Merge pull request #493 from iiab/master

Sync from iiab/iiab:master
2025-02-15 04:32:11 +00:00 · 2021-05-18 20:58:15 -04:00 · 2021-05-18 20:58:15 -04:00 · e597c7474a
commit e597c7474a
parent f5433ec599 2694f66f85
10 changed files with 51 additions and 14 deletions
--- a/roles/kalite/templates/kalite-serve.service.j2
+++ b/roles/kalite/templates/kalite-serve.service.j2
@ -5,6 +5,7 @@ After=syslog.target network.target local-fs.target
 [Service]
 Type=forking
 Environment="KALITE_HOME={{ kalite_root }}"
+PIDFile={{ kalite_root }}/kalite.pid
 ExecStart={{ kalite_program }} start {{ job_scheduler_stanza }}--port={{ kalite_server_port }}
 ExecStop={{ kalite_program }} stop
 TimeoutStartSec=900
--- a/roles/lokole/defaults/main.yml
+++ b/roles/lokole/defaults/main.yml
@ -22,8 +22,9 @@ lokole_venv: "{{ lokole_install_path }}/venv"       # /library/lokole/venv
 # Info needed to run Lokole:
 lokole_user: lokole
 lokole_url: /lokole
+lokole_uid: "2000"
 lokole_run_directory: /home/{{ lokole_user }}/state
-lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock"
+lokole_domain_socket: "/run/lokole_gunicorn.sock"
 lokole_sim_type: LocalOnly

 lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}"    # http://box.lan/lokole
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@ -71,12 +71,37 @@
  with_items:
    - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp"

+- name: Create system {{ lokole_user }} user
+  ansible.builtin.user:
+    state: present
+    name: "{{ lokole_user }}"
+    system: yes
+    uid: "{{ lokole_uid }}"
+    home: /home/{{ lokole_user }}
+
 - name: mkdir {{ lokole_run_directory }}
  file:
    state: directory
    path: "{{ lokole_run_directory }}"
    #mode: a+x    # Not nec, given above 'state: directory'

+# lets try to catch settings.env creation at registration time
+# can't tell if the routine doesn't like settings.env being missing
+- name: mkdir /{{ lokole_user }}/state for registration testing
+  file:
+    state: directory
+    path: /{{ lokole_user }}/state
+
+- name: Install dummy target for registration testing fake
+  template:
+    src: settings.env.j2
+    dest: "/{{ lokole_user }}/state/settings.env"
+
+- name: Install dummy target for registration testing run
+  template:
+    src: settings.env.j2
+    dest: "{{ lokole_run_directory }}/settings.env"
+
 - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
  template:
    src: webapp_secrets.sh.j2
@ -89,7 +114,7 @@
    dest: "{{ lokole_run_directory }}/webapp.sh"
    mode: a+x

- name: Create admin user with password, for http://box{{ lokole_url }}    # http://box/lokole
+- name: Create Lokole admin user with password, for http://box{{ lokole_url }}    # http://box/lokole
  shell: |
    . {{ lokole_run_directory }}/webapp_secrets.sh
    {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
--- a/roles/lokole/templates/celery.service.j2
+++ b/roles/lokole/templates/celery.service.j2
@ -6,7 +6,7 @@ Before=celerybeat.service

 [Service]
 Type=simple
-ExecStart={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks worker --loglevel=info --concurrency=2
+ExecStart={{ lokole_venv }}/bin/celery --uid={{ lokole_uid }} --gid={{ lokole_uid }} --app=opwen_email_client.webapp.tasks worker --loglevel=info --concurrency=2
 ExecReload=/bin/kill -s HUP $MAINPID
 ExecStop=/bin/kill TERM $MAINPID

--- a/roles/lokole/templates/settings.env.j2
+++ b/roles/lokole/templates/settings.env.j2
@ -0,0 +1,7 @@
+OPWEN_SIM_TYPE='{{ lokole_sim_type }}'
+OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}'
+OPWEN_APP_ROOT='{{ lokole_url }}/'
+OPWEN_MAX_UPLOAD_SIZE_MB=10
+OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *'
+OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}'
+OPWEN_PASSWORD_SALT='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}'
--- a/roles/lokole/templates/webapp_secrets.sh.j2
+++ b/roles/lokole/templates/webapp_secrets.sh.j2
@ -1,6 +1,6 @@
 export OPWEN_SIM_TYPE='{{ lokole_sim_type }}'
 export OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}'
-export OPWEN_APP_ROOT='{{ lokole_url }}'
+export OPWEN_APP_ROOT='{{ lokole_url }}/'
 export OPWEN_MAX_UPLOAD_SIZE_MB=10
 export OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *'
 export OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}'
--- a/roles/moodle/defaults/main.yml
+++ b/roles/moodle/defaults/main.yml
@ -7,7 +7,7 @@
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

