From cb38c04cb54fe38f2a8b8c329b2886ddcfae96ad Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Mar 2022 20:07:59 -0400 Subject: [PATCH 0001/1184] Remove 500M restriction on file uploads. Use 10G instead. --- roles/moodle/templates/moodle-nginx.conf.j2 | 2 +- .../nextcloud/templates/nextcloud-nginx.conf.j2 | 2 +- roles/nginx/templates/server.conf.j2 | 6 +++--- roles/www_options/tasks/main.yml | 16 ++++++++-------- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 135096c5b..f6077f50c 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -29,7 +29,7 @@ location ~ ^/moodle(.*)\.php(.*)$ { # Uncomment to override /etc/php//fpm/php.ini -- FYI Stage 4's # roles/www_options/tasks/main.yml FORCES these same settings and more # (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True' - #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; + #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=10000M\n post_max_size=10000M\n max_input_vars=5000"; } location ~ ^/moodle { diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 index a1d1a53b3..ab726c69d 100644 --- a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 +++ b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 @@ -59,7 +59,7 @@ location ^~ {{ nextcloud_url }} { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10000M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..5cb5cffd7 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -8,13 +8,13 @@ server { index index.php index.html index.htm; # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. - # So IIAB sets this to 500M, roughly aligning with similar settings... - # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: + # So IIAB sets this to 10000M, roughly aligning with similar settings... + # 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in: # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 # 2. 'client_max_body_size 512M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 - client_max_body_size 500M; + client_max_body_size 10000M; # let individual services drop location blocks in conf.d include {{ nginx_conf_dir }}/*; diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b2c1afbc5..03c1a11db 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -57,7 +57,7 @@ # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -71,7 +71,7 @@ - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -97,28 +97,28 @@ # regular operation it uses: .../fpm/php.ini # And in the past it used: .../apache2/php.ini - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 50a976851..2622aa833 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -323,7 +323,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index ca5870c64..a97d24d2b 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 03dfaeffd..8334247a3 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 9d547b31a..6d32bc85b 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 9b2c2a2ac..b4413c8c9 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False From 9c0e24ac5c6b4c01f23020786fcd24010a27c182 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Mar 2022 20:13:52 -0400 Subject: [PATCH 0002/1184] nginx/templates/server.conf.j2: Clarify nextcloud-nginx.conf.j2 --- roles/nginx/templates/server.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 5cb5cffd7..13cbefcd4 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -12,7 +12,7 @@ server { # 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in: # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 - # 2. 'client_max_body_size 512M;' is set in: + # 2. 'client_max_body_size 10000M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 client_max_body_size 10000M; From 52ae68473a48b2b5130f83ea8829f530515458d5 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Thu, 30 Jun 2022 15:34:34 +0200 Subject: [PATCH 0003/1184] updated lokole role to reflect changes in Lokole --- roles/lokole/tasks/install.yml | 13 +------------ roles/lokole/tasks/setup.yml | 4 +++- roles/lokole/templates/lokole_restarter.conf | 4 ++-- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 776014396..849d899bb 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -23,24 +23,13 @@ - wvdial state: present -- name: "workarounds for older flask version used" - pip: - name: "{{ item.name }}" - version: "{{ item.version }}" - virtualenv: "{{ lokole_venv }}" - virtualenv_command: python3 -m venv "{{ lokole_venv }}" - extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ - with_items: - - { name: 'itsdangerous', version: '2.0.1' } - - { name: 'Jinja2', version: '3.0.3' } - # For development purposes -- To install Lokole from a given commit, add the # following line to roles/lokole/defaults/main.yml: # lokole_commit: - name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined" pip: - name: "git+https://github.com/ascoderu/lokole.git@{{ lokole_commit }}#egg=opwen_email_client" + name: "git+https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }}#egg=opwen_email_client" virtualenv: "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}" extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml index 1f49661c6..3c5b71b7c 100644 --- a/roles/lokole/tasks/setup.yml +++ b/roles/lokole/tasks/setup.yml @@ -6,7 +6,9 @@ - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env - {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' + cd {{ lokole_venv }}/lib/python${python_version}/site-packages/ + export FLASK_APP="opwen_email_client.webapp:app" + {{ lokole_venv }}/bin/flask manage createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' - name: Change owner of dbfiles file: diff --git a/roles/lokole/templates/lokole_restarter.conf b/roles/lokole/templates/lokole_restarter.conf index 94f580e9c..ab0118625 100644 --- a/roles/lokole/templates/lokole_restarter.conf +++ b/roles/lokole/templates/lokole_restarter.conf @@ -1,5 +1,5 @@ [program:lokole_restarter] -command={{ lokole_venv }}/bin/manage.py restarter --directory={{ lokole_run_dir }}/lokole_restarter +command={{ lokole_venv }}/bin/flask manage restarter --directory={{ lokole_run_dir }}/lokole_restarter autostart=true autorestart=true startretries=3 @@ -7,4 +7,4 @@ stopasgroup=true stderr_logfile={{ lokole_log_dir }}/lokole_restarter.stderr.log stdout_logfile={{ lokole_log_dir }}/lokole_restarter.stdout.log user=root -environment=OPWEN_SETTINGS={{ lokole_settings }} +environment=FLASK_APP="opwen_email_client.webapp",OPWEN_SETTINGS={{ lokole_settings }} From e0ca1f225384078a812b35739db3b333cd15682b Mon Sep 17 00:00:00 2001 From: Mohamad Date: Thu, 30 Jun 2022 16:07:44 +0200 Subject: [PATCH 0004/1184] TODO --- roles/lokole/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 849d899bb..8851c42ae 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -27,6 +27,7 @@ # For development purposes -- To install Lokole from a given commit, add the # following line to roles/lokole/defaults/main.yml: # lokole_commit: +# TODO: revert back to main remo after upstream PR is merged - name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined" pip: name: "git+https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }}#egg=opwen_email_client" From 191e7577c3ea46d20e2a64d9c331335475396042 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 02:15:10 +0200 Subject: [PATCH 0005/1184] added lokole_repo var to enable setting alternative git repo --- roles/lokole/defaults/main.yml | 1 + roles/lokole/tasks/install.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index b8f4d030f..887938e44 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -14,6 +14,7 @@ # https://pypi.org/project/opwen-email-client/ ...OR... HARDCODE EITHER HERE: #lokole_commit: # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/lokole/commits/master #lokole_version: # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history +lokole_repo: https://github.com/ascoderu/lokole.git@{{ lokole_commit }} # the lokole git repo location to pull from if lokole_commit is defined lokole_admin_user: admin # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole) lokole_admin_password: changeme diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 8851c42ae..782866744 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -30,7 +30,7 @@ # TODO: revert back to main remo after upstream PR is merged - name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined" pip: - name: "git+https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }}#egg=opwen_email_client" + name: "git+{{ lokole_repo }}@{{ lokole_commit }}#egg=opwen_email_client" virtualenv: "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}" extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ From 6a55a11f555095421f42f862b8a7f5bddf0562e6 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 17:05:40 +0200 Subject: [PATCH 0006/1184] set python_version env var before running createadmin --- roles/lokole/tasks/setup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml index 3c5b71b7c..a8542f90b 100644 --- a/roles/lokole/tasks/setup.yml +++ b/roles/lokole/tasks/setup.yml @@ -6,6 +6,7 @@ - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env + python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) cd {{ lokole_venv }}/lib/python${python_version}/site-packages/ export FLASK_APP="opwen_email_client.webapp:app" {{ lokole_venv }}/bin/flask manage createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' From ba463a0b0aa1ce5de9cc44546aab017c5d954ee2 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 17:46:59 +0200 Subject: [PATCH 0007/1184] use fork in defaults/main.yml for testing --- roles/lokole/defaults/main.yml | 3 ++- roles/lokole/tasks/install.yml | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 887938e44..f57ab5f11 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -14,7 +14,8 @@ # https://pypi.org/project/opwen-email-client/ ...OR... HARDCODE EITHER HERE: #lokole_commit: # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/lokole/commits/master #lokole_version: # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history -lokole_repo: https://github.com/ascoderu/lokole.git@{{ lokole_commit }} # the lokole git repo location to pull from if lokole_commit is defined +# TODO: revert back to main repo after upstream PR is merged +lokole_repo: https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }} # the lokole git repo location to pull from if lokole_commit is defined lokole_admin_user: admin # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole) lokole_admin_password: changeme diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 782866744..a95d5b132 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -27,7 +27,6 @@ # For development purposes -- To install Lokole from a given commit, add the # following line to roles/lokole/defaults/main.yml: # lokole_commit: -# TODO: revert back to main remo after upstream PR is merged - name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined" pip: name: "git+{{ lokole_repo }}@{{ lokole_commit }}#egg=opwen_email_client" From 8456c6dd5adb5221d42559cbda40f75eb463a2a1 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 18:48:38 +0200 Subject: [PATCH 0008/1184] removed lokole_commit ref from lokole_repo as it's already referenced --- roles/lokole/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index f57ab5f11..d3799a86f 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -15,7 +15,7 @@ #lokole_commit: # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/lokole/commits/master #lokole_version: # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history # TODO: revert back to main repo after upstream PR is merged -lokole_repo: https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }} # the lokole git repo location to pull from if lokole_commit is defined +lokole_repo: https://github.com/mabuelhagag/lokole.git # the lokole git repo location to pull from if lokole_commit is defined lokole_admin_user: admin # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole) lokole_admin_password: changeme From 24829db43b960f0a9b35bc9977406bbdab3f0d9d Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 23:52:26 +0200 Subject: [PATCH 0009/1184] added --force-reinstall to as extra ag to pip --- roles/lokole/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index a95d5b132..b472ebdd3 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -32,7 +32,7 @@ name: "git+{{ lokole_repo }}@{{ lokole_commit }}#egg=opwen_email_client" virtualenv: "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}" - extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ + extra_args: --no-cache-dir --force-reinstall # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ when: lokole_commit is defined # For development purposes -- To install a given pip version of Lokole, add From e351801933ce9c89c0cd25f0725fbc8ae8b84257 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 7 Aug 2022 20:29:24 -0400 Subject: [PATCH 0010/1184] 1-prep/templates/iiab-expand-rootfs.service based on 2020's #2522 --- roles/1-prep/templates/iiab-expand-rootfs.service | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index f7f68402c..89e42f2ab 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -1,5 +1,8 @@ [Unit] Description=Root Filesystem Auto-Expander +DefaultDependencies=no +After=systemd-remount-fs.service +Before=dphys-swapfile.service [Service] Environment=TERM=linux @@ -8,7 +11,7 @@ ExecStart=/usr/sbin/iiab-expand-rootfs # "Standard output type syslog is obsolete" # StandardError=syslog # WHEREAS StandardError=journal is the default, per https://www.freedesktop.org/software/systemd/man/systemd.exec.html#StandardOutput= -RemainAfterExit=no +RemainAfterExit=yes [Install] -WantedBy=multi-user.target +WantedBy=local-fs.target From 6403ce517a348baa2c453659258695d7896e4ddd Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Aug 2022 18:18:53 -0400 Subject: [PATCH 0011/1184] iiab-expand-rootfs.service: TimeoutSec=infinity in [Service] --- roles/1-prep/templates/iiab-expand-rootfs.service | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index 89e42f2ab..1d29e4b90 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -8,6 +8,7 @@ Before=dphys-swapfile.service Environment=TERM=linux Type=oneshot ExecStart=/usr/sbin/iiab-expand-rootfs +TimeoutSec=infinity # "Standard output type syslog is obsolete" # StandardError=syslog # WHEREAS StandardError=journal is the default, per https://www.freedesktop.org/software/systemd/man/systemd.exec.html#StandardOutput= From 5c26d52549e2344aa2012fd5692ad530bcb85ede Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Aug 2022 19:24:23 -0400 Subject: [PATCH 0012/1184] iiab-expand-rootfs.service: Explain Before=dphys-swapfile.service --- roles/1-prep/templates/iiab-expand-rootfs.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index 1d29e4b90..0756d8151 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -2,6 +2,8 @@ Description=Root Filesystem Auto-Expander DefaultDependencies=no After=systemd-remount-fs.service +# 2022-08-08: While dphys-swapfile.service doesn't exist on Ubuntu, Mint +# and pure Debian, the following line may still serve a purpose on RasPiOS: Before=dphys-swapfile.service [Service] From 3798685ba7ec369196acf4f045146d4eae6ed7c5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Aug 2022 19:52:51 -0400 Subject: [PATCH 0013/1184] iiab-expand-rootfs.service: Explain TimeoutSec=infinity --- roles/1-prep/templates/iiab-expand-rootfs.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index 0756d8151..f8333e020 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -10,6 +10,8 @@ Before=dphys-swapfile.service Environment=TERM=linux Type=oneshot ExecStart=/usr/sbin/iiab-expand-rootfs +# 2022-08-08: By default, systemd dangerously kills rootfs expansion after just +# 90s (1TB microSD cards take ~8 min to expand). Let's remove the time limit: TimeoutSec=infinity # "Standard output type syslog is obsolete" # StandardError=syslog From c3ab1236a5fae68c4bf73b00bb9f5522ce8cc2ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Aug 2022 22:46:36 -0400 Subject: [PATCH 0014/1184] iiab-expand-rootfs.service: Explain After=systemd-remount-fs.service --- roles/1-prep/templates/iiab-expand-rootfs.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index f8333e020..91de4cc5b 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -1,6 +1,8 @@ [Unit] Description=Root Filesystem Auto-Expander DefaultDependencies=no +# 2022-08-08: IIAB's 4 core OS's have 'After=systemd-fsck-root.service' WITHIN +# systemd-remount-fs.service, allowing us to avoid #3325 race condition w/ fsck After=systemd-remount-fs.service # 2022-08-08: While dphys-swapfile.service doesn't exist on Ubuntu, Mint # and pure Debian, the following line may still serve a purpose on RasPiOS: From 35211d0e603df3058d62fdb22a41126276693441 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Tue, 9 Aug 2022 08:02:37 +0200 Subject: [PATCH 0015/1184] revert `lokole_repo` to original repo --- roles/lokole/defaults/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index d3799a86f..f5c283cae 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -14,8 +14,7 @@ # https://pypi.org/project/opwen-email-client/ ...OR... HARDCODE EITHER HERE: #lokole_commit: # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/lokole/commits/master #lokole_version: # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history -# TODO: revert back to main repo after upstream PR is merged -lokole_repo: https://github.com/mabuelhagag/lokole.git # the lokole git repo location to pull from if lokole_commit is defined +lokole_repo: https://github.com/ascoderu/lokole.git # the lokole git repo location to pull from if lokole_commit is defined lokole_admin_user: admin # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole) lokole_admin_password: changeme From b9a653c1b962ebcdf73315f6370d4203aee62c37 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Aug 2022 21:42:57 -0400 Subject: [PATCH 0016/1184] iiab-expand-rootfs: bash -e exit on error; do not delete /.expand-rootfs --- roles/1-prep/templates/iiab-expand-rootfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 2cd28de46..620990893 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash -xe # Expand rootfs partition to its maximum size, if /.expand-rootfs exists. # Used by /etc/systemd/system/iiab-expand-rootfs.service on IIAB boot. From a02798cb1e3807c65e260acfdd1adea278612cec Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 22 Aug 2022 15:17:07 -0400 Subject: [PATCH 0017/1184] iiab-diagnostics: Display /etc/fstab --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 1fdb97933..ed243490c 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -198,6 +198,7 @@ cat_cmd 'df -h' 'Disk usage' cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' cat_cmd 'blkid' 'Mount point details' +cat_file /etc/fstab cat_cmd 'ip addr' 'Network interfaces' cat_cmd 'ifconfig' 'Network interfaces (old view)' cat_cmd 'ip route' 'Routing table' From 6be554d4ab9d30da446a3501ce950c7f07f39836 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 22 Aug 2022 15:17:32 -0400 Subject: [PATCH 0018/1184] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index da9754842..be341bb4f 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-244 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-245 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From ca2ab6a5ab07e768435429d215596047d695f6cf Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Aug 2021 12:32:06 -0500 Subject: [PATCH 0019/1184] Azuracast baseline --- roles/azuracast/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 9f1b1e2ab..a9b9c73c4 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -11,13 +11,13 @@ #group: root mode: 0644 -- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template - template: - src: docker-compose.override.yml.j2 - dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" +#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template +# template: +# src: docker-compose.override.yml.j2 +# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" #owner: root #group: root - mode: 0644 +# mode: 0644 - name: AzuraCast - Download {{ docker_sh_url }} to {{ azuracast_host_dir }} get_url: From bb01db529ab4523d47457085ead3c33ca5f2913d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 16 Aug 2021 22:11:44 -0500 Subject: [PATCH 0020/1184] azuracast.env --- roles/azuracast/tasks/install.yml | 20 ++- roles/azuracast/templates/azuracast.env | 155 ++++++++++++++++++ .../azuracast/templates/azuracast.sample.env | 155 ++++++++++++++++++ 3 files changed, 324 insertions(+), 6 deletions(-) create mode 100644 roles/azuracast/templates/azuracast.env create mode 100644 roles/azuracast/templates/azuracast.sample.env diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index a9b9c73c4..febb7302d 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -40,6 +40,20 @@ # line: "\\1reply='Y'" # backrefs: yes +#- name: Change default port number range 8xxx:8xxx to {{ azuracast_port_range_prefix }}xxx:{{ azuracast_port_range_prefix }}xxx icecast-stations in docker-compose.yml +# replace: +# path: "{{ azuracast_host_dir }}/docker-compose.yml" +# regexp: "^( *- \\')8([0-9]{3})\\:8([0-9]{3}\\'.*)$" +# replace: "\\g<1>{{ azuracast_port_range_prefix }}\\g<2>:{{ azuracast_port_range_prefix }}\\g<3>" + +- name: AzuraCast - Install {{ azuracast_host_dir }}/azuracast.env for altered ports + template: + src: azuracast.env + dest: "{{ azuracast_host_dir }}/" + #owner: root + #group: root + mode: 0644 + - name: AzuraCast - Make directory {{ docker_container_dir }} file: path: "{{ docker_container_dir }}" @@ -51,12 +65,6 @@ path: /var/lib/docker state: link -- name: Change default port number range 8xxx:8xxx to {{ azuracast_port_range_prefix }}xxx:{{ azuracast_port_range_prefix }}xxx icecast-stations in docker-compose.yml - replace: - path: "{{ azuracast_host_dir }}/docker-compose.yml" - regexp: "^( *- \\')8([0-9]{3})\\:8([0-9]{3}\\'.*)$" - replace: "\\g<1>{{ azuracast_port_range_prefix }}\\g<2>:{{ azuracast_port_range_prefix }}\\g<3>" - - name: AzuraCast - Setup for stable channel install shell: "yes 'Y' | /bin/bash docker.sh setup-release" args: diff --git a/roles/azuracast/templates/azuracast.env b/roles/azuracast/templates/azuracast.env new file mode 100644 index 000000000..75ff47f6b --- /dev/null +++ b/roles/azuracast/templates/azuracast.env @@ -0,0 +1,155 @@ +# IIAB version for altered ports +# +# AzuraCast Customization +# + +# The application environment. +# Valid options: production, development, testing +APPLICATION_ENV=production + +# Manually modify the logging level. +# This allows you to log debug-level errors temporarily (for problem-solving) or reduce +# the volume of logs that are produced by your installation, without needing to modify +# whether your installation is a production or development instance. +# Valid options: debug, info, notice, warning, error, critical, alert, emergency +# LOG_LEVEL=notice + +# Enable the composer "merge" functionality to combine the main application's +# composer.json file with any plugins' composer files. +# This can have performance implications, so you should only use it if +# you use one or more plugins with their own Composer dependencies. +# Valid options: true, false +COMPOSER_PLUGIN_MODE=false + +# The minimum port number to use when automatically assigning ports to a station. +# By default, this matches the first forwarded port on the "stations" container. +# You can modify this variable if your station port range is different. +# Be sure to also forward the necessary ports via `docker-compose.yml` +# (and nginx, if you want to use the built-in port-80/443 proxy)! +AUTO_ASSIGN_PORT_MIN=10000 + +# The maximum port number to use when automatically assigning ports to a station. +# See AUTO_ASSIGN_PORT_MIN. +AUTO_ASSIGN_PORT_MAX=10499 + +# +# Database Configuration +# -- +# Once the database has been installed, DO NOT CHANGE these values! +# + +# The host to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: mariadb +MYSQL_HOST=mariadb + +# The port to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: 3306 +MYSQL_PORT=3306 + +# The username AzuraCast will use to connect to the database. +# Default: azuracast +MYSQL_USER=azuracast + +# The password AzuraCast will use to connect to the database. +# By default, the database is not exposed to the Internet at all and this is only +# an internal password used by the service itself. +# Default: azur4c457 +MYSQL_PASSWORD=azur4c457 + +# The name of the AzuraCast database. +# Default: azuracast +MYSQL_DATABASE=azuracast + +# Automatically generate a random root password upon the first database spin-up. +# This password will be visible in the mariadb container's logs. +# Default: yes +MYSQL_RANDOM_ROOT_PASSWORD=yes + +# Log slower queries for the purpose of diagnosing issues. Only turn this on when +# you need to, by uncommenting this and switching it to 1. +# To read the slow query log once enabled, run: +# docker-compose exec mariadb slow_queries +# Default: 0 +MYSQL_SLOW_QUERY_LOG=0 + +# Set the amount of allowed connections to the database. This value should be increased +# if you are seeing the `Too many connections` error in the logs. +# Default: 100 +MYSQL_MAX_CONNECTIONS=100 + +# +# Redis Configuration +# +# Uncomment these fields if you are using a third-party Redis host instead of the one provided with AzuraCast. +# Do not modify these fields if you are using the standard AzuraCast Redis host. +# + +# Whether to use the Redis cache; if set to false, will disable Redis and use flatfile cache instead. +# Default: true +# ENABLE_REDIS=true + +# Name of the Redis host. +# Default: redis +# REDIS_HOST=redis + +# Port to connect to on the Redis host. +# Default: 6379 +# REDIS_PORT=6379 + +# Database index to use on the Redis host. +# Default: 1 +# REDIS_DB=1 + +# +# Advanced Configuration +# + +# PHP's maximum POST body size and max upload filesize. +# PHP_MAX_FILE_SIZE=25M + +# PHP's maximum memory limit. +# PHP_MEMORY_LIMIT=128M + +# PHP's maximum script execution time (in seconds). +# PHP_MAX_EXECUTION_TIME=30 + +# The maximum execution time (and lock timeout) for the 15-second, 1-minute and 5-minute synchronization tasks. +# SYNC_SHORT_EXECUTION_TIME=600 + +# The maximum execution time (and lock timeout) for the 1-hour synchronization task. +# SYNC_LONG_EXECUTION_TIME=1800 + +# Maximum number of PHP-FPM worker processes to spawn. +# PHP_FPM_MAX_CHILDREN=5 + +# +# PHP-SPX profiling extension Configuration +# +# These environment variables allow you to enable and configure the PHP-SPX profiling extension +# which can be helpful when debugging resource issues in AzuraCast. +# +# The profiling dashboard can be accessed by visting https://yourdomain.com/?SPX_KEY=dev&SPX_UI_URI=/ +# If you change the PROFILING_EXTENSION_HTTP_KEY variable change the value for SPX_KEY accordingly. +# + +# Enable the profiling extension. +# Profiling data can be viewed by visiting http://your-azuracast-site/?SPX_KEY=dev&SPX_UI_URI=/ +# Default: 0 +# PROFILING_EXTENSION_ENABLED=0 + +# Profile ALL requests made to this account. +# This will have significant performance impact on your installation and should only be used in test circumstances. +# Default: 0 +# PROFILING_EXTENSION_ALWAYS_ON=0 + +# Configure the value for the SPX_KEY parameter needed to access the profiling dashboard +# Default: dev +# PROFILING_EXTENSION_HTTP_KEY=dev + +# Configure the IP whitelist for the profiling dashboard +# By default only localhost is allowed to access this page. +# Uncomment this line to enable access for you. +# Default: 127.0.0.1 +# PROFILING_EXTENSION_HTTP_IP_WHITELIST=* diff --git a/roles/azuracast/templates/azuracast.sample.env b/roles/azuracast/templates/azuracast.sample.env new file mode 100644 index 000000000..bc9ffc204 --- /dev/null +++ b/roles/azuracast/templates/azuracast.sample.env @@ -0,0 +1,155 @@ +# https://github.com/AzuraCast/AzuraCast/blob/main/azuracast.sample.env +# +# AzuraCast Customization +# + +# The application environment. +# Valid options: production, development, testing +APPLICATION_ENV=production + +# Manually modify the logging level. +# This allows you to log debug-level errors temporarily (for problem-solving) or reduce +# the volume of logs that are produced by your installation, without needing to modify +# whether your installation is a production or development instance. +# Valid options: debug, info, notice, warning, error, critical, alert, emergency +# LOG_LEVEL=notice + +# Enable the composer "merge" functionality to combine the main application's +# composer.json file with any plugins' composer files. +# This can have performance implications, so you should only use it if +# you use one or more plugins with their own Composer dependencies. +# Valid options: true, false +COMPOSER_PLUGIN_MODE=false + +# The minimum port number to use when automatically assigning ports to a station. +# By default, this matches the first forwarded port on the "stations" container. +# You can modify this variable if your station port range is different. +# Be sure to also forward the necessary ports via `docker-compose.yml` +# (and nginx, if you want to use the built-in port-80/443 proxy)! +AUTO_ASSIGN_PORT_MIN=8000 + +# The maximum port number to use when automatically assigning ports to a station. +# See AUTO_ASSIGN_PORT_MIN. +AUTO_ASSIGN_PORT_MAX=8499 + +# +# Database Configuration +# -- +# Once the database has been installed, DO NOT CHANGE these values! +# + +# The host to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: mariadb +MYSQL_HOST=mariadb + +# The port to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: 3306 +MYSQL_PORT=3306 + +# The username AzuraCast will use to connect to the database. +# Default: azuracast +MYSQL_USER=azuracast + +# The password AzuraCast will use to connect to the database. +# By default, the database is not exposed to the Internet at all and this is only +# an internal password used by the service itself. +# Default: azur4c457 +MYSQL_PASSWORD=azur4c457 + +# The name of the AzuraCast database. +# Default: azuracast +MYSQL_DATABASE=azuracast + +# Automatically generate a random root password upon the first database spin-up. +# This password will be visible in the mariadb container's logs. +# Default: yes +MYSQL_RANDOM_ROOT_PASSWORD=yes + +# Log slower queries for the purpose of diagnosing issues. Only turn this on when +# you need to, by uncommenting this and switching it to 1. +# To read the slow query log once enabled, run: +# docker-compose exec mariadb slow_queries +# Default: 0 +MYSQL_SLOW_QUERY_LOG=0 + +# Set the amount of allowed connections to the database. This value should be increased +# if you are seeing the `Too many connections` error in the logs. +# Default: 100 +MYSQL_MAX_CONNECTIONS=100 + +# +# Redis Configuration +# +# Uncomment these fields if you are using a third-party Redis host instead of the one provided with AzuraCast. +# Do not modify these fields if you are using the standard AzuraCast Redis host. +# + +# Whether to use the Redis cache; if set to false, will disable Redis and use flatfile cache instead. +# Default: true +# ENABLE_REDIS=true + +# Name of the Redis host. +# Default: redis +# REDIS_HOST=redis + +# Port to connect to on the Redis host. +# Default: 6379 +# REDIS_PORT=6379 + +# Database index to use on the Redis host. +# Default: 1 +# REDIS_DB=1 + +# +# Advanced Configuration +# + +# PHP's maximum POST body size and max upload filesize. +# PHP_MAX_FILE_SIZE=25M + +# PHP's maximum memory limit. +# PHP_MEMORY_LIMIT=128M + +# PHP's maximum script execution time (in seconds). +# PHP_MAX_EXECUTION_TIME=30 + +# The maximum execution time (and lock timeout) for the 15-second, 1-minute and 5-minute synchronization tasks. +# SYNC_SHORT_EXECUTION_TIME=600 + +# The maximum execution time (and lock timeout) for the 1-hour synchronization task. +# SYNC_LONG_EXECUTION_TIME=1800 + +# Maximum number of PHP-FPM worker processes to spawn. +# PHP_FPM_MAX_CHILDREN=5 + +# +# PHP-SPX profiling extension Configuration +# +# These environment variables allow you to enable and configure the PHP-SPX profiling extension +# which can be helpful when debugging resource issues in AzuraCast. +# +# The profiling dashboard can be accessed by visting https://yourdomain.com/?SPX_KEY=dev&SPX_UI_URI=/ +# If you change the PROFILING_EXTENSION_HTTP_KEY variable change the value for SPX_KEY accordingly. +# + +# Enable the profiling extension. +# Profiling data can be viewed by visiting http://your-azuracast-site/?SPX_KEY=dev&SPX_UI_URI=/ +# Default: 0 +# PROFILING_EXTENSION_ENABLED=0 + +# Profile ALL requests made to this account. +# This will have significant performance impact on your installation and should only be used in test circumstances. +# Default: 0 +# PROFILING_EXTENSION_ALWAYS_ON=0 + +# Configure the value for the SPX_KEY parameter needed to access the profiling dashboard +# Default: dev +# PROFILING_EXTENSION_HTTP_KEY=dev + +# Configure the IP whitelist for the profiling dashboard +# By default only localhost is allowed to access this page. +# Uncomment this line to enable access for you. +# Default: 127.0.0.1 +# PROFILING_EXTENSION_HTTP_IP_WHITELIST=* From 1fb98f535b318400a11571c011a13d616de785ee Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 16 Aug 2021 22:20:50 -0500 Subject: [PATCH 0021/1184] overlaps AZURACAST_STATION_PORTS move just to be safe --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e4ee58a43..00bdc9767 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -378,8 +378,8 @@ nodocs: False # Simple, Self-Hosted Web Radio - from AzuraCast.com azuracast_install: False azuracast_enabled: False # This var is currently IGNORED -azuracast_http_port: 10080 -azuracast_https_port: 10443 +azuracast_http_port: 12080 +azuracast_https_port: 12443 # # AzuraCast needs many ports in the 8000:8100 range by default, but IIAB # services conflict with those ports so this variable below sets a sane prefix. From 5e0631a7c91af43bf83ad935600d45b064edc054 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 16 Aug 2021 22:22:16 -0500 Subject: [PATCH 0022/1184] Readme - port --- roles/azuracast/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index fca21ce96..20b3a495d 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -12,7 +12,7 @@ Using It -------- * Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. -* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:10080 +* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:12080 * This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! From 6c41a6579e732a650a0434ca57e34c5cce09e237 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 29 Aug 2022 07:13:09 -0400 Subject: [PATCH 0023/1184] scripts/ansible: Cleaner comment --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 8d5293023..a8dfadfae 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,7 +7,7 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] GOOD_VER=2.13.