -echo "iiab commit: $HASH1" >> $outfile -echo " recent git tag: $TAG1" >> $outfile -echo "iiab-admin-console commit: $HASH2" >> $outfile -echo " recent git tag: $TAG2" >> $outfile +echo "iiab commit: $HASH1" >> $outfile +echo " remote: $REMOTE_URL1" >> $outfile +echo " branch: $BRANCH1" >> $outfile +printf "%4s merged PR's since recent tag: $TAG_COMMITS1\n" $PR_COUNT1 >> $outfile +echo >> $outfile +echo "iiab-admin-console commit: $HASH2" >> $outfile +echo " remote: $REMOTE_URL2" >> $outfile +echo " branch: $BRANCH2" >> $outfile +printf "%4s merged PR's since recent tag: $TAG_COMMITS2\n" $PR_COUNT2 >> $outfile echo >> $outfile cat_file /etc/iiab/pr-list-pulled cat_file /proc/device-tree/model # Should be identical to /sys/firmware/devicetree/base/model diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 7bbabcc3a..2637c7ef9 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 121-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-260 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 6404c71859eed145c2102cb7a06385bcb52993c6 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 27 Jun 2022 16:23:29 -0400 Subject: [PATCH 149/344] iiab-diagnostics: Unindent Git details --- scripts/iiab-diagnostics | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 55f783919..04689d3e6 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -132,14 +132,14 @@ echo "This is: $outfile" >> $outfile echo >> $outfile echo -e "\n\n\n\n0. GIT INFO + RASPBERRY PI MODEL + OS" >> $outfile echo >> $outfile -echo "iiab commit: $HASH1" >> $outfile -echo " remote: $REMOTE_URL1" >> $outfile -echo " branch: $BRANCH1" >> $outfile +echo "iiab commit: $HASH1" >> $outfile +echo " remote: $REMOTE_URL1" >> $outfile +echo " branch: $BRANCH1" >> $outfile printf "%4s merged PR's since recent tag: $TAG_COMMITS1\n" $PR_COUNT1 >> $outfile echo >> $outfile -echo "iiab-admin-console commit: $HASH2" >> $outfile -echo " remote: $REMOTE_URL2" >> $outfile -echo " branch: $BRANCH2" >> $outfile +echo "iiab-admin-console commit: $HASH2" >> $outfile +echo " remote: $REMOTE_URL2" >> $outfile +echo " branch: $BRANCH2" >> $outfile printf "%4s merged PR's since recent tag: $TAG_COMMITS2\n" $PR_COUNT2 >> $outfile echo >> $outfile cat_file /etc/iiab/pr-list-pulled From 9370f59a44beeb880a2a48bf6c9f778649f53af3 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 08:58:41 -0400 Subject: [PATCH 150/344] /usr/bin/iiab-summary: Concise/quick view of any IIAB in ~20 lines --- roles/1-prep/tasks/main.yml | 7 ++-- scripts/iiab-summary | 66 +++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100755 scripts/iiab-summary diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 4fda2bf5f..b5f55e78e 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,11 +23,14 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? -- name: Copy /opt/iiab/iiab/scripts/iiab-apps-to-be-installed to /usr/bin/ +- name: Copy iiab-summary & iiab-apps-to-be-installed from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: - src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" + src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ mode: '0755' + with_items: + - iiab-summary + - iiab-apps-to-be-installed - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml diff --git a/scripts/iiab-summary b/scripts/iiab-summary new file mode 100755 index 000000000..e529c1332 --- /dev/null +++ b/scripts/iiab-summary @@ -0,0 +1,66 @@ +#!/bin/bash + +# Intentionally very concise summary of IIAB details. +# Can evolve for int'l community needs, alongside the much longer: +# https://github.com/iiab/iiab/blob/master/scripts/iiab-diagnostics.README.md + +git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root +cd /opt/iiab/iiab +SHORT_HASH1=$(git log --pretty=format:'%h' -n 1) # --pretty=format:'%H' (all 40 chars) +TAG1=$(git describe --tags --abbrev=0) +COMMITS1=$(git log "$TAG1..HEAD" --oneline | wc -l) +PR_COUNT1=$(git log "$TAG1..HEAD" --oneline --grep='Merge pull request' | wc -l) +COMMIT_MSG1=$(git log --format=%B -1 | head -1) +BRANCH1=$(git branch --show-current) +REMOTE_URL1=$(git config remote.$(git config branch.$BRANCH1.remote).url) + +git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root +cd /opt/iiab/iiab-admin-console +SHORT_HASH2=$(git log --pretty=format:'%h' -n 1) # --pretty=format:'%H' (all 40 chars) +TAG2=$(git describe --tags --abbrev=0) +COMMITS2=$(git log "$TAG2..HEAD" --oneline | wc -l) +PR_COUNT2=$(git log "$TAG2..HEAD" --oneline --grep='Merge pull request' | wc -l) +COMMIT_MSG2=$(git log --format=%B -1 | head -1) +BRANCH2=$(git branch --show-current) +REMOTE_URL2=$(git config remote.$(git config branch.$BRANCH2.remote).url) + +echo "$(grep install_date /etc/iiab/iiab.ini) Current TZ: $(date +%Z)" +echo +echo -e "iiab: $SHORT_HASH1, $PR_COUNT1 PR's / $COMMITS1 commits since tag $TAG1" +echo -e " \e[1m\"$COMMIT_MSG1\"\e[0m" +echo " $REMOTE_URL1 branch: $BRANCH1" +if [ -f /etc/iiab/pr-list-pulled ]; then + echo + cat /etc/iiab/pr-list-pulled +fi +echo +echo -e "iiab-admin-console: $SHORT_HASH2, $PR_COUNT2 PR's / $COMMITS2 commits since tag $TAG2" +echo -e " \e[1m\"$COMMIT_MSG2\"\e[0m" +echo " $REMOTE_URL2 branch: $BRANCH2" +echo +if [ -f /etc/rpi-issue ]; then + cat /etc/rpi-issue + echo "/etc/debian-version: $(cat /etc/debian_version)" +else + echo "$(cat /etc/issue.net) $(cat /etc/debian_version)" +fi +echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $(dpkg --print-architecture) Arch2: $(dpkg --print-foreign-architectures)" +uname -rvp +echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) +if [ -f /proc/device-tree/model ]; then + cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo +fi +if [ -f /sys/class/thermal/thermal_zone0/temp ]; then + echo "Temp(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp +fi +#if command -v landscape-sysinfo > /dev/null; then # Slow, Ubuntu Server only +# landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p +#fi +echo +echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l)" +echo +echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net +grep "^openvpn_enabled:" /etc/iiab/local_vars.yml +grep "^openvpn_handle:" /etc/iiab/local_vars.yml +hostname -I +echo From 194bd1a2b43a798bc1de490599b253671aa6c496 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 09:14:24 -0400 Subject: [PATCH 151/344] /usr/bin/iiab-summary: Clarify temperature(s) --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index e529c1332..cb1d1c8aa 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -51,7 +51,7 @@ if [ -f /proc/device-tree/model ]; then cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo fi if [ -f /sys/class/thermal/thermal_zone0/temp ]; then - echo "Temp(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp + echo "Temperature(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp fi #if command -v landscape-sysinfo > /dev/null; then # Slow, Ubuntu Server only # landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p From 25e06a03d74da631eb4974e946b7805f3dcc7525 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 09:37:28 -0400 Subject: [PATCH 152/344] Update scripts/iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 2637c7ef9..fe1589b11 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -1,10 +1,16 @@ ## Objective -To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable small file, that can be easily circulated online AND offline. Just FYI Raspberry Pi OS's [/usr/bin/raspinfo](https://github.com/raspberrypi/utils/blob/master/raspinfo/raspinfo) serves a very similar purpose, but we do not include that program's 700-to-800 line output at present. +To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable file of about 2000 lines, that can be easily circulated online AND offline. -Passwords (including Wi-Fi passwords) are auto-redacted from this file, to protect your community confidentiality. +Just FYI Raspberry Pi OS's [/usr/bin/raspinfo](https://github.com/raspberrypi/utils/blob/master/raspinfo/raspinfo) serves a very similar purpose, but we do not include that program's 700-to-800 line output at present. -Finally, the ``pastebinit`` command can then be used to auto-upload this file, creating a short URL that makes it much easier to circulate among [volunteers](http://internet-in-a-box.org/pages/contributing.html). +For a more concise "instant" summary of any IIAB machine (about 20-25 lines) try this command instead: [/usr/bin/iiab-summary](iiab-summary) + +## What `iiab-diagnostics` does + +Passwords (including Wi-Fi passwords) are auto-redacted as the output file is generated, to protect your community confidentiality. + +Finally, the ``pastebinit`` command can be used to auto-upload the output file (human-readable, approx 2000 lines) creating a short URL that makes it much easier to circulate among [volunteers](https://internet-in-a-box.org/contributing.html). But first off, the file is compiled by harvesting 1 + 6 kinds of things: From 5f3946fb846f6c9c09087989ce381c892c1af856 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 09:48:13 -0400 Subject: [PATCH 153/344] iiab-summary: Summary count of `iiab-apps-to-be-installed` --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index cb1d1c8aa..e0410f18d 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -57,7 +57,7 @@ fi # landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p #fi echo -echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l)" +echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(iiab-apps-to-be-installed | wc -l)" echo echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net grep "^openvpn_enabled:" /etc/iiab/local_vars.yml From 93709b75da70dad439b36c8da5a8003bbeea61f0 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 10:04:50 -0400 Subject: [PATCH 154/344] iiab-diagnostics: Include iiab-apps-to-be-installed output --- scripts/iiab-diagnostics | 1 + scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 04689d3e6..957111ad1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -163,6 +163,7 @@ cat_cmd 'dpkg --print-architecture' 'RaspiOS-on-PC shows: i386' cat_cmd 'dpkg --print-foreign-architectures' 'RaspiOS-on-PC shows: amd64' cat_cmd 'systemctl is-active display-manager.service' 'Graphical Desktop?' cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml' +cat_cmd 'iiab-apps-to-be-installed' 'IIAB Apps to be installed' echo -e '\n\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index fe1589b11..1dacfe807 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-260 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-261 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 60745e3e59e4a3a060c7f02894d4fb383adc278e Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 09:06:08 -0400 Subject: [PATCH 155/344] remoteit/tasks/install.yml: Remove "IIAB_LIKE=Ubuntu" after workaround, for Ansible --- roles/remoteit/tasks/install.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index ee838b9d3..4e52bd586 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -76,6 +76,15 @@ - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh +# 2022-06-29: Ansible misinterprets "IIAB_LIKE=Ubuntu" (interpreting the entire +# OS as Ubuntu instead of Mint, on later Ansible runs) so let's remove line now. +- name: If Linux Mint, remove above "IIAB_LIKE=Ubuntu" from /etc/os-release (for Ansible's sloppy OS recognition logic) + lineinfile: + path: /etc/os-release + line: IIAB_LIKE=Ubuntu + state: absent + when: is_linuxmint + - name: "'rm /etc/remoteit/registration' (empty file used just above)" file: From 64b2635bbb061e86d7364a419f1d5ed3011d329a Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 12:50:11 -0400 Subject: [PATCH 156/344] Record branch's actual Git remote (URL) to iiab.ini (in 2 places) --- roles/0-init/tasks/create_iiab_ini.yml | 2 ++ roles/0-init/tasks/main.yml | 2 ++ scripts/local_facts.fact | 7 ++++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 22e69f096..f27cb2e38 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -29,6 +29,8 @@ value: "{{ ansible_architecture }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" + - option: iiab_remote + value: "{{ ansible_local.local_facts.iiab_remote }}" - option: iiab_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: iiab_commit diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 2b1126220..2e95bc920 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -73,6 +73,8 @@ value: "{{ iiab_base_ver }}" - option: iiab_revision value: "{{ iiab_revision }}" + - option: iiab_remote + value: "{{ ansible_local.local_facts.iiab_remote }}" - option: runtime_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: runtime_commit diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 332e97e13..06b430411 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -12,6 +12,7 @@ STAGE=0 OS="none" VERSION_ID="none" # This var's combined with the above, before being output +IIAB_REMOTE="none" IIAB_BRANCH="none" IIAB_COMMIT="none" IIAB_RECENT_TAG="none" @@ -86,10 +87,13 @@ case $OS_VER in ;; esac -# These next 3 help indicate what version of IIAB +# These next 4 help indicate what version of IIAB tmp=$(git rev-parse --abbrev-ref HEAD) && IIAB_BRANCH=$tmp +tmp=$(git config remote.$(git config branch.$IIAB_BRANCH.remote).url) && + IIAB_REMOTE=$tmp + tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp @@ -141,6 +145,7 @@ cat < Date: Wed, 29 Jun 2022 12:59:53 -0400 Subject: [PATCH 157/344] iiab-summary: Cleaner when there's no /opt/iiab/iiab-admin-console --- scripts/iiab-summary | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index e0410f18d..79588036e 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -34,9 +34,13 @@ if [ -f /etc/iiab/pr-list-pulled ]; then cat /etc/iiab/pr-list-pulled fi echo -echo -e "iiab-admin-console: $SHORT_HASH2, $PR_COUNT2 PR's / $COMMITS2 commits since tag $TAG2" -echo -e " \e[1m\"$COMMIT_MSG2\"\e[0m" -echo " $REMOTE_URL2 branch: $BRANCH2" +if [ -d /opt/iiab/iiab-admin-console ]; then + echo -e "iiab-admin-console: $SHORT_HASH2, $PR_COUNT2 PR's / $COMMITS2 commits since tag $TAG2" + echo -e " \e[1m\"$COMMIT_MSG2\"\e[0m" + echo " $REMOTE_URL2 branch: $BRANCH2" +else + echo " WARNING: Directory /opt/iiab/iiab-admin-console does not exist!" +fi echo if [ -f /etc/rpi-issue ]; then cat /etc/rpi-issue From cb51d68a9ccaba88588a133fa5269d36f031c56f Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 13:05:57 -0400 Subject: [PATCH 158/344] local_facts.fact: Fix typo 12 -> "13 vars require a command" --- scripts/local_facts.fact | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 06b430411..a0471c95a 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -3,7 +3,7 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -# 2020-10-27: Most of the 12 variables require a command[*] to be run to +# 2020-10-27: Most of the 13 variables require a command[*] to be run to # establish the var's value. WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE. # # [*] DOESN'T MATTER WHAT COMMAND: so long as it fails with Return Code != 0 From 15a5efb765fa7e68a8442a0d44d09ea27733f0a1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jun 2022 14:09:15 -0400 Subject: [PATCH 159/344] awstats.schoolserver.conf.j2: Set AllowFullYearView=3 not 2 --- roles/awstats/templates/awstats.schoolserver.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/awstats/templates/awstats.schoolserver.conf.j2 b/roles/awstats/templates/awstats.schoolserver.conf.j2 index 40816fef5..2a5e8802d 100644 --- a/roles/awstats/templates/awstats.schoolserver.conf.j2 +++ b/roles/awstats/templates/awstats.schoolserver.conf.j2 @@ -261,7 +261,7 @@ AllowToUpdateStatsFromBrowser=1 # 3 - Possible on CLI and CGI # Default: 2 # -AllowFullYearView=2 +AllowFullYearView=3 From 2457f415fceaf574c1fcc38ce7282163762116cd Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 18:37:13 -0400 Subject: [PATCH 160/344] Speed up roles/0-init by moving 2 things to detected_network.yml --- roles/0-init/defaults/main.yml | 8 ---- roles/0-init/tasks/main.yml | 15 ++------ roles/0-init/tasks/network.yml | 43 --------------------- roles/1-prep/tasks/main.yml | 7 +++- roles/network/defaults/main.yml | 4 ++ roles/network/tasks/detected_network.yml | 48 ++++++++++++++++++++++++ roles/phpmyadmin/tasks/install.yml | 2 +- roles/www_options/tasks/main.yml | 19 +++++++++- 8 files changed, 79 insertions(+), 67 deletions(-) diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml index 95cca916b..a07cde5cf 100644 --- a/roles/0-init/defaults/main.yml +++ b/roles/0-init/defaults/main.yml @@ -23,14 +23,6 @@ # ...after it is set in 0-init/tasks/main.yml first_run: False rpi_model: none # 2021-07-30: Broadly used! -#xo_model: none # 2021-07-30: No longer used -# 2021-07-30: Recorded to /etc/iiab/iiab.ini but not used programmatically: -gw_active: False -# 2021-07-30: Broadly used, but not in an organized way -- most all IIAB -# outfitting/provisioning happens online -- in situations where connectivity -# failures should be reported to the operator, rather than papered over: -internet_available: False -discovered_wan_iface: none # 2021-07-30: Very broadly used! # 2021-07-30: Barely used -- for {named, dhcpd, squid} in # roles/network/tasks/main.yml -- after being set in 0-init/tasks/network.yml diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 2e95bc920..b7d128124 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -13,11 +13,6 @@ devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" iiab_stage: "{{ ansible_local.local_facts.stage }}" -# 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*) -#- name: Re-read local_facts.facts from /etc/ansible/facts.d -# setup: -# filter: ansible_local - # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. - name: Create {{ iiab_ini_file }}, if it doesn't exist @@ -26,9 +21,9 @@ # 2021-07-30: The 'first_run' flag isn't much used anymore. In theory it's # still used in these 2 places: -# (1) roles/1-prep/tasks/main.yml for raspberry_pi.yml +# (1) roles/1-prep/tasks/hardware.yml for raspberry_pi.yml # (2) roles/network/tasks/named.yml for "Stop named before copying files" -# In practice however, it's no longer important, and might be reconsidered? +# This needs to be reworked for 0-init speed, and overall understandability. - name: Set first_run flag set_fact: first_run: True @@ -56,7 +51,7 @@ - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml -- name: Test Gateway + Test Internet + Set new hostname/domain (hostname.yml) if nec + Set 'gui_port' to 80 or 443 for Admin Console +- name: Set new hostname/domain (hostname.yml) if nec include_tasks: network.yml @@ -91,10 +86,6 @@ value: "{{ ansible_memtotal_mb }}" - option: swap_mb value: "{{ ansible_swaptotal_mb }}" - - option: gw_active - value: "{{ gw_active }}" - - option: internet_available - value: "{{ internet_available }}" - option: rpi_model value: "{{ rpi_model }}" - option: devicetree_model diff --git a/roles/0-init/tasks/network.yml b/roles/0-init/tasks/network.yml index c0d52ba68..91ed10998 100644 --- a/roles/0-init/tasks/network.yml +++ b/roles/0-init/tasks/network.yml @@ -1,46 +1,3 @@ -- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here... - debug: - var: ansible_default_ipv4 - -- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" - set_fact: - discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" - when: ansible_default_ipv4.gateway is defined - -- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" - shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l - register: gw_active_test - when: discovered_wan_iface != "none" - -- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" - set_fact: - iiab_wan_iface: "{{ discovered_wan_iface }}" - gw_active: True - when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" - - -- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' - get_url: - url: "{{ iiab_download_url }}/heart-beat.txt" - dest: /tmp/heart-beat.txt - #timeout: "{{ download_timeout }}" - # @jvonau recommends: 100sec is too much (keep 10sec default) - ignore_errors: True - #async: 10 - #poll: 2 - register: internet_access_test - -- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network" - set_fact: - internet_available: True # Initialized to 'False' in 0-init/defaults/main.yml - when: not internet_access_test.failed and not disregard_network - -- name: Remove downloaded Internet test file /tmp/heart-beat.txt - file: - path: /tmp/heart-beat.txt - state: absent - - - name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" set_fact: iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index b5f55e78e..0dfd32ee0 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -71,7 +71,10 @@ # when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed -- name: Recording STAGE 1 HAS COMPLETED ============================ +- name: Install {{ iiab_env_file }} from template -- FYI this file can be run as a script if absolutely nec -- e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT' template: src: roles/1-prep/templates/iiab.env.j2 - dest: "{{ iiab_env_file }}" # Can also be run as a script if absolutely nec, e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT' + dest: "{{ iiab_env_file }}" + +- name: Recording STAGE 1 HAS COMPLETED ============================ + meta: noop diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 8fb1226d6..6938f4a43 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -27,6 +27,10 @@ # hostapd_enabled: True # Above set in /opt/iiab/iiab/vars/default_vars.yml +# 2022-06-29: Legacy vars no longer used by roles/0-init +gw_active: False # 2021-07-30: Not used propgrammatically +discovered_wan_iface: none # 2021-07-30: Very broadly used! + hostapd_wait: 10 host_wireless_n: False driver_name: nl80211 diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 531eb4f65..5b3539e52 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,3 +1,47 @@ +- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here... + debug: + var: ansible_default_ipv4 + +- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" + set_fact: + discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: ansible_default_ipv4.gateway is defined + +- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" + shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l + register: gw_active_test + when: discovered_wan_iface != "none" + +- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" + set_fact: + iiab_wan_iface: "{{ discovered_wan_iface }}" + gw_active: True + when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" + + +# Similar to roles/www_options/tasks/main.yml prereq for iiab-refresh-wiki-docs +- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' + get_url: + url: "{{ iiab_download_url }}/heart-beat.txt" + dest: /tmp/heart-beat.txt + #timeout: "{{ download_timeout }}" + # @jvonau recommends: 100sec is too much (keep 10sec default) + ignore_errors: True + #async: 10 + #poll: 2 + register: internet_access_test + +- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network" + set_fact: + internet_available: True # Initialized to 'False' in 0-init/defaults/main.yml + when: not internet_access_test.failed and not disregard_network + +- name: Remove downloaded Internet test file /tmp/heart-beat.txt + file: + path: /tmp/heart-beat.txt + state: absent + + # so this works - name: Interface count shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} | wc | awk '{print $1}' @@ -239,6 +283,10 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: + - option: gw_active + value: "{{ gw_active }}" + - option: internet_available + value: "{{ internet_available }}" - option: has_ifcfg_gw value: "{{ has_ifcfg_gw }}" - option: prior_gateway_device diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index eaec8af82..9c4e4ef7d 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -3,7 +3,7 @@ url: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.0.4/phpMyAdmin-5.0.4-all-languages.zip dest: "{{ downloads_dir }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" - when: internet_available + #when: internet_available - name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist? stat: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 90f5cc6b6..6c7362e49 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -154,9 +154,26 @@ when: not apache_allow_sudo +# internet_available var moved to roles/network/tasks/detected_network.yml +- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' + get_url: + url: "{{ iiab_download_url }}/heart-beat.txt" + dest: /tmp/heart-beat.txt + #timeout: "{{ download_timeout }}" + # @jvonau recommends: 100sec is too much (keep 10sec default) + ignore_errors: True + #async: 10 + #poll: 2 + register: internet_access_test + +- name: Remove downloaded Internet test file /tmp/heart-beat.txt + file: + path: /tmp/heart-beat.txt + state: absent + - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml) command: /usr/bin/iiab-refresh-wiki-docs - when: internet_available and not nodocs + when: not internet_access_test.failed and not nodocs - name: (Re)Start '{{ apache_service }}' systemd service, if installed & enabled From 8eed8854b5e86fd6706e237bbee5c38f7ece5bec Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 20:01:03 -0400 Subject: [PATCH 161/344] vnStat is basically never used (but patch it for divine reasons) --- roles/network/tasks/detected_network.yml | 3 ++- roles/vnstat/tasks/install.yml | 20 ++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 5b3539e52..f9c239b10 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,3 +1,4 @@ +# Similar code block in roles/vnstat/tasks/install.yml - name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here... debug: var: ansible_default_ipv4 @@ -14,7 +15,7 @@ - name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" set_fact: - iiab_wan_iface: "{{ discovered_wan_iface }}" + iiab_wan_iface: "{{ discovered_wan_iface }}" # Same as code on Line 70 ! gw_active: True when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index d015385bf..6ffb9e8d5 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,3 +1,20 @@ +# Similar code block in roles/network/tasks/detected_network.yml +- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" + set_fact: + discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: ansible_default_ipv4.gateway is defined + +- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" + shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l + register: gw_active_test + when: discovered_wan_iface != "none" + +- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" + set_fact: + iiab_wan_iface: "{{ discovered_wan_iface }}" + when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" + + - name: Install 'vnstat' package package: name: vnstat @@ -7,10 +24,9 @@ template: src: vnstat.conf.j2 dest: /etc/vnstat.conf - # owner: root - # group: root mode: '0744' + - name: Create database for WAN to collect vnStat data shell: /usr/bin/vnstat -i {{ iiab_wan_iface }} From f0ea82c1b63598e2944e989ac14cc9d617d7705a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jun 2022 20:32:17 -0400 Subject: [PATCH 162/344] vnstat/tasks/install.yml: Clean up comment for PR #3272 --- roles/vnstat/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 6ffb9e8d5..94248c734 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -9,7 +9,7 @@ register: gw_active_test when: discovered_wan_iface != "none" -- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" +- name: "If gateway responded, set 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" set_fact: iiab_wan_iface: "{{ discovered_wan_iface }}" when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" From 86375892188ff65464535d43fa34759146e63c97 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jun 2022 22:25:01 -0500 Subject: [PATCH 163/344] Not required for normal operation --- roles/network/tasks/detected_network.yml | 39 ------------------------ 1 file changed, 39 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index f9c239b10..01ff42e18 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -8,41 +8,6 @@ discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" when: ansible_default_ipv4.gateway is defined -- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" - shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l - register: gw_active_test - when: discovered_wan_iface != "none" - -- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" - set_fact: - iiab_wan_iface: "{{ discovered_wan_iface }}" # Same as code on Line 70 ! - gw_active: True - when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" - - -# Similar to roles/www_options/tasks/main.yml prereq for iiab-refresh-wiki-docs -- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' - get_url: - url: "{{ iiab_download_url }}/heart-beat.txt" - dest: /tmp/heart-beat.txt - #timeout: "{{ download_timeout }}" - # @jvonau recommends: 100sec is too much (keep 10sec default) - ignore_errors: True - #async: 10 - #poll: 2 - register: internet_access_test - -- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network" - set_fact: - internet_available: True # Initialized to 'False' in 0-init/defaults/main.yml - when: not internet_access_test.failed and not disregard_network - -- name: Remove downloaded Internet test file /tmp/heart-beat.txt - file: - path: /tmp/heart-beat.txt - state: absent - - # so this works - name: Interface count shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} | wc | awk '{print $1}' @@ -284,10 +249,6 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: gw_active - value: "{{ gw_active }}" - - option: internet_available - value: "{{ internet_available }}" - option: has_ifcfg_gw value: "{{ has_ifcfg_gw }}" - option: prior_gateway_device From 4e717570e2bc723cc64a1b5e29b7362ff875cdbe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jun 2022 22:25:57 -0500 Subject: [PATCH 164/344] vnstat - just use ansible in install mode --- roles/vnstat/tasks/install.yml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 94248c734..f76554ae9 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,19 +1,9 @@ # Similar code block in roles/network/tasks/detected_network.yml -- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" +- name: "Setting iiab_wan_iface to {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" set_fact: - discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" + iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" when: ansible_default_ipv4.gateway is defined -- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" - shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l - register: gw_active_test - when: discovered_wan_iface != "none" - -- name: "If gateway responded, set 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" - set_fact: - iiab_wan_iface: "{{ discovered_wan_iface }}" - when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" - - name: Install 'vnstat' package package: From ebae3606465da6c0dbec5ffd22500a0f98c8cf2e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jun 2022 22:48:14 -0500 Subject: [PATCH 165/344] network - drop internet_available --- roles/network/defaults/main.yml | 6 ++---- roles/network/tasks/netplan.yml | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 6938f4a43..fd1fa4dcc 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -27,9 +27,6 @@ # hostapd_enabled: True # Above set in /opt/iiab/iiab/vars/default_vars.yml -# 2022-06-29: Legacy vars no longer used by roles/0-init -gw_active: False # 2021-07-30: Not used propgrammatically -discovered_wan_iface: none # 2021-07-30: Very broadly used! hostapd_wait: 10 host_wireless_n: False @@ -67,7 +64,8 @@ can_be_ap: False exclude_devices: none device_gw: none prior_gw_device: unset - +# 2022-06-29: Legacy vars no longer used by roles/0-init +discovered_wan_iface: none # 2021-07-30: Very broadly used! iiab_wan_iface: none iiab_lan_iface: none discovered_lan_iface: none diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 799af001d..136b1df09 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -64,7 +64,7 @@ url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher dest: /usr/bin/networkd-dispatcher timeout: "{{ download_timeout }}" - when: internet_available and fix_dispatcher and ansible_distribution_release == "groovy" + when: iiab_stage|int < 9 and fix_dispatcher and ansible_distribution_release == "groovy" # 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later # should have the fix baked into a newer apt package installed by default. From 490f64a27ac1a90209fe93c2ba82cae30ae09098 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jun 2022 23:31:10 -0500 Subject: [PATCH 166/344] remove disregard_network from default_vars --- vars/default_vars.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4e8b9f2bc..4440b9e58 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -97,9 +97,6 @@ js_menu_install: True # NETWORK role (/opt/iiab/iiab/roles/network). SEE ALSO: # https://github.com/iiab/iiab/blob/master/roles/network/defaults/main.yml -# The following variable may be useful in debugging: -disregard_network: False # Use cache, or error out if cache does not exist. - iiab_hostname: box iiab_domain: lan lan_ip: 172.18.96.1 From fb7aa6a9c3efa51fac0b9bc2004ac7e536f43da6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jun 2022 01:31:56 -0500 Subject: [PATCH 167/344] Update roles/vnstat/tasks/install.yml Co-authored-by: A Holt --- roles/vnstat/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index f76554ae9..84bec243c 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,5 +1,5 @@ # Similar code block in roles/network/tasks/detected_network.yml -- name: "Setting iiab_wan_iface to {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" +- name: "Setting iiab_wan_iface to '{{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" set_fact: iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" when: ansible_default_ipv4.gateway is defined From 46fad7936e3db81e05c8be9cc1d2874b9a9ca5ab Mon Sep 17 00:00:00 2001 From: root Date: Thu, 30 Jun 2022 10:29:08 -0400 Subject: [PATCH 168/344] netplan.yml: Mint networkd-dispatcher issue? groovy & internet_available removed --- roles/network/tasks/netplan.yml | 24 ++++++++++++++++-------- roles/www_options/tasks/main.yml | 2 +- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 136b1df09..43865d437 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -59,14 +59,22 @@ with_items: - "{{ netplan.stdout_lines }}" -- name: Replace networkd-dispatcher #2585 for "groovy" - get_url: - url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher - dest: /usr/bin/networkd-dispatcher - timeout: "{{ download_timeout }}" - when: iiab_stage|int < 9 and fix_dispatcher and ansible_distribution_release == "groovy" - # 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later - # should have the fix baked into a newer apt package installed by default. +# 2022-06-30: Ubuntu Groovy (20.10) is ancient history but this code might now +# help Linux Mint ? +# +# 2022-05-29: @jvonau wrote on #3106 "networkd-dispatcher has a traceback, +# I suspect the cause is the same as found #2645, need to confirm the package +# version installed with apt list networkd-dispatcher before suggesting the +# workaround be extended to LinuxMint" +# +# - name: Replace networkd-dispatcher #2585 for "groovy" +# get_url: +# url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher +# dest: /usr/bin/networkd-dispatcher +# timeout: "{{ download_timeout }}" +# when: iiab_stage|int < 9 and fix_dispatcher and ansible_distribution_release == "groovy" +# # 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later +# # should have the fix baked into a newer apt package installed by default. #- name: Supply netplan template # template: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 6c7362e49..445ee5e0e 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -154,7 +154,7 @@ when: not apache_allow_sudo -# internet_available var moved to roles/network/tasks/detected_network.yml +# 2022-06-30: internet_available var removed - name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' get_url: url: "{{ iiab_download_url }}/heart-beat.txt" From 8aef9d8fc87a83214ff2f059f2f465b3c96a6d8a Mon Sep 17 00:00:00 2001 From: root Date: Thu, 30 Jun 2022 11:10:13 -0400 Subject: [PATCH 169/344] Cleaner RasPiOS comments in 2-common, iiab-admin, jupyterhub, kalite, kolibri --- roles/2-common/tasks/network.yml | 10 +++++----- roles/2-common/tasks/packages.yml | 4 ++-- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- roles/jupyterhub/tasks/install.yml | 2 +- roles/kalite/tasks/install.yml | 2 +- roles/kolibri/templates/kolibri.service.j2 | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index c043a0bc3..57bea8434 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: Install package networkd-dispatcher (OS's other than RaspiOS) +- name: Install package networkd-dispatcher (OS's other than RasPiOS) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present @@ -19,16 +19,16 @@ - name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - - avahi-daemon # 97kB download: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml + - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml #- avahi-discover # 46kB download: 2021-07-27: Commented out long ago - hostapd # 764kB download: IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired #- inetutils-syslogd # 240kB download: 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros - - iproute2 # 902kB download: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools + - iproute2 # 902kB download: RasPiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools - iptables-persistent # 12kB download: Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it! - iw # 97kB download: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - - libnss-mdns # 27kB download: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi + - libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - netmask # 25kB download: Handy utility -- helps determine network masks - - net-tools # 248kB download: RaspiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? + - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index d731b25fc..889f9bd3f 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -16,12 +16,12 @@ #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles - mlocate # 92kB download - #- ntfs-3g # 379kB download: RaspiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 + #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics #- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc - #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 did not. + #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RasPiOS 10 did not. - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index fe7e8ae1b..23d0816ec 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -19,7 +19,7 @@ check_user_pwd() { # enough when user does not exist. Or uncomment to FORCE ERROR CODE 2. # Either way, overall bash script still returns exit code 0 ("success") - # sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RaspiOS ships w/ + # sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RasPiOS ships w/ # /etc/sudoers.d/010_pi-nopasswd containing "pi ALL=(ALL) NOPASSWD: ALL" # (read access to /etc/shadow is otherwise restricted to just root and # group www-data i.e. Apache, NGINX get special access). SEE: #2431, #2561 diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index ffb4aabcf..671e8a3ea 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -45,7 +45,7 @@ - jupyterhub-systemdspawner virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released. diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index c53230138..2d12f9d17 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -65,7 +65,7 @@ replace: 'a-zA-Z0-9\-' when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RaspiOS 11+ too? + # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 replace: diff --git a/roles/kolibri/templates/kolibri.service.j2 b/roles/kolibri/templates/kolibri.service.j2 index a886aa73e..21d7631b9 100644 --- a/roles/kolibri/templates/kolibri.service.j2 +++ b/roles/kolibri/templates/kolibri.service.j2 @@ -10,7 +10,7 @@ Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }} Environment=KOLIBRI_URL_PATH_PREFIX={{ kolibri_url_without_slash }} User={{ kolibri_user }} Group={{ apache_user }} -# 2020-10-03: Kolibri was timing out on RaspiOS & Ubuntu 20 NUC: iiab/iiab#2555 +# 2020-10-03: Kolibri was timing out on RasPiOS & Ubuntu 20 NUC: iiab/iiab#2555 TimeoutStartSec=1200 # The following is the systemd default, which is too much for most teachers in # low-electricity environments (30-60 sec is about all they can handle before