external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-15 04:32:11 +00:00
Code Issues Releases Wiki Activity

Merge pull request #46 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2017-12-08 13:09:44 -05:00 committed by GitHub
commit eb1c7c1872
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
32 changed files with 999 additions and 727 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
roles/0-init/tasks/main.yml
View file

@ -1,7 +1,8 @@
# Initialize
- name: ...IS BEGINNING ============================================
stat: path=/etc/iiab/iiab.env
stat:
path: /etc/iiab/iiab.env
register: NewInstall
- name: Setting first run flag
@ -18,13 +19,14 @@
#- name: Loading computed_vars
# include_tasks: roles/0-init/tasks/computed_vars.yml
- name: Re-read local_facts.facts from /etc/ansible/facts.d
setup: filter=ansible_local
setup:
filter: ansible_local
- name: Set top level variables from local facts for convenience
set_fact:
xo_model: '{{ ansible_local.local_facts.xo_model }}'
phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}'
iiab_stage: '{{ ansible_local.local_facts.stage }}'
xo_model: "{{ ansible_local.local_facts.xo_model }}"
phplib_dir: "{{ ansible_local.local_facts.phplib_dir }}"
iiab_stage: "{{ ansible_local.local_facts.stage }}"
- name: Discover if this is running Raspbian -- if so assume it is a RPi
set_fact:
@ -57,7 +59,10 @@
when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: Test for internet access
get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt
get_url:
url: "{{ iiab_download_url }}/heart-beat.txt"
dest: /tmp/heart-beat.txt
timeout: "{{ download_timeout }}"
ignore_errors: True
# async: 10
# poll: 2
@ -69,8 +74,9 @@
when: not internet_access_test|failed and not disregard_network
- name: Cleanup internet test file
file: path=/tmp/heart-beat.txt
state=absent
file:
path: /tmp/heart-beat.txt
state: absent
# Put all computed vars here so derive properly from any prior var file
- name: If the TZ is not set in env, set it to UTC
@ -155,10 +161,11 @@
when: iiab_fqdn != ansible_fqdn
- name: Add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
ini_file:
dest: "{{ iiab_config_file }}"
section: runtime
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: 'iiab_stage'
value: '{{ iiab_stage }}'
@ -202,10 +209,11 @@
when: FQDN_changed
- name: STAGE 0 HAS COMPLETED ======================================
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
ini_file:
dest: "{{ iiab_config_file }}"
section: runtime
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: 'is_VM'
value: 'yes'

55
roles/1-prep/tasks/main.yml
View file

@ -4,16 +4,20 @@
command: echo
- name: Get the uuidgen program
package: name=uuid-runtime
state=present
package:
name: uuid-runtime
state: present
when: is_debuntu
- name: Test for /etc/iiab/uuid file
stat: path=/etc/iiab/uuid
stat:
path: /etc/iiab/uuid
register: uuid_file
- name: Create folder to hold uuid
file: path=/etc/iiab state=directory
file:
path: /etc/iiab
state: directory
when: not uuid_file.stat.exists
- name: If no uuid exists, create one
@ -31,12 +35,13 @@
- name: Get the value into a variable
set_fact:
uuid={{ stored_uuid.stdout_lines[0] }}
uuid: "{{ stored_uuid.stdout_lines[0] }}"
# for rpi, without rtc, we need time as soon as possible
- name: Install chrony package
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- chrony
tags:
@ -44,17 +49,22 @@
#TODO: Use regexp filter instead of hard-code ip
- name: Update chrony config file
template: backup=no
dest=/etc/chrony.conf
src=chrony.conf.j2
template:
backup: no
dest: /etc/chrony.conf
src: chrony.conf.j2
- name: Disable AppArmor -- on by default in Ubuntu
service: name=apparmor enabled=False state=stopped
service:
name: apparmor
enabled: False
state: stopped
when: is_ubuntu
ignore_errors: true
- name: Disable SELinux on next boot
selinux: state=disabled
selinux:
state: disabled
register: selinux_disabled
when: not is_debuntu
@ -68,19 +78,22 @@
when: first_run and rpi_model != "none"
- name: Check if the identifier for Intel's NUC6 builtin WiFi is present
shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'"
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
register: usb_NUC6
ignore_errors: true
- name: Download the firmware for built-in WiFi on NUC6
get_url: dest=/lib/firmware
url={{ iiab_download_url }}/iwlwifi-8000C-13.ucode
when: usb_NUC6.stdout|int > 0
get_url:
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
dest: /lib/firmware
timeout: "{{ download_timeout }}"
when: internet_available and usb_NUC6.stdout|int > 0
# this script can be sourced to get IIAB location
- name: Recording STAGE 1 HAS COMPLETED ============================
template: src=roles/1-prep/templates/iiab.env.j2
dest=/etc/iiab/iiab.env
owner=root
group=root
mode=0644
template:
src: roles/1-prep/templates/iiab.env.j2
dest: /etc/iiab/iiab.env
owner: root
group: root
mode: 0644

27
roles/2-common/tasks/packages.yml
View file

@ -1,6 +1,7 @@
- name: Install yum packages (redhat)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- yum-utils
- createrepo
@ -13,19 +14,21 @@
- avahi-tools
when: is_redhat
- name: Download usbmount -- not in Debian Stretch (debian-9)
- name: Download usbmount -- not in Debian Stretch (debian_9)
get_url:
url: "{{ iiab_download_url }}/usbmount_0.0.14.1_all.deb"
dest: "{{ downloads_dir }}"
when: is_debian_9
timeout: "{{ download_timeout }}"
when: internet_available and is_debian_9
- name: Install usbmount (debian-9)
- name: Install usbmount (debian_9)
command: apt install -y {{ downloads_dir }}/usbmount_0.0.14.1_all.deb
when: is_debian_9
- name: Install packages (debuntu)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- inetutils-syslogd
- wpasupplicant
@ -37,8 +40,9 @@
when: is_debuntu
- name: Install common packages
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- acpid
- mlocate
@ -74,8 +78,9 @@
# command: python {{ downloads_dir }}/get-pip.py
- name: Install common Python packages
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- python-pip
- python-setuptools