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and From 7b058cfe47b70dd35a7dd09af68af93070aa5cbc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 11:47:22 -0500 Subject: [PATCH 0024/1184] upstream docker.sh as of Aug 22, 2022 https://raw.githubusercontent.com/AzuraCast/AzuraCast/stable/docker.sh --- roles/azuracast/upstream/docker.sh | 840 +++++++++++++++++++++++++++++ 1 file changed, 840 insertions(+) create mode 100755 roles/azuracast/upstream/docker.sh diff --git a/roles/azuracast/upstream/docker.sh b/roles/azuracast/upstream/docker.sh new file mode 100755 index 000000000..dfa1c2b81 --- /dev/null +++ b/roles/azuracast/upstream/docker.sh @@ -0,0 +1,840 @@ +#!/usr/bin/env bash +# shellcheck disable=SC2145,SC2178,SC2120,SC2162 + +# Functions to manage .env files +__dotenv= +__dotenv_file= +__dotenv_cmd=.env + +.env() { + REPLY=() + [[ $__dotenv_file || ${1-} == -* ]] || .env.--file .env || return + if declare -F -- ".env.${1-}" >/dev/null; then + .env."$@" + return + fi + return 64 +} + +.env.-f() { .env.--file "$@"; } + +.env.get() { + .env::arg "get requires a key" "$@" && + [[ "$__dotenv" =~ ^(.*(^|$'\n'))([ ]*)"$1="(.*)$ ]] && + REPLY=${BASH_REMATCH[4]%%$'\n'*} && REPLY=${REPLY%"${REPLY##*[![:space:]]}"} +} + +.env.parse() { + local line key + while IFS= read -r line; do + line=${line#"${line%%[![:space:]]*}"} # trim leading whitespace + line=${line%"${line##*[![:space:]]}"} # trim trailing whitespace + if [[ ! "$line" || "$line" == '#'* ]]; then continue; fi + if (($#)); then + for key; do + if [[ $key == "${line%%=*}" ]]; then + REPLY+=("$line") + break + fi + done + else + REPLY+=("$line") + fi + done <<<"$__dotenv" + ((${#REPLY[@]})) +} + +.env.export() { ! .env.parse "$@" || export "${REPLY[@]}"; } + +.env.set() { + .env::file load || return + local key saved=$__dotenv + while (($#)); do + key=${1#+} + key=${key%%=*} + if .env.get "$key"; then + REPLY=() + if [[ $1 == +* ]]; then + shift + continue # skip if already found + elif [[ $1 == *=* ]]; then + __dotenv=${BASH_REMATCH[1]}${BASH_REMATCH[3]}$1$'\n'${BASH_REMATCH[4]#*$'\n'} + else + __dotenv=${BASH_REMATCH[1]}${BASH_REMATCH[4]#*$'\n'} + continue # delete all occurrences + fi + elif [[ $1 == *=* ]]; then + __dotenv+="${1#+}"$'\n' + fi + shift + done + [[ $__dotenv == "$saved" ]] || .env::file save +} + +.env.puts() { echo "${1-}" >>"$__dotenv_file" && __dotenv+="$1"$'\n'; } + +.env.generate() { + .env::arg "key required for generate" "$@" || return + .env.get "$1" && return || REPLY=$("${@:2}") || return + .env::one "generate: ouptut of '${*:2}' has more than one line" "$REPLY" || return + .env.puts "$1=$REPLY" +} + +.env.--file() { + .env::arg "filename required for --file" "$@" || return + __dotenv_file=$1 + .env::file load || return + (($# < 2)) || .env "${@:2}" +} + +.env::arg() { [[ "${2-}" ]] || { + echo "$__dotenv_cmd: $1" >&2 + return 64 +}; } + +.env::one() { [[ "$2" != *$'\n'* ]] || .env::arg "$1"; } + +.env::file() { + local REPLY=$__dotenv_file + case "$1" in + load) + __dotenv= + ! [[ -f "$REPLY" ]] || __dotenv="$(<"$REPLY")"$'\n' || return + ;; + save) + if [[ -L "$REPLY" ]] && declare -F -- realpath.resolved >/dev/null; then + realpath.resolved "$REPLY" + fi + { [[ ! -f "$REPLY" ]] || cp -p "$REPLY" "$REPLY.bak"; } && + printf %s "$__dotenv" >"$REPLY.bak" && mv "$REPLY.bak" "$REPLY" + ;; + esac +} + +# Shortcut to convert semver version (x.yyy.zzz) into a comparable number. +version-number() { + echo "$@" | awk -F. '{ printf("%03d%03d%03d\n", $1,$2,$3); }' +} + +# Get the current release channel for AzuraCast +get-release-channel() { + local AZURACAST_VERSION="latest" + if [[ -f .env ]]; then + .env --file .env get AZURACAST_VERSION + AZURACAST_VERSION="${REPLY:-latest}" + fi + + echo "$AZURACAST_VERSION" +} + +get-release-branch-name() { + if [[ $(get-release-channel) == "stable" ]]; then + echo "stable" + else + echo "main" + fi +} + +# This is a general-purpose function to ask Yes/No questions in Bash, either +# with or without a default answer. It keeps repeating the question until it +# gets a valid answer. +ask() { + # https://djm.me/ask + local prompt default reply + + while true; do + + if [[ "${2:-}" == "Y" ]]; then + prompt="Y/n" + default=Y + elif [[ "${2:-}" == "N" ]]; then + prompt="y/N" + default=N + else + prompt="y/n" + default= + fi + + # Ask the question (not using "read -p" as it uses stderr not stdout) + echo -n "$1 [$prompt] " + + read reply + + # Default? + if [[ -z "$reply" ]]; then + reply=${default} + fi + + # Check if the reply is valid + case "$reply" in + Y* | y*) return 0 ;; + N* | n*) return 1 ;; + esac + + done +} + +# Generate a prompt to set an environment file value. +envfile-set() { + local VALUE INPUT + + .env --file .env + + .env get "$1" + VALUE=${REPLY:-$2} + + echo -n "$3 [$VALUE]: " + read INPUT + + VALUE=${INPUT:-$VALUE} + + .env set "${1}=${VALUE}" +} + +# +# Configure the ports used by AzuraCast. +# +setup-ports() { + envfile-set "AZURACAST_HTTP_PORT" "80" "Port to use for HTTP connections" + envfile-set "AZURACAST_HTTPS_PORT" "443" "Port to use for HTTPS connections" + envfile-set "AZURACAST_SFTP_PORT" "2022" "Port to use for SFTP connections" +} + +# +# Configure release mode settings. +# +setup-release() { + if [[ ! -f .env ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/main/sample.env -o .env + fi + + local OLD_RELEASE_CHANNEL + .env --file .env get AZURACAST_VERSION + OLD_RELEASE_CHANNEL="${REPLY:-latest}" + + local AZURACAST_VERSION="${OLD_RELEASE_CHANNEL}" + + if [[ $AZURACAST_VERSION == "latest" ]]; then + if ask "Your current release channel is 'Rolling Release'. Switch to 'Stable' release channel?" N; then + AZURACAST_VERSION="stable" + fi + elif [[ $AZURACAST_VERSION == "stable" ]]; then + if ask "Your current release channel is 'Stable'. Switch to 'Rolling Release' release channel?" N; then + AZURACAST_VERSION="latest" + fi + fi + + .env --file .env set AZURACAST_VERSION=${AZURACAST_VERSION} + + if [[ $AZURACAST_VERSION != $OLD_RELEASE_CHANNEL ]]; then + if ask "You should update the Docker Utility Script after changing release channels. Automatically update it now?" Y; then + update-self + fi + fi +} + +check-install-requirements() { + local CURRENT_OS CURRENT_ARCH REQUIRED_COMMANDS SCRIPT_DIR + + set -e + + echo "Checking installation requirements for AzuraCast..." + + CURRENT_OS=$(uname -s) + if [[ $CURRENT_OS == "Linux" ]]; then + echo -en "\e[32m[PASS]\e[0m Operating System: ${CURRENT_OS}\n" + else + echo -en "\e[41m[FAIL]\e[0m Operating System: ${CURRENT_OS}\n" + + echo " You are running an unsupported operating system." + echo " Automated AzuraCast installation is not currently supported on this" + echo " operating system." + exit 1 + fi + + CURRENT_ARCH=$(uname -m) + if [[ $CURRENT_ARCH == "x86_64" ]]; then + echo -en "\e[32m[PASS]\e[0m Architecture: ${CURRENT_ARCH}\n" + elif [[ $CURRENT_ARCH == "aarch64" ]]; then + echo -en "\e[32m[PASS]\e[0m Architecture: ${CURRENT_ARCH}\n" + else + echo -en "\e[41m[FAIL]\e[0m Architecture: ${CURRENT_ARCH}\n" + + echo " You are running an unsupported processor architecture." + echo " Automated AzuraCast installation is not currently supported on this " + echo " operating system." + exit 1 + fi + + REQUIRED_COMMANDS=(curl awk) + for COMMAND in "${REQUIRED_COMMANDS[@]}" ; do + if [[ $(command -v "$COMMAND") ]]; then + echo -en "\e[32m[PASS]\e[0m Command Present: ${COMMAND}\n" + else + echo -en "\e[41m[FAIL]\e[0m Command Present: ${COMMAND}\n" + + echo " ${COMMAND} does not appear to be installed." + echo " Install ${COMMAND} using your host's package manager," + echo " then continue installing using this script." + exit 1 + fi + done + + if [[ $EUID -ne 0 ]]; then + if [[ $(command -v sudo) ]]; then + echo -en "\e[32m[PASS]\e[0m User Permissions\n" + else + echo -en "\e[41m[FAIL]\e[0m User Permissions\n" + + echo " You are not currently the root user, and " + echo " 'sudo' does not appear to be installed." + echo " Install sudo using your host's package manager," + echo " then continue installing using this script." + exit 1 + fi + else + echo -en "\e[32m[PASS]\e[0m User Permissions\n" + fi + + SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" + if [[ $SCRIPT_DIR == "/var/azuracast" ]]; then + echo -en "\e[32m[PASS]\e[0m Installation Directory\n" + else + echo -en "\e[93m[WARN]\e[0m Installation Directory\n" + echo " AzuraCast is not installed in /var/azuracast, as is recommended" + echo " for most installations. This will not prevent AzuraCast from" + echo " working, but you will need to update any instructions in our" + echo " documentation to reflect your current directory:" + echo " $SCRIPT_DIR" + fi + + echo -en "\e[32m[PASS]\e[0m All requirements met!\n" + + set +e +} + +install-docker() { + set -e + + curl -fsSL get.docker.com -o get-docker.sh + sh get-docker.sh + rm get-docker.sh + + if [[ $EUID -ne 0 ]]; then + sudo usermod -aG docker "$(whoami)" + + echo "You must log out or restart to apply necessary Docker permissions changes." + echo "Restart, then continue installing using this script." + exit 1 + fi + + set +e +} + +install-docker-compose() { + set -e + echo "Installing Docker Compose..." + + curl -fsSL -o docker-compose https://github.com/docker/compose/releases/download/v2.4.1/docker-compose-linux-$(uname -m) + + ARCHITECTURE=amd64 + if [ "$(uname -m)" = "aarch64" ]; then + ARCHITECTURE=arm64 + fi + curl -fsSL -o docker-compose-switch https://github.com/docker/compose-switch/releases/download/v1.0.4/docker-compose-linux-${ARCHITECTURE} + + if [[ $EUID -ne 0 ]]; then + sudo chmod a+x ./docker-compose + sudo chmod a+x ./docker-compose-switch + + sudo mv ./docker-compose /usr/libexec/docker/cli-plugins/docker-compose + sudo mv ./docker-compose-switch /usr/local/bin/docker-compose + else + chmod a+x ./docker-compose + chmod a+x ./docker-compose-switch + + mv ./docker-compose /usr/libexec/docker/cli-plugins/docker-compose + mv ./docker-compose-switch /usr/local/bin/docker-compose + fi + + echo "Docker Compose updated!" + set +e +} + +run-installer() { + local AZURACAST_RELEASE_BRANCH + AZURACAST_RELEASE_BRANCH=$(get-release-branch-name) + + if [[ ! -f .env ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/sample.env -o .env + fi + if [[ ! -f azuracast.env ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/azuracast.sample.env -o azuracast.env + fi + if [[ ! -f docker-compose.yml ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker-compose.sample.yml -o docker-compose.yml + fi + + touch docker-compose.new.yml + + local dc_config_test=$(docker-compose -f docker-compose.new.yml config 2>/dev/null) + if [ $? -ne 0 ]; then + if ask "Docker Compose needs to be updated to continue. Update to latest version?" Y; then + install-docker-compose + fi + fi + + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker-compose.installer.yml -o docker-compose.installer.yml + + docker-compose -p azuracast_installer -f docker-compose.installer.yml pull + docker-compose -p azuracast_installer -f docker-compose.installer.yml run --rm installer install "$@" + + rm docker-compose.installer.yml +} + +# +# Run the initial installer of Docker and AzuraCast. +# Usage: ./docker.sh install +# +install() { + check-install-requirements + + if [[ $(command -v docker) && $(docker --version) ]]; then + echo "Docker is already installed! Continuing..." + else + if ask "Docker does not appear to be installed. Install Docker now?" Y; then + install-docker + fi + fi + + if [[ $(command -v docker-compose) ]]; then + echo "Docker Compose is already installed. Continuing..." + else + if ask "Docker Compose does not appear to be installed. Install Docker Compose now?" Y; then + install-docker-compose + fi + fi + + setup-release + + run-installer "$@" + + # Installer creates a file at docker-compose.new.yml; copy it to the main spot. + if [[ -s docker-compose.new.yml ]]; then + if [[ -f docker-compose.yml ]]; then + rm docker-compose.yml + fi + + mv docker-compose.new.yml docker-compose.yml + fi + + # If this script is running as a non-root user, set the PUID/PGID in the environment vars appropriately. + if [[ $EUID -ne 0 ]]; then + .env --file .env set AZURACAST_PUID="$(id -u)" + .env --file .env set AZURACAST_PGID="$(id -g)" + fi + + docker-compose pull + + docker-compose run --rm web -- azuracast_install "$@" + docker-compose up -d + exit +} + +install-dev() { + if [[ $(command -v docker) && $(docker --version) ]]; then + echo "Docker is already installed! Continuing..." + else + if ask "Docker does not appear to be installed. Install Docker now?" Y; then + install-docker + fi + fi + + if [[ $(command -v docker-compose) ]]; then + echo "Docker Compose is already installed. Continuing..." + else + if ask "Docker Compose does not appear to be installed. Install Docker Compose now?" Y; then + install-docker-compose + fi + fi + + if [[ ! -f docker-compose.yml ]]; then + cp docker-compose.sample.yml docker-compose.yml + fi + if [[ ! -f docker-compose.override.yml ]]; then + cp docker-compose.dev.yml docker-compose.override.yml + fi + if [[ ! -f .env ]]; then + cp dev.env .env + fi + if [[ ! -f azuracast.env ]]; then + cp azuracast.dev.env azuracast.env + + echo "Customize azuracast.env file now before continuing. Re-run this command to continue installation." + exit + fi + + # If this script is running as a non-root user, set the PUID/PGID in the environment vars appropriately. + if [[ $EUID -ne 0 ]]; then + .env --file .env set AZURACAST_PUID="$(id -u)" + .env --file .env set AZURACAST_PGID="$(id -g)" + fi + + chmod 777 ./frontend/ ./web/ ./vendor/ \ + ./web/static/ ./web/static/api/ \ + ./web/static/dist/ ./web/static/img/ + + docker-compose build + docker-compose run --rm web -- azuracast_install "$@" + + docker-compose -p azuracast_frontend -f docker-compose.frontend.yml build + docker-compose -p azuracast_frontend -f docker-compose.frontend.yml run --rm frontend npm run build + + docker-compose up -d + exit +} + +# +# Update the Docker images and codebase. +# Usage: ./docker.sh update +# +update() { + echo "[NOTICE] Before you continue, please make sure you have a recent snapshot of your system and or backed it up." + if ask "Are you ready to continue with the update?" Y; then + + # Check for a new Docker Utility Script. + local AZURACAST_RELEASE_BRANCH + AZURACAST_RELEASE_BRANCH=$(get-release-branch-name) + + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker.sh -o docker.new.sh + + local UTILITY_FILES_MATCH + UTILITY_FILES_MATCH="$( + cmp --silent docker.sh docker.new.sh + echo $? + )" + + local UPDATE_UTILITY=0 + if [[ ${UTILITY_FILES_MATCH} -ne 0 ]]; then + if ask "The Docker Utility Script has changed since your version. Update to latest version?" Y; then + UPDATE_UTILITY=1 + fi + fi + + if [[ ${UPDATE_UTILITY} -ne 0 ]]; then + mv docker.new.sh docker.sh + chmod a+x docker.sh + + echo "A new Docker Utility Script has been downloaded." + echo "Please re-run the update process to continue." + exit + else + rm docker.new.sh + fi + + run-installer --update "$@" + + # Check for updated Docker Compose config. + local COMPOSE_FILES_MATCH + + if [[ ! -s docker-compose.new.yml ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker-compose.sample.yml -o docker-compose.new.yml + fi + + COMPOSE_FILES_MATCH="$( + cmp --silent docker-compose.yml docker-compose.new.yml + echo $? + )" + + if [[ ${COMPOSE_FILES_MATCH} -ne 0 ]]; then + docker-compose -f docker-compose.new.yml pull + docker-compose down + + cp docker-compose.yml docker-compose.backup.yml + mv docker-compose.new.yml docker-compose.yml + else + rm docker-compose.new.yml + + docker-compose pull + docker-compose down + fi + + docker-compose run --rm web -- azuracast_update "$@" + docker-compose up -d + + if ask "Clean up all stopped Docker containers and images to save space?" Y; then + docker system prune -f + fi + + echo "Update complete!" + fi + exit +} + +# +# Update this Docker utility script. +# Usage: ./docker.sh update-self +# +update-self() { + local AZURACAST_RELEASE_BRANCH + AZURACAST_RELEASE_BRANCH=$(get-release-branch-name) + + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker.sh -o docker.sh + chmod a+x docker.sh + + echo "New Docker utility script downloaded." + exit +} + +# +# Run a CLI command inside the Docker container. +# Usage: ./docker.sh cli [command] +# +cli() { + docker-compose exec --user="azuracast" web azuracast_cli "$@" + exit +} + +# +# Enter the bash terminal of the running web container. +# Usage: ./docker.sh bash +# +bash() { + docker-compose exec --user="azuracast" web bash + exit +} + +# +# Enter the MariaDB database management terminal with the correct credentials. +# +db() { + local MYSQL_HOST MYSQL_PORT MYSQL_USER MYSQL_PASSWORD MYSQL_DATABASE + + .env --file azuracast.env get MYSQL_HOST + MYSQL_HOST="${REPLY:-localhost}" + + .env --file azuracast.env get MYSQL_PORT + MYSQL_PORT="${REPLY:-3306}" + + .env --file azuracast.env get MYSQL_USER + MYSQL_USER="${REPLY:-azuracast}" + + .env --file azuracast.env get MYSQL_PASSWORD + MYSQL_PASSWORD="${REPLY:-azur4c457}" + + .env --file azuracast.env get MYSQL_DATABASE + MYSQL_DATABASE="${REPLY:-azuracast}" + + docker-compose exec --user="mysql" web mysql --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} \ + --host=${MYSQL_HOST} --port=${MYSQL_PORT} --database=${MYSQL_DATABASE} + + exit +} + +# +# Back up the Docker volumes to a .tar.gz file. +# Usage: +# ./docker.sh backup [/custom/backup/dir/custombackupname.zip] +# +backup() { + local BACKUP_PATH BACKUP_DIR BACKUP_FILENAME BACKUP_EXT + BACKUP_PATH=$(readlink -f ${1:-"./backup.tar.gz"}) + BACKUP_DIR=$(dirname -- "$BACKUP_PATH") + BACKUP_FILENAME=$(basename -- "$BACKUP_PATH") + BACKUP_EXT="${BACKUP_FILENAME##*.}" + shift + + # Prepare permissions + if [[ $EUID -ne 0 ]]; then + .env --file .env set AZURACAST_PUID="$(id -u)" + .env --file .env set AZURACAST_PGID="$(id -g)" + fi + + docker-compose exec --user="azuracast" web azuracast_cli azuracast:backup "/var/azuracast/backups/${BACKUP_FILENAME}" "$@" + + # Move from Docker volume to local filesystem + docker run --rm -v "azuracast_backups:/backup_src" \ + -v "$BACKUP_DIR:/backup_dest" \ + busybox mv "/backup_src/${BACKUP_FILENAME}" "/backup_dest/${BACKUP_FILENAME}" +} + +# +# Restore an AzuraCast backup into Docker. +# Usage: +# ./docker.sh restore [/custom/backup/dir/custombackupname.zip] +# +restore() { + if [[ ! -f .env ]] || [[ ! -f azuracast.env ]]; then + echo "AzuraCast hasn't been installed yet on this server." + echo "You should run './docker.sh install' first before restoring." + exit 1 + fi + + if ask "Restoring will remove any existing AzuraCast installation data, replacing it with your backup. Continue?" Y; then + if [[ $1 != "" ]]; then + local BACKUP_PATH BACKUP_DIR BACKUP_FILENAME BACKUP_EXT + BACKUP_PATH=$(readlink -f ${1:-"./backup.tar.gz"}) + BACKUP_DIR=$(dirname -- "$BACKUP_PATH") + BACKUP_FILENAME=$(basename -- "$BACKUP_PATH") + BACKUP_EXT="${BACKUP_FILENAME##*.}" + shift + + if [[ ! -f ${BACKUP_PATH} ]]; then + echo "File '${BACKUP_PATH}' does not exist. Nothing to restore." + exit 1 + fi + + docker-compose down -v + docker volume create azuracast_backups + + # Move from local filesystem to Docker volume + docker run --rm -v "$BACKUP_DIR:/backup_src" \ + -v "azuracast_backups:/backup_dest" \ + busybox mv "/backup_src/${BACKUP_FILENAME}" "/backup_dest/${BACKUP_FILENAME}" + + # Prepare permissions + if [[ $EUID -ne 0 ]]; then + .env --file .env set AZURACAST_PUID="$(id -u)" + .env --file .env set AZURACAST_PGID="$(id -g)" + fi + + docker-compose run --rm web -- azuracast_restore "/var/azuracast/backups/${BACKUP_FILENAME}" "$@" + + # Move file back from volume to local filesystem + docker run --rm -v "azuracast_backups:/backup_src" \ + -v "$BACKUP_DIR:/backup_dest" \ + busybox mv "/backup_src/${BACKUP_FILENAME}" "/backup_dest/${BACKUP_FILENAME}" + + docker-compose down + docker-compose up -d + else + docker-compose down + + # Remove all volumes except the backup volume. + docker volume rm -f $(docker volume ls | grep -v "azuracast_backups" | awk 'NR>1 {print $2}') + + docker-compose run --rm web -- azuracast_restore "$@" + + docker-compose down + docker-compose up -d + fi + fi + exit +} + +# +# Restore the Docker volumes from a legacy backup format .tar.gz file. +# Usage: +# ./docker.sh restore [/custom/backup/dir/custombackupname.tar.gz] +# +restore-legacy() { + local APP_BASE_DIR BACKUP_PATH BACKUP_DIR BACKUP_FILENAME + + APP_BASE_DIR=$(pwd) + + BACKUP_PATH=${1:-"./backup.tar.gz"} + BACKUP_DIR=$(cd "$(dirname "$BACKUP_PATH")" && pwd) + BACKUP_FILENAME=$(basename "$BACKUP_PATH") + + cd "$APP_BASE_DIR" || exit + + if [ -f "$BACKUP_PATH" ]; then + docker-compose down + + docker volume rm azuracast_db_data azuracast_station_data + docker volume create azuracast_db_data + docker volume create azuracast_station_data + + docker run --rm -v "$BACKUP_DIR:/backup" \ + -v azuracast_db_data:/azuracast/db \ + -v azuracast_station_data:/azuracast/stations \ + busybox tar zxvf "/backup/$BACKUP_FILENAME" + + docker-compose up -d + else + echo "File $BACKUP_PATH does not exist in this directory. Nothing to restore." + exit 1 + fi + + exit +} + +# +# DEVELOPER TOOL: +# Access the static console as a developer. +# Usage: ./docker.sh static [static_container_command] +# +static() { + docker-compose -f docker-compose.frontend.yml down -v + docker-compose -f docker-compose.frontend.yml build + docker-compose --env-file=.env -f docker-compose.frontend.yml run --rm frontend "$@" + exit +} + +# +# Stop all Docker containers and remove related volumes. +# Usage: ./docker.sh uninstall +# +uninstall() { + if ask "This operation is destructive and will wipe your existing Docker containers. Continue?" N; then + + docker-compose down -v + docker-compose rm -f + docker volume prune -f + + echo "All AzuraCast Docker containers and volumes were removed." + echo "To remove *all* Docker containers and volumes, run:" + echo " docker stop \$(docker ps -a -q)" + echo " docker rm \$(docker ps -a -q)" + echo " docker volume prune -f" + echo "" + fi + + exit +} + +# +# LetsEncrypt: Now managed via the Web UI. +# +setup-letsencrypt() { + echo "LetsEncrypt is now managed from within the web interface." +} + +letsencrypt-create() { + setup-letsencrypt + exit +} + +# +# Utility script to facilitate switching ports. +# Usage: ./docker.sh change-ports +# +change-ports() { + setup-ports + + docker-compose down + docker-compose up -d +} + +# +# Helper scripts for basic Docker Compose functions +# +up() { + echo "Starting up AzuraCast services..." + docker-compose up -d +} + +down() { + echo "Shutting down AzuraCast services..." + docker-compose down +} + +restart() { + down + up +} + +# Ensure we're in the same directory as this script. +cd "$( dirname "${BASH_SOURCE[0]}" )" || exit + +"$@" From c4360a2497f3dd79cc2a28ec7f2f395055b4e40e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 12:06:39 -0500 Subject: [PATCH 0025/1184] curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/stable/sample.env -o sample.env --- roles/azuracast/upstream/sample.env | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 roles/azuracast/upstream/sample.env diff --git a/roles/azuracast/upstream/sample.env b/roles/azuracast/upstream/sample.env new file mode 100644 index 000000000..303905de1 --- /dev/null +++ b/roles/azuracast/upstream/sample.env @@ -0,0 +1,11 @@ +COMPOSE_PROJECT_NAME=azuracast + +AZURACAST_HTTP_PORT=80 +AZURACAST_HTTPS_PORT=443 + +AZURACAST_SFTP_PORT=2022 + +AZURACAST_PUID=1000 +AZURACAST_PGID=1000 + +NGINX_TIMEOUT=1800 From 89ca8f58b98014d0a552329aa4faeb8e5013c7ea Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 12:09:18 -0500 Subject: [PATCH 0026/1184] curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/stable/azuracast.sample.env -o azuracast.sample.env --- roles/azuracast/upstream/azuracast.sample.env | 161 ++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 roles/azuracast/upstream/azuracast.sample.env diff --git a/roles/azuracast/upstream/azuracast.sample.env b/roles/azuracast/upstream/azuracast.sample.env new file mode 100644 index 000000000..225b0fb4e --- /dev/null +++ b/roles/azuracast/upstream/azuracast.sample.env @@ -0,0 +1,161 @@ +# +# AzuraCast Customization +# + +# The application environment. +# Valid options: production, development, testing +APPLICATION_ENV=production + +# Manually modify the logging level. +# This allows you to log debug-level errors temporarily (for problem-solving) or reduce +# the volume of logs that are produced by your installation, without needing to modify +# whether your installation is a production or development instance. +# Valid options: debug, info, notice, warning, error, critical, alert, emergency +# LOG_LEVEL=notice + +# Enable the composer "merge" functionality to combine the main application's +# composer.json file with any plugins' composer files. +# This can have performance implications, so you should only use it if +# you use one or more plugins with their own Composer dependencies. +# Valid options: true, false +COMPOSER_PLUGIN_MODE=false + +# The minimum port number to use when automatically assigning ports to a station. +# By default, this matches the first forwarded port on the "stations" container. +# You can modify this variable if your station port range is different. +# Be sure to also forward the necessary ports via `docker-compose.yml` +# (and nginx, if you want to use the built-in port-80/443 proxy)! +AUTO_ASSIGN_PORT_MIN=8000 + +# The maximum port number to use when automatically assigning ports to a station. +# See AUTO_ASSIGN_PORT_MIN. +AUTO_ASSIGN_PORT_MAX=8499 + +# This allows you to debug Slim Application Errors you may encounter +# By default, this is disabled to prevent users from seeing privileged information +# Please report any Slim Application Error logs to the development team on GitHub +# Valid options: true, false +SHOW_DETAILED_ERRORS=false + + +# +# Database Configuration +# -- +# Once the database has been installed, DO NOT CHANGE these values! +# + +# The host to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: localhost +# MYSQL_HOST=localhost + +# The port to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: 3306 +# MYSQL_PORT=3306 + +# The username AzuraCast will use to connect to the database. +# Default: azuracast +# MYSQL_USER=azuracast + +# The password AzuraCast will use to connect to the database. +# By default, the database is not exposed to the Internet at all and this is only +# an internal password used by the service itself. +# Default: azur4c457 +MYSQL_PASSWORD=azur4c457 + +# The name of the AzuraCast database. +# Default: azuracast +# MYSQL_DATABASE=azuracast + +# Automatically generate a random root password upon the first database spin-up. +# This password will be visible in the mariadb container's logs. +# Default: yes +MYSQL_RANDOM_ROOT_PASSWORD=yes + +# Log slower queries for the purpose of diagnosing issues. Only turn this on when +# you need to, by uncommenting this and switching it to 1. +# To read the slow query log once enabled, run: +# docker-compose exec mariadb slow_queries +# Default: 0 +# MYSQL_SLOW_QUERY_LOG=0 + +# Set the amount of allowed connections to the database. This value should be increased +# if you are seeing the `Too many connections` error in the logs. +# Default: 100 +# MYSQL_MAX_CONNECTIONS=100 + +# +# Redis Configuration +# +# Uncomment these fields if you are using a third-party Redis host instead of the one provided with AzuraCast. +# Do not modify these fields if you are using the standard AzuraCast Redis host. +# + +# Whether to use the Redis cache; if set to false, will disable Redis and use flatfile cache instead. +# Default: true +# ENABLE_REDIS=true + +# Name of the Redis host. +# Default: localhost +# REDIS_HOST=localhost + +# Port to connect to on the Redis host. +# Default: 6379 +# REDIS_PORT=6379 + +# Database index to use on the Redis host. +# Default: 1 +# REDIS_DB=1 + +# +# Advanced Configuration +# + +# PHP's maximum POST body size and max upload filesize. +# PHP_MAX_FILE_SIZE=25M + +# PHP's maximum memory limit. +# PHP_MEMORY_LIMIT=128M + +# PHP's maximum script execution time (in seconds). +# PHP_MAX_EXECUTION_TIME=30 + +# The maximum execution time (and lock timeout) for the 15-second, 1-minute and 5-minute synchronization tasks. +# SYNC_SHORT_EXECUTION_TIME=600 + +# The maximum execution time (and lock timeout) for the 1-hour synchronization task. +# SYNC_LONG_EXECUTION_TIME=1800 + +# Maximum number of PHP-FPM worker processes to spawn. +# PHP_FPM_MAX_CHILDREN=5 + +# +# PHP-SPX profiling extension Configuration +# +# These environment variables allow you to enable and configure the PHP-SPX profiling extension +# which can be helpful when debugging resource issues in AzuraCast. +# +# The profiling dashboard can be accessed by visting https://yourdomain.com/?SPX_KEY=dev&SPX_UI_URI=/ +# If you change the PROFILING_EXTENSION_HTTP_KEY variable change the value for SPX_KEY accordingly. +# + +# Enable the profiling extension. +# Profiling data can be viewed by visiting http://your-azuracast-site/?SPX_KEY=dev&SPX_UI_URI=/ +# Default: 0 +# PROFILING_EXTENSION_ENABLED=0 + +# Profile ALL requests made to this account. +# This will have significant performance impact on your installation and should only be used in test circumstances. +# Default: 0 +# PROFILING_EXTENSION_ALWAYS_ON=0 + +# Configure the value for the SPX_KEY parameter needed to access the profiling dashboard +# Default: dev +# PROFILING_EXTENSION_HTTP_KEY=dev + +# Configure the IP whitelist for the profiling dashboard +# By default only localhost is allowed to access this page. +# Uncomment this line to enable access for you. +# Default: 127.0.0.1 +# PROFILING_EXTENSION_HTTP_IP_WHITELIST=* From 2f235a57ab2d2c617276fb9b6b79057313e6d5d1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 12:10:42 -0500 Subject: [PATCH 0027/1184] curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/stable/docker-compose.sample.yml -o docker-compose.sample.yml --- .../upstream/docker-compose.sample.yml | 214 ++++++++++++++++++ 1 file changed, 214 insertions(+) create mode 100644 roles/azuracast/upstream/docker-compose.sample.yml diff --git a/roles/azuracast/upstream/docker-compose.sample.yml b/roles/azuracast/upstream/docker-compose.sample.yml new file mode 100644 index 000000000..3c3759957 --- /dev/null +++ b/roles/azuracast/upstream/docker-compose.sample.yml @@ -0,0 +1,214 @@ +# +# AzuraCast Docker Compose Configuration File +# +# When updating, you will be prompted to replace this file with a new +# version; you should do this whenever possible to take advantage of +# new updates. +# +# If you need to customize this file, you can create a new file named: +# docker-compose.override.yml +# with any changes you need to make. +# + +services: + web: + container_name: azuracast + image: "ghcr.io/azuracast/azuracast:${AZURACAST_VERSION:-latest}" + # Want to customize the HTTP/S ports? Follow the instructions here: + # https://docs.azuracast.com/en/administration/docker#using-non-standard-ports + ports: + - '${AZURACAST_HTTP_PORT:-80}:80' + - '${AZURACAST_HTTPS_PORT:-443}:443' + - '${AZURACAST_SFTP_PORT:-2022}:2022' + # This default mapping is the outgoing and incoming ports for the first 50 stations. + # You can override this port mapping in your own docker-compose.override.yml file. + # For instructions, see: + # https://docs.azuracast.com/en/administration/docker#expanding-the-station-port-range + - '8000:8000' + - '8005:8005' + - '8006:8006' + - '8010:8010' + - '8015:8015' + - '8016:8016' + - '8020:8020' + - '8025:8025' + - '8026:8026' + - '8030:8030' + - '8035:8035' + - '8036:8036' + - '8040:8040' + - '8045:8045' + - '8046:8046' + - '8050:8050' + - '8055:8055' + - '8056:8056' + - '8060:8060' + - '8065:8065' + - '8066:8066' + - '8070:8070' + - '8075:8075' + - '8076:8076' + - '8090:8090' + - '8095:8095' + - '8096:8096' + - '8100:8100' + - '8105:8105' + - '8106:8106' + - '8110:8110' + - '8115:8115' + - '8116:8116' + - '8120:8120' + - '8125:8125' + - '8126:8126' + - '8130:8130' + - '8135:8135' + - '8136:8136' + - '8140:8140' + - '8145:8145' + - '8146:8146' + - '8150:8150' + - '8155:8155' + - '8156:8156' + - '8160:8160' + - '8165:8165' + - '8166:8166' + - '8170:8170' + - '8175:8175' + - '8176:8176' + - '8180:8180' + - '8185:8185' + - '8186:8186' + - '8190:8190' + - '8195:8195' + - '8196:8196' + - '8200:8200' + - '8205:8205' + - '8206:8206' + - '8210:8210' + - '8215:8215' + - '8216:8216' + - '8220:8220' + - '8225:8225' + - '8226:8226' + - '8230:8230' + - '8235:8235' + - '8236:8236' + - '8240:8240' + - '8245:8245' + - '8246:8246' + - '8250:8250' + - '8255:8255' + - '8256:8256' + - '8260:8260' + - '8265:8265' + - '8266:8266' + - '8270:8270' + - '8275:8275' + - '8276:8276' + - '8280:8280' + - '8285:8285' + - '8286:8286' + - '8290:8290' + - '8295:8295' + - '8296:8296' + - '8300:8300' + - '8305:8305' + - '8306:8306' + - '8310:8310' + - '8315:8315' + - '8316:8316' + - '8320:8320' + - '8325:8325' + - '8326:8326' + - '8330:8330' + - '8335:8335' + - '8336:8336' + - '8340:8340' + - '8345:8345' + - '8346:8346' + - '8350:8350' + - '8355:8355' + - '8356:8356' + - '8360:8360' + - '8365:8365' + - '8366:8366' + - '8370:8370' + - '8375:8375' + - '8376:8376' + - '8380:8380' + - '8385:8385' + - '8386:8386' + - '8390:8390' + - '8395:8395' + - '8396:8396' + - '8400:8400' + - '8405:8405' + - '8406:8406' + - '8410:8410' + - '8415:8415' + - '8416:8416' + - '8420:8420' + - '8425:8425' + - '8426:8426' + - '8430:8430' + - '8435:8435' + - '8436:8436' + - '8440:8440' + - '8445:8445' + - '8446:8446' + - '8450:8450' + - '8455:8455' + - '8456:8456' + - '8460:8460' + - '8465:8465' + - '8466:8466' + - '8470:8470' + - '8475:8475' + - '8476:8476' + - '8480:8480' + - '8485:8485' + - '8486:8486' + - '8490:8490' + - '8495:8495' + - '8496:8496' + env_file: azuracast.env + environment: + LANG: ${LANG:-en_US.UTF-8} + AZURACAST_DC_REVISION: 14 + AZURACAST_VERSION: ${AZURACAST_VERSION:-latest} + AZURACAST_SFTP_PORT: ${AZURACAST_SFTP_PORT:-2022} + NGINX_TIMEOUT: ${NGINX_TIMEOUT:-1800} + LETSENCRYPT_HOST: ${LETSENCRYPT_HOST:-} + LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL:-} + PUID: ${AZURACAST_PUID:-1000} + PGID: ${AZURACAST_PGID:-1000} + volumes: + - www_uploads:/var/azuracast/uploads + - station_data:/var/azuracast/stations + - shoutcast2_install:/var/azuracast/servers/shoutcast2 + - stereo_tool_install:/var/azuracast/servers/stereo_tool + - geolite_install:/var/azuracast/geoip + - sftpgo_data:/var/azuracast/sftpgo/persist + - backups:/var/azuracast/backups + - acme:/var/azuracast/acme + - db_data:/var/lib/mysql + restart: unless-stopped + ulimits: &default-ulimits + nofile: + soft: 65536 + hard: 65536 + logging: &default-logging + options: + max-size: "1m" + max-file: "5" + +volumes: + db_data: { } + acme: { } + shoutcast2_install: { } + stereo_tool_install: { } + geolite_install: { } + sftpgo_data: { } + station_data: { } + www_uploads: { } + backups: { } From 3adafc96f1f5d40b7062a768ce2be15bf483475a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 14:14:56 -0500 Subject: [PATCH 0028/1184] add notes.txt --- roles/azuracast/upstream/notes.