From 7cd2c66fc8a83b8e60a731f956105999537eda85 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 24 Mar 2022 08:13:46 -0500 Subject: [PATCH 170/344] reorder and 'installed' --- roles/2-common/tasks/main.yml | 10 +++++-- roles/4-server-options/tasks/main.yml | 17 ----------- .../network.yml => network/tasks/install.yml} | 28 +++++++++++++++++-- roles/network/tasks/main.yml | 4 +++ 4 files changed, 37 insertions(+), 22 deletions(-) rename roles/{2-common/tasks/network.yml => network/tasks/install.yml} (86%) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 9ed8ff007..c6fb3f21c 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,8 +8,14 @@ - include_tasks: packages.yml -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: network.yml +- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf" + sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? + - { name: 'kernel.core_uses_pid', value: '1' } + #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - include_tasks: iiab-startup.yml diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 8ccf6b88b..9bed4e5e8 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -24,23 +24,6 @@ name: sshd when: sshd_install - -# UNMAINTAINED -- name: Install named / BIND - include_tasks: roles/network/tasks/named.yml - when: named_install is defined and named_install - -# UNMAINTAINED -- name: Install dhcpd - include_tasks: roles/network/tasks/dhcpd.yml - when: dhcpd_install is defined and dhcpd_install - -# LESS MAINTAINED -- name: Install Squid - include_tasks: roles/network/tasks/squid.yml - when: squid_install and squid_installed is undefined - - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/2-common/tasks/network.yml b/roles/network/tasks/install.yml similarity index 86% rename from roles/2-common/tasks/network.yml rename to roles/network/tasks/install.yml index 57bea8434..051e3fe84 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/network/tasks/install.yml @@ -52,10 +52,32 @@ - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE + +- name: "Set 'network_installed: True'" + set_fact: + network_installed: True + +- name: "Add 'network_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^network_installed' + line: 'network_installed: True' + +# UNMAINTAINED +- name: Install named / BIND + include_tasks: roles/network/tasks/named.yml + when: named_install is defined and named_install + +# UNMAINTAINED +- name: Install dhcpd + include_tasks: roles/network/tasks/dhcpd.yml + when: dhcpd_install is defined and dhcpd_install + +# LESS MAINTAINED +- name: Install Squid + include_tasks: roles/network/tasks/squid.yml + when: squid_install and squid_installed is undefined diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d849cebaf..d6806dea4 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,3 +1,7 @@ +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_installed is undefined + - name: Select RPi firmware mode include_role: name: firmware From 6219a24d8204b998bdd950e7ced1cff8bbccc48a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Mar 2022 20:19:33 -0500 Subject: [PATCH 171/344] group dnsmasq within network and always preinstall --- roles/1-prep/tasks/main.yml | 7 +++---- roles/network/tasks/install.yml | 3 +++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0dfd32ee0..0e8aa4e5c 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,6 +3,9 @@ - name: ...IS BEGINNING ============================================ meta: noop +- name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/install.yml + - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: name: sshd @@ -32,10 +35,6 @@ - iiab-summary - iiab-apps-to-be-installed -- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/dnsmasq.yml - #when: dnsmasq_install # Flag might be used in future? - - include_tasks: uuid.yml - include_tasks: ubermix.yml diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 051e3fe84..cdfbf2b8d 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,5 +1,8 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. +- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/dnsmasq.yml + - name: Install package networkd-dispatcher (OS's other than RasPiOS) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes From 85dfee3b087d54000845cd54079cc0002e87e4e7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 7 Apr 2022 06:14:58 -0500 Subject: [PATCH 172/344] fully opt out --- iiab-stages.yml | 1 + roles/0-init/tasks/validate_vars.yml | 3 ++- roles/1-prep/tasks/main.yml | 1 + vars/default_vars.yml | 2 ++ 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/iiab-stages.yml b/iiab-stages.yml index 32a6ca751..5f15ffbb8 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -63,3 +63,4 @@ - name: Network include_role: name: network + when: network_installed is defined and network_enabled diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f29525daf..f2f6cf8e0 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -122,6 +122,7 @@ - calibreweb - calibre - pbx + - network - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined assert: diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0e8aa4e5c..c522e82fb 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -5,6 +5,7 @@ - name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/install.yml + when: network_install - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4440b9e58..7023aa718 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -92,6 +92,8 @@ js_menu_install: True # IIAB Networking README: https://github.com/iiab/iiab/tree/master/roles/network # IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking # Read it offline too: http://box/info > "IIAB Networking" +network_install: True +network_enabled: True # NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 100 LINES, as enabled by Ansible's # NETWORK role (/opt/iiab/iiab/roles/network). SEE ALSO: From 57a9fa85f99b3befca7a61c3d59a1e63354d3c5a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 5 May 2022 22:52:48 -0500 Subject: [PATCH 173/344] use block in the role for enable --- iiab-stages.yml | 1 - roles/network/tasks/main.yml | 126 ++++++++++++++++++----------------- 2 files changed, 65 insertions(+), 62 deletions(-) diff --git a/iiab-stages.yml b/iiab-stages.yml index 5f15ffbb8..32a6ca751 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -63,4 +63,3 @@ - name: Network include_role: name: network - when: network_installed is defined and network_enabled diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d6806dea4..a1d34eac7 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,83 +1,87 @@ - name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) include_tasks: install.yml - when: network_installed is undefined + when: network_install and network_installed is undefined - name: Select RPi firmware mode include_role: name: firmware when: rpi_model != "none" -- name: detected_network - include_tasks: detected_network.yml +- name: Configuring Network if enabled + block: + - name: detected_network + include_tasks: detected_network.yml -#- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" -- name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" - set_fact: - no_net_restart: True # 2020-09-12: - # 0-init/defaults/main.yml - default boolean value of False - # network/tasks/main.yml - changes flag based on conditional present - # Var is currently used in 9 subsequent files, to suppress restarting of - # hostapd, dnsmasq and/or other networking service in computed_services.yml, - # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, - # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml - when: has_wifi_gateway is defined + #- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" + - name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" + set_fact: + no_net_restart: True # 2020-09-12: + # 0-init/defaults/main.yml - default boolean value of False + # network/tasks/main.yml - changes flag based on conditional present + # Var is currently used in 9 subsequent files, to suppress restarting of + # hostapd, dnsmasq and/or other networking service in computed_services.yml, + # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, + # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml + when: has_wifi_gateway is defined -- name: computed_network - include_tasks: computed_network.yml + - name: computed_network + include_tasks: computed_network.yml -# - name: Configure wondershaper -# include_tasks: wondershaper.yml -# when: wondershaper_install or wondershaper_installed is defined + # - name: Configure wondershaper + # include_tasks: wondershaper.yml + # when: wondershaper_install or wondershaper_installed is defined -- name: (Re)Install named - include_tasks: named.yml - when: named_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install named + include_tasks: named.yml + when: named_install and FQDN_changed and iiab_stage|int == 9 -- name: (Re)Install dhcpd - include_tasks: dhcpd.yml - when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install dhcpd + include_tasks: dhcpd.yml + when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 -- name: (Re)Install Squid - include_tasks: squid.yml - when: squid_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install Squid + include_tasks: squid.yml + when: squid_install and FQDN_changed and iiab_stage|int == 9 -#preprep for backends -- name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 + #preprep for backends + - name: Netplan in use on Ubuntu 18.04+ + include_tasks: netplan.yml + when: is_ubuntu and not is_ubuntu_16 -#### Start services -- name: avahi - include_tasks: avahi.yml -- name: hostapd - include_tasks: hostapd.yml -- name: computed_services - include_tasks: computed_services.yml -- name: enable_services - include_tasks: enable_services.yml -#### End services + #### Start services + - name: avahi + include_tasks: avahi.yml + - name: hostapd + include_tasks: hostapd.yml + - name: computed_services + include_tasks: computed_services.yml + - name: enable_services + include_tasks: enable_services.yml + #### End services -#### Start network layout -#- name: Redhat networking -# include_tasks: ifcfg_mods.yml -# when: is_redhat + #### Start network layout + #- name: Redhat networking + # include_tasks: ifcfg_mods.yml + # when: is_redhat -- name: NetworkManager in use - include_tasks: NM-debian.yml - when: is_debuntu and network_manager_active + - name: NetworkManager in use + include_tasks: NM-debian.yml + when: is_debuntu and network_manager_active -- name: systemd-networkd in use - include_tasks: sysd-netd-debian.yml - when: is_debuntu and systemd_networkd_active + - name: systemd-networkd in use + include_tasks: sysd-netd-debian.yml + when: is_debuntu and systemd_networkd_active -- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active - include_tasks: rpi_debian.yml - when: is_raspbian + - name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active + include_tasks: rpi_debian.yml + when: is_raspbian -- name: Not RPi, Not NetworkManager, Not systemd-networkd in use - include_tasks: debian.yml - when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 -#### end network layout + - name: Not RPi, Not NetworkManager, Not systemd-networkd in use + include_tasks: debian.yml + when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 + #### end network layout -- name: Restart services - include_tasks: restart.yml + - name: Restart services + include_tasks: restart.yml + # end block + when: network_installed is defined and network_enabled From 94d80f7ac44a4ddbd24e6dbec25787a27f15a400 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 20 May 2022 11:25:01 -0500 Subject: [PATCH 174/344] always detect and report - record enabled --- roles/network/tasks/computed_network.yml | 2 ++ roles/network/tasks/main.yml | 36 ++++++++++++------------ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index efe764642..8c7ac5515 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -172,3 +172,5 @@ value: "{{ iiab_lan_iface }}" - option: iiab_network_mode value: "{{ iiab_network_mode }}" + - option: network_enabled + value: "{{ network_enabled }}" diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a1d34eac7..a4808b47e 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -7,26 +7,26 @@ name: firmware when: rpi_model != "none" +- name: detected_network + include_tasks: detected_network.yml + +#- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" +- name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" + set_fact: + no_net_restart: True # 2020-09-12: + # 0-init/defaults/main.yml - default boolean value of False + # network/tasks/main.yml - changes flag based on conditional present + # Var is currently used in 9 subsequent files, to suppress restarting of + # hostapd, dnsmasq and/or other networking service in computed_services.yml, + # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, + # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml + when: has_wifi_gateway is defined + +- name: computed_network + include_tasks: computed_network.yml + - name: Configuring Network if enabled block: - - name: detected_network - include_tasks: detected_network.yml - - #- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" - - name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" - set_fact: - no_net_restart: True # 2020-09-12: - # 0-init/defaults/main.yml - default boolean value of False - # network/tasks/main.yml - changes flag based on conditional present - # Var is currently used in 9 subsequent files, to suppress restarting of - # hostapd, dnsmasq and/or other networking service in computed_services.yml, - # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, - # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml - when: has_wifi_gateway is defined - - - name: computed_network - include_tasks: computed_network.yml - # - name: Configure wondershaper # include_tasks: wondershaper.yml # when: wondershaper_install or wondershaper_installed is defined From 5196b4dff983bf4a4fecc5460996b44ca40fa7b9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 20 May 2022 13:13:11 -0500 Subject: [PATCH 175/344] tools needed after detection --- roles/network/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a4808b47e..86a07413b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,7 +1,3 @@ -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: install.yml - when: network_install and network_installed is undefined - - name: Select RPi firmware mode include_role: name: firmware @@ -25,6 +21,10 @@ - name: computed_network include_tasks: computed_network.yml +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_install and network_installed is undefined + - name: Configuring Network if enabled block: # - name: Configure wondershaper From 59cd7ecc13bd51f25c3943e198c90e23bb1f00aa Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 25 Mar 2022 00:08:40 -0500 Subject: [PATCH 176/344] Correct discription of network.yml to hostname.yml --- roles/0-init/tasks/hostname.yml | 24 ++++++++++++++---------- roles/0-init/tasks/main.yml | 5 ++--- roles/0-init/tasks/network.yml | 31 ------------------------------- 3 files changed, 16 insertions(+), 44 deletions(-) delete mode 100644 roles/0-init/tasks/network.yml diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 3d323b3cc..427380929 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -1,3 +1,8 @@ +- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" + set_fact: + iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" + FQDN_changed: False + - name: Does /etc/cloud/cloud.cfg exist e.g. is this Ubuntu Server 18+ ? stat: path: /etc/cloud/cloud.cfg @@ -17,16 +22,7 @@ # 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904) # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" -#- name: Install /etc/sysconfig/network from template (redhat) -# template: -# src: roles/network/templates/network/sysconfig.network.j2 -# dest: /etc/sysconfig/network -# owner: root -# group: root -# mode: 0644 -# when: is_redhat - -# roles/network/tasks/hosts.yml [no longer in use] ALSO did this: +# should the first entry match just hostname and domain move to after localhost? - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' lineinfile: path: /etc/hosts @@ -36,6 +32,14 @@ #group: root #mode: 0644 +# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is +# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it +# should be reconsidered? See PR #2876: roles/network might become optional? +- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" + set_fact: + FQDN_changed: True + when: iiab_fqdn != ansible_fqdn + #- name: Re-configuring httpd - not initial install # include_tasks: roles/httpd/tasks/main.yml # when: iiab_stage|int > 3 diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index b7d128124..1fd2c525f 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -51,9 +51,8 @@ - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml -- name: Set new hostname/domain (hostname.yml) if nec - include_tasks: network.yml - +- name: Set hostname / domain (etc) in various places + include_tasks: hostname.yml - name: Add 'runtime' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/0-init/tasks/network.yml b/roles/0-init/tasks/network.yml deleted file mode 100644 index 91ed10998..000000000 --- a/roles/0-init/tasks/network.yml +++ /dev/null @@ -1,31 +0,0 @@ -- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" - set_fact: - iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" - FQDN_changed: False - -- name: Set hostname / domain (etc) in various places -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }}) - include_tasks: hostname.yml - when: iiab_fqdn != ansible_fqdn - -# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is -# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it -# should be reconsidered? See PR #2876: roles/network might become optional? -- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" - set_fact: - FQDN_changed: True - when: iiab_fqdn != ansible_fqdn - - -# 2021-08-17: (1) iiab-gen-iptables works better if gui_port is set directly in -# default_vars.yml and/or local_vars.yml (2) Admin Console's iiab-admin.yml -# and js-menu.yml set 'adm_cons_force_ssl: False' - -# - name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl" -# set_fact: -# gui_port: 80 -# when: not adm_cons_force_ssl - -# - name: "Set 'gui_port: 443' for Admin Console if adm_cons_force_ssl" -# set_fact: -# gui_port: 443 -# when: adm_cons_force_ssl From 11f451da1af99b6eb8f47a808c9a6be8606fb381 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jun 2022 12:21:33 -0500 Subject: [PATCH 177/344] visual feedback --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index cdfbf2b8d..06e4cf31d 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -47,7 +47,7 @@ # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: -- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" +- name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot name: "{{ item.name }}" value: "{{ item.value }}" From ca3f852748a30818789d6d6966bd8a8708a19638 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 30 Jun 2022 17:00:16 -0400 Subject: [PATCH 178/344] mediawiki/defaults/main.yml: Version 1.38.2 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index b6c008387..ca21a0ad4 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 1 +mediawiki_minor_version: 2 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 5faa5d0ca037921fe69246e31e98714627f7aa4d Mon Sep 17 00:00:00 2001 From: George Hunt Date: Fri, 1 Jul 2022 16:21:31 +0100 Subject: [PATCH 179/344] make local network mask correct for 256 --- roles/cups/templates/cups.conf.j2 | 2 +- roles/network/templates/network/bridge-br0 | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/cups/templates/cups.conf.j2 b/roles/cups/templates/cups.conf.j2 index abec5152d..a481aa0b1 100644 --- a/roles/cups/templates/cups.conf.j2 +++ b/roles/cups/templates/cups.conf.j2 @@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex return 301 http://localhost:631; } - return 301 http://$host:631; # For 192.168.0.x, 172.18.96.1, 10.8.0.y ETC + return 301 http://$host:631; # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC } diff --git a/roles/network/templates/network/bridge-br0 b/roles/network/templates/network/bridge-br0 index 8aaa27968..59d85db73 100644 --- a/roles/network/templates/network/bridge-br0 +++ b/roles/network/templates/network/bridge-br0 @@ -6,7 +6,11 @@ interface-name=br0 permissions= [ipv4] +{% if network_172 %} address1={{ lan_ip }}/19 +{% else %} +address1={{ lan_ip }}/24 +{% endif %} dns-search={{ iiab_domain }} method=manual From f1fbd524d984acc52e423d41133610268bdf22b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Jul 2022 17:51:04 -0400 Subject: [PATCH 180/344] phpmyadmin: Remove stale comment, cleaner spacing --- roles/phpmyadmin/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index 9c4e4ef7d..345927a04 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -3,7 +3,6 @@ url: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.0.4/phpMyAdmin-5.0.4-all-languages.zip dest: "{{ downloads_dir }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" - #when: internet_available - name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist? stat: @@ -46,6 +45,7 @@ # # recurse: yes # # state: directory + # RECORD phpMyAdmin AS INSTALLED - name: "Set 'phpmyadmin_installed: True'" From 843f14a849eefa0d618528a913ae87b34fdd367a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Jul 2022 20:05:48 -0400 Subject: [PATCH 181/344] scripts/iiab-summary: Clarify when PR's are auto-pulled --- scripts/iiab-summary | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 79588036e..a77aebf83 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -31,6 +31,7 @@ echo -e " \e[1m\"$COMMIT_MSG1\"\e[0m" echo " $REMOTE_URL1 branch: $BRANCH1" if [ -f /etc/iiab/pr-list-pulled ]; then echo + echo "/etc/iiab/pr-list-pulled is:" cat /etc/iiab/pr-list-pulled fi echo From 4cd135f19868da65b6fa42e17932d01bf223ef66 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Jul 2022 20:09:30 -0400 Subject: [PATCH 182/344] iiab-summary: Tighten up /etc/iiab/pr-list-pulled context/wording --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index a77aebf83..4e7a5cb1e 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -31,7 +31,7 @@ echo -e " \e[1m\"$COMMIT_MSG1\"\e[0m" echo " $REMOTE_URL1 branch: $BRANCH1" if [ -f /etc/iiab/pr-list-pulled ]; then echo - echo "/etc/iiab/pr-list-pulled is:" + echo "/etc/iiab/pr-list-pulled:" cat /etc/iiab/pr-list-pulled fi echo From d7d7270e21daa6a9b6b026b7ea3c47b50c4fed1b Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 2 Jul 2022 04:23:22 +0100 Subject: [PATCH 183/344] missed two changes to mask from 224 to 255 --- roles/network/templates/network/dhcpcd.conf.j2 | 4 ++++ roles/network/templates/network/systemd-br0-network.j2 | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/roles/network/templates/network/dhcpcd.conf.j2 b/roles/network/templates/network/dhcpcd.conf.j2 index b44eb297d..cebff6e51 100644 --- a/roles/network/templates/network/dhcpcd.conf.j2 +++ b/roles/network/templates/network/dhcpcd.conf.j2 @@ -58,7 +58,11 @@ denyinterfaces {{ iiab_wired_lan_iface }} {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %} interface {{ iiab_lan_iface }} +{% if network_172 %} static ip_address={{ lan_ip }}/19 +{% else %} +static ip_address={{ lan_ip }}/24 +{% endif %} static domain_name_servers=127.0.0.1 {% endif %} diff --git a/roles/network/templates/network/systemd-br0-network.j2 b/roles/network/templates/network/systemd-br0-network.j2 index 619196b8b..07c5a1246 100644 --- a/roles/network/templates/network/systemd-br0-network.j2 +++ b/roles/network/templates/network/systemd-br0-network.j2 @@ -3,7 +3,11 @@ Name=br0 [Network] +{% if network_172 %} Address={{ lan_ip }}/19 +{% else %} +Address={{ lan_ip }}/24 +{% endif %} LinkLocalAddressing=no ConfigureWithoutCarrier=yes RequiredForOnline=degraded-carrier From bfb9328da173aedc9e28a1b9309176629c76a624 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 2 Jul 2022 20:17:47 -0400 Subject: [PATCH 184/344] iiab-summary: Path for iiab-apps-to-be-installed (so it works early on) --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 4e7a5cb1e..40f423584 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -62,7 +62,7 @@ fi # landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p #fi echo -echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(iiab-apps-to-be-installed | wc -l)" +echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(/opt/iiab/iiab/scripts/iiab-apps-to-be-installed | wc -l)" echo echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net grep "^openvpn_enabled:" /etc/iiab/local_vars.yml From 98cbca6278bc87a46af788a2a4d9e984b5550a19 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 3 Jul 2022 15:25:31 -0400 Subject: [PATCH 185/344] iiab-apps-to-be-installed: rm tmp file (so diff users can later run this cleanly) --- scripts/iiab-apps-to-be-installed | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-apps-to-be-installed b/scripts/iiab-apps-to-be-installed index 68d0295c1..394087d22 100755 --- a/scripts/iiab-apps-to-be-installed +++ b/scripts/iiab-apps-to-be-installed @@ -30,3 +30,5 @@ while read app; do echo $app fi done < /tmp/iiab-apps-list + +rm /tmp/iiab-apps-list # So a non-root user can later run this cleanly! From b56e4d5079e30e419b76e68f095d9e61995804e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Jul 2022 10:53:06 -0400 Subject: [PATCH 186/344] iiab-apps-to-be-installed: double brackets (safer for string compare) --- scripts/iiab-apps-to-be-installed | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-apps-to-be-installed b/scripts/iiab-apps-to-be-installed index 394087d22..e44baee93 100755 --- a/scripts/iiab-apps-to-be-installed +++ b/scripts/iiab-apps-to-be-installed @@ -18,9 +18,9 @@ iiab_var_value() { grep -hro '[A-Za-z_][A-Za-z_]*_installed: True' --exclude-dir=0-DEPRECATED-ROLES /opt/iiab/iiab/roles | sed 's/_installed: True$//' | sort | uniq > /tmp/iiab-apps-list while read app; do - if [ $app == "calibre-web" ]; then + if [[ $app == "calibre-web" ]]; then app=calibreweb - elif [ $app == "osm-vector-maps" ]; then + elif [[ $app == "osm-vector-maps" ]]; then app=osm_vector_maps fi From 9f13454e8331843516d9f34be463a798d7f67611 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 5 Jul 2022 12:05:17 -0400 Subject: [PATCH 187/344] Change download URL's & others to TLS/SSL --- README.md | 2 +- iiab-install | 2 +- roles/1-prep/tasks/hardware.yml | 2 +- roles/azuracast/README.rst | 6 +++--- roles/calibre/defaults/main.yml | 4 ++-- roles/captiveportal/README.md | 2 +- roles/cups/README.md | 2 +- roles/firmware/tasks/download.yml | 14 +++++++------- roles/iiab-admin/README.rst | 10 +++++----- roles/iiab-admin/tasks/main.yml | 2 +- roles/internetarchive/README.md | 4 ++-- roles/jupyterhub/README.md | 2 +- roles/kiwix/defaults/main.yml | 6 +++--- roles/kiwix/tasks/install.yml | 2 +- roles/lokole/README.rst | 6 +++--- roles/minetest/README.rst | 2 +- roles/mongodb/tasks/install.yml | 14 +++++++------- roles/monit/templates/monitrc.unused | 2 +- roles/mosquitto/README.rst | 2 +- roles/network/README.rst | 2 +- roles/nextcloud/README.md | 2 +- roles/nextcloud/defaults/main.yml | 2 +- roles/nginx/README.md | 2 +- roles/osm-vector-maps/defaults/main.yml | 6 +++--- roles/osm-vector-maps/tasks/install.yml | 2 +- roles/pbx/README.adoc | 6 +++--- roles/pbx/defaults/main.yml | 4 ++-- roles/pbx/tasks/chan_dongle.yml | 2 +- roles/pbx/tasks/freepbx.yml | 2 +- roles/samba/README.rst | 2 +- roles/samba/templates/smb.conf.j2 | 4 ++-- roles/sugarizer/tasks/install.yml | 4 ++-- roles/transmission/README.rst | 8 ++++---- roles/transmission/defaults/main.yml | 2 +- roles/transmission/tasks/enable-or-disable.yml | 2 +- roles/www_base/files/html/html/credits.html | 8 ++++---- roles/www_base/tasks/php-stem.yml | 14 +++++++------- scripts/ansible | 4 ++-- vars/default_vars.yml | 8 ++++---- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- vars/raspbian-10.yml | 4 ++-- vars/raspbian-11.yml | 4 ++-- vars/raspbian-9.yml | 2 +- 46 files changed, 99 insertions(+), 99 deletions(-) diff --git a/README.md b/README.md index 92b7d9d3d..64b577547 100644 --- a/README.md +++ b/README.md @@ -54,4 +54,4 @@ Install our latest pre-release using the 1-line installer at: [**download.iiab.i You can also consider earlier official releases at: [github.com/iiab/iiab/releases](https://github.com/iiab/iiab/releases) -For much older versions, see: [github.com/xsce](http://github.com/xsce), [schoolserver.org](http://schoolserver.org) +For much older versions, see: [github.com/xsce](https://github.com/xsce), [schoolserver.org](http://schoolserver.org) diff --git a/iiab-install b/iiab-install index f3f0bc830..b678e7df6 100755 --- a/iiab-install +++ b/iiab-install @@ -168,7 +168,7 @@ if [ -f /etc/iiab/iiab.env ]; then elif [ "$STAGE" -eq 9 ]; then echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done.\e[0m" usage - exit 0 # Allows rerunning http://download.iiab.io/install.txt + exit 0 # Allows rerunning https://download.iiab.io/install.txt fi fi if [ "$STAGE" -lt 2 ] && $($DEBUG); then diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 4c50c0d8a..89efd2453 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -14,7 +14,7 @@ - name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 get_url: - url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # http://download.iiab.io/packages + url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages dest: /lib/firmware timeout: "{{ download_timeout }}" when: usb_NUC6.stdout|int > 0 diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 420bfb92d..fca21ce96 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -1,6 +1,6 @@ -========== +================ AzuraCast README -========== +================ This playbook adds `AzuraCast `_ to Internet-in-a-Box (IIAB) for network radio station functionality. With 'AzuraCast' you and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported. @@ -11,7 +11,7 @@ As of 2019-08-04, this will only run on Ubuntu 18.04, and tentatively on Debian Using It -------- -* Do a normal IIAB install (http://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. +* Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. * When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:10080 * This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! diff --git a/roles/calibre/defaults/main.yml b/roles/calibre/defaults/main.yml index b41475e23..0f3643735 100644 --- a/roles/calibre/defaults/main.yml +++ b/roles/calibre/defaults/main.yml @@ -34,11 +34,11 @@ calibre_userdb: "{{ calibre_dbpath }}/users.sqlite" # calibre-server --manage-users --userdb /library/calibre/users.sqlite calibre_sample_book: "Metamorphosis-jackson.epub" -# Must be downloadable from http://download.iiab.io/packages +# Must be downloadable from https://download.iiab.io/packages calibre_src_url: "https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py" -calibre_deb_url: "{{ iiab_download_url }}" # http://download.iiab.io/packages +calibre_deb_url: "{{ iiab_download_url }}" # https://download.iiab.io/packages # Above URL must offer both .deb files below: (for scripts/calibre-install-pinned-rpi.sh to run) calibre_deb_pin_version: 3.33.1+dfsg-1 # for calibre_3.33.1+dfsg-1_all.deb (24M, 2018-10-21) calibre_bin_deb_pin_version: "{{ calibre_deb_pin_version }}" # for calibre-bin_3.33.1+dfsg-1_armhf.deb (706K, 2018-10-23) diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md index 11736aadd..ddacbe311 100644 --- a/roles/captiveportal/README.md +++ b/roles/captiveportal/README.md @@ -1,4 +1,4 @@ -_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](http://wiki.laptop.org/go/IIAB/FAQ#Captive_Portal_Administration:_What_tips_.26_tricks_exist.3F)_ +_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](https://wiki.iiab.io/go/FAQ#Captive_Portal_Administration:_What_tips_&_tricks_exist%3F)_ ## Theory of Operation diff --git a/roles/cups/README.md b/roles/cups/README.md index 493673715..6cf926c88 100644 --- a/roles/cups/README.md +++ b/roles/cups/README.md @@ -2,7 +2,7 @@ [CUPS](https://en.wikipedia.org/wiki/CUPS) (also known as the "Common UNIX Printing System") is the standards-based, open source printing system for Linux and macOS. -It allows your [Internet-in-a-Box (IIAB)](http://internet-in-a-box.org) to act as a print server. +It allows your [Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) to act as a print server. This can be useful if a printer is attached to your IIAB — so student/teacher print jobs from client computers and phones can be processed — and then sent to the appropriate printer. diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 6b5f83f8b..2c06ffbb6 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -15,13 +15,13 @@ dest: /lib/firmware/brcm/ timeout: "{{ download_timeout }}" with_items: - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 - - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi - - http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 + - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2021-11-30_minimal" # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin + - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal" # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 + - "{{ iiab_download_url }}/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi" # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob + - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1" # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - "{{ iiab_download_url }}/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi" + - "{{ iiab_download_url }}/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65" # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - "{{ iiab_download_url }}/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65" # RECORD firmware AS DOWNLOADED diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index 55def7bde..5017e4186 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -13,7 +13,7 @@ iiab-admin README ================= -`Internet-in-a-Box `_ (IIAB) encourages you to pay attention to the security of your learning community. +`Internet-in-a-Box `_ (IIAB) encourages you to pay attention to the security of your learning community. This Ansible playbook is one of the very first that runs when you install IIAB, and we hope reading this helps you understand your choices: @@ -21,11 +21,11 @@ Configure user 'iiab-admin' --------------------------- * `admin-user.yml `_ configures a Linux user that will give you access to IIAB's Admin Console (http://box.lan/admin) after IIAB is installed — and can also help you at the command-line with IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware, etc}. - * If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (http://download.iiab.io) or by your underlying OS, that too will be taken care of here. + * If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (https://download.iiab.io) or by your underlying OS, that too will be taken care of here. * By default this user is ``iiab-admin`` with password ``g0adm1n`` * *Do change the default password if you haven't yet, by running:* **sudo passwd iiab-admin** * After IIAB is installed, you can also change the password by logging into Admin Console (http://box.lan/admin) > Utilities > Change Password. -* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB!) +* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB!) * You can set ``iiab_admin_can_sudo: False`` if you want a strict security lockdown (if you're really sure you won't need IIAB community support commands like `/usr/bin/iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_, `/usr/bin/iiab-hotspot-on <../network/templates/network/iiab-hotspot-on>`_, `iiab-check-firmware <../firmware/templates/iiab-check-firmware>`_, etc!) * You can also set ``iiab_admin_user_install: False`` if you're sure you know how to do all this `account and sudo configuration `_ manually. @@ -36,14 +36,14 @@ Security #. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml `_) #. ``sudo`` * Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md -* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: http://wiki.laptop.org/go/IIAB/Security +* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security * Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d `_ (and `/etc/xdg/lxsession/LXDE-pi `_ when it exists, i.e. on Raspberry Pi OS with desktop). Example ======= * If you later change your mind about ``sudo`` privileges for user 'iiab-admin' (as specified by ``iiab_admin_user``) then do this: - #. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml `_ + #. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml `_ #. Make sure that ``iiab_admin_user_install: True`` is also set. #. Then re-run this Ansible playbook, by running ``cd /opt/iiab/iiab`` followed by ``sudo ./runrole --reinstall iiab-admin`` diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index f2a048e33..09a408aa4 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -23,7 +23,7 @@ # (1) by the OS installer # (2) by the OS's graphical desktop tools # (3) at the command-line: sudo passwd iiab-admin -# (4) by IIAB's 1-line installer: http://download.iiab.io +# (4) by IIAB's 1-line installer: https://download.iiab.io # (5) by this role: roles/iiab-admin/tasks/admin-user.yml # (6) by IIAB's Admin Console during installation # ...and/or... diff --git a/roles/internetarchive/README.md b/roles/internetarchive/README.md index 49d8d3f0f..bd32849c3 100644 --- a/roles/internetarchive/README.md +++ b/roles/internetarchive/README.md @@ -8,7 +8,7 @@ Access to our library of millions of books, journals, audio and video recordings This Ansible role installs the Internet Archive's dweb-mirror project on Internet-in-a-Box (IIAB). Use this to build up a dynamic offline library -arising from the materials you can explore at http://dweb.archive.org +arising from the materials you can explore at https://dweb.archive.org The Offline Internet Archive server: @@ -248,7 +248,7 @@ and just checks the content is up to date. ## Managing collections on Internet Archive -You can create and manage your own collections on the [Internet Archive site](http://www.archive.org). +You can create and manage your own collections on the [Internet Archive site](https://www.archive.org). Other people can then crawl those collections. First get in touch with Mitra Ardron at `mitra@archive.org`, as processes may have changed since this is written. diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index be6fc5719..583466e04 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -74,4 +74,4 @@ _WARNING: If on login users see "500 : Internal Server Error", you may need to r While PAWS is a little bit off topic, if you have an interest in Wikipedia, please do see this 23m 42s video ["Intro to PAWS/Jupyter notebooks for Python beginners"](https://www.youtube.com/watch?v=AUZkioRI-aA&list=PLeoTcBlDanyNQXBqI1rVXUqUTSSiuSIXN&index=8) by Chico Venancio, from 2021-06-01. -He explains PAWS as a "powerful Python execution environment http://paws.wmcloud.org [allowing] ordinary folks to write interactive scripts to work with Wikimedia content." +He explains PAWS as a "powerful Python execution environment https://paws.wmcloud.org = https://wikitech.wikimedia.org/wiki/PAWS [allowing] ordinary folks to write interactive scripts to work with Wikimedia content." diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 66f2de5c5..784e615e4 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -22,9 +22,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # 3 lines below specify which version(s) of kiwix-tools to download from... -# http://download.iiab.io/packages/ ...as originally obtained from... -# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... -# http://download.kiwix.org/nightly/ +# https://download.iiab.io/packages/ ...as originally obtained from... +# https://download.kiwix.org/release/kiwix-tools/ ...or sometimes... +# https://download.kiwix.org/nightly/ kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0 kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0 diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 52647ffe9..3a6c6dcba 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -34,7 +34,7 @@ - name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads get_url: - url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages + url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # https://download.iiab.io/packages dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" diff --git a/roles/lokole/README.rst b/roles/lokole/README.rst index 95da4397c..53add2239 100644 --- a/roles/lokole/README.rst +++ b/roles/lokole/README.rst @@ -17,9 +17,9 @@ For an up-to-date list of supported languages, refer to the `Lokole translations Using It -------- -If your IIAB was `installed `_ with the Lokole web app[*] it can be accessed at http://box/lokole +If your IIAB was `installed `_ with the Lokole web app[*] it can be accessed at http://box/lokole -[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml `_ contains ``lokole_install: True`` and ``lokole_enabled: True`` +[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml `_ contains ``lokole_install: True`` and ``lokole_enabled: True`` By default in an offline community, ``lokole_sim_type: LocalOnly`` is set (e.g. instead of ``lokole_sim_type: Ethernet``) and email addresses will look like: @@ -85,7 +85,7 @@ The Lokole software can be configured to access the Internet via USB modem, SIM If configured to work with a USB modem or other form of Internet connection, Lokole will sync with the cloud server (operated by `Ascoderu `_) on a nightly basis to deliver and receive emails globally. *However, arranging this is extremely complicated.