148
roles/2-common/tasks/xo.yml
View file

@ -3,31 +3,36 @@
- name: Disable sleep
command: touch /etc/powerd/flags/inhibit-suspend
creates=/etc/powerd/flags/inhibit-suspend
args:
creates: /etc/powerd/flags/inhibit-suspend
- name: Disable sleep on lid closing
lineinfile: dest=/etc/powerd/powerd.conf
regexp='^config_SLEEP_WHEN_LID_CLOSED'
line='config_SLEEP_WHEN_LID_CLOSED="no"'
state=present
backup=yes
lineinfile:
dest: /etc/powerd/powerd.conf
regexp: '^config_SLEEP_WHEN_LID_CLOSED'
line: 'config_SLEEP_WHEN_LID_CLOSED="no"'
state: present
backup: yes
- name: Keep yum cache
ini_file: dest=/etc/yum.conf
section=main
option=keepcache
value=1
ini_file:
dest: /etc/yum.conf
section: main
option: keepcache
value: 1
when: not installing
- name: Keep docs when installing packages
lineinfile: backup=yes
dest=/etc/rpm/macros.imgcreate
regexp='^%_excludedocs'
state=absent
lineinfile:
backup: yes
dest: /etc/rpm/macros.imgcreate
regexp: '^%_excludedocs'
state: absent
- name: Pre-install packages
package: name={{ item }}
state=latest
package:
name: "{{ item }}"
state: latest
with_items:
- usbmount
- man
@ -39,77 +44,91 @@
when: not osbuilder is defined
- name: Configure networkmanager plugin
ini_file: dest=/etc/NetworkManager/NetworkManager.conf
section=main
option=plugins
value=ifcfg-rh,keyfile
ini_file:
dest: /etc/NetworkManager/NetworkManager.conf
section: main
option: plugins
value: ifcfg-rh,keyfile
- name: Check for modem config file
stat: path=/etc/NetworkManager/system-connections/"Sugar Modem Connection"
stat:
path: /etc/NetworkManager/system-connections/"Sugar Modem Connection"
register: config
- name: Change failure and interval settings for modem connection
ini_file: dest=/etc/NetworkManager/system-connections/"Sugar Modem Connection"
section=ppp
option={{ item.option }}
value={{ item.value }}
backup=yes
mode=0600
ini_file:
dest: /etc/NetworkManager/system-connections/"Sugar Modem Connection"
section: ppp
option: "{{ item.option }}"
value: "{{ item.value }}"
backup: yes
mode: 0600
with_items:
- { option: 'lcp-echo-failure', value: '5' }
- { option: 'lcp-echo-interval', value: '30' }
when: config.stat.exists
- name: Create bigger rwtab
lineinfile: backup=yes
dest=/etc/sysconfig/readonly-root
regexp='^RW_OPTIONS'
line='RW_OPTIONS="-o size=4M -o nr_inodes=2048"'
state=present
lineinfile:
backup: yes
dest: /etc/sysconfig/readonly-root
regexp: '^RW_OPTIONS'
line: 'RW_OPTIONS="-o size=4M -o nr_inodes=2048"'
state: present
- name: Remove dhcpd entry from /etc/rwtab
lineinfile: backup=yes
dest=/etc/rwtab
regexp='^empty.*/var/lib/dhcpd'
state=absent
lineinfile:
backup: yes
dest: /etc/rwtab
regexp: '^empty.*/var/lib/dhcpd'
state: absent
- name: Remove php entry from /etc/rwtab
lineinfile: backup=yes
dest=/etc/rwtab
regexp='^empty.*/var/lib/php'
state=absent
lineinfile:
backup: yes
dest: /etc/rwtab
regexp: '^empty.*/var/lib/php'
state: absent
- name: Persist /etc/hosts between reboots
lineinfile: backup=yes
dest=/etc/statetab.d/olpc
regexp='^/etc/hosts'
state=absent
lineinfile:
backup: yes
dest: /etc/statetab.d/olpc
regexp: '^/etc/hosts'
state: absent
- name: Disable /var/log tmpfs
lineinfile: backup=yes
dest=/etc/fstab
regexp='^varlog.*'
state=absent
lineinfile:
backup: yes
dest: /etc/fstab
regexp: '^varlog.*'
state: absent
- name: Enlarge the /tmp directory so that url_get does not error out
lineinfile: backup=yes
dest=/etc/fstab
regexp='^/tmp*'
line='/tmp /tmp tmpfs rw,size=600m 0 0'
lineinfile:
backup: yes
dest: /etc/fstab
regexp: '^/tmp*'
line: '/tmp /tmp tmpfs rw,size=600m 0 0'
- name: Disable graphical login
file: path=/etc/systemd/system/default.target
src=/lib/systemd/system/multi-user.target
state=link
file:
src: /lib/systemd/system/multi-user.target
dest: /etc/systemd/system/default.target
state: link
register: disabled_login
- name: Remove custom profile settings
file: path=/etc/profile.d/zzz_olpc.sh
state=absent
file:
path: /etc/profile.d/zzz_olpc.sh
state: absent
- name: Download substitute software for i386 on FC18 XO1.5
get_url: url="{{ iiab_download_url }}/{{ item }}" dest={{ downloads_dir }}/{{ item }}
get_url:
url: "{{ iiab_download_url }}/{{ item }}"
dest: "{{ downloads_dir }}/{{ item }}"
timeout: "{{ download_timeout }}"
with_items:
- hostapd_8188_i386
when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" and internet_available
@ -117,12 +136,13 @@
- xo
- name: Put the substitute in place
copy: src={{ downloads_dir }}/hostapd_8188_i386
dest=/usr/sbin/hostapd
backup=yes
mode=0775
owner=root
group=root
copy:
src: "{{ downloads_dir }}/hostapd_8188_i386"
dest: /usr/sbin/hostapd
backup: yes
mode: 0775
owner: root
group: root
when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5"
- name: Reboot system

4
roles/awstats/tasks/main.yml
View file

@ -1,14 +1,14 @@
- include_tasks: install.yml
when: awstats_install
- name: Add AWStats to service list
- name: Add 'awstats' to list of services at /etc/iiab/iiab.ini
ini_file: dest='{{ service_filelist }}'
section=awstats
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: name
value: awstats
value: AWStats
- option: description
value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
- option: installed

1
roles/calibre/tasks/create-db.yml
View file

@ -13,6 +13,7 @@
get_url:
url: "{{ iiab_download_url }}/{{ calibre_sample_book }}"
dest: "{{ content_base }}/downloads"
timeout: "{{ download_timeout }}"
when: internet_available and not sample_bk.stat.exists
- name: Check if sample book exists in /opt/iiab/downloads

1
roles/calibre/tasks/py-installer.yml
View file

@ -8,6 +8,7 @@
mode: 0755
force: yes
backup: yes
timeout: "{{ download_timeout }}"
register: calibre_download_output
when: internet_available

69
roles/cups/tasks/main.yml
View file

@ -1,40 +1,46 @@
# administer this service by browsing to localhost:631
- name: Get the CUPS package installed
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- cups
when: cups_install
tags:
- download
- name: Put our own config file in place, to permit local LAN admin
template: dest=/etc/cups/cupsd.conf
src=cupsd.conf
- name: Put our own /etc/cups/cupsd.conf in place, to permit local LAN admin
template:
src: cupsd.conf
dest: /etc/cups/cupsd.conf
- name: Put an apache2 config file in place
template: dest=/etc/{{ apache_config_dir }}/
src=cups.conf
template:
src: cups.conf
dest: "/etc/{{ apache_config_dir }}/"
- name: Create the link for sites-enabled
file: src=/etc/apache2/sites-available/cups.conf
dest=/etc/apache2/sites-enabled/cups.conf
state=link
- name: Create the link for sites-enabled (debuntu)
file:
src: /etc/apache2/sites-available/cups.conf
dest: /etc/apache2/sites-enabled/cups.conf
state: link
when: cups_enabled and is_debuntu
- name: Enable services for CUPS (OS's other than Fedora 18)
service: name={{ item }}
state=started
enabled=yes
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- cups
- cups-browsed
when: cups_enabled and not is_F18
- name: Enable services for CUPS (Fedora 18, for XO laptops)
service: name=cups
state=started
enabled=yes
service:
name: cups
state: started
enabled: yes
when: cups_enabled and is_F18
- name: Permit headless admin of CUPS -- only works when CUPS daemon is running
@ -42,30 +48,33 @@
when: cups_enabled
- name: Disable services for CUPS (OS's other than Fedora 18)
service: name={{ item }}
state=stopped
enabled=no
service:
name: "{{ item }}"
state: stopped
enabled: no
with_items:
- cups
- cups-browsed
when: not cups_enabled and not is_F18
- name: Disable services for CUPS (Fedora 18, for XO laptops)
service: name=cups
state=stopped
enabled=no
service:
name: cups
state: stopped
enabled: no
when: not cups_enabled and is_F18
- name: Add 'cups' to service list
ini_file: dest={{ service_filelist }}
section=cups
option={{ item.option }}
value={{ item.value }}
- name: Add 'cups' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: cups
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: '"Common UNIX Printing System (CUPS)"'
value: CUPS
- option: description
value: '"CUPS is a modular printing system which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
- option: installed
value: "{{ cups_install }}"
- option: enabled