-moodle_version: 310
+moodle_version: 311
 moodle_repo_url: https://github.com/moodle/moodle.git
 #moodle_repo_url: git://git.moodle.org/moodle.git    # 2020-10-16: VERY Slow!
 moodle_base: "{{ iiab_base }}/moodle"    # /opt/iiab
--- a/roles/moodle/tasks/install.yml
+++ b/roles/moodle/tasks/install.yml
@ -26,9 +26,10 @@
      - php{{ php_version }}-zip
      - php{{ php_version }}-gd
      - php{{ php_version }}-mbstring    # 2020-06-15: Required by Moodle 3.9+
-      - php{{ php_version }}-cli     # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
-      - php{{ php_version }}-intl    # 2020-12-03: Required by Moodle 3.10+
-      - php{{ php_version }}-soap    # 2020-12-03: Recommended by Moodle 3.10+
+      - php{{ php_version }}-cli         # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
+      - php{{ php_version }}-intl        # 2020-12-03: Required by Moodle 3.10+
+      - php{{ php_version }}-soap        # 2020-12-03: Recommended by Moodle 3.10+
+      #- php-sodium                      # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium AND ALREADY PRE-ENABLED BY PHP 7.2+ https://www.php.net/manual/en/sodium.installation.php AS CONFIRMED BY 'php -i | grep sodium' AND 'apt list "*sodium*"'
    state: present
  when: is_debuntu

--- a/roles/www_options/tasks/main.yml
+++ b/roles/www_options/tasks/main.yml
@ -50,7 +50,7 @@
      lxde_present.stat.exists and chromium_present.stat.exists

 - debug:
-    msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (nginx_high_php_limits or moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled'
+    msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled'

 - block:    # 3-STANZA BLOCK BEGINS

@ -68,7 +68,8 @@
      - { regexp: '^max_execution_time', line: 'max_execution_time = 100    ; default is 30' }
      - { regexp: '^max_input_time', line: 'max_input_time = 100    ; default is 60' }
      - { regexp: '^memory_limit', line: 'memory_limit = 128M    ; default is 128M / Nextcloud requests 512M' }
-    when: not nginx_high_php_limits    # REMINDER: THIS ENTIRE 4-STANZA BLOCK IS ONLY INVOKED... when: (wordpress_install or nextcloud_install or moodle_install or pbx_install) and nginx_enabled
+      - { regexp: '^max_input_vars', line: 'max_input_vars = 1000    ; default is 1000 / Moodle 3.11+ requests 5000' }
+    when: not nginx_high_php_limits    # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled

  # 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause
  # (to reset/restore PHP's defaults) is not necessary at this time.
@ -89,14 +90,15 @@
      - { regexp: '^max_execution_time', line: 'max_execution_time = 300    ; default is 30' }
      - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }
      - { regexp: '^memory_limit', line: 'memory_limit = 512M    ; default is 128M / Nextcloud requests 512M' }
-    when: nginx_high_php_limits
+      - { regexp: '^max_input_vars', line: 'max_input_vars = 5000    ; default is 1000 / Moodle 3.11+ requests 5000' }
+    when: nginx_high_php_limits    # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled

  - name: Restart 'php{{ php_version }}-fpm' systemd service
    systemd:
      name: "php{{ php_version }}-fpm"
      state: restarted

-  when: (nginx_high_php_limits or moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled    # 3-STANZA BLOCK ENDS
+  when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled    # 3-STANZA BLOCK ENDS


 # 'Is a "Rapid Power Off" button possible for low-electricity environments?'
--- a/4
+++ b/4
@ -79,9 +79,9 @@ else
        grep -q "^${ROLE_VAR}_enabled:\s\+[Ff]alse\b" $LOCAL_VARS_FILE && ENABLED=false
        grep -q "^${ROLE_VAR}_enabled:\s\+[Tt]rue\b" $LOCAL_VARS_FILE && ENABLED=true
        if $ENABLED; then
-            echo -n "Or just continue, to try to enforce var '${ROLE_VAR}_enabled: True' ? [Y/n] "
+            echo -n "Or just continue, to enforce var '${ROLE_VAR}_enabled: True' etc? [Y/n] "
        else
-            echo -n "Or just continue, to try to enforce var '${ROLE_VAR}_enabled: False' ? [Y/n] "
+            echo -n "Or just continue, to enforce var '${ROLE_VAR}_enabled: False' etc? [Y/n] "
        fi
        read ans < /dev/tty
        echo