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 roles/azuracast/upstream/notes.txt diff --git a/roles/azuracast/upstream/notes.txt b/roles/azuracast/upstream/notes.txt new file mode 100644 index 000000000..47be401bc --- /dev/null +++ b/roles/azuracast/upstream/notes.txt @@ -0,0 +1 @@ +The three file found here are mentioned in docker.sh's run-installer() with 'sample.' added to the filename From bae65ad64ead99fff4d0601142f7049f4bf5b203 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 14:28:02 -0500 Subject: [PATCH 0029/1184] whitespace and use 'prod.env' --- roles/azuracast/tasks/install.yml | 12 +++---- roles/azuracast/templates/prod.env | 54 ++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 6 deletions(-) create mode 100644 roles/azuracast/templates/prod.env diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index febb7302d..1929e6194 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -1,11 +1,11 @@ - name: AzuraCast - Make config directory {{ azuracast_host_dir }} - file: + file: path: "{{ azuracast_host_dir }}" state: directory - name: AzuraCast - Install {{ azuracast_host_dir }}/.env from template template: - src: env.j2 + src: prod.j2 dest: "{{ azuracast_host_dir }}/.env" #owner: root #group: root @@ -27,7 +27,7 @@ timeout: "{{ download_timeout }}" - name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }} - get_url: + get_url: url: "{{ docker_compose_url }}" dest: "{{ azuracast_host_dir }}/docker-compose.yml" mode: 0755 @@ -55,15 +55,15 @@ mode: 0644 - name: AzuraCast - Make directory {{ docker_container_dir }} - file: + file: path: "{{ docker_container_dir }}" state: directory - + - name: AzuraCast - Symlink /var/lib/docker -> {{ docker_container_dir }} file: src: "{{ docker_container_dir }}" path: /var/lib/docker - state: link + state: link - name: AzuraCast - Setup for stable channel install shell: "yes 'Y' | /bin/bash docker.sh setup-release" diff --git a/roles/azuracast/templates/prod.env b/roles/azuracast/templates/prod.env new file mode 100644 index 000000000..58fc11d3e --- /dev/null +++ b/roles/azuracast/templates/prod.env @@ -0,0 +1,54 @@ +# This file was automatically generated by AzuraCast and modified for IIAB +# You can modify it as necessary. To apply changes, restart the Docker containers. +# Remove the leading "#" symbol from lines to uncomment them. + +# (Docker Compose) All Docker containers are prefixed by this name. Do not change this after installation. +# Default: azuracast +COMPOSE_PROJECT_NAME=azuracast + +# (Docker Compose) The amount of time to wait before a Docker Compose operation fails. Increase this on lower performance computers. +# Default: 300 +COMPOSE_HTTP_TIMEOUT=300 + +# Release Channel +# Valid options: latest, stable +# Default: latest +AZURACAST_VERSION=stable + +NGINX_TIMEOUT=1800 +# HTTP Port +# The main port AzuraCast listens to for insecure HTTP connections. +# Default: 80 +AZURACAST_HTTP_PORT={{ azuracast_http_port }} + +# HTTPS Port +# The main port AzuraCast listens to for secure HTTPS connections. +# Default: 443 +AZURACAST_HTTPS_PORT={{ azuracast_https_port }} + +# SFTP Port +# The port AzuraCast listens to for SFTP file management connections. +# Default: 2022 +AZURACAST_SFTP_PORT=2022 + +# Station Ports +# The ports AzuraCast should listen to for station broadcasts and incoming DJ +# connections. +# Default: 8000,8005,8006,8010,8015,8016,8020,8025,8026,8030,8035,8036,8040,8045,8046,8050,8055,8056,8060,8065,8066,8070,8075,8076,8090,8095,8096,8100,8105,8106,8110,8115,8116,8120,8125,8126,8130,8135,8136,8140,8145,8146,8150,8155,8156,8160,8165,8166,8170,8175,8176,8180,8185,8186,8190,8195,8196,8200,8205,8206,8210,8215,8216,8220,8225,8226,8230,8235,8236,8240,8245,8246,8250,8255,8256,8260,8265,8266,8270,8275,8276,8280,8285,8286,8290,8295,8296,8300,8305,8306,8310,8315,8316,8320,8325,8326,8330,8335,8336,8340,8345,8346,8350,8355,8356,8360,8365,8366,8370,8375,8376,8380,8385,8386,8390,8395,8396,8400,8405,8406,8410,8415,8416,8420,8425,8426,8430,8435,8436,8440,8445,8446,8450,8455,8456,8460,8465,8466,8470,8475,8476,8480,8485,8486,8490,8495,8496 +AZURACAST_STATION_PORTS=10000,10005,10006,10010,10015,10016,10020,10025,10026,10030,10035,10036,10040,10045,10046,10050,10055,10056,10060,10065,10066,10070,10075,10076,10080,10085,10086,10090,10095,10096,10100,10105,10106,10110,10115,10116,10120,10125,10126,10130,10135,10136,10140,10145,10146,10150,10155,10156,10160,10165,10166,10170,10175,10176,10180,10185,10186,10190,10195,10196,10200,10205,10206,10210,10215,10216,10220,10225,10226,10230,10235,10236,10240,10245,10246,10250,10255,10256,10260,10265,10266,10270,10275,10276,10280,10285,10286,10290,10295,10296,10300,10305,10306,10310,10315,10316,10320,10325,10326,10330,10335,10336,10340,10345,10346,10350,10355,10356,10360,10365,10366,10370,10375,10376,10380,10385,10386,10390,10395,10396,10400,10405,10406,10410,10415,10416,10420,10425,10426,10430,10435,10436,10440,10445,10446,10450,10455,10456,10460,10465,10466,10470,10475,10476,10480,10485,10486,10490,10495,10496 + +# Docker User UID +# Set the UID of the user running inside the Docker containers. Matching this +# with your host UID can fix permission issues. +# Default: 1000 +AZURACAST_PUID=1000 + +# Docker User GID +# Set the GID of the user running inside the Docker containers. Matching this +# with your host GID can fix permission issues. +# Default: 1000 +AZURACAST_PGID=1000 + +# Advanced: Use Privileged Docker Settings +# Default: true +AZURACAST_COMPOSE_PRIVILEGED=true From de282a85cd95ce831bc7c1737b6454adad568ad9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 14:36:17 -0500 Subject: [PATCH 0030/1184] clean up --- ....override.yml.j2 => docker-compose.override.yml.j2.unused} | 0 roles/azuracast/{templates/env.j2 => env.j2.unused} | 0 roles/azuracast/templates/azuracast.env | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename roles/azuracast/{templates/docker-compose.override.yml.j2 => docker-compose.override.yml.j2.unused} (100%) rename roles/azuracast/{templates/env.j2 => env.j2.unused} (100%) diff --git a/roles/azuracast/templates/docker-compose.override.yml.j2 b/roles/azuracast/docker-compose.override.yml.j2.unused similarity index 100% rename from roles/azuracast/templates/docker-compose.override.yml.j2 rename to roles/azuracast/docker-compose.override.yml.j2.unused diff --git a/roles/azuracast/templates/env.j2 b/roles/azuracast/env.j2.unused similarity index 100% rename from roles/azuracast/templates/env.j2 rename to roles/azuracast/env.j2.unused diff --git a/roles/azuracast/templates/azuracast.env b/roles/azuracast/templates/azuracast.env index 75ff47f6b..313fffc59 100644 --- a/roles/azuracast/templates/azuracast.env +++ b/roles/azuracast/templates/azuracast.env @@ -26,11 +26,11 @@ COMPOSER_PLUGIN_MODE=false # You can modify this variable if your station port range is different. # Be sure to also forward the necessary ports via `docker-compose.yml` # (and nginx, if you want to use the built-in port-80/443 proxy)! -AUTO_ASSIGN_PORT_MIN=10000 +AUTO_ASSIGN_PORT_MIN="{{ azuracast_port_range_prefix }}000" # The maximum port number to use when automatically assigning ports to a station. # See AUTO_ASSIGN_PORT_MIN. -AUTO_ASSIGN_PORT_MAX=10499 +AUTO_ASSIGN_PORT_MAX="{{ azuracast_port_range_prefix }}499" # # Database Configuration From a47789600325a4eb19ce963a338cb3db6f7def1e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 30 Aug 2022 04:54:21 -0500 Subject: [PATCH 0031/1184] use .j2 --- .../templates/prod.env => prod.env.j2 | 0 roles/azuracast/tasks/install.yml | 2 +- .../templates/azuracast-nginx.conf.j2 | 24 +++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) rename roles/azuracast/templates/prod.env => prod.env.j2 (100%) create mode 100644 roles/azuracast/templates/azuracast-nginx.conf.j2 diff --git a/roles/azuracast/templates/prod.env b/prod.env.j2 similarity index 100% rename from roles/azuracast/templates/prod.env rename to prod.env.j2 diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 1929e6194..5f4e43ff6 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -5,7 +5,7 @@ - name: AzuraCast - Install {{ azuracast_host_dir }}/.env from template template: - src: prod.j2 + src: prod.env.j2 dest: "{{ azuracast_host_dir }}/.env" #owner: root #group: root diff --git a/roles/azuracast/templates/azuracast-nginx.conf.j2 b/roles/azuracast/templates/azuracast-nginx.conf.j2 new file mode 100644 index 000000000..985f10602 --- /dev/null +++ b/roles/azuracast/templates/azuracast-nginx.conf.j2 @@ -0,0 +1,24 @@ +location /azuracast/ + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /azureacast; + proxy_pass http://127.0.0.1:{{ azuracast_http_port }}; +} + +location /radio/ { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /radio; + proxy_pass http://127.0.0.1:{{ azuracast_http_port }}; +} + +# http://box/livres +location {{ calibreweb_url3 }}/ { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name {{ calibreweb_url3 }}; + proxy_pass http://127.0.0.1:8083; +} From a168afeeeff501433310401c6f4da9921837bd2a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 30 Aug 2022 10:56:42 -0400 Subject: [PATCH 0032/1184] 6-generic-apps/tasks/main.yml: AzuraCast restoration --- roles/6-generic-apps/tasks/main.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 1c36cb5d3..4c4ea9522 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -3,12 +3,6 @@ - name: ...IS BEGINNING ==================================== meta: noop -# UNMAINTAINED -- name: AZURACAST - include_role: - name: azuracast - when: azuracast_install is defined and azuracast_install - # UNMAINTAINED - name: DOKUWIKI include_role: @@ -27,6 +21,11 @@ name: elgg when: elgg_install is defined and elgg_install +- name: AZURACAST + include_role: + name: azuracast + when: azuracast_install + - name: GITEA include_role: name: gitea From 45525c5397b2afb464526a09bffbe1fdc167776c Mon Sep 17 00:00:00 2001 From: cwivagg Date: Wed, 31 Aug 2022 06:42:47 -0400 Subject: [PATCH 0033/1184] Harden Matomo install for timezone issue Additionally, temporarily switch apache_user to www-data to unblock access to Matomo. Will debug later. --- roles/matomo/tasks/install.yml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 68942ea3c..e848f7172 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -39,8 +39,8 @@ file: path: "{{ matomo_path }}/matomo" recurse: yes - owner: "{{ apache_user }}" # e.g. www-data - group: "{{ apache_user }}" + owner: www-data + group: www-data - name: HTTP Get Welcome uri: @@ -139,8 +139,22 @@ url: "{{ matomo_host_url }}" ecommerce: 0 body_format: form-urlencoded + register: _result + +- name: Fallback Configure Matomo to track IIAB + uri: + url: "{{ matomo_full_url }}index.php?action=firstWebsiteSetup&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + siteName: "IIAB" + url: "{{ matomo_host_url }}" + timezone: "Europe/London" + ecommerce: 0 + body_format: form-urlencoded status_code: 302 - #register: matomo_first_website_setup + when: _result.status == 200 - name: Matomo Tracking Code uri: From d0feb297ce101deab9675beac807989d1bf5de25 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Wed, 31 Aug 2022 08:02:04 -0400 Subject: [PATCH 0034/1184] Accept both status codes for pre-fallback step --- roles/matomo/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index e848f7172..1f37a4fc0 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -139,6 +139,7 @@ url: "{{ matomo_host_url }}" ecommerce: 0 body_format: form-urlencoded + status_code: [200, 302] register: _result - name: Fallback Configure Matomo to track IIAB From da479832527b6b9a88ed0472c5ccde525526bc8e Mon Sep 17 00:00:00 2001 From: cwivagg Date: Wed, 31 Aug 2022 09:13:53 -0400 Subject: [PATCH 0035/1184] Update install.yml --- roles/matomo/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 1f37a4fc0..e5d22fcfb 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -39,8 +39,8 @@ file: path: "{{ matomo_path }}/matomo" recurse: yes - owner: www-data - group: www-data + owner: "{{ apache_user }}" # e.g. www-data + group: "{{ apache_user }}" - name: HTTP Get Welcome uri: From 162c86236b7aaa5f66596da393a156edf2ab6ce4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:26:03 -0400 Subject: [PATCH 0036/1184] Update azuracast/README.rst 3+ years later (WiP) --- roles/azuracast/README.rst | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index fca21ce96..da7d1abab 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -2,18 +2,37 @@ AzuraCast README ================ -This playbook adds `AzuraCast `_ to Internet-in-a-Box (IIAB) for network radio station functionality. With 'AzuraCast' you and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported. +This playbook adds `AzuraCast `_ to Internet-in-a-Box (IIAB) for "radio station" functionality. You and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported. -Please see AzuraCast's `screenshots `_. +As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar) for you, using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). -As of 2019-08-04, this will only run on Ubuntu 18.04, and tentatively on Debian 10 "Buster" (`#1766 `_). Support for Raspberry Pi remains a goal for now — please if you can, consider helping us solve this critical challenge (`#1772 `_, `AzuraCast/AzuraCast#332 `_). +Please see AzuraCast's `screenshots `_ and `docs <./README.rst#Requirements>`_. + +Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc. + +Requirements +------------ + +AzuraCast recommends `2-to-4 GB RAM minimum `_. + +As of 2022-08-31, AzuraCast should run on Ubuntu 22.04 and 64-bit Raspberry Pi OS: `#1772 `_, `AzuraCast/AzuraCast#332 `_, `PR #2946 `_ + +Other Linux distributions may also work, at your own risk, especially if Docker runs smoothly. Using It -------- -* Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. -* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:10080 +* Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when IIAB's installer prompts you to edit `/etc/iiab/local_vars.yml `_ +* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:12080 * This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! -Note: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 10000-10100 `_. +Note: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 12000-12100 `_ (port 12443 may also be required!) + +AzuraCast Docs +-------------- + +- https://docs.azuracast.com +- https://docs.azuracast.com/en/getting-started/installation/post-installation-steps +- https://docs.azuracast.com/en/getting-started/updates +- https://docs.azuracast.com/en/user-guide/streaming-software From 80513db2673895026a7ebc8a2a0bd1825d52e9c2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:30:32 -0400 Subject: [PATCH 0037/1184] azuracast/README.rst: Fix anchor tag #azuracast-docs --- roles/azuracast/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index da7d1abab..7d3f05f92 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -6,7 +6,7 @@ This playbook adds `AzuraCast `_ to Internet-in-a-Box (I As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar) for you, using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). -Please see AzuraCast's `screenshots `_ and `docs <./README.rst#Requirements>`_. +Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc. From 1d6a6b3bd48e0059f556771d7d90a1b82d84e59a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:32:26 -0400 Subject: [PATCH 0038/1184] azuracast/README.rst: Emphasize RasPiOS needs to be 64-bit --- roles/azuracast/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 7d3f05f92..515a8c6de 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -15,7 +15,7 @@ Requirements AzuraCast recommends `2-to-4 GB RAM minimum `_. -As of 2022-08-31, AzuraCast should run on Ubuntu 22.04 and 64-bit Raspberry Pi OS: `#1772 `_, `AzuraCast/AzuraCast#332 `_, `PR #2946 `_ +As of 2022-08-31, AzuraCast should run on Ubuntu 22.04 and **64-bit** Raspberry Pi OS: `#1772 `_, `AzuraCast/AzuraCast#332 `_, `PR #2946 `_ Other Linux distributions may also work, at your own risk, especially if Docker runs smoothly. From f691b389ba277f4eb1598142bbcabacdd99618ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:40:23 -0400 Subject: [PATCH 0039/1184] Install AzuraCast in Stage 9 (9-local-addons) --- roles/9-local-addons/tasks/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index d63d5b8c1..f9ea8e20f 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -3,7 +3,12 @@ - name: ...IS BEGINNING ==================================== meta: noop -# Is porting to Python 3 complete, and if so does this belong elsewhere? +- name: AZURACAST + include_role: + name: azuracast + when: azuracast_install + +# Porting to Python 3 is complete: does this belong elsewhere? - name: CAPTIVE PORTAL include_role: name: captiveportal From 1e5e3c25b325d74b86a611a12ed3d1af06e28a84 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:41:03 -0400 Subject: [PATCH 0040/1184] 6-generic-apps/tasks/main.yml: AzuraCast moved to Stage 9 --- roles/6-generic-apps/tasks/main.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 4c4ea9522..f43e878f3 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -21,11 +21,6 @@ name: elgg when: elgg_install is defined and elgg_install -- name: AZURACAST - include_role: - name: azuracast - when: azuracast_install - - name: GITEA include_role: name: gitea From 0b822d7204b1c05b11ecbf08f4f2991c34cc9c75 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:55:40 -0400 Subject: [PATCH 0041/1184] Tighten up azuracast/README.rst --- roles/azuracast/README.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 515a8c6de..e4d750046 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -2,9 +2,9 @@ AzuraCast README ================ -This playbook adds `AzuraCast `_ to Internet-in-a-Box (IIAB) for "radio station" functionality. You and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported. +Install `AzuraCast `_ to your Internet-in-a-Box (IIAB) if you want "radio station" functionality. You and your community can then schedule podcasts, music, and even do live streaming of audio content (video streaming might also be possible in future!) -As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar) for you, using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). +As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar files) using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. @@ -24,10 +24,10 @@ Using It * Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when IIAB's installer prompts you to edit `/etc/iiab/local_vars.yml `_ * When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:12080 -* This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. +* That console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! -Note: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 12000-12100 `_ (port 12443 may also be required!) +NOTE: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 12000-12100 `_ (port 12443 may also be required!) AzuraCast Docs -------------- From 624c4d8aaa0eb0b7725bd38cc401a792b7dbf7b0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 15:39:30 -0400 Subject: [PATCH 0042/1184] kolibri/tasks/install.yml: Clarify Mint 21 special case 'jammy' --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 84e742c7b..4323f0932 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -69,7 +69,7 @@ - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) apt_repository: repo: ppa:learningequality/kolibri - codename: jammy # CONSOLIDATE THIS STANZA WITH UBUNTU ABOVE IN FUTURE? + codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? when: is_linuxmint_21 - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) From e9564cab3613e7b53bfab7a2e68740a7a86c28d7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 16:07:19 -0400 Subject: [PATCH 0043/1184] azuracast/tasks/main.yml: skip_role_on_error --- roles/azuracast/tasks/main.yml | 43 ++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/roles/azuracast/tasks/main.yml b/roles/azuracast/tasks/main.yml index ef9c28914..c4e69ec0c 100644 --- a/roles/azuracast/tasks/main.yml +++ b/roles/azuracast/tasks/main.yml @@ -19,25 +19,32 @@ quiet: yes -- name: Install AzuraCast if 'azuracast_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: azuracast_installed is undefined +- block: + - name: Install AzuraCast if 'azuracast_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: azuracast_installed is undefined -# TODO figure out what to turn off/on for AzuraCast -# - include_tasks: enable-or-disable.yml + # TODO figure out what to turn off/on for AzuraCast + # - include_tasks: enable-or-disable.yml + - name: Add 'azuracast' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: azuracast + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: azuracast + - option: description + value: '"AzuraCast is a self-hosted, all-in-one radio station platform. Use AzuraCast to schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported."' + - option: enabled + value: "{{ azuracast_enabled }}" -- name: Add 'azuracast' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: azuracast - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: azuracast - - option: description - value: '"AzuraCast is a self-hosted, all-in-one radio station platform. Use AzuraCast to schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported."' - - option: enabled - value: "{{ azuracast_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From 2927f086a2a7443f843db3e7521be8de71d68660 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 16:19:32 -0400 Subject: [PATCH 0044/1184] azuracast/tasks/main.yml: Tighter iiab.ini description --- roles/azuracast/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/tasks/main.yml b/roles/azuracast/tasks/main.yml index c4e69ec0c..2fe95b682 100644 --- a/roles/azuracast/tasks/main.yml +++ b/roles/azuracast/tasks/main.yml @@ -38,7 +38,7 @@ - option: name value: azuracast - option: description - value: '"AzuraCast is a self-hosted, all-in-one radio station platform. Use AzuraCast to schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported."' + value: '"AzuraCast is simple, self-hosted web radio. Use it to schedule student newscasts, podcasts, music (e.g. MP3's and similar) and even do live-streaming."' - option: enabled value: "{{ azuracast_enabled }}" From 20ed74ea517ef82b63b366d24e66cc1ebbdcf5ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 16:22:04 -0400 Subject: [PATCH 0045/1184] azuracast/tasks/main.yml: iiab.ini description needs '' --- roles/azuracast/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/tasks/main.yml b/roles/azuracast/tasks/main.yml index 2fe95b682..6bc11b878 100644 --- a/roles/azuracast/tasks/main.yml +++ b/roles/azuracast/tasks/main.yml @@ -38,7 +38,7 @@ - option: name value: azuracast - option: description - value: '"AzuraCast is simple, self-hosted web radio. Use it to schedule student newscasts, podcasts, music (e.g. MP3's and similar) and even do live-streaming."' + value: '"AzuraCast is simple, self-hosted web radio. Use it to schedule student newscasts, podcasts, music (e.g. MP3''s and similar) and even do live-streaming."' - option: enabled value: "{{ azuracast_enabled }}" From 85e7d30e452b8a55d48f45197123fc9e6d24271f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 16:27:29 -0400 Subject: [PATCH 0046/1184] test.yml: Clarify '' to escape single quotes in 7 iiab.ini descriptions --- test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.yml b/test.yml index 032d35f23..ab0aeac9c 100644 --- a/test.yml +++ b/test.yml @@ -25,7 +25,7 @@ #- pause: - - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini Munin description + - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini descriptions for azuracast, captiveportal, mosquitto, munin, nodejs, osm-vector-maps, sshd debug: msg: '"''"' # FAILS: '"\'"' From f94a55b079bee91eeb2605f13dc1dabfcd8c651f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 18:14:19 -0400 Subject: [PATCH 0047/1184] azuracast/README.rst: Cleaner explanation --- roles/azuracast/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index e4d750046..b76483ee1 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -2,13 +2,13 @@ AzuraCast README ================ -Install `AzuraCast `_ to your Internet-in-a-Box (IIAB) if you want "radio station" functionality. You and your community can then schedule podcasts, music, and even do live streaming of audio content (video streaming might also be possible in future!) +Install `AzuraCast `_ with your `Internet-in-a-Box (IIAB) `_ if you want a simple, self-hosted "web radio station" with a modern web UI/UX. You and your community can then schedule newscasts, podcasts, music, and even do live streaming of audio content (video streaming might also be possible in future!) As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar files) using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. -Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc. +Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. (If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc.) Requirements ------------ From 43c3ef4ddfe83e85090b949ed63958ec9cb7e3a5 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 31 Aug 2022 22:54:24 -0400 Subject: [PATCH 0048/1184] kolibri/tasks/install.yml: Modern apt keyring approach --- roles/kolibri/tasks/install.yml | 45 +++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 13 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 4323f0932..b519c95e1 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -44,11 +44,30 @@ # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html says: # "When you use the PPA installation method, upgrades to newer versions # will be automatic, provided there is internet access available." + # + # IN REALITY: Kolibri upgrades are still tricky, as 3 pink screens prompt you + # and PEOPLE WON'T KNOW TO TYPE IN things like Linux username 'kolibri' :/ - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) + # 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 + - name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg + shell: | + gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + + - name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04 or 22.10 or Mint 21 or Debian 12) apt_repository: - repo: ppa:learningequality/kolibri - when: is_ubuntu and not is_linuxmint + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" + when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 + + - name: Add signed Kolibri PPA 'focal' (other OS's) + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" + when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) + + # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) + # apt_repository: + # repo: ppa:learningequality/kolibri + # when: is_ubuntu and not is_linuxmint # 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on # Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) @@ -66,17 +85,17 @@ # 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also # want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) - apt_repository: - repo: ppa:learningequality/kolibri - codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? - when: is_linuxmint_21 + # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) + # apt_repository: + # repo: ppa:learningequality/kolibri + # codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? + # when: is_linuxmint_21 - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) - apt_repository: - repo: ppa:learningequality/kolibri - codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) - when: is_debian or is_linuxmint_20 + # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) + # apt_repository: + # repo: ppa:learningequality/kolibri + # codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) + # when: is_debian or is_linuxmint_20 - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: From 55b0239ccbf038224ae1478fbb2d34a43ac1fd46 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Sep 2022 00:28:32 -0400 Subject: [PATCH 0049/1184] Document that apt upgrading Kolibri is risky (for now!) --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index b519c95e1..f0311fabb 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -45,8 +45,8 @@ # "When you use the PPA installation method, upgrades to newer versions # will be automatic, provided there is internet access available." # - # IN REALITY: Kolibri upgrades are still tricky, as 3 pink screens prompt you - # and PEOPLE WON'T KNOW TO TYPE IN things like Linux username 'kolibri' :/ + # IN REALITY: apt upgrading Kolibri is risky, as 3 pink/blue screens prompt + # PPL WHO DON'T KNOW TO TYPE IN things like Linux username 'kolibri' :/ #3356 # 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 - name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg From a6f89e59a42f0e5d42e4b4d8fdcc11b7782b31fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Sep 2022 00:31:05 -0400 Subject: [PATCH 0050/1184] kolibri/tasks/install.yml: PPA 'focal' (other/older OS's) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f0311fabb..191cba125 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -59,7 +59,7 @@ repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 - - name: Add signed Kolibri PPA 'focal' (other OS's) + - name: Add signed Kolibri PPA 'focal' (other/older OS's) apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) From bffe5227a05348e773ddd868b2177d03b87f4662 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Sep 2022 00:33:04 -0400 Subject: [PATCH 0051/1184] kolibri/tasks/install.yml: Clarify 'focal' (if other/older OS's) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 191cba125..91d347701 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -59,7 +59,7 @@ repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 - - name: Add signed Kolibri PPA 'focal' (other/older OS's) + - name: Add signed Kolibri PPA 'focal' (if other/older OS's) apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) From fea98739f9921f4f3dc75bc16dd8fce852a40c6d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 2 Sep 2022 07:04:47 -0400 Subject: [PATCH 0052/1184] azuracast/README.rst: Link to community example(s) --- roles/azuracast/README.