diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8e548ee05..88f5ebafd 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -1,7 +1,8 @@ # Initialize - name: ...IS BEGINNING ============================================ - stat: path=/etc/iiab/iiab.env + stat: + path: /etc/iiab/iiab.env register: NewInstall - name: Setting first run flag @@ -18,32 +19,33 @@ #- name: Loading computed_vars # include_tasks: roles/0-init/tasks/computed_vars.yml - name: Re-read local_facts.facts from /etc/ansible/facts.d - setup: filter=ansible_local + setup: + filter: ansible_local - name: Set top level variables from local facts for convenience set_fact: - xo_model: '{{ ansible_local.local_facts.xo_model }}' - phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}' - iiab_stage: '{{ ansible_local.local_facts.stage }}' + xo_model: "{{ ansible_local.local_facts.xo_model }}" + phplib_dir: "{{ ansible_local.local_facts.phplib_dir }}" + iiab_stage: "{{ ansible_local.local_facts.stage }}" - name: Discover if this is running Raspbian -- if so assume it is a RPi set_fact: - rpi_model: "rpi" - is_rpi: True + rpi_model: "rpi" + is_rpi: True # no_net_restart: True # nobridge: True when: ansible_local.local_facts.os == "raspbian" - name: Set exFAT enabled for XO laptops set_fact: - exFAT_enabled: True + exFAT_enabled: True when: xo_model != "none" # Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate - name: Finding gateway set_fact: - discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" - iiab_wan_iface: "{{ discovered_wan_iface }}" + discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" + iiab_wan_iface: "{{ discovered_wan_iface }}" when: ansible_default_ipv4.gateway is defined - name: Verify gateway present @@ -53,11 +55,14 @@ - name: Recording gateway response set_fact: - gw_active: True + gw_active: True when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" - name: Test for internet access - get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt + get_url: + url: "{{ iiab_download_url }}/heart-beat.txt" + dest: /tmp/heart-beat.txt + timeout: "{{ download_timeout }}" ignore_errors: True # async: 10 # poll: 2 @@ -65,12 +70,13 @@ - name: Set internet_available true if wget succeeded set_fact: - internet_available: True + internet_available: True when: not internet_access_test|failed and not disregard_network - name: Cleanup internet test file - file: path=/tmp/heart-beat.txt - state=absent + file: + path: /tmp/heart-beat.txt + state: absent # Put all computed vars here so derive properly from any prior var file - name: If the TZ is not set in env, set it to UTC @@ -146,19 +152,20 @@ - name: Set FQDN set_fact: - iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" - FQDN_changed: False + iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" + FQDN_changed: False - name: FQDN changed set_fact: - FQDN_changed: True + FQDN_changed: True when: iiab_fqdn != ansible_fqdn - name: Add version section - ini_file: dest='{{ iiab_config_file }}' - section=runtime - option='{{ item.option }}' - value='{{ item.value }}' + ini_file: + dest: "{{ iiab_config_file }}" + section: runtime + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: 'iiab_stage' value: '{{ iiab_stage }}' @@ -202,10 +209,11 @@ when: FQDN_changed - name: STAGE 0 HAS COMPLETED ====================================== - ini_file: dest='{{ iiab_config_file }}' - section=runtime - option='{{ item.option }}' - value='{{ item.value }}' + ini_file: + dest: "{{ iiab_config_file }}" + section: runtime + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: 'is_VM' value: 'yes' diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 84e210854..37df72fcf 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -4,16 +4,20 @@ command: echo - name: Get the uuidgen program - package: name=uuid-runtime - state=present + package: + name: uuid-runtime + state: present when: is_debuntu - name: Test for /etc/iiab/uuid file - stat: path=/etc/iiab/uuid + stat: + path: /etc/iiab/uuid register: uuid_file - name: Create folder to hold uuid - file: path=/etc/iiab state=directory + file: + path: /etc/iiab + state: directory when: not uuid_file.stat.exists - name: If no uuid exists, create one @@ -31,30 +35,36 @@ - name: Get the value into a variable set_fact: - uuid={{ stored_uuid.stdout_lines[0] }} + uuid: "{{ stored_uuid.stdout_lines[0] }}" # for rpi, without rtc, we need time as soon as possible - name: Install chrony package - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - - chrony + - chrony tags: - download #TODO: Use regexp filter instead of hard-code ip - name: Update chrony config file - template: backup=no - dest=/etc/chrony.conf - src=chrony.conf.j2 + template: + backup: no + dest: /etc/chrony.conf + src: chrony.conf.j2 - name: Disable AppArmor -- on by default in Ubuntu - service: name=apparmor enabled=False state=stopped + service: + name: apparmor + enabled: False + state: stopped when: is_ubuntu ignore_errors: true - name: Disable SELinux on next boot - selinux: state=disabled + selinux: + state: disabled register: selinux_disabled when: not is_debuntu @@ -68,19 +78,22 @@ when: first_run and rpi_model != "none" - name: Check if the identifier for Intel's NUC6 builtin WiFi is present - shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'" + shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" register: usb_NUC6 ignore_errors: true - name: Download the firmware for built-in WiFi on NUC6 - get_url: dest=/lib/firmware - url={{ iiab_download_url }}/iwlwifi-8000C-13.ucode - when: usb_NUC6.stdout|int > 0 + get_url: + url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" + dest: /lib/firmware + timeout: "{{ download_timeout }}" + when: internet_available and usb_NUC6.stdout|int > 0 # this script can be sourced to get IIAB location - name: Recording STAGE 1 HAS COMPLETED ============================ - template: src=roles/1-prep/templates/iiab.env.j2 - dest=/etc/iiab/iiab.env - owner=root - group=root - mode=0644 + template: + src: roles/1-prep/templates/iiab.env.j2 + dest: /etc/iiab/iiab.env + owner: root + group: root + mode: 0644 diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 4634d3c5c..05c38f359 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,31 +1,34 @@ - name: Install yum packages (redhat) - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - - yum-utils - - createrepo - - wpa_supplicant - - linux-firmware - - syslog - - xml-common - - nss-mdns - - avahi - - avahi-tools + - yum-utils + - createrepo + - wpa_supplicant + - linux-firmware + - syslog + - xml-common + - nss-mdns + - avahi + - avahi-tools when: is_redhat -- name: Download usbmount -- not in Debian Stretch (debian-9) +- name: Download usbmount -- not in Debian Stretch (debian_9) get_url: url: "{{ iiab_download_url }}/usbmount_0.0.14.1_all.deb" dest: "{{ downloads_dir }}" - when: is_debian_9 + timeout: "{{ download_timeout }}" + when: internet_available and is_debian_9 -- name: Install usbmount (debian-9) +- name: Install usbmount (debian_9) command: apt install -y {{ downloads_dir }}/usbmount_0.0.14.1_all.deb when: is_debian_9 - name: Install packages (debuntu) - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - inetutils-syslogd - wpasupplicant @@ -37,35 +40,36 @@ when: is_debuntu - name: Install common packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - - acpid - - mlocate - - rsync - - htop - - etckeeper - - python-passlib - - usbmount - - net-tools - - openssh-server - - sudo - - logrotate - - make - - tar - - unzip - - bzip2 - - i2c-tools - - bridge-utils - - usbutils - - hostapd - - wget - - openssl #FC 18 does not supply, but pear requires - - gawk - - curl - - pandoc - - lynx - - ntfs-3g + - acpid + - mlocate + - rsync + - htop + - etckeeper + - python-passlib + - usbmount + - net-tools + - openssh-server + - sudo + - logrotate + - make + - tar + - unzip + - bzip2 + - i2c-tools + - bridge-utils + - usbutils + - hostapd + - wget + - openssl #FC 18 does not supply, but pear requires + - gawk + - curl + - pandoc + - lynx + - ntfs-3g #- name: Install pip as a commonly required package management system # command: curl https://bootstrap.pypa.io/get-pip.py -o {{ downloads_dir }}/get-pip.py @@ -74,12 +78,13 @@ # command: python {{ downloads_dir }}/get-pip.py - name: Install common Python packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - - python-pip - - python-setuptools - - python-virtualenv + - python-pip + - python-setuptools + - python-virtualenv # instructions state to start with a fully updated system before starting, stop using # ansible as a crutch for developers not following the directions and taking short-cuts diff --git a/roles/2-common/tasks/xo.yml b/roles/2-common/tasks/xo.yml index 168f978bc..c9fb0d8ea 100644 --- a/roles/2-common/tasks/xo.yml +++ b/roles/2-common/tasks/xo.yml @@ -3,127 +3,147 @@ - name: Disable sleep command: touch /etc/powerd/flags/inhibit-suspend - creates=/etc/powerd/flags/inhibit-suspend + args: + creates: /etc/powerd/flags/inhibit-suspend - name: Disable sleep on lid closing - lineinfile: dest=/etc/powerd/powerd.conf - regexp='^config_SLEEP_WHEN_LID_CLOSED' - line='config_SLEEP_WHEN_LID_CLOSED="no"' - state=present - backup=yes + lineinfile: + dest: /etc/powerd/powerd.conf + regexp: '^config_SLEEP_WHEN_LID_CLOSED' + line: 'config_SLEEP_WHEN_LID_CLOSED="no"' + state: present + backup: yes - name: Keep yum cache - ini_file: dest=/etc/yum.conf - section=main - option=keepcache - value=1 + ini_file: + dest: /etc/yum.conf + section: main + option: keepcache + value: 1 when: not installing - name: Keep docs when installing packages - lineinfile: backup=yes - dest=/etc/rpm/macros.imgcreate - regexp='^%_excludedocs' - state=absent + lineinfile: + backup: yes + dest: /etc/rpm/macros.imgcreate + regexp: '^%_excludedocs' + state: absent - name: Pre-install packages - package: name={{ item }} - state=latest + package: + name: "{{ item }}" + state: latest with_items: - - usbmount - - man - - man-db - - man-pages + - usbmount + - man + - man-db + - man-pages - name: Re-install packages shell: yum -y reinstall sed libidn grep which util-linux wget gnupg2 groff gnash yum when: not osbuilder is defined - name: Configure networkmanager plugin - ini_file: dest=/etc/NetworkManager/NetworkManager.conf - section=main - option=plugins - value=ifcfg-rh,keyfile + ini_file: + dest: /etc/NetworkManager/NetworkManager.conf + section: main + option: plugins + value: ifcfg-rh,keyfile - name: Check for modem config file - stat: path=/etc/NetworkManager/system-connections/"Sugar Modem Connection" + stat: + path: /etc/NetworkManager/system-connections/"Sugar Modem Connection" register: config - name: Change failure and interval settings for modem connection - ini_file: dest=/etc/NetworkManager/system-connections/"Sugar Modem Connection" - section=ppp - option={{ item.option }} - value={{ item.value }} - backup=yes - mode=0600 + ini_file: + dest: /etc/NetworkManager/system-connections/"Sugar Modem Connection" + section: ppp + option: "{{ item.option }}" + value: "{{ item.value }}" + backup: yes + mode: 0600 with_items: - - { option: 'lcp-echo-failure', value: '5' } - - { option: 'lcp-echo-interval', value: '30' } + - { option: 'lcp-echo-failure', value: '5' } + - { option: 'lcp-echo-interval', value: '30' } when: config.stat.exists - name: Create bigger rwtab - lineinfile: backup=yes - dest=/etc/sysconfig/readonly-root - regexp='^RW_OPTIONS' - line='RW_OPTIONS="-o size=4M -o nr_inodes=2048"' - state=present + lineinfile: + backup: yes + dest: /etc/sysconfig/readonly-root + regexp: '^RW_OPTIONS' + line: 'RW_OPTIONS="-o size=4M -o nr_inodes=2048"' + state: present - name: Remove dhcpd entry from /etc/rwtab - lineinfile: backup=yes - dest=/etc/rwtab - regexp='^empty.*/var/lib/dhcpd' - state=absent + lineinfile: + backup: yes + dest: /etc/rwtab + regexp: '^empty.*/var/lib/dhcpd' + state: absent - name: Remove php entry from /etc/rwtab - lineinfile: backup=yes - dest=/etc/rwtab - regexp='^empty.*/var/lib/php' - state=absent + lineinfile: + backup: yes + dest: /etc/rwtab + regexp: '^empty.*/var/lib/php' + state: absent - name: Persist /etc/hosts between reboots - lineinfile: backup=yes - dest=/etc/statetab.d/olpc - regexp='^/etc/hosts' - state=absent + lineinfile: + backup: yes + dest: /etc/statetab.d/olpc + regexp: '^/etc/hosts' + state: absent - name: Disable /var/log tmpfs - lineinfile: backup=yes - dest=/etc/fstab - regexp='^varlog.*' - state=absent + lineinfile: + backup: yes + dest: /etc/fstab + regexp: '^varlog.*' + state: absent - name: Enlarge the /tmp directory so that url_get does not error out - lineinfile: backup=yes - dest=/etc/fstab - regexp='^/tmp*' - line='/tmp /tmp tmpfs rw,size=600m 0 0' + lineinfile: + backup: yes + dest: /etc/fstab + regexp: '^/tmp*' + line: '/tmp /tmp tmpfs rw,size=600m 0 0' - name: Disable graphical login - file: path=/etc/systemd/system/default.target - src=/lib/systemd/system/multi-user.target - state=link + file: + src: /lib/systemd/system/multi-user.target + dest: /etc/systemd/system/default.target + state: link register: disabled_login - name: Remove custom profile settings - file: path=/etc/profile.d/zzz_olpc.sh - state=absent + file: + path: /etc/profile.d/zzz_olpc.sh + state: absent - name: Download substitute software for i386 on FC18 XO1.5 - get_url: url="{{ iiab_download_url }}/{{ item }}" dest={{ downloads_dir }}/{{ item }} + get_url: + url: "{{ iiab_download_url }}/{{ item }}" + dest: "{{ downloads_dir }}/{{ item }}" + timeout: "{{ download_timeout }}" with_items: - - hostapd_8188_i386 - when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" and internet_available + - hostapd_8188_i386 + when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" and internet_available tags: - xo - name: Put the substitute in place - copy: src={{ downloads_dir }}/hostapd_8188_i386 - dest=/usr/sbin/hostapd - backup=yes - mode=0775 - owner=root - group=root - when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" + copy: + src: "{{ downloads_dir }}/hostapd_8188_i386" + dest: /usr/sbin/hostapd + backup: yes + mode: 0775 + owner: root + group: root + when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" - name: Reboot system command: /sbin/reboot diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index 6f662ada9..20e93b5b2 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -1,14 +1,14 @@ - include_tasks: install.yml when: awstats_install -- name: Add AWStats to service list +- name: Add 'awstats' to list of services at /etc/iiab/iiab.ini ini_file: dest='{{ service_filelist }}' section=awstats option='{{ item.option }}' value='{{ item.value }}' with_items: - option: name - value: awstats + value: AWStats - option: description value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' - option: installed diff --git a/roles/calibre/tasks/create-db.yml b/roles/calibre/tasks/create-db.yml index be3c47f8f..f630f8b2e 100644 --- a/roles/calibre/tasks/create-db.yml +++ b/roles/calibre/tasks/create-db.yml @@ -13,6 +13,7 @@ get_url: url: "{{ iiab_download_url }}/{{ calibre_sample_book }}" dest: "{{ content_base }}/downloads" + timeout: "{{ download_timeout }}" when: internet_available and not sample_bk.stat.exists - name: Check if sample book exists in /opt/iiab/downloads diff --git a/roles/calibre/tasks/py-installer.yml b/roles/calibre/tasks/py-installer.yml index 4480405ea..96c3162e5 100644 --- a/roles/calibre/tasks/py-installer.yml +++ b/roles/calibre/tasks/py-installer.yml @@ -8,6 +8,7 @@ mode: 0755 force: yes backup: yes + timeout: "{{ download_timeout }}" register: calibre_download_output when: internet_available diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index 111b5098e..d765c4908 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -1,40 +1,46 @@ # administer this service by browsing to localhost:631 - name: Get the CUPS package installed - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - cups when: cups_install tags: - download -- name: Put our own config file in place, to permit local LAN admin - template: dest=/etc/cups/cupsd.conf - src=cupsd.conf +- name: Put our own /etc/cups/cupsd.conf in place, to permit local LAN admin + template: + src: cupsd.conf + dest: /etc/cups/cupsd.conf - name: Put an apache2 config file in place - template: dest=/etc/{{ apache_config_dir }}/ - src=cups.conf + template: + src: cups.conf + dest: "/etc/{{ apache_config_dir }}/" -- name: Create the link for sites-enabled - file: src=/etc/apache2/sites-available/cups.conf - dest=/etc/apache2/sites-enabled/cups.conf - state=link +- name: Create the link for sites-enabled (debuntu) + file: + src: /etc/apache2/sites-available/cups.conf + dest: /etc/apache2/sites-enabled/cups.conf + state: link when: cups_enabled and is_debuntu - name: Enable services for CUPS (OS's other than Fedora 18) - service: name={{ item }} - state=started - enabled=yes + service: + name: "{{ item }}" + state: started + enabled: yes with_items: - cups - cups-browsed when: cups_enabled and not is_F18 - name: Enable services for CUPS (Fedora 18, for XO laptops) - service: name=cups - state=started - enabled=yes + service: + name: cups + state: started + enabled: yes when: cups_enabled and is_F18 - name: Permit headless admin of CUPS -- only works when CUPS daemon is running @@ -42,30 +48,33 @@ when: cups_enabled - name: Disable services for CUPS (OS's other than Fedora 18) - service: name={{ item }} - state=stopped - enabled=no + service: + name: "{{ item }}" + state: stopped + enabled: no with_items: - cups - cups-browsed when: not cups_enabled and not is_F18 - name: Disable services for CUPS (Fedora 18, for XO laptops) - service: name=cups - state=stopped - enabled=no + service: + name: cups + state: stopped + enabled: no when: not cups_enabled and is_F18 -- name: Add 'cups' to service list - ini_file: dest={{ service_filelist }} - section=cups - option={{ item.option }} - value={{ item.value }} +- name: Add 'cups' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: cups + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: '"Common UNIX Printing System (CUPS)"' + value: CUPS - option: description - value: '"CUPS is a modular printing system