diff --git a/roles/0-init/README.rst b/roles/0-init/README.rst index acceaff33..a206b7d09 100644 --- a/roles/0-init/README.rst +++ b/roles/0-init/README.rst @@ -2,8 +2,10 @@ 0-init README ============= -For a higher-level view, please see `IIAB Installation `_ and http://FAQ.IIAB.IO +For a higher-level view of `Internet-in-a-Box (IIAB) `_, please see http://FAQ.IIAB.IO and `IIAB Installation `_. -This 0th stage literally sets the stage for Internet-in-a-Box (IIAB) installation, prior to Ansible running `Stages 1-to-9 <.>`_ and then the `network <../network>`_ stage. +This 0th `stage `_ literally sets the stage for IIAB installation, prior to Ansible running Stages 1-to-9, which are typically then followed by the `network <../network>`_ stage. -This serves to confirm low-level Ansible facts from the OS — e.g. for housekeeping tasks related to TZ (time zone), hostname, FQDN (fully-qualified domain name), unusual systemwide dependencies etc — and whether Internet is live so that IIAB installation can proceed. +But first: This 0th stage (0-init) serves to confirm low-level Ansible facts from the OS — e.g. for housekeeping tasks related to TZ (time zone), hostname, FQDN (fully-qualified domain name), unusual systemwide dependencies etc (and whether Internet is live) — so that IIAB installation can get underway. + +Recap: Similar to 1-prep, 2-common, 3-base-server, 4-server-options and 5-xo-services ⁠— this 0th stage installs core server infra (that is not user-facing). diff --git a/roles/1-prep/README.rst b/roles/1-prep/README.rst index b8fe2d884..d2b3bb8ee 100644 --- a/roles/1-prep/README.rst +++ b/roles/1-prep/README.rst @@ -2,15 +2,21 @@ 1-prep README ============= -This 1st stage (1-prep) is primarily hardware-focused, prior to OS -additions/mods, but also includes critical pieces sometimes needed for +This 1st `stage `_ (1-prep) is primarily hardware-focused, prior to OS +additions/mods — but also includes critical pieces sometimes needed for remote support: +- dnsmasq +- /etc/iiab/uuid +- Customizing /var/log/* for Ubermix on each boot, using /etc/tmpfiles.d - SSH - `iiab-admin `_ username and group to log into Admin Console - OpenVPN software if/as needed later for remote support +- `raspberry_pi.yml `_ including RTC, essential packages, and networking basics Traditionally 1-prep also included preliminaries like hostname and hardware-oriented things specific to a particular platform (such as One Laptop Per Child's XO laptop) i.e. critical setup prior to the bulk of IIAB's software install. + +Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and 5-xo-services ⁠— this 1st stage installs core server infra (that is not user-facing). diff --git a/roles/2-common/README.rst b/roles/2-common/README.rst index 90bee5c7e..be1ccd5c9 100644 --- a/roles/2-common/README.rst +++ b/roles/2-common/README.rst @@ -2,7 +2,13 @@ 2-common README =============== -This 2nd stage is for OS-level roles/packages/tasks *common* to all platforms, -prerequisites to building up a functioning server. +This 2nd `stage `_ is for OS-level basics *common* to all platforms, i.e. core prerequisites to building up a functioning `Internet-in-a-Box (IIAB) `_ server. -As in the case of 3-base-server, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing. +These are (partially) put in place: + +- IIAB directory structure (`file layout `_) +- Common `apt `_ software packages +- Networking (including the `iptables `_ firewall) +- `/usr/libexec/iiab-startup.sh `_ similar to AUTOEXEC.BAT and /etc/rc.local, in order to run jobs on boot + +Recap: As with 0-init, 1-prep, 3-base-server, 4-server-options and 5-xo-services — this 2nd stage installs core server infra (that is not user-facing). diff --git a/roles/2-common/tasks/centos.yml b/roles/2-common/tasks/centos.yml.unused similarity index 100% rename from roles/2-common/tasks/centos.yml rename to roles/2-common/tasks/centos.yml.unused diff --git a/roles/2-common/tasks/fedora.yml b/roles/2-common/tasks/fedora.yml.unused similarity index 100% rename from roles/2-common/tasks/fedora.yml rename to roles/2-common/tasks/fedora.yml.unused diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 3e4e17131..21ae62a6a 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -1,46 +1,37 @@ # Common OS-Level Additions & Mods (that only need to be performed once) - name: ...IS BEGINNING ========================================== - command: echo + meta: noop - name: Create IIAB directory structure ("file layout") include_tasks: fl.yml -# UNMAINTAINED -- include_tasks: centos.yml - when: ansible_distribution == "CentOS" - -# UNMAINTAINED -- include_tasks: fedora.yml - when: ansible_distribution == "Fedora" - -# UNMAINTAINED -- include_tasks: prep.yml - when: not is_debuntu - -# UNMAINTAINED -- include_tasks: xo.yml - when: xo_model != "none" or osbuilder is defined - - include_tasks: packages.yml -- include_tasks: network.yml -# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: -- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible - sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot - name: "{{ item.name }}" - value: "{{ item.value }}" - with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } - #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled - #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET - #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE +- name: 'Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml' + include_tasks: network.yml + +- include_tasks: iiab-startup.yml + +# UNMAINTAINED +#- include_tasks: centos.yml +# when: ansible_distribution == "CentOS" + +# UNMAINTAINED +#- include_tasks: fedora.yml +# when: ansible_distribution == "Fedora" + +# UNMAINTAINED +#- include_tasks: prep.yml +# when: not is_debuntu + +# UNMAINTAINED +#- include_tasks: xo.yml +# when: xo_model != "none" or osbuilder is defined + +# UNMAINTAINED +#- include_tasks: net_mods.yml +# when: not is_debuntu and not is_F18 # UNMAINTAINED #- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH @@ -48,12 +39,6 @@ # dest: /etc/profile.d/zzz_iiab.sh # src: zzz_iiab.sh -# UNMAINTAINED -- include_tasks: net_mods.yml - when: not is_debuntu and not is_F18 - -- include_tasks: iiab-startup.yml - - name: Recording STAGE 2 HAS COMPLETED ========================== lineinfile: path: "{{ iiab_env_file }}" diff --git a/roles/2-common/tasks/net_mods.yml b/roles/2-common/tasks/net_mods.yml.unused similarity index 100% rename from roles/2-common/tasks/net_mods.yml rename to roles/2-common/tasks/net_mods.yml.unused diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index cc1615a58..9b3257e09 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -24,3 +24,20 @@ src: iptables dest: /etc/network/if-pre-up.d/iptables mode: '0755' + +# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: +- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible + sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } + #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? + - { name: 'kernel.core_uses_pid', value: '1' } + #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 + #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled + #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET + #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE diff --git a/roles/2-common/tasks/prep.yml b/roles/2-common/tasks/prep.yml.unused similarity index 100% rename from roles/2-common/tasks/prep.yml rename to roles/2-common/tasks/prep.yml.unused diff --git a/roles/2-common/tasks/xo.yml b/roles/2-common/tasks/xo.yml.unused similarity index 100% rename from roles/2-common/tasks/xo.yml rename to roles/2-common/tasks/xo.yml.unused diff --git a/roles/2-common/tasks/yum-historical.yml b/roles/2-common/tasks/yum-historical.yml.unused similarity index 100% rename from roles/2-common/tasks/yum-historical.yml rename to roles/2-common/tasks/yum-historical.yml.unused diff --git a/roles/2-common/templates/ansible.repo b/roles/2-common/templates/ansible.repo.unused similarity index 100% rename from roles/2-common/templates/ansible.repo rename to roles/2-common/templates/ansible.repo.unused diff --git a/roles/2-common/templates/iiab-centos.repo b/roles/2-common/templates/iiab-centos.repo.unused similarity index 100% rename from roles/2-common/templates/iiab-centos.repo rename to roles/2-common/templates/iiab-centos.repo.unused diff --git a/roles/2-common/templates/iiab-extra.repo b/roles/2-common/templates/iiab-extra.repo.unused similarity index 99% rename from roles/2-common/templates/iiab-extra.repo rename to roles/2-common/templates/iiab-extra.repo.unused index d8977bb36..8218e57a8 100644 --- a/roles/2-common/templates/iiab-extra.repo +++ b/roles/2-common/templates/iiab-extra.repo.unused @@ -13,4 +13,3 @@ baseurl=http://download.iiab.io/repos/xsce-extra/ enabled=1 metadata_expire=1d gpgcheck=0 - diff --git a/roles/2-common/templates/iiab-testing.repo b/roles/2-common/templates/iiab-testing.repo.unused similarity index 100% rename from roles/2-common/templates/iiab-testing.repo