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index b76483ee1..f230ae7a9 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -6,7 +6,10 @@ Install `AzuraCast `_ with your `Internet-in-a-Box (IIAB As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar files) using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). -Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. +Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. Community implementation examples: + +* https://twitter.com/internet_in_box/status/1564986581664014342 +* https://youtu.be/XfiFiOi46mk Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. (If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc.) From 1ddfab2eddcb748c619e9c2077f8805f66028e81 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:17:28 -0400 Subject: [PATCH 0053/1184] azuracast/defaults/main.yml: Update in-line docs --- roles/azuracast/defaults/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/azuracast/defaults/main.yml b/roles/azuracast/defaults/main.yml index 6e505649f..423682c12 100644 --- a/roles/azuracast/defaults/main.yml +++ b/roles/azuracast/defaults/main.yml @@ -1,17 +1,17 @@ -# A full-featured online radio station suite. -# Works on Ubuntu 18.04, Debian 9, 10. Uses docker +# A full-featured online radio station suite. Uses Docker. +# README: https://github.com/iiab/iiab/tree/master/roles/azuracast#readme # azuracast_install: False -# azuracast_enabled: False +# azuracast_enabled: False # This var is currently IGNORED -# azuracast_http_port: 10080 -# azuracast_https_port: 10443 +# azuracast_http_port: 12080 +# azuracast_https_port: 12443 -## AzuraCast needs many ports in the 8000:8100 range by default, but IIAB services -## conflict with those ports so this variable below sets a sane prefix. -## e.g. setting the below variable to 10 will result in port ranges 10000-10100 +## AzuraCast needs many ports in the 8000:8496 range by default, but IIAB +## services conflict, so this variable below sets a sane prefix. +## e.g. setting the below variable to 12 will result in port ranges 12000-12499 ## being reserved for AzuraCast: -# azuracast_port_range_prefix: 10 +# azuracast_port_range_prefix: 12 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From 6777e52d536868d8185304a36e360a014d6a3962 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:18:47 -0400 Subject: [PATCH 0054/1184] "azuracast_port_range_prefix: 12" in default_vars.yml --- vars/default_vars.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 00bdc9767..045102f0d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -381,11 +381,11 @@ azuracast_enabled: False # This var is currently IGNORED azuracast_http_port: 12080 azuracast_https_port: 12443 # -# AzuraCast needs many ports in the 8000:8100 range by default, but IIAB -# services conflict with those ports so this variable below sets a sane prefix. -# e.g. setting the below variable to 10 will result in port ranges 10000-10100 +# AzuraCast needs many ports in the 8000:8496 range by default, but IIAB +# services conflict, so this variable below sets a sane prefix. +# e.g. setting the below variable to 12 will result in port ranges 12000-12499 # being reserved for AzuraCast: -azuracast_port_range_prefix: 10 +azuracast_port_range_prefix: 12 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 #dokuwiki_install: False From c887768e11ea5ab397801a91fa39e0a652656064 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:26:34 -0400 Subject: [PATCH 0055/1184] azuracast/defaults/main.yml: Grammar typo --- roles/azuracast/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/defaults/main.yml b/roles/azuracast/defaults/main.yml index 423682c12..450ba867a 100644 --- a/roles/azuracast/defaults/main.yml +++ b/roles/azuracast/defaults/main.yml @@ -9,7 +9,7 @@ ## AzuraCast needs many ports in the 8000:8496 range by default, but IIAB ## services conflict, so this variable below sets a sane prefix. -## e.g. setting the below variable to 12 will result in port ranges 12000-12499 +## e.g. setting the below variable to 12 will result in port range 12000-12499 ## being reserved for AzuraCast: # azuracast_port_range_prefix: 12 From f6d1c9861688f37d8637cdb13d4746bcb3adf5a1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:27:38 -0400 Subject: [PATCH 0056/1184] default_vars.yml: Grammar typo RE: AzuraCast port range --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 045102f0d..d41ca1e82 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -383,7 +383,7 @@ azuracast_https_port: 12443 # # AzuraCast needs many ports in the 8000:8496 range by default, but IIAB # services conflict, so this variable below sets a sane prefix. -# e.g. setting the below variable to 12 will result in port ranges 12000-12499 +# e.g. setting the below variable to 12 will result in port range 12000-12499 # being reserved for AzuraCast: azuracast_port_range_prefix: 12 From 41140c65164294f30497b569d7164499d466b64c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:31:38 -0400 Subject: [PATCH 0057/1184] Update local_vars_unittest.yml --- vars/local_vars_unittest.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 7015d826d..f0fd76f47 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -233,10 +233,6 @@ nodocs: False # 6-GENERIC-APPS -# Simple, Self-Hosted Web Radio - from AzuraCast.com -azuracast_install: False -azuracast_enabled: False # This var is currently IGNORED. - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False @@ -368,6 +364,10 @@ vnstat_enabled: False # 9-LOCAL-ADDONS +# Simple, Self-Hosted Web Radio - from AzuraCast.com +azuracast_install: False +azuracast_enabled: False # This var is currently IGNORED. + # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively later refined (PRs #1179, #1300, #1327, #2070). From d7b1a99f4a23c4c7031d041628b24e14265adc00 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:31:43 -0400 Subject: [PATCH 0058/1184] Update local_vars_small.yml --- vars/local_vars_small.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 783009ab8..7e3092cbe 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -233,10 +233,6 @@ nodocs: False # 6-GENERIC-APPS -# Simple, Self-Hosted Web Radio - from AzuraCast.com -azuracast_install: False -azuracast_enabled: False # This var is currently IGNORED. - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False @@ -368,6 +364,10 @@ vnstat_enabled: False # 9-LOCAL-ADDONS +# Simple, Self-Hosted Web Radio - from AzuraCast.com +azuracast_install: False +azuracast_enabled: False # This var is currently IGNORED. + # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively later refined (PRs #1179, #1300, #1327, #2070). From 6b51db6865a2a9fe4a6326c8d835af60d99c10ce Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:31:49 -0400 Subject: [PATCH 0059/1184] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index c2cbb7708..6e695caeb 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -233,10 +233,6 @@ nodocs: False # 6-GENERIC-APPS -# Simple, Self-Hosted Web Radio - from AzuraCast.com -azuracast_install: False -azuracast_enabled: False # This var is currently IGNORED. - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False @@ -368,6 +364,10 @@ vnstat_enabled: False # 9-LOCAL-ADDONS +# Simple, Self-Hosted Web Radio - from AzuraCast.com +azuracast_install: False +azuracast_enabled: False # This var is currently IGNORED. + # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively later refined (PRs #1179, #1300, #1327, #2070). From f7afb80bb0e5dd54d7d8c448ec1492d5489a0f62 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:31:54 -0400 Subject: [PATCH 0060/1184] Update local_vars_large.yml --- vars/local_vars_large.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 588868b7f..624b01603 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -233,10 +233,6 @@ nodocs: False # 6-GENERIC-APPS -# Simple, Self-Hosted Web Radio - from AzuraCast.com -azuracast_install: False -azuracast_enabled: False # This var is currently IGNORED. - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: True gitea_enabled: True @@ -368,6 +364,10 @@ vnstat_enabled: True # 9-LOCAL-ADDONS +# Simple, Self-Hosted Web Radio - from AzuraCast.com +azuracast_install: False +azuracast_enabled: False # This var is currently IGNORED. + # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively later refined (PRs #1179, #1300, #1327, #2070). From 632085548ddf70b447d5dd270adf2f3841912bdc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 7 Sep 2022 09:10:05 -0500 Subject: [PATCH 0061/1184] Allow for NM with RPiOS https://www.raspberrypi.com/news/the-latest-update-to-raspberry-pi-os/ --- roles/network/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 67f9d28e7..c8b9aeac1 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -82,9 +82,9 @@ include_tasks: sysd-netd-debian.yml when: is_debuntu and systemd_networkd_active - - name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active + - name: Raspbian can use dhcpcd only with no N-M or SYS-NETD active include_tasks: rpi_debian.yml - when: is_raspbian + when: is_raspbian and not network_manager_active - name: Not RPi, Not NetworkManager, Not systemd-networkd in use include_tasks: debian.yml From 93490933bee66d30691a52049f48e843b050dc40 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 12:44:02 -0400 Subject: [PATCH 0062/1184] kolibri/tasks/install.yml: spacing around if/else block --- roles/kolibri/tasks/install.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 91d347701..b9826cdc2 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -31,6 +31,7 @@ content: 'KOLIBRI_HOME="{{ kolibri_home }}"' dest: /etc/kolibri/daemon.conf + - name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest @@ -106,6 +107,7 @@ when: kolibri_deb_url is undefined + - name: 'Install from template: /etc/systemd/system/kolibri.service' template: src: kolibri.service.j2 From b2e1fc609a14205ab8ad087c8235b07c04ceed6f Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 13:24:53 -0400 Subject: [PATCH 0063/1184] kolibri/tasks/install.yml: Mention @jredrejo's Ansible scripts --- roles/kolibri/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index b9826cdc2..4aedc53ae 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -1,3 +1,9 @@ +# 2022-09-08 @jredrejo's Ansible install scripts may provide guidelines: +# https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/common.yml +# https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/install.yml +# https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/offline.yml +# https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/online.yml + - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" From 17096e78b4a8306020c31a90ad8828bc74958310 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:00:33 -0400 Subject: [PATCH 0064/1184] remoteit/tasks/enable-or-disable.yml: Don't fail if svc(s) missing --- roles/remoteit/tasks/enable-or-disable.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 2d5570767..c80830a8b 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -43,6 +43,7 @@ with_items: - connectd - schannel + ignore_errors: yes when: not remoteit_enabled - name: Stop & Disable "Remote tcp connection services" remoteit@* found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service From 3b67ff0547f502396464aa62dae5da2d0ba0f1f9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:46:24 -0400 Subject: [PATCH 0065/1184] azuracast/defaults/main.yml: "# azuracast_port_range_prefix: 10" for now --- roles/azuracast/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/defaults/main.yml b/roles/azuracast/defaults/main.yml index 450ba867a..86bc22db7 100644 --- a/roles/azuracast/defaults/main.yml +++ b/roles/azuracast/defaults/main.yml @@ -11,7 +11,7 @@ ## services conflict, so this variable below sets a sane prefix. ## e.g. setting the below variable to 12 will result in port range 12000-12499 ## being reserved for AzuraCast: -# azuracast_port_range_prefix: 12 +# azuracast_port_range_prefix: 10 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From cd88b73b4e0ec44e6e2da791fa0e711d9b1bd6f1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:47:07 -0400 Subject: [PATCH 0066/1184] default_vars.yml: "azuracast_port_range_prefix: 10" for now --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index d41ca1e82..9b4cff1dc 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -385,7 +385,7 @@ azuracast_https_port: 12443 # services conflict, so this variable below sets a sane prefix. # e.g. setting the below variable to 12 will result in port range 12000-12499 # being reserved for AzuraCast: -azuracast_port_range_prefix: 12 +azuracast_port_range_prefix: 10 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 #dokuwiki_install: False From f2e771f63a81f29c472cd39eb79131ded902ddac Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:54:26 -0400 Subject: [PATCH 0067/1184] azuracast/defaults/main.yml: Doc tweak --- roles/azuracast/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/defaults/main.yml b/roles/azuracast/defaults/main.yml index 86bc22db7..a3cd24908 100644 --- a/roles/azuracast/defaults/main.yml +++ b/roles/azuracast/defaults/main.yml @@ -9,7 +9,7 @@ ## AzuraCast needs many ports in the 8000:8496 range by default, but IIAB ## services conflict, so this variable below sets a sane prefix. -## e.g. setting the below variable to 12 will result in port range 12000-12499 +## e.g. setting the below variable to 10 will result in port range 10000-10499 ## being reserved for AzuraCast: # azuracast_port_range_prefix: 10 From 43546a8a39bb2c846ae8373eb624fd9be4c60ae6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:55:27 -0400 Subject: [PATCH 0068/1184] default_vars.yml: AzuraCast ports doc tweak --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9b4cff1dc..920bb6bc3 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -383,7 +383,7 @@ azuracast_https_port: 12443 # # AzuraCast needs many ports in the 8000:8496 range by default, but IIAB # services conflict, so this variable below sets a sane prefix. -# e.g. setting the below variable to 12 will result in port range 12000-12499 +# e.g. setting the below variable to 10 will result in port range 10000-10499 # being reserved for AzuraCast: azuracast_port_range_prefix: 10 From 1cea2cf995623c9881c123ba9311c56a14536b31 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 15:01:26 -0400 Subject: [PATCH 0069/1184] azuracast/README.rst: Port numbers doc fix --- roles/azuracast/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index f230ae7a9..3e61395e7 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -30,7 +30,7 @@ Using It * That console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! -NOTE: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 12000-12100 `_ (port 12443 may also be required!) +NOTE: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 10000-10499 `_ (ports 12080 and 12443 may also be required!) AzuraCast Docs -------------- From ca73d07705b37eed9271103ecde94d957eb348e4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Sep 2022 16:09:25 -0400 Subject: [PATCH 0070/1184] Recommend ansible-core 2.13.4 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index a8dfadfae..58513b6b5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] -GOOD_VER=2.13.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 09c26c8544f47081557eb5e565373e40789fe386 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 15 Sep 2022 09:45:20 -0400 Subject: [PATCH 0071/1184] plocate: Faster & smaller than locate & mlocate --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 889f9bd3f..e4abadc49 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -15,7 +15,8 @@ - logrotate # 67kB download: RasPiOS installs this regardless #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles - - mlocate # 92kB download + #- mlocate # 92kB download + - plocate # 97kB download: Faster & smaller than locate & mlocate #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs From 799f47b950ccc5db63575ad2c2cc148473aa1b20 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Sep 2022 21:02:18 -0400 Subject: [PATCH 0072/1184] sshpwd-lxde-iiab.sh.j2: sudo to verify /etc/shadow --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index 23d0816ec..e61f4dfec 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(grep "^$1:" /etc/shadow | cut -d: -f2) + field2=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 8ed159b5c2c181bed53128d32bc1b7dbfeab2f3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Sep 2022 21:08:38 -0400 Subject: [PATCH 0073/1184] sshpwd-profile-iiab.sh.j2: sudo to verify /etc/shadow --- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index 24d87886c..7cea14c41 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -16,7 +16,8 @@ check_user_pwd() { #[ $(id -un) = "root" ] || return 2 #[ $(id -un) = "root" ] || [ $(id -un) = "iiab-admin" ] || return 2 - [ -r /etc/shadow ] || return 2 # FORCE ERROR if /etc/shadow not readable + + #[ -r /etc/shadow ] || return 2 # FORCE ERROR if /etc/shadow not readable # *BUT* overall bash script still returns exit code 0 ("success"). #id -u $1 > /dev/null 2>&1 || return 2 # Not needed if return 1 is good @@ -25,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(grep "^$1:" /etc/shadow | cut -d: -f2) + field2=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From bdbdefa129e0a98eeb0834df0e5f811c3adf10a4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Sep 2022 21:37:57 -0400 Subject: [PATCH 0074/1184] sshpwd-lxde-iiab.sh.j2: 'sudo -n' avoids pwd prompts --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index e61f4dfec..e755bd638 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2) + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 763c6258c7af5daa50baca3c31f82cff1916e5ed Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Sep 2022 21:38:52 -0400 Subject: [PATCH 0075/1184] sshpwd-profile-iiab.sh.j2: 'sudo -n' avoids pwd prompts --- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index 7cea14c41..1dc7d0c2f 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 1aafc818a474230f8e69004683bb2ee0d3131e5f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Sep 2022 00:22:44 -0400 Subject: [PATCH 0076/1184] sshpwd-profile-iiab.sh.j2: Explain 'sudo -s' exception --- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index 1dc7d0c2f..7443f00ce 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # sets field2 to "" if sudo -s fails to read /etc/shadow [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 2b47baa85dadc9aac7562947cda4fe5a2d764be1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Sep 2022 00:25:41 -0400 Subject: [PATCH 0077/1184] sshpwd-lxde-iiab.sh.j2: Explain 'sudo -s' exception --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index e755bd638..f28fe8639 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # sets field2 to "" if sudo -s fails to read /etc/shadow [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 3132f79e16e55d795a10da8b50ee7074fe0d0a8b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Sep 2022 00:30:09 -0400 Subject: [PATCH 0078/1184] Update sshpwd-profile-iiab.sh.j2 --- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index 7443f00ce..aead6273a 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # sets field2 to "" if sudo -s fails to read /etc/shadow + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From e94c65f6ab82fd8e0ef3b88907ae41a15475d223 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Sep 2022 00:30:37 -0400 Subject: [PATCH 0079/1184] Update sshpwd-lxde-iiab.sh.j2 --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index f28fe8639..e41dde542 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # sets field2 to "" if sudo -s fails to read /etc/shadow + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 3ad29ffc5920c8a0bb78f0d459d1b077419a3c06 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 22 Sep 2022 10:44:31 -0400 Subject: [PATCH 0080/1184] add 2 utility scripts --- iiab-setup | 19 +++++++++++++++++++ iiab-upgrade | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 iiab-setup create mode 100644 iiab-upgrade diff --git a/iiab-setup b/iiab-setup new file mode 100644 index 000000000..38541e820 --- /dev/null +++ b/iiab-setup @@ -0,0 +1,19 @@ +#!/bin/bash -e +# Running from a git repo +# Assumes iiab repos are downloaded + +apt -y update +apt -y full-upgrade + +apt -y install git curl nano gawk wget pastebinit + +cd /opt/iiab/iiab +scripts/ansible + +mkdir -p /etc/iiab/install-flags + +if [ ! -f /etc/iiab/local_vars.yml ]; then + cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml +fi + +reboot diff --git a/iiab-upgrade b/iiab-upgrade new file mode 100644 index 000000000..d2a743c74 --- /dev/null +++ b/iiab-upgrade @@ -0,0 +1,46 @@ +#!/bin/bash -e +# Running from a git repo + +if [ ! -f /etc/iiab/local_vars.yml ]; then + echo -e "\nEXITING: IIAB is not already installed so can't upgrade\n" >&2 + exit 1 +fi + +echo -e "\nWARNING: Upgrades are not guaranteed to be compatible with previous installs\n" >&2 +echo -e "\Please make sure you know what you are doing.\n" >&2 +echo -e "\Press CTL-C to STOP or to continue.\n" >&2 +read ans < /dev/tty + +# check that latest version supports current OS +# N.B. install via adm cons assumes is on supported OS + +cd /opt/iiab +rm -rf iiab-latest +git clone https://github.com/iiab/iiab --depth 1 iiab-latest +cd iiab-latest +scripts/local_facts.fact; rc=$? + +if [ $rc -eq 0 ]; then # OS is supported + cd /opt/iiab + if [ ! -d iiab-installed ]; then + mv iiab iiab-installed + else + rm -rf iiab # in case run more than once + fi + + mv iiab-latest iiab + cd iiab + cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact + echo -e "\nIIAB has been Upgraded\n" +else + echo -e "\nYour OS is not supported by the latest IIAB\n" + echo -e "Unable to Upgrade IIAB\n" +fi + +echo -e "\Press CTL-C to STOP or to upgrade Admin Console.\n" >&2 +read ans < /dev/tty + +cd /opt/iiab/iiab-admin-console +git pull +./install +echo -e "IIAB Admin Console has been Upgraded\n\n" From cbe5583142ab03b0e29b73020cbafe9846b6b7a5 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 22 Sep 2022 10:45:38 -0400 Subject: [PATCH 0081/1184] make executable --- iiab-setup | 0 iiab-upgrade | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 iiab-setup mode change 100644 => 100755 iiab-upgrade diff --git a/iiab-setup b/iiab-setup old mode 100644 new mode 100755 diff --git a/iiab-upgrade b/iiab-upgrade old mode 100644 new mode 100755 From b3bad6ea21e6ff271f926ab735454c1d32a22153 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 11:41:31 -0400 Subject: [PATCH 0082/1184] iiab-expand-rootfs: reboot right after 'raspi-config --expand-rootfs' --- roles/1-prep/templates/iiab-expand-rootfs | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 620990893..d727d5623 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -15,6 +15,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config raspi-config --expand-rootfs # REQUIRES A REBOOT + reboot # In future, we might warn interactive users? else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325) # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 From e125fc1e39eda5ffde7f4d07117012484434c618 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 11:47:19 -0400 Subject: [PATCH 0083/1184] iiab-expand-rootfs: 'rm -f /.expand-rootfs /.resize-rootfs' prior to reboot --- roles/1-prep/templates/iiab-expand-rootfs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index d727d5623..9b5b01c9d 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -15,6 +15,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config raspi-config --expand-rootfs # REQUIRES A REBOOT + rm -f /.expand-rootfs /.resize-rootfs reboot # In future, we might warn interactive users? else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325) # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() @@ -54,7 +55,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # # Resize partition # growpart /dev/$root_dev $root_part_no # resize2fs /dev/$root_part + + rm -f /.expand-rootfs /.resize-rootfs fi - - rm -f /.expand-rootfs /.resize-rootfs fi From 939fc0d11cc67780a77c8a80c838aaef7a2f0353 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 11:56:28 -0400 Subject: [PATCH 0084/1184] iiab-expand-rootfs: IGNORE growpart errors for now (good enough!?) --- roles/1-prep/templates/iiab-expand-rootfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 9b5b01c9d..db77f59ec 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -32,7 +32,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then fi # Expand partition - growpart $ROOT_DEV $ROOT_PART_NUM # raspi-config instead uses fdisk + growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? resize2fs $ROOT_PART # 2022-03-15: Legacy code below worked with Raspberry Pi microSD cards From dfdc5eb78c441a511362208cbb3cdcdbbffe9327 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 12:05:20 -0400 Subject: [PATCH 0085/1184] iiab-expand-rootfs: Comment clarif RE: auto-reboot --- roles/1-prep/templates/iiab-expand-rootfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index db77f59ec..90cdb9318 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -16,7 +16,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config raspi-config --expand-rootfs # REQUIRES A REBOOT rm -f /.expand-rootfs /.resize-rootfs - reboot # In future, we might warn interactive users? + reboot # In future, we might warn interactive users that a reboot is coming? else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325) # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 From cf0c21bf1786831de69439e3ba5c5af620e912e2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 13:02:37 -0400 Subject: [PATCH 0086/1184] iiab-install: mkdir -p /etc/iiab/install-flags --- iiab-install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/iiab-install b/iiab-install index b678e7df6..e224c0410 100755 --- a/iiab-install +++ b/iiab-install @@ -81,6 +81,8 @@ fi echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" +mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 (PR #3318 netwarn pop-ups, asking you to run iiab-network) + echo -e "local_facts.fact DIAGNOSTICS... (A FEW LINES OF ERRORS/WARNINGS BELOW ARE OK!)\n" scripts/local_facts.fact # Exit & advise, if OS not supported. From 1000ed9a7b6a664c0c07b00867d079578bb71d19 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 13:05:57 -0400 Subject: [PATCH 0087/1184] iiab-install: Clarify need for /etc/iiab/install-flags --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index e224c0410..03a638549 100755 --- a/iiab-install +++ b/iiab-install @@ -81,7 +81,7 @@ fi echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" -mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 (PR #3318 netwarn pop-ups, asking you to run iiab-network) +mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 (for PR #3318 netwarn pop-ups, asking you to run iiab-network) echo -e "local_facts.fact DIAGNOSTICS... (A FEW LINES OF ERRORS/WARNINGS BELOW ARE OK!)\n" From f5aee8c992c027d5359f72560af61c2f3094528a Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 22 Sep 2022 17:24:48 -0400 Subject: [PATCH 0088/1184] rectification of names --- iiab-upgrade => adm-upgrade | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename iiab-upgrade => adm-upgrade (100%) diff --git a/iiab-upgrade b/adm-upgrade similarity index 100% rename from iiab-upgrade rename to adm-upgrade From f2ace322cc6370fc34008ed3c6f74962ecfa33bf Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 22 Sep 2022 17:30:04 -0500 Subject: [PATCH 0089/1184] Better discription of current configuration when networking is disabled --- roles/network/templates/hostapd/iiab-hotspot-off | 5 +++++ roles/network/templates/hostapd/iiab-hotspot-on | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 78d86cdd1..eb5951c6b 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -1,4 +1,8 @@ #!/bin/bash +{% if not network_enabled %} +echo -e "Networking role disabled\n" +echo -e "For details, see: https://github.com/iiab/iiab/pull/3302\n" +{% else %} sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} systemctl disable hostapd systemctl stop hostapd @@ -36,3 +40,4 @@ exit 0 {% endif %} #wifi_up_down {% endif %} +{% endif %} diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 41b5357a7..04d551774 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -1,4 +1,8 @@ #!/bin/bash +{% if not network_enabled %} +echo -e "Networking role disabled\n" +echo -e "For details, see: https://github.com/iiab/iiab/pull/3302\n" +{% else %} {% if not can_be_ap %} echo -e "\nUH-OH: Your Wi-Fi firmware doesn't support AP mode, according to 'iw list'\n" echo -e "If you add Wi-Fi hardware, run 'cd /opt/iiab/iiab' then 'sudo ./iiab-network'\n" @@ -45,3 +49,4 @@ exit 0 #wifi_up_down {% endif %} {% endif %} +{% endif %} From c9bfa40209d23f36a1f633403549ce69a29b7897 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 22 Sep 2022 21:21:55 -0500 Subject: [PATCH 0090/1184] The rebase dance is BS c9e0af4286e27487e3d1a13e7cb71d908bd35a6e Pushing related work #3353 before other's open PRs #2946 tend to break open PRs when forced to needlessly rebase --- prod.env.j2 => roles/azuracast/templates/prod.env.j2 | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename prod.env.j2 => roles/azuracast/templates/prod.env.j2 (100%) diff --git a/prod.env.j2 b/roles/azuracast/templates/prod.env.j2 similarity index 100% rename from prod.env.j2 rename to roles/azuracast/templates/prod.env.j2 From 8d38ed748f20c53b396cdab949573df7f86fd12c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 22 Sep 2022 22:07:03 -0500 Subject: [PATCH 0091/1184] Clean up nginx template - doesn't quite work yet anyway --- roles/azuracast/templates/azuracast-nginx.conf.j2 | 9 --------- 1 file changed, 9 deletions(-) diff --git a/roles/azuracast/templates/azuracast-nginx.conf.j2 b/roles/azuracast/templates/azuracast-nginx.conf.j2 index 985f10602..e79bc4bed 100644 --- a/roles/azuracast/templates/azuracast-nginx.conf.j2 +++ b/roles/azuracast/templates/azuracast-nginx.conf.j2 @@ -13,12 +13,3 @@ location /radio/ { proxy_set_header X-Script-Name /radio; proxy_pass http://127.0.0.1:{{ azuracast_http_port }}; } - -# http://box/livres -location {{ calibreweb_url3 }}/ { - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url3 }}; - proxy_pass http://127.0.0.1:8083; -} From b4f5e12f19df37ef33cae106f5da86a4725dae70 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 22 Sep 2022 22:11:52 -0500 Subject: [PATCH 0092/1184] Note --- roles/azuracast/templates/azuracast-nginx.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/azuracast/templates/azuracast-nginx.conf.j2 b/roles/azuracast/templates/azuracast-nginx.conf.j2 index e79bc4bed..33ae25476 100644 --- a/roles/azuracast/templates/azuracast-nginx.conf.j2 +++ b/roles/azuracast/templates/azuracast-nginx.conf.j2 @@ -1,3 +1,4 @@ +# work in progress might never be ready as the web interface has setting that would need to match location /azuracast/ proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 10c1bfaad9810b51c5348dfa154a1ccc72572a91 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Fri, 23 Sep 2022 08:38:03 -0400 Subject: [PATCH 0093/1184] moving elsewhere --- adm-upgrade | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) delete mode 100755 adm-upgrade diff --git a/adm-upgrade b/adm-upgrade deleted file mode 100755 index d2a743c74..000000000 --- a/adm-upgrade +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -e -# Running from a git repo - -if [ ! -f /etc/iiab/local_vars.yml ]; then - echo -e "\nEXITING: IIAB is not already installed so can't upgrade\n" >&2 - exit 1 -fi - -echo -e "\nWARNING: Upgrades are not guaranteed to be compatible with previous installs\n" >&2 -echo -e "\Please make sure you know what you are doing.\n" >&2 -echo -e "\Press CTL-C to STOP or to continue.\n" >&2 -read ans < /dev/tty - -# check that latest version supports current OS -# N.B. install via adm cons assumes is on supported OS - -cd /opt/iiab -rm -rf iiab-latest -git clone https://github.com/iiab/iiab --depth 1 iiab-latest -cd iiab-latest -scripts/local_facts.fact; rc=$? - -if [ $rc -eq 0 ]; then # OS is supported - cd /opt/iiab - if [ ! -d iiab-installed ]; then - mv iiab iiab-installed - else - rm -rf iiab # in case run more than once - fi - - mv iiab-latest iiab - cd iiab - cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact - echo -e "\nIIAB has been Upgraded\n" -else - echo -e "\nYour OS is not supported by the latest IIAB\n" - echo -e "Unable to Upgrade IIAB\n" -fi - -echo -e "\Press CTL-C to STOP or to upgrade Admin Console.\n" >&2 -read ans < /dev/tty - -cd /opt/iiab/iiab-admin-console -git pull -./install -echo -e "IIAB Admin Console has been Upgraded\n\n" From c76bd2745d156b9052340a0d674022fb94f167ad Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 24 Sep 2022 08:16:38 -0400 Subject: [PATCH 0094/1184] iiab-expand-rootfs: Make growpart & resize2fs RC visible to bash -x --- roles/1-prep/templates/iiab-expand-rootfs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 90cdb9318..a1fd06772 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -33,7 +33,9 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # Expand partition growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? + rc=$? # Make Return Code visible, for 'bash -x' resize2fs $ROOT_PART + rc=$? # Make RC visible (as above) # 2022-03-15: Legacy code below worked with Raspberry Pi microSD cards # but *not* with USB boot drives, internal spinning disks/SSD's, etc. From c75ab4777c069d3f5747f51ef77d252625d1c9ef Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Sep 2022 19:44:38 -0400 Subject: [PATCH 0095/1184] hostapd.legacy.j2: hostapd tries to start too early on Zero W --- roles/network/templates/hostapd/hostapd.legacy.