From cbae3ac33c653d1a3b44f1f98a3d1022219dc849 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Sat, 1 Feb 2020 15:41:27 -0500
Subject: [PATCH 1/3] Cleaner Lokole, with libopenjp2-7 for #2221

---
 roles/lokole/defaults/main.yml | 19 +++++----
 roles/lokole/tasks/apache.yml  | 12 ++++++
 roles/lokole/tasks/enable.yml  | 71 --------------------------------
 roles/lokole/tasks/install.yml | 63 +++++++++++++++-------------
 roles/lokole/tasks/main.yml    | 75 +++++++++++++++++++++++++++++++---
 roles/lokole/tasks/nginx.yml   | 16 ++++++++
 6 files changed, 143 insertions(+), 113 deletions(-)
 create mode 100644 roles/lokole/tasks/apache.yml
 delete mode 100644 roles/lokole/tasks/enable.yml
 create mode 100644 roles/lokole/tasks/nginx.yml

diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml
index 57b53c4e6..dc5faa596 100644
--- a/roles/lokole/defaults/main.yml
+++ b/roles/lokole/defaults/main.yml
@@ -5,9 +5,12 @@
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
 
 # Info needed to install Lokole
-lokole_version: 0.5.10
-lokole_admin_user: admin    # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!)
+#lokole_commit:     # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/opwen-webapp/commits/master
+#lokole_version:    # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history
+
+lokole_admin_user: admin    # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole)
 lokole_admin_password: changeme
+
 lokole_install_path: "{{ content_base }}/lokole"    # /library/lokole
 lokole_venv: "{{ lokole_install_path }}/venv"       # /library/lokole/venv
 
@@ -20,8 +23,10 @@ lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}"
 
 lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock"
 
-# Global variables provided by setup-lokole.sh:
-# https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L140-L141
-# https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L182-L192
-opwen_server_locale: "{{ default_language }}"
-opwen_server_timezone: "{{ local_tz }}"
+# 2020-02-01: NO LONGER USED, or even meaningful.  Delete soon?
+#
+## Global variables provided by setup-lokole.sh:
+## https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L140-L141
+## https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L182-L192
+#opwen_server_locale: "{{ default_language }}"
+#opwen_server_timezone: "{{ local_tz }}"
diff --git a/roles/lokole/tasks/apache.yml b/roles/lokole/tasks/apache.yml
new file mode 100644
index 000000000..f9ddedace
--- /dev/null
+++ b/roles/lokole/tasks/apache.yml
@@ -0,0 +1,12 @@
+- name: Enable http://box{{ lokole_url }} via Apache    # http://box/lokole
+  command: a2ensite lokole.conf
+  when: lokole_enabled | bool
+
+- name: Disable http://box{{ lokole_url }} via Apache    # http://box/lokole
+  command: a2dissite lokole.conf
+  when: not lokole_enabled
+
+- name: Restart '{{ apache_service }}' systemd service
+  systemd:
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
+    state: restarted
diff --git a/roles/lokole/tasks/enable.yml b/roles/lokole/tasks/enable.yml
deleted file mode 100644
index a8701376c..000000000
--- a/roles/lokole/tasks/enable.yml
+++ /dev/null
@@ -1,71 +0,0 @@
-- name: Enable & Restart 'lokole' systemd service
-  systemd:
-    name: lokole
-    daemon_reload: yes
-    enabled: yes
-    state: restarted
-  when: lokole_enabled | bool
-
-- name: Disable & Stop 'lokole' systemd service
-  systemd:
-    name: lokole
-    enabled: no
-    state: stopped
-  when: not lokole_enabled
-
-# Apache
-
-- name: Enable http://box{{ lokole_url }} via Apache    # http://box/lokole
-  command: a2ensite lokole.conf
-  when: apache_install and lokole_enabled
-
-- name: Disable http://box{{ lokole_url }} via Apache    # http://box/lokole
-  command: a2dissite lokole.conf
-  when: apache_install and not lokole_enabled
-
-- name: Restart Apache systemd service ({{ apache_service }})
-  systemd:
-    name: "{{ apache_service }}"
-    state: restarted
-  when: apache_enabled | bool
-
-# NGINX
-
-- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template"    # http://box/lokole
-  template:
-    src: lokole-nginx.conf.j2
-    dest: "{{ nginx_conf_dir }}/lokole-nginx.conf"
-  when: nginx_install and lokole_enabled
-
-- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf"    # http://box/lokole
-  file:
-    path: "{{ nginx_conf_dir }}/lokole-nginx.conf"
-    state: absent
-  when: nginx_install and not lokole_enabled
-
-- name: Restart 'nginx' systemd service
-  systemd:
-    name: nginx
-    state: restarted
-  when: nginx_enabled | bool
-
-
-- name: Add 'lokole' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: lokole
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: lokole
-    - option: description
-      value: '"Lokole is an email service that works offline, for rural communities."'
-    - option: lokole_run_directory
-      value: "{{ lokole_run_directory }}"
-    - option: lokole_url
-      value: "{{ lokole_url }}"
-    - option: lokole_full_url
-      value: "{{ lokole_full_url }}"
-    - option: lokole_enabled
-      value: "{{ lokole_enabled }}"
diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml
index ee7baa3c2..76099bde1 100644
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@@ -1,35 +1,24 @@
 # Lokole PDF (User's Guide) gets copied for offline use (http://box/info) here:
-# https://github.com/iiab/iiab/blob/master/roles/httpd/templates/refresh-wiki-docs.sh#L47
+# https://github.com/iiab/iiab/blob/master/roles/httpd/templates/refresh-wiki-docs.sh#L51-L52
 