43
roles/dokuwiki/tasks/install.yml
View file

@ -1,31 +1,48 @@
- name: Get the DokuWiki software
get_url: url="{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" dest={{ downloads_dir }}/
- name: Download DokuWiki software
get_url:
url: "{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz"
dest: "{{ downloads_dir }}/"
timeout: "{{ download_timeout }}"
when: internet_available
- name: Copy it to permanent location /library
unarchive: src={{ downloads_dir }}/{{ dokuwiki_version }}.tgz dest=/library creates=/library/{{ dokuwiki_version }}/VERSION
unarchive:
src: "{{ downloads_dir }}/{{ dokuwiki_version }}.tgz"
dest: /library
creates: "/library/{{ dokuwiki_version }}/VERSION"
- name: Symlink /library/dokuwiki* to /library/dokuwiki
shell: if [ ! -d /library/dokuwiki ]; then ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki; fi
- name: Install config file for DokuWiki in Apache
template: src=dokuwiki.conf.j2 dest=/etc/{{ apache_config_dir }}/dokuwiki.conf
template:
src: dokuwiki.conf.j2
dest: "/etc/{{ apache_config_dir }}/dokuwiki.conf"
when: dokuwiki_enabled
- name: Enable the DokuWiki
file: path=/etc/apache2/sites-enabled/dokuwiki.conf
src=/etc/apache2/sites-available/dokuwiki.conf
state=link
- name: Enable the DokuWiki (debuntu)
file:
src: /etc/apache2/sites-available/dokuwiki.conf
dest: /etc/apache2/sites-enabled/dokuwiki.conf
state: link
when: dokuwiki_enabled and is_debuntu
- name: Disable the DokuWiki
file: path=/etc/apache2/sites-enabled/dokuwiki.conf
state=absent
- name: Disable the DokuWiki (debuntu)
file:
path: /etc/apache2/sites-enabled/dokuwiki.conf
state: absent
when: not dokuwiki_enabled and is_debuntu
- name: Change permissions on engine directory so Apache can write
file: path=/library/{{ dokuwiki_version }} owner={{ apache_user }} mode=0755 state=directory recurse=yes
file:
path: "/library/{{ dokuwiki_version }}"
owner: "{{ apache_user }}"
mode: 0755
state: directory
recurse: yes
- name: Restart Apache, so it picks up the new aliases
service: name={{ apache_service }} state=restarted
service:
name: "{{ apache_service }}"
state: restarted

15
roles/dokuwiki/tasks/main.yml
View file

@ -1,15 +1,16 @@
- name: Include the install playbook
- name: Install DokuWiki
include_tasks: install.yml
when: dokuwiki_install
- name: Add DokuWiki to service list
ini_file: dest='{{ service_filelist }}'
section=dokuwiki
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'dokuwiki' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: dokuwiki
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: dokuwiki
value: DokuWiki
- option: description
value: '"DokuWiki is a simple to use and highly versatile Open Source wiki software that does not require a database."'
- option: installed

135
roles/elgg/tasks/main.yml
View file

@ -3,11 +3,13 @@
- name: Download current version from our site
shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }}
creates={{ downloads_dir }}/elgg-{{ elgg_version }}.zip
args:
creates: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip"
when: internet_available
- name: Determine if software is already expanded
stat: path=/opt/elgg-{{ elgg_version }}/index.php
stat:
path: "/opt/elgg-{{ elgg_version }}/index.php"
register: elgg
# use unzip and shell until unarchive works again
@ -19,106 +21,133 @@
when: elgg.stat.exists is defined and not elgg.stat.exists
- name: Create a link to the versioned elgg-* folder
file: src=./elgg-{{ elgg_version }}
dest=/opt/elgg
owner={{ apache_user }}
group={{ apache_user }}
state=link
force=true
file:
src: "./elgg-{{ elgg_version }}"
dest: /opt/elgg
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
state: link
force: true
# use template to fix up settings in engine/settings.php with our variables substituted
# into engine/settings.example.php
# note this will overwrite any manual settings
- name: Substitute our parameters in engine/settings.example.php
template: src="settings.php.j2"
dest="/opt/{{ elgg_xx }}/elgg-config/settings.php"
owner={{ apache_user }}
group={{ apache_user }}
template:
src: "settings.php.j2"
dest: "/opt/{{ elgg_xx }}/elgg-config/settings.php"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
# The name of this file changed from 1.9 to 1.10.
- name: Copy default .htaccess to the root directory of Elgg tree
copy: src="/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
dest="/opt/{{ elgg_xx }}/.htaccess"
mode=0644
owner={{ apache_user }}
group={{ apache_user }}
copy:
src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
dest: "/opt/{{ elgg_xx }}/.htaccess"
mode: 0644
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
#regexp='^#RewriteBase'
- name: Modify .htaccess to have RewriteBase as our directory
lineinfile: backup=no
dest="/opt/{{ elgg_xx }}/.htaccess"
state=present
insertafter='^#RewriteBase'
line="RewriteBase {{ elgg_url }}/"
lineinfile:
backup: no
dest: "/opt/{{ elgg_xx }}/.htaccess"
state: present
insertafter: '^#RewriteBase'
line: "RewriteBase {{ elgg_url }}/"
- name: Change permissions on engine directory so Apache can write
file: path=/opt/elgg/engine/ owner={{ apache_user }} mode=0755 state=directory
file:
path: /opt/elgg/engine/
owner: "{{ apache_user }}"
mode: 0755
state: directory
- name: Create an upload directory that Apache can write in or Elgg
file: path={{ elgg_upload_path }} state=directory owner={{ apache_user }}
file:
path: "{{ elgg_upload_path }}"
state: directory
owner: "{{ apache_user }}"
- name: Change ownership
file: path=/opt/elgg-{{ elgg_version }}
owner={{ apache_user }}
group={{ apache_user }}
recurse=yes
state=directory
file:
path: "/opt/elgg-{{ elgg_version }}"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
recurse: yes
state: directory
- name: Create a MySQL database for Elgg - can be run more than once
mysql_db: name={{ dbname }}
mysql_db:
name: "{{ dbname }}"
register: create_elgg_database
- name: Create a user to access the Elgg database - can be run more than once
mysql_user: name={{ dbuser }} host={{ item }} password={{ dbpassword }} priv={{ dbname }}.*:ALL
mysql_user:
name: "{{ dbuser }}"
host: "{{ item }}"
password: "{{ dbpassword }}"
priv: "{{ dbname }}.*:ALL"
with_items:
- 127.0.0.1
- ::1
- localhost
- name: Create file to load database
template: src=elggdb.sql.j2
dest=/tmp/elggdb.sql
template:
src: "elggdb.sql.j2"
dest: "/tmp/elggdb.sql"
# elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql
# tar up a mysqldump of freshly installed database and use it in the install to avoid the startup
# form, which worries me a lot. (/var/lib/mysql/elggdb)
- name: Load Elgg database dump
mysql_db: name={{ dbname }}
state=import
target=/tmp/elggdb.sql
mysql_db:
name: "{{ dbname }}"
state: import
target: /tmp/elggdb.sql
when: create_elgg_database.changed
- name: Remove database dump after load
file: name=/tmp/elggdb.sql state=absent
file:
name: /tmp/elggdb.sql
state: absent
- name: Install config file for Elgg in Apache
template: src=elgg.conf dest=/etc/{{ apache_config_dir }}/elgg.conf
template:
src: elgg.conf
dest: "/etc/{{ apache_config_dir }}/elgg.conf"
- name: Enable Elgg for debuntu (will already be enabled above for redhat)
file: path=/etc/apache2/sites-enabled/elgg.conf
src=/etc/apache2/sites-available/elgg.conf
state=link
file:
src: /etc/apache2/sites-available/elgg.conf
dest: /etc/apache2/sites-enabled/elgg.conf
state: link
when: elgg_enabled and is_debuntu
- name: Disable Elgg - remove config file for Elgg in Apache (debuntu)
file: path=/etc/apache2/sites-enabled/elgg.conf
state=absent
file:
path: /etc/apache2/sites-enabled/elgg.conf
state: absent
when: not elgg_enabled and is_debuntu
- name: Disable Elgg - remove config file for Elgg in Apache (redhat)
file: dest=/etc/{{ apache_config_dir }}/elgg.conf
state=absent
file:
dest: "/etc/{{ apache_config_dir }}/elgg.conf"
state: absent
when: not elgg_enabled and is_redhat
- name: Add 'elgg' to service list
ini_file: dest='{{ service_filelist }}'
section=elgg
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'elgg' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: elgg
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: elgg-social-netwoking
value: Elgg
- option: description
value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."'
- option: path
@ -127,4 +156,6 @@
value: "{{ elgg_enabled }}"
- name: Restart Apache, so it picks up the new aliases
service: name={{ apache_service }} state=restarted
service:
name: "{{ apache_service }}"
state: restarted

