From fff83cd5fb5425809244548e5ebf4be83efae134 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 12 Jan 2020 12:12:49 -0500 Subject: [PATCH] Refine @jvonau\'s \'Move NGINX shims to roles\' --- roles/dokuwiki/defaults/main.yml | 3 +- roles/dokuwiki/tasks/enable.yml | 49 +++++++------- roles/dokuwiki/tasks/install.yml | 46 +++++++------ ...wiki-nginx.conf => dokuwiki-nginx.conf.j2} | 4 +- roles/elgg/tasks/enable.yml | 54 ++++++++-------- roles/elgg/tasks/install.yml | 6 +- roles/elgg/tasks/setup.yml | 8 +-- roles/elgg/templates/elgg-nginx.conf | 3 - roles/elgg/templates/elgg-nginx.conf.j2 | 3 + roles/elgg/templates/elggdb.sql.j2 | 2 +- roles/lokole/tasks/enable.yml | 64 ++++++++----------- roles/lokole/tasks/install.yml | 41 ++++-------- roles/lokole/templates/lokole-nginx.conf.j2 | 4 +- roles/moodle/tasks/install.yml | 19 +++--- roles/moodle/templates/moodle-nginx.conf.j2 | 2 +- roles/nextcloud/tasks/enable.yml | 58 ++++++++--------- roles/nextcloud/tasks/install.yml | 12 +--- ...oud-nginx.conf => nextcloud-nginx.conf.j2} | 7 +- roles/nginx/tasks/main.yml | 30 ++++----- roles/nodered/tasks/enable.yml | 61 +++++++++--------- roles/nodered/tasks/install.yml | 14 ++-- roles/nodered/templates/nodered-nginx.conf.j2 | 4 +- 22 files changed, 223 insertions(+), 271 deletions(-) rename roles/dokuwiki/templates/{dokuwiki-nginx.conf => dokuwiki-nginx.conf.j2} (65%) delete mode 100644 roles/elgg/templates/elgg-nginx.conf create mode 100644 roles/elgg/templates/elgg-nginx.conf.j2 rename roles/nextcloud/templates/{nextcloud-nginx.conf => nextcloud-nginx.conf.j2} (56%) diff --git a/roles/dokuwiki/defaults/main.yml b/roles/dokuwiki/defaults/main.yml index f55e8affb..7d1e83dc1 100644 --- a/roles/dokuwiki/defaults/main.yml +++ b/roles/dokuwiki/defaults/main.yml @@ -1,8 +1,9 @@ # dokuwiki_install: False # dokuwiki_enabled: False +# dokuwiki_url: /dokuwiki + # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! dokuwiki_version: "dokuwiki-2018-04-22b" -dokuwiki_url: /wiki diff --git a/roles/dokuwiki/tasks/enable.yml b/roles/dokuwiki/tasks/enable.yml index 4b54a5cf0..55df3cfae 100644 --- a/roles/dokuwiki/tasks/enable.yml +++ b/roles/dokuwiki/tasks/enable.yml @@ -1,35 +1,39 @@ -- name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu) - file: - src: /etc/apache2/sites-available/dokuwiki.conf - path: /etc/apache2/sites-enabled/dokuwiki.conf - state: link - when: dokuwiki_enabled and is_debuntu +# Apache -- name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/dokuwiki.conf - state: absent - when: not dokuwiki_enabled and is_debuntu +- name: Enable http://box{{ dokuwiki_url }} via Apache # http://box/dokuwiki + command: a2ensite dokuwiki.conf + when: apache_install and dokuwiki_enabled -- name: Install {{ nginx_config_dir }}/dokuwiki-nginx.conf SHIM from template - template: - src: dokuwiki-nginx.conf - dest: "{{ nginx_config_dir }}/dokuwiki-nginx.conf" - when: dokuwiki_enabled and nginx_enabled +- name: Disable http://box{{ dokuwiki_url }} via Apache # http://box/dokuwiki + command: a2dissite dokuwiki.conf + when: apache_install and not dokuwiki_enabled -- name: Restart Apache ({{ apache_service }}) to enable/disable DokuWiki's http://box/wiki +- name: Restart Apache systemd service ({{ apache_service }}) systemd: name: "{{ apache_service }}" - daemon_reload: yes state: restarted - when: apache_enabled + when: apache_enabled | bool -- name: Restart nginx to enable/disable DokuWiki's http://box/wiki +# NGINX + +- name: "SHIM: Enable http://box{{ dokuwiki_url }} via NGINX, by installing {{ nginx_config_dir }}/dokuwiki-nginx.conf from template" # http://box/dokuwiki + template: + src: dokuwiki-nginx.conf.j2 + dest: "{{ nginx_config_dir }}/dokuwiki-nginx.conf" + when: nginx_install and dokuwiki_enabled + +- name: "SHIM: Disable http://box{{ dokuwiki_url }} via NGINX, by removing {{ nginx_config_dir }}/dokuwiki-nginx.conf" # http://box/dokuwiki + file: + path: "{{ nginx_config_dir }}/dokuwiki-nginx.conf" + state: absent + when: nginx_install and not dokuwiki_enabled + +- name: Restart 'nginx' systemd service systemd: name: nginx - daemon_reload: yes state: restarted - when: nginx_enabled + when: nginx_enabled | bool + - name: Add 'dokuwiki' variable values to {{ iiab_ini_file }} ini_file: @@ -46,4 +50,3 @@ value: "{{ dokuwiki_install }}" - option: enabled value: "{{ dokuwiki_enabled }}" - diff --git a/roles/dokuwiki/tasks/install.yml b/roles/dokuwiki/tasks/install.yml index eb75aa8ef..2477fe5ee 100644 --- a/roles/dokuwiki/tasks/install.yml +++ b/roles/dokuwiki/tasks/install.yml @@ -11,7 +11,15 @@ dest: /library creates: "/library/{{ dokuwiki_version }}/VERSION" -- name: Symlink /library/dokuwiki to /library/{{ dokuwiki_version }} +- name: Ensure dir /library/{{ dokuwiki_version }} is owned by {{ apache_user }} with 644/755 permissions + file: + path: "/library/{{ dokuwiki_version }}" + owner: "{{ apache_user }}" + mode: u+rw,go+r,go-w # '0755' had forced 'x' bits for non-dirs + state: directory + recurse: yes + +- name: Symlink /library/dokuwiki -> /library/{{ dokuwiki_version }} #shell: if [ ! -d /library/dokuwiki ]; then ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki; fi #shell: ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki #BOTH LINES ABOVE FAIL TO UPDATE LINK; Ansible approach below works @@ -21,36 +29,26 @@ state: link force: yes -- name: Install /etc/{{ apache_config_dir }}/dokuwiki.conf from template, for DokuWiki's http://box/wiki +- name: Install /etc/{{ apache_config_dir }}/dokuwiki.conf from template, for DokuWiki's http://box{{ dokuwiki_url }} template: src: dokuwiki.conf.j2 dest: "/etc/{{ apache_config_dir }}/dokuwiki.conf" - when: dokuwiki_enabled | bool -- name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu) - file: - src: /etc/apache2/sites-available/dokuwiki.conf - path: /etc/apache2/sites-enabled/dokuwiki.conf - state: link - when: dokuwiki_enabled and is_debuntu - -- name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/dokuwiki.conf - state: absent - when: not dokuwiki_enabled and is_debuntu - -- name: Set /library/{{ dokuwiki_version }} owner to {{ apache_user }} and permissions to 0755 (recursively) - file: - path: "/library/{{ dokuwiki_version }}" - owner: "{{ apache_user }}" - mode: 0755 - state: directory - recurse: yes +# - name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu) +# file: +# src: /etc/apache2/sites-available/dokuwiki.conf +# path: /etc/apache2/sites-enabled/dokuwiki.conf +# state: link +# when: dokuwiki_enabled and is_debuntu +# +# - name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu) +# file: +# path: /etc/apache2/sites-enabled/dokuwiki.conf +# state: absent +# when: not dokuwiki_enabled and is_debuntu - name: "Add 'dokuwiki_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml lineinfile: dest: "{{ iiab_state_file }}" regexp: '^dokuwiki_installed' line: 'dokuwiki_installed: True' - state: present diff --git a/roles/dokuwiki/templates/dokuwiki-nginx.conf b/roles/dokuwiki/templates/dokuwiki-nginx.conf.j2 similarity index 65% rename from roles/dokuwiki/templates/dokuwiki-nginx.conf rename to roles/dokuwiki/templates/dokuwiki-nginx.conf.j2 index 9bbfe2cf7..e2ad3a147 100644 --- a/roles/dokuwiki/templates/dokuwiki-nginx.conf +++ b/roles/dokuwiki/templates/dokuwiki-nginx.conf.j2 @@ -1,3 +1,3 @@ -location {{ dokuwiki_url }} { - proxy_pass http://127.0.0.1:{{ apache_port }}{{ dokuwiki_url }}; +location {{ dokuwiki_url }}/ { + proxy_pass http://127.0.0.1:{{ apache_port }}{{ dokuwiki_url }}/; } diff --git a/roles/elgg/tasks/enable.yml b/roles/elgg/tasks/enable.yml index 632112c49..e28c84323 100644 --- a/roles/elgg/tasks/enable.yml +++ b/roles/elgg/tasks/enable.yml @@ -1,41 +1,39 @@ -- name: Create symlink elgg.conf from sites-enabled to sites-available (debuntu, not nec for redhat) - file: - src: /etc/apache2/sites-available/elgg.conf - path: /etc/apache2/sites-enabled/elgg.conf - state: link - when: elgg_enabled and is_debuntu +# Apache -- name: Remove symlink /etc/apache2/sites-enabled/elgg.conf (debuntu) - file: - path: /etc/apache2/sites-enabled/elgg.conf - state: absent - when: not elgg_enabled and is_debuntu +- name: Enable http://box{{ elgg_url }} via Apache # http://box/elgg + command: a2ensite elgg.conf + when: apache_install and elgg_enabled -- name: Remove Apache's elgg.conf (redhat) - file: - dest: "/etc/{{ apache_config_dir }}/elgg.conf" - state: absent - when: not elgg_enabled and is_redhat +- name: Disable http://box{{ elgg_url }} via Apache # http://box/elgg + command: a2dissite elgg.conf + when: apache_install and not elgg_enabled -- name: Install {{ nginx_config_dir }}/elgg-nginx.conf from template - template: - src: elgg-nginx.conf - dest: "{{ nginx_config_dir }}/elgg-nginx.conf" - when: elgg_enabled and nginx_enabled - -- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/elgg +- name: Restart Apache systemd service ({{ apache_service }}) systemd: name: "{{ apache_service }}" - daemon_reload: yes state: restarted - when: apache_enabled + when: apache_enabled | bool -- name: Restart nginx to enable/disable http://box/elgg +# NGINX + +- name: "SHIM: Enable http://box{{ elgg_url }} via NGINX, by installing {{ nginx_config_dir }}/elgg-nginx.conf from template" # http://box/elgg + template: + src: elgg-nginx.conf.j2 + dest: "{{ nginx_config_dir }}/elgg-nginx.conf" + when: nginx_install and elgg_enabled + +- name: "SHIM: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_config_dir }}/elgg-nginx.conf" # http://box/elgg + file: + path: "{{ nginx_config_dir }}/elgg-nginx.conf" + state: absent + when: nginx_install and not elgg_enabled + +- name: Restart 'nginx' systemd service systemd: name: nginx - daemon_reload: yes state: restarted - when: nginx_enabled + when: nginx_enabled | bool + - name: Add 'elgg' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/elgg/tasks/install.yml b/roles/elgg/tasks/install.yml index e2ff1c872..f2b90c8dd 100644 --- a/roles/elgg/tasks/install.yml +++ b/roles/elgg/tasks/install.yml @@ -53,7 +53,7 @@ group: "{{ apache_user }}" #regexp='^#RewriteBase' -- name: Change .htaccess to include RewriteBase for http://box/elgg +- name: Change .htaccess to include RewriteBase for http://box{{ elgg_url }} # http://box/elgg lineinfile: backup: no path: "/opt/{{ elgg_xx }}/.htaccess" @@ -82,7 +82,7 @@ state: directory owner: "{{ apache_user }}" -- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box/elgg +- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box{{ elgg_url }} # http://box/elgg template: src: elgg.conf dest: "/etc/{{ apache_config_dir }}/elgg.conf" @@ -92,5 +92,3 @@ dest: "{{ iiab_state_file }}" regexp: '^elgg_installed' line: 'elgg_installed: True' - state: present - diff --git a/roles/elgg/tasks/setup.yml b/roles/elgg/tasks/setup.yml index 66ded083f..d38811fca 100644 --- a/roles/elgg/tasks/setup.yml +++ b/roles/elgg/tasks/setup.yml @@ -3,7 +3,7 @@ name: "{{ dbname }}" register: create_elgg_database -- name: Create user/password to access Elgg database - can be run more than once +- name: Create MySQL user {{ dbuser }} and password to access Elgg database - can be run more than once mysql_user: name: "{{ dbuser }}" host: "{{ item }}" @@ -16,8 +16,8 @@ - name: Create /tmp/elggdb.sql from template, to load database template: - src: "elggdb.sql.j2" - dest: "/tmp/elggdb.sql" + src: elggdb.sql.j2 + dest: /tmp/elggdb.sql # elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql # tar up a mysqldump of freshly installed database and use it in the install to avoid the startup @@ -28,7 +28,7 @@ name: "{{ dbname }}" state: import target: /tmp/elggdb.sql - when: create_elgg_database.changed + when: create_elgg_database.changed | bool - name: Remove database dump /tmp/elggdb.sql file: diff --git a/roles/elgg/templates/elgg-nginx.conf b/roles/elgg/templates/elgg-nginx.conf deleted file mode 100644 index 8687f4853..000000000 --- a/roles/elgg/templates/elgg-nginx.conf +++ /dev/null @@ -1,3 +0,0 @@ -location /elgg { - proxy_pass http://127.0.0.1:{{ apache_port }}/elgg; -} diff --git a/roles/elgg/templates/elgg-nginx.conf.j2 b/roles/elgg/templates/elgg-nginx.conf.j2 new file mode 100644 index 000000000..f0b7dff82 --- /dev/null +++ b/roles/elgg/templates/elgg-nginx.conf.j2 @@ -0,0 +1,3 @@ +location {{ elgg_url }}/ { + proxy_pass http://127.0.0.1:{{ apache_port }}{{ elgg_url }}/; +} diff --git a/roles/elgg/templates/elggdb.sql.j2 b/roles/elgg/templates/elggdb.sql.j2 index 4fdd987df..6c66d397d 100644 --- a/roles/elgg/templates/elggdb.sql.j2 +++ b/roles/elgg/templates/elggdb.sql.j2 @@ -541,7 +541,7 @@ CREATE TABLE `elgg_sites_entity` ( LOCK TABLES `elgg_sites_entity` WRITE; /*!40000 ALTER TABLE `elgg_sites_entity` DISABLE KEYS */; -INSERT INTO `elgg_sites_entity` VALUES (1,'My New Community','','http://box/elgg/'); +INSERT INTO `elgg_sites_entity` VALUES (1,'My New Community','','http://box{{ elgg_url }}/'); /*!40000 ALTER TABLE `elgg_sites_entity` ENABLE KEYS */; UNLOCK TABLES; diff --git a/roles/lokole/tasks/enable.yml b/roles/lokole/tasks/enable.yml index df6ae2ca4..981925e85 100644 --- a/roles/lokole/tasks/enable.yml +++ b/roles/lokole/tasks/enable.yml @@ -1,62 +1,54 @@ -- name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled +- name: Enable & Restart 'lokole' systemd service systemd: - daemon_reload: yes name: lokole + daemon_reload: yes enabled: yes state: restarted - when: lokole_enabled + when: lokole_enabled | bool -- name: Disable 'lokole' service, if not lokole_enabled +- name: Disable & Stop 'lokole' systemd service systemd: - daemon_reload: yes name: lokole enabled: no state: stopped when: not lokole_enabled -- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box/lokole - template: - src: lokole.conf.j2 - dest: "/etc/{{ apache_config_dir }}/lokole.conf" +# Apache -- name: Symlink /etc/apache2/sites-enabled/lokole.conf to /etc/{{ apache_config_dir }}/lokole.conf, if lokole_enabled (debuntu) - file: - src: "/etc/{{ apache_config_dir }}/lokole.conf" - path: /etc/apache2/sites-enabled/lokole.conf - state: link - when: lokole_enabled and is_debuntu +- name: Enable http://box{{ lokole_url }} via Apache # http://box/lokole + command: a2ensite lokole.conf + when: apache_install and lokole_enabled -- name: Remove /etc/apache2/sites-enabled/lokole.conf, if not lokole_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/lokole.conf - state: absent - when: not lokole_enabled and is_debuntu +- name: Disable http://box{{ lokole_url }} via Apache # http://box/lokole + command: a2dissite lokole.conf + when: apache_install and not lokole_enabled -- name: Remove /etc/{{ apache_config_dir }}/lokole.conf, if not lokole_enabled (OS's other than debuntu) - file: - path: "/etc/{{ apache_config_dir }}/lokole.conf" - state: absent - when: (not lokole_enabled) and (not is_debuntu) +- name: Restart Apache systemd service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" + state: restarted + when: apache_enabled | bool -- name: Install {{ nginx_config_dir }}/lokole-nginx.conf from template +# NGINX + +- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_config_dir }}/lokole-nginx.conf from template" # http://box/lokole template: src: lokole-nginx.conf.j2 dest: "{{ nginx_config_dir }}/lokole-nginx.conf" - when: lokole_enabled and nginx_enabled + when: nginx_install and lokole_enabled -- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/lokole - systemd: - name: "{{ apache_service }}" - daemon_reload: yes - state: restarted - when: apache_enabled +- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_config_dir }}/lokole-nginx.conf" # http://box/lokole + file: + path: "{{ nginx_config_dir }}/lokole-nginx.conf" + state: absent + when: nginx_install and not lokole_enabled -- name: Restart nginx to enable/disable http://box/lokole +- name: Restart 'nginx' systemd service systemd: name: nginx - daemon_reload: yes state: restarted - when: nginx_enabled + when: nginx_enabled | bool + - name: Add 'lokole' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 896ac8486..e7c42a340 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -13,8 +13,6 @@ #- bcrypt does not exist on Ubuntu 19.10 - python3-bcrypt # 2019-10-14: should work across modern Linux OS's state: present - tags: - - install - name: pip install opwen_email_client (Lokole) {{ lokole_version }} from PyPI to {{ lokole_venv }} pip: @@ -23,8 +21,6 @@ virtualenv: "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}" extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ - tags: - - install when: - internet_available | bool - lokole_commit is undefined @@ -39,8 +35,6 @@ virtualenv: "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}" extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ - tags: - - install when: - internet_available | bool - lokole_commit is defined @@ -51,56 +45,49 @@ {{ lokole_venv }}/bin/pybabel compile -d {{ item }}/translations with_items: - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp" - tags: - - install - name: Create dir {{ lokole_run_directory }} file: path: "{{ lokole_run_directory }}" state: directory - tags: - - configure - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole template: src: webapp_secrets.sh.j2 dest: "{{ lokole_run_directory }}/webapp_secrets.sh" - tags: - - configure - name: Install {{ lokole_run_directory }}/webapp.sh from template, to configure Gunicorn template: src: webapp.sh.j2 dest: "{{ lokole_run_directory }}/webapp.sh" mode: a+x - tags: - - configure - name: Create admin user shell: | . {{ lokole_run_directory }}/webapp_secrets.sh {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' - tags: - - configure -- name: Install unit file /etc/systemd/system/lokole.service from template +- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole + template: + src: lokole.conf.j2 + dest: "/etc/{{ apache_config_dir }}/lokole.conf" + when: apache_install | bool + +- name: Install /etc/systemd/system/lokole.service unit file from template template: src: lokole.service.j2 dest: /etc/systemd/system/lokole.service - tags: - - systemd -- name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled - systemd: - daemon_reload: yes - name: lokole - enabled: yes - state: restarted - when: lokole_enabled | bool +# - name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled +# systemd: +# daemon_reload: yes +# name: lokole +# enabled: yes +# state: restarted +# when: lokole_enabled | bool - name: "Add 'lokole_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml lineinfile: dest: "{{ iiab_state_file }}" regexp: '^lokole_installed' line: 'lokole_installed: True' - state: present diff --git a/roles/lokole/templates/lokole-nginx.conf.j2 b/roles/lokole/templates/lokole-nginx.conf.j2 index bedf791b3..b6d793d53 100644 --- a/roles/lokole/templates/lokole-nginx.conf.j2 +++ b/roles/lokole/templates/lokole-nginx.conf.j2 @@ -1,3 +1,3 @@ -location /lokole { - proxy_pass http://127.0.0.1:{{ apache_port }}/lokole; +location {{ lokole_url }}/ { + proxy_pass http://127.0.0.1:{{ apache_port }}{{ lokole_url }}/; } diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index c41607c54..2b93d6b7b 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -52,11 +52,11 @@ recurse: yes state: directory -- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} with write permission 0755 +- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} file: path: "{{ content_base }}/dbdata/moodle" owner: "{{ apache_user }}" - mode: 0755 + # mode: '0755' state: directory - name: Create dir {{ moodle_data }} owned by {{ apache_user }}:{{ apache_user }} with write permission 0770 # /library/moodle @@ -64,7 +64,7 @@ path: "{{ moodle_data }}" owner: "{{ apache_user }}" group: "{{ apache_user }}" - mode: 0770 + mode: '0770' state: directory - name: Remove Apache's stock moodle.conf @@ -76,9 +76,9 @@ template: src: 022-moodle.j2 dest: "/etc/{{ apache_config_dir }}/022-moodle.conf" - owner: root - group: root - mode: 0644 + # owner: root + # group: root + # mode: '0644' - name: Restart postgresql-iiab service: @@ -109,7 +109,7 @@ template: src: moodle_installer dest: "{{ moodle_base }}" - mode: 0755 + mode: '0755' - name: Enable & Restart postgresql-iiab service: @@ -118,7 +118,7 @@ enabled: yes when: moodle_enabled | bool -- name: Restart Apache service ({{ apache_service }}) +- name: Restart Apache systemd service ({{ apache_service }}) service: name: "{{ apache_service }}" state: restarted @@ -136,11 +136,10 @@ #command: chown -R {{ apache_user }} {{ moodle_base }} file: path: "{{ moodle_base }}/config.php" - mode: 0644 + mode: '0644' - name: "Add 'moodle_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml lineinfile: dest: "{{ iiab_state_file }}" regexp: '^moodle_installed' line: 'moodle_installed: True' - state: present diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index a06e6baf3..eea1b9f39 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -4,10 +4,10 @@ location /moodle { proxy_set_header Host $host; proxy_pass http://127.0.0.1:{{ apache_port }}; } + location ~ ^/moodle.