-- name: "Install 7 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, libffi-dev, libssl-dev, python3-bcrypt"
+- name: "Install 8 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, python3-bcrypt, libffi-dev, libssl-dev, libopenjp2-7"
   apt:
     name:
       - python3
       - python3-pip
       - python3-venv
       - python3-dev
+      - python3-bcrypt    # 2019-10-14: Should work across modern Linux OS's
+      #- bcrypt does not exist on Ubuntu 19.10
       - libffi-dev
       - libssl-dev
-      #- bcrypt does not exist on Ubuntu 19.10
-      - python3-bcrypt    # 2019-10-14: should work across modern Linux OS's
+      - libopenjp2-7    # 2020-02-01: To solve bug #2221
     state: present
 
-- name: pip install opwen_email_client (Lokole) {{ lokole_version }} from PyPI to {{ lokole_venv }}
-  pip:
-    name: opwen_email_client
-    version: "{{ lokole_version }}"
-    virtualenv: "{{ lokole_venv }}"
-    virtualenv_command: python3 -m venv "{{ lokole_venv }}"
-    extra_args: --no-cache-dir    # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
-  when:
-    - internet_available | bool
-    - lokole_commit is undefined
-
 # For development purposes -- To install Lokole from a given commit, add the
 # following line to roles/lokole/defaults/main.yml:
-# 
 # lokole_commit: <git_commit_id>
-- name: pip install opwen_email_client (Lokole) from git commit {{ lokole_commit }} (for development purposes)
+- name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined"
   pip:
     name: "git+https://github.com/ascoderu/opwen-webapp.git@{{ lokole_commit }}#egg=opwen_email_client"
     virtualenv: "{{ lokole_venv }}"
@@ -39,6 +28,30 @@
     - internet_available | bool
     - lokole_commit is defined
 
+# For development purposes -- To install a given pip version of Lokole, add
+# the following line to roles/lokole/defaults/main.yml:
+# lokole_version: <git_version_number>
+- name: "OPTIONAL: pip install opwen_email_client (Lokole, version {{ lokole_version }}) from PyPI to {{ lokole_venv }}, if lokole_version is defined"
+  pip:
+    name: opwen_email_client
+    version: "{{ lokole_version }}"
+    virtualenv: "{{ lokole_venv }}"
+    virtualenv_command: python3 -m venv "{{ lokole_venv }}"
+    extra_args: --no-cache-dir    # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
+  when:
+    - internet_available | bool
+    - lokole_version is defined
+
+- name: "DEFAULT: pip install opwen_email_client (Lokole, latest available version) from PyPI to {{ lokole_venv }}, if above vars both UNdefined"
+  pip:
+    name: opwen_email_client
+    virtualenv: "{{ lokole_venv }}"
+    virtualenv_command: python3 -m venv "{{ lokole_venv }}"
+    extra_args: --no-cache-dir    # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
+  when:
+    - internet_available | bool
+    - lokole_commit is undefined and lokole_version is undefined
+
 - name: Compile translations
   shell: |
     python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';)
@@ -46,10 +59,10 @@
   with_items:
     - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp"
 
-- name: Create dir {{ lokole_run_directory }}
+- name: mkdir {{ lokole_run_directory }}
   file: 
-    path: "{{ lokole_run_directory }}"
     state: directory
+    path: "{{ lokole_run_directory }}"
 
 - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
   template:
@@ -62,12 +75,12 @@
     dest: "{{ lokole_run_directory }}/webapp.sh"
     mode: a+x
 
-- name: Create admin user
+- name: Create admin user with password, for http://box{{ lokole_url }}    # http://box/lokole
   shell: |
     . {{ lokole_run_directory }}/webapp_secrets.sh
     {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
 
-- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache   # http://box/lokole
+- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache    # http://box/lokole
   template:
     src: lokole.conf.j2
     dest: "/etc/{{ apache_conf_dir }}/lokole.conf"
@@ -78,14 +91,6 @@
     src: lokole.service.j2
     dest: /etc/systemd/system/lokole.service
 
-# - name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled
-#   systemd:
-#     daemon_reload: yes
-#     name: lokole
-#     enabled: yes
-#     state: restarted
-#   when: lokole_enabled | bool
-
 