* You would need a compatible form of connection and an Internet expert familiar with modem protocols, MX records, etc. Ask that person to read the `Lokole software README `_ in its entirety, to help you understand whether this is realistic for your organization. -Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us `_ if you have the capacity to help make such a social enterprise happen. +Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us `_ if you have the capacity to help make such a social enterprise happen. Troubleshooting --------------- diff --git a/roles/minetest/README.rst b/roles/minetest/README.rst index 38e04eef6..82dfaa397 100644 --- a/roles/minetest/README.rst +++ b/roles/minetest/README.rst @@ -23,7 +23,7 @@ No password is required. Configurable Parameters ----------------------- -If changes are necessary, please edit `/etc/iiab/local_vars.yml `_ (adding any variables that you need) prior to installation if possible: +If changes are necessary, please edit `/etc/iiab/local_vars.yml `_ (adding any variables that you need) prior to installation if possible: - ``minetest_install:`` set Minetest up to install; default is False - ``minetest_enabled:`` set Minetest up to be enabled; default is False diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 930bd6219..ea749db4b 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -10,7 +10,7 @@ # being used on Raspbian, all I found! (Raspbian's apt pkg is MongoDB 2.4.14) # # mongodb_stretch_3_0_14_core.zip (20M) & mongodb_stretch_3_0_14_tools.zip (15M) -# were backed up from andyfelong.com to http://download.iiab.io/packages/ +# were backed up from andyfelong.com to https://download.iiab.io/packages/ # # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) @@ -21,16 +21,16 @@ path: /tmp/mongodb-3.0.1x state: directory - - name: Download & unzip 20MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) + - name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) unarchive: remote_src: yes - src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # http://download.iiab.io/packages + src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages dest: /tmp/mongodb-3.0.1x - name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32) shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin - - name: Download & unzip 15MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) + - name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) unarchive: remote_src: yes src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" @@ -85,11 +85,11 @@ - name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} apt_repository: - # 2020-10-28 and 2022-06-09: http://repo.mongodb.org/apt/debian/dists/ + # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: - repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main - #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main + repo: deb https://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main + #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" diff --git a/roles/monit/templates/monitrc.unused b/roles/monit/templates/monitrc.unused index e66b3055c..a269d30d3 100644 --- a/roles/monit/templates/monitrc.unused +++ b/roles/monit/templates/monitrc.unused @@ -65,7 +65,7 @@ set daemon 300 # check services at 5-minute intervals # # ## Send status and events to M/Monit (for more informations about M/Monit -## see http://mmonit.com/). By default Monit registers credentials with +## see https://mmonit.com/). By default Monit registers credentials with ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't ## have to register Monit credentials manually in M/Monit. It is possible to ## disable credential registration using the commented out option below. diff --git a/roles/mosquitto/README.rst b/roles/mosquitto/README.rst index 098ff2831..7ccb29f97 100644 --- a/roles/mosquitto/README.rst +++ b/roles/mosquitto/README.rst @@ -9,7 +9,7 @@ Roughly follows this guide: https://www.digitalocean.com/community/tutorials/how Using It -------- -Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: +Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: mosquitto_install: True mosquitto_enabled: True diff --git a/roles/network/README.rst b/roles/network/README.rst index cbe01f450..3d0a3082f 100644 --- a/roles/network/README.rst +++ b/roles/network/README.rst @@ -2,7 +2,7 @@ Network README ============== -This is run by `Ansible `_ after it has installed the core (`Stages 0-to-9 `_) of `Internet-in-a-Box (IIAB) `_ and its apps/services. +This is run by `Ansible `_ after it has installed the core (`Stages 0-to-9 `_) of `Internet-in-a-Box (IIAB) `_ and its apps/services. Specifically, this 'network' role is run... diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 99cdc4b02..e36ee0219 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -1,6 +1,6 @@ # Nextcloud README -Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](http://internet-in-a-box.org). +Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](https://internet-in-a-box.org). This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017. diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 9fb31c593..1a0b1741d 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -14,7 +14,7 @@ # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # The following line can avoid that: (but might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest.tar.bz2 nextcloud_url: /nextcloud diff --git a/roles/nginx/README.md b/roles/nginx/README.md index e677c7ba2..dd2311a15 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -35,7 +35,7 @@ * usb_lib * wordpress - 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: + 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: * **NONE: Apache support is now fully REMOVED as of 2021-08-08** ([PR #2850](https://github.com/iiab/iiab/pull/2850)) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 984009c6e..7e2fd1a2d 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -15,8 +15,8 @@ maps_branch: master # Quotes not required #maps_branch: maps7.3 # 2022-04-30 -- Bluehost (timmoody.com) has become extremely slow! -#map_installer_url: http://timmoody.com/iiab-files/maps -map_installer_url: http://download.iiab.io/content/OSM/vector-tiles +#map_installer_url: https://timmoody.com/iiab-files/maps +map_installer_url: https://download.iiab.io/content/OSM/vector-tiles installer_planet: planet_z0-z6_2020.mbtiles installer_satellite: satellite_z0-z6_2020.mbtiles @@ -29,4 +29,4 @@ archive_org_url: https://archive.org/download # 2022-04-30 -- Unused, but URL illustrates legacy approach: -#iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden +#iiab_map_url: https://download.iiab.io/content/OSM/vector-tiles/maplist/hidden diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 65b261718..e441a6a41 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -79,7 +79,7 @@ - name: Download 48MB {{ map_installer_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer get_url: - url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. http://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles + url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. https://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/installer/" timeout: "{{ download_timeout }}" diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 36c0f6cbf..bef5c3924 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -28,7 +28,7 @@ https://en.wikipedia.org/wiki/FreePBX[FreePBX] is a web-based open source GUI (g == Install it -. As you begin installing Internet-in-a-Box (IIAB) from http://download.iiab.io[download.iiab.io], it will prompt you: +. As you begin installing Internet-in-a-Box (IIAB) from https://download.iiab.io[download.iiab.io], it will prompt you: + ---- Edit /etc/iiab/local_vars.yml to customize your Internet-in-a-Box? [Y/n] @@ -293,7 +293,7 @@ _If there's a bug or serious problem with IIAB, please do https://internet-in-a- + If not, the link:tasks/freepbx.yml#L175-L187[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` -. The link:tasks/freepbx.yml#L214-L221[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? +. The link:tasks/freepbx.yml#L214-L221[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? + See the output of `asterisk -rx "cdr show status"` as mentioned at https://github.com/iiab/iiab/pull/2938#issuecomment-898693126[#2938] and https://github.com/iiab/iiab/pull/2942[PR #2942]. @@ -318,7 +318,7 @@ In February 2019, this https://github.com/iiab/iiab/tree/master/roles/pbx[roles/ In August 2021 it was overhauled, with thanks to these 3 sources especially: * "Official" recipe: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9 -* Comprehensive & recent recipe for Raspberry Pi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html +* Comprehensive & recent recipe for Raspberry Pi: https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html * Popular but dated recipe: https://computingforgeeks.com/how-to-install-asterisk-16-with-freepbx-15-on-ubuntu-debian/ In May 2022, installation of FreePBX was made more resilient in https://github.com/iiab/iiab/pull/3229[PR #3229] thanks to: diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index d66575a83..1ef7b8125 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -21,11 +21,11 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -asterisk_url: http://downloads.asterisk.org/pub/telephony/asterisk +asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-19-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab -# freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 +# freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 diff --git a/roles/pbx/tasks/chan_dongle.yml b/roles/pbx/tasks/chan_dongle.yml index a9fbfcf25..b7b5c5691 100644 --- a/roles/pbx/tasks/chan_dongle.yml +++ b/roles/pbx/tasks/chan_dongle.yml @@ -1,4 +1,4 @@ -# RPi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html +# RPi: https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html - name: chan_dongle - Download {{ chan_dongle_url }}/{{ chan_dongle_src_file }} to {{ downloads_dir }} get_url: diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 1fa9c98cc..5480e7722 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -210,7 +210,7 @@ args: creates: /usr/local/lib/mariadb/libmaodbc.so -# http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html +# https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html - name: FreePBX - Install /etc/odbc.ini, /etc/odbcinst.ini from template (root:root, 0644 by default) template: src: "{{ item.src }}" diff --git a/roles/samba/README.rst b/roles/samba/README.rst index 2f65310d0..ff9296f4c 100644 --- a/roles/samba/README.rst +++ b/roles/samba/README.rst @@ -22,4 +22,4 @@ Security Please review the default `/etc/samba/smb.conf `_ file, and revise it appropriately. -Please also review your overall `IIAB Security `_. +Please also review your overall `IIAB Security `_. diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index acfc004a7..73151f095 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -4,10 +4,10 @@ # # The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step # guides for installing, configuring, and using Samba: -# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf +# https://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # The Samba-3 by Example guide has working examples for smb.conf. This guide is -# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf +# generated daily: https://www.samba.org/samba/docs/Samba-Guide.pdf # # In this file, lines starting with a semicolon (;) or a hash (#) are # comments and are ignored. This file uses hashes to denote commentary and diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 08fabac93..948c128b7 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -46,7 +46,7 @@ # 3. DOWNLOAD+LINK /opt/iiab/sugarizer-server -# 2018-07-11: http://download.iiab.io/packages/sugarizer-server-1.0.tar.gz +# 2018-07-11: https://download.iiab.io/packages/sugarizer-server-1.0.tar.gz # was flawed, as documented at: # https://github.com/iiab/iiab/pull/814#issuecomment-404211098 # Versions of MongoDB, npm (& Node.js ?) matter! Sugarizer 1.0 Context: @@ -159,7 +159,7 @@ # WITH FUTURE UPGRADES BEYOND SUGARIZER 1.1?! # # SOME BACKGROUND -- WHY WE'RE AUTO-EDITING sugarizer-server'S CONFIG FILES: -# http://github.com/iiab/iiab/pull/1430#issuecomment-459129378 +# https://github.com/iiab/iiab/pull/1430#issuecomment-459129378 # sugarizer_port is set to 8089 in /opt/iiab/iiab/vars/default_vars.yml # If you need to change this, edit /etc/iiab/local_vars.yml prior to installing diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 7cc3d2701..40f6e38fc 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -15,7 +15,7 @@ Transmission README Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form). All these incarnations feature a very simple and intuitive interface, on top on an efficient, cross-platform backend: https://transmissionbt.com -Transmission is intended to download KA Lite content to Internet-in-a-Box (IIAB) from places like http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. +Transmission is intended to download KA Lite content to Internet-in-a-Box (IIAB) from places like https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO @@ -28,7 +28,7 @@ Caveat emptor! (That's Latin for "Buyer Beware") Using It -------- -Install Transmission by setting 'transmission_install' and 'transmission_enabled' to True in `/etc/iiab/local_vars.yml `_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: +Install Transmission by setting 'transmission_install' and 'transmission_enabled' to True in `/etc/iiab/local_vars.yml `_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: cd /opt/iiab/iiab ./runrole transmission @@ -66,9 +66,9 @@ After saving your changes in 'settings.json', restart Transmission by running:: Adding Torrents --------------- -Transmission can facilitate provisioning content onto your IIAB, e.g. by adding thousands of KA Lite videos from places like: http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +Transmission can facilitate provisioning content onto your IIAB, e.g. by adding thousands of KA Lite videos from places like: https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ -Please read the lettered instructions (A, B, C, D) in `/etc/iiab/local_vars.yml `_ and 'KA Lite Administration: What tips & tricks exist?' at http://FAQ.IIAB.IO outlining how to use Transmission to download and then install KA Lite content. +Please read the lettered instructions (A, B, C, D) in `/etc/iiab/local_vars.yml `_ and 'KA Lite Administration: What tips & tricks exist?' at http://FAQ.IIAB.IO outlining how to use Transmission to download and then install KA Lite content. You can also download other torrents using Transmission's web interface, or by typing `transmission-remote `_ at the command-line:: diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 380ea6048..4cf3bcbfa 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -16,7 +16,7 @@ # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 -# Provision Transmission with torrent(s) from http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# Provision Transmission with torrent(s) from https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ # transmission_provision: True # transmission_kalite_version: 0.17 diff --git a/roles/transmission/tasks/enable-or-disable.yml b/roles/transmission/tasks/enable-or-disable.yml index 8804c5b17..c62a2edda 100644 --- a/roles/transmission/tasks/enable-or-disable.yml +++ b/roles/transmission/tasks/enable-or-disable.yml @@ -14,7 +14,7 @@ /usr/bin/transmission-remote --start-paused -n {{ transmission_username }}:{{ transmission_password }} - -a http://pantry.learningequality.org/downloads/ka-lite/{{ transmission_kalite_version }}/content/ka-lite-0.17-resized-videos-{{ item }}.torrent + -a https://pantry.learningequality.org/downloads/ka-lite/{{ transmission_kalite_version }}/content/ka-lite-0.17-resized-videos-{{ item }}.torrent with_items: "{{ transmission_kalite_languages }}" when: transmission_enabled and transmission_provision and transmission_kalite_languages is defined and transmission_kalite_languages is not none # '!= None' also works (i.e. to avoid var value 'null', with type 'NoneType') ignore_errors: yes diff --git a/roles/www_base/files/html/html/credits.html b/roles/www_base/files/html/html/credits.html index e6c428260..7bc53de49 100644 --- a/roles/www_base/files/html/html/credits.html +++ b/roles/www_base/files/html/html/credits.html @@ -23,9 +23,9 @@ All PhET Interactive Simulations content is available for free at phet.colorado.edu.
All MedLine content is available for free at medlineplus.gov.
All Hesperian content is available for free at hesperian.org.
- Arabic translations of Hesperian content were done by Arab Resource Collective and are available for free at mawared.org.
+ Arabic translations of Hesperian content were done by Arab Resource Collective and are available for free at mawared.org.
All Gutenberg content is available for free at www.gutenberg.org.
- All OLPC content is available for free at wiki.laptop.org.
+ All OLPC content is available for free at wiki.laptop.org.
All MIT Scratch content is available for free at scratch.mit.edu.
All UNESCO's IICBA content is available for free at www.iicba.unesco.org.
All Math Expression content is available for free at www.mathexpression.com.
@@ -36,8 +36,8 @@ Internet-in-a-Box also includes the work of content aggregators which we gratefully acknowledge:

- RACHEL is a curation of selected offline content at oer2go.org.
- Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at www.kiwix.org.
+ RACHEL is a curation of selected offline content at oer2go.org.
+ Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at www.kiwix.org.
KA Lite is a server and repository of Khan Academy content in various languages at learningequality.org/ka-lite.

Internet-in-a-Box also contains a number of applications each of which has its own attribution information, which is included.

diff --git a/roles/www_base/tasks/php-stem.yml b/roles/www_base/tasks/php-stem.yml index 8bce0fd08..15332a942 100644 --- a/roles/www_base/tasks/php-stem.yml +++ b/roles/www_base/tasks/php-stem.yml @@ -2,7 +2,7 @@ # README & Code: https://github.com/iiab/php-stem -# Source Code also here: http://download.iiab.io/packages/php-stem.src.tar +# Source Code also here: https://download.iiab.io/packages/php-stem.src.tar # June 2018 debugging & compilation thanks to Tim Moody & George Hunt # Original bug: https://github.com/iiab/iiab/issues/829 @@ -94,9 +94,9 @@ # stem_available: True # when: php_version == 7.4 and (ansible_machine == "aarch64" or ansible_machine == "x86_64") -# - name: Unarchive http://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar to / (rpi) +# - name: Unarchive https://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar to / (rpi) # unarchive: -# src: http://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar +# src: https://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar # dest: / # owner: root # group: root @@ -104,9 +104,9 @@ # remote_src: yes # when: (ansible_machine == "armv7l" or ansible_machine == "armv6l") and stem_available is defined -# - name: Unarchive http://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar to / (rpi) +# - name: Unarchive https://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar to / (rpi) # unarchive: -# src: http://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar +# src: https://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar # dest: / # owner: root # group: root @@ -114,9 +114,9 @@ # remote_src: yes # when: ansible_machine == "aarch64" and stem_available is defined -# - name: Unarchive http://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar to / (x64) +# - name: Unarchive https://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar to / (x64) # unarchive: -# src: http://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar +# src: https://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar # dest: / # owner: root # group: root diff --git a/scripts/ansible b/scripts/ansible index ea3ae3891..7a48bd30e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -68,9 +68,9 @@ GOOD_VER=2.13.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) #pip3 install ansible==2.9.27 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 -#echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" +#echo "Install https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" #cd /tmp -#wget http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb +#wget https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb #apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb export DEBIAN_FRONTEND=noninteractive diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4440b9e58..74107cd5b 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -37,7 +37,7 @@ iiab_dir: "{{ iiab_base }}/iiab" pip_packages_dir: "{{ iiab_base }}/pip-packages" yum_packages_dir: "{{ iiab_base }}/yum-packages" downloads_dir: "{{ iiab_base }}/downloads" -iiab_download_url: http://download.iiab.io/packages +iiab_download_url: https://download.iiab.io/packages content_base: /library doc_base: "{{ content_base }}/www" @@ -455,7 +455,7 @@ nextcloud_enabled: False # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False @@ -545,7 +545,7 @@ transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 -# Provision Transmission with torrent(s) from http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# Provision Transmission with torrent(s) from https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_provision: True transmission_kalite_version: 0.17 @@ -691,7 +691,7 @@ pbx_http_port: 83 # authserver_install: False # authserver_enabled: False -# Unmaintained (better to install from http://teamviewer.com or prep scripts at http://download.iiab.io) +# Unmaintained (better to install from https://teamviewer.com or prep scripts at https://download.iiab.io) # teamviewer_install: False # teamviewer_enabled: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c5cda1688..a88ff7af0 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -275,7 +275,7 @@ nextcloud_enabled: True # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: True @@ -322,7 +322,7 @@ sugarizer_enabled: True transmission_install: True transmission_enabled: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 0958e1470..6d4cc1b1d 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -275,7 +275,7 @@ nextcloud_enabled: True # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: True @@ -322,7 +322,7 @@ sugarizer_enabled: True transmission_install: True transmission_enabled: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index dc2e25bcb..d84945e0c 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -275,7 +275,7 @@ nextcloud_enabled: False # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False @@ -322,7 +322,7 @@ sugarizer_enabled: False transmission_install: False transmission_enabled: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 14e90b185..2df3ba79b 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -275,7 +275,7 @@ nextcloud_enabled: False # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False @@ -322,7 +322,7 @@ sugarizer_enabled: False transmission_install: False transmission_enabled: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml index b2f3298d8..ed6b61e0f 100644 --- a/vars/raspbian-10.yml +++ b/vars/raspbian-10.yml @@ -35,6 +35,6 @@ minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game minetest_rpi_src_tar: minetest.5.1.1.tar.gz -#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}" +#minetest_rpi_src_url: "https://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_url: "{{ iiab_download_url }}/{{ minetest_rpi_src_tar }}" minetest_rpi_src_untarred: Minetest diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index d1d1d8672..932455bc7 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -35,6 +35,6 @@ minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game minetest_rpi_src_tar: minetest.5.1.1.tar.gz -#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}" +#minetest_rpi_src_url: "https://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_url: "{{ iiab_download_url }}/{{ minetest_rpi_src_tar }}" minetest_rpi_src_untarred: Minetest diff --git a/vars/raspbian-9.yml b/vars/raspbian-9.yml index abf0acbd2..6d955a00c 100644 --- a/vars/raspbian-9.yml +++ b/vars/raspbian-9.yml @@ -31,5 +31,5 @@ systemd_location: /lib/systemd/system minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game -minetest_rpi_src_url: http://www.nathansalapat.com/downloads/0.4.17.1.tar.gz +minetest_rpi_src_url: https://www.nathansalapat.com/downloads/0.4.17.1.tar.gz minetest_rpi_src: minetest-0.4.17.1.tar.gz From 9e39d421fadfb4db86c8d036198b2b9f680bfedf Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 5 Jul 2022 12:56:59 -0400 Subject: [PATCH 188/344] firmware/tasks/download.yml: Tighter iiab_download_url + with_items --- roles/firmware/tasks/download.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 2c06ffbb6..949ad3583 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -9,19 +9,19 @@ - brcmfmac43455-sdio.clm_blob ignore_errors: yes -- name: Download higher-capacity firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) +- name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: - url: "{{ item }}" + url: "{{ iiab_download_url }}/{{ item }}" dest: /lib/firmware/brcm/ timeout: "{{ download_timeout }}" with_items: - - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2021-11-30_minimal" # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin - - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal" # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 - - "{{ iiab_download_url }}/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi" # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob - - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1" # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - "{{ iiab_download_url }}/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi" - - "{{ iiab_download_url }}/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65" # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - "{{ iiab_download_url }}/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65" + - brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin + - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob + - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi + - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 # RECORD firmware AS DOWNLOADED From 8f0bb179905068fda72eebc1972fbdb63bf6d0a5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Jul 2022 02:39:29 -0400 Subject: [PATCH 189/344] Uncover IIAB_REMOTE_URL in 1 of 2 places (for both repos) --- roles/0-init/tasks/create_iiab_ini.yml | 4 ++-- roles/0-init/tasks/main.yml | 4 ++-- scripts/iiab-summary | 18 ++++++++++++++++-- scripts/local_facts.fact | 13 +++++++++---- 4 files changed, 29 insertions(+), 10 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index f27cb2e38..239ce570d 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -29,8 +29,8 @@ value: "{{ ansible_architecture }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" - - option: iiab_remote - value: "{{ ansible_local.local_facts.iiab_remote }}" + - option: iiab_remote_url + value: "{{ ansible_local.local_facts.iiab_remote_url }}" - option: iiab_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: iiab_commit diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index b7d128124..cf5482144 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -68,8 +68,8 @@ value: "{{ iiab_base_ver }}" - option: iiab_revision value: "{{ iiab_revision }}" - - option: iiab_remote - value: "{{ ansible_local.local_facts.iiab_remote }}" + - option: iiab_remote_url + value: "{{ ansible_local.local_facts.iiab_remote_url }}" - option: runtime_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: runtime_commit diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 40f423584..f1b7179a5 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -12,7 +12,14 @@ COMMITS1=$(git log "$TAG1..HEAD" --oneline | wc -l) PR_COUNT1=$(git log "$TAG1..HEAD" --oneline --grep='Merge pull request' | wc -l) COMMIT_MSG1=$(git log --format=%B -1 | head -1) BRANCH1=$(git branch --show-current) -REMOTE_URL1=$(git config remote.$(git config branch.$BRANCH1.remote).url) +REMOTE_URL1="none" +tmp=$(git config branch.$BRANCH1.remote) && { + if [[ $tmp =~ ^"https://" ]]; then + REMOTE_URL1=$tmp + else + REMOTE_URL1=$(git config remote.$tmp.url) + fi +} git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root cd /opt/iiab/iiab-admin-console @@ -22,7 +29,14 @@ COMMITS2=$(git log "$TAG2..HEAD" --oneline | wc -l) PR_COUNT2=$(git log "$TAG2..HEAD" --oneline --grep='Merge pull request' | wc -l) COMMIT_MSG2=$(git log --format=%B -1 | head -1) BRANCH2=$(git branch --show-current) -REMOTE_URL2=$(git config remote.$(git config branch.$BRANCH2.remote).url) +REMOTE_URL2="none" +tmp=$(git config branch.$BRANCH2.remote) && { + if [[ $tmp =~ ^"https://" ]]; then + REMOTE_URL2=$tmp + else + REMOTE_URL2=$(git config remote.$tmp.url) + fi +} echo "$(grep install_date /etc/iiab/iiab.ini) Current TZ: $(date +%Z)" echo diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index a0471c95a..3c50c360e 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -12,7 +12,7 @@ STAGE=0 OS="none" VERSION_ID="none" # This var's combined with the above, before being output -IIAB_REMOTE="none" +IIAB_REMOTE_URL="none" IIAB_BRANCH="none" IIAB_COMMIT="none" IIAB_RECENT_TAG="none" @@ -91,8 +91,13 @@ esac tmp=$(git rev-parse --abbrev-ref HEAD) && IIAB_BRANCH=$tmp -tmp=$(git config remote.$(git config branch.$IIAB_BRANCH.remote).url) && - IIAB_REMOTE=$tmp +tmp=$(git config branch.$IIAB_BRANCH.remote) && { + if [[ $tmp =~ ^"https://" ]]; then + IIAB_REMOTE_URL=$tmp + else + IIAB_REMOTE_URL=$(git config remote.$tmp.url) + fi +} tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp @@ -145,7 +150,7 @@ cat < Date: Wed, 6 Jul 2022 02:50:05 -0500 Subject: [PATCH 190/344] iiab-diagnostics - use full path to repo location for iiab-apps-to-be-installed Reason: Shared helper file, recent changes will appear with just a 'git pull' not requiring an ansible run to install the file first. --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 957111ad1..9beb929f9 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -163,7 +163,7 @@ cat_cmd 'dpkg --print-architecture' 'RaspiOS-on-PC shows: i386' cat_cmd 'dpkg --print-foreign-architectures' 'RaspiOS-on-PC shows: amd64' cat_cmd 'systemctl is-active display-manager.service' 'Graphical Desktop?' cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml' -cat_cmd 'iiab-apps-to-be-installed' 'IIAB Apps to be installed' +cat_cmd '/opt/iiab/iiab/scripts/iiab-apps-to-be-installed' 'IIAB Apps to be installed' echo -e '\n\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile From afa45d3f5552ced5e96b210628c67bda3efa4b28 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 6 Jul 2022 02:57:10 -0500 Subject: [PATCH 191/344] iiab-summary - update on the fly --- roles/0-init/tasks/main.yml | 7 +++++-- roles/1-prep/tasks/main.yml | 9 --------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index b7d128124..7831663a0 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -32,11 +32,14 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy /opt/iiab/iiab/scripts/iiab-diagnostics to /usr/bin/ +- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: - src: "{{ iiab_dir }}/scripts/iiab-diagnostics" + src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ mode: '0755' + with_items: + - iiab-summary + - iiab-diagnostics - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0dfd32ee0..e4132ad4c 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,15 +23,6 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? -- name: Copy iiab-summary & iiab-apps-to-be-installed from /opt/iiab/iiab/scripts/ to /usr/bin/ - copy: - src: "{{ iiab_dir }}/scripts/{{ item }}" - dest: /usr/bin/ - mode: '0755' - with_items: - - iiab-summary - - iiab-apps-to-be-installed - - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml #when: dnsmasq_install # Flag might be used in future? From faa73a308856b054a9e57144c7197c3ce9dfd4f3 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Jul 2022 05:53:19 -0400 Subject: [PATCH 192/344] Toughen up iiab-apps-to-be-installed, iiab-summary, iiab-diagnostics --- scripts/iiab-apps-to-be-installed | 16 +++++++++--- scripts/iiab-diagnostics | 41 ++++++++---------------------- scripts/iiab-diagnostics.README.md | 2 +- scripts/iiab-summary | 3 ++- 4 files changed, 27 insertions(+), 35 deletions(-) diff --git a/scripts/iiab-apps-to-be-installed b/scripts/iiab-apps-to-be-installed index e44baee93..84b6e2f11 100755 --- a/scripts/iiab-apps-to-be-installed +++ b/scripts/iiab-apps-to-be-installed @@ -8,6 +8,11 @@ iiab_var_value() { [[ $v2 != "" ]] && echo $v2 || echo $v1 # [ "$v2" ] ALSO WORKS } +# https://askubuntu.com/questions/1250974/user-root-cant-write-to-file-in-tmp-owned-by-someone-else-in-20-04-but-can-in +# https://unix.stackexchange.com/questions/503111/group-permissions-for-root-not-working-in-tmp +[[ $(id -un) == "root" ]] && + rm -f /tmp/iiab-apps-list /tmp/iiab-apps-to-be-installed + # 2022-06-18: 40 apps (list not quite complete) #grep -l _installed: /opt/iiab/iiab/roles/*/tasks/install.yml | cut -d/ -f6 > /tmp/iiab-apps-list @@ -17,6 +22,13 @@ iiab_var_value() { # 2022-06-18: 50 apps (list long but ok!) -- adds these 10: dansguardian, dhcpd, iiab_admin, minetest, named, pylibs, squid, wondershaper, www_base, www_options grep -hro '[A-Za-z_][A-Za-z_]*_installed: True' --exclude-dir=0-DEPRECATED-ROLES /opt/iiab/iiab/roles | sed 's/_installed: True$//' | sort | uniq > /tmp/iiab-apps-list +# Non-root CANNOT rm files from /tmp, but CAN write to them (unlike root!!) +# This ALSO creates the file (useful when "Apps2B" == 0, for iiab-summary etc) +truncate -s 0 /tmp/iiab-apps-to-be-installed + +# So other (non-root) users CAN later write to these, even if they CAN'T chmod! +chmod 777 /tmp/iiab-apps-list /tmp/iiab-apps-to-be-installed 2>/dev/null + while read app; do if [[ $app == "calibre-web" ]]; then app=calibreweb @@ -27,8 +39,6 @@ while read app; do # echo ${app}_install: $(iiab_var_value ${app}_install) if [[ $(iiab_var_value ${app}_install) =~ ^[Tt]rue$ ]] && ! grep -q "${app}_installed: True" /etc/iiab/iiab_state.yml; then - echo $app + echo $app | tee -a /tmp/iiab-apps-to-be-installed fi done < /tmp/iiab-apps-list - -rm /tmp/iiab-apps-list # So a non-root user can later run this cleanly! diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 957111ad1..f447fb3d1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -127,45 +127,26 @@ function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail # START BUILDING UP THE FILE THAT'LL CONTAIN THE DIAGNOSTICS! echo -e "\nCompiling diagnostics..." -echo -e "\n 0. Filename Header + Git Hashes + Raspberry Pi Model + OS" +echo -e "\n 0. HW + SW Quick Summary" echo "This is: $outfile" >> $outfile echo >> $outfile -echo -e "\n\n\n\n0. GIT INFO + RASPBERRY PI MODEL + OS" >> $outfile -echo >> $outfile -echo "iiab commit: $HASH1" >> $outfile -echo " remote: $REMOTE_URL1" >> $outfile -echo " branch: $BRANCH1" >> $outfile -printf "%4s merged PR's since recent tag: $TAG_COMMITS1\n" $PR_COUNT1 >> $outfile -echo >> $outfile -echo "iiab-admin-console commit: $HASH2" >> $outfile -echo " remote: $REMOTE_URL2" >> $outfile -echo " branch: $BRANCH2" >> $outfile -printf "%4s merged PR's since recent tag: $TAG_COMMITS2\n" $PR_COUNT2 >> $outfile -echo >> $outfile -cat_file /etc/iiab/pr-list-pulled -cat_file /proc/device-tree/model # Should be identical to /sys/firmware/devicetree/base/model -cat_file /etc/rpi-issue -echo "-IIAB-EXPLANATION-OF-THE-ABOVE-------------------------------------------------" >> $outfile +echo -e "\n\n\n\n0. HW + SW Quick Summary" >> $outfile echo >> $outfile +/opt/iiab/iiab/scripts/iiab-summary >> $outfile if [ -f /etc/rpi-issue ]; then echo "stage2 = Raspberry Pi OS Lite" >> $outfile echo "stage4 = Raspberry Pi OS with desktop" >> $outfile echo "stage5 = Raspberry Pi OS with desktop + recommended software" >> $outfile - echo >> $outfile echo "SEE https://github.com/RPi-Distro/pi-gen#stage-anatomy" >> $outfile -else - echo "(This is NOT Raspberry Pi OS!)" >> $outfile + echo >> $outfile +fi +if [ -s /tmp/iiab-apps-to-be-installed ]; then + echo "iiab-apps-to-be-installed :" >> $outfile + cat /tmp/iiab-apps-to-be-installed >> $outfile + echo >> $outfile fi -echo >> $outfile -cat_file /etc/issue.net -cat_file /etc/debian_version -cat_cmd 'dpkg --print-architecture' 'RaspiOS-on-PC shows: i386' -cat_cmd 'dpkg --print-foreign-architectures' 'RaspiOS-on-PC shows: amd64' -cat_cmd 'systemctl is-active display-manager.service' 'Graphical Desktop?' -cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml' -cat_cmd 'iiab-apps-to-be-installed' 'IIAB Apps to be installed' -echo -e '\n\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' +echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile for f in "$@"; do cat_file $f @@ -277,7 +258,7 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then -if ! [[ $ans =~ ^[nN]$ ]]; then +if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " #pastebinit -b dpaste.com < $outfile pastebinit -b sprunge.us < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 1dacfe807..63d0edc59 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-261 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-242 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. diff --git a/scripts/iiab-summary b/scripts/iiab-summary index f1b7179a5..ffd9ac45c 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -76,7 +76,8 @@ fi # landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p #fi echo -echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(/opt/iiab/iiab/scripts/iiab-apps-to-be-installed | wc -l)" +/opt/iiab/iiab/scripts/iiab-apps-to-be-installed > /dev/null +echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(cat /tmp/iiab-apps-to-be-installed | wc -l)" echo echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net grep "^openvpn_enabled:" /etc/iiab/local_vars.yml From 16c1bf8e126b1614d80a3374bc2b771907bc554c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 6 Jul 2022 11:35:00 -0500 Subject: [PATCH 193/344] Update iiab-diagnostics --- scripts/iiab-diagnostics | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 3b4b37de0..f447fb3d1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -146,7 +146,6 @@ if [ -s /tmp/iiab-apps-to-be-installed ]; then echo >> $outfile fi - echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile for f in "$@"; do From 99d5debbf4652b25381b3c8658cf4687111f9cda Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Jul 2022 15:25:14 -0400 Subject: [PATCH 194/344] iiab-summary: Remove bold font for pastebin. Restore /usr/bin/iiab-apps-to-be-installed --- roles/1-prep/tasks/main.yml | 6 ++++++ scripts/iiab-summary | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index e4132ad4c..d7af981bd 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,6 +23,12 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? +- name: Copy iiab-apps-to-be-installed from {{ iiab_dir }} to /usr/bin/ + copy: + src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab/scripts + dest: /usr/bin/ + mode: '0755' + - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml #when: dnsmasq_install # Flag might be used in future? diff --git a/scripts/iiab-summary b/scripts/iiab-summary index ffd9ac45c..2e1da90a7 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -41,7 +41,7 @@ tmp=$(git config branch.