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/hostapd/hostapd.legacy.j2 b/roles/network/templates/hostapd/hostapd.legacy.j2 index 4094b812a..d6f0acf4f 100644 --- a/roles/network/templates/hostapd/hostapd.legacy.j2 +++ b/roles/network/templates/hostapd/hostapd.legacy.j2 @@ -1,5 +1,9 @@ [Unit] Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +# https://unix.stackexchange.com/questions/257888/systemd-wait-for-network-interface-to-be-up-before-running-service/417839#417839 +# 2022-08-22: #3352 Raspberry Pi Zero W requires 2 lines below... +BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device Before=network.target Wants=network-pre.target From 09f6b292ef472ab78ce48fbe5bf59bb078a56e9d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Sep 2022 19:46:59 -0400 Subject: [PATCH 0096/1184] iiab-clone-wifi.service.j2: hostapd tries to start too early on Zero W --- roles/network/templates/hostapd/iiab-clone-wifi.service.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 b/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 index 87ae2fa09..92ee86c09 100644 --- a/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 +++ b/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 @@ -1,6 +1,10 @@ [Unit] Description=IIAB ap0 clone wifi device Wants=network-pre.target +# https://unix.stackexchange.com/questions/257888/systemd-wait-for-network-interface-to-be-up-before-running-service/417839#417839 +# 2022-08-22: #3352 Raspberry Pi Zero W requires 2 lines below... +BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device After=network-pre.target Before=dhcpcd.service Before=wpa_supplicant.service From 3aae53e6935df2829afa687b2b2a7a24e74bed93 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Sep 2022 12:33:52 -0400 Subject: [PATCH 0097/1184] mongodb/tasks/install.yml: buster -> bullseye on Debian x86_64 --- roles/mongodb/tasks/install.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index ea749db4b..414ddd080 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -83,17 +83,20 @@ args: warn: false - - name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} + - name: Install mongodb-org's Debian bullseye source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: - repo: deb https://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main + # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as + # this was recently added to https://repo.mongodb.org/apt/debian/dists/ + repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" + # 2022-09-27: Soon to change from 'focal' to 'jammy' - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse From 9f0c5f1e5db19e1212d0ab0136cb5e2e2174bfb3 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Sep 2022 16:49:34 -0400 Subject: [PATCH 0098/1184] Force-install libssl1.1 if MongoDB needed on Ubuntu >= 22.04 --- iiab-install | 9 ++++----- iiab-setup | 3 ++- roles/0-init/tasks/main.yml | 5 ++++- roles/7-edu-apps/tasks/main.yml | 2 +- roles/mongodb/defaults/main.yml | 4 ++-- roles/mongodb/tasks/install.yml | 33 ++++++++++++++++++++++++++++----- roles/mongodb/tasks/main.yml | 2 +- 7 files changed, 42 insertions(+), 16 deletions(-) diff --git a/iiab-install b/iiab-install index 03a638549..156fb71bb 100755 --- a/iiab-install +++ b/iiab-install @@ -81,15 +81,14 @@ fi echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" -mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 (for PR #3318 netwarn pop-ups, asking you to run iiab-network) +mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 +echo -e "/etc/iiab/install-flags directory created/verified." +echo -e "(e.g. for PR #3318 netwarn pop-ups, asking you to run iiab-network)\n" echo -e "local_facts.fact DIAGNOSTICS... (A FEW LINES OF ERRORS/WARNINGS BELOW ARE OK!)\n" - scripts/local_facts.fact # Exit & advise, if OS not supported. -if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then - mkdir -p /etc/ansible/facts.d -fi +mkdir -p /etc/ansible/facts.d cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact echo -e "\nPlaced /etc/ansible/facts.d/local_facts.fact into position." diff --git a/iiab-setup b/iiab-setup index 38541e820..359967bc2 100755 --- a/iiab-setup +++ b/iiab-setup @@ -10,7 +10,8 @@ apt -y install git curl nano gawk wget pastebinit cd /opt/iiab/iiab scripts/ansible -mkdir -p /etc/iiab/install-flags +# 2022-09-27: iiab-install now handles this +#mkdir -p /etc/iiab/install-flags if [ ! -f /etc/iiab/local_vars.yml ]; then cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index c8429a4ea..50047da46 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -9,9 +9,10 @@ # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml - name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 11 vars -- here we extract 3 of those -- rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, iiab_stage: {{ ansible_local.local_facts.stage }}" set_fact: + iiab_stage: "{{ ansible_local.local_facts.stage }}" rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" - iiab_stage: "{{ ansible_local.local_facts.stage }}" + os_ver: "{{ ansible_local.local_facts.os_ver }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. @@ -92,6 +93,8 @@ value: "{{ rpi_model }}" - option: devicetree_model value: "{{ devicetree_model }}" + - option: os_ver + value: "{{ os_ver }}" - option: first_run value: "{{ first_run }}" - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index b7dd56855..3e991bed7 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: sugarizer_install - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index f42149f8e..e1acd8fb0 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,8 +20,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail on -# "pre-2011" CPU's lacking AVX. VERIFY both X.Y versions exist (+ work!) below: +mongodb_64bit_version: 4.4 # 5.0 and 6.0 also work as of 2022-09-27, but fail +# on "pre-2011" CPU's w/o AVX. VERIFY both X.Y versions exist (+ work!) below: # # 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com # 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 414ddd080..e56229b18 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -92,7 +92,6 @@ # this was recently added to https://repo.mongodb.org/apt/debian/dists/ repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main - state: present filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" @@ -100,22 +99,47 @@ - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse - state: present filename: mongodb-org when: not (is_debian and ansible_architecture == "x86_64") + # 2022-09-27: Workaround to install MongoDB on Ubuntu 22.04+, which include + # libssl3 instead of libssl1.1 -- https://github.com/iiab/iiab/issues/3190 + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931 + # https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 + # echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list + # sudo apt-get update + # sudo apt-get install libssl1.1 + # rm /etc/apt/sources.list.d/focal-security.list + + - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + apt_repository: + repo: deb http://security.ubuntu.com/ubuntu focal-security main + #filename: focal-security # If filename focal-security.list is preferred + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + + - name: Install libssl1.1 if Ubuntu 22.04+ (required by MongoDB below) + package: + name: libssl1.1 + state: present + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + + - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + apt_repository: + repo: deb http://security.ubuntu.com/ubuntu focal-security main + state: absent + #filename: focal-security # 100% IGNORED during repo deletion + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 # apt_repository: # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # state: present # filename: mongodb-org # when: is_raspbian and ansible_architecture == "aarch64" # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only # apt_repository: # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # state: present # filename: mongodb-org # when: is_linuxmint @@ -126,7 +150,6 @@ # # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse # #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse - # state: present # filename: mongodb-org # when: is_ubuntu and not is_linuxmint diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 3365e818a..748493c68 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -29,7 +29,7 @@ - debug: var: rpi_model # 0-init sets it from ansible_local.local_facts.rpi_model - debug: - var: ansible_local.local_facts.os_ver # Like OS_VER in /etc/iiab/iiab.env + var: os_ver # Equivalent to ansible_local.local_facts.os_ver and OS_VER in /etc/iiab/iiab.env - debug: var: is_debian - debug: From d4a7bddfe9c45e29668eedbc5387b8f5f3381ff1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Sep 2022 17:10:47 -0400 Subject: [PATCH 0099/1184] iiab-install: Cleaner (reordered) on-screen output --- iiab-install | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/iiab-install b/iiab-install index 156fb71bb..5ae96be74 100755 --- a/iiab-install +++ b/iiab-install @@ -81,16 +81,16 @@ fi echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" -mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 -echo -e "/etc/iiab/install-flags directory created/verified." -echo -e "(e.g. for PR #3318 netwarn pop-ups, asking you to run iiab-network)\n" - echo -e "local_facts.fact DIAGNOSTICS... (A FEW LINES OF ERRORS/WARNINGS BELOW ARE OK!)\n" scripts/local_facts.fact # Exit & advise, if OS not supported. mkdir -p /etc/ansible/facts.d cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact -echo -e "\nPlaced /etc/ansible/facts.d/local_facts.fact into position." +echo -e "\nPlaced /etc/ansible/facts.d/local_facts.fact into position.\n" + +mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 +echo -e "/etc/iiab/install-flags directory created/verified." +echo -e "(e.g. for PR #3318 netwarn pop-ups, asking you to run iiab-network)\n" if [ ! -f $PLAYBOOK ]; then echo "EXITING: IIAB Playbook ""$PLAYBOOK"" not found." From b6e515e858985d1675e1b025234ec7e58b305989 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Sep 2022 22:04:24 -0400 Subject: [PATCH 0100/1184] Encourage pre-release testing of Moodle 4.1 LTS if PHP >= 8.1 --- roles/7-edu-apps/tasks/main.yml | 2 +- roles/moodle/defaults/main.yml | 7 ++++++- roles/moodle/tasks/install.yml | 15 +++++++++++---- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 3e991bed7..8f223b1fd 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: moodle_install - name: OSM-VECTOR-MAPS include_role: diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index d04d05006..d455ddd7e 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -7,7 +7,12 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -moodle_version: 400 + +# 2022-09-27: Currently testing Moodle's master branch is mandatory if your +# OS PHP >= 8.1 -- see moodle/tasks/install.yml for detail! +# (Any moodle_version setting below applies IF-AND-ONLY-IF your OS PHP < 8.1) +#moodle_version: master # Try Moodle's "weekly" 4.1dev pre-release, even if OS PHP < 8.1 +moodle_version: MOODLE_400_STABLE # Use Moodle 4.0 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a58598793..d42cb05e3 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -43,14 +43,21 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~370 MB initially, ~390 MB later) +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} >= 8.1" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "MOODLE_{{ moodle_version }}_STABLE" - #version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/ - #ignore_errors: yes + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022) + when: php_version is version('8.1', '>=') + +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} < 8.1 + git: + repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle + dest: "{{ moodle_base }}" # /opt/iiab/moodle + depth: 1 + version: "{{ moodle_version }}" # e.g. master or MOODLE_400_STABLE + when: php_version is version('8.1', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 2d6fc6fe85b4f30b7eede7c5d7e21de455273a00 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Sep 2022 17:17:03 -0400 Subject: [PATCH 0101/1184] mediawiki/defaults/main.yml: Version 1.38.3 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index ca21a0ad4..c9554413d 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 2 +mediawiki_minor_version: 3 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 86ae2bb9a1ae1b919eea4b700395b363ce2cabdd Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Sep 2022 19:40:25 -0400 Subject: [PATCH 0102/1184] Skip 'docker.sh setup-release' --- roles/azuracast/tasks/install.yml | 18 ++++++++---------- ....conf.j2 => azuracast-nginx.conf.j2.unused} | 0 2 files changed, 8 insertions(+), 10 deletions(-) rename roles/azuracast/templates/{azuracast-nginx.conf.j2 => azuracast-nginx.conf.j2.unused} (100%) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 5f4e43ff6..df4e9903a 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -7,16 +7,12 @@ template: src: prod.env.j2 dest: "{{ azuracast_host_dir }}/.env" - #owner: root - #group: root mode: 0644 #- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template # template: # src: docker-compose.override.yml.j2 # dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" - #owner: root - #group: root # mode: 0644 - name: AzuraCast - Download {{ docker_sh_url }} to {{ azuracast_host_dir }} @@ -50,8 +46,6 @@ template: src: azuracast.env dest: "{{ azuracast_host_dir }}/" - #owner: root - #group: root mode: 0644 - name: AzuraCast - Make directory {{ docker_container_dir }} @@ -65,10 +59,14 @@ path: /var/lib/docker state: link -- name: AzuraCast - Setup for stable channel install - shell: "yes 'Y' | /bin/bash docker.sh setup-release" - args: - chdir: "{{ azuracast_host_dir }}" +# 2022-09-28: "yes 'Y'" toggled whatever it found in /opt/azuracast/.env (e.g. +# AZURACAST_VERSION=stable from templates/prod.env.j2) to the opposite (e.g. +# AZURACAST_VERSION=latest). Let's not modify /opt/azuracast/.env unless nec! +# +# - name: AzuraCast - Setup for stable channel install +# shell: "yes 'Y' | /bin/bash docker.sh setup-release" +# args: +# chdir: "{{ azuracast_host_dir }}" - name: AzuraCast - Run the installer shell: "yes '' | /bin/bash docker.sh install" diff --git a/roles/azuracast/templates/azuracast-nginx.conf.j2 b/roles/azuracast/templates/azuracast-nginx.conf.j2.unused similarity index 100% rename from roles/azuracast/templates/azuracast-nginx.conf.j2 rename to roles/azuracast/templates/azuracast-nginx.conf.j2.unused From 17fb922f8d6ccfeed97db893bd81b2c00dd12c20 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Sep 2022 21:03:44 -0400 Subject: [PATCH 0103/1184] azuracast/README.rst: Link to more of their docs --- roles/azuracast/README.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 3e61395e7..3514bb56f 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -37,5 +37,9 @@ AzuraCast Docs - https://docs.azuracast.com - https://docs.azuracast.com/en/getting-started/installation/post-installation-steps -- https://docs.azuracast.com/en/getting-started/updates +- https://docs.azuracast.com/en/getting-started/settings +- https://docs.azuracast.com/en/getting-started/updates (can *DAMAGE* AzuraCast as of 2022-09-28) - https://docs.azuracast.com/en/user-guide/streaming-software +- https://docs.azuracast.com/en/user-guide/troubleshooting +- https://docs.azuracast.com/en/user-guide/logs +- https://docs.azuracast.com/en/administration/docker From c3efbb7defb76a9ac680a54831d79b839036e496 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Sep 2022 22:01:25 -0400 Subject: [PATCH 0104/1184] Rename azuracast.env.j2; Try w/o docker-compose.yml --- roles/azuracast/tasks/install.yml | 23 +++++++++++-------- .../{azuracast.env => azuracast.env.j2} | 0 2 files changed, 13 insertions(+), 10 deletions(-) rename roles/azuracast/templates/{azuracast.env => azuracast.env.j2} (100%) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index df4e9903a..89e611376 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -7,7 +7,7 @@ template: src: prod.env.j2 dest: "{{ azuracast_host_dir }}/.env" - mode: 0644 + #mode: 0644 #- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template # template: @@ -22,12 +22,15 @@ mode: 0755 timeout: "{{ download_timeout }}" -- name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }} - get_url: - url: "{{ docker_compose_url }}" - dest: "{{ azuracast_host_dir }}/docker-compose.yml" - mode: 0755 - timeout: "{{ download_timeout }}" +# 2022-09-28: https://docs.azuracast.com/en/getting-started/installation/docker +# suggests this step might not be necessary. +# +# - name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }} +# get_url: +# url: "{{ docker_compose_url }}" +# dest: "{{ azuracast_host_dir }}/docker-compose.yml" +# mode: 0755 +# timeout: "{{ download_timeout }}" #- name: AzuraCast - Make changes to docker.sh script so it runs headless # lineinfile: @@ -44,9 +47,9 @@ - name: AzuraCast - Install {{ azuracast_host_dir }}/azuracast.env for altered ports template: - src: azuracast.env - dest: "{{ azuracast_host_dir }}/" - mode: 0644 + src: azuracast.env.j2 + dest: "{{ azuracast_host_dir }}/azuracast.env" + #mode: 0644 - name: AzuraCast - Make directory {{ docker_container_dir }} file: diff --git a/roles/azuracast/templates/azuracast.env b/roles/azuracast/templates/azuracast.env.j2 similarity index 100% rename from roles/azuracast/templates/azuracast.env rename to roles/azuracast/templates/azuracast.env.j2 From b852f015ab2d7c4077f8c14e4b56d08f72cf5db0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Sep 2022 22:17:33 -0400 Subject: [PATCH 0105/1184] 2-common/tasks/packages.yml: Update comment --- roles/2-common/tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index e4abadc49..6919a7084 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 16 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, mlocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 16 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, plocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events From e595328fc1547e4f481e274ffa7b4b94582a46ac Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Sep 2022 22:33:05 -0400 Subject: [PATCH 0106/1184] Simplified azuracast/tasks/install.yml --- roles/azuracast/tasks/install.yml | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 89e611376..1de892984 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -7,13 +7,11 @@ template: src: prod.env.j2 dest: "{{ azuracast_host_dir }}/.env" - #mode: 0644 -#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template -# template: -# src: docker-compose.override.yml.j2 -# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" -# mode: 0644 +- name: AzuraCast - Install {{ azuracast_host_dir }}/azuracast.env for altered ports + template: + src: azuracast.env.j2 + dest: "{{ azuracast_host_dir }}/azuracast.env" - name: AzuraCast - Download {{ docker_sh_url }} to {{ azuracast_host_dir }} get_url: @@ -22,14 +20,18 @@ mode: 0755 timeout: "{{ download_timeout }}" +#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template +# template: +# src: docker-compose.override.yml.j2 +# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" + # 2022-09-28: https://docs.azuracast.com/en/getting-started/installation/docker -# suggests this step might not be necessary. +# (& testing) confirm this is done automatically by 'docker.sh install' below. # # - name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }} # get_url: # url: "{{ docker_compose_url }}" # dest: "{{ azuracast_host_dir }}/docker-compose.yml" -# mode: 0755 # timeout: "{{ download_timeout }}" #- name: AzuraCast - Make changes to docker.sh script so it runs headless @@ -45,12 +47,6 @@ # regexp: "^( *- \\')8([0-9]{3})\\:8([0-9]{3}\\'.*)$" # replace: "\\g<1>{{ azuracast_port_range_prefix }}\\g<2>:{{ azuracast_port_range_prefix }}\\g<3>" -- name: AzuraCast - Install {{ azuracast_host_dir }}/azuracast.env for altered ports - template: - src: azuracast.env.j2 - dest: "{{ azuracast_host_dir }}/azuracast.env" - #mode: 0644 - - name: AzuraCast - Make directory {{ docker_container_dir }} file: path: "{{ docker_container_dir }}" From c43d408711e22d0117994a909d87433d2b9a9864 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Sep 2022 00:31:17 -0400 Subject: [PATCH 0107/1184] azuracast/tasks/install.yml comment sequencing --- roles/azuracast/tasks/install.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 1de892984..21bcefa8b 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -20,10 +20,12 @@ mode: 0755 timeout: "{{ download_timeout }}" -#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template -# template: -# src: docker-compose.override.yml.j2 -# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" +#- name: AzuraCast - Make changes to docker.sh script so it runs headless +# lineinfile: +# path: "{{ azuracast_host_dir }}/docker.sh" +# regexp: "^(.*)read reply.*" +# line: "\\1reply='Y'" +# backrefs: yes # 2022-09-28: https://docs.azuracast.com/en/getting-started/installation/docker # (& testing) confirm this is done automatically by 'docker.sh install' below. @@ -34,12 +36,10 @@ # dest: "{{ azuracast_host_dir }}/docker-compose.yml" # timeout: "{{ download_timeout }}" -#- name: AzuraCast - Make changes to docker.sh script so it runs headless -# lineinfile: -# path: "{{ azuracast_host_dir }}/docker.sh" -# regexp: "^(.*)read reply.*" -# line: "\\1reply='Y'" -# backrefs: yes +#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template +# template: +# src: docker-compose.override.yml.j2 +# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" #- name: Change default port number range 8xxx:8xxx to {{ azuracast_port_range_prefix }}xxx:{{ azuracast_port_range_prefix }}xxx icecast-stations in docker-compose.yml # replace: From f21a58e5900d17f767e427bc7c1b85cca0d5315c Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Sep 2022 01:55:46 -0400 Subject: [PATCH 0108/1184] Explain './runrole --reinstall azuracast' workaround --- roles/azuracast/tasks/install.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 21bcefa8b..8ce9474d2 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -1,3 +1,30 @@ +# 2022-09-29: './runrole --reinstall azuracast' is NOT supported! +# +# 1. But if you must, first completely uninstall Docker + WIPE AzuraCast data: +# +# apt purge docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-scan-plugin +# rm -rf /library/docker /var/lib/docker /var/lib/containerd +# +# Per https://docs.docker.com/engine/install/ubuntu/#uninstall-docker-engine +# +# 2. REBOOT to avoid later problems with 'systemctl status docker' -- if you +# don't reboot, Ansible will fail below when 'docker.sh install' fails to +# start docker.service -- likewise if you run './docker.sh install-docker' +# manually in /opt/azuracast. Either way, 'systemctl restart docker' won't +# work for ~2 minutes. (Rebooting avoids all these hassles!) +# +# 3. Just FYI the Docker install process will rebuild its 11 core directories +# in /var/lib/docker -> /library/docker: (as 'docker.sh install' begins) +# +# buildkit containers image network overlay2 plugins runtimes swarm tmp trust volumes +# +# 4. Just FYI both MySQL passwords (MYSQL_PASSWORD & MYSQL_ROOT_PASSWORD) will +# be WIPED from /opt/azuracast/azuracast.env (and new passwords +# auto-generated below, for use inside AzuraCast's Docker container). +# +# 5. Run './runrole --reinstall azuracast' in /opt/iiab/iiab + + - name: AzuraCast - Make config directory {{ azuracast_host_dir }} file: path: "{{ azuracast_host_dir }}" From f2b945a0a9f12c00dc117b308326cc455a7c5898 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Sep 2022 03:17:58 -0400 Subject: [PATCH 0109/1184] azuracast/README.rst: Link to reinstall tech tips (in install.yml) --- roles/azuracast/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 3514bb56f..24d1277da 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -22,6 +22,8 @@ As of 2022-08-31, AzuraCast should run on Ubuntu 22.04 and **64-bit** Raspberry Other Linux distributions may also work, at your own risk, especially if Docker runs smoothly. +NOTE: AzuraCast was designed to be installed *just once* on a fresh OS. So ``./runrole --reinstall azuracast`` is not supported in general. However, if you accidentally damage your AzuraCast software, IIAB has posted `technical tips <./tasks/install.yml>`_ *(use at your own risk!)* in case of emergency. + Using It -------- From f06786e705ef37431f0481d4d0af7a707c73bde3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Sep 2022 17:51:04 -0400 Subject: [PATCH 0110/1184] mediawiki/defaults/main.yml: Version 1.38.4 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index c9554413d..3ab859963 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 3 +mediawiki_minor_version: 4 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From ebb1ac6cc1bc88b0886c6851986205a016ee081a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Oct 2022 21:05:16 -0400 Subject: [PATCH 0111/1184] 0-init: Skip validate_vars.yml on Zero W & Zero 2 W --- roles/0-init/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 50047da46..7425850bd 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -51,6 +51,7 @@ - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml + when: not (rpi_model | regex_search('\bW\b')) - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml From 87ea4720038940bc23e24deeead7f0fb55797b0e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 3 Oct 2022 00:57:12 -0500 Subject: [PATCH 0112/1184] add discovered_wireless_iface to lan_list_result and num_lan_interfaces_result --- roles/network/defaults/main.yml | 2 +- roles/network/tasks/detected_network.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index fd1fa4dcc..82de51aff 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -55,7 +55,7 @@ strict_networking: False iiab_demo_mode: False gui_static_wan: False wan_cidr: "" -virtual_network_devices: "-e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" +virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" # Set defaults for discovery process as strings wifi1: "not found-1" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index e04ae0e20..c4414b5ef 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -166,7 +166,7 @@ when: reserved_device is defined - name: Count LAN ifaces - shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_devices }} | wc -l + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e {{ discovered_wireless_iface }} -e {{ device_gw }} -e {{ exclude_devices }} | wc -l register: num_lan_interfaces_result - name: Calculate number of LAN interfaces including WiFi @@ -175,7 +175,7 @@ # LAN - pick non WAN's - name: Create list of LAN (non WAN) ifaces - shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_devices }} + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e {{ discovered_wireless_iface }} -e {{ device_gw }} -e {{ exclude_devices }} when: num_lan_interfaces != "0" register: lan_list_result From 9f4b99e50d7c18f2c665290fe9743ff9c5754f7b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 3 Oct 2022 01:01:51 -0500 Subject: [PATCH 0113/1184] use item|trim in template --- roles/network/templates/network/systemd-br0-slave.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/network/systemd-br0-slave.j2 b/roles/network/templates/network/systemd-br0-slave.j2 index 15fb5b16e..9c8555286 100644 --- a/roles/network/templates/network/systemd-br0-slave.j2 +++ b/roles/network/templates/network/systemd-br0-slave.j2 @@ -1,6 +1,6 @@ -# /etc/systemd/network/IIAB-Slave-{{ iiab_wired_lan_iface }}.network +# /etc/systemd/network/IIAB-Slave-{{ item|trim }}.network [Match] -Name={{ iiab_wired_lan_iface }} +Name={{ item|trim }} [Link] RequiredForOnline=no From 6b69696f7246b0acba21eae5e836e810e9bc7fbc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 3 Oct 2022 01:03:13 -0500 Subject: [PATCH 0114/1184] use can_be_ap --- roles/network/tasks/rpi_debian.yml | 2 +- roles/network/tasks/sysd-netd-debian.