which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."' + value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."' - option: installed value: "{{ cups_install }}" - option: enabled diff --git a/roles/dokuwiki/tasks/install.yml b/roles/dokuwiki/tasks/install.yml index 815a23d9e..b3bd11d2a 100644 --- a/roles/dokuwiki/tasks/install.yml +++ b/roles/dokuwiki/tasks/install.yml @@ -1,31 +1,48 @@ -- name: Get the DokuWiki software - get_url: url="{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" dest={{ downloads_dir }}/ +- name: Download DokuWiki software + get_url: + url: "{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" + dest: "{{ downloads_dir }}/" + timeout: "{{ download_timeout }}" when: internet_available - name: Copy it to permanent location /library - unarchive: src={{ downloads_dir }}/{{ dokuwiki_version }}.tgz dest=/library creates=/library/{{ dokuwiki_version }}/VERSION + unarchive: + src: "{{ downloads_dir }}/{{ dokuwiki_version }}.tgz" + dest: /library + creates: "/library/{{ dokuwiki_version }}/VERSION" - name: Symlink /library/dokuwiki* to /library/dokuwiki shell: if [ ! -d /library/dokuwiki ]; then ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki; fi - name: Install config file for DokuWiki in Apache - template: src=dokuwiki.conf.j2 dest=/etc/{{ apache_config_dir }}/dokuwiki.conf + template: + src: dokuwiki.conf.j2 + dest: "/etc/{{ apache_config_dir }}/dokuwiki.conf" when: dokuwiki_enabled -- name: Enable the DokuWiki - file: path=/etc/apache2/sites-enabled/dokuwiki.conf - src=/etc/apache2/sites-available/dokuwiki.conf - state=link +- name: Enable the DokuWiki (debuntu) + file: + src: /etc/apache2/sites-available/dokuwiki.conf + dest: /etc/apache2/sites-enabled/dokuwiki.conf + state: link when: dokuwiki_enabled and is_debuntu -- name: Disable the DokuWiki - file: path=/etc/apache2/sites-enabled/dokuwiki.conf - state=absent +- name: Disable the DokuWiki (debuntu) + file: + path: /etc/apache2/sites-enabled/dokuwiki.conf + state: absent when: not dokuwiki_enabled and is_debuntu - name: Change permissions on engine directory so Apache can write - file: path=/library/{{ dokuwiki_version }} owner={{ apache_user }} mode=0755 state=directory recurse=yes + file: + path: "/library/{{ dokuwiki_version }}" + owner: "{{ apache_user }}" + mode: 0755 + state: directory + recurse: yes - name: Restart Apache, so it picks up the new aliases - service: name={{ apache_service }} state=restarted + service: + name: "{{ apache_service }}" + state: restarted diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index 7dd11ef93..c1cca0d1a 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -1,15 +1,16 @@ -- name: Include the install playbook +- name: Install DokuWiki include_tasks: install.yml when: dokuwiki_install -- name: Add DokuWiki to service list - ini_file: dest='{{ service_filelist }}' - section=dokuwiki - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'dokuwiki' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: dokuwiki + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: dokuwiki + value: DokuWiki - option: description value: '"DokuWiki is a simple to use and highly versatile Open Source wiki software that does not require a database."' - option: installed diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 975797857..54a257f4b 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -3,11 +3,13 @@ - name: Download current version from our site shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }} - creates={{ downloads_dir }}/elgg-{{ elgg_version }}.zip + args: + creates: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip" when: internet_available - name: Determine if software is already expanded - stat: path=/opt/elgg-{{ elgg_version }}/index.php + stat: + path: "/opt/elgg-{{ elgg_version }}/index.php" register: elgg # use unzip and shell until unarchive works again @@ -19,106 +21,133 @@ when: elgg.stat.exists is defined and not elgg.stat.exists - name: Create a link to the versioned elgg-* folder - file: src=./elgg-{{ elgg_version }} - dest=/opt/elgg - owner={{ apache_user }} - group={{ apache_user }} - state=link - force=true + file: + src: "./elgg-{{ elgg_version }}" + dest: /opt/elgg + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + state: link + force: true # use template to fix up settings in engine/settings.php with our variables substituted # into engine/settings.example.php # note this will overwrite any manual settings - name: Substitute our parameters in engine/settings.example.php - template: src="settings.php.j2" - dest="/opt/{{ elgg_xx }}/elgg-config/settings.php" - owner={{ apache_user }} - group={{ apache_user }} + template: + src: "settings.php.j2" + dest: "/opt/{{ elgg_xx }}/elgg-config/settings.php" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" # The name of this file changed from 1.9 to 1.10. - name: Copy default .htaccess to the root directory of Elgg tree - copy: src="/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist" - dest="/opt/{{ elgg_xx }}/.htaccess" - mode=0644 - owner={{ apache_user }} - group={{ apache_user }} + copy: + src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist" + dest: "/opt/{{ elgg_xx }}/.htaccess" + mode: 0644 + owner: "{{ apache_user }}" + group: "{{ apache_user }}" #regexp='^#RewriteBase' - name: Modify .htaccess to have RewriteBase as our directory - lineinfile: backup=no - dest="/opt/{{ elgg_xx }}/.htaccess" - state=present - insertafter='^#RewriteBase' - line="RewriteBase {{ elgg_url }}/" + lineinfile: + backup: no + dest: "/opt/{{ elgg_xx }}/.htaccess" + state: present + insertafter: '^#RewriteBase' + line: "RewriteBase {{ elgg_url }}/" - name: Change permissions on engine directory so Apache can write - file: path=/opt/elgg/engine/ owner={{ apache_user }} mode=0755 state=directory + file: + path: /opt/elgg/engine/ + owner: "{{ apache_user }}" + mode: 0755 + state: directory - name: Create an upload directory that Apache can write in or Elgg - file: path={{ elgg_upload_path }} state=directory owner={{ apache_user }} + file: + path: "{{ elgg_upload_path }}" + state: directory + owner: "{{ apache_user }}" - name: Change ownership - file: path=/opt/elgg-{{ elgg_version }} - owner={{ apache_user }} - group={{ apache_user }} - recurse=yes - state=directory + file: + path: "/opt/elgg-{{ elgg_version }}" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + recurse: yes + state: directory - name: Create a MySQL database for Elgg - can be run more than once - mysql_db: name={{ dbname }} + mysql_db: + name: "{{ dbname }}" register: create_elgg_database - name: Create a user to access the Elgg database - can be run more than once - mysql_user: name={{ dbuser }} host={{ item }} password={{ dbpassword }} priv={{ dbname }}.*:ALL + mysql_user: + name: "{{ dbuser }}" + host: "{{ item }}" + password: "{{ dbpassword }}" + priv: "{{ dbname }}.*:ALL" with_items: - 127.0.0.1 - ::1 - localhost - name: Create file to load database - template: src=elggdb.sql.j2 - dest=/tmp/elggdb.sql + template: + src: "elggdb.sql.j2" + dest: "/tmp/elggdb.sql" # elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql # tar up a mysqldump of freshly installed database and use it in the install to avoid the startup # form, which worries me a lot. (/var/lib/mysql/elggdb) - name: Load Elgg database dump - mysql_db: name={{ dbname }} - state=import - target=/tmp/elggdb.sql + mysql_db: + name: "{{ dbname }}" + state: import + target: /tmp/elggdb.sql when: create_elgg_database.changed - name: Remove database dump after load - file: name=/tmp/elggdb.sql state=absent + file: + name: /tmp/elggdb.sql + state: absent - name: Install config file for Elgg in Apache - template: src=elgg.conf dest=/etc/{{ apache_config_dir }}/elgg.conf + template: + src: elgg.conf + dest: "/etc/{{ apache_config_dir }}/elgg.conf" - name: Enable Elgg for debuntu (will already be enabled above for redhat) - file: path=/etc/apache2/sites-enabled/elgg.conf - src=/etc/apache2/sites-available/elgg.conf - state=link + file: + src: /etc/apache2/sites-available/elgg.conf + dest: /etc/apache2/sites-enabled/elgg.conf + state: link when: elgg_enabled and is_debuntu - name: Disable Elgg - remove config file for Elgg in Apache (debuntu) - file: path=/etc/apache2/sites-enabled/elgg.conf - state=absent + file: + path: /etc/apache2/sites-enabled/elgg.conf + state: absent when: not elgg_enabled and is_debuntu - name: Disable Elgg - remove config file for Elgg in Apache (redhat) - file: dest=/etc/{{ apache_config_dir }}/elgg.conf - state=absent + file: + dest: "/etc/{{ apache_config_dir }}/elgg.conf" + state: absent when: not elgg_enabled and is_redhat -- name: Add 'elgg' to service list - ini_file: dest='{{ service_filelist }}' - section=elgg - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'elgg' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: elgg + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: elgg-social-netwoking + value: Elgg - option: description value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."' - option: path @@ -127,4 +156,6 @@ value: "{{ elgg_enabled }}" - name: Restart Apache, so it picks up the new aliases - service: name={{ apache_service }} state=restarted + service: + name: "{{ apache_service }}" + state: restarted diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index fa09461dc..4be6dc4c7 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -1,13 +1,17 @@ # This is for an OS other than Fedora 18 - name: Install missing packages required for KA Lite startup - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - python-virtualenv -- name: Grab the requirements file - get_url: url={{ kalite_requirements }} dest={{ pip_packages_dir }}/kalite.txt +- name: Download KA Lite's requirements file + get_url: + url: "{{ kalite_requirements }}" + dest: "{{ pip_packages_dir }}/kalite.txt" + timeout: "{{ download_timeout }}" when: internet_available #- name: Install KA Lite non-static + reqs file with pip - (debuntu) @@ -18,12 +22,13 @@ # extra_args="--disable-pip-version-check" # when: internet_available and is_debuntu -- name: Install KA Lite static with pip - (debuntu) - pip: name=ka-lite-static - version={{ kalite_version }} - virtualenv={{ kalite_venv }} - virtualenv_site_packages=no - extra_args="--no-cache-dir" +- name: Install KA Lite static with pip (debuntu) + pip: + name: ka-lite-static + version: "{{ kalite_version }}" + virtualenv: "{{ kalite_venv }}" + virtualenv_site_packages: no + extra_args: "--no-cache-dir" # extra_args="--disable-pip-version-check" when: internet_available and is_debuntu @@ -36,30 +41,32 @@ # when: internet_available and not is_debuntu - name: Install KA Lite static with pip - (OS's other than debuntu) - pip: name=ka-lite-static - version={{ kalite_version }} - virtualenv={{ kalite_venv }} - virtualenv_site_packages=no + pip: + name: ka-lite-static + version: "{{ kalite_version }}" + virtualenv: "{{ kalite_venv }}" + virtualenv_site_packages: no # extra_args="--no-cache-dir" # extra_args="--disable-pip-version-check" when: internet_available and not is_debuntu - name: Default is to have cronserve started with KA Lite set_fact: - job_scheduler_stanza: "" + job_scheduler_stanza: "" - name: Add --skip-job-scheduler to start if cronserve not enabled set_fact: - job_scheduler_stanza: "--skip-job-scheduler " + job_scheduler_stanza: "--skip-job-scheduler " when: not kalite_cron_enabled - name: Create 'kalite-serve' service, kalite.sh and kalite.conf - template: backup=no - src={{ item.src }} - dest={{ item.dest }} - owner=root - group=root - mode={{ item.mode }} + template: + backup: no + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" with_items: - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'} - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755'} diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 1a81ac77f..e1bf5a52f 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -156,15 +156,15 @@ # 5. FINALIZE -- name: Add 'kiwix-serve' to list of services at /etc/iiab/iiab.ini +- name: Add 'kiwix' to list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ service_filelist }}" - section: kiwix-serve + section: kiwix option: "{{ item.option }}" value: "{{ item.value }}" with_items: - option: name - value: kiwix-serve + value: Kiwix - option: description value: '"Part of https://github.com/kiwix/kiwix-tools/ - kiwix-serve is the most used web server for ZIM files."' - option: kiwix_url diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 82926db84..7658a8df1 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -27,6 +27,7 @@ get_url: url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" + timeout: "{{ download_timeout }}" when: internet_available - name: Check for /opt/iiab/downloads/{{ kiwix_src_file }} diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index e57ee7c39..0f3b96658 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -1,31 +1,35 @@ - name: Install Monit package - package: name=monit - state=present + package: + name: monit + state: present tags: - download - name: Install chkconfig package -- not in Debian 8 - package: name=chkconfig - state=present + package: + name: chkconfig + state: present when: is_debian and ansible_distribution_major_version == "8" tags: - download - name: Update main config file - template: backup=yes - src=monitrc - dest=/etc/monitrc - owner=root - group=root - mode=0600 + template: + backup: yes + src: monitrc + dest: /etc/monitrc + owner: root + group: root + mode: 0600 - name: Update config files - template: src={{ item }} - dest=/etc/monit.d/{{ item }} - owner=root - group=root - force=yes - mode=0755 + template: + src: "{{ item }}" + dest: "/etc/monit.d/{{ item }}" + owner: root + group: root + force: yes + mode: 0755 with_items: watchdog register: monit_config when: false @@ -41,14 +45,15 @@ #- name: Restart monit service # command: service monit restart -- name: Add 'monit' to service list - ini_file: dest='{{ service_filelist }}' - section=monit - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'monit' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: monit + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: monit + value: Monit - option: description value: '"Monit is a background service monitor which can correct problems, send email, restart services."' - option: enabled diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index c618a0b4f..6543fda72 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -1,15 +1,17 @@ --- -- name: Install Moodle required packages - package: name={{ item }} - state=present +- name: Install Moodle required packages (OS's other than debunt) + package: + name: "{{ item }}" + state: present with_items: - python-psycopg2 - php-pgsql when: not is_debuntu -- name: Install Moodle required packages - package: name={{ item }} - state=present +- name: Install Moodle required packages (debuntu) + package: + name: "{{ item }}" + state: present with_items: - python-psycopg2 - php{{ php_version }}-pgsql @@ -21,107 +23,125 @@ - php{{ php_version }}-cli when: is_debuntu -- name: php-zip name for Debian 9 or Ubuntu - package: name=php{{ php_version }}-zip +- name: php-zip name (debian_9 or ubuntu) + package: + name: "php{{ php_version }}-zip" when: is_debian_9 or is_ubuntu -- name: php-zip name for Debian 8 - package: name=php-pclzip +- name: php-zip name for (debian_8) + package: + name: php-pclzip when: is_debian_8 - name: Determine if Moodle is already downloaded - stat: path={{ moodle_base }}/config-dist.php + stat: + path: "{{ moodle_base }}/config-dist.php" register: moodle - name: Download the latest Moodle repo - git: repo={{ moodle_repo_url }} - dest={{ moodle_base }} - depth=1 - force=yes - version="MOODLE_{{ moodle_version }}_STABLE" + git: + repo: "{{ moodle_repo_url }}" + dest: "{{ moodle_base }}" + depth: 1 + force: yes + version: "MOODLE_{{ moodle_version }}_STABLE" # ignore_errors: yes - when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists + when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists - name: Prepare the downloaded directory so Apache can install config file - file: path={{ moodle_base }} - owner={{ apache_user }} - recurse=yes - state=directory + file: + path: "{{ moodle_base }}" + owner: "{{ apache_user }}" + recurse: yes + state: directory - name: Give Apache permission to write Moodle data directory - file: path={{ content_base }}/dbdata/moodle - owner={{ apache_user }} - mode=0755 - state=directory + file: + path: "{{ content_base }}/dbdata/moodle" + owner: "{{ apache_user }}" + mode: 0755 + state: directory - name: Create a Moodle data dir with Apache permission to write - file: path={{ moodle_data }} - owner={{ apache_user }} - group={{ apache_user }} - mode=0770 - state=directory + file: + path: "{{ moodle_data }}" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: 0770 + state: directory - name: Remove stock Moodle conf - file: path='/etc/{{ apache_config_dir }}/moodle.conf' - state=absent + file: + path: "/etc/{{ apache_config_dir }}/moodle.conf" + state: absent - name: Put Moodle config file in place - template: src=022-moodle.j2 - dest=/etc/{{ apache_config_dir }}/022-moodle.conf - owner=root - group=root - mode=0644 + template: + src: 022-moodle.j2 + dest: "/etc/{{ apache_config_dir }}/022-moodle.conf" + owner: root + group: root + mode: 0644 when: moodle_enabled -- name: Enable Moodle - file: path=/etc/apache2/sites-enabled/022-moodle.conf - src=/etc/apache2/sites-available/022-moodle.conf - state=link +- name: Enable Moodle (debuntu) + file: + src: /etc/apache2/sites-available/022-moodle.conf + dest: /etc/apache2/sites-enabled/022-moodle.conf + state: link when: moodle_enabled and is_debuntu -- name: Disable Moodle - file: path=/etc/apache2/sites-enabled/022-moodle.conf - state=absent +- name: Disable Moodle (debuntu) + file: + path: /etc/apache2/sites-enabled/022-moodle.conf + state: absent when: not moodle_enabled and is_debuntu - name: Start postgresql-iiab - service: name=postgresql-iiab - state=restarted + service: + name: postgresql-iiab + state: restarted - name: Create db user - postgresql_user: name=Admin - password=changeme - role_attr_flags=NOSUPERUSER,NOCREATEROLE,NOCREATEDB - state=present + postgresql_user: + name: Admin + password: changeme + role_attr_flags: NOSUPERUSER,NOCREATEROLE,NOCREATEDB + state: present become: yes become_user: postgres - name: Create database - postgresql_db: name=moodle - encoding=utf8 - owner=Admin - template=template1 - state=present + postgresql_db: + name: moodle + encoding: utf8 + owner: Admin + template: template1 + state: present become: yes become_user: postgres - name: Put a startup install script in place - template: dest={{ moodle_base }} - src=moodle_installer - mode=0755 + template: + dest: "{{ moodle_base }}" + src: moodle_installer + mode: 0755 - name: Restart postgresql-iiab - service: name=postgresql-iiab - state=restarted - enabled=yes + service: + name: postgresql-iiab + state: restarted + enabled: yes when: moodle_enabled - name: Restart Apache - service: name={{ apache_service }} - state=restarted + service: + name: "{{ apache_service }}" + state: restarted - name: See if the config.php file exists - stat: path='{{ moodle_base }}/config.php' + stat: + path: "{{ moodle_base }}/config.php" register: config - name: Execute Moodle startup script @@ -130,20 +150,22 @@ - name: Give Apache permission to read config file # command: chown -R {{ apache_user }} {{ moodle_base }} - file: path={{ moodle_base }}/config.php - mode=0644 + file: + path: "{{ moodle_base }}/config.php" + mode: 0644 -- name: Add Moodle to service list - ini_file: dest='{{ service_filelist }}' - section=moodle - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'moodle' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: moodle + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: Moodle - option: description value: '"Access the Moodle learning management system."' - - option: 'directory path' - value: '{{ moodle_base }}' + - option: "moodle_base" + value: "{{ moodle_base }}" - option: moodle_enabled value: "{{ moodle_enabled }}" diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index b6b6a0728..6becb81cf 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -1,6 +1,7 @@ -- name: Install Munin package - package: name={{ item }} - state=present +- name: Install Munin package (debuntu) + package: + name: "{{ item }}" + state: present with_items: - munin - munin-node @@ -11,9 +12,10 @@ - download when: is_debuntu -- name: Install Munin package - package: name={{ item }} - state=present +- name: Install Munin package (OS's other than debuntu) + package: + name: "{{ item }}" + state: present with_items: - munin - munin-node @@ -22,49 +24,56 @@ when: not is_debuntu - name: Copy Munin config file - template: src={{ item.src }} - dest={{ item.dest }} - owner=root - group=root - mode=0644 + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 with_items: - { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' } - { src: 'munin24.conf.j2', dest: '/etc/{{ apache_config_dir }}/munin24.conf' } - name: Create admin user - htpasswd: path=/etc/munin/munin-htpasswd - name=Admin - password=changeme - create=yes - state=present + htpasswd: + path: /etc/munin/munin-htpasswd + name: Admin + password: changeme + create: yes + state: present - name: Enable munin-node service - service: name=munin-node - enabled=yes - state=started + service: + name: munin-node + enabled: yes + state: started when: munin_enabled -- name: Enable Apache lookup - file: src=/etc/apache2/sites-available/munin24.conf - dest=/etc/apache2/sites-enabled/munin24.conf - state=link +- name: Enable Apache lookup (debuntu) + file: + src: /etc/apache2/sites-available/munin24.conf + dest: /etc/apache2/sites-enabled/munin24.conf + state: link when: munin_enabled and is_debuntu -- name: Disable Apache lookup - file: src=/etc/apache2/sites-available/munin24.conf - dest=/etc/apache2/sites-enabled/munin24.conf - state=absent +- name: Disable Apache lookup (debuntu) + file: + src: /etc/apache2/sites-available/munin24.conf + dest: /etc/apache2/sites-enabled/munin24.conf + state: absent when: not munin_enabled and is_debuntu - name: Disable munin-node service when it becomes disabled - service: name=munin-node - enabled=no - state=stopped + service: + name: munin-node + enabled: no + state: stopped when: not munin_enabled - name: If MySQL is enabled, let Munin monitor it - copy: dest=/etc/munin/plugins/ - src={{ item }} + copy: + src: "{{ item }}" + dest: /etc/munin/plugins/ with_items: - /usr/share/munin/plugins/mysql_ - /usr/share/munin/plugins/mysql_bytes @@ -75,14 +84,15 @@ - /usr/share/munin/plugins/mysql_threads when: mysql_enabled -- name: Add munin to service list - ini_file: dest='{{ service_filelist }}' - section=munin - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'munin' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: munin + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: munin + value: Munin - option: description value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and \"what just happened to kill our performance?\" problems."' - option: installed diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 7fec93eb9..02f879cd1 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -1,6 +1,7 @@ - name: Install MySQL (debuntu) - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - mariadb-server - mariadb-client @@ -18,17 +19,22 @@ tags: - download - - name: php-xml for 'ubuntu' and 'debian-9' - package: name=php{{ php_version }}-xml state=present + - name: php-xml (ubuntu or debian_9) + package: + name: "php{{ php_version }}-xml" + state: present when: is_ubuntu or is_debian_9 - - name: php-xml for 'debian-8' - package: name=php-xml-parser state=present + - name: php-xml (debian_8) + package: + name: "php-xml-parser" + state: present when: is_debian_8 - name: Install MySQL (OS's other than debuntu) - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - MySQL-python - mysql @@ -57,29 +63,43 @@ # Name of mysql service varies by OS so softcoded in 1-prep - name: Start the MySQL service - service: name={{ mysql_service }} - state=started + service: + name: "{{ mysql_service }}" + state: started - name: Enable the MySQL service - service: name={{ mysql_service }} - enabled=yes + service: + name: "{{ mysql_service }}" + enabled: yes when: mysql_enabled # 'localhost' needs to be the last item for idempotency, see # http://ansible.cc/docs/modules.html#mysql-user # unfortunately it still doesn't work - name: Update MySQL root password for localhost root accounts - mysql_user: name=root host={{ item }} password={{ mysql_root_password }} priv=*.*:ALL,GRANT + mysql_user: + name: root + host: "{{ item }}" + password: "{{ mysql_root_password }}" + priv: "*.*:ALL,GRANT" with_items: - localhost when: mysql_enabled - name: Copy .my.cnf file with root password credentials - template: src=my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600 + template: + src: my.cnf.j2 + dest: /root/.my.cnf + owner: root + mode: 0600 when: mysql_enabled - name: Update MySQL root password for all remaining root accounts - mysql_user: name=root host={{ item }} password={{ mysql_root_password }} priv=*.*:ALL,GRANT + mysql_user: + name: root + host: "{{ item }}" + password: "{{ mysql_root_password }}" + priv: "*.*:ALL,GRANT" with_items: # - "{{ iiab_hostname }}.{{ iiab_domain }}" - 127.0.0.1 @@ -87,33 +107,42 @@ when: mysql_enabled - name: Delete anonymous MySQL server user for {{ ansible_hostname }} - mysql_user: user="" host="{{ ansible_hostname }}" state="absent" + mysql_user: + user: "" + host: "{{ ansible_hostname }}" + state: absent when: mysql_enabled - name: Delete anonymous MySQL server user for localhost - mysql_user: user="" state="absent" + mysql_user: + user: "" + state: absent when: mysql_enabled - name: Remove the MySQL test database - mysql_db: db=test state=absent + mysql_db: + db: test + state: absent when: mysql_enabled # we had to start mysql in order to configure it, now turn if off if not enabled - name: Provisionally Disable the MySQL service - service: name={{ mysql_service }} - enabled=no - state=stopped + service: + name: "{{ mysql_service }}" + enabled: no + state: stopped when: not mysql_enabled - - name: Add 'mysql' to service list - ini_file: dest='{{ service_filelist }}' - section=mysql - option='{{ item.option }}' - value='{{ item.value }}' + - name: Add 'mysql' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: mysql + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - - option: name - value: mysql-database - - option: description - value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."' - - option: enabled - value: "{{ mysql_enabled }}" + - option: name + value: MySQL + - option: description + value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."' + - option: enabled + value: "{{ mysql_enabled }}" diff --git a/roles/network/tasks/dansguardian.yml b/roles/network/tasks/dansguardian.yml index 2d4cebc40..5ef170e52 100644 --- a/roles/network/tasks/dansguardian.yml +++ b/roles/network/tasks/dansguardian.yml @@ -1,47 +1,53 @@ - name: Install DansGuardian packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - dansguardian tags: - download -- name: Copy