$BRANCH2.remote) && { echo "$(grep install_date /etc/iiab/iiab.ini) Current TZ: $(date +%Z)" echo echo -e "iiab: $SHORT_HASH1, $PR_COUNT1 PR's / $COMMITS1 commits since tag $TAG1" -echo -e " \e[1m\"$COMMIT_MSG1\"\e[0m" +echo -e " \"$COMMIT_MSG1\"" echo " $REMOTE_URL1 branch: $BRANCH1" if [ -f /etc/iiab/pr-list-pulled ]; then echo @@ -51,7 +51,7 @@ fi echo if [ -d /opt/iiab/iiab-admin-console ]; then echo -e "iiab-admin-console: $SHORT_HASH2, $PR_COUNT2 PR's / $COMMITS2 commits since tag $TAG2" - echo -e " \e[1m\"$COMMIT_MSG2\"\e[0m" + echo -e " \"$COMMIT_MSG2\"" echo " $REMOTE_URL2 branch: $BRANCH2" else echo " WARNING: Directory /opt/iiab/iiab-admin-console does not exist!" From e8ee4400ead70048800c36e4579a7eaecedd71ce Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Jul 2022 15:38:45 -0400 Subject: [PATCH 195/344] iiab-diagnostics output: Less spacing betw 6 sections --- scripts/iiab-diagnostics | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f447fb3d1..2de2e1c76 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -130,7 +130,7 @@ echo -e "\nCompiling diagnostics..." echo -e "\n 0. HW + SW Quick Summary" echo "This is: $outfile" >> $outfile echo >> $outfile -echo -e "\n\n\n\n0. HW + SW Quick Summary" >> $outfile +echo -e "\n\n\n0. HW + SW Quick Summary" >> $outfile echo >> $outfile /opt/iiab/iiab/scripts/iiab-summary >> $outfile if [ -f /etc/rpi-issue ]; then @@ -147,7 +147,7 @@ if [ -s /tmp/iiab-apps-to-be-installed ]; then fi echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' -echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile +echo -e '\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile for f in "$@"; do cat_file $f done @@ -157,7 +157,7 @@ if [ $# -eq 0 ]; then else echo -e "\n 2. Regular Files:\n" fi -echo -e "\n\n\n\n2. REGULAR FILES\n" >> $outfile +echo -e "\n\n\n2. REGULAR FILES\n" >> $outfile #cat_file /dev/sda # Device "file" test #cat_file /nonsense # Non-existence test #cat_file /opt/iiab/iiab # Directory test @@ -181,7 +181,7 @@ cat_file /library/www/html/home/menu.json #cat_file /tmp/all-ansible-vars echo -e "\n 3. Content of Directories: (1-level deep)\n" -echo -e "\n\n\n\n3. CONTENT OF DIRECTORIES (1-LEVEL DEEP)\n" >> $outfile +echo -e "\n\n\n3. CONTENT OF DIRECTORIES (1-LEVEL DEEP)\n" >> $outfile cat_dir /etc/network/interfaces.d cat_dir /etc/systemd/network cat_dir /etc/NetworkManager/system-connections # Redacts most passwords above @@ -190,7 +190,7 @@ cat_dir /etc/netplan # Redacts most passwords above #cat_dir /etc/network # Above file /etc/network/interfaces suffices echo -e "\n 4. Output of Commands:\n" -echo -e "\n\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile +echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' @@ -226,12 +226,12 @@ cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" -echo -e "\n\n\n\n5. FIREWALL RULES\n" >> $outfile +echo -e "\n\n\n5. FIREWALL RULES\n" >> $outfile #cat_file /usr/bin/iiab-gen-iptables cat_cmd 'sudo iptables-save' 'Firewall rules' echo -e "\n 6. Log Files: (e.g. last 100 lines of each)\n" -echo -e "\n\n\n\n6. LOG FILES (e.g. LAST 100 LINES OF EACH)\n" >> $outfile +echo -e "\n\n\n6. LOG FILES (e.g. LAST 100 LINES OF EACH)\n" >> $outfile cat_cmd 'grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log' 'for skip_role_on_error' cat_tail /opt/iiab/iiab/iiab-install.log 100 cat_tail /opt/iiab/iiab/iiab-configure.log 100 From 389ee282272a37eaab42c50e7a63254a4e876004 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Jul 2022 16:08:57 -0400 Subject: [PATCH 196/344] PR #3292 comment clarif: {{ iiab_dir }} is /opt/iiab/iiab --- roles/1-prep/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index d7af981bd..0c376df31 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -25,7 +25,7 @@ - name: Copy iiab-apps-to-be-installed from {{ iiab_dir }} to /usr/bin/ copy: - src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab/scripts + src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab dest: /usr/bin/ mode: '0755' From 4c7369cd7a3ee0fbf56dce35aef36dd1f70cd142 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 17:46:06 -0400 Subject: [PATCH 197/344] calibre-web/tasks/install.yml: Clarify 'pip list' prob suffic --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 8616674e6..65a88168c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -51,7 +51,7 @@ # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 # source bin/activate -# python3 -m pip list +# python3 -m pip list ('pip list' probably sufficient, likewise below) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt # deactivate From 21ee498b73666709d6b4ae9257b9d78281c4b89c Mon Sep 17 00:00:00 2001 From: George Hunt Date: Thu, 7 Jul 2022 23:51:29 +0100 Subject: [PATCH 198/344] break pip install into two plays --- roles/jupyterhub/tasks/install.yml | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 671e8a3ea..7a12252cd 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,22 +33,29 @@ global: yes state: latest -- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~217 MB)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~217 MB total in two ansible plays)" pip: name: - pip - wheel - - ipywidgets - jupyterhub - - jupyterlab - - jupyterhub_firstuseauthenticator - - jupyterhub-systemdspawner virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released. +- name: "pip break apart jupyterlab install into two parts - must have conflicting mutual dependency (4 packages)" + pip: + name: + - jupyterlab + - jupyterhub_firstuseauthenticator + - jupyterhub-systemdspawner + - ipywidgets + virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub + virtualenv_site_packages: no + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" + - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" template: src: jupyterhub_config.py.j2 From 2c09ed18875b88b4cbf95b8b9cb890c99ed6d995 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 19:17:40 -0400 Subject: [PATCH 199/344] jupyterhub/tasks/install.yml: Quick "lint" for indentation etc --- roles/jupyterhub/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 7a12252cd..bb2a8364e 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -48,11 +48,11 @@ - name: "pip break apart jupyterlab install into two parts - must have conflicting mutual dependency (4 packages)" pip: name: - - jupyterlab - - jupyterhub_firstuseauthenticator - - jupyterhub-systemdspawner - - ipywidgets - virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub + - jupyterlab + - jupyterhub_firstuseauthenticator + - jupyterhub-systemdspawner + - ipywidgets + virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" From 0a7aa0c162a859990f71e891badc101b85aa18a8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 19:34:30 -0400 Subject: [PATCH 200/344] jupyterhub/tasks/install.yml: Comment clarifs for PR #3294 --- roles/jupyterhub/tasks/install.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index bb2a8364e..eaa4e80fb 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -45,7 +45,11 @@ #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released. -- name: "pip break apart jupyterlab install into two parts - must have conflicting mutual dependency (4 packages)" +# 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below) +# fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) +# https://github.com/iiab/iiab/issues/3283 + +- name: Break apart jupyterhub/jupyterlab pip installs into two parts - must have conflicting mutual dependency (3 packages above + 4 packages here) pip: name: - jupyterlab From cfe9a37b7ad4f2f4a4140b4f7b3254367504e63d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 19:53:15 -0400 Subject: [PATCH 201/344] jupyterhub/tasks/install.yml: Update comment ~217MB to ~306MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index eaa4e80fb..d92b166fe 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~217 MB total in two ansible plays)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~306 MB total, in two ansible plays)" pip: name: - pip From 79237c65b09d267747508fa54b042365ea37a4a9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 22:19:15 -0400 Subject: [PATCH 202/344] jupyterhub/tasks/install.yml: Use --no-cache-dir w/o --pre --- roles/jupyterhub/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d92b166fe..a593bf8d6 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -41,9 +41,9 @@ - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) - extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released. + extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 # 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below) # fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) @@ -59,6 +59,7 @@ virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" + extra_args: "--no-cache-dir" - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" template: From c153cb8d9a964f496272967490986721cb25828b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 22:41:52 -0400 Subject: [PATCH 203/344] jupyterhub/tasks/install.yml: Clarify ~304MB /opt/iiab/jupyterhub --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index a593bf8d6..257f817f3 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~306 MB total, in two ansible plays)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, in two ansible plays)" pip: name: - pip From 5dad80366edbc14fd8fdc70661e458aba0c944e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 23:16:58 -0400 Subject: [PATCH 204/344] jupyterhub/tasks/install.yml: Nix getsite.py & patch_FUA.sh --- roles/jupyterhub/tasks/install.yml | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 257f817f3..0018b4422 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -71,20 +71,21 @@ src: jupyterhub.service.j2 dest: /etc/systemd/system/jupyterhub.service -- name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages - template: - src: getsite.py.j2 - dest: "{{ jupyterhub_venv }}/bin/getsite.py" - mode: 0755 - -- name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py - template: - src: patch_FUA.sh.j2 - dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" - mode: 0755 - -- name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh" - command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" +# 2022-07-07: No longer needed, thx to upstream fixes +# - name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages +# template: +# src: getsite.py.j2 +# dest: "{{ jupyterhub_venv }}/bin/getsite.py" +# mode: 0755 +# +# - name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py +# template: +# src: patch_FUA.sh.j2 +# dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" +# mode: 0755 +# +# - name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh" +# command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" - name: Install patch_http-warning.sh from template, to turn off the warning about http insecurity, in {{ jupyterhub_venv }}/share/jupyterhub/templates/login.html template: From 54703fa34afedceb1f95c064f61cb7491d854143 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 23:18:09 -0400 Subject: [PATCH 205/344] Rename patch_FUA.sh.j2 to patch_FUA.sh.j2.unused --- .../templates/{patch_FUA.sh.j2 => patch_FUA.sh.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/jupyterhub/templates/{patch_FUA.sh.j2 => patch_FUA.sh.j2.unused} (100%) diff --git a/roles/jupyterhub/templates/patch_FUA.sh.j2 b/roles/jupyterhub/templates/patch_FUA.sh.j2.unused similarity index 100% rename from roles/jupyterhub/templates/patch_FUA.sh.j2 rename to roles/jupyterhub/templates/patch_FUA.sh.j2.unused From 042dff872bc33845d5f171194b4e82347341ff5e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 23:18:46 -0400 Subject: [PATCH 206/344] Rename getsite.py.j2 to getsite.py.j2.unused --- .../jupyterhub/templates/{getsite.py.j2 => getsite.py.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/jupyterhub/templates/{getsite.py.j2 => getsite.py.j2.unused} (100%) diff --git a/roles/jupyterhub/templates/getsite.py.j2 b/roles/jupyterhub/templates/getsite.py.j2.unused similarity index 100% rename from roles/jupyterhub/templates/getsite.py.j2 rename to roles/jupyterhub/templates/getsite.py.j2.unused From f035414ce9df5fcaf0a3257c0bc591535f9b3b2a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 23:47:32 -0400 Subject: [PATCH 207/344] jupyterhub/tasks/install.yml: Ansible output re: mutual dep deadlock --- roles/jupyterhub/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 0018b4422..8ef7ce7d9 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, in two ansible plays)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, after 2 Ansible calls)" pip: name: - pip @@ -49,7 +49,7 @@ # fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) # https://github.com/iiab/iiab/issues/3283 -- name: Break apart jupyterhub/jupyterlab pip installs into two parts - must have conflicting mutual dependency (3 packages above + 4 packages here) +- name: Break up jupyterhub/jupyterlab pip installs into 2 parts (3 packages above + 4 packages here) due to mutual dependency deadlock on some OS's pip: name: - jupyterlab From d12546c98df55fd870163ad9d020e7307d17d9ec Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Jul 2022 22:00:03 -0400 Subject: [PATCH 208/344] Prepare for 10.10.10.10, by evolving PR #3281 --- roles/captiveportal/tasks/install.yml | 2 +- ...ivert-to-nginx => iiab-divert-to-nginx.j2} | 0 roles/cups/tasks/install.yml | 2 +- roles/cups/templates/cups.conf.j2 | 2 +- roles/network/tasks/enable_services.yml | 4 +- roles/network/tasks/named.yml | 4 +- .../network/templates/dhcp/dhcpd-iiab.conf.j2 | 62 +++++++++++-------- .../templates/gateway/iiab-gen-iptables | 2 +- ...nal.zone.db => school.internal.zone.db.j2} | 0 ....local.zone.db => school.local.zone.db.j2} | 0 .../network/templates/network/dnsmasq.conf.j2 | 4 +- roles/nextcloud/README.md | 2 +- roles/samba/templates/smb.conf.j2 | 7 ++- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 8 +-- 15 files changed, 57 insertions(+), 44 deletions(-) rename roles/captiveportal/templates/{iiab-divert-to-nginx => iiab-divert-to-nginx.j2} (100%) rename roles/network/templates/named/{school.internal.zone.db => school.internal.zone.db.j2} (100%) rename roles/network/templates/named/{school.local.zone.db => school.local.zone.db.j2} (100%) diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index af022f0e9..ab25d50b6 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -26,7 +26,7 @@ mode: "{{ item.mode }}" with_items: - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' } - - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' } + - { src: roles/captiveportal/templates/iiab-divert-to-nginx.j2, dest: /usr/sbin/iiab-divert-to-nginx, mode: '0755' } - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' } - name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server) diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx.j2 similarity index 100% rename from roles/captiveportal/templates/iiab-divert-to-nginx rename to roles/captiveportal/templates/iiab-divert-to-nginx.j2 diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 6b8971f34..12296cfe5 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -105,7 +105,7 @@ # - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027 # - "ServerAlias *" # - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan -# - "#Listen {{ lan_ip }}:631" # {{ lan_ip }} +# - "#Listen {{ lan_ip }}:631" # e.g. 10.10.10.10 # - "#Listen 127.0.0.1:631" # - "#Listen 0.0.0.0:631" # - "#Listen *:631" diff --git a/roles/cups/templates/cups.conf.j2 b/roles/cups/templates/cups.conf.j2 index a481aa0b1..3d4f4f53f 100644 --- a/roles/cups/templates/cups.conf.j2 +++ b/roles/cups/templates/cups.conf.j2 @@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex return 301 http://localhost:631; } - return 301 http://$host:631; # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC + return 301 http://$host:631; # For 192.168.0.x, 10.10.10.10, 172.18.96.1, 10.8.0.y ETC } diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index d87f9ab36..bf73f1f77 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -32,8 +32,8 @@ # mode: "{{ item.mode }}" with_items: - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } - - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/' } - - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/' } + - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } + - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } when: named_install and named_enabled - name: Enable named service ({{ dns_service }}) if named_enabled diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index 9183242f9..0123ef03f 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -58,8 +58,8 @@ - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly - - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' } - - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' } - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' } diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index 4b452a163..95dbf32dc 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -6,33 +6,43 @@ ddns-update-style interim; option domain-name "{{ iiab_domain }}"; option domain-name-servers {{ lan_ip }}; -option ntp-servers {{ lan_ip }}; +option ntp-servers {{ lan_ip }}; +{% if network_172 %} subnet 172.18.96.0 netmask 255.255.224.0 { - {% if iiab_network_mode == "Gateway" %} - option routers {{ lan_ip }}; - {% endif %} - {% if network_172 %} - option subnet-mask 255.255.224.0; - option broadcast-address 172.18.127.255; - {% else %} - option subnet-mask 255.255.255.0; - option broadcast-address 10.10.10.255; - {% endif %} + {% if iiab_network_mode == "Gateway" %} + option routers {{ lan_ip }}; + {% endif %} + option subnet-mask 255.255.224.0; + option broadcast-address 172.18.127.255; + # Description of network allocations in old OLPC school server + # this is the whole range we have available - 8K addresses + # range 172.18.96.2 172.18.127.254; + # instead, we'll save 510 addresses for later. + range 172.18.96.2 172.18.125.254; + # the other /24s: + # -> 172.18.126.0/24 for static IP addresses + # for printers, AP management consoles, etc. + # -> 172.18.127.0/24 for temporary addresses for + # XO activation - # Description of network allocations in old OLPC school server - # this is the whole range we have available - 8K addresses - # range 172.18.96.2 172.18.127.254; - # instead, we'll save 510 addresses for later. - range 172.18.96.2 172.18.125.254; - # the other /24s: - # -> 172.18.126.0/24 for static IP addresses - # for printers, AP management consoles, etc. - # -> 172.18.127.0/24 for temporary addresses for - # XO activation - - # As this subnet is wired or wifi a/b/g, these lease - # times are on the long side - default-lease-time 10800; - max-lease-time 21600; + # As this subnet is wired or wifi a/b/g, these lease + # times are on the long side + default-lease-time 10800; + max-lease-time 21600; } +{% else %} +subnet 10.10.10.0 netmask 255.255.255.0 { + {% if iiab_network_mode == "Gateway" %} + option routers {{ lan_ip }}; + {% endif %} + option subnet-mask 255.255.255.0; + option broadcast-address 10.10.10.255; + range 10.10.10.2 10.10.10.254; + + # As this subnet is wired or wifi a/b/g, these lease + # times are on the long side + default-lease-time 10800; + max-lease-time 21600; +} +{% endif %} diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index d784d38a9..b11cd4fca 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled" echo #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` #echo -e "Network Mode: $network_mode\n" -lan_ip=$(iiab_var_value lan_ip) # {{ lan_ip }} +lan_ip=$(iiab_var_value lan_ip) # e.g. 10.10.10.10 ports_externally_visible=$(iiab_var_value ports_externally_visible) gw_block_https=$(iiab_var_value gw_block_https) diff --git a/roles/network/templates/named/school.internal.zone.db b/roles/network/templates/named/school.internal.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.db rename to roles/network/templates/named/school.internal.zone.db.j2 diff --git a/roles/network/templates/named/school.local.zone.db b/roles/network/templates/named/school.local.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.local.zone.db rename to roles/network/templates/named/school.local.zone.db.j2 diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index 056830267..152369cad 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -19,9 +19,9 @@ expand-hosts # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease {% if network_172 %} - dhcp-range=172.18.100.1,172.18.126.254,1h +dhcp-range=172.18.100.1,172.18.126.254,1h {% else %} - dhcp-range=10.10.10.21,10.10.10.253,1h +dhcp-range=10.10.10.11,10.10.10.254,1h {% endif %} # Specify the default route diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 4117fd790..14af973e0 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre ## Using It -Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using: +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://10.10.10.10/nextcloud (or similar) using: Username: Admin Password: changeme diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index df58ac824..f7e7c9457 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -92,7 +92,12 @@ ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 - hosts allow = 127. 172.18. 10.10. + +{% if network_172 %} + hosts allow = 127. 172.18. +{% else %} + hosts allow = 10.10.10. +{% endif %} ; max protocol = SMB2 diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 23cb52027..f6763f593 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -12,7 +12,7 @@ # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # transmission_http_port: 9091 # transmission_url: /transmission/ -# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.* +# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10.*,172.18.96.*,10.8.0.* # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a4807a38e..796074a3b 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -100,10 +100,8 @@ js_menu_install: True iiab_hostname: box iiab_domain: lan lan_ip: 10.10.10.10 -network_172: False -#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems -lan_netmask: 255.255.255.0 -#lan_netmask: 255.255.224.0 # Older networks were larger +network_172: False # Change to True if you set the above to 172.18.96.1 +lan_netmask: 255.255.255.0 # Change to 255.255.224.0 if using 172.18.96.1 # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. @@ -544,7 +542,7 @@ transmission_group: debian-transmission # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme transmission_http_port: 9091 transmission_url: /transmission/ -transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,* +transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10,*,172.18.96.*,10.8.0.* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 From ebbda467a676e4b1c9d4ed4d6b72c8ae7c8d5bc6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Jul 2022 22:08:53 -0400 Subject: [PATCH 209/344] dhcpd-iiab.conf.j2: range 10.10.10.11 10.10.10.254; --- roles/network/templates/dhcp/dhcpd-iiab.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index 95dbf32dc..66cd3e706 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -38,7 +38,7 @@ subnet 10.10.10.0 netmask 255.255.255.0 { {% endif %} option subnet-mask 255.255.255.0; option broadcast-address 10.10.10.255; - range 10.10.10.2 10.10.10.254; + range 10.10.10.11 10.10.10.254; # As this subnet is wired or wifi a/b/g, these lease # times are on the long side From 47fda4d1739eb4d5fc1fab4400d4c5345c529572 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Jul 2022 22:12:24 -0400 Subject: [PATCH 210/344] smb.conf.j2: hosts allow = 127. 10.10.10. --- roles/samba/templates/smb.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index f7e7c9457..9b60050d8 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -96,7 +96,7 @@ {% if network_172 %} hosts allow = 127. 172.18. {% else %} - hosts allow = 10.10.10. + hosts allow = 127. 10.10.10. {% endif %} ; max protocol = SMB2 From e30b1c9549beed3b7402b58d5201311daa0c8084 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 10 Jul 2022 15:45:30 -0500 Subject: [PATCH 211/344] drop old olpc fedora paths --- roles/2-common/tasks/fl.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/2-common/tasks/fl.yml b/roles/2-common/tasks/fl.yml index 30c8266e7..829b8dfbf 100644 --- a/roles/2-common/tasks/fl.yml +++ b/roles/2-common/tasks/fl.yml @@ -1,6 +1,6 @@ # fl.yml signifies "file layout" -- name: "File Layout - Create directories: 1 in /etc, 1 in {{ py3_dist_path }}, 3 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab +- name: "File Layout - Create directories: 1 in {{ py3_dist_path }}, 2 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab file: path: "{{ item }}" # owner: root @@ -8,9 +8,9 @@ # mode: '0755' state: directory with_items: - - /etc/sysconfig/olpc-scripts/setup.d/installed/ + #- /etc/sysconfig/olpc-scripts/setup.d/installed/ - "{{ py3_dist_path }}/iiab" # /usr/lib/python3/dist-packages - - "{{ yum_packages_dir }}" # /opt/iiab/yum-packages + #- "{{ yum_packages_dir }}" # /opt/iiab/yum-packages - "{{ pip_packages_dir }}" # /opt/iiab/pip-packages - "{{ downloads_dir }}" # /opt/iiab/downloads #- "{{ content_base }}/downloads" # /library/downloads auto-created just below From 91046a4f12b12ba4027816cb2ecb8e8080651195 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Jul 2022 15:40:52 +0000 Subject: [PATCH 212/344] PR #3173 adjustments (making network role optional) --- roles/1-prep/tasks/main.yml | 8 ++++---- roles/network/tasks/install.yml | 22 ++++++++++++---------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index d1ce25c6d..911e31df5 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,10 +3,6 @@ - name: ...IS BEGINNING ============================================ meta: noop -- name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/install.yml - when: network_install - - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: name: sshd @@ -33,6 +29,10 @@ dest: /usr/bin/ mode: '0755' +- name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/install.yml + when: network_install + - include_tasks: uuid.yml - include_tasks: ubermix.yml diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 06e4cf31d..65f7fb2c2 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -19,7 +19,7 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml @@ -60,15 +60,6 @@ #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE -- name: "Set 'network_installed: True'" - set_fact: - network_installed: True - -- name: "Add 'network_installed: True' to {{ iiab_state_file }}" - lineinfile: - path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - regexp: '^network_installed' - line: 'network_installed: True' # UNMAINTAINED - name: Install named / BIND @@ -84,3 +75,14 @@ - name: Install Squid include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined + + +- name: "Set 'network_installed: True'" + set_fact: + network_installed: True + +- name: "Add 'network_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^network_installed' + line: 'network_installed: True' From 699e908291261084eca7a9d53b2c40fb76b7a516 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Jul 2022 17:12:29 +0000 Subject: [PATCH 213/344] Move iiab-hotspot-on|off installs (hostapd.yml to main.yml, for Admin Console) --- roles/network/tasks/hostapd.yml | 17 ++--------------- roles/network/tasks/main.yml | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 07e534b66..3b9231a86 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -50,21 +50,8 @@ mode: 0644 when: not wifi_up_down and can_be_ap -- name: Create /usr/bin/iiab-hotspot-on from template - template: - src: hostapd/iiab-hotspot-on - dest: /usr/bin/iiab-hotspot-on - owner: root - group: root - mode: 0755 - -- name: Create /usr/bin/iiab-hotspot-off from template - template: - src: hostapd/iiab-hotspot-off - dest: /usr/bin/iiab-hotspot-off - owner: root - group: root - mode: 0755 +# 2022-07-11: Install of iiab-hotspot-on|off moved to network/tasks/main.yml +# as required for Admin Console - name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True template: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 86a07413b..567a21159 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -25,6 +25,22 @@ include_tasks: install.yml when: network_install and network_installed is undefined +- name: Create /usr/bin/iiab-hotspot-on from template + template: + src: hostapd/iiab-hotspot-on + dest: /usr/bin/iiab-hotspot-on + owner: root + group: root + mode: 0755 + +- name: Create /usr/bin/iiab-hotspot-off from template + template: + src: hostapd/iiab-hotspot-off + dest: /usr/bin/iiab-hotspot-off + owner: root + group: root + mode: 0755 + - name: Configuring Network if enabled block: # - name: Configure wondershaper From 9e6f96bd33cf42b25931c4ab5dd4643c8616b730 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Jul 2022 14:37:28 -0400 Subject: [PATCH 214/344] 1-prep: Also enforce "network_installed is undefined" --- roles/1-prep/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 911e31df5..96ff6779d 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -31,7 +31,7 @@ - name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/install.yml - when: network_install + when: network_install and network_installed is undefined - include_tasks: uuid.yml - include_tasks: ubermix.yml From d67b2751a6f9e44aebe1bf20709bf383af289ca1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Jul 2022 20:14:15 -0400 Subject: [PATCH 215/344] hostname.yml: Note /etc/hosts & /etc/hostname tkts --- roles/0-init/tasks/hostname.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 427380929..70321cb4a 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -22,7 +22,10 @@ # 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904) # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" -# should the first entry match just hostname and domain move to after localhost? +# 2022-07-11: Should the first entry match just hostname and domain move to +# after localhost? Background: +# 1. /etc/hosts -- #1815 solved by PR #1847 +# 2. /etc/hostname -- #2904 solved by PR #2973 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' lineinfile: path: /etc/hosts From ab5f4c5fe988435bd710371df6b1996d7bf239fc Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 12 Jul 2022 08:21:29 -0400 Subject: [PATCH 216/344] Update README.adoc --- roles/matomo/README.adoc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index fa4f2e980..bcb110c2f 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -43,6 +43,20 @@ Take a look at Matomo's official guides to further set this up: https://matomo.o WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) +=== Getting Started + +Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. + +The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on "Visitors" and then below "Visitors", "Overview", to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to Internet in a Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet in a Box. + +Below the "Visitors" button is a second button, "Behavior". Click on the "Pages" button after clicking "Behavior" and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. + +=== IIAB Tips, Tricks, and Gotchas + +1. If your Internet In A Box setup is without power and Internet access, it will not be a ble to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. + +2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. + == Credits Carl Wivagg From fafaf693eaa9cf47197a1eb5358a8b360c0e6d92 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 12 Jul 2022 08:35:42 -0400 Subject: [PATCH 217/344] 0-init/tasks/hostname.yml: Note discussion(s) of /etc/hosts --- roles/0-init/tasks/hostname.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 70321cb4a..ed79ccf3b 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -23,7 +23,7 @@ # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" # 2022-07-11: Should the first entry match just hostname and domain move to -# after localhost? Background: +# after localhost? See PR's #1 & #8 -- with discussion on #3302 -- and also: # 1. /etc/hosts -- #1815 solved by PR #1847 # 2. /etc/hostname -- #2904 solved by PR #2973 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' From 6c5a42ffeaefdaee1c44e3c5a85a6369f41ec466 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 12 Jul 2022 09:13:45 -0400 Subject: [PATCH 218/344] Update roles/0-init/tasks/validate_vars.yml Co-authored-by: A Holt --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 2a972370d..06d565c3d 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 46 + 46 + 42 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd From 594386073a8caff42eeed2904fe4f982d94687c2 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 12 Jul 2022 09:13:54 -0400 Subject: [PATCH 219/344] Update roles/matomo/README.adoc Co-authored-by: A Holt --- roles/matomo/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index bcb110c2f..4d7ca6589 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -53,7 +53,7 @@ Below the "Visitors" button is a second button, "Behavior". Click on the "Pages" === IIAB Tips, Tricks, and Gotchas -1. If your Internet In A Box setup is without power and Internet access, it will not be a ble to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. +1. If your Internet-in-a-Box setup is without power and Internet access, it will not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. 2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. From 9c812e16e7f0e227ad2fae225d1f09b389794770 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 12 Jul 2022 11:50:43 -0400 Subject: [PATCH 220/344] Update validate_vars.yml --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 8520f31ba..e72677e44 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -64,7 +64,7 @@ # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 46 + 46 + 42 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd From d4492ef0c8bbdc4de0a874a44951966f8016a5fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 12 Jul 2022 12:33:54 -0400 Subject: [PATCH 221/344] scripts/local_facts.fact: Stop supporting Ubuntu 22.10 (Impish Indri) --- scripts/local_facts.fact | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 3c50c360e..a393c2232 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -64,6 +64,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-18" | \ #"ubuntu-19" | \ #"ubuntu-2104" | \ + #"ubuntu-2210" | \ #"centos-7" | \ #"raspbian-8" | \ #"raspbian-9" | \ @@ -78,7 +79,6 @@ case $OS_VER in "ubuntu-2004" | \ "ubuntu-2110" | \ "ubuntu-2204" | \ - "ubuntu-2210" | \ "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") From afc70f6f62178e2b60703c7911a200d2ec4b5eea Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Jul 2022 00:55:11 -0500 Subject: [PATCH 222/344] exit code --- iiab-network | 1 + 1 file changed, 1 insertion(+) diff --git a/iiab-network b/iiab-network index 6ff4b5cd3..9ac41f986 100755 --- a/iiab-network +++ b/iiab-network @@ -94,3 +94,4 @@ echo "iiab-network run start: $Start" echo "iiab-network run end: $End" echo echo "Please REBOOT to fully verify your network -- graphical desktops MUST reboot!" +exit 0 From ce47c8e7b104144cb94e724eeb2077f06f05fbcf Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Jul 2022 00:58:45 -0500 Subject: [PATCH 223/344] helper script --- scripts/iiab-network | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 scripts/iiab-network diff --git a/scripts/iiab-network b/scripts/iiab-network new file mode 100644 index 000000000..03d1cee87 --- /dev/null +++ b/scripts/iiab-network @@ -0,0 +1,7 @@ +#!/bin/bash -e +cd /opt/iiab/iiab +sudo ./iiab-network +rc=$? +if [ “${rc}” == “0” ]; then + sudo touch /etc/iiab/install-flags/iiab-network-complete +fi From 21dcbcaf4fffd136fa8cd0eb3e888ca0e200d43c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Jul 2022 01:03:27 -0500 Subject: [PATCH 224/344] install helper script --- roles/1-prep/tasks/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 96ff6779d..929dd04da 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,12 +23,18 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? -- name: Copy iiab-apps-to-be-installed from {{ iiab_dir }} to /usr/bin/ +- name: Copy iiab-apps-to-be-installed from {{ iiab_dir }}/scripts to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab dest: /usr/bin/ mode: '0755' +- name: Copy iiab-network from {{ iiab_dir }}/scripts to /usr/local/bin/ + copy: + src: "{{ iiab_dir }}/scripts/iiab-network" + dest: /usr/local/bin/ + mode: '0755' + - name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/install.yml when: network_install and network_installed is undefined From 5d96561e73293a89c436dcdec8423445e31b7d8a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:21:16 -0400 Subject: [PATCH 225/344] Fix local_facts.fact to deprecate 21.10 not 22.10 --- scripts/local_facts.fact | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index a393c2232..57d56575b 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -64,7 +64,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-18" | \ #"ubuntu-19" | \ #"ubuntu-2104" | \ - #"ubuntu-2210" | \ + #"ubuntu-2110" | \ #"centos-7" | \ #"raspbian-8" | \ #"raspbian-9" | \ @@ -77,8 +77,8 @@ case $OS_VER in "debian-11" | \ "debian-12" | \ "ubuntu-2004" | \ - "ubuntu-2110" | \ "ubuntu-2204" | \ + "ubuntu-2210" | \ "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") From 602f3ba87096cebf4600a6718053d953945a3bf9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:29:50 -0400 Subject: [PATCH 226/344] Rename ubuntu-2104.yml to ubuntu-2104.yml.unused --- vars/{ubuntu-2104.yml => ubuntu-2104.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{ubuntu-2104.yml => ubuntu-2104.yml.unused} (100%) diff --git a/vars/ubuntu-2104.yml b/vars/ubuntu-2104.yml.unused similarity index 100% rename from vars/ubuntu-2104.yml rename to vars/ubuntu-2104.yml.unused From 3102a731aae9856196ee8ce6b19392f9fb8267ba Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:30:33 -0400 Subject: [PATCH 227/344] Rename ubuntu-2110.yml to ubuntu-2110.yml.unused --- vars/{ubuntu-2110.yml => ubuntu-2110.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{ubuntu-2110.yml => ubuntu-2110.yml.unused} (100%) diff --git a/vars/ubuntu-2110.yml b/vars/ubuntu-2110.yml.unused similarity index 100% rename from vars/ubuntu-2110.yml rename to vars/ubuntu-2110.yml.unused From 288ce650ae02adbac819caf27854b05f9fcbecb9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:32:53 -0400 Subject: [PATCH 228/344] Rename raspbian-10.yml to raspbian-10.yml.unused --- vars/{raspbian-10.yml => raspbian-10.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{raspbian-10.yml => raspbian-10.yml.unused} (100%) diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml.unused similarity index 100% rename from vars/raspbian-10.yml rename to vars/raspbian-10.yml.unused From 815607e7c53984ea7c1cdc4054222602543c6cd6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:33:16 -0400 Subject: [PATCH 229/344] Rename raspbian-9.yml to raspbian-9.yml.unused --- vars/{raspbian-9.yml => raspbian-9.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{raspbian-9.yml => raspbian-9.yml.unused} (100%) diff --git a/vars/raspbian-9.yml b/vars/raspbian-9.yml.unused similarity index 100% rename from vars/raspbian-9.yml rename to vars/raspbian-9.yml.unused From 144196734eca62f6af667b29e6218813c814e5fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:33:37 -0400 Subject: [PATCH 230/344] Rename raspbian-8.yml to raspbian-8.yml.unused --- vars/{raspbian-8.yml => raspbian-8.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{raspbian-8.yml => raspbian-8.yml.unused} (100%) diff --git a/vars/raspbian-8.yml b/vars/raspbian-8.yml.unused similarity index 100% rename from vars/raspbian-8.yml rename to vars/raspbian-8.yml.unused From 572df993d340c0a5a96d354cc08fe7175b579b95 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:34:20 -0400 Subject: [PATCH 231/344] Rename debian-10.yml to debian-10.yml.unused --- vars/{debian-10.yml => debian-10.