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 4d672ad0b..7020ce7df 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -65,7 +65,7 @@ systemd: name: iiab-clone-wifi state: started - when: wifi_up_down and discovered_wireless_iface != "none" + when: wifi_up_down and can_be_ap - name: Restart the networking service if appropriate systemd: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 35aa0b6b0..0a584f89b 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -55,7 +55,7 @@ systemd: name: iiab-clone-wifi state: started - when: wifi_up_down and discovered_wireless_iface != "none" + when: wifi_up_down and can_be_ap - name: Enable & Restart systemd-networkd.service systemd: From d349f2fe2f5a87eae43433a1041175d63b59dcd6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Oct 2022 23:07:58 -0500 Subject: [PATCH 0115/1184] Restart iiab-clone-wifi if the ap0 device is not detected by ansible #3379 --- roles/network/tasks/rpi_debian.yml | 4 ++-- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 7020ce7df..1df7b4fd9 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -64,8 +64,8 @@ - name: Clone wifi if needed systemd: name: iiab-clone-wifi - state: started - when: wifi_up_down and can_be_ap + state: restarted + when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - name: Restart the networking service if appropriate systemd: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 0a584f89b..57c70e889 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -54,8 +54,8 @@ - name: Clone wifi if needed systemd: name: iiab-clone-wifi - state: started - when: wifi_up_down and can_be_ap + state: restarted + when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - name: Enable & Restart systemd-networkd.service systemd: From 5bbcacbe00256cdd23857187ad652e854eb874db Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Oct 2022 11:52:13 -0400 Subject: [PATCH 0116/1184] Ansible require double backslashes, e.g. with \b "word boundary" anchors --- roles/0-init/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 7425850bd..a12c91156 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -51,7 +51,7 @@ - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml - when: not (rpi_model | regex_search('\bW\b')) + when: not (rpi_model | regex_search('\\bW\\b')) # Ansible require double backslashes, e.g. with \b "word boundary" anchors: https://www.regular-expressions.info/wordboundaries.html https://stackoverflow.com/questions/56869119/ansible-regular-expression-to-match-a-string-and-extract-the-line/56869801#56869801 - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml From 8643285dc9722a42484233acffb05039cfd1fc0e Mon Sep 17 00:00:00 2001 From: root Date: Tue, 4 Oct 2022 19:09:04 -0400 Subject: [PATCH 0117/1184] Auto-install latest/official kiwix-tools + tighten up code --- roles/kiwix/defaults/main.yml | 27 +++++++++++++----- roles/kiwix/tasks/install.yml | 53 ++++++++++------------------------- roles/kiwix/tasks/main.yml | 2 ++ 3 files changed, 37 insertions(+), 45 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 332eb6289..21737efc3 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -21,14 +21,27 @@ # - index = directory for legacy *.zim.idx's kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" -# 3 lines below specify which version(s) of kiwix-tools to download from... -# https://download.iiab.io/packages/ ...as originally obtained from... -# https://download.kiwix.org/release/kiwix-tools/ ...or sometimes... -# https://download.kiwix.org/nightly/ +kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ +#kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ +#kiwix_base_url: "{{ iiab_download_url }}/" # https://download.iiab.io/packages/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0-1 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0-1 -kiwix_version_i686: kiwix-tools_linux-i586-3.3.0-1 +kiwix_arch_dict: + #i386: + i686: i586 + x86_64: x86_64 + armv6l: armhf + armv7l: armhf + aarch64: armhf + +# ansible_architecture can also work: +# https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 +kiwix_arch: "{{ kiwix_arch_dict[ansible_machine] | default('unsupported') }}" + +# Latest official kiwix-tools release, per Kiwix permalink redirects: +# https://www.kiwix.org/en/downloads/kiwix-serve/ +# https://github.com/kiwix/container-images/issues/236 +kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}.tar.gz" +#kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}-3.3.0-1.tar.gz" # Version can be hard-coded if you prefer (as was done til 2022-10-04) # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 3a6c6dcba..f9afc32ff 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -1,42 +1,22 @@ -# 0. SET CPU ARCHITECTURE +# 0. VERIFY CPU/OS ARCHITECTURE SUPPORTED -- name: "Initialize 'kiwix_src_dir: False' just in case CPU architecture is not supported" - set_fact: - kiwix_src_dir: False - -- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71 or aarch64)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_armhf }}" - when: ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64" - -- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_linux64 }}" - when: ansible_machine == "x86_64" - -- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_i686 }}' (i686)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_i686 }}" - when: ansible_machine == "i686" -# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017) - -- name: Force Ansible to exit (FAIL) if kiwix-tools appears unavailable for your architecture ({{ ansible_machine }}) +- name: Force Ansible to exit (FAIL) if kiwix-tools appears unavailable for your CPU/OS architecture ({{ ansible_machine }}) fail: - msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE." - when: not kiwix_src_dir - -- name: "Set fact 'kiwix_src_file: {{ kiwix_src_dir }}.tar.gz'" - set_fact: - kiwix_src_file: "{{ kiwix_src_dir }}.tar.gz" + msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} CPU/OS ARCHITECTURE." + when: kiwix_arch == "unsupported" # 1. PUT IN PLACE: /opt/iiab/downloads/kiwix-tools_linux-*.tar.gz, essential dirs, and test.zim if nec (library.xml is created later, by enable-or-disable.yml) -- name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads +# 2022-10-04: get_url might be removed in future (unarchive below can handle +# everything!) Conversely: (1) unarchive doesn't support timeout (2) one day +# /opt/iiab/downloads might have practical value beyond hoarding (unlikely!) +- name: Download {{ kiwix_base_url }}{{ kiwix_tar_gz }} to /opt/iiab/downloads get_url: - url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # https://download.iiab.io/packages - dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" # /opt/iiab/downloads + url: "{{ kiwix_base_url }}{{ kiwix_tar_gz }}" # e.g. https://download.kiwix.org/release/kiwix-tools/ + kiwix-tools_linux-x86_64.tar.gz + dest: "{{ downloads_dir }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" + register: kiwix_dl # Kiwix URL redirects to a longer filename, including the actual kiwix-tools version (placed in kiwix_dl.dest with its path, for unarchive ~28 lines below) - name: "Create dirs, including parent dirs: {{ kiwix_path }}/bin (executables), {{ iiab_zim_path }}/content (ZIM files), {{ iiab_zim_path }}/index (legacy indexes) (by default 0755)" file: @@ -63,13 +43,11 @@ # 2. INSTALL KIWIX-TOOLS EXECUTABLES -- name: Unarchive {{ kiwix_src_file }} to /tmp # e.g. kiwix-tools_linux-armhf-3.1.2-3.tar.gz +- name: Unarchive {{ kiwix_dl.dest }} to {{ kiwix_path }}/bin -- use '--strip-components=1' to remove tarball's top-level dir during unpacking unarchive: - src: "{{ downloads_dir }}/{{ kiwix_src_file }}" - dest: /tmp - -- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location {{ kiwix_path }}/bin - shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" # /opt/iiab/kiwix + src: "{{ kiwix_dl.dest }}" # See ~28 lines above, e.g. /opt/iiab/downloads/kiwix-tools_linux-x86_64-3.3.0-1.tar.gz + dest: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix/bin + extra_opts: --strip-components=1 # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU @@ -103,7 +81,6 @@ systemd: daemon_reload: yes -# install kiwix app - name: Install Kiwix Android app include_tasks: kiwix-apk.yml when: kiwix_incl_apk diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index ab5064fba..22c8820dc 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -42,6 +42,8 @@ value: "{{ kiwix_install }}" - option: kiwix_enabled value: "{{ kiwix_enabled }}" + - option: kiwix_tar_gz + value: "{{ kiwix_tar_gz }}" - option: kiwix_url value: "{{ kiwix_url }}" - option: kiwix_url_plus_slash From f2b74880e8c59a22ec864bf746e1f80f41d3d5ec Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Oct 2022 19:49:19 -0400 Subject: [PATCH 0118/1184] kiwix/defaults/main.yml: Clarify ansible_machine safer than ansible_architecture --- roles/kiwix/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 21737efc3..acfa7a08b 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -33,8 +33,10 @@ kiwix_arch_dict: armv7l: armhf aarch64: armhf -# ansible_architecture can also work: +# ansible_architecture might also work, if not quite as well: # https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 +# CLAIM: 'ansible_machine might be "i686", whereas ansible_architecture on the same host would be "i386"' +# https://stackoverflow.com/questions/44713880/how-do-i-make-decision-based-on-arch-in-ansible-playbooks/44714226#44714226 kiwix_arch: "{{ kiwix_arch_dict[ansible_machine] | default('unsupported') }}" # Latest official kiwix-tools release, per Kiwix permalink redirects: From 7e86d5e582d3f280eec3ce9610777693ddbc1b46 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Oct 2022 20:02:04 -0400 Subject: [PATCH 0119/1184] kiwix/tasks/install.yml: Clarify get_url "force: yes" implied b/c dest is a dir --- roles/kiwix/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index f9afc32ff..db7b1a9c0 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -15,6 +15,7 @@ get_url: url: "{{ kiwix_base_url }}{{ kiwix_tar_gz }}" # e.g. https://download.kiwix.org/release/kiwix-tools/ + kiwix-tools_linux-x86_64.tar.gz dest: "{{ downloads_dir }}" # /opt/iiab/downloads + #force: yes # Implied b/c dest is a dir! (to recover from incomplete downloads, etc) timeout: "{{ download_timeout }}" register: kiwix_dl # Kiwix URL redirects to a longer filename, including the actual kiwix-tools version (placed in kiwix_dl.dest with its path, for unarchive ~28 lines below) From c1d0bd03dd1e7500c98eb0abab42c6b67068a103 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Oct 2022 20:11:25 -0400 Subject: [PATCH 0120/1184] Untar with '--strip-components=1' to chop tarball's top-level dir from path --- roles/kiwix/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index db7b1a9c0..ab3c8fc27 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -44,7 +44,7 @@ # 2. INSTALL KIWIX-TOOLS EXECUTABLES -- name: Unarchive {{ kiwix_dl.dest }} to {{ kiwix_path }}/bin -- use '--strip-components=1' to remove tarball's top-level dir during unpacking +- name: Unarchive {{ kiwix_dl.dest }} to {{ kiwix_path }}/bin -- untar with '--strip-components=1' to chop tarball's top-level dir from path unarchive: src: "{{ kiwix_dl.dest }}" # See ~28 lines above, e.g. /opt/iiab/downloads/kiwix-tools_linux-x86_64-3.3.0-1.tar.gz dest: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix/bin From ff0384f7783e1068adcaa233ffc2da9a332cd7e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Oct 2022 20:24:06 -0400 Subject: [PATCH 0121/1184] kiwix/defaults/main.yml: Clarify "e.g. https://download.iiab.io/packages/" --- roles/kiwix/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index acfa7a08b..2696974fd 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -23,7 +23,7 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ #kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ -#kiwix_base_url: "{{ iiab_download_url }}/" # https://download.iiab.io/packages/ +#kiwix_base_url: "{{ iiab_download_url }}/" # e.g. https://download.iiab.io/packages/ kiwix_arch_dict: #i386: From 35898a6f92a24ede5d34a24fc4ee46927d596357 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 5 Oct 2022 00:17:37 -0400 Subject: [PATCH 0122/1184] First move /opt/iiab/kiwib/bin aside + Explain better --- roles/kiwix/tasks/enable-or-disable.yml | 18 +++++++++--------- roles/kiwix/tasks/install.yml | 21 +++++++++++++++------ 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index 9f813f4ad..c3b2d617c 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -13,7 +13,7 @@ systemd: name: kiwix-serve enabled: yes - state: started # Not needed...but can't hurt + state: started when: kiwix_enabled @@ -28,15 +28,15 @@ # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" dest: /etc/crontab - when: kiwix_enabled and is_debuntu + when: kiwix_enabled -- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) -# * * * * * user-name command to be executed - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: kiwix_enabled and is_redhat +# - name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) +# # * * * * * user-name command to be executed +# lineinfile: +# # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed +# line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" +# dest: /etc/crontab +# when: kiwix_enabled and is_redhat - name: Enable/Disable/Restart NGINX diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index ab3c8fc27..8a95d52ba 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -6,25 +6,34 @@ when: kiwix_arch == "unsupported" -# 1. PUT IN PLACE: /opt/iiab/downloads/kiwix-tools_linux-*.tar.gz, essential dirs, and test.zim if nec (library.xml is created later, by enable-or-disable.yml) +# 1. PUT IN PLACE: /opt/iiab/downloads/kiwix-tools_linux-*.tar.gz, move /opt/iiab/kiwix/bin aside if nec, create essential dirs, and test.zim if nec (library.xml is created later, by enable-or-disable.yml) # 2022-10-04: get_url might be removed in future (unarchive below can handle # everything!) Conversely: (1) unarchive doesn't support timeout (2) one day # /opt/iiab/downloads might have practical value beyond hoarding (unlikely!) -- name: Download {{ kiwix_base_url }}{{ kiwix_tar_gz }} to /opt/iiab/downloads +- name: Download {{ kiwix_base_url }}{{ kiwix_tar_gz }} into /opt/iiab/downloads (ACTUAL filename should include kiwix-tools version, or nightly build date) get_url: url: "{{ kiwix_base_url }}{{ kiwix_tar_gz }}" # e.g. https://download.kiwix.org/release/kiwix-tools/ + kiwix-tools_linux-x86_64.tar.gz dest: "{{ downloads_dir }}" # /opt/iiab/downloads - #force: yes # Implied b/c dest is a dir! (to recover from incomplete downloads, etc) + #force: yes # Already implied b/c dest is a dir! (to recover from incomplete downloads, etc) timeout: "{{ download_timeout }}" - register: kiwix_dl # Kiwix URL redirects to a longer filename, including the actual kiwix-tools version (placed in kiwix_dl.dest with its path, for unarchive ~28 lines below) + register: kiwix_dl # PATH /opt/iiab/downloads + ACTUAL filename put in kiwix_dl.dest, for unarchive ~28 lines below + +- name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) + stat: + path: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix + register: kiwix_bin + +- name: If so, move {{ kiwix_path }}/bin to {{ kiwix_path }}/bin.DATE_TIME_TZ + shell: "mv {{ kiwix_path }}/bin {{ kiwix_path }}/bin.$(date +%F_%T_%Z)" + when: kiwix_bin.stat.exists - name: "Create dirs, including parent dirs: {{ kiwix_path }}/bin (executables), {{ iiab_zim_path }}/content (ZIM files), {{ iiab_zim_path }}/index (legacy indexes) (by default 0755)" file: path: "{{ item }}" state: directory with_items: - - "{{ kiwix_path }}/bin" # /opt/iiab/kiwix + - "{{ kiwix_path }}/bin" - "{{ iiab_zim_path }}/content" # /library/zims - "{{ iiab_zim_path }}/index" @@ -47,7 +56,7 @@ - name: Unarchive {{ kiwix_dl.dest }} to {{ kiwix_path }}/bin -- untar with '--strip-components=1' to chop tarball's top-level dir from path unarchive: src: "{{ kiwix_dl.dest }}" # See ~28 lines above, e.g. /opt/iiab/downloads/kiwix-tools_linux-x86_64-3.3.0-1.tar.gz - dest: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix/bin + dest: "{{ kiwix_path }}/bin" extra_opts: --strip-components=1 From f02e514cd1c8d18cdee20e1a3ebf641b194d5712 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 5 Oct 2022 08:23:34 -0500 Subject: [PATCH 0123/1184] Move 'hooks' to their respective backends With NetworkManager active, systemd-networkd/networkd-dispatcher are used for br0/ap0 support but the hooks were not being installed on the first pass through network as systemd_networkd_active was not detected when ansibled stated. --- roles/network/tasks/hostapd.yml | 55 ------------------------ roles/network/tasks/rpi_debian.yml | 15 +++++++ roles/network/tasks/sysd-netd-debian.yml | 41 ++++++++++++++++-- 3 files changed, 53 insertions(+), 58 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 99fb6cf41..3df0f2c36 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -55,61 +55,6 @@ # 2022-07-11: Install of iiab-hotspot-on|off moved to network/tasks/main.yml # as required for Admin Console -- name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True - template: - src: hostapd/50-hostapd - dest: /lib/dhcpcd/dhcpcd-hooks/50-hostapd - owner: root - group: root - mode: 0644 - when: is_raspbian and wifi_up_down - -- name: Remove dhcpcd hook for hostapd if WiFi is not split using ap0 - file: - path: /lib/dhcpcd/dhcpcd-hooks/50-hostapd - state: absent - when: is_raspbian and not wifi_up_down - -- name: Create networkd-dispatcher diagnostic hook for recording network events - template: - owner: root - group: root - mode: 0755 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/carrier.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/degraded.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/dormant.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/no-carrier.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/off.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } - when: systemd_networkd_active and discovered_wireless_iface != "none" - -- name: Create networkd-dispatcher hook for hostapd wifi_up_down True - template: - owner: root - group: root - mode: 0755 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } - - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } - - { src: 'hostapd/netd-disp2', dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } - when: systemd_networkd_active and discovered_wireless_iface != "none" and wifi_up_down - -- name: Remove networkd-dispatcher hook wifi_up_down False - file: - path: "{{ item.dest }}" - state: absent - with_items: - - { dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } - - { dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } - - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } - - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } - when: systemd_networkd_active and discovered_wireless_iface != "none" and not wifi_up_down - - name: Enable the Access Point 'hostapd' service systemd: name: hostapd diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 1df7b4fd9..4dbcd97ee 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -20,6 +20,21 @@ dest: /etc/dhcpcd.conf src: network/dhcpcd.conf.j2 +- name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True + template: + src: hostapd/50-hostapd + dest: /lib/dhcpcd/dhcpcd-hooks/50-hostapd + owner: root + group: root + mode: 0644 + when: wifi_up_down + +- name: Remove dhcpcd hook for hostapd if WiFi is not split using ap0 + file: + path: /lib/dhcpcd/dhcpcd-hooks/50-hostapd + state: absent + when: not wifi_up_down + - name: New Raspbian requires country code -- check for it shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' register: country_code diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 57c70e889..c691f8317 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -42,10 +42,45 @@ src: network/systemd-static-net.j2 when: wan_ip != "dhcp" and ( is_ubuntu_16 or not network_manager_active ) - #when: wan_ip != "dhcp" and not is_ubuntu_18 +- name: Create networkd-dispatcher diagnostic hook for recording network events + template: + owner: root + group: root + mode: 0755 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/carrier.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/degraded.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/dormant.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/no-carrier.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/off.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } + when: discovered_wireless_iface != "none" or discovered_wired_iface != "none" -#- name: Stopping services -# include_tasks: down-debian.yml +- name: Create networkd-dispatcher hook for hostapd wifi_up_down True + template: + owner: root + group: root + mode: 0755 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } + - { src: 'hostapd/netd-disp2', dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } + when: discovered_wireless_iface != "none" and wifi_up_down + +- name: Remove networkd-dispatcher hook for wifi_up_down False + file: + path: "{{ item.dest }}" + state: absent + with_items: + - { dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } + when: discovered_wireless_iface != "none" and not wifi_up_down - name: Reload systemd systemd: From 5ab9e0ff76930a53898ecd2bd450df932ee23433 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 6 Oct 2022 07:25:53 -0500 Subject: [PATCH 0124/1184] use ap0 hack only on RPi hardware --- roles/network/tasks/sysd-netd-debian.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index c691f8317..ed627f797 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -58,7 +58,7 @@ - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } when: discovered_wireless_iface != "none" or discovered_wired_iface != "none" -- name: Create networkd-dispatcher hook for hostapd wifi_up_down True +- name: Create networkd-dispatcher hook for ap0 on RPi hardware with wifi_up_down True template: owner: root group: root @@ -69,9 +69,9 @@ - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } - { src: 'hostapd/netd-disp2', dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } - when: discovered_wireless_iface != "none" and wifi_up_down + when: discovered_wireless_iface != "none" and rpi_model != "none" and wifi_up_down -- name: Remove networkd-dispatcher hook for wifi_up_down False +- name: Remove networkd-dispatcher hook for ap0 on RPi hardware with wifi_up_down False file: path: "{{ item.dest }}" state: absent @@ -80,7 +80,7 @@ - { dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } - when: discovered_wireless_iface != "none" and not wifi_up_down + when: discovered_wireless_iface != "none" and rpi_model != "none" and not wifi_up_down - name: Reload systemd systemd: From cf1869bd118459ac95d55112eee8ebce209dfeb8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 03:24:12 -0500 Subject: [PATCH 0125/1184] Revert "shut the log up for #3278" This reverts commit eb3c0a2684c81e6f916c8219c49918e8d304d1da. --- roles/network/tasks/enable_services.yml | 4 +--- roles/network/tasks/install.yml | 2 +- roles/network/tasks/sysd-netd-debian.yml | 1 - 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 4566c00bb..efbd3e12a 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -95,8 +95,6 @@ #- debug: # var: nd_dir -# networkd-dispatcher not enabled for is_linuxmint https://github.com/iiab/iiab/issues/3278 -# might need the same dispatcher treatment using networkmanager-dispatcher to bring up dnsmasq or look at dnsmasq-iiab - name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04 or later) (root:root by default) template: src: roles/network/templates/network/dnsmasq.sh.j2 @@ -109,7 +107,7 @@ #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") -- name: Remove /etc/dnsmasq.d/iiab.conf, when is Appliance +- name: Remove /etc/dnsmasq.d/iiab.conf, when not dnsmasq_enabled or is Appliance file: path: /etc/dnsmasq.d/iiab.conf state: absent diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 8ac1b8cc6..0c8592d45 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -7,7 +7,7 @@ package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present - when: not is_raspbian or not is_linuxmint + when: not is_raspbian # 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools) # are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index ed627f797..d5a494786 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -112,4 +112,3 @@ state: restarted enabled: yes masked: no - when: not is_linuxmint From fe18c8e05080a86433ac797cb7fb43c79ddebe97 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 03:33:41 -0500 Subject: [PATCH 0126/1184] remove RasPiOS restriction --- roles/network/tasks/install.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 0c8592d45..08a749707 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -3,12 +3,6 @@ - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml # Invoked by 1-prep (so full path needed) -- name: Install package networkd-dispatcher (OS's other than RasPiOS and Linux Mint) - package: - name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - state: present - when: not is_raspbian - # 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools) # are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: # desktops might have some/all 3 preinstalled, while servers tend not to have @@ -19,7 +13,7 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 12 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml @@ -32,6 +26,7 @@ - libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - netmask # 25kB download: Handy utility -- helps determine network masks - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? + - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP From 07f663b8eecb18659ea789989c6a9334ecb05abd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 03:39:01 -0500 Subject: [PATCH 0127/1184] restore missing optional user disabling of dnsmasq --- roles/network/tasks/enable_services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index efbd3e12a..7cdb6da00 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -111,7 +111,7 @@ file: path: /etc/dnsmasq.d/iiab.conf state: absent - when: iiab_network_mode == "Appliance" + when: not dnsmasq_enabled or iiab_network_mode == "Appliance" - name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled systemd: From bad5b38e259a1f12ef516811ab416a462c5a27d6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 13:07:28 -0500 Subject: [PATCH 0128/1184] always install 00-iiab-debug --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index d5a494786..fc9067537 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -56,7 +56,7 @@ - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/no-carrier.d/00-iiab-debug' } - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/off.d/00-iiab-debug' } - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } - when: discovered_wireless_iface != "none" or discovered_wired_iface != "none" + # when: discovered_wireless_iface != "none" or discovered_wired_iface != "none" - name: Create networkd-dispatcher hook for ap0 on RPi hardware with wifi_up_down True template: From 417386121c79db66272d360e91cdc2b585827663 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 17:32:00 -0500 Subject: [PATCH 0129/1184] wording --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index fc9067537..2954d22e3 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -106,7 +106,7 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service except for Linux Mint +- name: Enable & Restart networkd-dispatcher.service systemd: name: networkd-dispatcher state: restarted From 5290f0036881857cdb2f981ac36a189437d02f5c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 14:03:32 -0400 Subject: [PATCH 0130/1184] iiab-remoteit-off: failsafe as connectd may no longer exist --- roles/remoteit/templates/iiab-remoteit-off | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit-off b/roles/remoteit/templates/iiab-remoteit-off index 80207f8be..41f204bbb 100755 --- a/roles/remoteit/templates/iiab-remoteit-off +++ b/roles/remoteit/templates/iiab-remoteit-off @@ -18,8 +18,8 @@ fi # https://github.com/iiab/iiab/tree/master/roles/remoteit/tasks/enable-or-disable.yml # remote.it "parent" service -systemctl stop connectd -systemctl disable connectd +systemctl stop connectd || true # connectd may no longer exist. See PR #3363 +systemctl disable connectd || true # "Remote tcp command service" systemctl stop schannel From 3796735b89b44b7be79f1f0f075d4b0833fe0784 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 14:10:44 -0400 Subject: [PATCH 0131/1184] Clarify iiab-remoteit-off: connectd may not exist --- roles/remoteit/templates/iiab-remoteit-off | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/templates/iiab-remoteit-off b/roles/remoteit/templates/iiab-remoteit-off index 41f204bbb..4e84d117c 100755 --- a/roles/remoteit/templates/iiab-remoteit-off +++ b/roles/remoteit/templates/iiab-remoteit-off @@ -18,7 +18,7 @@ fi # https://github.com/iiab/iiab/tree/master/roles/remoteit/tasks/enable-or-disable.yml # remote.it "parent" service -systemctl stop connectd || true # connectd may no longer exist. See PR #3363 +systemctl stop connectd || true # connectd may not exist. See PR #3363 systemctl disable connectd || true # "Remote tcp command service" From e30b2bbc0be9d06d7511426177a7195912e040d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 14:28:52 -0400 Subject: [PATCH 0132/1184] templates/iiab-remoteit: Compact prompt conditionals --- roles/remoteit/templates/iiab-remoteit | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index 9d310e492..c64ebc690 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -55,7 +55,7 @@ if [ -f /etc/remoteit/config.json ]; then read -n 1 -r ans < /dev/tty # Prompt for a single character echo; echo - if [[ $ans = "n" || $ans = "N" ]]; then # Nearly the same as Lines 142-189 + if [[ $ans =~ ^[nN]$ ]]; then # Nearly the same as Lines 142-189 echo -e "Let's try to enable remote.it, with your existing /etc/remoteit/config.json...\n" systemctl enable connectd @@ -88,7 +88,7 @@ echo -en "\e[1m\nOptionally purge + install latest remote.it Device Package? [y/ read -n 1 -r ans < /dev/tty # Prompt for a single character echo; echo -if [[ $ans = "y" || $ans = "Y" ]]; then +if [[ $ans =~ ^[yY]$ ]]; then # Full apt path avoids problematic /usr/local/bin/apt on Linux Mint /usr/bin/apt -y purge "remoteit*" || true From 0d646a2b8582b6653d357b6209b2bca7b11d1404 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 14:51:49 -0400 Subject: [PATCH 0133/1184] enable-or-disable.yml: Remove empty file /etc/remoteit/registration if remoteit_enabled --- roles/remoteit/tasks/enable-or-disable.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index c80830a8b..ee8134a11 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -17,6 +17,18 @@ when: remoteit_license_key is defined +- name: Does empty file /etc/remoteit/registration exist? + stat: + path: /etc/remoteit/registration + register: remoteit_reg + +- name: Remove empty file /etc/remoteit/registration if remoteit_enabled + file: + path: /etc/remoteit/registration + state: absent + when: remoteit_enabled and remoteit_reg.stat.exists and remoteit_reg.stat.size == 0 + + # 2022-04-07 FYI: connectd (below) never deletes /etc/remoteit/registration - name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below From 5cd21877965a7195f608685cda6cbc14ee3baf12 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 15:09:10 -0400 Subject: [PATCH 0134/1184] remoteit/tasks/install.yml: Defer deletion of /etc/remoteit/registration --- roles/remoteit/tasks/install.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 4e52bd586..4de54a116 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -47,7 +47,7 @@ state: directory path: /etc/remoteit -- name: "'touch /etc/remoteit/registration' to block generation of claim code below, also speeding things up a bit" +- name: "'touch /etc/remoteit/registration' (might contain a remoteit_license_key) to prevent generation of claim code below; also speeding things up a bit" file: state: touch path: /etc/remoteit/registration @@ -86,11 +86,13 @@ when: is_linuxmint -- name: "'rm /etc/remoteit/registration' (empty file used just above)" - file: - state: absent - path: /etc/remoteit/registration - ignore_errors: yes # In case a future version of install_agent.sh deletes it for us +# 2022-10-09: Let's keep the file (empty or not!) If it exists with size zero +# bytes, enable-or-disable.yml or /usr/bin/iiab-remoteit delete it later as nec. +# - name: "'rm /etc/remoteit/registration' (empty file used just above)" +# file: +# state: absent +# path: /etc/remoteit/registration +# ignore_errors: yes # In case a future version of install_agent.sh deletes it for us - name: Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly enable remote.it AND generate a new remote.it claim code (in /etc/remoteit/config.json) -- optionally downloading + installing the very latest Device Package (like the 2 steps above) From 84397e67b2687a0ba2243574948099aaeb0bced3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 16:29:54 -0400 Subject: [PATCH 0135/1184] remoteit/defaults/main.yml: New arch dict + URLs for optional CLI --- roles/remoteit/defaults/main.yml | 33 +++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index 48a7f0304..5acf6b379 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -7,7 +7,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# # 2022-03-31: https://remote.it/download/ offers 4 relevant "Device Packages" +# # 2022-03-31: https://remote.it/download/ offered 4 relevant "Device Packages" # # 1) Raspberry Pi (ARM) = armhf.rpi # # 2) Raspberry Pi (ARM64) = arm64.rpi # # 3) Debian Linux (ARM64) = arm64 @@ -32,23 +32,26 @@ # # # Example... https://downloads.remote.it/remoteit/v4.14.1/remoteit-4.14.1.armhf.rpi.deb -# 2022-03-31: https://remote.it/download/ offers 4 relevant "CLI" installs: -# 1) Debian Linux (ARM v6) OR Raspberry Pi (ARM) = armv6 -# 2) Debian Linux (ARM v7) = armv7 -# 3) Debian Linux (ARM64) OR Raspberry Pi (ARM64) = arm64 +# 2022-10-09: https://remote.it/download/ offers 4 relevant "CLI" installs: +# 1) Debian Linux (ARM v6) OR Raspberry Pi (ARM) = armv6 -> arm-v6 +# 2) Debian Linux (ARM v7) = armv7 -> arm-v7 +# 3) Debian Linux (ARM64) OR Raspberry Pi (ARM64) = arm64 -> aarch64 # 4) Debian Linux (x86_64) = x86_64 -# See https://docs.remote.it/software/cli/overview to refine URL below: -cli_suffixes: - armv6: armv6 - armv6l: armv6 - armv7: armv7 - armv7l: armv7 - armv8: arm64 - aarch64: arm64 +# SEE https://www.remote.it/download-list +# https://www.remote.it/download-list?products=cli to refine arch/URL below +# BUT https://docs.remote.it/software/cli/overview can be useful OR stale :/ +remoteit_arch_dict: + armv6: arm-v6 + armv6l: arm-v6 + armv7: arm-v7 + armv7l: arm-v7 + armv8: aarch64 + aarch64: aarch64 x86_64: x86_64 -remoteit_cli_suffix: "{{ cli_suffixes[ansible_architecture] | default('unknown') }}" -remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit_linux_{{ remoteit_cli_suffix }} +remoteit_arch: "{{ remoteit_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) +remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux + # OPTION #1: Run 'sudo iiab-remoteit' after IIAB is installed. From 865d2434ebc0c8f42baa1132d10112e1b3232250 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 16:34:04 -0400 Subject: [PATCH 0136/1184] remoteit/tasks/main.yml: Use skip_role_on_error --- roles/remoteit/tasks/main.yml | 56 ++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 24 deletions(-) diff --git a/roles/remoteit/tasks/main.yml b/roles/remoteit/tasks/main.yml index 1e1c85230..197010c3b 100644 --- a/roles/remoteit/tasks/main.yml +++ b/roles/remoteit/tasks/main.yml @@ -11,31 +11,39 @@ quiet: yes -- name: Install remoteit if 'remoteit_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: remoteit_installed is undefined +- block: + - name: Install remoteit if 'remoteit_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: remoteit_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml -# - name: Extract claim code from /etc/remoteit/config.json if it exists -# shell: grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev -# register: remoteit_claim_code + # - name: Extract claim code from /etc/remoteit/config.json if it exists + # shell: grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev + # register: remoteit_claim_code -- name: Add 'remoteit' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: remoteit - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: remote.it - - option: description - value: '"https://remote.it can help you remotely maintain an IIAB. Some benefits include: crossing multiple NATs/firewalls using a single TCP port, without requiring router port forwarding, and reducing your network''s vulnerability."' - - option: remoteit_install - value: "{{ remoteit_install }}" - - option: remoteit_enabled - value: "{{ remoteit_enabled }}" - # - option: remoteit_claim_code - # value: "{{ remoteit_claim_code.stdout }}" + - name: Add 'remoteit' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: remoteit + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: remote.it + - option: description + value: '"https://remote.it can help you remotely maintain an IIAB. Some benefits include: crossing multiple NATs/firewalls using a single TCP port, without requiring router port forwarding, and reducing your network''s vulnerability."' + - option: remoteit_install + value: "{{ remoteit_install }}" + - option: remoteit_enabled + value: "{{ remoteit_enabled }}" + # - option: remoteit_claim_code + # value: "{{ remoteit_claim_code.stdout }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From 617c4436a26b5b6a857cdf9210e51e12cb882004 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 17:09:23 -0400 Subject: [PATCH 0137/1184] remoteit/tasks/enable-or-disable.yml: Use /usr/share/remoteit/refresh.sh not connected --- roles/remoteit/tasks/enable-or-disable.yml | 45 ++++++++++++---------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index ee8134a11..2bd305ef6 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -22,40 +22,43 @@ path: /etc/remoteit/registration register: remoteit_reg -- name: Remove empty file /etc/remoteit/registration if remoteit_enabled +- name: Remove empty file /etc/remoteit/registration if remoteit_enabled, so claim code can be generated file: path: /etc/remoteit/registration state: absent when: remoteit_enabled and remoteit_reg.stat.exists and remoteit_reg.stat.size == 0 -# 2022-04-07 FYI: connectd (below) never deletes /etc/remoteit/registration +# 2022-10-09: refresh.sh is equivalent to their old connectd "parent" systemd +# service, that they removed from 4.15.2 device packages on 2022-09-07. +# (Either way, the job below never deletes /etc/remoteit/registration) -- name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below - systemd: - name: connectd - daemon_reload: yes - enabled: yes - state: restarted +- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don't already have a license key in /etc/remoteit/registration) -- FYI this spawns 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' + command: /usr/share/remoteit/refresh.sh when: remoteit_enabled -- name: Enable remote.it daemon schannel ("Remote tcp command service") -- try to avoid contention with connectd which auto-spawns it as nec (just above) +# - name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below +# systemd: +# name: connectd +# daemon_reload: yes +# enabled: yes +# state: restarted +# when: remoteit_enabled + +# 2022-10-09: refresh.sh (above) now takes care of this too +# - name: Enable remote.it daemon schannel ("Remote tcp command service") -- try to avoid contention with connectd which auto-spawns it as nec (just above) +# systemd: +# name: schannel +# enabled: yes +# state: started +# when: remoteit_enabled + + +- name: Disable & Stop remote.it service schannel systemd: name: schannel - enabled: yes - state: started - when: remoteit_enabled - - -- name: Disable & Stop remote.it services {connectd, schannel} - systemd: - name: "{{ item }}" enabled: no state: stopped - with_items: - - connectd - - schannel - ignore_errors: yes when: not remoteit_enabled - name: Stop & Disable "Remote tcp connection services" remoteit@* found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service From 586efa1ecf80898f2e3e39972dc2fe2dd7d61292 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 17:43:26 -0400 Subject: [PATCH 0138/1184] /usr/bin/iiab-remoteit: connectd systemd service GONE from 4.15.2 --- roles/remoteit/templates/iiab-remoteit | 30 +++++++++++--------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index c64ebc690..8aa64b758 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -58,9 +58,9 @@ if [ -f /etc/remoteit/config.json ]; then if [[ $ans =~ ^[nN]$ ]]; then # Nearly the same as Lines 142-189 echo -e "Let's try to enable remote.it, with your existing /etc/remoteit/config.json...