47
roles/kalite/tasks/install.yml
View file

@ -1,13 +1,17 @@
# This is for an OS other than Fedora 18
- name: Install missing packages required for KA Lite startup
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- python-virtualenv
- name: Grab the requirements file
get_url: url={{ kalite_requirements }} dest={{ pip_packages_dir }}/kalite.txt
- name: Download KA Lite's requirements file
get_url:
url: "{{ kalite_requirements }}"
dest: "{{ pip_packages_dir }}/kalite.txt"
timeout: "{{ download_timeout }}"
when: internet_available
#- name: Install KA Lite non-static + reqs file with pip - (debuntu)
@ -18,12 +22,13 @@
# extra_args="--disable-pip-version-check"
# when: internet_available and is_debuntu
- name: Install KA Lite static with pip - (debuntu)
pip: name=ka-lite-static
version={{ kalite_version }}
virtualenv={{ kalite_venv }}
virtualenv_site_packages=no
extra_args="--no-cache-dir"
- name: Install KA Lite static with pip (debuntu)
pip:
name: ka-lite-static
version: "{{ kalite_version }}"
virtualenv: "{{ kalite_venv }}"
virtualenv_site_packages: no
extra_args: "--no-cache-dir"
# extra_args="--disable-pip-version-check"
when: internet_available and is_debuntu
@ -36,10 +41,11 @@
# when: internet_available and not is_debuntu
- name: Install KA Lite static with pip - (OS's other than debuntu)
pip: name=ka-lite-static
version={{ kalite_version }}
virtualenv={{ kalite_venv }}
virtualenv_site_packages=no
pip:
name: ka-lite-static
version: "{{ kalite_version }}"
virtualenv: "{{ kalite_venv }}"
virtualenv_site_packages: no
# extra_args="--no-cache-dir"
# extra_args="--disable-pip-version-check"
when: internet_available and not is_debuntu
@ -54,12 +60,13 @@
when: not kalite_cron_enabled
- name: Create 'kalite-serve' service, kalite.sh and kalite.conf
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode={{ item.mode }}
template:
backup: no
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'}
- { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755'}

6
roles/kiwix/tasks/kiwix_install.yml
View file

@ -156,15 +156,15 @@
# 5. FINALIZE
- name: Add 'kiwix-serve' to list of services at /etc/iiab/iiab.ini
- name: Add 'kiwix' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: kiwix-serve
section: kiwix
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: kiwix-serve
value: Kiwix
- option: description
value: '"Part of https://github.com/kiwix/kiwix-tools/ - kiwix-serve is the most used web server for ZIM files."'
- option: kiwix_url

1
roles/kiwix/tasks/main.yml
View file

@ -27,6 +27,7 @@
get_url:
url: "{{ iiab_download_url }}/{{ kiwix_src_file }}"
dest: "{{ downloads_dir }}/{{ kiwix_src_file }}"
timeout: "{{ download_timeout }}"
when: internet_available
- name: Check for /opt/iiab/downloads/{{ kiwix_src_file }}

49
roles/monit/tasks/main.yml
View file

@ -1,31 +1,35 @@
- name: Install Monit package
package: name=monit
state=present
package:
name: monit
state: present
tags:
- download
- name: Install chkconfig package -- not in Debian 8
package: name=chkconfig
state=present
package:
name: chkconfig
state: present
when: is_debian and ansible_distribution_major_version == "8"
tags:
- download
- name: Update main config file
template: backup=yes
src=monitrc
dest=/etc/monitrc
owner=root
group=root
mode=0600
template:
backup: yes
src: monitrc
dest: /etc/monitrc
owner: root
group: root
mode: 0600
- name: Update config files
template: src={{ item }}
dest=/etc/monit.d/{{ item }}
owner=root
group=root
force=yes
mode=0755
template:
src: "{{ item }}"
dest: "/etc/monit.d/{{ item }}"
owner: root
group: root
force: yes
mode: 0755
with_items: watchdog
register: monit_config
when: false
@ -41,14 +45,15 @@
#- name: Restart monit service
# command: service monit restart
- name: Add 'monit' to service list
ini_file: dest='{{ service_filelist }}'
section=monit
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'monit' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: monit
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: monit
value: Monit
- option: description
value: '"Monit is a background service monitor which can correct problems, send email, restart services."'
- option: enabled