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{debian-10.yml => debian-10.yml.unused} (100%) diff --git a/vars/debian-10.yml b/vars/debian-10.yml.unused similarity index 100% rename from vars/debian-10.yml rename to vars/debian-10.yml.unused From cc42b6e234e98b82e250e5d9985b500ef8bddec5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:34:42 -0400 Subject: [PATCH 232/344] Rename debian-9.yml to debian-9.yml.unused --- vars/{debian-9.yml => debian-9.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{debian-9.yml => debian-9.yml.unused} (100%) diff --git a/vars/debian-9.yml b/vars/debian-9.yml.unused similarity index 100% rename from vars/debian-9.yml rename to vars/debian-9.yml.unused From 50bd128ee73ad0a0fafafbce452793d969f5a37d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:35:00 -0400 Subject: [PATCH 233/344] Rename debian-8.yml to debian-8.yml.unused --- vars/{debian-8.yml => debian-8.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{debian-8.yml => debian-8.yml.unused} (100%) diff --git a/vars/debian-8.yml b/vars/debian-8.yml.unused similarity index 100% rename from vars/debian-8.yml rename to vars/debian-8.yml.unused From 41dd93627621cc2a0191815c990f428cec2a970e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:35:19 -0400 Subject: [PATCH 234/344] Rename centos-7.yml to centos-7.yml.unused --- vars/{centos-7.yml => centos-7.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{centos-7.yml => centos-7.yml.unused} (100%) diff --git a/vars/centos-7.yml b/vars/centos-7.yml.unused similarity index 100% rename from vars/centos-7.yml rename to vars/centos-7.yml.unused From ac8c7ad0909c8923301b9a90267ee3c571f80d60 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:35:39 -0400 Subject: [PATCH 235/344] Rename fedora-22.yml to fedora-22.yml.unused --- vars/{fedora-22.yml => fedora-22.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{fedora-22.yml => fedora-22.yml.unused} (100%) diff --git a/vars/fedora-22.yml b/vars/fedora-22.yml.unused similarity index 100% rename from vars/fedora-22.yml rename to vars/fedora-22.yml.unused From b62432d8ab985da2ffafb78104c8ba7b4610f458 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:35:55 -0400 Subject: [PATCH 236/344] Rename fedora-18.yml to fedora-18.yml.unused --- vars/{fedora-18.yml => fedora-18.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{fedora-18.yml => fedora-18.yml.unused} (100%) diff --git a/vars/fedora-18.yml b/vars/fedora-18.yml.unused similarity index 100% rename from vars/fedora-18.yml rename to vars/fedora-18.yml.unused From 1d1ef405a9446852aa6e5db511121fd8a889e8a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 11:53:11 -0400 Subject: [PATCH 237/344] scripts/iiab-network: Lint bash conditional, for #3308 --- scripts/iiab-network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-network b/scripts/iiab-network index 03d1cee87..9e56350eb 100644 --- a/scripts/iiab-network +++ b/scripts/iiab-network @@ -2,6 +2,6 @@ cd /opt/iiab/iiab sudo ./iiab-network rc=$? -if [ “${rc}” == “0” ]; then +if [[ $rc == "0" ]]; then sudo touch /etc/iiab/install-flags/iiab-network-complete fi From 62459e3db51d8df81c434b4aeae7ef112d1d7a86 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 15 Jul 2022 10:24:31 -0400 Subject: [PATCH 238/344] default_vars.yml: kiwix-3.5.0.apk from 2022-05-31 --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c1ff11bb9..c5832015f 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -486,7 +486,7 @@ kiwix_port: 3000 iiab_zim_path: "{{ content_base }}/zims" # /library/zims kiwix_incl_apk: False kiwix_apk_url: /software/kiwix -kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix-3.4.5.apk +kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix-3.5.0.apk # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as PostgreSQL is installed on # demand as a dependency -- by Moodle &/or Pathagar From b1e2a4db67ab253ee0a85b3f5973451cbde8fcee Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 15 Jul 2022 10:49:19 -0400 Subject: [PATCH 239/344] kiwix/tasks/kiwix-apk.yml: Lint & revise comment #3310 --- roles/kiwix/tasks/kiwix-apk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/kiwix-apk.yml b/roles/kiwix/tasks/kiwix-apk.yml index e81711013..049cc5476 100644 --- a/roles/kiwix/tasks/kiwix-apk.yml +++ b/roles/kiwix/tasks/kiwix-apk.yml @@ -6,7 +6,7 @@ - name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }} get_url: - url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix.apk + url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix-3.5.0.apk formerly kiwix.apk dest: "{{ doc_root }}{{ kiwix_apk_url }}" timeout: "{{ download_timeout }}" From b4dae53f2b77d5653abac2da4a321ac875404261 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 15 Jul 2022 21:11:30 -0400 Subject: [PATCH 240/344] default_vars.yml: Try kiwix.apk not kiwix-3.5.0.apk --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c5832015f..ecfa0d677 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -486,7 +486,7 @@ kiwix_port: 3000 iiab_zim_path: "{{ content_base }}/zims" # /library/zims kiwix_incl_apk: False kiwix_apk_url: /software/kiwix -kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix-3.5.0.apk +kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as PostgreSQL is installed on # demand as a dependency -- by Moodle &/or Pathagar From 57aabf0fc6757148a21bfeee7a2a4b58914a02cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 15 Jul 2022 21:14:00 -0400 Subject: [PATCH 241/344] Clarify kiwix/tasks/kiwix-apk.yml --- roles/kiwix/tasks/kiwix-apk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/kiwix-apk.yml b/roles/kiwix/tasks/kiwix-apk.yml index 049cc5476..fa03667f3 100644 --- a/roles/kiwix/tasks/kiwix-apk.yml +++ b/roles/kiwix/tasks/kiwix-apk.yml @@ -6,7 +6,7 @@ - name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }} get_url: - url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix-3.5.0.apk formerly kiwix.apk + url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix.apk formerly kiwix-3.5.0.apk dest: "{{ doc_root }}{{ kiwix_apk_url }}" timeout: "{{ download_timeout }}" From a9e92191db71497caa804f485835a37f84d5e6e3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 Jul 2022 01:16:36 -0500 Subject: [PATCH 242/344] remove named and dhcpd install options --- roles/network/tasks/NM-debian.yml | 4 +- roles/network/tasks/computed_services.yml | 30 +++--- roles/network/tasks/debian.yml | 2 +- .../tasks/{dhcpd.yml => dhcpd.yml.unused} | 0 ...down-debian.yml => down-debian.yml.unused} | 0 roles/network/tasks/enable_services.yml | 97 ++++++++++--------- roles/network/tasks/install.yml | 12 +-- roles/network/tasks/main.yml | 18 ++-- .../tasks/{named.yml => named.yml.unused} | 0 roles/network/tasks/restart.yml | 13 +-- roles/network/tasks/rpi_debian.yml | 6 +- roles/network/tasks/sysd-netd-debian.yml | 4 +- .../captive-portal.py.j2 | 0 .../{dhcp => dhcp.unused}/dhcpd-env.j2 | 0 .../{dhcp => dhcp.unused}/dhcpd-iiab.conf.j2 | 0 .../{dhcp => dhcp.unused}/dhcpd.service | 0 .../{named => named.unused}/bind9.service | 0 .../{named => named.unused}/dns-jail.conf | 0 .../templates/{named => named.unused}/dummy | 0 .../{named => named.unused}/localdomain.zone | 0 .../{named => named.unused}/localhost.zone | 0 .../templates/{named => named.unused}/named | 0 .../named-iiab.conf.j2 | 0 .../{named => named.unused}/named.blackhole | 0 .../{named => named.unused}/named.broadcast | 0 .../{named => named.unused}/named.ip6.local | 0 .../{named => named.unused}/named.j2 | 0 .../{named => named.unused}/named.local | 0 .../named.rfc1912.zones | 0 .../{named => named.unused}/named.root | 0 .../{named => named.unused}/named.root.hints | 0 .../{named => named.unused}/named.service | 0 .../{named => named.unused}/named.zero | 0 .../school.external.zone.db | 0 .../school.internal.zone.16.in-addr.db.j2 | 0 .../school.internal.zone.32.in-addr.db.j2 | 0 .../school.internal.zone.48.in-addr.db.j2 | 0 .../school.internal.zone.db.j2 | 0 .../school.internal.zone.in-addr.db.j2 | 0 .../school.local.zone.db.j2 | 0 40 files changed, 95 insertions(+), 91 deletions(-) rename roles/network/tasks/{dhcpd.yml => dhcpd.yml.unused} (100%) rename roles/network/tasks/{down-debian.yml => down-debian.yml.unused} (100%) rename roles/network/tasks/{named.yml => named.yml.unused} (100%) rename roles/network/templates/{captive-portal => captive-portal.unused}/captive-portal.py.j2 (100%) rename roles/network/templates/{dhcp => dhcp.unused}/dhcpd-env.j2 (100%) rename roles/network/templates/{dhcp => dhcp.unused}/dhcpd-iiab.conf.j2 (100%) rename roles/network/templates/{dhcp => dhcp.unused}/dhcpd.service (100%) rename roles/network/templates/{named => named.unused}/bind9.service (100%) rename roles/network/templates/{named => named.unused}/dns-jail.conf (100%) rename roles/network/templates/{named => named.unused}/dummy (100%) rename roles/network/templates/{named => named.unused}/localdomain.zone (100%) rename roles/network/templates/{named => named.unused}/localhost.zone (100%) rename roles/network/templates/{named => named.unused}/named (100%) rename roles/network/templates/{named => named.unused}/named-iiab.conf.j2 (100%) rename roles/network/templates/{named => named.unused}/named.blackhole (100%) rename roles/network/templates/{named => named.unused}/named.broadcast (100%) rename roles/network/templates/{named => named.unused}/named.ip6.local (100%) rename roles/network/templates/{named => named.unused}/named.j2 (100%) rename roles/network/templates/{named => named.unused}/named.local (100%) rename roles/network/templates/{named => named.unused}/named.rfc1912.zones (100%) rename roles/network/templates/{named => named.unused}/named.root (100%) rename roles/network/templates/{named => named.unused}/named.root.hints (100%) rename roles/network/templates/{named => named.unused}/named.service (100%) rename roles/network/templates/{named => named.unused}/named.zero (100%) rename roles/network/templates/{named => named.unused}/school.external.zone.db (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.16.in-addr.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.32.in-addr.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.48.in-addr.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.in-addr.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.local.zone.db.j2 (100%) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 8cf977c8a..d5dad9ffc 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -1,6 +1,6 @@ # NM-debian.yml -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml # provide keyfile layout like the XO's used way back. #- name: Create uuid for NM's keyfile store diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 47c3cd7cc..939167cce 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -22,30 +22,30 @@ - name: No LAN configured - non-dnsmasq set_fact: - named_enabled: True - dhcpd_enabled: False +# named_enabled: True +# dhcpd_enabled: False dhcp_service2: "dhcpd disabled" when: not dnsmasq_enabled and iiab_network_mode == "Appliance" - name: LAN configured - non-dnsmasq set_fact: - named_enabled: True - dhcpd_enabled: True +# named_enabled: True +# dhcpd_enabled: True dhcp_service2: "dhcpd" when: not dnsmasq_enabled and iiab_network_mode != "Appliance" - name: LAN configured - dnsmasq set_fact: - named_enabled: False - dhcpd_enabled: False +# named_enabled: False +# dhcpd_enabled: False dnsmasq_enabled: True dhcp_service2: "dnsmasq" when: dnsmasq_install and iiab_network_mode != "Appliance" - name: LAN not configured - dnsmasq set_fact: - named_enabled: False - dhcpd_enabled: False +# named_enabled: False +# dhcpd_enabled: False dnsmasq_enabled: True dhcp_service2: "dnsmasq" when: dnsmasq_install and iiab_network_mode == "Appliance" @@ -71,12 +71,12 @@ # value: "{{ wondershaper_enabled }}" - option: iiab_network_mode_applied value: "{{ iiab_network_mode }}" - - option: dhcpd_enabled - value: "{{ dhcpd_enabled }}" - - option: dhcp_service2 - value: "{{ dhcp_service2 }}" - - option: named_enabled - value: "{{ named_enabled }}" +# - option: dhcpd_enabled +# value: "{{ dhcpd_enabled }}" +# - option: dhcp_service2 +# value: "{{ dhcp_service2 }}" +# - option: named_enabled +# value: "{{ named_enabled }}" - option: dnsmasq_enabled value: "{{ dnsmasq_enabled }}" - option: no_net_restart @@ -89,7 +89,7 @@ value: "{{ host_wifi_mode }}" - option: host_channel value: "{{ host_channel }}" - + - name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 74ca452c7..52982af42 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -62,7 +62,7 @@ regexp: "{{ iiab_wan_iface }}" when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian and not is_debian_8 -- include_tasks: down-debian.yml +#- include_tasks: down-debian.yml - name: Reload systemd systemd: diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml.unused similarity index 100% rename from roles/network/tasks/dhcpd.yml rename to roles/network/tasks/dhcpd.yml.unused diff --git a/roles/network/tasks/down-debian.yml b/roles/network/tasks/down-debian.yml.unused similarity index 100% rename from roles/network/tasks/down-debian.yml rename to roles/network/tasks/down-debian.yml.unused diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index bf73f1f77..50d0f69ed 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -1,70 +1,72 @@ -- name: Disable dhcpd service - service: - name: dhcpd - enabled: no - when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled +#- name: Disable dhcpd service +# service: +# name: dhcpd +# enabled: no +# when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled # service is restarted with NM dispatcher.d script -- name: Enable dhcpd service - service: - name: dhcpd - enabled: yes - when: dhcpd_install and dhcpd_enabled +#- name: Enable dhcpd service +# service: +# name: dhcpd +# enabled: yes +# when: dhcpd_install and dhcpd_enabled -- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates (root:root, 0644 by default) - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" +#- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates (root:root, 0644 by default) +# template: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" +# # owner: root + # group: root + # mode: "{{ item.mode }}" +# with_items: +# - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd' } +# - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf' } +# when: dhcpd_install and dhcpd_enabled + +#- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab (root:root, 0644 by default) +# template: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" # owner: root # group: root # mode: "{{ item.mode }}" - with_items: - - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd' } - - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf' } - when: dhcpd_install and dhcpd_enabled +# with_items: +# - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } +# - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } +# - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } +# when: named_install and named_enabled -- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab (root:root, 0644 by default) - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: "{{ item.mode }}" - with_items: - - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } - - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } - - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } - when: named_install and named_enabled +#- name: Enable named service ({{ dns_service }}) if named_enabled +# systemd: +# name: "{{ dns_service }}" +# enabled: yes +# when: named_install and named_enabled -- name: Enable named service ({{ dns_service }}) if named_enabled - systemd: - name: "{{ dns_service }}" - enabled: yes - when: named_install and named_enabled - -- name: Disable named service ({{ dns_service }}) if not named_enabled - systemd: - name: "{{ dns_service }}" - enabled: no - when: (named_install or named_installed is defined) and not named_enabled +#- name: Disable named service ({{ dns_service }}) if not named_enabled +# systemd: +# name: "{{ dns_service }}" +# enabled: no +# when: (named_install or named_installed is defined) and not named_enabled - name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance template: src: network/dnsmasq.conf.j2 dest: /etc/dnsmasq.d/iiab.conf - when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") + when: iiab_network_mode != "Appliance" +# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Install /etc/hosts.dnsmasq from template for /etc/dnsmasq.d/iiab.conf (instead of using /etc/hosts) template: src: network/hosts-dnsmasq.j2 dest: /etc/hosts.dnsmasq - when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") + when: iiab_network_mode != "Appliance" +# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Update /etc/dnsmasq.d/dnsmasq-iiab for custom dns setting template: src: network/dnsmasq-iiab dest: /etc/dnsmasq.d/dnsmasq-iiab - when: dnsmasq_install # 2020-05-10: Are all these dnsmasq_install conditions really still necessary ? +# when: dnsmasq_install # 2020-05-10: Are all these dnsmasq_install conditions really still necessary ? ## Another way to skin the cat ##- name: Check if systemd service networkd-dispatcher is enabled @@ -100,7 +102,8 @@ mode: 0755 # owner: root # group: root - when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") + when: nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") +# when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") @@ -108,13 +111,13 @@ file: path: /etc/dnsmasq.d/iiab.conf state: absent - when: (not dnsmasq_enabled) or (iiab_network_mode == "Appliance") + when: iiab_network_mode == "Appliance" - name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled systemd: name: iiab-dnsmasq enabled: yes - when: dnsmasq_install and dnsmasq_enabled +# when: dnsmasq_install and dnsmasq_enabled - name: Disable iiab-dnsmasq, if not dnsmasq_enabled systemd: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 65f7fb2c2..394286c32 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -62,14 +62,14 @@ # UNMAINTAINED -- name: Install named / BIND - include_tasks: roles/network/tasks/named.yml - when: named_install is defined and named_install +#- name: Install named / BIND +# include_tasks: roles/network/tasks/named.yml +# when: named_install is defined and named_install # UNMAINTAINED -- name: Install dhcpd - include_tasks: roles/network/tasks/dhcpd.yml - when: dhcpd_install is defined and dhcpd_install +#- name: Install dhcpd +# include_tasks: roles/network/tasks/dhcpd.yml +# when: dhcpd_install is defined and dhcpd_install # LESS MAINTAINED - name: Install Squid diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 567a21159..8e225eb40 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -47,17 +47,17 @@ # include_tasks: wondershaper.yml # when: wondershaper_install or wondershaper_installed is defined - - name: (Re)Install named - include_tasks: named.yml - when: named_install and FQDN_changed and iiab_stage|int == 9 +# - name: (Re)Install named +# include_tasks: named.yml +# when: named_install and FQDN_changed and iiab_stage|int == 9 - - name: (Re)Install dhcpd - include_tasks: dhcpd.yml - when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 +# - name: (Re)Install dhcpd +# include_tasks: dhcpd.yml +# when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 - - name: (Re)Install Squid - include_tasks: squid.yml - when: squid_install and FQDN_changed and iiab_stage|int == 9 +# - name: (Re)Install Squid +# include_tasks: squid.yml +# when: squid_install and FQDN_changed and iiab_stage|int == 9 #preprep for backends - name: Netplan in use on Ubuntu 18.04+ diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml.unused similarity index 100% rename from roles/network/tasks/named.yml rename to roles/network/tasks/named.yml.unused diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 0dda30a6f..659a18329 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -29,11 +29,11 @@ shell: netplan apply when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 -- name: Start named service - systemd: - name: "{{ dns_service }}" - state: restarted - when: named_enabled and named_install +#- name: Start named service +# systemd: +# name: "{{ dns_service }}" +# state: restarted +# when: named_enabled and named_install - name: Stop Squid service systemd: @@ -98,7 +98,8 @@ #both interfaces.d and systemd-networkd should have br0 available and Appliance lacks br0 #keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address #due to hostapd didn't go to a carrier state. All others should get dnsmasq restarted -- name: User choice of dnsmasq or dhcpd - restarting {{ dhcp_service2 }} +#- name: User choice of dnsmasq or dhcpd - restarting {{ dhcp_service2 }} +- name: Restarting {{ dhcp_service2 }} systemd: name: "{{ dhcp_service2 }}" state: restarted diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 9c245a5f6..4d672ad0b 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -31,7 +31,7 @@ when: country_code is defined and country_code.stdout | length > 0 - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec - lineinfile: + lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} @@ -54,8 +54,8 @@ src: network/dnsmasq-iiab when: iiab_lan_iface == "br0" -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml - name: Reload systemd systemd: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index c32b966a1..e88c0483e 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -44,8 +44,8 @@ #when: wan_ip != "dhcp" and not is_ubuntu_18 -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml - name: Reload systemd systemd: diff --git a/roles/network/templates/captive-portal/captive-portal.py.j2 b/roles/network/templates/captive-portal.unused/captive-portal.py.j2 similarity index 100% rename from roles/network/templates/captive-portal/captive-portal.py.j2 rename to roles/network/templates/captive-portal.unused/captive-portal.py.j2 diff --git a/roles/network/templates/dhcp/dhcpd-env.j2 b/roles/network/templates/dhcp.unused/dhcpd-env.j2 similarity index 100% rename from roles/network/templates/dhcp/dhcpd-env.j2 rename to roles/network/templates/dhcp.unused/dhcpd-env.j2 diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp.unused/dhcpd-iiab.conf.j2 similarity index 100% rename from roles/network/templates/dhcp/dhcpd-iiab.conf.j2 rename to roles/network/templates/dhcp.unused/dhcpd-iiab.conf.j2 diff --git a/roles/network/templates/dhcp/dhcpd.service b/roles/network/templates/dhcp.unused/dhcpd.service similarity index 100% rename from roles/network/templates/dhcp/dhcpd.service rename to roles/network/templates/dhcp.unused/dhcpd.service diff --git a/roles/network/templates/named/bind9.service b/roles/network/templates/named.unused/bind9.service similarity index 100% rename from roles/network/templates/named/bind9.service rename to roles/network/templates/named.unused/bind9.service diff --git a/roles/network/templates/named/dns-jail.conf b/roles/network/templates/named.unused/dns-jail.conf similarity index 100% rename from roles/network/templates/named/dns-jail.conf rename to roles/network/templates/named.unused/dns-jail.conf diff --git a/roles/network/templates/named/dummy b/roles/network/templates/named.unused/dummy similarity index 100% rename from roles/network/templates/named/dummy rename to roles/network/templates/named.unused/dummy diff --git a/roles/network/templates/named/localdomain.zone b/roles/network/templates/named.unused/localdomain.zone similarity index 100% rename from roles/network/templates/named/localdomain.zone rename to roles/network/templates/named.unused/localdomain.zone diff --git a/roles/network/templates/named/localhost.zone b/roles/network/templates/named.unused/localhost.zone similarity index 100% rename from roles/network/templates/named/localhost.zone rename to roles/network/templates/named.unused/localhost.zone diff --git a/roles/network/templates/named/named b/roles/network/templates/named.unused/named similarity index 100% rename from roles/network/templates/named/named rename to roles/network/templates/named.unused/named diff --git a/roles/network/templates/named/named-iiab.conf.j2 b/roles/network/templates/named.unused/named-iiab.conf.j2 similarity index 100% rename from roles/network/templates/named/named-iiab.conf.j2 rename to roles/network/templates/named.unused/named-iiab.conf.j2 diff --git a/roles/network/templates/named/named.blackhole b/roles/network/templates/named.unused/named.blackhole similarity index 100% rename from roles/network/templates/named/named.blackhole rename to roles/network/templates/named.unused/named.blackhole diff --git a/roles/network/templates/named/named.broadcast b/roles/network/templates/named.unused/named.broadcast similarity index 100% rename from roles/network/templates/named/named.broadcast rename to roles/network/templates/named.unused/named.broadcast diff --git a/roles/network/templates/named/named.ip6.local b/roles/network/templates/named.unused/named.ip6.local similarity index 100% rename from roles/network/templates/named/named.ip6.local rename to roles/network/templates/named.unused/named.ip6.local diff --git a/roles/network/templates/named/named.j2 b/roles/network/templates/named.unused/named.j2 similarity index 100% rename from roles/network/templates/named/named.j2 rename to roles/network/templates/named.unused/named.j2 diff --git a/roles/network/templates/named/named.local b/roles/network/templates/named.unused/named.local similarity index 100% rename from roles/network/templates/named/named.local rename to roles/network/templates/named.unused/named.local diff --git a/roles/network/templates/named/named.rfc1912.zones b/roles/network/templates/named.unused/named.rfc1912.zones similarity index 100% rename from roles/network/templates/named/named.rfc1912.zones rename to roles/network/templates/named.unused/named.rfc1912.zones diff --git a/roles/network/templates/named/named.root b/roles/network/templates/named.unused/named.root similarity index 100% rename from roles/network/templates/named/named.root rename to roles/network/templates/named.unused/named.root diff --git a/roles/network/templates/named/named.root.hints b/roles/network/templates/named.unused/named.root.hints similarity index 100% rename from roles/network/templates/named/named.root.hints rename to roles/network/templates/named.unused/named.root.hints diff --git a/roles/network/templates/named/named.service b/roles/network/templates/named.unused/named.service similarity index 100% rename from roles/network/templates/named/named.service rename to roles/network/templates/named.unused/named.service diff --git a/roles/network/templates/named/named.zero b/roles/network/templates/named.unused/named.zero similarity index 100% rename from roles/network/templates/named/named.zero rename to roles/network/templates/named.unused/named.zero diff --git a/roles/network/templates/named/school.external.zone.db b/roles/network/templates/named.unused/school.external.zone.db similarity index 100% rename from roles/network/templates/named/school.external.zone.db rename to roles/network/templates/named.unused/school.external.zone.db diff --git a/roles/network/templates/named/school.internal.zone.16.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.16.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.16.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.16.in-addr.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.32.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.32.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.32.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.32.in-addr.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.48.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.48.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.48.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.48.in-addr.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.db.j2 b/roles/network/templates/named.unused/school.internal.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.in-addr.db.j2 diff --git a/roles/network/templates/named/school.local.zone.db.j2 b/roles/network/templates/named.unused/school.local.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.local.zone.db.j2 rename to roles/network/templates/named.unused/school.local.zone.db.j2 From bcc59a0bc36bef48fcc7b8e5e321c8fb8aa9749e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 Jul 2022 02:04:05 -0500 Subject: [PATCH 243/344] cleanups --- roles/network/tasks/computed_services.yml | 36 +++++++++++------------ roles/network/tasks/enable_services.yml | 14 ++++----- roles/network/tasks/restart.yml | 7 +++-- 3 files changed, 29 insertions(+), 28 deletions(-) diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 939167cce..9527ed7d3 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -20,35 +20,35 @@ iiab_network_mode: "Gateway" when: iiab_lan_iface != "none" and iiab_wan_iface != "none" -- name: No LAN configured - non-dnsmasq - set_fact: +#- name: No LAN configured - non-dnsmasq +# set_fact: # named_enabled: True # dhcpd_enabled: False - dhcp_service2: "dhcpd disabled" - when: not dnsmasq_enabled and iiab_network_mode == "Appliance" +# dhcp_service2: "dhcpd disabled" +# when: not dnsmasq_enabled and iiab_network_mode == "Appliance" -- name: LAN configured - non-dnsmasq - set_fact: +#- name: LAN configured - non-dnsmasq +# set_fact: # named_enabled: True # dhcpd_enabled: True - dhcp_service2: "dhcpd" - when: not dnsmasq_enabled and iiab_network_mode != "Appliance" +# dhcp_service2: "dhcpd" +# when: not dnsmasq_enabled and iiab_network_mode != "Appliance" -- name: LAN configured - dnsmasq - set_fact: +#- name: LAN configured - dnsmasq +# set_fact: # named_enabled: False # dhcpd_enabled: False - dnsmasq_enabled: True - dhcp_service2: "dnsmasq" - when: dnsmasq_install and iiab_network_mode != "Appliance" +# dnsmasq_enabled: True +# dhcp_service2: "dnsmasq" +# when: dnsmasq_install and iiab_network_mode != "Appliance" -- name: LAN not configured - dnsmasq - set_fact: +#- name: LAN not configured - dnsmasq +# set_fact: # named_enabled: False # dhcpd_enabled: False - dnsmasq_enabled: True - dhcp_service2: "dnsmasq" - when: dnsmasq_install and iiab_network_mode == "Appliance" +# dnsmasq_enabled: True +# dhcp_service2: "dnsmasq" +# when: dnsmasq_install and iiab_network_mode == "Appliance" - name: Add 'network' variable values (from computed_services.yml) to {{ iiab_ini_file }} ini_file: diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 50d0f69ed..f6686de3d 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -117,13 +117,13 @@ systemd: name: iiab-dnsmasq enabled: yes -# when: dnsmasq_install and dnsmasq_enabled + when: dnsmasq_enabled - name: Disable iiab-dnsmasq, if not dnsmasq_enabled systemd: name: iiab-dnsmasq enabled: no - when: dnsmasq_install and not dnsmasq_enabled + when: not dnsmasq_enabled # - name: Enable DansGuardian systemd service, if dansguardian_enabled # systemd: @@ -142,13 +142,13 @@ path: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=True' - when: squid_install and squid_enabled + when: squid_installed is defined and squid_enabled - name: Enable systemd service '{{ proxy }}' - if squid_install and squid_enabled systemd: name: "{{ proxy }}" # squid (or 'squid3' on vars/debian-8.yml, vars/raspbian-8.yml) enabled: yes - when: squid_install and squid_enabled + when: squid_installed is defined and squid_enabled - name: Install /etc/{{ proxy }}/squid.conf from template (root:root, 0644 by default) - and create a timestamped backup of the original - if squid_install and squid_enabled template: @@ -157,7 +157,7 @@ # owner: "{{ proxy_user }}" # proxy (or 'squid' on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml) # group: "{{ proxy_user }}" backup: yes - when: squid_install and squid_enabled + when: squid_installed is defined and squid_enabled # - name: Point /etc/init.d/{{ proxy }} to /etc/{{ proxy }}/squid-iiab.conf - if squid_install and squid_enabled # lineinfile: @@ -170,14 +170,14 @@ systemd: name: "{{ proxy }}" enabled: no - when: (squid_install or squid_installed is defined) and not squid_enabled + when: squid_installed is defined and not squid_enabled - name: Revert {{ iiab_env_file }} to 'HTTPCACHE_ON=False' - if squid_install and not squid_enabled lineinfile: path: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=False' - when: squid_install and not squid_enabled + when: squid_installed is defined and not squid_enabled # - name: Enable Wondershaper service, if wondershaper_enabled # systemd: diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 659a18329..de930332f 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -99,11 +99,12 @@ #keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address #due to hostapd didn't go to a carrier state. All others should get dnsmasq restarted #- name: User choice of dnsmasq or dhcpd - restarting {{ dhcp_service2 }} -- name: Restarting {{ dhcp_service2 }} +- name: Restarting dnsmasq systemd: - name: "{{ dhcp_service2 }}" + name: dnsmasq state: restarted - when: (not no_net_restart or (is_ubuntu and wifi_up_down)) or (iiab_stage|int == 9) + when: dnsmasq_enabled and ((not no_net_restart or (is_ubuntu and wifi_up_down)) or (iiab_stage|int == 9)) +# when: (not no_net_restart or (is_ubuntu and wifi_up_down)) or (iiab_stage|int == 9) #when: (not no_net_restart or (is_ubuntu_20 and wifi_up_down)) or (iiab_stage|int == 9) #when: (not no_net_restart or (is_ubuntu_20 and wifi_up_down)) #when: (iiab_network_mode != "Appliance") # Sufficient b/c br0 exists thanks to /etc/network/interfaces.d/iiab From 9ce883ab01d76adca063776552859964a3c0c4e5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 Jul 2022 00:51:33 -0500 Subject: [PATCH 244/344] lockout unsupported options --- roles/0-init/tasks/validate_vars.yml | 32 ++++++++++++++--------- vars/default_vars.yml | 38 ++++++++++++++-------------- 2 files changed, 39 insertions(+), 31 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f2f6cf8e0..5d4566055 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,15 +63,12 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 43 + 43 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd - - dhcpd - - named - dnsmasq - bluetooth - #- wondershaper # Unmaintained - sshd - openvpn - remoteit @@ -80,18 +77,10 @@ #- apache # Unmaintained - former dependency #- mysql # MANDATORY - squid - #- dansguardian # Unmaintained - cups - samba - usb_lib - #- xo_services # Unmaintained - #- activity_server # Unmaintained - #- ejabberd_xs # Unmaintained - #- idmgr # Unmaintained - azuracast - #- dokuwiki # Unmaintained - #- ejabberd # Unmaintained - #- elgg # Unmaintained - gitea - jupyterhub - lokole @@ -166,3 +155,22 @@ quiet: yes when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" + +# Validates stale options are not marked for install +- name: 'DISALLOW "XYZ_install: True" Unmaintained' + assert: + that: "{{ item }}_install is undefined" + fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" + quiet: yes + with_items: + - named + - dhcpd + - wondershaper # Unmaintained + - dansguardian # Unmaintained + - xo_services # Unmaintained + - activity_server # Unmaintained + - ejabberd_xs # Unmaintained + - idmgr # Unmaintained + - dokuwiki # Unmaintained + - ejabberd # Unmaintained + - elgg # Unmaintained diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ecfa0d677..cf80f3295 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -201,13 +201,13 @@ dnsmasq_install: True dnsmasq_enabled: True # UNMAINTAINED as of July 2021 -dhcpd_install: False -dhcpd_enabled: False +#dhcpd_install: False +#dhcpd_enabled: False # UNMAINTAINED as of July 2021 # named (BIND) -named_install: False -named_enabled: False +#named_install: False +#named_enabled: False block_DNS: False # Enable in local_vars.yml AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" @@ -357,20 +357,20 @@ nodocs: False # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. # UNMAINTAINED since about 2012-2017 -xo_services_install: False # 2020-01-23: UNUSED -xo_services_enabled: False # 2020-01-23: Used in idmgr/tasks/main.yml & iiab-admin-console/roles/console/files/htmlf/20-configure.html +#xo_services_install: False # 2020-01-23: UNUSED +#xo_services_enabled: False # 2020-01-23: Used in idmgr/tasks/main.yml & iiab-admin-console/roles/console/files/htmlf/20-configure.html # UNMAINTAINED since about 2012-2017 -activity_server_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml (originally defined in activity-server/defaults/main.yml) -activity_server_enabled: False # 2020-01-23: Used in activity-server/tasks/main.yml (originally defined in activity-server/defaults/main.yml) +#activity_server_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml (originally defined in activity-server/defaults/main.yml) +#activity_server_enabled: False # 2020-01-23: Used in activity-server/tasks/main.yml (originally defined in activity-server/defaults/main.yml) # UNMAINTAINED since about 2012-2017: consider 'ejabberd' in Stage 6-GENERIC-APPS below? -ejabberd_xs_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml & roles/ejabberd_xs/tasks/main.yml -ejabberd_xs_enabled: False # 2020-01-23: Used in roles/ejabberd_xs/tasks/main.yml +#ejabberd_xs_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml & roles/ejabberd_xs/tasks/main.yml +#ejabberd_xs_enabled: False # 2020-01-23: Used in roles/ejabberd_xs/tasks/main.yml # UNMAINTAINED since about 2012-2017: change calibre_port from 8080 to 8010 below, if you use idmgr -idmgr_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml -idmgr_enabled: False # 2020-01-23: UNUSED +#idmgr_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml +#idmgr_enabled: False # 2020-01-23: UNUSED # 6-GENERIC-APPS @@ -388,17 +388,17 @@ azuracast_https_port: 10443 azuracast_port_range_prefix: 10 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 -dokuwiki_install: False -dokuwiki_enabled: False -dokuwiki_url: /dokuwiki +#dokuwiki_install: False +#dokuwiki_enabled: False +#dokuwiki_url: /dokuwiki # UNMAINTAINED as of November 2019 -ejabberd_install: False -ejabberd_enabled: False +#ejabberd_install: False +#ejabberd_enabled: False # UNMAINTAINED as of July 2021 -elgg_install: False -elgg_enabled: False +#elgg_install: False +#elgg_enabled: False # elgg_mysql_password: $6$iiab51$jeTwnATcbaa92xo0QBTgjLBU.5aVDDrbKeNyyC99R/TAWz6pvfzj.L7lfnOVVjD78nxqT.gkNn6XZmuRV0W3o1 elgg_mysql_password: elgg4kids From e382d193dad3059b38ce226d673cf292c2b631b8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 Jul 2022 06:12:00 -0500 Subject: [PATCH 245/344] Removed --- roles/0-init/tasks/validate_vars.yml | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 5d4566055..b7da3e09d 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 43 + 43 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 43 + 43 + 39 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -159,18 +159,19 @@ # Validates stale options are not marked for install - name: 'DISALLOW "XYZ_install: True" Unmaintained' assert: - that: "{{ item }}_install is undefined" + that: "{{ item }}_install is undefined or not {{ item }}_install" + fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" quiet: yes with_items: - - named - - dhcpd - - wondershaper # Unmaintained - - dansguardian # Unmaintained - - xo_services # Unmaintained - - activity_server # Unmaintained - - ejabberd_xs # Unmaintained - - idmgr # Unmaintained - - dokuwiki # Unmaintained - - ejabberd # Unmaintained - - elgg # Unmaintained + - named # Removed + - dhcpd # Removed + - wondershaper # Removed + - dansguardian # Removed + #- xo_services # Unmaintained + #- activity_server # Unmaintained + #- ejabberd_xs # Unmaintained + #- idmgr # Unmaintained + #- dokuwiki # Unmaintained + #- ejabberd # Unmaintained + #- elgg # Unmaintained From 48bd4223bba76e50186e2e8f72c7a4788f05ee85 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 00:20:48 -0500 Subject: [PATCH 246/344] network speedup --- roles/firmware/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index edbd27da2..3e33890ba 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -18,7 +18,7 @@ - name: Install firmware (for RPi internal WiFi) include_tasks: install.yml - #when: firmware_installed is undefined + when: firmware_installed is undefined # Two variables are placed in /etc/iiab/iiab_state.yml: # From 30677d78295193d6e8b165607f2927805e79d84e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 00:21:40 -0500 Subject: [PATCH 247/344] correct procedure --- roles/firmware/templates/iiab-check-firmware | 10 ++++++---- roles/firmware/templates/iiab-firmware-warn.sh | 5 +++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index 9e66b6462..a953d70b8 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -44,10 +44,12 @@ else echo -e "settings in /etc/iiab/local_vars.yml, please then run:" echo echo -e " cd /opt/iiab/iiab" - echo -e " sudo iiab-hotspot-off # Sometimes nec, eg to restore 'wifi_up_down: True'" - echo -e " sudo ./iiab-network # Or, 'sudo ./runrole firmware' is SOMETIMES enough" - echo -e " sudo iiab-hotspot-on # Sometimes nec, eg to restore 'wifi_up_down: True'" - echo -e " sudo poweroff\n" +# echo -e " sudo iiab-hotspot-off # Sometimes nec, eg to restore 'wifi_up_down: True'" +# echo -e " sudo ./iiab-network # Or, 'sudo ./runrole firmware' is SOMETIMES enough" +# echo -e " sudo iiab-hotspot-on # Sometimes nec, eg to restore 'wifi_up_down: True'" +# echo -e " sudo poweroff\n" + echo -e " sudo ./runrole firmware" + echo -e " sudo reboot\n" #echo #echo -e "Disconnect your power cord before rebooting, for better WiFi firmware results.