rename to roles/2-common/templates/iiab-testing.repo.unused diff --git a/roles/2-common/templates/iptables-config b/roles/2-common/templates/iptables-config.unused similarity index 100% rename from roles/2-common/templates/iptables-config rename to roles/2-common/templates/iptables-config.unused diff --git a/roles/2-common/templates/li.nux.ro.repo b/roles/2-common/templates/li.nux.ro.repo.unused similarity index 98% rename from roles/2-common/templates/li.nux.ro.repo rename to roles/2-common/templates/li.nux.ro.repo.unused index 299d01fe5..2e0a28112 100644 --- a/roles/2-common/templates/li.nux.ro.repo +++ b/roles/2-common/templates/li.nux.ro.repo.unused @@ -4,5 +4,3 @@ baseurl=http://li.nux.ro/download/nux/dextop/el7/x86_64/ enabled=0 gpgcheck=1 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro - - diff --git a/roles/2-common/templates/local.repo b/roles/2-common/templates/local.repo.unused similarity index 100% rename from roles/2-common/templates/local.repo rename to roles/2-common/templates/local.repo.unused diff --git a/roles/2-common/templates/rpmfusion-free-updates.repo b/roles/2-common/templates/rpmfusion-free-updates.repo.unused similarity index 99% rename from roles/2-common/templates/rpmfusion-free-updates.repo rename to roles/2-common/templates/rpmfusion-free-updates.repo.unused index 9ac901387..e10a34ab6 100644 --- a/roles/2-common/templates/rpmfusion-free-updates.repo +++ b/roles/2-common/templates/rpmfusion-free-updates.repo.unused @@ -21,4 +21,3 @@ mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-rele enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-$releasever - diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index a7abce597..e458d7be0 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -2,7 +2,7 @@ 3-base-server README ==================== -This 3rd stage installs base server infra that Internet-in-a-Box requires, including: +This 3rd `stage `_ installs base server infra that `Internet-in-a-Box (IIAB) `_ requires, including: - `MySQL `_ (database underlying many/most user-facing apps). This IIAB role also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** @@ -10,6 +10,6 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, inclu - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** - `www_base `_ (similar to `www_options `_ which runs later in 4-server-options) -Recap: as with 2-common, 4-server-options and 5-xo-services, this 3rd stage installs core server infra (that is not user-facing). +Recap: As with 0-init, 1-prep, 2-common, 4-server-options and 5-xo-services — this 3rd stage installs core server infra (that is not user-facing). The next stage (4-server-options) brings more diverse/optional server infra functionality. diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index 61d79f77e..6355f85e7 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -2,8 +2,18 @@ 4-server-options README ======================= -Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /etc/iiab/local_vars.yml +Whereas 3-base-server installs critical packages needed by all, this 4th `stage `_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml `_ -This includes some networking fundamentals, before they're configured later on. +This includes more networking fundamentals, that may further be configured later on. -As in the case of 2-common, 3-base-server and 5-xo-services: this stage installs core server infra, that is not user-facing. +Specifically, these might be installed: + +- Python libraries +- SSH daemon +- Bluetooth for Raspberry Pi +- Instant-sharing of `USB stick content `_ +- CUPS Printing +- Samba for Windows filesystems +- `www_options `_ + +Recap: As with 0-init, 1-prep, 2-common, 3-base-server and 5-xo-services ⁠— this 4th stage installs core server infra (that is not user-facing). diff --git a/roles/5-xo-services/README.rst b/roles/5-xo-services/README.rst index 1cb725bf7..42c73832c 100644 --- a/roles/5-xo-services/README.rst +++ b/roles/5-xo-services/README.rst @@ -2,6 +2,6 @@ 5-xo-services README ==================== -This 5th stage provides underlying services for One Laptop Per Child's XO laptops. +This 5th `stage `_ provides underlying services for One Laptop Per Child's XO laptops. -As in the case of 2-common, 3-base-server and 4-server-options: this stage installs core server infra, that is not user-facing. +Recap: As with 0-init, 1-prep, 2-common, 3-base-server and 4-server-options — this 5th stage installs core server infra (that is not user-facing).