166
roles/moodle/tasks/main.yml
View file

@ -1,15 +1,17 @@
---
- name: Install Moodle required packages
package: name={{ item }}
state=present
- name: Install Moodle required packages (OS's other than debunt)
package:
name: "{{ item }}"
state: present
with_items:
- python-psycopg2
- php-pgsql
when: not is_debuntu
- name: Install Moodle required packages
package: name={{ item }}
state=present
- name: Install Moodle required packages (debuntu)
package:
name: "{{ item }}"
state: present
with_items:
- python-psycopg2
- php{{ php_version }}-pgsql
@ -21,107 +23,125 @@
- php{{ php_version }}-cli
when: is_debuntu
- name: php-zip name for Debian 9 or Ubuntu
package: name=php{{ php_version }}-zip
- name: php-zip name (debian_9 or ubuntu)
package:
name: "php{{ php_version }}-zip"
when: is_debian_9 or is_ubuntu
- name: php-zip name for Debian 8
package: name=php-pclzip
- name: php-zip name for (debian_8)
package:
name: php-pclzip
when: is_debian_8
- name: Determine if Moodle is already downloaded
stat: path={{ moodle_base }}/config-dist.php
stat:
path: "{{ moodle_base }}/config-dist.php"
register: moodle
- name: Download the latest Moodle repo
git: repo={{ moodle_repo_url }}
dest={{ moodle_base }}
depth=1
force=yes
version="MOODLE_{{ moodle_version }}_STABLE"
git:
repo: "{{ moodle_repo_url }}"
dest: "{{ moodle_base }}"
depth: 1
force: yes
version: "MOODLE_{{ moodle_version }}_STABLE"
# ignore_errors: yes
when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists
- name: Prepare the downloaded directory so Apache can install config file
file: path={{ moodle_base }}
owner={{ apache_user }}
recurse=yes
state=directory
file:
path: "{{ moodle_base }}"
owner: "{{ apache_user }}"
recurse: yes
state: directory
- name: Give Apache permission to write Moodle data directory
file: path={{ content_base }}/dbdata/moodle
owner={{ apache_user }}
mode=0755
state=directory
file:
path: "{{ content_base }}/dbdata/moodle"
owner: "{{ apache_user }}"
mode: 0755
state: directory
- name: Create a Moodle data dir with Apache permission to write
file: path={{ moodle_data }}
owner={{ apache_user }}
group={{ apache_user }}
mode=0770
state=directory
file:
path: "{{ moodle_data }}"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: 0770
state: directory
- name: Remove stock Moodle conf
file: path='/etc/{{ apache_config_dir }}/moodle.conf'
state=absent
file:
path: "/etc/{{ apache_config_dir }}/moodle.conf"
state: absent
- name: Put Moodle config file in place
template: src=022-moodle.j2
dest=/etc/{{ apache_config_dir }}/022-moodle.conf
owner=root
group=root
mode=0644
template:
src: 022-moodle.j2
dest: "/etc/{{ apache_config_dir }}/022-moodle.conf"
owner: root
group: root
mode: 0644
when: moodle_enabled
- name: Enable Moodle
file: path=/etc/apache2/sites-enabled/022-moodle.conf
src=/etc/apache2/sites-available/022-moodle.conf
state=link
- name: Enable Moodle (debuntu)
file:
src: /etc/apache2/sites-available/022-moodle.conf
dest: /etc/apache2/sites-enabled/022-moodle.conf
state: link
when: moodle_enabled and is_debuntu
- name: Disable Moodle
file: path=/etc/apache2/sites-enabled/022-moodle.conf
state=absent
- name: Disable Moodle (debuntu)
file:
path: /etc/apache2/sites-enabled/022-moodle.conf
state: absent
when: not moodle_enabled and is_debuntu
- name: Start postgresql-iiab
service: name=postgresql-iiab
state=restarted
service:
name: postgresql-iiab
state: restarted
- name: Create db user
postgresql_user: name=Admin
password=changeme
role_attr_flags=NOSUPERUSER,NOCREATEROLE,NOCREATEDB
state=present
postgresql_user:
name: Admin
password: changeme
role_attr_flags: NOSUPERUSER,NOCREATEROLE,NOCREATEDB
state: present
become: yes
become_user: postgres
- name: Create database
postgresql_db: name=moodle
encoding=utf8
owner=Admin
template=template1
state=present
postgresql_db:
name: moodle
encoding: utf8
owner: Admin
template: template1
state: present
become: yes
become_user: postgres
- name: Put a startup install script in place
template: dest={{ moodle_base }}
src=moodle_installer
mode=0755
template:
dest: "{{ moodle_base }}"
src: moodle_installer
mode: 0755
- name: Restart postgresql-iiab
service: name=postgresql-iiab
state=restarted
enabled=yes
service:
name: postgresql-iiab
state: restarted
enabled: yes
when: moodle_enabled
- name: Restart Apache
service: name={{ apache_service }}
state=restarted
service:
name: "{{ apache_service }}"
state: restarted
- name: See if the config.php file exists
stat: path='{{ moodle_base }}/config.php'
stat:
path: "{{ moodle_base }}/config.php"
register: config
- name: Execute Moodle startup script
@ -130,20 +150,22 @@
- name: Give Apache permission to read config file
# command: chown -R {{ apache_user }} {{ moodle_base }}
file: path={{ moodle_base }}/config.php
mode=0644
file:
path: "{{ moodle_base }}/config.php"
mode: 0644
- name: Add Moodle to service list
ini_file: dest='{{ service_filelist }}'
section=moodle
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'moodle' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: moodle
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: Moodle
- option: description
value: '"Access the Moodle learning management system."'
- option: 'directory path'
value: '{{ moodle_base }}'
- option: "moodle_base"
value: "{{ moodle_base }}"
- option: moodle_enabled
value: "{{ moodle_enabled }}"

86
roles/munin/tasks/main.yml
View file

@ -1,6 +1,7 @@
- name: Install Munin package
package: name={{ item }}
state=present
- name: Install Munin package (debuntu)
package:
name: "{{ item }}"
state: present
with_items:
- munin
- munin-node
@ -11,9 +12,10 @@
- download
when: is_debuntu
- name: Install Munin package
package: name={{ item }}
state=present
- name: Install Munin package (OS's other than debuntu)
package:
name: "{{ item }}"
state: present
with_items:
- munin
- munin-node
@ -22,49 +24,56 @@
when: not is_debuntu
- name: Copy Munin config file
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode=0644
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0644
with_items:
- { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' }
- { src: 'munin24.conf.j2', dest: '/etc/{{ apache_config_dir }}/munin24.conf' }
- name: Create admin user
htpasswd: path=/etc/munin/munin-htpasswd
name=Admin
password=changeme
create=yes
state=present
htpasswd:
path: /etc/munin/munin-htpasswd
name: Admin
password: changeme
create: yes
state: present
- name: Enable munin-node service
service: name=munin-node
enabled=yes
state=started
service:
name: munin-node
enabled: yes
state: started
when: munin_enabled
- name: Enable Apache lookup
file: src=/etc/apache2/sites-available/munin24.conf
dest=/etc/apache2/sites-enabled/munin24.conf
state=link
- name: Enable Apache lookup (debuntu)
file:
src: /etc/apache2/sites-available/munin24.conf
dest: /etc/apache2/sites-enabled/munin24.conf
state: link
when: munin_enabled and is_debuntu
- name: Disable Apache lookup
file: src=/etc/apache2/sites-available/munin24.conf
dest=/etc/apache2/sites-enabled/munin24.conf
state=absent
- name: Disable Apache lookup (debuntu)
file:
src: /etc/apache2/sites-available/munin24.conf
dest: /etc/apache2/sites-enabled/munin24.conf
state: absent
when: not munin_enabled and is_debuntu
- name: Disable munin-node service when it becomes disabled
service: name=munin-node
enabled=no
state=stopped
service:
name: munin-node
enabled: no
state: stopped
when: not munin_enabled
- name: If MySQL is enabled, let Munin monitor it
copy: dest=/etc/munin/plugins/
src={{ item }}
copy:
src: "{{ item }}"
dest: /etc/munin/plugins/
with_items:
- /usr/share/munin/plugins/mysql_
- /usr/share/munin/plugins/mysql_bytes
@ -75,14 +84,15 @@
- /usr/share/munin/plugins/mysql_threads
when: mysql_enabled
- name: Add munin to service list
ini_file: dest='{{ service_filelist }}'
section=munin
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'munin' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: munin
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: munin
value: Munin
- option: description
value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and \"what just happened to kill our performance?\" problems."'
- option: installed