\n" fi diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index 03e98ba2e..77e38c71c 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -2,8 +2,9 @@ if [ -f /tmp/.fw_modified ]; then echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" - echo - echo -e "If you want this warning to stop, run: sudo rm /tmp/.fw_modified\n" + # /tmp should be auto cleaned with a reboot + #echo + #echo -e "If you want this warning to stop, run: sudo rm /tmp/.fw_modified\n" fi # \e[1m = bright white \e[100;1m = bright white, on gray \n\e[41;1m = bright white, on red From 6d089636341a959b814e849b73136399b8e83a73 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 00:26:40 -0500 Subject: [PATCH 248/344] name resolution failure on the iiab box post-install when iiab-network ran with usb0 uplink --- roles/network/tasks/sysd-netd-debian.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index e88c0483e..66281973d 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -64,6 +64,13 @@ enabled: yes masked: no +- name: Enable & Restart systemd-resolved.service + systemd: + name: systemd-resolved + state: restarted + enabled: yes + masked: no + - name: Enable & Restart networkd-dispatcher.service systemd: name: networkd-dispatcher From a2cbfc45d6f558e493272d4d8fb93c91b2a4275e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 16 Jul 2022 14:26:34 -0400 Subject: [PATCH 249/344] firmware/templates/iiab-firmware-warn.sh: Suggest reboot --- roles/firmware/templates/iiab-firmware-warn.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index 77e38c71c..dd2c34dba 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -2,9 +2,8 @@ if [ -f /tmp/.fw_modified ]; then echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" - # /tmp should be auto cleaned with a reboot - #echo - #echo -e "If you want this warning to stop, run: sudo rm /tmp/.fw_modified\n" + echo + echo -e "If you want this warning to stop, reboot to remove /tmp/.fw_modified\n" fi # \e[1m = bright white \e[100;1m = bright white, on gray \n\e[41;1m = bright white, on red From ffb831cf664d5035947d98c530f320f1a8aea98f Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 Jul 2022 09:41:20 -0400 Subject: [PATCH 250/344] Clean + explain 0-init/tasks/validate_vars.yml --- roles/0-init/tasks/validate_vars.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index b7da3e09d..934c4a561 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -156,18 +156,16 @@ when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" -# Validates stale options are not marked for install -- name: 'DISALLOW "XYZ_install: True" Unmaintained' +- name: 'DISALLOW "XYZ_install: True" if deprecated' assert: that: "{{ item }}_install is undefined or not {{ item }}_install" - fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" quiet: yes with_items: - - named # Removed - - dhcpd # Removed - - wondershaper # Removed - - dansguardian # Removed + - dhcpd # Deprecated + - named # Deprecated + - wondershaper # Deprecated + - dansguardian # Deprecated #- xo_services # Unmaintained #- activity_server # Unmaintained #- ejabberd_xs # Unmaintained From cf2b5a409755c567ca263b35e7cad6fa529de219 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 Jul 2022 10:00:21 -0400 Subject: [PATCH 251/344] iiab-check-firmware: Emphasize './runrole --reinstall firmware' --- roles/firmware/templates/iiab-check-firmware | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index a953d70b8..b26810440 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -44,11 +44,10 @@ else echo -e "settings in /etc/iiab/local_vars.yml, please then run:" echo echo -e " cd /opt/iiab/iiab" -# echo -e " sudo iiab-hotspot-off # Sometimes nec, eg to restore 'wifi_up_down: True'" -# echo -e " sudo ./iiab-network # Or, 'sudo ./runrole firmware' is SOMETIMES enough" -# echo -e " sudo iiab-hotspot-on # Sometimes nec, eg to restore 'wifi_up_down: True'" -# echo -e " sudo poweroff\n" - echo -e " sudo ./runrole firmware" + echo -e " sudo iiab-hotspot-off # NO LONGER NEC? eg to restore 'wifi_up_down: True'" + echo -e " sudo ./runrole --reinstall firmware" + echo -e " sudo ./iiab-network # SOMETIMES NECESSARY" + echo -e " sudo iiab-hotspot-on # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo reboot\n" #echo #echo -e "Disconnect your power cord before rebooting, for better WiFi firmware results.\n" From eb3c0a2684c81e6f916c8219c49918e8d304d1da Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 11:12:40 -0500 Subject: [PATCH 252/344] shut the log up for #3278 --- roles/network/tasks/enable_services.yml | 4 +++- roles/network/tasks/hostapd.yml | 2 +- roles/network/tasks/install.yml | 2 +- roles/network/tasks/sysd-netd-debian.yml | 1 + 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index f6686de3d..2991a0c58 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -95,6 +95,8 @@ #- debug: # var: nd_dir +# networkd-dispatcher not enabled for is_linuxmint https://github.com/iiab/iiab/issues/3278 +# might need the same dispatcher treatment using networkmanager-dispatcher to bring up dnsmasq or look at dnsmasq-iiab - name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04 or later) (root:root by default) template: src: roles/network/templates/network/dnsmasq.sh.j2 @@ -107,7 +109,7 @@ #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") -- name: Remove /etc/dnsmasq.d/iiab.conf, when not dnsmasq_enabled or is Appliance +- name: Remove /etc/dnsmasq.d/iiab.conf, when is Appliance file: path: /etc/dnsmasq.d/iiab.conf state: absent diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 3b9231a86..0bae7b20f 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -118,7 +118,7 @@ systemd: name: "{{ item }}" enabled: no - daemon_reload: yes + daemon_reload: yes with_items: - iiab-clone-wifi.service - iiab-wifi-test.service diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 394286c32..08ddb9113 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -7,7 +7,7 @@ package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present - when: not is_raspbian + when: not is_raspbian or not is_linuxmint # 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools) # are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 66281973d..3c0b3d875 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -77,3 +77,4 @@ state: restarted enabled: yes masked: no + when: not is_linuxmint From db52b47b81d2aaa655426cfde8c8b776c903a23b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Jul 2022 12:23:44 -0400 Subject: [PATCH 253/344] scripts/ansible: Recommend ansible-core 2.13.2 --- scripts/ansible | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 7a48bd30e..b5496c6e8 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] -GOOD_VER=2.13.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.13.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases (OLD) +# https://github.com/ansible/ansible/commits/stable-2.13 +# https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst # https://github.com/ansible/ansible/commits/stable-2.12 # https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-v2.12.rst # https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_12.rst From a907459b3e785efc5d2ea6191399567358ef3f2f Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 Jul 2022 16:19:36 -0400 Subject: [PATCH 254/344] vars/.yml: Remove dns_service, dns_user, dhcp_service --- vars/debian-11.yml | 8 +------- vars/debian-12.yml | 8 +------- vars/linuxmint-20.yml | 8 +------- vars/linuxmint-21.yml | 8 +------- vars/raspbian-11.yml | 8 +------- vars/ubuntu-2004.yml | 8 +------- vars/ubuntu-2204.yml | 8 +------- vars/ubuntu-2210.yml | 8 +------- 8 files changed, 8 insertions(+), 56 deletions(-) diff --git a/vars/debian-11.yml b/vars/debian-11.yml index 57160cecb..bf0154cef 100644 --- a/vars/debian-11.yml +++ b/vars/debian-11.yml @@ -4,23 +4,17 @@ is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_11: True -# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dhcp_service: isc-dhcp-server -dns_user: bind - proxy: squid proxy_user: proxy apache_service: apache2 apache_conf_dir: apache2/sites-available apache_user: www-data apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 7.4 diff --git a/vars/debian-12.yml b/vars/debian-12.yml index cf4fbfcea..3e22cd07e 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -4,23 +4,17 @@ is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_12: True -# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dhcp_service: isc-dhcp-server -dns_user: bind - proxy: squid proxy_user: proxy apache_service: apache2 apache_conf_dir: apache2/sites-available apache_user: www-data apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml index 0afc95bb0..4e3cc762b 100644 --- a/vars/linuxmint-20.yml +++ b/vars/linuxmint-20.yml @@ -6,23 +6,17 @@ is_ubuntu_20: True is_linuxmint: True is_linuxmint_20: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 7.4 diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index 0135cd65f..799915c1e 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -6,23 +6,17 @@ is_ubuntu_2204: True is_linuxmint: True is_linuxmint_21: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index 932455bc7..6ad1ebe21 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -6,23 +6,17 @@ is_debian_11: True is_raspbian: True is_raspbian_11: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_conf_dir: apache2/sites-available apache_user: www-data apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: ssh sshd_service: ssh php_version: 7.4 diff --git a/vars/ubuntu-2004.yml b/vars/ubuntu-2004.yml index 7e7e1a2ad..b5890c330 100644 --- a/vars/ubuntu-2004.yml +++ b/vars/ubuntu-2004.yml @@ -4,23 +4,17 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2004: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 7.4 diff --git a/vars/ubuntu-2204.yml b/vars/ubuntu-2204.yml index bbe849b36..47d60d401 100644 --- a/vars/ubuntu-2204.yml +++ b/vars/ubuntu-2204.yml @@ -4,23 +4,17 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2204: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml index e7ac7cc12..31d73daf9 100644 --- a/vars/ubuntu-2210.yml +++ b/vars/ubuntu-2210.yml @@ -4,23 +4,17 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2210: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 From 52989599dda1ade00bf46683a3c2e48c863da84c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 11:45:29 -0500 Subject: [PATCH 255/344] move iiab-internet-on|off - introduce netwarn --- roles/network/tasks/enable_services.yml | 11 ----------- roles/network/tasks/install.yml | 20 ++++++++++++++++++++ scripts/netwarn.sh | 8 ++++++++ 3 files changed, 28 insertions(+), 11 deletions(-) create mode 100644 scripts/netwarn.sh diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 2991a0c58..4566c00bb 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -202,17 +202,6 @@ # group: root mode: 0755 -- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) - template: - src: "{{ item }}" - dest: /usr/bin/ - # owner: root - # group: root - mode: 0755 - with_items: - - gateway/iiab-internet-on - - gateway/iiab-internet-off - - name: Add 'squid' variable values to {{ iiab_ini_file }} - if squid_installed is defined ini_file: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 08ddb9113..2a76b10c2 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -76,6 +76,26 @@ include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined +- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn + file: + src: "{{ iiab_dir }}/scripts/netwarn.sh" + dest: /usr/local/sbin/netwarn + mode: '0755' + state: link + +- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) + template: + src: "{{ item }}" + dest: /usr/bin/ + # owner: root + # group: root + mode: 0755 + with_items: + - gateway/iiab-internet-on + - gateway/iiab-internet-off + +# mate desktop detection based on 'register: nd_dir' + - name: "Set 'network_installed: True'" set_fact: diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh new file mode 100644 index 000000000..8524c22f8 --- /dev/null +++ b/scripts/netwarn.sh @@ -0,0 +1,8 @@ +if ! [ -f /etc/iiab/install-flags/iiab-network-complete ]; then + zenity --question --text="You need to provision the network. Ensure you have your upstream internet active first if needed. You will be prompted for your password. You should REBOOT afterwards, do you want to Proceed?" + rc=$? + if [ $rc == "1" ]; then + exit 1 + fi + x-terminal-emulator -e /usr/local/bin/iiab-network +fi From 8d42038ad2c0dc80121ee429c097ee91640cdd08 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 12:16:09 -0500 Subject: [PATCH 256/344] introduce netwarn-iiab-network.desktop --- roles/network/tasks/install.yml | 21 ++++++++++++++++++++- scripts/netwarn-iiab-network.desktop | 10 ++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 scripts/netwarn-iiab-network.desktop diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 2a76b10c2..301b3ddc0 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -94,8 +94,27 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off -# mate desktop detection based on 'register: nd_dir' +# mate desktop detection based on 'register: nd_dir' in enable_services +- name: Check if /usr/share/mate/autostart/ exists + stat: + path: /usr/share/mate/autostart/ + register: mate_dir +- name: Link /usr/share/mate/autostart/netwarn-iiab-network.desktop to {{ iiab_dir }}/scripts/netwarn-iiab-network.desktop + file: + src: "{{ iiab_dir }}/scripts/netwarn" + dest: /usr/share/mate/autostart/netwarn-iiab-network.desktop + mode: '0755' + state: link + when: mate_dir.stat.exists and mate_dir.stat.isdir + +# RpiOS detection based on register: lx in pwd-warnings.yml +- name: Is /etc/xdg/lxsession/LXDE-pi a directory? + stat: + path: /etc/xdg/lxsession/LXDE-pi + register: lx + +# clairify usage - name: "Set 'network_installed: True'" set_fact: diff --git a/scripts/netwarn-iiab-network.desktop b/scripts/netwarn-iiab-network.desktop new file mode 100644 index 000000000..35547ee41 --- /dev/null +++ b/scripts/netwarn-iiab-network.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Name[en_US]=iiab-network +Comment[en_US]=iiab-network +Name[en_CA]=iiab-network +Comment[en_CA]=iiab-network +Type=Application +Exec=/usr/local/sbin/netwarn +Hidden=false +Name=iiab-network +Comment=iiab-network From a3de7b389d3f6add35d748a13a63bddf85492dbe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 12:47:30 -0500 Subject: [PATCH 257/344] also allow ICO to set the complete flag --- roles/network/tasks/main.yml | 6 ++++++ scripts/iiab-network | 4 ---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 8e225eb40..1fce28475 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -101,3 +101,9 @@ include_tasks: restart.yml # end block when: network_installed is defined and network_enabled + +- name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. + file: + path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" + state: touch + when: iiab_stage|int == 9 diff --git a/scripts/iiab-network b/scripts/iiab-network index 9e56350eb..c2d12056f 100644 --- a/scripts/iiab-network +++ b/scripts/iiab-network @@ -1,7 +1,3 @@ #!/bin/bash -e cd /opt/iiab/iiab sudo ./iiab-network -rc=$? -if [[ $rc == "0" ]]; then - sudo touch /etc/iiab/install-flags/iiab-network-complete -fi From e6155e6a864c9cc8d5710d889b008b57b0a706ee Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 17 Jul 2022 15:15:56 -0500 Subject: [PATCH 258/344] netwarn - with reboot question --- roles/network/tasks/install.yml | 2 +- scripts/netwarn.sh | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 301b3ddc0..592c1612c 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -80,7 +80,7 @@ file: src: "{{ iiab_dir }}/scripts/netwarn.sh" dest: /usr/local/sbin/netwarn - mode: '0755' + mode: 0755 state: link - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh index 8524c22f8..641d5ba81 100644 --- a/scripts/netwarn.sh +++ b/scripts/netwarn.sh @@ -1,8 +1,20 @@ +#!/bin/bash if ! [ -f /etc/iiab/install-flags/iiab-network-complete ]; then - zenity --question --text="You need to provision the network. Ensure you have your upstream internet active first if needed. You will be prompted for your password. You should REBOOT afterwards, do you want to Proceed?" + zenity --question --width=200 --text="You need to provision the network. Ensure you have your upstream internet active first. You might be prompted for your password. Should you not want to provision the network at this time just click NO" rc=$? if [ $rc == "1" ]; then - exit 1 + exit 0 fi x-terminal-emulator -e /usr/local/bin/iiab-network + rc=$? + if [ $rc == "1" ]; then + zenity --question --width=200 --text="Network exited with error, please review /opt/iiab/iiab/iiab-network.log" + exit 1 + fi + zenity --question --width=200 --text="A REBOOT is recommended, would you like to REBOOT now?" + rc=$? + if [ $rc == "1" ]; then + exit 0 + fi + x-terminal-emulator -e /usr/sbin/reboot fi From 700cdc9a07d421eda9390267ebc6bf646f98e678 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 20:33:08 -0500 Subject: [PATCH 259/344] switch to using dash via sh --- scripts/netwarn.sh | 47 +++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh index 641d5ba81..457152b37 100644 --- a/scripts/netwarn.sh +++ b/scripts/netwarn.sh @@ -1,20 +1,29 @@ -#!/bin/bash -if ! [ -f /etc/iiab/install-flags/iiab-network-complete ]; then - zenity --question --width=200 --text="You need to provision the network. Ensure you have your upstream internet active first. You might be prompted for your password. Should you not want to provision the network at this time just click NO" - rc=$? - if [ $rc == "1" ]; then - exit 0 - fi - x-terminal-emulator -e /usr/local/bin/iiab-network - rc=$? - if [ $rc == "1" ]; then - zenity --question --width=200 --text="Network exited with error, please review /opt/iiab/iiab/iiab-network.log" - exit 1 - fi - zenity --question --width=200 --text="A REBOOT is recommended, would you like to REBOOT now?" - rc=$? - if [ $rc == "1" ]; then - exit 0 - fi - x-terminal-emulator -e /usr/sbin/reboot +#!/bin/sh +if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then + exit +fi + +zenity --question --width=350 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue?" +case $? in + -1|5) + exit 1 + ;; + + 1) + exit 0 + ;; + + 0) + x-terminal-emulator -e /usr/local/bin/iiab-network + ;; +esac + +if [ "$?" = "1" ]; then + zenity --warning --width=350 --text="iiab-network exited with error.\n\nPlease review /opt/iiab/iiab/iiab-network.log" + exit 1 +fi + +zenity --question --width=350 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" +if [ "$?" = "0" ]; then + x-terminal-emulator -e "sudo reboot" fi From a5c8dcc904e1c9c1426f5d8580e5560479d2e421 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 22:53:41 -0500 Subject: [PATCH 260/344] rework --- roles/network/tasks/install.yml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 592c1612c..20c6f279b 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -76,13 +76,7 @@ include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined -- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn - file: - src: "{{ iiab_dir }}/scripts/netwarn.sh" - dest: /usr/local/sbin/netwarn - mode: 0755 - state: link - +# all installs - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) template: src: "{{ item }}" @@ -100,11 +94,21 @@ path: /usr/share/mate/autostart/ register: mate_dir +# contents work with mate as of 'switch to using dash via sh' +# 'text' is up for debate other structural changes I do not recommend JV +# if need be cut a second version for RasPiOS + +- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn + file: + src: "{{ iiab_dir }}/scripts/netwarn.sh" + dest: /usr/local/sbin/netwarn + state: link + when: mate_dir.stat.exists and mate_dir.stat.isdir + - name: Link /usr/share/mate/autostart/netwarn-iiab-network.desktop to {{ iiab_dir }}/scripts/netwarn-iiab-network.desktop file: - src: "{{ iiab_dir }}/scripts/netwarn" + src: "{{ iiab_dir }}/scripts/netwarn-iiab-network.desktop" dest: /usr/share/mate/autostart/netwarn-iiab-network.desktop - mode: '0755' state: link when: mate_dir.stat.exists and mate_dir.stat.isdir From ad3d4f2ea913b27f184833ae203be4ba5a606e8d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 23:22:11 -0500 Subject: [PATCH 261/344] speedup - ssh ports are not changing --- roles/network/tasks/install.yml | 7 +++++-- roles/network/tasks/main.yml | 2 -- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 20c6f279b..330d6bd38 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -61,12 +61,12 @@ #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE -# UNMAINTAINED +# UNUSED #- name: Install named / BIND # include_tasks: roles/network/tasks/named.yml # when: named_install is defined and named_install -# UNMAINTAINED +# UNUSED #- name: Install dhcpd # include_tasks: roles/network/tasks/dhcpd.yml # when: dhcpd_install is defined and dhcpd_install @@ -88,6 +88,9 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off +- name: avahi + include_tasks: avahi.yml + # mate desktop detection based on 'register: nd_dir' in enable_services - name: Check if /usr/share/mate/autostart/ exists stat: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 1fce28475..aecbc5d7e 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -65,8 +65,6 @@ when: is_ubuntu and not is_ubuntu_16 #### Start services - - name: avahi - include_tasks: avahi.yml - name: hostapd include_tasks: hostapd.yml - name: computed_services From 9bc9f3aeee0c95b92cd0bf890d88409e229f961b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 23:49:25 -0500 Subject: [PATCH 262/344] fedora files --- .../templates/network/{ifcfg-WAN.j2 => ifcfg-WAN.j2.unsued} | 0 .../templates/network/{ifcfg-slave.j2 => ifcfg-slave.j2.unused} | 0 roles/network/templates/network/{ifcfg.j2 => ifcfg.j2.usused} | 0 .../network/{sysconfig.network.j2 => sysconfig.network.j2.unused} | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename roles/network/templates/network/{ifcfg-WAN.j2 => ifcfg-WAN.j2.unsued} (100%) rename roles/network/templates/network/{ifcfg-slave.j2 => ifcfg-slave.j2.unused} (100%) rename roles/network/templates/network/{ifcfg.j2 => ifcfg.j2.usused} (100%) rename roles/network/templates/network/{sysconfig.network.j2 => sysconfig.network.j2.unused} (100%) diff --git a/roles/network/templates/network/ifcfg-WAN.j2 b/roles/network/templates/network/ifcfg-WAN.j2.unsued similarity index 100% rename from roles/network/templates/network/ifcfg-WAN.j2 rename to roles/network/templates/network/ifcfg-WAN.j2.unsued diff --git a/roles/network/templates/network/ifcfg-slave.j2 b/roles/network/templates/network/ifcfg-slave.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg-slave.j2 rename to roles/network/templates/network/ifcfg-slave.j2.unused diff --git a/roles/network/templates/network/ifcfg.j2 b/roles/network/templates/network/ifcfg.j2.usused similarity index 100% rename from roles/network/templates/network/ifcfg.j2 rename to roles/network/templates/network/ifcfg.j2.usused diff --git a/roles/network/templates/network/sysconfig.network.j2 b/roles/network/templates/network/sysconfig.network.j2.unused similarity index 100% rename from roles/network/templates/network/sysconfig.network.j2 rename to roles/network/templates/network/sysconfig.network.j2.unused From ce25ac3cdc3232c24905240b79bee71693b64757 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 23:44:19 -0500 Subject: [PATCH 263/344] netplan setup is one time and may not even be needed --- roles/network/tasks/install.yml | 10 +++++++--- roles/network/tasks/main.yml | 5 ----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 330d6bd38..15ec9331c 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -45,6 +45,8 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' +- name: avahi + include_tasks: avahi.yml # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: - name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" @@ -76,6 +78,11 @@ include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined + #preprep for backends +- name: Netplan in use on Ubuntu 18.04+ + include_tasks: netplan.yml + when: is_ubuntu + # all installs - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) template: @@ -88,9 +95,6 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off -- name: avahi - include_tasks: avahi.yml - # mate desktop detection based on 'register: nd_dir' in enable_services - name: Check if /usr/share/mate/autostart/ exists stat: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index aecbc5d7e..579bf64e9 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -59,11 +59,6 @@ # include_tasks: squid.yml # when: squid_install and FQDN_changed and iiab_stage|int == 9 - #preprep for backends - - name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 - #### Start services - name: hostapd include_tasks: hostapd.yml From 85a5f8fd985d000ec1ddea47b0538e29d40cddd8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Jul 2022 00:05:34 -0500 Subject: [PATCH 264/344] unmask hostapd once --- roles/network/tasks/hostapd.yml | 3 +-- roles/network/tasks/install.yml | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 0bae7b20f..520567a66 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,8 +1,7 @@ -- name: Unmask the Access Point 'hostapd' service +- name: Disable the Access Point 'hostapd' service systemd: name: hostapd enabled: no - masked: no - name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected set_fact: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 15ec9331c..4272cd627 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -45,6 +45,12 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' +-- name: Unmask the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + masked: no + - name: avahi include_tasks: avahi.yml From 861652f141282ef212022e62a177aaabd4a4378e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Jul 2022 00:49:28 -0500 Subject: [PATCH 265/344] hostapd refinement --- roles/network/tasks/hostapd.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 520567a66..99fb6cf41 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,13 +1,14 @@ -- name: Disable the Access Point 'hostapd' service - systemd: - name: hostapd - enabled: no - - name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected set_fact: hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap +- name: Disable the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + when: not hostapd_enabled + - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel @@ -21,10 +22,12 @@ - name: Generate new random mac address for ap0 shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' register: ap0_mac + when: can_be_ap - name: Setting ap0 mac address for use in hostapd service file set_fact: ap0_mac_addr: "{{ ap0_mac.stdout }}" + when: can_be_ap - name: "Use custom 'hostapd' systemd service unit file using ap0 -- install from template: /etc/systemd/system/hostapd.service, /etc/systemd/system/iiab-clone-wifi.service, /etc/systemd/system/iiab-wifi-test.service, /usr/sbin/iiab-test-wifi" template: From a761450578941ae00a57e1a8930c6beccf5a21e2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Jul 2022 11:11:43 -0400 Subject: [PATCH 266/344] osm-vector-maps/tasks/install.yml: Clarify cities1000.sqlite is 26MB --- roles/osm-vector-maps/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index e441a6a41..2173090c4 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -20,7 +20,7 @@ - "{{ vector_map_path }}/viewer/tiles" - "{{ vector_map_path }}/installer" -- name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ +- name: Download 26MB {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" # e.g. https://raw.githubusercontent.com/iiab/maps + / + master + ... dest: "{{ vector_map_path }}/viewer/" From db770f1be5e2448c0e28b7904472011bfd22b12f Mon Sep 17 00:00:00 2001 From: root Date: Tue, 19 Jul 2022 12:17:19 -0400 Subject: [PATCH 267/344] roles/osm-vector-maps: D/l three 25-48MB files from repo iiab/maps-assets --- roles/osm-vector-maps/defaults/main.yml | 12 +++++++----- roles/osm-vector-maps/tasks/install.yml | 12 ++++++------ 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 7e2fd1a2d..b000c992a 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -8,18 +8,20 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# Pulls in ~38 files thx to @jvonau's #3192 -- change these 2 during testing: +# Pulls in ~37 files thx to @jvonau's #3192 -- change these 2 during testing: osm_repo_url: https://raw.githubusercontent.com/iiab/maps maps_branch: master # Quotes not required #osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps #maps_branch: maps7.3 # 2022-04-30 -- Bluehost (timmoody.com) has become extremely slow! -#map_installer_url: https://timmoody.com/iiab-files/maps -map_installer_url: https://download.iiab.io/content/OSM/vector-tiles +#maps_assets_url: https://timmoody.com/iiab-files/maps +#maps_assets_url: https://download.iiab.io/content/OSM/vector-tiles +maps_assets_url: https://raw.githubusercontent.com/iiab/maps-assets/main -installer_planet: planet_z0-z6_2020.mbtiles -installer_satellite: satellite_z0-z6_2020.mbtiles +# cities1000.sqlite # 26MB +installer_planet: planet_z0-z6_2020.mbtiles # 48MB +installer_satellite: satellite_z0-z6_2020.mbtiles # 25MB # 2022-04-30 WIP -- CLI approach to installing larger .mbtiles OSM "continents" a.k.a. regions: diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 2173090c4..ab28c7cd6 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -20,9 +20,9 @@ - "{{ vector_map_path }}/viewer/tiles" - "{{ vector_map_path }}/installer" -- name: Download 26MB {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ +- name: Download 26MB {{ maps_assets_url }}/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" # e.g. https://raw.githubusercontent.com/iiab/maps + / + master + ... + url: "{{ maps_assets_url }}/cities1000.sqlite" # e.g. https://raw.githubusercontent.com/iiab/maps-assets/main dest: "{{ vector_map_path }}/viewer/" timeout: "{{ download_timeout }}" @@ -77,9 +77,9 @@ - tileserver.php -- name: Download 48MB {{ map_installer_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer +- name: Download 48MB {{ maps_assets_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer get_url: - url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. https://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles + url: "{{ maps_assets_url }}/{{ installer_planet }}" # e.g. planet_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/installer/" timeout: "{{ download_timeout }}" @@ -95,9 +95,9 @@ path: "{{ vector_map_path }}/viewer/tiles/{{ installer_planet }}" state: link -- name: Download 25MB {{ map_installer_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ -- basic satellite photos +- name: Download 25MB {{ maps_assets_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ -- basic satellite photos get_url: - url: "{{ map_installer_url }}/{{ installer_satellite }}" # e.g. satellite_z0-z6_2020.mbtiles + url: "{{ maps_assets_url }}/{{ installer_satellite }}" # e.g. satellite_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/viewer/tiles/" timeout: "{{ download_timeout }}" From 4018d7fe04d8a94f590373ee666f1df816ff9a61 Mon Sep 17 00:00:00 2001 From: Avni Khatri Date: Wed, 20 Jul 2022 00:12:23 -0400 Subject: [PATCH 268/344] Correcting typo in comment on L67 Correcting per https://github.com/iiab/iiab/pull/3304#issuecomment-1189063200 to change: 44 + 44 + 0 to: 44 + 44 + 40 --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index bfa7a1a70..f5277d2d9 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -64,7 +64,7 @@ # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 0 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd From 3558f1934b64ebd49b507ec5ba8842d313c108ab Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Jul 2022 08:53:08 -0400 Subject: [PATCH 269/344] nodered/README.rst: Fix password changing line number --- roles/nodered/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodered/README.rst b/roles/nodered/README.rst index 102e4a995..aa3dc3236 100644 --- a/roles/nodered/README.rst +++ b/roles/nodered/README.rst @@ -20,7 +20,7 @@ Username: ``Admin`` Password: ``changeme`` -To change this password, please see: `roles/nodered/defaults/main.yml `_ +To change this password, please see: `roles/nodered/defaults/main.yml `_ You can monitor the Node-RED service with command:: From 18d2c5c6783ae54cf6cc04a3832830b39672ee6d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Jul 2022 09:22:34 -0400 Subject: [PATCH 270/344] Create roles/nodejs/README.md --- roles/nodejs/README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 roles/nodejs/README.md diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md new file mode 100644 index 000000000..7d35c9e3e --- /dev/null +++ b/roles/nodejs/README.md @@ -0,0 +1,27 @@ +Please see IIAB's recommended Node.js version number [around line 439 of /opt/iiab/iiab/vars/default_vars.yml](https://github.com/iiab/iiab/blob/master/vars/default_vars.yml#L434-L439) + +If nodesource.com doesn't yet support your OS +--------------------------------------------- + +If nodesource.com [does not yet support your Linux OS (they often support Debian pre-releases, but generally not other OS pre-releases)](https://github.com/nodesource/distributions#deb) then you can manually install an older version of Node.js and npm as follows: + +- `sudo apt install nodejs npm` +- `sudo echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml` + +Best to do this prior to installing IIAB! + +See also late-breaking details about your individual OS: + +- https://github.com/nodesource/distributions#deb +- https://github.com/iiab/iiab/wiki/IIAB-Platforms + +Raspberry Pi Zero W Warning +--------------------------- + +Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). + +If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then ([attempt!](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)) to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml) _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole --reinstall nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617)). + +You'll (likely) also need `apt install npm`. + +Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) From 4f05d638fb39c700bd2208406c96df0777715877 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 14:02:14 -0400 Subject: [PATCH 271/344] scripts/netwarn.sh: Cleaner pop-ups & #!/bin/sh in-line explanation --- scripts/netwarn.sh | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh index 457152b37..59a0cc20a 100644 --- a/scripts/netwarn.sh +++ b/scripts/netwarn.sh @@ -1,29 +1,32 @@ #!/bin/sh + +# Some OS's like Ubuntu with LightDM *IGNORE* the above shebang line when this +# script is invcked from /usr/share/mate/autostart/netwarn-iiab-network.desktop +# +# WHAT HAPPENS: sh (dash) NOT BASH will always be run! As confirmed by: +# +# ps -p $$ # Whereas 'echo $SHELL' DOES NOT show the actual running shell! +# +# RECAP: We hard-code the above '#!/bin/sh' for uniformity across all distros. + if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then exit fi -zenity --question --width=350 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue?" -case $? in - -1|5) - exit 1 - ;; - - 1) - exit 0 - ;; - - 0) - x-terminal-emulator -e /usr/local/bin/iiab-network - ;; -esac - -if [ "$?" = "1" ]; then - zenity --warning --width=350 --text="iiab-network exited with error.