\n" - systemctl enable connectd - systemctl restart connectd - systemctl enable schannel + /usr/share/remoteit/refresh.sh # Just like connectd systemd service + # prior to 4.15.2 (its new remoteit-refresh.service is insufficient, as + # it's not installed initially, by their curl script install_agent.sh) if grep -q '^remoteit_enabled:' /etc/iiab/local_vars.yml; then sed -i "s/^remoteit_enabled:.*/remoteit_enabled: True/" /etc/iiab/local_vars.yml @@ -123,9 +123,7 @@ else # regardless whether /etc/remoteit/registration exists and what it contains, # and regardless whether /etc/remoteit/config.json contains a claim code. - echo -e "In a few seconds, all 3 {connectd, schannel, remoteit@...} should be enabled!\n" - - systemctl stop connectd # "Safer" (though it's generally exited already!) + echo -e "In a few seconds, both services {schannel, remoteit@...} should be enabled!\n" #if [ ! -f /etc/remoteit/registration ] && [ -f /etc/remoteit/config.json ]; then if [ -f /etc/remoteit/config.json ]; then @@ -139,20 +137,18 @@ else echo -e "/etc/remoteit/config.json moved aside, for fresh device registration.\n" fi - systemctl start connectd # Registration logic (use license key or - # generate claim code) then kickstart 2 "child" services below. - # FYI running /usr/share/remoteit/refresh.sh appears to do the exact same - # thing (as bouncing service connectd). + /usr/share/remoteit/refresh.sh # Registration logic (use license key or + # generate claim code) then kickstart 2 "child" services below. In the + # past, we bounced the connectd service which did the same, and we enabled + # services {connectd, schannel} like enable-or-disable.yml used to do too. - systemctl enable connectd # 2 enable lines, like enable-or-disable.yml + # schannel.service - Remote tcp command service + # remoteit@80:00:01:7F:7E:00:56:36.service - Remote tcp connection service - # schannel = "Remote tcp command service" started by connectd above if nec - systemctl enable schannel # 2 enable lines, like enable-or-disable.yml - - # "Remote tcp connection service" appears a few seconds after connectd is - # started above. Auto-enabled when spawned by connectd, SO NOT NEC HERE: + # Both above appear a few seconds after refresh.sh is run, MANUAL NOT NEC: # systemctl enable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) - # These systemd service names e.g. remoteit@80:00:01:7F:7E:00:56:36.service + + # FYI systemd service names like remoteit@80:00:01:7F:7E:00:56:36.service # change, e.g. when a new claim code is generated, and more arise when the # IIAB device is registered to a remote.it account (#3166), etc. fi From da88bdba9e36506c516a8054839e124594d191d0 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 9 Oct 2022 18:31:22 -0400 Subject: [PATCH 0139/1184] roles/remoteit: small fixes + cleanup --- roles/remoteit/tasks/enable-or-disable.yml | 2 +- roles/remoteit/tasks/install.yml | 4 ++-- roles/remoteit/templates/iiab-remoteit | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 2bd305ef6..5fba120ca 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -33,7 +33,7 @@ # service, that they removed from 4.15.2 device packages on 2022-09-07. # (Either way, the job below never deletes /etc/remoteit/registration) -- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don't already have a license key in /etc/remoteit/registration) -- FYI this spawns 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' +- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don''t already have a license key in /etc/remoteit/registration) -- FYI this spawns 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' command: /usr/share/remoteit/refresh.sh when: remoteit_enabled diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 4de54a116..360cb7397 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -108,10 +108,10 @@ mode: 0755 -- name: Fail if architecture remoteit_cli_suffix == "unknown" +- name: Fail if architecture remoteit_arch == "unknown" fail: msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" - when: remoteit_cli_suffix == "unknown" + when: remoteit_arch == "unknown" - name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) get_url: diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index 8aa64b758..e4f8097b0 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -55,7 +55,7 @@ if [ -f /etc/remoteit/config.json ]; then read -n 1 -r ans < /dev/tty # Prompt for a single character echo; echo - if [[ $ans =~ ^[nN]$ ]]; then # Nearly the same as Lines 142-189 + if [[ $ans =~ ^[nN]$ ]]; then # Nearly the same as Lines 140-185 echo -e "Let's try to enable remote.it, with your existing /etc/remoteit/config.json...\n" /usr/share/remoteit/refresh.sh # Just like connectd systemd service From c1e83a5965611330343ce12c160ef2235f79fbd9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 18:46:20 -0400 Subject: [PATCH 0140/1184] iiab-remoteit-off: Comment out obsolete connectd ops --- roles/remoteit/templates/iiab-remoteit-off | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit-off b/roles/remoteit/templates/iiab-remoteit-off index 4e84d117c..8cd9b1b1b 100755 --- a/roles/remoteit/templates/iiab-remoteit-off +++ b/roles/remoteit/templates/iiab-remoteit-off @@ -17,9 +17,9 @@ fi # 3 sections below should be equivalent to -- and much faster than: # https://github.com/iiab/iiab/tree/master/roles/remoteit/tasks/enable-or-disable.yml -# remote.it "parent" service -systemctl stop connectd || true # connectd may not exist. See PR #3363 -systemctl disable connectd || true +# remote.it "parent" service no longer part of Device Package 4.15.2 on 2022-09-07 +#systemctl stop connectd +#systemctl disable connectd # "Remote tcp command service" systemctl stop schannel From 09fbcbb71fa0bcd0d637b46fd63810513a406ac0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 18:52:13 -0400 Subject: [PATCH 0141/1184] remoteit/README.md: Their $6/month rose to $10/month --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 11b2d281b..5a7cf8bbb 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [April 2022](https://remote.it/pricing/), 5 IIAB devices can be managed for free, and an unlimited number can be managed for $6/month. +As of [October 2022](https://remote.it/pricing/), 5 IIAB devices can be managed for free, and an unlimited number can be managed for $10/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From 009562b6c5608ae9c9705a52a28378cc6c174e13 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Oct 2022 12:00:56 -0400 Subject: [PATCH 0142/1184] Recommend ansible-core 2.13.5 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 58513b6b5..f831a5461 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] -GOOD_VER=2.13.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From f9e6b50bae0aed38678866353c7a0f2fae84f560 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Oct 2022 12:03:52 -0400 Subject: [PATCH 0143/1184] Update ansible --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index f831a5461..b574fd2f0 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,7 +7,7 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.5] GOOD_VER=2.13.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and From 363662601613b2c60edbdabf6dffe8c8686a359d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 12 Oct 2022 18:04:53 -0400 Subject: [PATCH 0144/1184] mongodb/tasks/install.yml: Force libssl1.1 on is_linuxmint_21 too --- roles/mongodb/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index e56229b18..dd2a8c3fc 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -115,20 +115,20 @@ apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main #filename: focal-security # If filename focal-security.list is preferred - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - name: Install libssl1.1 if Ubuntu 22.04+ (required by MongoDB below) package: name: libssl1.1 state: present - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main state: absent #filename: focal-security # 100% IGNORED during repo deletion - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 From ecff206feaf7edc0f32acd36959a3aae922d4779 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Oct 2022 14:34:00 -0400 Subject: [PATCH 0145/1184] 2-common/tasks/packages.yml: Debian 12 needs 'apt install cron' --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 6919a7084..0b33dd637 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,10 +1,11 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 16 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, plocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, plocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events - bzip2 # 47kB download: RasPiOS installs this regardless -- 2021-04-26: Prob not used, but can't hurt? + - cron # 98kB download: RasPiOS installs this regardless -- 2022-10-13: Debian 12 needs this added (for now?) - curl # 254kB download: RasPiOS installs this regardless -- Used to install roles/nodejs and roles/nodered #- etckeeper # 54kB download: "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146 #- exfat-fuse # 28kB download: 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out From b11a608adbad04f1964464069584fc3de5ef935c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Oct 2022 14:44:10 -0400 Subject: [PATCH 0146/1184] Clarify PR #3397: Force libssl1.1 on Mint 21 too --- roles/mongodb/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index dd2a8c3fc..64f171440 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -111,19 +111,19 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main #filename: focal-security # If filename focal-security.list is preferred when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - - name: Install libssl1.1 if Ubuntu 22.04+ (required by MongoDB below) + - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 (required by MongoDB below) package: name: libssl1.1 state: present when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main state: absent From 10eef2f6d9ecbfd51a7894622c321c65180077b3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Oct 2022 16:23:53 -0400 Subject: [PATCH 0147/1184] Document /home/nodered/.node-red/settings.js (username pi is no longer!) --- roles/nodered/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodered/defaults/main.yml b/roles/nodered/defaults/main.yml index f7cf092a5..a98463197 100644 --- a/roles/nodered/defaults/main.yml +++ b/roles/nodered/defaults/main.yml @@ -22,7 +22,7 @@ nodered_admin_pwd_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPM # username and password hash are stored in: # /home/nodered/.node-red/settings.js # -# Or...on Raspberry Pi they're stored in: +# Or...on Raspberry Pi they [USED TO BE] stored in: # /home/pi/.node-red/settings.js # # See http://nodered.org/docs/security.html for more detail. From aad72373eae22284fdf77fb9822de0a240bdb2b8 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Oct 2022 20:07:44 -0400 Subject: [PATCH 0148/1184] Copy Node-RED's default settings.js from /usr/lib/... OR /usr/local/lib/... --- roles/nodered/tasks/settings.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml index 22b2f33a6..edef7b909 100644 --- a/roles/nodered/tasks/settings.yml +++ b/roles/nodered/tasks/settings.yml @@ -39,7 +39,8 @@ #- name: Run 'node-red admin init' as user '{{ nodered_linux_user }}' to create /home/{{ nodered_linux_user }}/.node-red/settings.js # command: runuser -u {{ nodered_linux_user }} node-red admin init -- name: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js +# 2022-10-13: These 9 lines can likely be removed later in 2023 or 2024? +- name: "OLD WAY: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js" copy: remote_src: yes src: /usr/lib/node_modules/node-red/settings.js @@ -47,6 +48,17 @@ owner: "{{ nodered_linux_user }}" group: "{{ nodered_linux_user }}" #mode: preserve # Implied (and required) w/ remote_src, since Ansible 2.6 + ignore_errors: yes + +- name: "NEW WAY: Copy /usr/local/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js" + copy: + remote_src: yes + src: /usr/local/lib/node_modules/node-red/settings.js + dest: /home/{{ nodered_linux_user }}/.node-red/settings.js + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + #mode: preserve # Implied (and required) w/ remote_src, since Ansible 2.6 + ignore_errors: yes - name: Splice username and password into /home/{{ nodered_linux_user }}/.node-red/settings.js From 75fc75ce3dd6399ebc2d3646c02868da5243cfea Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Oct 2022 20:25:04 -0400 Subject: [PATCH 0149/1184] Node-RED's /usr/lib/.../settings.js (OLD WAY) *might* later be removable --- roles/nodered/tasks/settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml index edef7b909..92833d91a 100644 --- a/roles/nodered/tasks/settings.yml +++ b/roles/nodered/tasks/settings.yml @@ -39,7 +39,7 @@ #- name: Run 'node-red admin init' as user '{{ nodered_linux_user }}' to create /home/{{ nodered_linux_user }}/.node-red/settings.js # command: runuser -u {{ nodered_linux_user }} node-red admin init -# 2022-10-13: These 9 lines can likely be removed later in 2023 or 2024? +# 2022-10-13: These 9 lines (OLD WAY) might be removable by ~2024? PR #3402 - name: "OLD WAY: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js" copy: remote_src: yes From 98e66a483876ade5fe9028cf7e4d95c27e5a6c41 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 18 Oct 2022 18:47:52 -0400 Subject: [PATCH 0150/1184] Refine pwd warnings, avoiding Mint 21 pop-up --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 5 ++++- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index e41dde542..97728045c 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,10 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow + + # 2022-09-21 #3368: Sets field2 to "" if sudo -n fails to read /etc/shadow + # 2022-10-18 #3404: Redirect stderr to /dev/null, to avoid Mint pop-up + field2=$(sudo -n grep "^$1:" /etc/shadow 2>/dev/null | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index aead6273a..9d18eece1 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,10 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow + + # 2022-09-21 #3368: Sets field2 to "" if sudo -n fails to read /etc/shadow + # 2022-10-18 #3404: Redirect stderr to /dev/null, to avoid Mint pop-up + field2=$(sudo -n grep "^$1:" /etc/shadow 2> /dev/null | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 1ca77cdf866c18390875168922361c1f6fd13ccf Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 18 Oct 2022 19:02:19 -0400 Subject: [PATCH 0151/1184] Clarify useless pop-up risk on RasPiOS like Mint, due to sudo -n --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index 97728045c..356789433 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -28,7 +28,8 @@ check_user_pwd() { # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH # 2022-09-21 #3368: Sets field2 to "" if sudo -n fails to read /etc/shadow - # 2022-10-18 #3404: Redirect stderr to /dev/null, to avoid Mint pop-up + # 2022-10-18 #3404: Redirect stderr to /dev/null, as RasPiOS might one day + # force an annoying pop-up, as Mint did (due to sshpwd-profile-iiab.sh.j2) field2=$(sudo -n grep "^$1:" /etc/shadow 2>/dev/null | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] From 4b85b2fd37f893f95e17165c1554ef551855b36f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Oct 2022 09:22:32 -0400 Subject: [PATCH 0152/1184] Clarify Nextcloud 25.0.0 (~138MB) expands to ~507MB & later 531+ MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index c576daf13..0a9ba780c 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~118 MB) to {{ nextcloud_root_dir }} (~405 MB initially, 428+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~138 MB) to {{ nextcloud_root_dir }} (~507 MB initially, 531+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From f4622e54ce94778e2a74cf96f9ac1d25051c1778 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Oct 2022 09:51:24 -0400 Subject: [PATCH 0153/1184] Nextcloud 25.0.0 PHP 7.4, 8.0 or 8.1 reqs verified & documented --- roles/nextcloud/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0a9ba780c..409c8dbf4 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -43,6 +43,7 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/25/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: @@ -61,11 +62,11 @@ - php{{ php_version }}-gmp # OPTIONAL (for SFTP storage) - php-imagick # OPTIONAL (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in wordpress/tasks/install.yml - php{{ php_version }}-intl # OPTIONAL (increases language translation performance and fixes sorting of non-ASCII characters): Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, wordpress/tasks/install.yml - #- php{{ php_version }}-json # See stanza just below + #- php{{ php_version }}-json # Included with PHP >= 8.0 -- see stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - #- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT? + #- php{{ php_version }}-openssl # Included with PHP >= 8.0 -- NOT INSTALLABLE #- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php{{ php_version }}-mysql handles this on all OS's? #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? From daf3e5ce69409ae150add44034f5a457432dea9d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Oct 2022 09:55:43 -0400 Subject: [PATCH 0154/1184] Update nextcloud/README.md re: "latest" Nextcloud 22+ reqs --- roles/nextcloud/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 14af973e0..28aed5472 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -38,6 +38,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre (4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +- https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml From 7e5099553fd6780bd0aca6d3b460b34f84b420e1 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 19 Oct 2022 18:51:16 -0400 Subject: [PATCH 0155/1184] MongoDB 4.4 -> 6.0; force libssl1.1 for Debian 12 --- roles/mongodb/defaults/main.yml | 3 ++- roles/mongodb/tasks/install.yml | 25 ++++++++++++++++++++----- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index e1acd8fb0..19d2fa62f 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,7 +20,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 4.4 # 5.0 and 6.0 also work as of 2022-09-27, but fail +mongodb_64bit_version: 6.0 # 4.4 fails on Debian 12 with error "No package +# matching 'mongodb-org' is available" as of 2022-10-19. 5.0 works, but fails # on "pre-2011" CPU's w/o AVX. VERIFY both X.Y versions exist (+ work!) below: # # 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 64f171440..fd77f3324 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -102,9 +102,11 @@ filename: mongodb-org when: not (is_debian and ansible_architecture == "x86_64") - # 2022-09-27: Workaround to install MongoDB on Ubuntu 22.04+, which include - # libssl3 instead of libssl1.1 -- https://github.com/iiab/iiab/issues/3190 - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931 + # 2022-10-19: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; + # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 5 STANZAS + # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix + # may be backported to 6.0, according to 2022-09-29 "official" gossip here...) + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 # https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 # echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list # sudo apt-get update @@ -117,11 +119,24 @@ #filename: focal-security # If filename focal-security.list is preferred when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 (required by MongoDB below) + - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + when: is_debian_12 + + - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) package: name: libssl1.1 state: present - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + + - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + state: absent + when: is_debian_12 - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 apt_repository: From 065dfcb5508fcd177f7099b5fac9e4565d1e532f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 Oct 2022 11:56:22 -0400 Subject: [PATCH 0156/1184] usb_lib/tasks/install.yml: Investigate usbmount 0.0.24 &/or 0.0.25 --- roles/usb_lib/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 9d5e71fc9..6510ab336 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -1,3 +1,6 @@ +# usbmount 0.0.24 and/or 0.0.25 (2022-02-08) should be investigated: +# https://github.com/iiab/iiab/issues/3409 + # Official usbmount 0.0.22 (2011-08-08) documentation: # https://github.com/rbrito/usbmount/releases # https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) From 91a5cd33f34d5d2a55e75bf0cdc85bcd9d7b4821 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 22 Oct 2022 21:50:37 -0400 Subject: [PATCH 0157/1184] Use OS's Node.js & npm if Nodesource dragging (+ always wipe prior versions) --- roles/nodejs/tasks/install.yml | 95 +++++++++++++++++++--------------- 1 file changed, 53 insertions(+), 42 deletions(-) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index b9cdcffa1..3990e10b3 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -1,4 +1,4 @@ -# 1. TEST IF Node.js ALEADY INSTALLED & WARN AS NEC +# 1. TEST IF Node.js ALEADY INSTALLED & IF SO WARN IT'LL BE REPLACED # 2019-02-03: BELOW TESTS IF 'nodejs' VERSION IS ALREADY INSTALLED: # IF SO & THIS DOESN'T MATCH nodejs_version AS SET IN defaults_vars.yml @@ -10,19 +10,21 @@ - name: Try to run 'node -v' to get Node.js version # 'node -v' doesn't work with older versions e.g. Ubuntu 16.04's Node.js 4.2.6 # 'nodejs -v' doesn't work with newer versions e.g. Node.js 16.x - # Both below convert v10.15.1 to 10.x, but this is safer: (removes non-digits) - shell: node -v | sed 's/[^0-9]*//' | sed 's/[^0-9].*/.x/' + # Each below convert v10.15.1 to 10.x, but this is safest: + shell: node -v | sed 's/^[^0-9]*\([0-9][0-9]*\).*$/\1.x/' + # Capturing Groups & Backreferences -> GNU BRE: (Basic Regular Expression) + # https://www.regular-expressions.info/refcapture.html + # https://www.regular-expressions.info/gnu.html#bre + #shell: node -v | sed 's/[^0-9]*//; s/[^0-9].*/.x/' + #shell: node -v | sed 's/[^[:digit:]]*//; s/[^[:digit:]].*/.x/' #shell: node -v | sed 's/^[vV]//' | sed 's/\..*/.x/' register: nodejs_version_installed -#- debug: -# var: nodejs_version_installed - # When nodejs is NOT installed: -# nodejs_version_installed.rc == 0 # Crazy with stderr below, "due to pipes" +# nodejs_version_installed.rc == 0 # COUNTERINTUITIVE BUT 'echo $?' CONFIRMS (pipe zeros out error) -- thankfully STDERR msg from left side of pipe preserved below. # nodejs_version_installed.stdout == "" # nodejs_version_installed.stderr == "/bin/sh: 1: nodejs: not found" -# BOTH ABOVE (incl non-null stderr) are USED BELOW to confirm install is nec! +# BOTH ABOVE (incl non-null stderr) [were] USED BELOW to confirm install is nec! #- name: "ENFORCE PRECONDITION: Stop installing (intentionally fail) IF an installed 'nodejs' version isn't {{ nodejs_version }}" # fail: @@ -39,24 +41,27 @@ # file: # state: absent # path: /etc/apt/sources.list.d/nodesource.list +# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version # when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" -# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js -# Forces < 16.x or > 16.x to be uninstalled -- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js "{{ nodejs_version_installed.stdout }}" (IF IT'S NOT {{ nodejs_version }}) +- name: LOUD WARNING if Node.js will be replaced -- BRUTAL but helps OS's / distros with older Node.js + #debug: # GREEN + fail: # FORCE IT RED THIS ONCE! + msg: "WARNING: YOUR Node.js {{ nodejs_version_installed.stdout }} WILL BE WIPED AND REPLACED" + when: nodejs_version_installed.stderr == "" # and nodejs_version_installed.stdout == nodejs_version + ignore_errors: yes + +# 2022-10-22: Above 2 stanzas could be removed (tho informational value remains) + +- name: ASK apt TO REMOVE ANY PRE-EXISTING Node.js AND npm package: - name: nodejs + name: + - nodejs + - npm state: absent - when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version - #when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" - -- name: Warn if Node.js {{ nodejs_version}} already installed & might be updated - debug: - msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com" - when: nodejs_version_installed is defined and nodejs_version_installed.stdout == nodejs_version -# 2. INSTALL Node.js USING nodesource.com +# 2. INSTALL Node.js AND npm USING nodesource.com (OR OS's apt IF THAT FAILS!) # 2019-02-12: Should not be nec, as stanza below it should overwrite # /etc/apt/sources.list.d/nodesource.list regardless! @@ -67,35 +72,41 @@ # state: absent # when: internet_available and is_debuntu -# MANUAL INSTALL OPTION "IMMEDIATELY" AFTER ANY OS RELEASE: (e.g. Ubuntu 22.04) +# MANUAL NODESOURCE INSTALL *WORKS* EVEN PRIOR TO OFFICIAL DISTRO SUPPORT AT: +# https://github.com/nodesource/distributions#deb +# https://deb.nodesource.com/node_18.x/dists/ +# +# 1) e.g. Ubuntu 22.04: # wget https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/nodejs_18.0.0-deb-1nodesource1_amd64.deb -# apt install ./nodejs_18.0.0-deb-1nodesource1_amd64.deb +# apt install ./nodejs_18.0.0-deb-1nodesource1_amd64.deb # SMARTER + CLEANER THAN: dpkg -i nodejs_18... +# echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml +# +# 2) e.g. Ubuntu 22.10: +# wget https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/nodejs_18.11.0-deb-1nodesource1_amd64.deb +# apt install ./nodejs_18.11.0-deb-1nodesource1_amd64.deb # SMARTER + CLEANER THAN: dpkg -i nodejs_18... # echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml -- name: Run 'curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list - shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - +- name: Try 'curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list + shell: curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - + register: curl_nodesource + ignore_errors: yes #args: # warn: no # creates: /etc/apt/sources.list.d/nodesource.list - #when: internet_available # 2021-08-04: Better to fail & notify implementer! - #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17) - # NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/.yml - # DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!) -# 2019-03-29: Above works on Debian 10 Buster pre-releases, but fails on Ubuntu -# 19.04 Beta. Comment it out for now, and manually run: "apt install npm" then -# "npm install -g npm@latest" (all *SHOULD* be magically fixed by 2019-04-18 ?) - -# Forces update -- name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm +- name: Install latest Node.js -- includes /usr/bin/npm if nodesource installed above package: #name: nodejs={{ nodejs_version }} name: nodejs - state: latest - #state: present - #when: internet_available # 2021-08-04: Better to fail & notify implementer! - #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17) + state: latest # Equivalent to 'state: present' ? +- name: Also install latest npm (OS's) if nodesource failed to install above -- i.e. if OS not yet supported by https://github.com/nodesource/distributions#deb and https://deb.nodesource.com/node_{{ nodejs_version }}/dists/ + package: + name: npm + state: latest # Equivalent to 'state: present' ? + when: curl_nodesource.failed + +# NEED BLEEDING EDGE? Then Also Run: npm install -g npm@latest # 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm # 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above @@ -110,10 +121,10 @@ # which appears suffic "SO FAR"? 18.04's nodejs 8.10.0 is more reassuring! # # CRAZY IDEA: most versions of npm can upgrade themselves to the latest -# (6.2.0 for now) using command "npm install -g npm", if that helps us in -# future, e.g. TK's memory issue etc? If so, be CAREFUL this puts npm -# in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and Raspbian -# where it upgrades /usr/bin/npm in place: +# (6.2.0 for now) using "npm install -g npm" or "npm install -g npm@latest", +# if that helps us in future, e.g. TK's memory issue etc? If so, be CAREFUL +# this puts npm in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and +# Raspbian where it upgrades /usr/bin/npm in place: # https://askubuntu.com/questions/1036278/npm-is-incorrect-version-on-latest-ubuntu-18-04-installation # 2019-02-03: OLD WAY (PRIOR TO 2019) BELOW. Since then, @m-anish helped From dca476467d184182146ed24ba3784611b27008af Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Oct 2022 22:29:09 -0400 Subject: [PATCH 0158/1184] Update nodejs/README.md --- roles/nodejs/README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 7d35c9e3e..670eef034 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -3,16 +3,17 @@ Please see IIAB's recommended Node.js version number [around line 439 of /opt/ii If nodesource.com doesn't yet support your OS --------------------------------------------- -If nodesource.com [does not yet support your Linux OS (they often support Debian pre-releases, but generally not other OS pre-releases)](https://github.com/nodesource/distributions#deb) then you can manually install an older version of Node.js and npm as follows: +If nodesource.com [does not yet support your Linux OS (they often support Debian pre-releases, but generally not other OS pre-releases)](https://github.com/nodesource/distributions#deb) and IIAB's asked to install Node.js, it will do the equivalent of: - `sudo apt install nodejs npm` - `sudo echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml` -Best to do this prior to installing IIAB! +AT YOUR OWN RISK, you can later run `cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs` if you really want to **wipe** your OS's own versions of Node.js and npm, and attempt the Nodesource approach instead. See also late-breaking details about your individual OS: - https://github.com/nodesource/distributions#deb +- https://deb.nodesource.com/node_18.x/dists/ - https://github.com/iiab/iiab/wiki/IIAB-Platforms Raspberry Pi Zero W Warning @@ -20,8 +21,10 @@ Raspberry Pi Zero W Warning Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). -If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then ([attempt!](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)) to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml) _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole --reinstall nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617)). +If necessary, run `sudo apt purge nodejs npm` then `sudo rm /etc/apt/sources.list.d/nodesource.list` then `sudo apt update` and then attempt to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/install.yml) _on the Raspberry Pi Zero W itself_ (`cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs`). -You'll (likely) also need `apt install npm`. +Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) — and if so, consider a more recent version like https://nodejs.org/dist/latest-v18.x/ -Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) +You'll (likely) also then need to run: `sudo apt install npm` + +Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED ([Raspberry Pi notes](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)) and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) From 344c8788a7ab6518f1b0504adf25e14f3864942f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Oct 2022 23:01:20 -0400 Subject: [PATCH 0159/1184] roles/nodejs/README.md: Clarify Nodesource.com links --- roles/nodejs/README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 670eef034..a88feb933 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -10,11 +10,14 @@ If nodesource.com [does not yet support your Linux OS (they often support Debian AT YOUR OWN RISK, you can later run `cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs` if you really want to **wipe** your OS's own versions of Node.js and npm, and attempt the Nodesource approach instead. -See also late-breaking details about your individual OS: +See also late-breaking details on Nodesource support for your individual OS: - https://github.com/nodesource/distributions#deb - https://deb.nodesource.com/node_18.x/dists/ -- https://github.com/iiab/iiab/wiki/IIAB-Platforms + - https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/ +- https://deb.nodesource.com/node_19.x/dists/ + - https://deb.nodesource.com/node_19.x/pool/main/n/nodejs/ +- _ETC!