83
roles/mysql/tasks/main.yml
View file

@ -1,6 +1,7 @@
- name: Install MySQL (debuntu)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- mariadb-server
- mariadb-client
@ -18,17 +19,22 @@
tags:
- download
- name: php-xml for 'ubuntu' and 'debian-9'
package: name=php{{ php_version }}-xml state=present
- name: php-xml (ubuntu or debian_9)
package:
name: "php{{ php_version }}-xml"
state: present
when: is_ubuntu or is_debian_9
- name: php-xml for 'debian-8'
package: name=php-xml-parser state=present
- name: php-xml (debian_8)
package:
name: "php-xml-parser"
state: present
when: is_debian_8
- name: Install MySQL (OS's other than debuntu)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- MySQL-python
- mysql
@ -57,29 +63,43 @@
# Name of mysql service varies by OS so softcoded in 1-prep
- name: Start the MySQL service
service: name={{ mysql_service }}
state=started
service:
name: "{{ mysql_service }}"
state: started
- name: Enable the MySQL service
service: name={{ mysql_service }}
enabled=yes
service:
name: "{{ mysql_service }}"
enabled: yes
when: mysql_enabled
# 'localhost' needs to be the last item for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
# unfortunately it still doesn't work
- name: Update MySQL root password for localhost root accounts
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} priv=*.*:ALL,GRANT
mysql_user:
name: root
host: "{{ item }}"
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
with_items:
- localhost
when: mysql_enabled
- name: Copy .my.cnf file with root password credentials
template: src=my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600
template:
src: my.cnf.j2
dest: /root/.my.cnf
owner: root
mode: 0600
when: mysql_enabled
- name: Update MySQL root password for all remaining root accounts
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} priv=*.*:ALL,GRANT
mysql_user:
name: root
host: "{{ item }}"
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
with_items:
# - "{{ iiab_hostname }}.{{ iiab_domain }}"
- 127.0.0.1
@ -87,32 +107,41 @@
when: mysql_enabled
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
mysql_user: user="" host="{{ ansible_hostname }}" state="absent"
mysql_user:
user: ""
host: "{{ ansible_hostname }}"
state: absent
when: mysql_enabled
- name: Delete anonymous MySQL server user for localhost
mysql_user: user="" state="absent"
mysql_user:
user: ""
state: absent
when: mysql_enabled
- name: Remove the MySQL test database
mysql_db: db=test state=absent
mysql_db:
db: test
state: absent
when: mysql_enabled
# we had to start mysql in order to configure it, now turn if off if not enabled
- name: Provisionally Disable the MySQL service
service: name={{ mysql_service }}
enabled=no
state=stopped
service:
name: "{{ mysql_service }}"
enabled: no
state: stopped
when: not mysql_enabled
- name: Add 'mysql' to service list
ini_file: dest='{{ service_filelist }}'
section=mysql
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'mysql' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: mysql
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: mysql-database
value: MySQL
- option: description
value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."'
- option: enabled

70
roles/network/tasks/dansguardian.yml
View file

@ -1,47 +1,53 @@
- name: Install DansGuardian packages
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- dansguardian
tags:
- download
- name: Copy DansGuardian config file
template: src=roles/network/templates/squid/dansguardian.conf.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=dansguardian
mode=0640
- name: Copy DansGuardian config file (Fedora)
template:
src: roles/network/templates/squid/dansguardian.conf.j2
dest: /etc/dansguardian/dansguardian.conf
owner: dansguardian
group: dansguardian
mode: 0640
when: ansible_distribution == "Fedora"
- name: Copy DansGuardian config file
template: src=roles/network/templates/squid/dansguardian.conf.debian.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=dansguardian
mode=0640
- name: Copy DansGuardian config file (debuntu)
template:
src: roles/network/templates/squid/dansguardian.conf.debian.j2
dest: /etc/dansguardian/dansguardian.conf
owner: dansguardian
group: dansguardian
mode: 0640
when: is_debuntu
- name: Copy DansGuardian config file for CentOS
template: src=roles/network/templates/squid/dansguardian.conf.centos.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=vscan
mode=0640
- name: Copy DansGuardian config file (CentOS)
template:
src: roles/network/templates/squid/dansguardian.conf.centos.j2
dest: /etc/dansguardian/dansguardian.conf
owner: dansguardian
group: vscan
mode: 0640
when: ansible_distribution == "CentOS"
- name: Create 'dansguardian' log directory
file: path=/var/log/dansguardian
owner=dansguardian
group=dansguardian
mode=0750
state=directory
- name: Create 'dansguardian' log directory (OS's other than CentOS)
file:
path: /var/log/dansguardian
owner: dansguardian
group: dansguardian
mode: 0750
state: directory
when: ansible_distribution != "CentOS"
- name: Create DansGuardian log directory for CentOS
file: path=/var/log/dansguardian
owner=dansguardian
group=vscan
mode=0750
state=directory
- name: Create DansGuardian log directory (CentOS)
file:
path: /var/log/dansguardian
owner: dansguardian
group: vscan
mode: 0750
state: directory
when: ansible_distribution == "CentOS"

77
roles/network/tasks/squid.yml
View file

@ -1,6 +1,7 @@
- name: Install Squid packages
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- "{{ proxy }}"
- cadaver
@ -12,21 +13,24 @@
when: is_ubuntu
- name: Stop Squid
service: name={{ proxy }}
state=stopped
service:
name: "{{ proxy }}"
state: stopped
when: not installing
- name: Create the Squid user
user: name={{ proxy_user }}
createhome=False
shell=/bin/false
user:
name: "{{ proxy_user }}"
createhome: False
shell: /bin/false
- name: Copy init script and config file
template: src={{ item.src }}
dest={{ item.dest }}
owner={{ item.owner }}
group={{ item.group }}
mode={{ item.mode }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- src: 'roles/network/templates/squid/squid.sysconfig'
dest: '/etc/sysconfig/squid'
@ -60,43 +64,48 @@
mode: '0755'
- name: Create Squid cache directory
file: path=/library/cache
owner={{ proxy_user }}
group={{ proxy_user }}
mode=0750
state=directory
file:
path: /library/cache
owner: "{{ proxy_user }}"
group: "{{ proxy_user }}"
mode: 0750
state: directory
- name: Create Squid log directory
file: path=/var/log/{{ proxy }}
owner={{ proxy_user }}
group={{ proxy_user }}
mode=0750
state=directory
file:
path: "/var/log/{{ proxy }}"
owner: "{{ proxy_user }}"
group: "{{ proxy_user }}"
mode: 0750
state: directory
- include_tasks: roles/network/tasks/dansguardian.yml
when: dansguardian_install
- name: Add Squid to service list
ini_file: dest='{{ service_filelist }}'
section={{ proxy }}
option='{{ item.option }}'
value='{{ item.value }}'
# {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8
- name: Add '{{ proxy }}' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: "{{ proxy }}"
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: squid
value: Squid
- option: description
value: '"Squid caches web pages the first time they are accessed, and pulls them from the cache thereafter."'
- option: enabled
value: "{{ squid_enabled }}"
- name: Add 'dansguardian' to service list
ini_file: dest='{{ service_filelist }}'
section=dansguardian
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: dansguardian
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: dansguardian
value: DansGuardian
- option: description
value: '"DansGuardian searches web content for objectionable references and denies access when found."'
- option: enabled

16
roles/nextcloud/tasks/F18.yml
View file

@ -1,11 +1,17 @@
- name: Remove /etc/nextcloud to avoid confusion as we use the config in {{ nextcloud_prefix }}/nextcloud/config/
file: path=/etc/nextcloud
state=absent
file:
path: /etc/nextcloud
state: absent
# but we use the tar file to get the latest version; really only benefits the xo4 on fedora 18
- name: Get the nextcloud software
get_url: url="{{ nextcloud_dl_url }}"/{{ nextcloud_src_file }} dest={{ downloads_dir }}/{{ nextcloud_src_file }}
- name: Download latest Nextcloud software to /opt/iiab/download/{{ nextcloud_src_file }}
get_url:
url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}"
dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
timeout: "{{ download_timeout }}"
when: internet_available
- name: Copy it to permanent location /opt
unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }} dest=/opt/
unarchive:
src: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
dest: /opt/

