Test (#20)

* change apache_data to apache_user in all

* no libapach2 in centos. just php. no php-magick in centos

* remove redundant vars entries

* do not create apache user

* missed one pound sign

* soft code all references to apache_user

* centos requires older setuptools

* revert ansible_lsb.id in xsce.yml

* try getting recent pip

* move pip download to 2prep so that kalite success is not dependent on iiab coming first

* still need to replace setuptools in kalite

* add curl -- needed in debian

* massivly substitue iiab for xsce, and rename files

* completed runansible

* centos fixes,install  pip

* appliance means no iptables rules

* change to earlier version of setuptools for centos

* delete file duplicate, hopefully unnecessary. generate the offline docs

* wiki docs errors

* create the admin group -- deleted earlier

* use the --yes option with pip uninstall

* base of repo moved from schoolserver to iiab, unleashkids.org->iiab.io

* network detection broken due to tupo

roles/iiab-admin/README.rst

@@ -0,0 +1,25 @@
+=================
+XSCE Admin README
+=================
+
+This role is home to a number of administrative playbooks.  Those implemented are:
+
+Add Administrative User
+-----------------------
+
+* Add the iiab-admin user and password
+* N.B. to create password hash use python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'
+* Make a sudoer
+* Add /root/.ssh and dummy authorized_keys file as placeholder
+* Force password for sudoers
+
+Add Packages for Remote Access
+------------------------------
+
+* screen
+* lynx
+
+Admin Console
+-------------
+
+Has been moved to a separate git repo

roles/iiab-admin/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# must keep roles/0-once/defaults/main.yml sync'd
+# The values here are defaults.
+
+iiab_admin_user: iiab-admin

roles/iiab-admin/files/dummy_authorized_keys

@@ -0,0 +1 @@
+# Put your authorized keys here

roles/iiab-admin/tasks/access.yml

@@ -0,0 +1,8 @@
+- name: Install textmode remote access packages
+  package: name={{ item }}
+           state=present
+  with_items:
+        - screen
+        - lynx
+  tags:
+    - download

roles/iiab-admin/tasks/admin-user.yml

@@ -0,0 +1,56 @@
+- name: Create iiab-admin user and password
+  user: name={{ iiab_admin_user }}  
+        password={{ iiab_admin_passw_hash }}
+        update_password=on_create
+        
+- name: Create a wheel group
+  group: name=wheel
+         state=present
+
+- name: Create a sudo group
+  group: name=sudo
+         state=present
+  when: is_redhat
+
+- name: Add user to wheel group
+  user: name={{ iiab_admin_user }} groups=wheel,sudo
+  
+- name: Create root .ssh
+  file: path=/root/.ssh
+        mode=0700
+        owner=root
+        group=root
+        state=directory
+
+- name: Install dummy root keys as placeholder
+  copy: src=dummy_authorized_keys
+        dest=/root/.ssh/authorized_keys
+        force=no
+        owner=root
+        group=root
+        mode=0600
+        
+#        backup=yes
+
+- name: edit the sudoers file--first make it editable
+  shell: chmod 0640 /etc/sudoers
+
+- name: have sudo log all commands it handles
+  lineinfile: regexp=logfile
+              line='Defaults     logfile = /var/log/sudo.log'
+              state=present
+              dest=/etc/sudoers
+
+- name: lets wheel sudo without password
+  lineinfile: 
+     line: "%wheel ALL= NOPASSWD: ALL"
+     dest: /etc/sudoers
+
+- name: remove the line which requires tty
+  lineinfile: regexp=requiretty 
+              state=absent 
+              dest=/etc/sudoers
+                
+- name: end editing the sudoers file-- protect it again
+  shell: chmod 0440 /etc/sudoers
+      

roles/iiab-admin/tasks/main.yml

@@ -0,0 +1,20 @@
+- include: admin-user.yml
+  tags:
+    - base
+
+- include: access.yml
+  tags:
+    - base
+
+- name: Add iiab-admin parameters to ini file
+  ini_file: dest='{{ service_filelist }}'
+            section=iiab-admin
+            option='{{ item.option }}'
+            value='{{ item.value }}'
+  with_items:
+    - option: name
+      value: iiab-admin
+    - option: description
+      value: '"Admin User"'
+    - option: iiab_admin_user
+      value: "{{ iiab_admin_user }}"