*\.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:{{ apache_port }}; } - diff --git a/roles/nextcloud/tasks/enable.yml b/roles/nextcloud/tasks/enable.yml index 793b974ed..332669c8e 100644 --- a/roles/nextcloud/tasks/enable.yml +++ b/roles/nextcloud/tasks/enable.yml @@ -1,47 +1,39 @@ -# This should go in computed_network.yml, but here for now -#- name: Compute Nextcloud listen ip addr for nextcloud.conf -# set_fact: -# nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}" -# when: ansible_default_ipv4.network is defined +# Apache -- name: Create symlink nextcloud.conf from sites-enabled to sites-available for http://box/nextcloud (debuntu) - file: - src: "/etc/{{ apache_config_dir }}/nextcloud.conf" - path: /etc/apache2/sites-enabled/nextcloud.conf - state: link - when: nextcloud_enabled and is_debuntu +- name: Enable http://box{{ nextcloud_url }} via Apache # http://box/nextcloud + command: a2ensite nextcloud.conf + when: apache_install and nextcloud_enabled -- name: Remove symlink nextcloud.conf from /etc/apache2/sites-enabled if not nextcloud_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/nextcloud.conf - state: absent - when: not nextcloud_enabled and is_debuntu +- name: Disable http://box{{ nextcloud_url }} via Apache # http://box/nextcloud + command: a2dissite nextcloud.conf + when: apache_install and not nextcloud_enabled -- name: Remove sites-available/nextcloud.conf if not nextcloud_enabled (redhat) - file: - path: "/etc/{{ apache_config_dir }}/nextcloud.conf" - state: absent - when: not nextcloud_enabled and is_redhat - -- name: Install Nextcloud's nginx conf.d file from template - template: - src: nextcloud-nginx.conf - dest: "{{ nginx_config_dir }}/nextcloud-nginx.conf" - when: nextcloud_enabled and nginx_enabled - -- name: Restart {{ apache_service }}, enabling/disabling http://box/nextcloud +- name: Restart Apache systemd service ({{ apache_service }}) systemd: name: "{{ apache_service }}" - daemon-reload: yes state: restarted when: apache_enabled | bool -- name: Restart nginx enabling/disabling http://box/nextcloud +# NGINX + +- name: "SHIM: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_config_dir }}/nextcloud-nginx.conf from template" # http://box/nextcloud + template: + src: nextcloud-nginx.conf.j2 + dest: "{{ nginx_config_dir }}/nextcloud-nginx.conf" + when: nginx_install and nextcloud_enabled + +- name: "SHIM: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_config_dir }}/nextcloud-nginx.conf" # http://box/nextcloud + file: + path: "{{ nginx_config_dir }}/nextcloud-nginx.conf" + state: absent + when: nginx_install and not nextcloud_enabled + +- name: Restart 'nginx' systemd service systemd: name: nginx - daemon-reload: yes state: restarted - when: nginx_enabled + when: nginx_enabled | bool + - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0c6dd658a..ca45f96d3 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -49,8 +49,6 @@ #validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954 #async: 1800 #poll: 10 - tags: - - download when: internet_available and not php_new #when: internet_available and nextcloud_force_install and (is_debian_9 or is_raspbian_9 or is_ubuntu_16) @@ -63,8 +61,6 @@ #validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954 #async: 1800 #poll: 10 - tags: - - download when: internet_available and php_new #when: internet_available and nextcloud_force_install and not (is_debian_9 or is_raspbian_9 or is_ubuntu_16) @@ -155,7 +151,7 @@ dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php" owner: "{{ apache_user }}" group: "{{ apache_user }}" - mode: 0640 + mode: '0640' when: is_centos | bool - name: chown -R {{ apache_user }}:{{ apache_user }} {{ nextcloud_prefix }}/nextcloud @@ -171,20 +167,16 @@ path: "{{ nextcloud_data_dir }}" owner: "{{ apache_user }}" group: "{{ apache_user }}" - mode: 0750 + mode: '0750' state: directory - name: Install Apache's nextcloud.conf from template, for http://box/nextcloud template: src: nextcloud.conf.j2 dest: "/etc/{{ apache_config_dir }}/nextcloud.conf" - owner: root - group: root - mode: 0644 - name: "Add 'nextcloud_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml lineinfile: dest: "{{ iiab_state_file }}" regexp: '^nextcloud_installed' line: 'nextcloud_installed: True' - state: present diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 similarity index 56% rename from roles/nextcloud/templates/nextcloud-nginx.conf rename to roles/nextcloud/templates/nextcloud-nginx.conf.j2 index 114baf77b..3e0b3e6b2 100644 --- a/roles/nextcloud/templates/nextcloud-nginx.conf +++ b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 @@ -1,11 +1,10 @@ -location /nextcloud { - proxy_pass http://127.0.0.1:{{ apache_port }}/nextcloud; +location {{ nextcloud_url }} { + proxy_pass http://127.0.0.1:{{ apache_port }}{{ nextcloud_url }}; } -location ~ /nextcloud/.*\.php$ { +location ~ {{ nextcloud_url }}/.*\.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:{{ apache_port }}; } - diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 78576d900..1331301de 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,7 +1,7 @@ - name: Remove stale files (usb-lib.conf, modules.conf) from {{ nginx_config_dir }} file: - state: absent - path: "{{ item.path }}" + path: "{{ item.path }}" + state: absent with_items: - { path: "{{ nginx_config_dir }}/usb-lib.conf" } - { path: "{{ nginx_config_dir }}/modules.conf" } @@ -13,43 +13,43 @@ - name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_config_dir }}/iiab.conf" template: - src: "{{ item.src}}" - dest: "{{ item.dest }}" + src: "{{ item.src}}" + dest: "{{ item.dest }}" with_items: - - { src: "server.conf", dest: "/etc/nginx/" } - - { src: "nginx.conf", dest: "/etc/nginx/" } - - { src: "ports.conf", dest: "/etc/{{ apache_service }}/" } - - { src: "iiab.conf.j2", dest: "{{ nginx_config_dir }}/iiab.conf" } + - { src: 'server.conf', dest: '/etc/nginx/' } + - { src: 'nginx.conf', dest: '/etc/nginx/' } + - { src: 'ports.conf', dest: "/etc/{{ apache_service }}/" } + - { src: 'iiab.conf.j2', dest: "{{ nginx_config_dir }}/iiab.conf" } when: nginx_enabled | bool # the below slides in nginx's proxypass config files for apache on localhost # via the ports.conf file installed above -#- name: Install proxpass to apache running on localhost port {{ apache_port }} +#- name: Install proxpass to Apache running on localhost port {{ apache_port }} # include_tasks: uses_apache.yml -# when: apache_enabled +# when: apache_enabled | bool # the below task contains the same logic contained in the playbooks to enable # 'runrole nginx' to do the right thing but with the 'src' path set to role's # templates path ie roles//template/ #- name: Install proxpass to other services 'dual mode' roles # include_tasks: only_nginx.yml -# when: nginx_enabled +# when: nginx_enabled | bool -- name: Stop and disable NGINX when not nginx_enabled +- name: Stop and disable NGINX, when not nginx_enabled systemd: name: nginx state: stopped enabled: false when: not nginx_enabled -- name: Disable Apache port {{ apache_port }} localhost only +- name: Disable Apache port {{ apache_port }} localhost only, when not nginx_enabled template: dest: /etc/{{ apache_service }}/ports.conf src: stock-apache-ports.conf when: not nginx_enabled # should have the logic to handle both modes in the playbook -#- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is diabled +#- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled # include_tasks: disable.yml # when: not nginx_enabled @@ -59,7 +59,7 @@ daemon_reload: yes state: restarted enabled: true - when: apache_enabled | bool or not nginx_enabled | bool + when: apache_enabled or not nginx_enabled - name: Enable & Restart NGINX, to pick up the config files installed systemd: diff --git a/roles/nodered/tasks/enable.yml b/roles/nodered/tasks/enable.yml index 296cf3f92..a6ba2d28c 100644 --- a/roles/nodered/tasks/enable.yml +++ b/roles/nodered/tasks/enable.yml @@ -1,56 +1,55 @@ -- name: Enable & (Re)start 'nodered' systemd service (if nodered_enabled) +- name: Enable & (Re)start 'nodered' systemd service systemd: - daemon_reload: yes name: nodered + daemon_reload: yes enabled: yes state: restarted when: nodered_enabled -- name: Disable & Stop 'nodered' systemd service (if not nodered_enabled) +- name: Disable & Stop 'nodered' systemd service systemd: - daemon_reload: yes name: nodered enabled: no state: stopped when: not nodered_enabled -- name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled) - file: - src: /etc/apache2/sites-available/nodered.conf - dest: /etc/apache2/sites-enabled/nodered.conf - owner: root - group: root - state: link - when: nodered_enabled +# Apache -- name: Remove symlink /etc/apache2/sites-enabled/nodered.conf (if not nodered_enabled) - file: - path: /etc/apache2/sites-enabled/nodered.conf - state: absent - when: not nodered_enabled +- name: Enable http://box/nodered via Apache + command: a2ensite nodered.conf + when: apache_install and nodered_enabled -- name: Install NodeRed's nginx conf.d file from template +- name: Disable http://box/nodered via Apache + command: a2dissite nodered.conf + when: apache_install and not nodered_enabled + +- name: Restart Apache systemd service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" + state: restarted + when: apache_enabled | bool + +# NGINX + +- name: "SHIM: Enable http://box/nodered_url via NGINX, by installing {{ nginx_config_dir }}/nodered-nginx.conf from template" template: src: nodered-nginx.conf.j2 dest: "{{ nginx_config_dir }}/nodered-nginx.conf" - owner: root - group: root - mode: 0666 - when: nodered_enabled and nginx_enabled + # mode: '0666' + when: nginx_install and nodered_enabled -- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/nodered (not just http://box:{{ nodered_port }}/nodered) - systemd: - name: "{{ apache_service }}" # httpd or apache2 - daemon-reload: yes - state: restarted - when: apache_enabled +- name: "SHIM: Disable http://box/nodered_url via NGINX, by removing {{ nginx_config_dir }}/nodered-nginx.conf" + file: + path: "{{ nginx_config_dir }}/nodered-nginx.conf" + state: absent + when: nginx_install and not nodered_enabled -- name: Restart nginx to enable/disable http://box/nodered (not just http://box:{{ nodered_port }}/nodered) +- name: Restart 'nginx' systemd service systemd: name: nginx state: restarted - daemon-reload: yes - when: nginx_enabled + when: nginx_enabled | bool + - name: Add 'nodered' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 490c2171e..fb92b7c5e 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -78,18 +78,14 @@ backup: yes src: nodered.service.j2 dest: /etc/systemd/system/nodered.service - owner: root - group: root - mode: 0666 + # mode: '0666' -- name: Install Apache's sites-available/nodered.conf from template +- name: Install /etc/{{ apache_config_dir }}/nodered.conf from template template: backup: yes src: nodered.conf.j2 - dest: /etc/apache2/sites-available/nodered.conf - owner: root - group: root - mode: 0666 + dest: "/etc/{{ apache_config_dir }}/nodered.conf" + # mode: '0666' # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml - name: Enable proxy_wstunnel apache2 module @@ -102,5 +98,3 @@ dest: "{{ iiab_state_file }}" regexp: '^nodered_installed' line: 'nodered_installed: True' - state: present - diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nodered/templates/nodered-nginx.conf.j2 index 275dd98a5..7d4728b16 100644 --- a/roles/nodered/templates/nodered-nginx.conf.j2 +++ b/roles/nodered/templates/nodered-nginx.conf.j2 @@ -1,3 +1,3 @@ -location /nodered { - proxy_pass http://127.0.0.1:{{ apache_port }}/nodered; +location /nodered/ { + proxy_pass http://127.0.0.1:{{ apache_port }}/nodered/; }