1
roles/nextcloud/tasks/main.yml
View file

@ -18,6 +18,7 @@
url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}"
dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
force: yes
timeout: "{{ download_timeout }}"
when: internet_available and nextcloud_force_install
async: 900
poll: 15

7
roles/nodogsplash/tasks/rpi.yml
View file

@ -3,13 +3,14 @@
name: libmicrohttpd12
state: present
- name: Get the nodogsplash software
- name: Download nodogsplash software
get_url:
url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}"
dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}"
timeout: "{{ download_timeout }}"
when: internet_available
async: 300
poll: 5
#async: 300
#poll: 5
- name: Install nodogsplash
apt:

3
roles/phpmyadmin/tasks/main.yml
View file

@ -1,7 +1,8 @@
- name: Download the phpMyAdmin software
- name: Download phpMyAdmin software
get_url:
url: "{{ iiab_download_url }}/{{ phpmyadmin_name_zip }}"
dest: "{{ downloads_dir }}"
timeout: "{{ download_timeout }}"
#register: phpmyadmin_dl_output
when: internet_available

105
roles/postgresql/tasks/main.yml
View file

@ -1,94 +1,107 @@
- name: Install PostgreSQL packages
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- postgresql
tags:
- download
- name: Install PostgreSQL for Debian
package: name=postgresql-client
- name: Install postgresql-client (debuntu)
package:
name: postgresql-client
when: is_debuntu
tags:
- download
- name: Install PostgreSQL for Fedora
package: name=postgresql-server
- name: Install postgresql-server (OS's other than debuntu)
package:
name: postgresql-server
when: not is_debuntu
tags:
- download
- name: Create postgresql-iiab systemd service
template: src=postgresql-iiab.service
dest=/etc/systemd/system/postgresql-iiab.service
owner=root
group=root
mode=0644
template:
src: postgresql-iiab.service
dest: /etc/systemd/system/postgresql-iiab.service
owner: root
group: root
mode: 0644
- name: Create postgres data directory
file: path=/library/pgsql-iiab
owner=postgres
group=postgres
mode=0700
state=directory
file:
path: /library/pgsql-iiab
owner: postgres
group: postgres
mode: 0700
state: directory
- name: Make sure that the en_US locale is enabled
lineinfile: dest=/etc/locale.gen
line="{{ postgresql_locale }} UTF-8"
- name: Make sure that the en_US locale is enabled (debuntu)
lineinfile:
dest: /etc/locale.gen
line: "{{ postgresql_locale }} UTF-8"
when: is_debuntu
- name: Generate the selected locales
- name: Generate the selected locales (debuntu)
command: /usr/sbin/locale-gen
when: is_debuntu
- name: Initialize the postgres db
- name: Initialize the postgres db (debuntu)
command: su - postgres -c "/usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab"
creates=/library/pgsql-iiab/pg_hba.conf
args:
creates: /library/pgsql-iiab/pg_hba.conf
when: is_debuntu
- name: Initialize the postgres db
- name: Initialize the postgres db (OS's other than debuntu)
command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab"
creates=/library/pgsql-iiab/pg_hba.conf
args:
creates: /library/pgsql-iiab/pg_hba.conf
when: not is_debuntu
- name: Configure PostgreSQL
template: backup=yes
src=postgresql.conf.j2
dest=/library/pgsql-iiab/postgresql.conf
owner=postgres
group=postgres
mode=0640
template:
backup: yes
src: postgresql.conf.j2
dest: /library/pgsql-iiab/postgresql.conf
owner: postgres
group: postgres
mode: 0640
- name: Stop postgresql service
- name: Stop postgresql service (debuntu)
command: "/etc/init.d/postgresql stop"
ignore_errors: True
when: postgresql_install and is_debuntu
- name: Stop and disable stock postgresql service
service: name=postgresql
state=stopped
enabled=no
service:
name: postgresql
state: stopped
enabled: no
- name: Start and enable postgresql-iiab service
service: name=postgresql-iiab
state=started
enabled=yes
service:
name: postgresql-iiab
state: started
enabled: yes
when: postgresql_enabled
- name: Stop and disable postgresql-iiab service if not postgresql_enabled
service: name=postgresql-iiab
state=stopped
enabled=no
service:
name: postgresql-iiab
state: stopped
enabled: no
when: not postgresql_enabled
- name: Add postgresql to service list
ini_file: dest='{{ service_filelist }}'
section=postgresql
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'postgresql' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: postgresql
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: postgresql
value: PostgreSQL
- option: description
value: '"PostgreSQL is a powerful, open source object-relational database system."'
- option: installed

64
roles/samba/tasks/main.yml
View file

@ -2,16 +2,25 @@
# Create a smbuser
#
- name: create smb user
user: name="{{ smbuser }}" shell=/sbin/nologin password="{{ smbpassword }}"
- name: Create smb user
user:
name: "{{ smbuser }}"
shell: /sbin/nologin
password: "{{ smbpassword }}"
- name: create the public folder
file: dest="{{ shared_dir }}" owner="{{ smbuser }}" group="{{ smbuser }}" mode=0777 state=directory
- name: Create the public folder
file:
dest: "{{ shared_dir }}"
owner: "{{ smbuser }}"
group: "{{ smbuser }}"
mode: 0777
state: directory
# Install and configure samba server (requires ports 137, 138, 139, 445 open).
- name: Ensure Samba-related packages are installed.
package: name={{ item }}
state=present
- name: Ensure Samba-related packages are installed
package:
name: "{{ item }}"
state: present
with_items:
- samba
- samba-client
@ -21,41 +30,56 @@
- samba
- download
- name: put our smb.conf in place
template: src=smb.conf.j2 dest=/etc/samba/smb.conf
- name: Put our smb.conf in place
template:
src: smb.conf.j2
dest: /etc/samba/smb.conf
- name: Ensure Samba is running and set to start on boot.
service: name={{ smb_service }} state=started enabled=yes
service:
name: "{{ smb_service }}"
state: started
enabled: yes
tags:
- samba
when : samba_enabled
- name: netbios name server is running and set to start on boot.
service: name={{ nmb_service }} state=started enabled=yes
- name: NetBIOS name server is running and set to start on boot
service:
name: "{{ nmb_service }}"
state: started
enabled: yes
tags:
- samba
when : samba_enabled
- name: Disable Samba if that is wanted
service: name={{ smb_service }} state=stopped enabled=no
service:
name: "{{ smb_service }}"
state: stopped
enabled: no
tags:
- samba
when : not samba_enabled
- name: Disable Samba name server if that is wanted
service: name={{ nmb_service }} state=stopped enabled=no
service:
name: "{{ nmb_service }}"
state: stopped
enabled: no
tags:
- samba
when : not samba_enabled
- name: Add samba to service list
ini_file: dest='{{ service_filelist }}'
section=samba
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'samba' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: samba
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: samba
value: Samba
- option: description
value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."'
- option: enabled