DansGuardian config file - template: src=roles/network/templates/squid/dansguardian.conf.j2 - dest=/etc/dansguardian/dansguardian.conf - owner=dansguardian - group=dansguardian - mode=0640 +- name: Copy DansGuardian config file (Fedora) + template: + src: roles/network/templates/squid/dansguardian.conf.j2 + dest: /etc/dansguardian/dansguardian.conf + owner: dansguardian + group: dansguardian + mode: 0640 when: ansible_distribution == "Fedora" -- name: Copy DansGuardian config file - template: src=roles/network/templates/squid/dansguardian.conf.debian.j2 - dest=/etc/dansguardian/dansguardian.conf - owner=dansguardian - group=dansguardian - mode=0640 +- name: Copy DansGuardian config file (debuntu) + template: + src: roles/network/templates/squid/dansguardian.conf.debian.j2 + dest: /etc/dansguardian/dansguardian.conf + owner: dansguardian + group: dansguardian + mode: 0640 when: is_debuntu -- name: Copy DansGuardian config file for CentOS - template: src=roles/network/templates/squid/dansguardian.conf.centos.j2 - dest=/etc/dansguardian/dansguardian.conf - owner=dansguardian - group=vscan - mode=0640 +- name: Copy DansGuardian config file (CentOS) + template: + src: roles/network/templates/squid/dansguardian.conf.centos.j2 + dest: /etc/dansguardian/dansguardian.conf + owner: dansguardian + group: vscan + mode: 0640 when: ansible_distribution == "CentOS" -- name: Create 'dansguardian' log directory - file: path=/var/log/dansguardian - owner=dansguardian - group=dansguardian - mode=0750 - state=directory +- name: Create 'dansguardian' log directory (OS's other than CentOS) + file: + path: /var/log/dansguardian + owner: dansguardian + group: dansguardian + mode: 0750 + state: directory when: ansible_distribution != "CentOS" -- name: Create DansGuardian log directory for CentOS - file: path=/var/log/dansguardian - owner=dansguardian - group=vscan - mode=0750 - state=directory +- name: Create DansGuardian log directory (CentOS) + file: + path: /var/log/dansguardian + owner: dansguardian + group: vscan + mode: 0750 + state: directory when: ansible_distribution == "CentOS" diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index e61c5ab84..f3eb59421 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -1,6 +1,7 @@ - name: Install Squid packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - "{{ proxy }}" - cadaver @@ -12,21 +13,24 @@ when: is_ubuntu - name: Stop Squid - service: name={{ proxy }} - state=stopped + service: + name: "{{ proxy }}" + state: stopped when: not installing - name: Create the Squid user - user: name={{ proxy_user }} - createhome=False - shell=/bin/false + user: + name: "{{ proxy_user }}" + createhome: False + shell: /bin/false - name: Copy init script and config file - template: src={{ item.src }} - dest={{ item.dest }} - owner={{ item.owner }} - group={{ item.group }} - mode={{ item.mode }} + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" with_items: - src: 'roles/network/templates/squid/squid.sysconfig' dest: '/etc/sysconfig/squid' @@ -60,43 +64,48 @@ mode: '0755' - name: Create Squid cache directory - file: path=/library/cache - owner={{ proxy_user }} - group={{ proxy_user }} - mode=0750 - state=directory + file: + path: /library/cache + owner: "{{ proxy_user }}" + group: "{{ proxy_user }}" + mode: 0750 + state: directory - name: Create Squid log directory - file: path=/var/log/{{ proxy }} - owner={{ proxy_user }} - group={{ proxy_user }} - mode=0750 - state=directory + file: + path: "/var/log/{{ proxy }}" + owner: "{{ proxy_user }}" + group: "{{ proxy_user }}" + mode: 0750 + state: directory - include_tasks: roles/network/tasks/dansguardian.yml when: dansguardian_install -- name: Add Squid to service list - ini_file: dest='{{ service_filelist }}' - section={{ proxy }} - option='{{ item.option }}' - value='{{ item.value }}' +# {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8 +- name: Add '{{ proxy }}' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: "{{ proxy }}" + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: squid + value: Squid - option: description value: '"Squid caches web pages the first time they are accessed, and pulls them from the cache thereafter."' - option: enabled value: "{{ squid_enabled }}" -- name: Add 'dansguardian' to service list - ini_file: dest='{{ service_filelist }}' - section=dansguardian - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: dansguardian + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: dansguardian + value: DansGuardian - option: description value: '"DansGuardian searches web content for objectionable references and denies access when found."' - option: enabled diff --git a/roles/nextcloud/tasks/F18.yml b/roles/nextcloud/tasks/F18.yml index a29aea723..5e76d45c4 100644 --- a/roles/nextcloud/tasks/F18.yml +++ b/roles/nextcloud/tasks/F18.yml @@ -1,11 +1,17 @@ - name: Remove /etc/nextcloud to avoid confusion as we use the config in {{ nextcloud_prefix }}/nextcloud/config/ - file: path=/etc/nextcloud - state=absent + file: + path: /etc/nextcloud + state: absent # but we use the tar file to get the latest version; really only benefits the xo4 on fedora 18 -- name: Get the nextcloud software - get_url: url="{{ nextcloud_dl_url }}"/{{ nextcloud_src_file }} dest={{ downloads_dir }}/{{ nextcloud_src_file }} +- name: Download latest Nextcloud software to /opt/iiab/download/{{ nextcloud_src_file }} + get_url: + url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}" + dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}" + timeout: "{{ download_timeout }}" when: internet_available - name: Copy it to permanent location /opt - unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }} dest=/opt/ + unarchive: + src: "{{ downloads_dir }}/{{ nextcloud_src_file }}" + dest: /opt/ diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index c8e29240c..41d3dbcbf 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -18,6 +18,7 @@ url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}" dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}" force: yes + timeout: "{{ download_timeout }}" when: internet_available and nextcloud_force_install async: 900 poll: 15 @@ -162,13 +163,13 @@ option: "{{ item.option }}" value: "{{ item.value }}" with_items: - - option: name - value: Nextcloud - - option: description - value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' - - option: path - value: "{{ nextcloud_prefix }}/nextcloud" - - option: source - value: "{{ nextcloud_src_file }}" - - option: enabled - value: "{{ nextcloud_enabled }}" + - option: name + value: Nextcloud + - option: description + value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' + - option: path + value: "{{ nextcloud_prefix }}/nextcloud" + - option: source + value: "{{ nextcloud_src_file }}" + - option: enabled + value: "{{ nextcloud_enabled }}" diff --git a/roles/nodogsplash/tasks/rpi.yml b/roles/nodogsplash/tasks/rpi.yml index 0354a708f..b43838118 100644 --- a/roles/nodogsplash/tasks/rpi.yml +++ b/roles/nodogsplash/tasks/rpi.yml @@ -3,13 +3,14 @@ name: libmicrohttpd12 state: present -- name: Get the nodogsplash software +- name: Download nodogsplash software get_url: url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}" dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}" + timeout: "{{ download_timeout }}" when: internet_available - async: 300 - poll: 5 + #async: 300 + #poll: 5 - name: Install nodogsplash apt: @@ -58,11 +59,11 @@ option: "{{ item.option }}" value: "{{ item.value }}" with_items: - - option: name - value: nodogsplash - - option: description - value: '"Nodogsplash is a lightweight Captive Portal."' - - option: source - value: "{{ nodogsplash_arm_deb }}" - - option: enabled - value: "{{ nodogsplash_enabled }}" + - option: name + value: nodogsplash + - option: description + value: '"Nodogsplash is a lightweight Captive Portal."' + - option: source + value: "{{ nodogsplash_arm_deb }}" + - option: enabled + value: "{{ nodogsplash_enabled }}" diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index ebc15a756..a66a13a83 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -1,7 +1,8 @@ -- name: Download the phpMyAdmin software +- name: Download phpMyAdmin software get_url: url: "{{ iiab_download_url }}/{{ phpmyadmin_name_zip }}" dest: "{{ downloads_dir }}" + timeout: "{{ download_timeout }}" #register: phpmyadmin_dl_output when: internet_available @@ -71,11 +72,11 @@ option: "{{ item.option }}" value: "{{ item.value }}" with_items: - - option: name - value: phpMyAdmin - - option: description - value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' - - option: path - value: /opt/phpmyadmin - - option: enabled - value: "{{ phpmyadmin_enabled }}" + - option: name + value: phpMyAdmin + - option: description + value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' + - option: path + value: /opt/phpmyadmin + - option: enabled + value: "{{ phpmyadmin_enabled }}" diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index e1b3a1ccc..57eab26bc 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -1,94 +1,107 @@ - name: Install PostgreSQL packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - postgresql tags: - download -- name: Install PostgreSQL for Debian - package: name=postgresql-client +- name: Install postgresql-client (debuntu) + package: + name: postgresql-client when: is_debuntu tags: - download -- name: Install PostgreSQL for Fedora - package: name=postgresql-server +- name: Install postgresql-server (OS's other than debuntu) + package: + name: postgresql-server when: not is_debuntu tags: - download - name: Create postgresql-iiab systemd service - template: src=postgresql-iiab.service - dest=/etc/systemd/system/postgresql-iiab.service - owner=root - group=root - mode=0644 + template: + src: postgresql-iiab.service + dest: /etc/systemd/system/postgresql-iiab.service + owner: root + group: root + mode: 0644 - name: Create postgres data directory - file: path=/library/pgsql-iiab - owner=postgres - group=postgres - mode=0700 - state=directory + file: + path: /library/pgsql-iiab + owner: postgres + group: postgres + mode: 0700 + state: directory -- name: Make sure that the en_US locale is enabled - lineinfile: dest=/etc/locale.gen - line="{{ postgresql_locale }} UTF-8" +- name: Make sure that the en_US locale is enabled (debuntu) + lineinfile: + dest: /etc/locale.gen + line: "{{ postgresql_locale }} UTF-8" when: is_debuntu -- name: Generate the selected locales +- name: Generate the selected locales (debuntu) command: /usr/sbin/locale-gen when: is_debuntu -- name: Initialize the postgres db - command: su - postgres -c "/usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab" - creates=/library/pgsql-iiab/pg_hba.conf +- name: Initialize the postgres db (debuntu) + command: su - postgres -c "/usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab" + args: + creates: /library/pgsql-iiab/pg_hba.conf when: is_debuntu -- name: Initialize the postgres db - command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab" - creates=/library/pgsql-iiab/pg_hba.conf +- name: Initialize the postgres db (OS's other than debuntu) + command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab" + args: + creates: /library/pgsql-iiab/pg_hba.conf when: not is_debuntu - name: Configure PostgreSQL - template: backup=yes - src=postgresql.conf.j2 - dest=/library/pgsql-iiab/postgresql.conf - owner=postgres - group=postgres - mode=0640 + template: + backup: yes + src: postgresql.conf.j2 + dest: /library/pgsql-iiab/postgresql.conf + owner: postgres + group: postgres + mode: 0640 -- name: Stop postgresql service +- name: Stop postgresql service (debuntu) command: "/etc/init.d/postgresql stop" ignore_errors: True when: postgresql_install and is_debuntu - name: Stop and disable stock postgresql service - service: name=postgresql - state=stopped - enabled=no + service: + name: postgresql + state: stopped + enabled: no - name: Start and enable postgresql-iiab service - service: name=postgresql-iiab - state=started - enabled=yes + service: + name: postgresql-iiab + state: started + enabled: yes when: postgresql_enabled - name: Stop and disable postgresql-iiab service if not postgresql_enabled - service: name=postgresql-iiab - state=stopped - enabled=no + service: + name: postgresql-iiab + state: stopped + enabled: no when: not postgresql_enabled -- name: Add postgresql to service list - ini_file: dest='{{ service_filelist }}' - section=postgresql - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'postgresql' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: postgresql + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: postgresql + value: PostgreSQL - option: description value: '"PostgreSQL is a powerful, open source object-relational database system."' - option: installed diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index 8a32d7a6a..fe8e646a5 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -2,16 +2,25 @@ # Create a smbuser # -- name: create smb user - user: name="{{ smbuser }}" shell=/sbin/nologin password="{{ smbpassword }}" +- name: Create smb user + user: + name: "{{ smbuser }}" + shell: /sbin/nologin + password: "{{ smbpassword }}" -- name: create the public folder - file: dest="{{ shared_dir }}" owner="{{ smbuser }}" group="{{ smbuser }}" mode=0777 state=directory +- name: Create the public folder + file: + dest: "{{ shared_dir }}" + owner: "{{ smbuser }}" + group: "{{ smbuser }}" + mode: 0777 + state: directory # Install and configure samba server (requires ports 137, 138, 139, 445 open). -- name: Ensure Samba-related packages are installed. - package: name={{ item }} - state=present +- name: Ensure Samba-related packages are installed + package: + name: "{{ item }}" + state: present with_items: - samba - samba-client @@ -21,41 +30,56 @@ - samba - download -- name: put our smb.conf in place - template: src=smb.conf.j2 dest=/etc/samba/smb.conf +- name: Put our smb.conf in place + template: + src: smb.conf.j2 + dest: /etc/samba/smb.conf - name: Ensure Samba is running and set to start on boot. - service: name={{ smb_service }} state=started enabled=yes + service: + name: "{{ smb_service }}" + state: started + enabled: yes tags: - samba when : samba_enabled -- name: netbios name server is running and set to start on boot. - service: name={{ nmb_service }} state=started enabled=yes +- name: NetBIOS name server is running and set to start on boot + service: + name: "{{ nmb_service }}" + state: started + enabled: yes tags: - samba when : samba_enabled - name: Disable Samba if that is wanted - service: name={{ smb_service }} state=stopped enabled=no + service: + name: "{{ smb_service }}" + state: stopped + enabled: no tags: - samba when : not samba_enabled - name: Disable Samba name server if that is wanted - service: name={{ nmb_service }} state=stopped enabled=no + service: + name: "{{ nmb_service }}" + state: stopped + enabled: no tags: - samba when : not samba_enabled -- name: Add samba to service list - ini_file: dest='{{ service_filelist }}' - section=samba - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'samba' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: samba + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: samba + value: Samba - option: description value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."' - option: enabled diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index f81005737..e75c871c8 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -2,6 +2,8 @@ get_url: url: "{{ iiab_download_url }}/{{ sugarizer_version }}.tar.gz" dest: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz" + timeout: "{{ download_timeout }}" + when: internet_available - name: Untar to /library/www/html/{{ sugarizer_version }} unarchive: @@ -40,12 +42,13 @@ # attempting to reinstall npm is broken on Raspbian 9 - name: Check for Sugarizer already installed - stat: path={{ sugarizer_location }}/sugarizer/server/node_modules + stat: + path: "{{ sugarizer_location }}/sugarizer/server/node_modules" register: npm - name: Set a flag to abort second attempt to install set_fact: - npm_exists: True + npm_exists: True when: npm.stat.exists is defined and npm.stat.exists - name: Create systemd files and copy our ini file @@ -56,8 +59,8 @@ group: root mode: 0644 with_items: - - { src: 'sugarizer.service.j2' , dest: '/etc/systemd/system/sugarizer.service'} - - { src: 'sugarizer.ini' , dest: '{{ sugarizer_location }}/sugarizer/server' } + - { src: 'sugarizer.service.j2' , dest: '/etc/systemd/system/sugarizer.service'} + - { src: 'sugarizer.ini' , dest: '{{ sugarizer_location }}/sugarizer/server' } # - { src: 'sugarizer.conf' , dest: '/etc/apache2/sites-available' } #- name: Create the symlink enabling the rewrite @@ -68,14 +71,14 @@ - name: Create the express framework for Node.js (OS's other than Fedora 18) shell: npm install args: - chdir: "{{ sugarizer_location }}/sugarizer/server" - creates: "{{ sugarizer_location }}/sugarizer/server/node_modules" + chdir: "{{ sugarizer_location }}/sugarizer/server" + creates: "{{ sugarizer_location }}/sugarizer/server/node_modules" when: not is_F18 and not npm_exists - name: Create the express framework for Node.js (Fedora 18) shell: npm install args: - chdir: "{{ sugarizer_location }}/sugarizer/server" + chdir: "{{ sugarizer_location }}/sugarizer/server" when: is_F18 and not npm_exists - name: Enable services (all OS's) @@ -84,7 +87,7 @@ enabled: yes state: restarted with_items: - - { name: sugarizer } + - { name: sugarizer } when: sugarizer_enabled - name: Disable services (all OS's) @@ -103,9 +106,9 @@ option: "{{ item.option }}" value: "{{ item.value }}" with_items: - - option: name - value: Sugarizer - - option: description - value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."' - - option: enabled - value: "{{ sugarizer_enabled }}" + - option: name + value: Sugarizer + - option: description + value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."' + - option: enabled + value: "{{ sugarizer_enabled }}" diff --git a/roles/teamviewer/tasks/install.yml b/roles/teamviewer/tasks/install.yml index 93ef6f234..f6c375460 100644 --- a/roles/teamviewer/tasks/install.yml +++ b/roles/teamviewer/tasks/install.yml @@ -1,47 +1,51 @@ -# we need to install X11 and the xfce display manager -- name: Install xfce group of packages +# we need to install X11 and the Xfce display manager +- name: Install Xfce group of packages shell: "yum groupinstall -y xfce" - when: xo_model == "none" and internet_available and ansible_distribution_version <= "20" + when: xo_model == "none" and internet_available and ansible_distribution_version <= "20" tags: - download - name: Install X11 group of packages shell: "yum groupinstall -y 'X Window system'" - when: xo_model == "none" and internet_available and ansible_distribution_version <= "20" + when: xo_model == "none" and internet_available and ansible_distribution_version <= "20" tags: - download -- name: Install xfce group of packages +- name: Install Xfce group of packages shell: yum groupinstall -y "Xfce Desktop" --exclude fedora-release\* - when: xo_model == "none" and internet_available and ansible_distribution_version >= "21" + when: xo_model == "none" and internet_available and ansible_distribution_version >= "21" tags: - download - name: Install X Windows on CentOS shell: yum groupinstall -y "Server with GUI" - when: internet_available and ansible_distribution == "CentOS" + when: internet_available and ansible_distribution == "CentOS" tags: - download -- name: Get the teamviewer software - get_url: url="{{ teamviewer_url }}/{{ teamviewer_rpm_file }}" dest="{{ yum_packages_dir }}/{{ teamviewer_rpm_file }}" +- name: Download TeamViewer software + get_url: + url: "{{ teamviewer_url }}/{{ teamviewer_rpm_file }}" + dest: "{{ yum_packages_dir }}/{{ teamviewer_rpm_file }}" + timeout: "{{ download_timeout }}" when: internet_available tags: - download # F22 has issues with yum localinstall exclude for now -- name: Do the install of teamviewer, pulling in any required dependencies +- name: Do the install of TeamViewer, pulling in any required dependencies shell: "yum localinstall -y {{ yum_packages_dir }}/{{ teamviewer_rpm_file }}" when: teamviewer_install and internet_available and xo_model == "none" and ansible_distribution_version <= "21" -- name: making local copy available +- name: Making local copy available shell: createrepo {{ yum_packages_dir }} when: teamviewer_install and xo_model == "none" and ansible_distribution_version >= "22" -- name: using local copy - package: name={{ item }} - state=present +- name: Using local copy + package: + name: "{{ item }}" + state: present with_items: - - teamviewer* + - teamviewer* when: teamviewer_install and xo_model == "none" and ansible_distribution_version >= "22" diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index 2a42bee7d..63fcbad7c 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -1,18 +1,20 @@ --- - name: Install required packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - vnstat tags: - download - name: Put the config file in place - template: src=vnstat.conf.j2 - dest=/etc/vnstat.conf - mode=0744 - owner=root - group=root + template: + src: vnstat.conf.j2 + dest: /etc/vnstat.conf + mode: 0744 + owner: root + group: root - name: Create database for WAN to collect vnStat data shell: /usr/bin/vnstat -i {{ iiab_wan_iface }} @@ -22,16 +24,20 @@ when: iiab_lan_iface is defined - name: Start vnStat daemon via systemd - service: name=vnstat enabled=yes state=started + service: + name: vnstat + enabled: yes + state: started -- name: Add vnStat to service list - ini_file: dest='{{ service_filelist }}' - section=vnstat - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'vnstat' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: vnstat + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name - value: vnstat + value: vnStat - option: description value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."' - option: installed diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 03f64b68e..2fcdf7868 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -15,6 +15,7 @@ get_url: url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" dest: "{{ downloads_dir }}" + timeout: "{{ download_timeout }}" # force: yes # backup: yes register: wp_download_output @@ -61,66 +62,78 @@ command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +" - name: Copy wp salt values - copy: src=wp-keys.php.BAK - dest={{ wp_abs_path }}/wp-keys.php.BAK - owner=root - group={{ apache_user }} - mode=0640 + copy: + src: wp-keys.php.BAK + dest: "{{ wp_abs_path }}/wp-keys.php.BAK" + owner: root + group: "{{ apache_user }}" + mode: 0640 # Fetch random salts for WordPress config into wp-keys.php file by generating script and running - name: Create wp salt script - template: src=get-iiab-wp-salts.j2 - dest=/tmp/get-iiab-wp-salts - owner=root - group=root - mode=0700 + template: + src: get-iiab-wp-salts.j2 + dest: /tmp/get-iiab-wp-salts + owner: root + group: root + mode: 0700 - name: Run wp salt script to create /library/wordpress/wp-keys.php command: /tmp/get-iiab-wp-salts - name: Cleanup - remove wp salt script - file: path=/tmp/get-iiab-wp-salts - state=absent + file: + path: /tmp/get-iiab-wp-salts + state: absent - name: MySQL database needs to be running if we are trying to create a new db - service: state=started - name='{{ mysql_service }}' + service: + state: started + name: "{{ mysql_service }}" - name: Create MySQL wordpress database - mysql_db: name={{ wp_db_name }} - state=present + mysql_db: + name: "{{ wp_db_name }}" + state: present - name: Create MySQL wordpress database user - mysql_user: name={{ wp_db_user }} - password={{ wp_db_user_password }} - priv={{ wp_db_name }}.*:ALL,GRANT - state=present + mysql_user: + name: "{{ wp_db_user }}" + password: "{{ wp_db_user_password }}" + priv: "{{ wp_db_name }}.*:ALL,GRANT" + state: present - name: Copy WordPress config file - template: src=wp-config.php.j2 - dest={{ wp_abs_path }}/wp-config.php - owner=root - group={{ apache_user }} - mode=0660 + template: + src: wp-config.php.j2 + dest: "{{ wp_abs_path }}/wp-config.php" + owner: root + group: "{{ apache_user }}" + mode: 0660 - name: Copy WordPress httpd conf file - template: src=wordpress.conf.j2 - dest=/etc/{{ apache_config_dir }}/wordpress.conf + template: + src: wordpress.conf.j2 + dest: "/etc/{{ apache_config_dir }}/wordpress.conf" - name: Enable httpd conf file if we are disabled (debuntu) - file: path=/etc/apache2/sites-enabled/wordpress.conf - src=/etc/apache2/sites-available/wordpress.conf - state=link + file: + src: /etc/apache2/sites-available/wordpress.conf + dest: /etc/apache2/sites-enabled/wordpress.conf + state: link when: wordpress_enabled and is_debuntu - name: Remove httpd conf file if we are disabled (OS's other than debuntu) - file: path=/etc/apache2/sites-enabled/wordpress.conf - state=absent + file: + path: /etc/apache2/sites-enabled/wordpress.conf + state: absent when: not wordpress_enabled and is_debuntu - name: Restart Apache, so it picks up the new aliases - service: name={{ apache_service }} state=restarted + service: + name: "{{ apache_service }}" + state: restarted - name: Add 'wordpress' to list of services at /etc/iiab/iiab.ini ini_file: @@ -129,21 +142,21 @@ option: "{{ item.option }}" value: "{{ item.value }}" with_items: - - option: name - value: WordPress - - option: description - value: '"WordPress is a blog and web site management application."' - - option: wordpress_src - value: "{{ wordpress_src }}" - - option: wp_abs_path - value: "{{ wp_abs_path }}" - - option: wp_db_name - value: "{{ wp_db_name }}" - - option: wp_db_user - value: "{{ wp_db_user }}" - - option: wp_url - value: "{{ wp_url }}" - - option: wp_full_url - value: "{{ wp_full_url }}" - - option: wordpress_enabled - value: "{{ wordpress_enabled }}" + - option: name + value: WordPress + - option: description + value: '"WordPress is a blog and web site management application."' + - option: wordpress_src + value: "{{ wordpress_src }}" + - option: wp_abs_path + value: "{{ wp_abs_path }}" + - option: wp_db_name + value: "{{ wp_db_name }}" + - option: wp_db_user + value: "{{ wp_db_user }}" + - option: wp_url + value: "{{ wp_url }}" + - option: wp_full_url + value: "{{ wp_full_url }}" + - option: wordpress_enabled + value: "{{ wordpress_enabled }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 461ea34c2..398b62d03 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -17,6 +17,8 @@ pip_packages_dir: "{{ iiab_base }}/pip-packages" yum_packages_dir: "{{ iiab_base }}/yum-packages" downloads_dir: "{{ iiab_base }}/downloads" iiab_download_url: http://download.iiab.io/packages +# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails +download_timeout: 100 # Configuration File(s) iiab_config_file: /etc/iiab/iiab.ini diff --git a/vars/medium.localvars b/vars/medium.localvars index cb1391648..460768414 100644 --- a/vars/medium.localvars +++ b/vars/medium.localvars @@ -6,6 +6,9 @@ # Original Idea: branch github.com/xsce/xsce-local for your deployment +# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails +download_timeout: 100 + # Users and Passwords # Uncomment the following if you don't want iiab_admin_user (by default