 # RECORD Lokole AS INSTALLED
 
diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml
index cd33c7692..0e389744d 100644
--- a/roles/lokole/tasks/main.yml
+++ b/roles/lokole/tasks/main.yml
@@ -1,7 +1,70 @@
-- name: Install Lokole {{ lokole_version }} if lokole_install
-  include_tasks: install.yml
-  when: lokole_install and not lokole_installed is defined
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: Enable Lokole
-  include_tasks: enable.yml
-  when: lokole_install or lokole_installed is defined
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "lokole_install is sameas true" (boolean not string etc)
+  assert:
+    that: lokole_install is sameas true
+    fail_msg: "PLEASE SET 'lokole_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "lokole_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: lokole_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'lokole_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install Lokole {{ lokole_version }} if lokole_installed is not defined
+  include_tasks: install.yml
+  when: lokole_installed is undefined
+
+
+- name: Enable & Restart 'lokole' systemd service
+  systemd:
+    name: lokole
+    daemon_reload: yes
+    enabled: yes
+    state: restarted
+  when: lokole_enabled | bool
+
+- name: Disable & Stop 'lokole' systemd service
+  systemd:
+    name: lokole
+    enabled: no
+    state: stopped
+  when: not lokole_enabled
+
+#- name: Enable/Disable/Restart Apache if primary
+- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
+  include_tasks: apache.yml
+  #when: not nginx_enabled
+
+- name: Enable/Disable/Restart NGINX if primary
+  include_tasks: nginx.yml
+  when: nginx_enabled | bool
+
+
+- name: Add 'lokole' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab_state.yml
+    section: lokole
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: lokole
+    - option: description
+      value: '"Lokole is an email service that works offline, for rural communities."'
+    - option: lokole_run_directory
+      value: "{{ lokole_run_directory }}"
+    - option: lokole_url
+      value: "{{ lokole_url }}"
+    - option: lokole_full_url
+      value: "{{ lokole_full_url }}"
+    - option: lokole_enabled
+      value: "{{ lokole_enabled }}"
diff --git a/roles/lokole/tasks/nginx.yml b/roles/lokole/tasks/nginx.yml
new file mode 100644
index 000000000..59c259159
--- /dev/null
+++ b/roles/lokole/tasks/nginx.yml
@@ -0,0 +1,16 @@
+- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template"    # http://box/lokole
+  template:
+    src: lokole-nginx.conf.j2
+    dest: "{{ nginx_conf_dir }}/lokole-nginx.conf"    # /etc/nginx/conf.d
+  when: lokole_enabled | bool
+
+- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf"    # http://box/lokole
+  file:
+    path: "{{ nginx_conf_dir }}/lokole-nginx.conf"    # /etc/nginx/conf.d
+    state: absent
+  when: not lokole_enabled
+
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted

From ac1cd3af5dc5288ebbf862fca18d7f30167b8df3 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Sat, 1 Feb 2020 16:03:38 -0500
Subject: [PATCH 2/3] Lokole explained in /etc/iiab/iiab.ini

---
 roles/lokole/tasks/main.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml
index 0e389744d..ba6321aed 100644
--- a/roles/lokole/tasks/main.yml
+++ b/roles/lokole/tasks/main.yml
@@ -57,9 +57,10 @@
     value: "{{ item.value | string }}"
   with_items:
     - option: name
-      value: lokole
+      value: Lokole
     - option: description
-      value: '"Lokole is an email service that works offline, for rural communities."'
+      value: '"Lokole is an email service that works offline, for rural communities.  With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night — for almost no cost at all — depending on mobile data plans in your country."'
+      #value: '"Lokole is an email service that works offline, for rural communities.  In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."'
     - option: lokole_run_directory
       value: "{{ lokole_run_directory }}"
     - option: lokole_url

From 70966528023a4fd49aa0fc146a7e7af80679d3c2 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Sat, 1 Feb 2020 16:25:27 -0500
Subject: [PATCH 3/3] NEW DEFAULT: try to install latest Lokole from pip.
 Unless overriden w/ ver# or githash

---
 roles/lokole/defaults/main.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml
index dc5faa596..b9cfcfbda 100644
--- a/roles/lokole/defaults/main.yml
+++ b/roles/lokole/defaults/main.yml
@@ -4,7 +4,10 @@
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
 
-# Info needed to install Lokole
+# Info needed to install Lokole:
+
+# By default, IIAB will always try to install the latest Lokole as published on
+# https://pypi.org/project/opwen-email-client/ ...OR... HARDCODE EITHER HERE:
 #lokole_commit:     # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/opwen-webapp/commits/master
 #lokole_version:    # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history
 
@@ -14,7 +17,8 @@ lokole_admin_password: changeme
 lokole_install_path: "{{ content_base }}/lokole"    # /library/lokole
 lokole_venv: "{{ lokole_install_path }}/venv"       # /library/lokole/venv
 
-# Info needed to run Lokole
+# Info needed to run Lokole:
+
 lokole_user: lokole
 lokole_run_directory: "/home/{{ lokole_user }}/state"