5
roles/sugarizer/tasks/main.yml
View file

@ -2,6 +2,8 @@
get_url:
url: "{{ iiab_download_url }}/{{ sugarizer_version }}.tar.gz"
dest: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz"
timeout: "{{ download_timeout }}"
when: internet_available
- name: Untar to /library/www/html/{{ sugarizer_version }}
unarchive:
@ -40,7 +42,8 @@
# attempting to reinstall npm is broken on Raspbian 9
- name: Check for Sugarizer already installed
stat: path={{ sugarizer_location }}/sugarizer/server/node_modules
stat:
path: "{{ sugarizer_location }}/sugarizer/server/node_modules"
register: npm
- name: Set a flag to abort second attempt to install

24
roles/teamviewer/tasks/install.yml
View file

@ -1,5 +1,5 @@
# we need to install X11 and the xfce display manager
- name: Install xfce group of packages
# we need to install X11 and the Xfce display manager
- name: Install Xfce group of packages
shell: "yum groupinstall -y xfce"
when: xo_model == "none" and internet_available and ansible_distribution_version <= "20"
tags:
@ -11,7 +11,7 @@
tags:
- download
- name: Install xfce group of packages
- name: Install Xfce group of packages
shell: yum groupinstall -y "Xfce Desktop" --exclude fedora-release\*
when: xo_model == "none" and internet_available and ansible_distribution_version >= "21"
tags:
@ -23,25 +23,29 @@
tags:
- download
- name: Get the teamviewer software
get_url: url="{{ teamviewer_url }}/{{ teamviewer_rpm_file }}" dest="{{ yum_packages_dir }}/{{ teamviewer_rpm_file }}"
- name: Download TeamViewer software
get_url:
url: "{{ teamviewer_url }}/{{ teamviewer_rpm_file }}"
dest: "{{ yum_packages_dir }}/{{ teamviewer_rpm_file }}"
timeout: "{{ download_timeout }}"
when: internet_available
tags:
- download
# F22 has issues with yum localinstall exclude for now
- name: Do the install of teamviewer, pulling in any required dependencies
- name: Do the install of TeamViewer, pulling in any required dependencies
shell: "yum localinstall -y {{ yum_packages_dir }}/{{ teamviewer_rpm_file }}"
when: teamviewer_install and internet_available
and xo_model == "none" and ansible_distribution_version <= "21"
- name: making local copy available
- name: Making local copy available
shell: createrepo {{ yum_packages_dir }}
when: teamviewer_install and xo_model == "none" and ansible_distribution_version >= "22"
- name: using local copy
package: name={{ item }}
state=present
- name: Using local copy
package:
name: "{{ item }}"
state: present
with_items:
- teamviewer*
when: teamviewer_install and xo_model == "none" and ansible_distribution_version >= "22"

34
roles/vnstat/tasks/main.yml
View file

@ -1,18 +1,20 @@
---
- name: Install required packages
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- vnstat
tags:
- download
- name: Put the config file in place
template: src=vnstat.conf.j2
dest=/etc/vnstat.conf
mode=0744
owner=root
group=root
template:
src: vnstat.conf.j2
dest: /etc/vnstat.conf
mode: 0744
owner: root
group: root
- name: Create database for WAN to collect vnStat data
shell: /usr/bin/vnstat -i {{ iiab_wan_iface }}
@ -22,16 +24,20 @@
when: iiab_lan_iface is defined
- name: Start vnStat daemon via systemd
service: name=vnstat enabled=yes state=started
service:
name: vnstat
enabled: yes
state: started
- name: Add vnStat to service list
ini_file: dest='{{ service_filelist }}'
section=vnstat
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'vnstat' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: vnstat
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: vnstat
value: vnStat
- option: description
value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."'
- option: installed

79
roles/wordpress/tasks/install.yml
View file

@ -15,6 +15,7 @@
get_url:
url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
dest: "{{ downloads_dir }}"
timeout: "{{ download_timeout }}"
# force: yes
# backup: yes
register: wp_download_output
@ -61,66 +62,78 @@
command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +"
- name: Copy wp salt values
copy: src=wp-keys.php.BAK
dest={{ wp_abs_path }}/wp-keys.php.BAK
owner=root
group={{ apache_user }}
mode=0640
copy:
src: wp-keys.php.BAK
dest: "{{ wp_abs_path }}/wp-keys.php.BAK"
owner: root
group: "{{ apache_user }}"
mode: 0640
# Fetch random salts for WordPress config into wp-keys.php file by generating script and running
- name: Create wp salt script
template: src=get-iiab-wp-salts.j2
dest=/tmp/get-iiab-wp-salts
owner=root
group=root
mode=0700
template:
src: get-iiab-wp-salts.j2
dest: /tmp/get-iiab-wp-salts
owner: root
group: root
mode: 0700
- name: Run wp salt script to create /library/wordpress/wp-keys.php
command: /tmp/get-iiab-wp-salts
- name: Cleanup - remove wp salt script
file: path=/tmp/get-iiab-wp-salts
state=absent
file:
path: /tmp/get-iiab-wp-salts
state: absent
- name: MySQL database needs to be running if we are trying to create a new db
service: state=started
name='{{ mysql_service }}'
service:
state: started
name: "{{ mysql_service }}"
- name: Create MySQL wordpress database
mysql_db: name={{ wp_db_name }}
state=present
mysql_db:
name: "{{ wp_db_name }}"
state: present
- name: Create MySQL wordpress database user
mysql_user: name={{ wp_db_user }}
password={{ wp_db_user_password }}
priv={{ wp_db_name }}.*:ALL,GRANT
state=present
mysql_user:
name: "{{ wp_db_user }}"
password: "{{ wp_db_user_password }}"
priv: "{{ wp_db_name }}.*:ALL,GRANT"
state: present
- name: Copy WordPress config file
template: src=wp-config.php.j2
dest={{ wp_abs_path }}/wp-config.php
owner=root
group={{ apache_user }}
mode=0660
template:
src: wp-config.php.j2
dest: "{{ wp_abs_path }}/wp-config.php"
owner: root
group: "{{ apache_user }}"
mode: 0660
- name: Copy WordPress httpd conf file
template: src=wordpress.conf.j2
dest=/etc/{{ apache_config_dir }}/wordpress.conf
template:
src: wordpress.conf.j2
dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
- name: Enable httpd conf file if we are disabled (debuntu)
file: path=/etc/apache2/sites-enabled/wordpress.conf
src=/etc/apache2/sites-available/wordpress.conf
state=link
file:
src: /etc/apache2/sites-available/wordpress.conf
dest: /etc/apache2/sites-enabled/wordpress.conf
state: link
when: wordpress_enabled and is_debuntu
- name: Remove httpd conf file if we are disabled (OS's other than debuntu)
file: path=/etc/apache2/sites-enabled/wordpress.conf
state=absent
file:
path: /etc/apache2/sites-enabled/wordpress.conf
state: absent
when: not wordpress_enabled and is_debuntu
- name: Restart Apache, so it picks up the new aliases
service: name={{ apache_service }} state=restarted
service:
name: "{{ apache_service }}"
state: restarted
- name: Add 'wordpress' to list of services at /etc/iiab/iiab.ini
ini_file:

2
vars/default_vars.yml
View file

@ -17,6 +17,8 @@ pip_packages_dir: "{{ iiab_base }}/pip-packages"
yum_packages_dir: "{{ iiab_base }}/yum-packages"
downloads_dir: "{{ iiab_base }}/downloads"
iiab_download_url: http://download.iiab.io/packages
# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 100
# Configuration File(s)
iiab_config_file: /etc/iiab/iiab.ini

3
vars/medium.localvars
View file

@ -6,6 +6,9 @@
# Original Idea: branch github.com/xsce/xsce-local for your deployment
# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 100
# Users and Passwords
# Uncomment the following if you don't want iiab_admin_user (by default