\n\nPlease review /opt/iiab/iiab/iiab-network.log" - exit 1 +zenity --question --width=360 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue? (This can take 2-3 minutes)" +rc=$? +if [ "$rc" != "0" ]; then + exit $rc fi -zenity --question --width=350 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" +x-terminal-emulator -e /usr/local/bin/iiab-network +rc=$? +if [ "$rc" != "0" ]; then + zenity --warning --width=360 --text="iiab-network exited with error: $rc\n\nPlease review /opt/iiab/iiab/iiab-network.log" + exit $rc +fi + +zenity --question --width=360 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" if [ "$?" = "0" ]; then x-terminal-emulator -e "sudo reboot" fi From a5610dd7d50760073e2406b5aa49dd57cd2df71d Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 14:45:37 -0400 Subject: [PATCH 272/344] Add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart --- roles/network/tasks/install.yml | 21 +++++++++++++++------ roles/www_options/tasks/main.yml | 18 +++++++++--------- scripts/{netwarn.sh => netwarn} | 0 3 files changed, 24 insertions(+), 15 deletions(-) rename scripts/{netwarn.sh => netwarn} (100%) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 4272cd627..8188446d4 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -113,7 +113,7 @@ - name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn file: - src: "{{ iiab_dir }}/scripts/netwarn.sh" + src: "{{ iiab_dir }}/scripts/netwarn" dest: /usr/local/sbin/netwarn state: link when: mate_dir.stat.exists and mate_dir.stat.isdir @@ -125,13 +125,22 @@ state: link when: mate_dir.stat.exists and mate_dir.stat.isdir -# RpiOS detection based on register: lx in pwd-warnings.yml -- name: Is /etc/xdg/lxsession/LXDE-pi a directory? +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? stat: - path: /etc/xdg/lxsession/LXDE-pi - register: lx + path: /etc/xdg/lxsession/LXDE-pi/autostart + register: lxde_pi_autostart_present -# clairify usage +- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart + lineinfile: + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/local/sbin/netwarn$' + line: '/usr/local/sbin/netwarn' + when: lxde_pi_autostart_present.stat.exists + +# Add logic for Mint & stock Ubuntu here? (in addition to Mate & LXDE-pi) + + +# RECORD Network AS INSTALLED - name: "Set 'network_installed: True'" set_fact: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 445ee5e0e..ec25d97ef 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -23,29 +23,29 @@ when: nginx_installed is defined #when: nginx_install -- name: Make home page autostart on localhost (the server's console) if session manager is LXDE (rpi) +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box.lan IIAB home page) stat: path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_present + register: lxde_pi_autostart_present -- name: Check for Chromium name change +- name: Does /usr/bin/chromium exist? (check for browser filename change) stat: path: /usr/bin/chromium register: chromium_present -- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE +- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart lineinfile: path: /etc/xdg/lxsession/LXDE-pi/autostart regexp: '^/usr/bin/chromium-browser' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: lxde_present.stat.exists and not chromium_present.stat.exists + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: lxde_pi_autostart_present.stat.exists and not chromium_present.stat.exists -- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE +- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart lineinfile: path: /etc/xdg/lxsession/LXDE-pi/autostart regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium --disable-restore-session-state http://box/home' - when: lxde_present.stat.exists and chromium_present.stat.exists + line: '/usr/bin/chromium --disable-restore-session-state http://box/home' + when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists - debug: diff --git a/scripts/netwarn.sh b/scripts/netwarn similarity index 100% rename from scripts/netwarn.sh rename to scripts/netwarn From a442bd7b26cf4adaa9187bfa1aec2f92541d540a Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 15:14:09 -0400 Subject: [PATCH 273/344] Move scripts/netwarn* to roles/network/templates/netwarn/ --- roles/network/tasks/install.yml | 43 ++----------------- roles/network/tasks/netwarn.yml | 37 ++++++++++++++++ .../network/templates/netwarn}/netwarn | 0 .../netwarn}/netwarn-iiab-network.desktop | 0 4 files changed, 40 insertions(+), 40 deletions(-) create mode 100644 roles/network/tasks/netwarn.yml rename {scripts => roles/network/templates/netwarn}/netwarn (100%) mode change 100644 => 100755 rename {scripts => roles/network/templates/netwarn}/netwarn-iiab-network.desktop (100%) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 8188446d4..c84ec9a23 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,7 +1,7 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/dnsmasq.yml + include_tasks: dnsmasq.yml - name: Install package networkd-dispatcher (OS's other than RasPiOS) package: @@ -94,50 +94,13 @@ template: src: "{{ item }}" dest: /usr/bin/ - # owner: root - # group: root mode: 0755 with_items: - gateway/iiab-internet-on - gateway/iiab-internet-off -# mate desktop detection based on 'register: nd_dir' in enable_services -- name: Check if /usr/share/mate/autostart/ exists - stat: - path: /usr/share/mate/autostart/ - register: mate_dir - -# contents work with mate as of 'switch to using dash via sh' -# 'text' is up for debate other structural changes I do not recommend JV -# if need be cut a second version for RasPiOS - -- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn - file: - src: "{{ iiab_dir }}/scripts/netwarn" - dest: /usr/local/sbin/netwarn - state: link - when: mate_dir.stat.exists and mate_dir.stat.isdir - -- name: Link /usr/share/mate/autostart/netwarn-iiab-network.desktop to {{ iiab_dir }}/scripts/netwarn-iiab-network.desktop - file: - src: "{{ iiab_dir }}/scripts/netwarn-iiab-network.desktop" - dest: /usr/share/mate/autostart/netwarn-iiab-network.desktop - state: link - when: mate_dir.stat.exists and mate_dir.stat.isdir - -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? - stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_pi_autostart_present - -- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/local/sbin/netwarn$' - line: '/usr/local/sbin/netwarn' - when: lxde_pi_autostart_present.stat.exists - -# Add logic for Mint & stock Ubuntu here? (in addition to Mate & LXDE-pi) +- name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' + include_tasks: netwarn.yml # RECORD Network AS INSTALLED diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml new file mode 100644 index 000000000..098a5c49e --- /dev/null +++ b/roles/network/tasks/netwarn.yml @@ -0,0 +1,37 @@ +# mate desktop detection based on 'register: nd_dir' in enable_services +- name: Does /usr/share/mate/autostart/ exist? + stat: + path: /usr/share/mate/autostart/ + register: mate_dir + +# contents work with mate as of 'switch to using dash via sh' +# 'text' is up for debate other structural changes I do not recommend JV + +- name: 'Install from template: /usr/local/sbin/netwarn' + file: + src: netwarn/netwarn + dest: /usr/local/sbin/ + mode: 0755 + when: mate_dir.stat.exists and mate_dir.stat.isdir + +- name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop' + file: + src: netwarn/netwarn-iiab-network.desktop + dest: /usr/share/mate/autostart/ + when: mate_dir.stat.exists and mate_dir.stat.isdir + + +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? + stat: + path: /etc/xdg/lxsession/LXDE-pi/autostart + register: lxde_pi_autostart_present + +- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart + lineinfile: + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/local/sbin/netwarn$' + line: '/usr/local/sbin/netwarn' + when: lxde_pi_autostart_present.stat.exists + + +# 2022-07-21: Is autostart pop-up logic for Mint & stock Ubuntu much the same? diff --git a/scripts/netwarn b/roles/network/templates/netwarn/netwarn old mode 100644 new mode 100755 similarity index 100% rename from scripts/netwarn rename to roles/network/templates/netwarn/netwarn diff --git a/scripts/netwarn-iiab-network.desktop b/roles/network/templates/netwarn/netwarn-iiab-network.desktop similarity index 100% rename from scripts/netwarn-iiab-network.desktop rename to roles/network/templates/netwarn/netwarn-iiab-network.desktop From 42b5b766c45399748cdee28f0d1f53036298e316 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 15:30:44 -0400 Subject: [PATCH 274/344] network/tasks/install.yml: hostapd syntax errors 85a5f8fd (3 days ago) --- roles/network/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index c84ec9a23..3cc89148a 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -45,11 +45,11 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' --- name: Unmask the Access Point 'hostapd' service - systemd: - name: hostapd - enabled: no - masked: no +- name: Unmask the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + masked: no - name: avahi include_tasks: avahi.yml From 44af07638b9395207c6b72d604c93e4553be4f1a Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 19:53:37 +0000 Subject: [PATCH 275/344] Clean up roles/network/tasks/netwarn.yml --- roles/network/tasks/netwarn.yml | 49 +++++++++++++++++---------------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 098a5c49e..91c66c14f 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -1,26 +1,3 @@ -# mate desktop detection based on 'register: nd_dir' in enable_services -- name: Does /usr/share/mate/autostart/ exist? - stat: - path: /usr/share/mate/autostart/ - register: mate_dir - -# contents work with mate as of 'switch to using dash via sh' -# 'text' is up for debate other structural changes I do not recommend JV - -- name: 'Install from template: /usr/local/sbin/netwarn' - file: - src: netwarn/netwarn - dest: /usr/local/sbin/ - mode: 0755 - when: mate_dir.stat.exists and mate_dir.stat.isdir - -- name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop' - file: - src: netwarn/netwarn-iiab-network.desktop - dest: /usr/share/mate/autostart/ - when: mate_dir.stat.exists and mate_dir.stat.isdir - - - name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? stat: path: /etc/xdg/lxsession/LXDE-pi/autostart @@ -34,4 +11,30 @@ when: lxde_pi_autostart_present.stat.exists +# mate desktop detection based on 'register: nd_dir' in enable_services +- name: Does /usr/share/mate/autostart/ exist? + stat: + path: /usr/share/mate/autostart/ + register: mate_dir + +# contents work with mate as of 'switch to using dash via sh' +# 'text' is up for debate other structural changes I do not recommend JV + +- name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop' + template: + src: netwarn/netwarn-iiab-network.desktop + dest: /usr/share/mate/autostart/ + when: mate_dir.stat.exists and mate_dir.stat.isdir + + # 2022-07-21: Is autostart pop-up logic for Mint & stock Ubuntu much the same? + +# (Let's insert those here if so, and refine the 'when:' line below.) + + +- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn' + template: + src: netwarn/netwarn + dest: /usr/local/sbin/ + mode: 0755 + when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir) From 2530b779fc5afff5efb4c703610f66c77329b679 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 19:05:58 -0400 Subject: [PATCH 276/344] Bypass dysfunctional error-checking if mate-terminal detected --- roles/network/templates/netwarn/netwarn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/netwarn index 59a0cc20a..146c41725 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/netwarn @@ -21,7 +21,7 @@ fi x-terminal-emulator -e /usr/local/bin/iiab-network rc=$? -if [ "$rc" != "0" ]; then +if [ "$rc" != "0" ] && [ ! -f /usr/bin/mate-terminal ]; then zenity --warning --width=360 --text="iiab-network exited with error: $rc\n\nPlease review /opt/iiab/iiab/iiab-network.log" exit $rc fi From 78e65f44ddffa68f951c3e48e99911fc0d4685fd Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 21:45:22 -0400 Subject: [PATCH 277/344] Intercept mate-terminal RC + tee iiab-network errors to iiab-network.log --- iiab-network | 35 ++++++++++++------------- roles/network/templates/netwarn/netwarn | 22 +++++----------- 2 files changed, 24 insertions(+), 33 deletions(-) diff --git a/iiab-network b/iiab-network index 9ac41f986..54e781a66 100755 --- a/iiab-network +++ b/iiab-network @@ -4,11 +4,15 @@ CWD=`pwd` export ANSIBLE_LOG_PATH="$CWD/iiab-network.log" -if [ ! -f iiab-network.yml ]; then - echo "iiab-network.yml not found in current directory." - echo "Please rerun this command from the top level of the git repo." - echo "Exiting." +exit_error() { + echo -e "\nEXITING: "$@ | tee -a /opt/iiab/iiab/iiab-network.log exit 1 +} + +if [ ! -f iiab-network.yml ]; then + exit_error "iiab-network.yml not found in current directory." \ + "Please rerun this command from the top level of the git repo." \ + "Exiting." fi OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit @@ -19,26 +23,21 @@ if [ -f /etc/iiab/iiab.env ]; then if grep -q STAGE= /etc/iiab/iiab.env ; then echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env" if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then - echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is non-integer" - exit 1 + exit_error "STAGE (counter) value == ""$STAGE"" is non-integer" elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then - echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is out-of-range" - exit 1 + exit_error "STAGE (counter) value == ""$STAGE"" is out-of-range" elif [ "$STAGE" -lt 3 ]; then - echo -e "\nEXITING: STAGE (counter) value == ""$STAGE" - echo -e "\nIIAB Stage 3 not complete." - echo -e "\nPlease run: ./iiab-install" - exit 1 + exit_error "STAGE (counter) value == ""$STAGE" \ + "\nIIAB Stage 3 not complete." \ + "\nPlease run: ./iiab-install" fi else - echo -e "\nEXITING: STAGE (counter) not found" - echo -e "\nIIAB not installed." - echo -e "\nPlease run: ./iiab-install" - exit 1 + exit_error "STAGE (counter) not found" \ + "\nIIAB not installed." \ + "\nPlease run: ./iiab-install" fi else - echo -e "\nEXITING: /etc/iiab/iiab.env not found" - exit 1 + exit_error "/etc/iiab/iiab.env not found" fi echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log" diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/netwarn index 146c41725..fc4c8f4bb 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/netwarn @@ -1,13 +1,4 @@ -#!/bin/sh - -# Some OS's like Ubuntu with LightDM *IGNORE* the above shebang line when this -# script is invcked from /usr/share/mate/autostart/netwarn-iiab-network.desktop -# -# WHAT HAPPENS: sh (dash) NOT BASH will always be run! As confirmed by: -# -# ps -p $$ # Whereas 'echo $SHELL' DOES NOT show the actual running shell! -# -# RECAP: We hard-code the above '#!/bin/sh' for uniformity across all distros. +#!/bin/bash if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then exit @@ -15,18 +6,19 @@ fi zenity --question --width=360 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue? (This can take 2-3 minutes)" rc=$? -if [ "$rc" != "0" ]; then +if [[ $rc != "0" ]]; then exit $rc fi -x-terminal-emulator -e /usr/local/bin/iiab-network -rc=$? -if [ "$rc" != "0" ] && [ ! -f /usr/bin/mate-terminal ]; then +# mate-terminal always returns 255 w/ autostart, so intercept/record return code +x-terminal-emulator -e "bash -c '/usr/local/bin/iiab-network; echo \"\$?\" > /tmp/iiab-network.rc'" +rc=$(cat /tmp/iiab-network.rc) +if [[ $rc != "0" ]]; then zenity --warning --width=360 --text="iiab-network exited with error: $rc\n\nPlease review /opt/iiab/iiab/iiab-network.log" exit $rc fi zenity --question --width=360 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" -if [ "$?" = "0" ]; then +if [[ $? == "0" ]]; then x-terminal-emulator -e "sudo reboot" fi From 0763d56fa986eeb6a183332b565dd196a42c11fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Jul 2022 23:21:53 -0400 Subject: [PATCH 278/344] iiab-network: Lint intendation --- iiab-network | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-network b/iiab-network index 54e781a66..6d286c2a0 100755 --- a/iiab-network +++ b/iiab-network @@ -28,8 +28,8 @@ if [ -f /etc/iiab/iiab.env ]; then exit_error "STAGE (counter) value == ""$STAGE"" is out-of-range" elif [ "$STAGE" -lt 3 ]; then exit_error "STAGE (counter) value == ""$STAGE" \ - "\nIIAB Stage 3 not complete." \ - "\nPlease run: ./iiab-install" + "\nIIAB Stage 3 not complete." \ + "\nPlease run: ./iiab-install" fi else exit_error "STAGE (counter) not found" \ From e221c0a91cba9139bc905058cab21a4cac852c62 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Jul 2022 23:26:14 -0400 Subject: [PATCH 279/344] iiab-network: Remove repetitive output --- iiab-network | 1 - 1 file changed, 1 deletion(-) diff --git a/iiab-network b/iiab-network index 6d286c2a0..5e3d5ba20 100755 --- a/iiab-network +++ b/iiab-network @@ -12,7 +12,6 @@ exit_error() { if [ ! -f iiab-network.yml ]; then exit_error "iiab-network.yml not found in current directory." \ "Please rerun this command from the top level of the git repo." \ - "Exiting." fi OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit From 71351c18b1363c33c13ce1f6da8854f4a7e7511b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Jul 2022 23:38:47 -0400 Subject: [PATCH 280/344] Rename ifcfg-WAN.j2.unsued to ifcfg-WAN.j2.unused --- .../network/{ifcfg-WAN.j2.unsued => ifcfg-WAN.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/network/templates/network/{ifcfg-WAN.j2.unsued => ifcfg-WAN.j2.unused} (100%) diff --git a/roles/network/templates/network/ifcfg-WAN.j2.unsued b/roles/network/templates/network/ifcfg-WAN.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg-WAN.j2.unsued rename to roles/network/templates/network/ifcfg-WAN.j2.unused From f1ba6d82cc13427d062be77c8b68de191531b79d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Jul 2022 23:39:18 -0400 Subject: [PATCH 281/344] Rename ifcfg.j2.usused to ifcfg.j2.unused --- .../templates/network/{ifcfg.j2.usused => ifcfg.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/network/templates/network/{ifcfg.j2.usused => ifcfg.j2.unused} (100%) diff --git a/roles/network/templates/network/ifcfg.j2.usused b/roles/network/templates/network/ifcfg.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg.j2.usused rename to roles/network/templates/network/ifcfg.j2.unused From f8cb292828785d5c51aa8db26e1bcdb156baac74 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 09:14:26 -0400 Subject: [PATCH 282/344] FULL/PATH/dnsmasq.yml in network/tasks/install.yml for 1-prep --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 3cc89148a..dcb17feb4 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,7 +1,7 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 - include_tasks: dnsmasq.yml + include_tasks: roles/network/tasks/dnsmasq.yml # Invoked by 1-prep (so full path needed) - name: Install package networkd-dispatcher (OS's other than RasPiOS) package: From a450db1f1a5fafba73aa6b1c48e59ef4a3c91916 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 09:27:31 -0400 Subject: [PATCH 283/344] FULL/PATH to Avahi stuff in roles/network for 1-prep --- roles/network/tasks/avahi.yml | 2 +- roles/network/tasks/install.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 15a62de8e..8fe5f7159 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -7,7 +7,7 @@ - name: Install avahi announce config file /etc/avahi/services/schoolserver.service template: - src: avahi/schoolserver.service + src: roles/network/templates/avahi/schoolserver.service # Invoked by 1-prep (so full path needed) dest: /etc/avahi/services/schoolserver.service owner: avahi group: avahi diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index dcb17feb4..d375f8b5d 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -51,8 +51,8 @@ enabled: no masked: no -- name: avahi - include_tasks: avahi.yml +- name: Install Avahi (mDNS, Zeroconf/Bonjour) + include_tasks: roles/network/tasks/avahi.yml # Invoked by 1-prep (so full path needed) # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: - name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" From 7d0bf6c1ef0bd0daf35f873fa60fc6d8ce763578 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 09:51:53 -0400 Subject: [PATCH 284/344] FULL/PATH to netplan.yml & netwarn.yml for 1-prep --- roles/network/tasks/install.yml | 6 +++--- roles/network/tasks/main.yml | 30 +++++++++++++++++------------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index d375f8b5d..088aac902 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -81,12 +81,12 @@ # LESS MAINTAINED - name: Install Squid - include_tasks: roles/network/tasks/squid.yml + include_tasks: roles/network/tasks/squid.yml # Invoked by 1-prep (so full path needed) when: squid_install and squid_installed is undefined #preprep for backends - name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml + include_tasks: roles/network/tasks/netplan.yml # Invoked by 1-prep (so full path needed) when: is_ubuntu # all installs @@ -100,7 +100,7 @@ - gateway/iiab-internet-off - name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' - include_tasks: netwarn.yml + include_tasks: roles/network/tasks/netwarn.yml # Invoked by 1-prep (so full path needed) # RECORD Network AS INSTALLED diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 579bf64e9..36359edb1 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -43,21 +43,24 @@ - name: Configuring Network if enabled block: - # - name: Configure wondershaper - # include_tasks: wondershaper.yml - # when: wondershaper_install or wondershaper_installed is defined -# - name: (Re)Install named -# include_tasks: named.yml -# when: named_install and FQDN_changed and iiab_stage|int == 9 + # DEPRECATED + #- name: Configure wondershaper + # include_tasks: wondershaper.yml + # when: wondershaper_install or wondershaper_installed is defined + # + #- name: (Re)Install named + # include_tasks: named.yml + # when: named_install and FQDN_changed and iiab_stage|int == 9 + # + #- name: (Re)Install dhcpd + # include_tasks: dhcpd.yml + # when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 -# - name: (Re)Install dhcpd -# include_tasks: dhcpd.yml -# when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 - -# - name: (Re)Install Squid -# include_tasks: squid.yml -# when: squid_install and FQDN_changed and iiab_stage|int == 9 + # 2022-07-22: Is './runrole --reinstall network' the new way to make this run? + #- name: (Re)Install Squid + # include_tasks: squid.yml + # when: squid_install and FQDN_changed and iiab_stage|int == 9 #### Start services - name: hostapd @@ -92,6 +95,7 @@ - name: Restart services include_tasks: restart.yml + # end block when: network_installed is defined and network_enabled From 556db4bfb643298460dd089d981b2ac92a5567e3 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 10:53:24 -0400 Subject: [PATCH 285/344] 2 vars in detected_network.yml to netplan.yml; FULL/PATHS for 1-prep --- roles/network/tasks/detected_network.yml | 21 +++++++--------- roles/network/tasks/install.yml | 4 +-- roles/network/tasks/main.yml | 32 +++++++++++++----------- roles/network/tasks/netplan.yml | 13 ++++++++++ roles/network/tasks/netwarn.yml | 4 +-- 5 files changed, 43 insertions(+), 31 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 01ff42e18..9acffaab6 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -36,25 +36,22 @@ device_gw: "{{ discovered_wan_iface }}" when: ansible_default_ipv4.gateway is defined -- name: Figure out netplan file name - shell: ls /etc/netplan - register: netplan - ignore_errors: True # pre 17.10 doesn't use netplan - when: is_ubuntu +# 2022-07-22: Moved to netplan.yml +# - name: Figure out netplan file name +# shell: ls /etc/netplan +# register: netplan +# ignore_errors: True # pre 17.10 doesn't use netplan +# when: is_ubuntu - name: Setting dhcpcd_test results set_fact: dhcpcd_result: "{{ ansible_local.local_facts.dhcpcd }}" -- name: Setting systemd_networkd results +# 2022-07-22: Copied to netplan.yml (REMOVE DUPLICATE CODE LATER?!) +- name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms" set_fact: systemd_networkd_active: True - when: 'ansible_local.local_facts.systemd_networkd == "enabled"' - -- name: Setting systemd_networkd-2 results - set_fact: - systemd_networkd_active: True - when: 'ansible_local.local_facts.systemd_networkd == "enabled-runtime"' + when: ansible_local.local_facts.systemd_networkd == "enabled" or ansible_local.local_facts.systemd_networkd == "enabled-runtime" - name: Setting network_manager results set_fact: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 088aac902..4ce34c3c1 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -96,8 +96,8 @@ dest: /usr/bin/ mode: 0755 with_items: - - gateway/iiab-internet-on - - gateway/iiab-internet-off + - roles/network/templates/gateway/iiab-internet-on # Invoked by 1-prep (so full path needed) + - roles/network/templates/gateway/iiab-internet-off # Invoked by 1-prep (so full path needed) - name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' include_tasks: roles/network/tasks/netwarn.yml # Invoked by 1-prep (so full path needed) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 36359edb1..efea4cf3f 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -25,21 +25,23 @@ include_tasks: install.yml when: network_install and network_installed is undefined -- name: Create /usr/bin/iiab-hotspot-on from template - template: - src: hostapd/iiab-hotspot-on - dest: /usr/bin/iiab-hotspot-on - owner: root - group: root - mode: 0755 - -- name: Create /usr/bin/iiab-hotspot-off from template - template: - src: hostapd/iiab-hotspot-off - dest: /usr/bin/iiab-hotspot-off - owner: root - group: root - mode: 0755 +# 2022-07-22: Should be done in install.yml above (avoid duplication if poss?) +# +# - name: Create /usr/bin/iiab-hotspot-on from template +# template: +# src: hostapd/iiab-hotspot-on +# dest: /usr/bin/iiab-hotspot-on +# owner: root +# group: root +# mode: 0755 +# +# - name: Create /usr/bin/iiab-hotspot-off from template +# template: +# src: hostapd/iiab-hotspot-off +# dest: /usr/bin/iiab-hotspot-off +# owner: root +# group: root +# mode: 0755 - name: Configuring Network if enabled block: diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 43865d437..2e685be3e 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -1,3 +1,16 @@ +# 2022-07-22: Moved from detected_network.yml +- name: Figure out netplan file name + shell: ls /etc/netplan + register: netplan + #ignore_errors: True # pre 17.10 doesn't use netplan + +# 2022-07-22: Copied from detected_network.yml (REMOVE DUPLICATE CODE LATER?!) +- name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms" + set_fact: + systemd_networkd_active: True + when: ansible_local.local_facts.systemd_networkd == "enabled" or ansible_local.local_facts.systemd_networkd == "enabled-runtime" + + - name: Disable cloud-init the easy way shell: touch /etc/cloud/cloud-init.disabled when: item|trim == "50-cloud-init.yaml" diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 91c66c14f..d31b262d7 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -22,7 +22,7 @@ - name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop' template: - src: netwarn/netwarn-iiab-network.desktop + src: roles/network/templates/netwarn/netwarn-iiab-network.desktop # Invoked by 1-prep (so full path needed) dest: /usr/share/mate/autostart/ when: mate_dir.stat.exists and mate_dir.stat.isdir @@ -34,7 +34,7 @@ - name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn' template: - src: netwarn/netwarn + src: roles/network/templates/netwarn/netwarn # Invoked by 1-prep (so full path needed) dest: /usr/local/sbin/ mode: 0755 when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir) From 79d6bd8bc66778b319e52d358627840b5ebb601d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 11:15:38 -0400 Subject: [PATCH 286/344] iiab-network: Line ending typo / syntax error --- iiab-network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-network b/iiab-network index 5e3d5ba20..5dc831b8e 100755 --- a/iiab-network +++ b/iiab-network @@ -11,7 +11,7 @@ exit_error() { if [ ! -f iiab-network.yml ]; then exit_error "iiab-network.yml not found in current directory." \ - "Please rerun this command from the top level of the git repo." \ + "Please rerun this command from the top level of the git repo." fi OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit From f33e15ecd2eb5adacf3770ab1dd48dad24d6804f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 11:25:47 -0400 Subject: [PATCH 287/344] network/tasks/restart.yml also needed netplan var. Dup code for now :/ --- roles/network/tasks/detected_network.yml | 2 +- roles/network/tasks/main.yml | 2 ++ roles/network/tasks/netplan.yml | 2 +- roles/network/tasks/restart.yml | 8 ++++++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 9acffaab6..8a5dd3a5d 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -36,7 +36,7 @@ device_gw: "{{ discovered_wan_iface }}" when: ansible_default_ipv4.gateway is defined -# 2022-07-22: Moved to netplan.yml +# 2022-07-22: Moved to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) # - name: Figure out netplan file name # shell: ls /etc/netplan # register: netplan diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index efea4cf3f..5a000f13b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -43,6 +43,7 @@ # group: root # mode: 0755 + - name: Configuring Network if enabled block: @@ -101,6 +102,7 @@ # end block when: network_installed is defined and network_enabled + - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 2e685be3e..8a772d214 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -1,4 +1,4 @@ -# 2022-07-22: Moved from detected_network.yml +# 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) - name: Figure out netplan file name shell: ls /etc/netplan register: netplan diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index de930332f..e5a825dee 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -1,3 +1,11 @@ +# 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) +- name: Figure out netplan file name + shell: ls /etc/netplan + register: netplan + #ignore_errors: True # pre 17.10 doesn't use netplan + when: is_ubuntu + + - name: Restart wpa_supplicant service systemd: name: "{{ item }}" From 60579c6c008e7b12c5a463087ca5f3d602deab49 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 12:18:58 -0400 Subject: [PATCH 288/344] network/tasks/install.yml: Spacing around "all installs" header --- roles/network/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 4ce34c3c1..ebdf5a080 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -90,6 +90,7 @@ when: is_ubuntu # all installs + - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) template: src: "{{ item }}" From e71efff7e2481c42d1132fd692836d2ec4415e06 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 14:43:39 -0400 Subject: [PATCH 289/344] network/tasks/main.yml: Restore iiab-hotspot-on|off --- roles/network/tasks/main.yml | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 5a000f13b..9187eeb48 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -25,23 +25,14 @@ include_tasks: install.yml when: network_install and network_installed is undefined -# 2022-07-22: Should be done in install.yml above (avoid duplication if poss?) -# -# - name: Create /usr/bin/iiab-hotspot-on from template -# template: -# src: hostapd/iiab-hotspot-on -# dest: /usr/bin/iiab-hotspot-on -# owner: root -# group: root -# mode: 0755 -# -# - name: Create /usr/bin/iiab-hotspot-off from template -# template: -# src: hostapd/iiab-hotspot-off -# dest: /usr/bin/iiab-hotspot-off -# owner: root -# group: root -# mode: 0755 +- name: Install /usr/bin/iiab-hotspot-on|off from template (root:root by default) + template: + src: "{{ item }}" + dest: /usr/bin/ + mode: 0755 + with_items: + - hostapd/iiab-hotspot-on + - hostapd/iiab-hotspot-off - name: Configuring Network if enabled From 69aba8eec3ef4121d98fc9a8f7c1de2b9412504c Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 15:14:40 -0400 Subject: [PATCH 290/344] network/tasks/main.yml: Swap order of iiab-hotspot-on|off & install.yml on @jvonau's request --- roles/network/tasks/main.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 9187eeb48..6a2ba3a7a 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -21,10 +21,10 @@ - name: computed_network include_tasks: computed_network.yml -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: install.yml - when: network_install and network_installed is undefined - +# 2022-07-22: @jvonau asks for this to be (1) AFTER computed_network.yml [what +# goes into the 'hotspot' depends on what can_be_ap and wifi_up_down are set to] +# AND (2) BEFORE install.yml -- FYI Admin Console reads iiab_network_mode from +# /etc/iiab/iiab.ini and uses /usr/bin/iiab-hotspot-on|off. - name: Install /usr/bin/iiab-hotspot-on|off from template (root:root by default) template: src: "{{ item }}" @@ -34,6 +34,10 @@ - hostapd/iiab-hotspot-on - hostapd/iiab-hotspot-off +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_install and network_installed is undefined + - name: Configuring Network if enabled block: From dbeaf024824738ae766c181caedd38dae9e3630f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 15:35:05 -0400 Subject: [PATCH 291/344] Try to explain ordering of iiab-hotspot-on|off & install.yml (in network/tasks/main.yml) --- roles/network/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 6a2ba3a7a..67f9d28e7 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -21,10 +21,10 @@ - name: computed_network include_tasks: computed_network.yml -# 2022-07-22: @jvonau asks for this to be (1) AFTER computed_network.yml [what -# goes into the 'hotspot' depends on what can_be_ap and wifi_up_down are set to] -# AND (2) BEFORE install.yml -- FYI Admin Console reads iiab_network_mode from -# /etc/iiab/iiab.ini and uses /usr/bin/iiab-hotspot-on|off. +# 2022-07-22: @jvonau asks for this to be (1) BELOW computed_network.yml +# (what goes into iiab-hotspot-on|off depends on can_be_ap and wifi_up_down) +# AND (2) ABOVE install.yml for some reason? REQUIREMENT: Admin Console reads +# iiab_network_mode from /etc/iiab/iiab.ini + uses /usr/bin/iiab-hotspot-on|off - name: Install /usr/bin/iiab-hotspot-on|off from template (root:root by default) template: src: "{{ item }}" From 9f5032d74fa3566f2becfe1f9e5a80e81332bc9b Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 15:59:10 -0400 Subject: [PATCH 292/344] Comment out 'netplan apply' from restart.yml (trim netplan.yml later?) --- roles/network/tasks/restart.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index e5a825dee..1576a2af3 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -1,9 +1,9 @@ # 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) -- name: Figure out netplan file name - shell: ls /etc/netplan - register: netplan - #ignore_errors: True # pre 17.10 doesn't use netplan - when: is_ubuntu +# - name: Figure out netplan file name +# shell: ls /etc/netplan +# register: netplan +# #ignore_errors: True # pre 17.10 doesn't use netplan +# when: is_ubuntu - name: Restart wpa_supplicant service @@ -33,9 +33,13 @@ daemon_reload: yes when: hostapd_enabled and (wifi_up_down or not no_net_restart) -- name: Reload netplan for Wifi gateway on Ubuntu 18+ - shell: netplan apply - when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 +# 2022-07-22: @jvonau suggests commenting this out as: "we really don't touch +# any of the config files... netplan.yml renames one file if it's a container +# build like on MATE, could possibly skip netplan.yml in future or toss that in +# the mix now and see what shakes up" [ok, but keep netplan.yml as is for now] +# - name: Reload netplan for Wifi gateway on Ubuntu 18+ +# shell: netplan apply +# when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 #- name: Start named service # systemd: From 6b5678555f7afaf8b73755efd4315dc4e0dfbbeb Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 16:34:52 -0400 Subject: [PATCH 293/344] gitea/tasks/install.yml: Clarify slow d/l can be ~15min --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 820e44868..7e064548f 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -43,7 +43,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~103 MB) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~100 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16 From acda63894116c5f89945337b5fd296e9d159396a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 18:37:00 -0400 Subject: [PATCH 294/344] www_options/tasks/main.yml: Mention http://box/home for LXDE-pi/autostart --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index ec25d97ef..83464d059 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -23,7 +23,7 @@ when: nginx_installed is defined #when: nginx_install -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box.lan IIAB home page) +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) stat: path: /etc/xdg/lxsession/LXDE-pi/autostart register: lxde_pi_autostart_present From da97d3e7c256e1a0ae19cf1ff850204e389799dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 18:42:39 -0400 Subject: [PATCH 295/344] netwarn.yml note: /etc/profile.d for ssh in future? #3318 --- roles/network/tasks/netwarn.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index d31b262d7..421b648f9 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -1,3 +1,7 @@ +# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/netwarn but for +# ssh sessions (across all OS's/distros/window managers) might also make sense? + + - name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? stat: path: /etc/xdg/lxsession/LXDE-pi/autostart From 7bd9eb3e4f8e7ee6050afe383733dbac8313c5dc Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 20:31:19 -0400 Subject: [PATCH 296/344] www_options: Mention netwarn.yml & pwd-warnings.yml --- roles/www_options/tasks/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 83464d059..bca310071 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -21,7 +21,10 @@ - name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install include_tasks: roles/nginx/tasks/homepage.yml when: nginx_installed is defined - #when: nginx_install + + +# 2022-07-22: SIMILAR TO roles/network/tasks/netwarn.yml +# AND roles/iiab-admin/tasks/pwd-warnings.yml - name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) stat: From e9806667acbd6ffd189d1ad3b4b5963962b6d251 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 20:38:22 -0400 Subject: [PATCH 297/344] pwd-warnings.yml: Mention www_options & netwarn.yml --- roles/iiab-admin/tasks/pwd-warnings.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index d1379b3fb..e63c8841b 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -1,3 +1,7 @@ +# 2022-07-22: SIMILAR TO roles/www_options/tasks/main.yml FOR browser +# AND roles/network/tasks/netwarn.yml FOR iiab-network + + - name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default template: src: sshpwd-profile-iiab.sh.j2 From 3e69c957e421f9a505c08d134efe4914d37e5741 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 20:42:29 -0400 Subject: [PATCH 298/344] www_options/tasks/main.yml: Refine comment --- roles/www_options/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index bca310071..05bd3e12f 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -23,8 +23,8 @@ when: nginx_installed is defined -# 2022-07-22: SIMILAR TO roles/network/tasks/netwarn.yml -# AND roles/iiab-admin/tasks/pwd-warnings.yml +# 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords +# AND roles/network/tasks/netwarn.yml FOR iiab-network - name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) stat: From b73567260afa6aafde1705baacaf9346e4e117a6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 20:47:36 -0400 Subject: [PATCH 299/344] netwarn.yml: Note similar pwd-warnings.yml & www_options --- roles/network/tasks/netwarn.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 421b648f9..c1f687e28 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -1,3 +1,6 @@ +# 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords +# AND roles/www_options/tasks/main.yml FOR browser + # 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/netwarn but for # ssh sessions (across all OS's/distros/window managers) might also make sense? From 41728b644452509d29245bdc05afc45aab9ea296 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 23 Jul 2022 13:16:55 -0500 Subject: [PATCH 300/344] default --- roles/network/tasks/netplan.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 8a772d214..a341c2622 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -4,6 +4,11 @@ register: netplan #ignore_errors: True # pre 17.10 doesn't use netplan +# 2022-07-23 +- name: Default to False + set_fact: + systemd_networkd_active: False + # 2022-07-22: Copied from detected_network.yml (REMOVE DUPLICATE CODE LATER?!) - name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms" set_fact: From 14b6fa624e3bf13f18faacf45ce6fe0d5868f78c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 23 Jul 2022 13:52:38 -0500 Subject: [PATCH 301/344] wording --- roles/network/tasks/install.yml | 2 +- roles/network/tasks/sysd-netd-debian.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index ebdf5a080..197361780 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -3,7 +3,7 @@ - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml # Invoked by 1-prep (so full path needed) -- name: Install package networkd-dispatcher (OS's other than RasPiOS) +- name: Install package networkd-dispatcher (OS's other than RasPiOS and LinuxMint) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 3c0b3d875..7e3b49566 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -71,7 +71,7 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service +- name: Enable & Restart networkd-dispatcher.service except for LinuxMint systemd: name: networkd-dispatcher state: restarted From 1b6c988b2153980506154872d8c2645ffba6f3ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 23 Jul 2022 15:54:38 -0400 Subject: [PATCH 302/344] netplan.yml: Explain forced 'systemd_networkd_active: False' (for 1-prep) --- roles/network/tasks/netplan.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index a341c2622..8af6b807c 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -4,8 +4,9 @@ register: netplan #ignore_errors: True # pre 17.10 doesn't use netplan -# 2022-07-23 -- name: Default to False +# 2022-07-23: PR #3319 "Ubuntu variants [all] use NetworkManager as the backend +# for use with netplan and ship with systemd-networkd present but disabled" +- name: "Force default 'systemd_networkd_active: False' -- nec b/c network/default/main.yml is omitted when 1-prep directly invokes network/tasks/install.yml" set_fact: systemd_networkd_active: False From 67c866a8c9d7561d996ab1792b8be97f435666a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 23 Jul 2022 15:56:01 -0400 Subject: [PATCH 303/344] network/tasks/install.yml: "Linux Mint" w/ space --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 197361780..8ac1b8cc6 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -3,7 +3,7 @@ - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml # Invoked by 1-prep (so full path needed) -- name: Install package networkd-dispatcher (OS's other than RasPiOS and LinuxMint) +- name: Install package networkd-dispatcher (OS's other than RasPiOS and Linux Mint) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present From b7b200cef15f48ad7e8d8529992dd0cd5800973c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 23 Jul 2022 15:56:43 -0400 Subject: [PATCH 304/344] network/tasks/sysd-netd-debian.yml: "Linux Mint" w/ space --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 7e3b49566..35aa0b6b0 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -71,7 +71,7 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service except for LinuxMint +- name: Enable & Restart networkd-dispatcher.service except for Linux Mint systemd: name: networkd-dispatcher state: restarted From 002e98efeee8fde3c3a5ab70ae074e43f7f3b05c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Jul 2022 14:09:10 -0400 Subject: [PATCH 305/344] =?UTF-8?q?OER2Go.org=20now=20hosts=20a=20casino?= =?UTF-8?q?=20in=20Indonesia=20=E2=98=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/www_base/files/html/html/credits.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/files/html/html/credits.html b/roles/www_base/files/html/html/credits.html index 7bc53de49..6ab6950cc 100644 --- a/roles/www_base/files/html/html/credits.html +++ b/roles/www_base/files/html/html/credits.html @@ -36,9 +36,9 @@ Internet-in-a-Box also includes the work of content aggregators which we gratefully acknowledge:

- RACHEL is a curation of selected offline content at oer2go.org.
Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at www.kiwix.org.
KA Lite is a server and repository of Khan Academy content in various languages at learningequality.org/ka-lite.

+ OER2Go/RACHEL is a curation of selected offline content at rachel.worldpossible.org/content.
Internet-in-a-Box also contains a number of applications each of which has its own attribution information, which is included.

From 354110b0f57434b78bea63dd790de7df49879ee0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Jul 2022 14:13:38 -0400 Subject: [PATCH 306/344] Update LICENSING.md --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index fac901b1d..53bc9d1ef 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2021, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2022, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From 66138941e99e9d672177816d7e26c3b4e68ba996 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Tue, 26 Jul 2022 11:38:11 -0400 Subject: [PATCH 307/344] handle missing or empty library.xml --- roles/kiwix/templates/iiab-make-kiwix-lib | 12 +++++++++--- roles/pylibs/templates/iiab_lib.py | 3 ++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib b/roles/kiwix/templates/iiab-make-kiwix-lib index 083b87116..e69271949 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib +++ b/roles/kiwix/templates/iiab-make-kiwix-lib @@ -19,10 +19,16 @@ if flock -n -e 200; then : # write to {{ kiwix_library_xml }}.tmp to minimize kiwix down # zim map could be out of sync for a few seconds # using new version that does deltas - cp $KIWIXLIB $KIWIXLIB.tmp - /usr/bin/iiab-make-kiwix-lib.py + if [ -f $KIWIXLIB ]; then + cp $KIWIXLIB $KIWIXLIB.tmp + /usr/bin/iiab-make-kiwix-lib.py + else + /usr/bin/iiab-make-kiwix-lib.py -f # force rebuild of library.xml + fi {{ systemctl_program }} stop kiwix-serve - rm $KIWIXLIB + if [ -f $KIWIXLIB ]; then + rm $KIWIXLIB + fi mv $KIWIXLIB.tmp $KIWIXLIB {{ systemctl_program }} start kiwix-serve else diff --git a/roles/pylibs/templates/iiab_lib.py b/roles/pylibs/templates/iiab_lib.py index 84dee97e3..ef9da7e82 100644 --- a/roles/pylibs/templates/iiab_lib.py +++ b/roles/pylibs/templates/iiab_lib.py @@ -85,8 +85,9 @@ def read_library_xml(lib_xml_file, kiwix_exclude_attr=["favicon"]): # duplicated attributes[attr] = child.attrib[attr] # copy if not id or in exclusion list zims_installed[zim_id] = attributes path_to_id_map[child.attrib['path']] = zim_id - except IOError: + except: # though I try how can I carry on zims_installed = {} + path_to_id_map = {} return zims_installed, path_to_id_map def rem_libr_xml(zim_id, kiwix_library_xml): From 914285037a0393e04fa6ea35469d8c2013f8c701 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 27 Jul 2022 12:55:20 -0400 Subject: [PATCH 308/344] /usr/local/sbin/netwarn: Test-during-boot reminder #3318 --- roles/network/templates/netwarn/netwarn | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/netwarn index fc4c8f4bb..8c5d95b05 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/netwarn @@ -1,5 +1,15 @@ #!/bin/bash +# CONFUSING BUT FYI: Commands below run *strictly sequentially* when this +# script (/usr/local/sbin/netwarn) is invoked by autostart during OS boot. +# This allows return codes to be meaningful, at each successive step. +# (As of July 2022, this is tested to work well with Ubuntu Mate and RasPiOS +# on Raspberry Pi 4!) +# +# IN CONTRAST: return codes below are NOT MEANINGFUL when this script is +# invoked from a regularly graphical desktop session -- so make sure to test +# during an actual OS boot-up, with autostart! + if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then exit fi From 004b89015d773f25327ac10353f2bcae820279d1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 27 Jul 2022 15:53:46 -0400 Subject: [PATCH 309/344] /usr/local/sbin/network: Comment clarif (RasPiOS w/ desktop) --- roles/network/templates/netwarn/netwarn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/netwarn index 8c5d95b05..a8f7a7916 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/netwarn @@ -3,8 +3,8 @@ # CONFUSING BUT FYI: Commands below run *strictly sequentially* when this # script (/usr/local/sbin/netwarn) is invoked by autostart during OS boot. # This allows return codes to be meaningful, at each successive step. -# (As of July 2022, this is tested to work well with Ubuntu Mate and RasPiOS -# on Raspberry Pi 4!) +# (As of July 2022, this is tested to work well with Ubuntu Mate and "Raspberry +# Pi OS with desktop" on Raspberry Pi 4!) # # IN CONTRAST: return codes below are NOT MEANINGFUL when this script is # invoked from a regularly graphical desktop session -- so make sure to test From c6ee32d0c08bf7d6595d7c9b707d3f47352bc043 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Thu, 28 Jul 2022 06:36:33 -0400 Subject: [PATCH 310/344] fix timezone issue --- roles/matomo/tasks/install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 3e41602e2..68942ea3c 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -137,7 +137,6 @@ body: siteName: "IIAB" url: "{{ matomo_host_url }}" - timezone: "{{ ansible_date_time.tz }}" ecommerce: 0 body_format: form-urlencoded status_code: 302 From 9ad5a9caa128cbb5e3748fe6fe8f58f9619ff5b4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 28 Jul 2022 14:18:49 +0000 Subject: [PATCH 311/344] network/tasks/detected_network.yml: can_be_ap grep failed on absence of regex --- roles/network/tasks/detected_network.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 8a5dd3a5d..40c239184 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -113,6 +113,7 @@ shell: iw list | grep '^[[:space:]]*\* AP$' register: look_for_ap when: discovered_wireless_iface != "none" + failed_when: False # Hides red errors (stronger than 'ignore_errors: yes') -- otherwise Ansible will fail if grep returns '1' on absence of regex! - name: Set can_be_ap if 'iw list' output contains suitable '* AP' set_fact: From cd6358514d0cab3e660aa916a7b6f5420888c0ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 28 Jul 2022 16:55:16 -0400 Subject: [PATCH 312/344] Modernize matomo/tasks/main.yml for skip_role_on_error #3255 --- roles/matomo/tasks/main.yml | 52 +++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 7453b4821..eec80e81a 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -19,31 +19,37 @@ quiet: yes -- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled - include_tasks: nginx.yml +- block: + - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml -- name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: matomo_installed is undefined + - name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: matomo_installed is undefined + # LET'S ADD THIS "ON/OFF SWITCH" IF POSS! + # - include_tasks: enable-or-disable.yml -# LET'S ADD THIS "ON/OFF SWITCH" IF POSS! -# - include_tasks: enable-or-disable.yml + - name: Add 'matomo' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: matomo + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Matomo + - option: description + value: '"Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership."' + - option: matomo_install + value: "{{ matomo_install }}" + - option: matomo_enabled + value: "{{ matomo_enabled }}" + + rescue: - -- name: Add 'matomo' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: matomo - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Matomo - - option: description - value: '"Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership."' - - option: matomo_install - value: "{{ matomo_install }}" - - option: matomo_enabled - value: "{{ matomo_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From b51fbe21b73da1ff25a1eaa502bc9a63d9f04759 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Jul 2022 15:41:11 -0400 Subject: [PATCH 313/344] Use the new 'gitea_version: 1.17' instead of 1.16 --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index d438312de..9fb97153a 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.16 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. +gitea_version: 1.17 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. iset_suffixes: i386: 386 x86_64: amd64 From 0b83307f7355bf210914d1e53613fbe2b2c3f66c Mon Sep 17 00:00:00 2001 From: root Date: Sat, 30 Jul 2022 18:45:51 -0400 Subject: [PATCH 314/344] Kolibri PPA promises auto-upgrades. List 25 -> 31 languages --- roles/kolibri/defaults/main.yml | 3 +- roles/kolibri/tasks/install.yml | 59 ++++++++++++++++++++++++--------- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 49 insertions(+), 21 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 0354eb1c4..43f412f79 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -16,7 +16,8 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +# 2022-07-30: UNCOMMENT THE FOLLOWING LINE TO TEST A PARTICULAR .deb INSTALL +# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release: # https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb # diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 77ec7692e..9bcc2c057 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -35,8 +35,35 @@ apt: deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # these don't do a thing for now but + KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later + when: kolibri_deb_url is defined + +- block: # ELSE... + + # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html says: + # "When you use the PPA installation method, upgrades to newer versions + # will be automatic, provided there is internet access available." + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu) + apt_repository: + repo: ppa:learningequality/kolibri + when: is_ubuntu + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian) + apt_repository: + repo: ppa:learningequality/kolibri + codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) + when: is_debian + + - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri + apt: + name: kolibri + environment: + KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but + KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later + + when: kolibri_deb_url is undefined - name: 'Install from template: /etc/systemd/system/kolibri.service' template: @@ -52,20 +79,20 @@ # 2019-10-01: Should no longer be nec, thanks to /etc/kolibri/daemon.conf # containing KOLIBRI_HOME="/library/kolibri" (above) -#- name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri -# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate -# ignore_errors: yes -# become: yes -# become_user: "{{ kolibri_user }}" -# when: kolibri_provision +# - name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri +# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate +# ignore_errors: yes +# become: yes +# become_user: "{{ kolibri_user }}" +# when: kolibri_provision # 2020-01-05: Deprecated per https://github.com/iiab/iiab/issues/2103 -#- name: Set Kolibri default language ({{ kolibri_language }}) -# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" -# ignore_errors: yes -# become: yes -# become_user: "{{ kolibri_user }}" -# when: kolibri_provision +# - name: Set Kolibri default language ({{ kolibri_language }}) +# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" +# ignore_errors: yes +# become: yes +# become_user: "{{ kolibri_user }}" +# when: kolibri_provision - name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language' shell: > @@ -91,9 +118,9 @@ # 2019-10-07: Moved to roles/httpd/tasks/main.yml # 2019-09-29: roles/kiwix/tasks/kiwix_install.yml installs 4 Apache modules # for similar purposes (not all nec?) Only 1 (proxy_http) is needed here. -#- name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri -# apache2_module: -# name: proxy_http +# - name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri +# apache2_module: +# name: proxy_http # RECORD Kolibri AS INSTALLED diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index a88ff7af0..2e3e7da63 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -291,7 +291,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 6d4cc1b1d..fb5f6b582 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -291,7 +291,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index d84945e0c..04c881193 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -291,7 +291,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 2df3ba79b..17130e1f4 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -291,7 +291,7 @@ kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: False From 4ad26221119cf244c692b0a630ba9efbf58dc133 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 Aug 2022 00:56:49 -0400 Subject: [PATCH 315/344] Live w/ red errors to set can_be_ap ('failed_when: False' was too strong) --- roles/network/tasks/detected_network.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 40c239184..72bbb1810 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -108,12 +108,12 @@ set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" -- name: Run 'iw list' to check for Access Point capability - #command: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc +- name: Run 'iw list' to check for Access Point capability -- if discovered_wireless_iface != "none" + # shell: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc shell: iw list | grep '^[[:space:]]*\* AP$' register: look_for_ap - when: discovered_wireless_iface != "none" - failed_when: False # Hides red errors (stronger than 'ignore_errors: yes') -- otherwise Ansible will fail if grep returns '1' on absence of regex! + when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) + ignore_errors: yes # 'failed_when: False' hides red errors, but is too strong (renders useless the look_for_ap.failed test below!) - name: Set can_be_ap if 'iw list' output contains suitable '* AP' set_fact: From 5499f09ec485595b8c1bc453ff49648f9dcc2e74 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 1 Aug 2022 01:43:40 -0400 Subject: [PATCH 316/344] detected_network.yml: Clarify #3329 can_be_ap grep RC --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 72bbb1810..1a298b753 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -110,7 +110,7 @@ - name: Run 'iw list' to check for Access Point capability -- if discovered_wireless_iface != "none" # shell: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc - shell: iw list | grep '^[[:space:]]*\* AP$' + shell: iw list | grep '^[[:space:]]*\* AP$' # If grep doesn't find the regex, it returns 1 (hence 'ignore_errors: yes' below) register: look_for_ap when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) ignore_errors: yes # 'failed_when: False' hides red errors, but is too strong (renders useless the look_for_ap.failed test below!) From d99fcaddd6956391f2684c110f834ae5e152c431 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 1 Aug 2022 02:07:34 -0400 Subject: [PATCH 317/344] detected_network.yml: Clarify 'can_be_ap: True' for #3329 --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 1a298b753..9d68baa24 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -115,7 +115,7 @@ when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) ignore_errors: yes # 'failed_when: False' hides red errors, but is too strong (renders useless the look_for_ap.failed test below!) -- name: Set can_be_ap if 'iw list' output contains suitable '* AP' +- name: "Set 'can_be_ap: True' if 'iw list' output contains suitable '* AP'" set_fact: can_be_ap: True when: look_for_ap.failed is defined and not look_for_ap.failed From 112347ffa3f339a73bd9b4debb9cc27fe544e67a Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 Aug 2022 17:15:03 -0400 Subject: [PATCH 318/344] iiab-network alert: "WiFi chipset/firmware NOT CAPABLE of AP Mode (details above)" --- roles/network/tasks/detected_network.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 9d68baa24..3fad5831c 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -108,12 +108,19 @@ set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" -- name: Run 'iw list' to check for Access Point capability -- if discovered_wireless_iface != "none" - # shell: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc - shell: iw list | grep '^[[:space:]]*\* AP$' # If grep doesn't find the regex, it returns 1 (hence 'ignore_errors: yes' below) - register: look_for_ap - when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) - ignore_errors: yes # 'failed_when: False' hides red errors, but is too strong (renders useless the look_for_ap.failed test below!) +- block: + - name: Run 'iw list' to check for Access Point capability -- if discovered_wireless_iface ({{ discovered_wireless_iface }}) != "none" + # shell: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc + shell: iw list | grep '^[[:space:]]*\* AP$' # If grep doesn't find the regex, it returns 1 (hence 'ignore_errors: yes' 9 lines below) + register: look_for_ap + when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) + # failed_when: False # Hides red errors and is too strong (renders useless the look_for_ap.failed test below!) + + rescue: # Force another red error msg (to explain) then proceed + - name: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + fail: + msg: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + ignore_errors: yes - name: "Set 'can_be_ap: True' if 'iw list' output contains suitable '* AP'" set_fact: @@ -125,7 +132,7 @@ register: wifi_gateway_found when: discovered_wireless_iface != "none" -- name: Set has_wifi_gateway if WiFi has default gateway detected for {{ discovered_wireless_iface }} +- name: "Set 'has_wifi_gateway: True' if WiFi has default gateway detected for discovered_wireless_iface ({{ discovered_wireless_iface }}) -- otherwise leave it undefined" set_fact: has_wifi_gateway: True when: discovered_wireless_iface != "none" and (wifi_gateway_found.stdout|int > 0) @@ -184,7 +191,7 @@ with_items: - "{{ lan_list_result.stdout_lines }}" -- name: Set iiab_wireless_lan_iface to {{ discovered_wireless_iface }} if not none +- name: Set iiab_wireless_lan_iface to discovered_wireless_iface ({{ discovered_wireless_iface }}) if not none set_fact: iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}" when: discovered_wireless_iface != "none" and not wifi_up_down From 015abc52c759d0ac6140f346886920800eb61257 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 Aug 2022 17:28:50 -0400 Subject: [PATCH 319/344] detected_network.yml: Unindent can_be_ap rescue clause (explanation) --- roles/network/tasks/detected_network.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 3fad5831c..51a85ce86 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -117,10 +117,10 @@ # failed_when: False # Hides red errors and is too strong (renders useless the look_for_ap.failed test below!) rescue: # Force another red error msg (to explain) then proceed - - name: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) - fail: - msg: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) - ignore_errors: yes + - name: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + fail: + msg: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + ignore_errors: yes - name: "Set 'can_be_ap: True' if 'iw list' output contains suitable '* AP'" set_fact: From 530b1dbc6e2eb8d244fabbd19a42c0161aff8e2d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 15:51:39 -0400 Subject: [PATCH 320/344] iiab-diagnostics: sudo ufw status verbose --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 2de2e1c76..1cad03da0 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,7 @@ echo -e "\n 5. Firewall Rules:\n" echo -e "\n\n\n5. FIREWALL RULES\n" >> $outfile #cat_file /usr/bin/iiab-gen-iptables cat_cmd 'sudo iptables-save' 'Firewall rules' +cat_cmd 'sudo ufw status verbose' 'Firewall status & rules' echo -e "\n 6. Log Files: (e.g. last 100 lines of each)\n" echo -e "\n\n\n6. LOG FILES (e.g. LAST 100 LINES OF EACH)\n" >> $outfile From 16b40cdf058b151d01e98393ef1ef0292b642ffa Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 15:55:58 -0400 Subject: [PATCH 321/344] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 63d0edc59..b2ae9eaf0 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-242 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-243 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 7b6d02884a4a67072bba49c8fd0037ab301384a1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 17:26:23 -0400 Subject: [PATCH 322/344] iiab-diagnostics: dmesg | tail -100 (kernel/driver messages) --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 1cad03da0..a6fdfbff8 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -241,6 +241,7 @@ cat_tail /opt/iiab/iiab/iiab-network.log 100 cat_tail /opt/iiab/iiab-admin-console/admin-install.log 100 cat_tail /var/log/messages 100 cat_tail /var/log/syslog 100 +cat_cmd 'dmesg | tail -100' 'kernel/driver messages' linecount=$(wc -l $outfile | sed 's/\s.*$//') sizecount=$(du -h $outfile | sed 's/\s.*$//') From ac8a022bbaa9616710aa012856111efbe8338586 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 17:26:45 -0400 Subject: [PATCH 323/344] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index b2ae9eaf0..da9754842 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-243 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-244 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From dc2c531947657cfff2c9efc172faef4385129fcd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 22:27:44 -0400 Subject: [PATCH 324/344] Disallow multi-line var second_gateway_found ~= exclude_devices --- roles/network/tasks/detected_network.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 51a85ce86..976e46987 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -142,6 +142,10 @@ register: second_gateway_found changed_when: False +- assert: + that: second_gateway_found.stdout_lines | length == 1 + fail_msg: "IIAB currently DOES NOT SUPPORT multiple secondary gateways." + - name: Set exclude_devices if default gateway has been detected for {{ second_gateway_found.stdout }} set_fact: exclude_devices: "{{ second_gateway_found.stdout }}" From 99a05c6a78612039e95a272dc4d22dfb4e379203 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 22:47:21 -0400 Subject: [PATCH 325/344] Clean up "multiple secondary gateways" error handling --- roles/network/tasks/detected_network.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 976e46987..899300d53 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -142,9 +142,10 @@ register: second_gateway_found changed_when: False -- assert: - that: second_gateway_found.stdout_lines | length == 1 - fail_msg: "IIAB currently DOES NOT SUPPORT multiple secondary gateways." +- name: Fail intentionally and explain, if multiple secondary gateways are detected + fail: + msg: "IIAB currently DOES NOT SUPPORT multiple secondary gateways: {{ second_gateway_found.stdout }}" + when: second_gateway_found.stdout_lines is defined and second_gateway_found.stdout_lines | length > 1 - name: Set exclude_devices if default gateway has been detected for {{ second_gateway_found.stdout }} set_fact: From 664dd5da5eb0c3d993a08875779fd73364a79c04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 23:00:43 -0400 Subject: [PATCH 326/344] Clarify "multiple secondary gateways" detection --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 899300d53..e04ae0e20 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -142,7 +142,7 @@ register: second_gateway_found changed_when: False -- name: Fail intentionally and explain, if multiple secondary gateways are detected +- name: If multiple secondary gateways are detected, fail intentionally and explain fail: msg: "IIAB currently DOES NOT SUPPORT multiple secondary gateways: {{ second_gateway_found.stdout }}" when: second_gateway_found.stdout_lines is defined and second_gateway_found.stdout_lines | length > 1 From dbeb20597ec770e1e3aed204bc0a528e57dacc72 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 4 Aug 2022 13:05:19 -0400 Subject: [PATCH 327/344] iiab-diagnostics: dmesg | grep -i -e 80211 ... (brcm, realtek, etc) --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a6fdfbff8..56855bd02 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -216,7 +216,8 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' -cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +#cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | tail -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' @@ -241,7 +242,6 @@ cat_tail /opt/iiab/iiab/iiab-network.log 100 cat_tail /opt/iiab/iiab-admin-console/admin-install.log 100 cat_tail /var/log/messages 100 cat_tail /var/log/syslog 100 -cat_cmd 'dmesg | tail -100' 'kernel/driver messages' linecount=$(wc -l $outfile | sed 's/\s.*$//') sizecount=$(du -h $outfile | sed 's/\s.*$//') From fe0854be728844eb63681034a96d29dee21c0e11 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 4 Aug 2022 13:13:15 -0400 Subject: [PATCH 328/344] dmesg | grep | head -100 (not tail -100) --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 56855bd02..1fdb97933 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -217,7 +217,7 @@ cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | tail -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' From acfb4ff36f29d1cbb52267dacaf3cb1c48999d8f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 5 Aug 2022 09:33:30 -0400 Subject: [PATCH 329/344] Update roles/network/README.rst for #3308 --- roles/network/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/network/README.rst b/roles/network/README.rst index 3d0a3082f..a95e247ff 100644 --- a/roles/network/README.rst +++ b/roles/network/README.rst @@ -8,7 +8,9 @@ Specifically, this 'network' role is run... - ...automatically during IIAB installation, after `/opt/iiab/iiab/iiab-install <../../iiab-install>`_ has run `Stages 0-to-9 <..>`_ (thanks to `iiab-stages.yml <../../iiab-stages.yml>`_). - ...automatically by IIAB's **Admin Console** (http://box/admin) if you click **Configure** -> **Install Configured Options** — this is similar to the above, but only runs Stage 0, then Stage 4-to-9, and then finally this 'network' role/stage (thanks to `iiab-from-console.yml <../../iiab-from-console.yml>`_). -- ...or manually, if you run ``cd /opt/iiab/iiab`` then `sudo ./iiab-network <../../iiab-network>`_ (which is much the same as running ``sudo ./runrole network``). +- ...or manually, if you run `sudo iiab-network <../../scripts/iiab-network>`_ + - A stronger version is also available if necessary: ``cd /opt/iiab/iiab`` then ``sudo ./runrole --reinstall network`` + - If your IIAB was installed prior to August 2022, instead run: ``cd /opt/iiab/iiab`` then `sudo ./iiab-network <../../iiab-network>`_ (which is much the same as running ``sudo ./runrole network``). Many IIAB networking questions can be answered in these 2 documents: From 115276baad1ce4e2ce3da615a75993789d4f2c0a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 7 Aug 2022 08:50:02 -0400 Subject: [PATCH 330/344] Revert "1-prep/templates/iiab-expand-rootfs: Avoid reboot" --- roles/1-prep/templates/iiab-expand-rootfs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 82799f8d8..bc81bd302 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -11,11 +11,11 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then echo "$0: Expanding rootfs partition" -# if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS -# # 2022-02-17: Uses do_expand_rootfs() from: -# # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config -# raspi-config --expand-rootfs # REQUIRES A REBOOT -# else # REQUIRES NO REBOOT; works on all OS's + if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS + # 2022-02-17: Uses do_expand_rootfs() from: + # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config + raspi-config --expand-rootfs + else # Other Linux OS's # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 ROOT_DEV="/dev/$(lsblk -no pkname "$ROOT_PART")" # e.g. /dev/sda or /dev/mmcblk0 @@ -53,7 +53,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # # Resize partition # growpart /dev/$root_dev $root_part_no # resize2fs /dev/$root_part -# fi + fi rm -f /.expand-rootfs /.resize-rootfs fi From e58c4b0c9c883b8cf026859c3c8c53744a221985 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 7 Aug 2022 08:56:26 -0400 Subject: [PATCH 331/344] iiab-expand-rootfs: Note collision (race condition) w/ fsck --- roles/1-prep/templates/iiab-expand-rootfs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index bc81bd302..2cd28de46 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -14,8 +14,8 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config - raspi-config --expand-rootfs - else # Other Linux OS's + raspi-config --expand-rootfs # REQUIRES A REBOOT + else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325) # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 ROOT_DEV="/dev/$(lsblk -no pkname "$ROOT_PART")" # e.g. /dev/sda or /dev/mmcblk0 From 15a2a3f8a6092c5768c53f3c27fe9d9cd32e348c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Aug 2022 09:36:31 -0400 Subject: [PATCH 332/344] Disable openvpn service AND openvpn_enabled in local_vars.yml --- roles/openvpn/templates/iiab-remote-off | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off index 9d3b0d258..f450bc79d 100755 --- a/roles/openvpn/templates/iiab-remote-off +++ b/roles/openvpn/templates/iiab-remote-off @@ -19,6 +19,12 @@ if [ $? -ne 0 ]; then exit 1 fi +if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then + sed -i "s/^openvpn_enabled:.*/openvpn_enabled: False/" /etc/iiab/local_vars.yml +else + echo "openvpn_enabled: False" >> /etc/iiab/local_vars.yml +fi + systemctl disable openvpn systemctl stop openvpn From 83dc48ba7d3841b38c136b3e5a754fc79ece40d4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Aug 2022 09:45:09 -0400 Subject: [PATCH 333/344] iiab-remote-off: Comment out stale guidance --- roles/openvpn/templates/iiab-remote-off | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off index f450bc79d..914621435 100755 --- a/roles/openvpn/templates/iiab-remote-off +++ b/roles/openvpn/templates/iiab-remote-off @@ -3,14 +3,14 @@ # /usr/bin/iiab-remote-off should fully turn off multiple remote support # services like OpenVPN and others, to reduce risk of remote attacks. -echo -e '\nWARNING: To disable OpenVPN long-term, it'"'"'s recommended you:\n' - -echo -e '1) Set this variable in /etc/iiab/local_vars.yml' -echo -e ' openvpn_enabled: False\n' - -echo -e '2) Run:' -echo -e ' cd /opt/iiab/iiab' -echo -e ' sudo ./runrole openvpn\n' +# echo -e '\nWARNING: To disable OpenVPN long-term, it'"'"'s recommended you:\n' +# +# echo -e '1) Set this variable in /etc/iiab/local_vars.yml' +# echo -e ' openvpn_enabled: False\n' +# +# echo -e '2) Run:' +# echo -e ' cd /opt/iiab/iiab' +# echo -e ' sudo ./runrole openvpn\n' # Do nothing if OpenVPN not installed which openvpn From 3227cffe5f0a898bb14677f57cb3263385e11771 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Aug 2022 12:02:44 -0400 Subject: [PATCH 334/344] iiab-remote-off: UX explaining OpenVPN's truly off --- roles/openvpn/templates/iiab-remote-off | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off index 914621435..6d5003b78 100755 --- a/roles/openvpn/templates/iiab-remote-off +++ b/roles/openvpn/templates/iiab-remote-off @@ -31,7 +31,9 @@ systemctl stop openvpn sleep 5 ps -e | grep openvpn # 2018-09-05: "ps -e | grep vpn" no longer works (nor would "pgrep vpn") when invoked from iiab-vpn-off (as filename itself causes [multiple] "vpn" instances to appear in process list!) if [ $? -eq 0 ]; then - echo OpenVPN failed to stop. + echo "OpenVPN failed to stop." else - echo Successfully stopped and disabled OpenVPN. + echo "OpenVPN's systemd service was successfully stopped and disabled." + echo + echo "Also, 'openvpn_enabled: False' was set in /etc/iiab/local_vars.yml" fi From f1eb4f381f366b1c5dbe89bca1ee2ad1f284de87 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 13 Aug 2022 09:01:00 -0400 Subject: [PATCH 335/344] Update README.adoc Instructions for getting into Matomo --- roles/matomo/README.adoc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 4d7ca6589..0fdbb3a4d 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -39,6 +39,13 @@ _Finally, continue to https://download.iiab.io[install IIAB], e.g. by running `s Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged above. +WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. + +1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see 'trusted_hosts[] = "192.168.64.10"', so I copy "192.168.64.10". +2. Run "sudo nano /library/www/matomo/config/config.ini.php" to edit Matomo's config file. +3. Paste or type the IP address from Step 1 to replace "box.lan" in the trusted_hosts line, which should be about line 13. When I'm done, my line 13 says 'trusted_hosts[] = "192.168.64.10"' instead of 'trusted_hosts[] = "box.lan"'. +4. Refresh the Matomo homepage and the warning should be gone. + Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) From 77024e62f95a27841c62a69109887cc3f0824e90 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Aug 2022 11:58:26 -0400 Subject: [PATCH 336/344] README.adoc: Highlight code snippets & Bold buttons --- roles/matomo/README.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 0fdbb3a4d..bd86af315 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -41,9 +41,9 @@ Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged a WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. -1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see 'trusted_hosts[] = "192.168.64.10"', so I copy "192.168.64.10". -2. Run "sudo nano /library/www/matomo/config/config.ini.php" to edit Matomo's config file. -3. Paste or type the IP address from Step 1 to replace "box.lan" in the trusted_hosts line, which should be about line 13. When I'm done, my line 13 says 'trusted_hosts[] = "192.168.64.10"' instead of 'trusted_hosts[] = "box.lan"'. +1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see `trusted_hosts[] = "192.168.64.10"`, so I copy `"192.168.64.10"`. +2. Run `sudo nano /library/www/matomo/config/config.ini.php` to edit Matomo's config file. +3. Paste or type the IP address from Step 1 to replace `"box.lan"` in the `trusted_hosts` line, which should be about line 13. When I'm done, my line 13 says `trusted_hosts[] = "192.168.64.10"` instead of `trusted_hosts[] = "box.lan"`. 4. Refresh the Matomo homepage and the warning should be gone. Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ @@ -54,9 +54,9 @@ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (w Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. -The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on "Visitors" and then below "Visitors", "Overview", to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to Internet in a Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet in a Box. +The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to Internet in a Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. -Below the "Visitors" button is a second button, "Behavior". Click on the "Pages" button after clicking "Behavior" and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. +Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* button after clicking *Behavior* and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. === IIAB Tips, Tricks, and Gotchas From ab1d417d253c2a0d9ea3efe74b87d8db508385a2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Aug 2022 15:57:52 -0400 Subject: [PATCH 337/344] Update matomo/README.adoc --- roles/matomo/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index bd86af315..615ad9a99 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -54,7 +54,7 @@ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (w Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. -The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to Internet in a Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. +The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* button after clicking *Behavior* and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. From 6e09f13dbae28662fcac494e656085489169cffa Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Aug 2022 16:19:15 -0400 Subject: [PATCH 338/344] Update matomo/README.adoc --- roles/matomo/README.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 615ad9a99..0ad39328a 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -39,14 +39,15 @@ _Finally, continue to https://download.iiab.io[install IIAB], e.g. by running `s Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged above. +Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ + WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. 1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see `trusted_hosts[] = "192.168.64.10"`, so I copy `"192.168.64.10"`. 2. Run `sudo nano /library/www/matomo/config/config.ini.php` to edit Matomo's config file. 3. Paste or type the IP address from Step 1 to replace `"box.lan"` in the `trusted_hosts` line, which should be about line 13. When I'm done, my line 13 says `trusted_hosts[] = "192.168.64.10"` instead of `trusted_hosts[] = "box.lan"`. 4. Refresh the Matomo homepage and the warning should be gone. - -Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ +5. Optionally, see the https://forum.matomo.org/t/trusted-hostname/11963[advanced tips] in https://forum.matomo.org/[Matomo's Forum]. WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) From ac6e54dae25f26af98b9a2f37286e8ce4d4b9b99 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 16 Aug 2022 09:11:23 -0400 Subject: [PATCH 339/344] Recommend ansible-core 2.13.3 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index b5496c6e8..8d5293023 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] -GOOD_VER=2.13.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From e277e405eb8c263cc942be41e03a4c605bbba609 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 17 Aug 2022 15:53:11 -0400 Subject: [PATCH 340/344] kiwix/defaults/main.yml: New kiwix-tools version 3.3.0-1 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 784e615e4..332eb6289 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # https://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # https://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0 -kiwix_version_i686: kiwix-tools_linux-i586-3.3.0 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0-1 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0-1 +kiwix_version_i686: kiwix-tools_linux-i586-3.3.0-1 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From 6b7da719dc5f4a61afab8a97bedc170838298574 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 19 Aug 2022 19:48:02 -0400 Subject: [PATCH 341/344] kolibri/tasks/install.yml: PPA special cases for Mint 20 (focal) + Mint 21 (jammy) --- roles/kolibri/tasks/install.yml | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 9bcc2c057..84e742c7b 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -45,16 +45,38 @@ # "When you use the PPA installation method, upgrades to newer versions # will be automatic, provided there is internet access available." - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu) + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) apt_repository: repo: ppa:learningequality/kolibri - when: is_ubuntu + when: is_ubuntu and not is_linuxmint - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian) + # 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on + # Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) + # BUT equivalent Ansible command (STANZA ABOVE) failed with error... + # "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file." + # ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!) + + # 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks + # about the warning below, arising no matter if codename is 'focal' or 'jammy' + # with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version': + # + # /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release + # warnings.warn( + + # 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also + # want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) + apt_repository: + repo: ppa:learningequality/kolibri + codename: jammy # CONSOLIDATE THIS STANZA WITH UBUNTU ABOVE IN FUTURE? + when: is_linuxmint_21 + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) apt_repository: repo: ppa:learningequality/kolibri codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) - when: is_debian + when: is_debian or is_linuxmint_20 - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: From a02798cb1e3807c65e260acfdd1adea278612cec Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 22 Aug 2022 15:17:07 -0400 Subject: [PATCH 342/344] iiab-diagnostics: Display /etc/fstab --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 1fdb97933..ed243490c 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -198,6 +198,7 @@ cat_cmd 'df -h' 'Disk usage' cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' cat_cmd 'blkid' 'Mount point details' +cat_file /etc/fstab cat_cmd 'ip addr' 'Network interfaces' cat_cmd 'ifconfig' 'Network interfaces (old view)' cat_cmd 'ip route' 'Routing table' From 6be554d4ab9d30da446a3501ce950c7f07f39836 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 22 Aug 2022 15:17:32 -0400 Subject: [PATCH 343/344] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index da9754842..be341bb4f 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-244 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-245 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 6c41a6579e732a650a0434ca57e34c5cce09e237 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 29 Aug 2022 07:13:09 -0400 Subject: [PATCH 344/344] scripts/ansible: Cleaner comment --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 8d5293023..a8dfadfae 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,7 +7,7 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] GOOD_VER=2.13.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and