_ Raspberry Pi Zero W Warning --------------------------- From be3a44e51ffee910b01e13e0048815a3762b63ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Oct 2022 23:24:13 -0400 Subject: [PATCH 0160/1184] nodejs/README.md: Clarify RPi Zero [2] W suggestions --- roles/nodejs/README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index a88feb933..e3f17a11e 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -22,12 +22,14 @@ See also late-breaking details on Nodesource support for your individual OS: Raspberry Pi Zero W Warning --------------------------- -Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). +UPDATE: The Zero 2 W released 2021-10-28 is 64-bit (ARMv7) so may or may not have such serious problems... + +On the original Raspberry Pi Zero W (ARMv6) however: Node.js applications like Internet Archive, JupyterHub, Node-RED, PBX (Asterisk/FreePBX) and Sugarizer won't work — if you installed Node.js while on Raspberry Pi 3, 3 B+ (ARMv7) or Raspberry Pi 4 (ARMv8). If necessary, run `sudo apt purge nodejs npm` then `sudo rm /etc/apt/sources.list.d/nodesource.list` then `sudo apt update` and then attempt to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/install.yml) _on the Raspberry Pi Zero W itself_ (`cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs`). -Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) — and if so, consider a more recent version like https://nodejs.org/dist/latest-v18.x/ +Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) — if that is your preference, consider a more recent version like: https://nodejs.org/dist/latest-v18.x/ -You'll (likely) also then need to run: `sudo apt install npm` +Either way, you'll (likely) then also need to run: `sudo apt install npm` -Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED ([Raspberry Pi notes](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)) and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) +Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if necessary!) Finally, proceed to install Internet Archive, JupyterHub, Node-RED ([Raspberry Pi notes](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)), PBX (Asterisk/FreePBX) and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) From adb90878947bf84902dacc3c8eaae824c793980c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 23 Oct 2022 14:38:22 -0400 Subject: [PATCH 0161/1184] Clarify "If Nodesource.com doesn't yet support your OS" --- roles/nodejs/README.md | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index e3f17a11e..7a151adc6 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -1,24 +1,37 @@ Please see IIAB's recommended Node.js version number [around line 439 of /opt/iiab/iiab/vars/default_vars.yml](https://github.com/iiab/iiab/blob/master/vars/default_vars.yml#L434-L439) -If nodesource.com doesn't yet support your OS +If Nodesource.com doesn't yet support your OS --------------------------------------------- -If nodesource.com [does not yet support your Linux OS (they often support Debian pre-releases, but generally not other OS pre-releases)](https://github.com/nodesource/distributions#deb) and IIAB's asked to install Node.js, it will do the equivalent of: +Nodesource.com often supports Debian long before each Debian release, whereas for other OS's, Nodesource.com support usually arrives a few days or weeks after the OS release. -- `sudo apt install nodejs npm` -- `sudo echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml` - -AT YOUR OWN RISK, you can later run `cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs` if you really want to **wipe** your OS's own versions of Node.js and npm, and attempt the Nodesource approach instead. - -See also late-breaking details on Nodesource support for your individual OS: +For late-breaking details on Nodesource.com support for your particular Linux OS, keep an eye on: - https://github.com/nodesource/distributions#deb - https://deb.nodesource.com/node_18.x/dists/ - https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/ + - https://nodejs.org/dist/latest-v18.x/ - https://deb.nodesource.com/node_19.x/dists/ - https://deb.nodesource.com/node_19.x/pool/main/n/nodejs/ + - https://nodejs.org/dist/latest-v19.x/ - _ETC!_ +If Nodesource.com does not yet support your Linux OS and IIAB's asked to install Node.js — IIAB will then [fall back](https://github.com/iiab/iiab/blob/15a689e30b4eea325e4bb8d35e19990dd8062fbc/roles/nodejs/tasks/install.yml#L103-L107) to: (running the equivalent of) + +``` +sudo apt install nodejs npm +sudo echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml +``` + +(The above installs your OS's own versions of Node.js and npm.) + +Separately, if you later want to try **wiping** nodejs and npm (AT YOUR OWN RISK!) to attempt the Nodesource approach instead, run: + +``` +cd /opt/iiab/iiab +sudo ./runrole --reinstall nodejs +``` + Raspberry Pi Zero W Warning --------------------------- From e82b486b604b2f401dce4cf4fab231bffeee15b6 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 23 Oct 2022 23:43:38 -0400 Subject: [PATCH 0162/1184] Force-install libssl1.1 on ARM64 22.04+ for MongoDB 5+ & Sugarizer --- roles/mongodb/defaults/main.yml | 9 +++++--- roles/mongodb/tasks/install.yml | 37 +++++++++++++++++++++++---------- 2 files changed, 32 insertions(+), 14 deletions(-) diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 19d2fa62f..0cace8905 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,9 +20,12 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 6.0 # 4.4 fails on Debian 12 with error "No package -# matching 'mongodb-org' is available" as of 2022-10-19. 5.0 works, but fails -# on "pre-2011" CPU's w/o AVX. VERIFY both X.Y versions exist (+ work!) below: +mongodb_64bit_version: 6.0 # 2022-10-23: 4.4 fails on Debian 12 x86_64: +# "No package matching 'mongodb-org' is available". 5.0+ fail on "pre-2011" +# CPU's w/o AVX, and on RPi due to MongoDB compiling these for v8.2-A (RPi 4 is +# ARM v8-A). SO IIAB ALWAYS OVERLAYS andyfelong.com's 5.0.5 IF 5.0+ SPECIFIED. +# +# VERIFY both X.Y versions exist (+ work!) below: # # 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com # 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index fd77f3324..5e0a35ba1 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -83,7 +83,11 @@ args: warn: false - - name: Install mongodb-org's Debian bullseye source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} + # 2022-10-23: MongoDB only allows auto-install of Debian's x86_64, AND IN ANY + # CASE all their MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON + # ARM v8-A RPi 4, LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. + # -> CAN THIS ENTIRE STANZA BE *DELETED* -- ALWAYS USING UBUNTU REPO BELOW ? + - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye @@ -92,18 +96,18 @@ # this was recently added to https://repo.mongodb.org/apt/debian/dists/ repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main - filename: mongodb-org + #filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" - # 2022-09-27: Soon to change from 'focal' to 'jammy' + # 2022-10-23: RasPiOS Bullseye *MAY* FAIL when 'focal' changed to 'jammy' ? - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse - filename: mongodb-org + #filename: mongodb-org when: not (is_debian and ansible_architecture == "x86_64") - # 2022-10-19: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; - # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 5 STANZAS + # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; + # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix # may be backported to 6.0, according to 2022-09-29 "official" gossip here...) # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 @@ -113,11 +117,16 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 + - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main #filename: focal-security # If filename focal-security.list is preferred - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + + - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 apt_repository: @@ -138,12 +147,18 @@ state: absent when: is_debian_12 - - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 + - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + state: absent + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + + - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main state: absent #filename: focal-security # 100% IGNORED during repo deletion - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 @@ -177,7 +192,7 @@ - name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand lineinfile: - path: "{{ mongodb_conf }}" + path: "{{ mongodb_conf }}" # /etc/mongod.conf regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb From 339d72de20b8a921adf219745914f939f452eff3 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 24 Oct 2022 22:59:34 -0400 Subject: [PATCH 0163/1184] Modernize Kolibri PPA installer for Ubuntu 23.04, 23.10 etc --- roles/kolibri/tasks/install.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 4aedc53ae..94a8d4949 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -61,15 +61,17 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 - - name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04 or 22.10 or Mint 21 or Debian 12) + - name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" - when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 - name: Add signed Kolibri PPA 'focal' (if other/older OS's) apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" - when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) + when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) + #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) # apt_repository: From 4512a2afaace5220d21315a64f0aa243f5112d6f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Oct 2022 21:43:44 -0400 Subject: [PATCH 0164/1184] vars/debian-12.yml: postgresql_version: 15 --- vars/debian-12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 3e22cd07e..50042fd50 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -18,6 +18,6 @@ mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh php_version: 8.1 -postgresql_version: 14 +postgresql_version: 15 systemd_location: /lib/systemd/system python_ver: "3.10" From 4f94011781cd4b2a5d3ee6243ef37c3a981c96df Mon Sep 17 00:00:00 2001 From: root Date: Fri, 28 Oct 2022 13:55:43 -0400 Subject: [PATCH 0165/1184] Prelim support for Ubuntu 23.04 Lunar Lobster --- roles/kalite/tasks/install.yml | 6 ++-- roles/monit/tasks/main.yml | 3 +- roles/network/tasks/avahi.yml | 30 +++++++++---------- roles/network/tasks/debian.yml | 6 ++-- roles/network/tasks/detected_network.yml | 8 +++-- roles/network/tasks/dhcpd.yml.unused | 3 +- roles/network/tasks/main.yml | 9 ++++-- roles/network/tasks/sysd-netd-debian.yml | 3 +- scripts/local_facts.fact | 1 + vars/debian-11.yml | 4 +-- vars/debian-12.yml | 2 +- vars/default_vars.yml | 37 ++++++++++++------------ vars/linuxmint-20.yml | 4 +-- vars/linuxmint-21.yml | 2 +- vars/raspbian-11.yml | 4 +-- vars/ubuntu-2004.yml | 4 +-- vars/ubuntu-2204.yml | 2 +- vars/ubuntu-2210.yml | 2 +- 18 files changed, 71 insertions(+), 59 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 2d12f9d17..722b7a566 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -28,7 +28,7 @@ virtualenv_command: /usr/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) + #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) - name: Use pip to install ka-lite-static to {{ kalite_venv }} @@ -63,7 +63,7 @@ path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' replace: 'a-zA-Z0-9\-' - when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) + #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? @@ -72,7 +72,7 @@ path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" regexp: 'a-zA-Z0-9' replace: 'a-zA-Z0-9\-' - when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 + #when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Create dir {{ kalite_root }} diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index c6c50d042..7cc7335f7 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -41,7 +41,8 @@ - name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml include_tasks: install.yml - when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) + when: monit_installed is undefined + #when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) #when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 8fe5f7159..cfa382d72 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -1,9 +1,9 @@ -- name: Create a user for avahi (debuntu) +- name: Create user 'avahi' user: name: avahi createhome: no shell: /bin/false - when: is_debuntu + #when: is_debuntu - name: Install avahi announce config file /etc/avahi/services/schoolserver.service template: @@ -20,24 +20,24 @@ # IF >= 2, Admin Console $gui_port from 0-init determines which port (http-or-https) is opened here: # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L133-L138 -- name: Find avahi_ver for clean copy of ssh.service (not debuntu) - shell: "ls /usr/share/doc/ | grep avahi | head -n1" - register: avahi_ver - ignore_errors: True - changed_when: False - # when: not is_debuntu # would cause failures 6 lines below +# - name: Find avahi_ver for clean copy of ssh.service (not debuntu) +# shell: "ls /usr/share/doc/ | grep avahi | head -n1" +# register: avahi_ver +# ignore_errors: True +# changed_when: False +# # when: not is_debuntu # would cause failures 6 lines below -- name: Grab a clean copy of ssh.service (not debuntu) - copy: - src: '/usr/share/doc/{{ avahi_ver.stdout }}/ssh.service' - dest: /etc/avahi/services/ - when: avahi_ver.stdout != "" and not is_debuntu +# - name: Grab a clean copy of ssh.service (not debuntu) +# copy: +# src: '/usr/share/doc/{{ avahi_ver.stdout }}/ssh.service' +# dest: /etc/avahi/services/ +# when: avahi_ver.stdout != "" and not is_debuntu -- name: Grab a clean copy of ssh.service (debuntu) +- name: Grab a clean copy of ssh.service copy: src: /usr/share/doc/avahi-daemon/examples/ssh.service dest: /etc/avahi/services/ - when: is_debuntu + #when: is_debuntu - name: Set ssh port for avahi lineinfile: diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 52982af42..3cc21d7ee 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -53,14 +53,16 @@ template: dest: /etc/network/interfaces.d/patch_auto src: network/debian-auto.j2 - when: iiab_wan_iface != "none" and is_debian and not is_debian_8 + when: iiab_wan_iface != "none" and is_debian + #when: iiab_wan_iface != "none" and is_debian and not is_debian_8 - name: Clearing out /etc/network/interfaces for static addresses (debian-9+) lineinfile: state: absent path: /etc/network/interfaces regexp: "{{ iiab_wan_iface }}" - when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian and not is_debian_8 + when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian + #when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian and not is_debian_8 #- include_tasks: down-debian.yml diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index c4414b5ef..0fe997598 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -60,13 +60,14 @@ - name: Check /etc/network/interfaces for gateway shell: grep {{ device_gw }} /etc/network/interfaces | wc -l - when: is_debuntu + #when: is_debuntu register: wan_file - name: Setting wan_in_interfaces set_fact: wan_in_interfaces: True - when: is_debuntu and (wan_file.stdout|int > 0) + when: wan_file.stdout|int > 0 + #when: is_debuntu and (wan_file.stdout|int > 0) # WIRELESS -- if any wireless is detected as gateway, it becomes WAN - name: Look for any wireless interfaces @@ -220,7 +221,8 @@ - name: For Debian, always use bridging set_fact: iiab_lan_iface: br0 - when: num_lan_interfaces|int >= 1 and is_debuntu + when: num_lan_interfaces|int >= 1 + #when: num_lan_interfaces|int >= 1 and is_debuntu - name: WiFi is on the LAN - use bridging set_fact: diff --git a/roles/network/tasks/dhcpd.yml.unused b/roles/network/tasks/dhcpd.yml.unused index c306205cf..f3056dd4a 100644 --- a/roles/network/tasks/dhcpd.yml.unused +++ b/roles/network/tasks/dhcpd.yml.unused @@ -28,7 +28,8 @@ name: "{{ dhcp_service }}6" enabled: no state: stopped - when: is_ubuntu and not is_ubuntu_16 + when: is_ubuntu + #when: is_ubuntu and not is_ubuntu_16 #when: is_ubuntu_18 - name: Install systemd unit file to /etc/systemd/system/dhcpd.service diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index c8b9aeac1..f00939911 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -76,11 +76,13 @@ - name: NetworkManager in use include_tasks: NM-debian.yml - when: is_debuntu and network_manager_active + when: network_manager_active + #when: is_debuntu and network_manager_active - name: systemd-networkd in use include_tasks: sysd-netd-debian.yml - when: is_debuntu and systemd_networkd_active + when: systemd_networkd_active + #when: is_debuntu and systemd_networkd_active - name: Raspbian can use dhcpcd only with no N-M or SYS-NETD active include_tasks: rpi_debian.yml @@ -88,7 +90,8 @@ - name: Not RPi, Not NetworkManager, Not systemd-networkd in use include_tasks: debian.yml - when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 + when: not is_raspbian and not network_manager_active and not systemd_networkd_active + #when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 #### end network layout - name: Restart services diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 2954d22e3..f1b860d85 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -40,7 +40,8 @@ template: dest: /etc/systemd/network/IIAB-Static.network src: network/systemd-static-net.j2 - when: wan_ip != "dhcp" and ( is_ubuntu_16 or not network_manager_active ) + when: wan_ip != "dhcp" and not network_manager_active + #when: wan_ip != "dhcp" and ( is_ubuntu_16 or not network_manager_active ) - name: Create networkd-dispatcher diagnostic hook for recording network events template: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 57d56575b..ce796fcc3 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -79,6 +79,7 @@ case $OS_VER in "ubuntu-2004" | \ "ubuntu-2204" | \ "ubuntu-2210" | \ + "ubuntu-2304" | \ "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") diff --git a/vars/debian-11.yml b/vars/debian-11.yml index bf0154cef..e3919dac4 100644 --- a/vars/debian-11.yml +++ b/vars/debian-11.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 7.4 +php_version: "7.4" postgresql_version: 13 systemd_location: /lib/systemd/system -python_ver: 3.9 +python_ver: "3.9" diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 50042fd50..915e91537 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 8.1 +php_version: "8.1" postgresql_version: 15 systemd_location: /lib/systemd/system python_ver: "3.10" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 920bb6bc3..9f656a926 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -755,15 +755,16 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2304: False is_ubuntu_2210: False is_ubuntu_2204: False -is_ubuntu_2110: False -is_ubuntu_2104: False +#is_ubuntu_2110: False +#is_ubuntu_2104: False is_ubuntu_2004: False -is_ubuntu_19: False -is_ubuntu_18: False -is_ubuntu_17: False -is_ubuntu_16: False +#is_ubuntu_19: False +#is_ubuntu_18: False +#is_ubuntu_17: False +#is_ubuntu_16: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_21: False @@ -772,22 +773,22 @@ is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) is_debian_12: False is_debian_11: False -is_debian_10: False -is_debian_9: False -is_debian_8: False +#is_debian_10: False +#is_debian_9: False +#is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) is_raspbian_11: False -is_raspbian_10: False -is_raspbian_9: False -is_raspbian_8: False +#is_raspbian_10: False +#is_raspbian_9: False +#is_raspbian_8: False -is_redhat: False # Not well supported as of 2019, see: https://github.com/iiab/iiab/issues/1434 -is_centos: False -is_centos_7: False -is_fedora: False -is_fedora_22: False -is_fedora_18: False +#is_redhat: False # Unsupported as of 2019, see: https://github.com/iiab/iiab/issues/1434 +#is_centos: False +#is_centos_7: False +#is_fedora: False +#is_fedora_22: False +#is_fedora_18: False # How This Works: # diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml index 4e3cc762b..6bb852035 100644 --- a/vars/linuxmint-20.yml +++ b/vars/linuxmint-20.yml @@ -19,7 +19,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 7.4 +php_version: "7.4" postgresql_version: 12 systemd_location: /lib/systemd/system -python_ver: 3.8 +python_ver: "3.8" diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index 799915c1e..8ef6c654c 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -19,7 +19,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 8.1 +php_version: "8.1" postgresql_version: 14 systemd_location: /lib/systemd/system python_ver: "3.10" diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index 6ad1ebe21..bb74aca90 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -19,10 +19,10 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: ssh sshd_service: ssh -php_version: 7.4 +php_version: "7.4" postgresql_version: 13 systemd_location: /lib/systemd/system -python_ver: 3.9 +python_ver: "3.9" # Minetest for RPi minetest_server_bin: /library/games/minetest/bin/minetestserver diff --git a/vars/ubuntu-2004.yml b/vars/ubuntu-2004.yml index b5890c330..e3a4dd5b6 100644 --- a/vars/ubuntu-2004.yml +++ b/vars/ubuntu-2004.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 7.4 +php_version: "7.4" postgresql_version: 12 systemd_location: /lib/systemd/system -python_ver: 3.8 +python_ver: "3.8" diff --git a/vars/ubuntu-2204.yml b/vars/ubuntu-2204.yml index 47d60d401..a2d0a874b 100644 --- a/vars/ubuntu-2204.yml +++ b/vars/ubuntu-2204.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 8.1 +php_version: "8.1" postgresql_version: 14 systemd_location: /lib/systemd/system python_ver: "3.10" diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml index 31d73daf9..fb09bd1e3 100644 --- a/vars/ubuntu-2210.yml +++ b/vars/ubuntu-2210.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 8.1 +php_version: "8.1" postgresql_version: 14 systemd_location: /lib/systemd/system python_ver: "3.10" From c05588b09d4b0004378d226ad87c42aee8b9b56d Mon Sep 17 00:00:00 2001 From: root Date: Fri, 28 Oct 2022 14:41:20 -0400 Subject: [PATCH 0166/1184] Tighten up kalite/tasks/install.yml for recent OS's --- roles/kalite/tasks/install.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 722b7a566..5df22a881 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -20,7 +20,7 @@ #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. -- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # if Raspbian/Debian > 10 or Ubuntu > 19 pip: name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv @@ -58,7 +58,7 @@ # dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu # when: apache_installed is defined -- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # if Raspbian/Debian > 10 or Ubuntu > 19 replace: path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' @@ -67,13 +67,13 @@ # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? -- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 - replace: - path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" - regexp: 'a-zA-Z0-9' - replace: 'a-zA-Z0-9\-' - #when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. +# - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 +# replace: +# path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" +# regexp: 'a-zA-Z0-9' +# replace: 'a-zA-Z0-9\-' +# when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 +# # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Create dir {{ kalite_root }} file: From 0dc7aeed33f082f419a11d92f3bf89ba60401b12 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 28 Oct 2022 19:00:24 -0400 Subject: [PATCH 0167/1184] kalite/tasks/install.yml: Clarify PR #3415 --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 5df22a881..6f359395d 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -20,7 +20,7 @@ #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. -- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv @@ -58,7 +58,7 @@ # dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu # when: apache_installed is defined -- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 replace: path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' From d082e8136239851bfc711b28b43a37cadd86af2f Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Nov 2022 22:44:02 -0400 Subject: [PATCH 0168/1184] enable_services.yml: Remove 110+ stale lines (dhcpd, named, DansGuardian, Wondershaper} --- roles/network/tasks/enable_services.yml | 113 +----------------------- 1 file changed, 1 insertion(+), 112 deletions(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 7cdb6da00..462b40868 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -1,72 +1,19 @@ -#- name: Disable dhcpd service -# service: -# name: dhcpd -# enabled: no -# when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled - -# service is restarted with NM dispatcher.d script -#- name: Enable dhcpd service -# service: -# name: dhcpd -# enabled: yes -# when: dhcpd_install and dhcpd_enabled - -#- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates (root:root, 0644 by default) -# template: -# src: "{{ item.src }}" -# dest: "{{ item.dest }}" -# # owner: root - # group: root - # mode: "{{ item.mode }}" -# with_items: -# - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd' } -# - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf' } -# when: dhcpd_install and dhcpd_enabled - -#- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab (root:root, 0644 by default) -# template: -# src: "{{ item.src }}" -# dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: "{{ item.mode }}" -# with_items: -# - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } -# - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } -# - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } -# when: named_install and named_enabled - -#- name: Enable named service ({{ dns_service }}) if named_enabled -# systemd: -# name: "{{ dns_service }}" -# enabled: yes -# when: named_install and named_enabled - -#- name: Disable named service ({{ dns_service }}) if not named_enabled -# systemd: -# name: "{{ dns_service }}" -# enabled: no -# when: (named_install or named_installed is defined) and not named_enabled - - name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance template: src: network/dnsmasq.conf.j2 dest: /etc/dnsmasq.d/iiab.conf when: iiab_network_mode != "Appliance" -# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Install /etc/hosts.dnsmasq from template for /etc/dnsmasq.d/iiab.conf (instead of using /etc/hosts) template: src: network/hosts-dnsmasq.j2 dest: /etc/hosts.dnsmasq when: iiab_network_mode != "Appliance" -# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Update /etc/dnsmasq.d/dnsmasq-iiab for custom dns setting template: src: network/dnsmasq-iiab dest: /etc/dnsmasq.d/dnsmasq-iiab -# when: dnsmasq_install # 2020-05-10: Are all these dnsmasq_install conditions really still necessary ? ## Another way to skin the cat ##- name: Check if systemd service networkd-dispatcher is enabled @@ -83,27 +30,19 @@ # command: systemctl is-enabled networkd-dispatcher # register: nd_enabled # ignore_errors: True -# -#- debug: -# var: nd_enabled - name: Check if /etc/networkd-dispatcher/routable.d exists stat: path: /etc/networkd-dispatcher/routable.d register: nd_dir -#- debug: -# var: nd_dir - - name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04 or later) (root:root by default) template: src: roles/network/templates/network/dnsmasq.sh.j2 dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh mode: 0755 - # owner: root - # group: root when: nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") -# when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") + #when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") @@ -125,17 +64,6 @@ enabled: no when: not dnsmasq_enabled -# - name: Enable DansGuardian systemd service, if dansguardian_enabled -# systemd: -# name: dansguardian -# enabled: yes -# when: dansguardian_install and dansguardian_enabled - -# - name: Disable DansGuardian, if not dansguardian_enabled -# systemd: -# name: dansguardian -# enabled: no -# when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled - name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }} - if squid_install [{{ squid_install }}] and squid_enabled [{{ squid_enabled }}] lineinfile: @@ -179,25 +107,12 @@ line: 'HTTPCACHE_ON=False' when: squid_installed is defined and not squid_enabled -# - name: Enable Wondershaper service, if wondershaper_enabled -# systemd: -# name: wondershaper -# enabled: yes -# when: wondershaper_install and wondershaper_enabled - -# - name: Disable Wondershaper service, if not wondershaper_enabled -# systemd: -# name: wondershaper -# enabled: no -# when: (wondershaper_install or wondershaper_installed is defined) and not wondershaper_enabled # check-LAN should be iptables.yml remove later - name: Install clean copy of /usr/bin/iiab-gen-iptables from template (root:root by default) template: src: gateway/iiab-gen-iptables dest: /usr/bin/iiab-gen-iptables - # owner: root - # group: root mode: 0755 @@ -213,29 +128,3 @@ - option: squid_enabled value: "{{ squid_enabled }}" when: squid_installed is defined - -# - name: Add 'dansguardian' variable values to {{ iiab_ini_file }} -# ini_file: -# path: "{{ iiab_ini_file }}" -# section: dansguardian -# option: "{{ item.option }}" -# value: "{{ item.value | string }}" -# with_items: -# - option: dansguardian_install -# value: "{{ dansguardian_install }}" -# - option: dansguardian_enabled -# value: "{{ dansguardian_enabled }}" -# when: dansguardian_installed is defined - -# - name: Add 'wondershaper' variable values to {{ iiab_ini_file }} -# ini_file: -# path: "{{ iiab_ini_file }}" -# section: wondershaper -# option: "{{ item.option }}" -# value: "{{ item.value | string }}" -# with_items: -# - option: wondershaper_install -# value: "{{ wondershaper_install }}" -# - option: wondershaper_enabled -# value: "{{ wondershaper_enabled }}" -# when: wondershaper_installed is defined From 1ddbc6f635691d0e617b2b9030aa2f438e3643b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Nov 2022 00:47:45 -0400 Subject: [PATCH 0169/1184] network/tasks/dnsmasq.yml: Indent per Ansible norm --- roles/network/tasks/dnsmasq.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/dnsmasq.yml b/roles/network/tasks/dnsmasq.yml index 2678650ae..9ea710e4f 100644 --- a/roles/network/tasks/dnsmasq.yml +++ b/roles/network/tasks/dnsmasq.yml @@ -11,8 +11,8 @@ group: root mode: "{{ item.mode }}" with_items: - - { src: 'roles/network/templates/network/dnsmasq.service.u18', dest: '/etc/systemd/system/iiab-dnsmasq.service', mode: '0644' } - - { src: 'roles/network/templates/network/dnsmasq-iiab', dest: '/etc/dnsmasq.d/dnsmasq-iiab', mode: '644' } + - { src: 'roles/network/templates/network/dnsmasq.service.u18', dest: '/etc/systemd/system/iiab-dnsmasq.service', mode: '0644' } + - { src: 'roles/network/templates/network/dnsmasq-iiab', dest: '/etc/dnsmasq.d/dnsmasq-iiab', mode: '644' } - name: Don't use stock dnsmasq systemd unit file during boot but start now systemd: From 3236dbef96fac8f8042e059e89ce122969a0e9a4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Nov 2022 01:14:40 -0400 Subject: [PATCH 0170/1184] gateway/iiab-internet-off: Tighter instructions --- roles/network/templates/gateway/iiab-internet-off | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-internet-off b/roles/network/templates/gateway/iiab-internet-off index d2c4c404d..f5a2e0578 100644 --- a/roles/network/templates/gateway/iiab-internet-off +++ b/roles/network/templates/gateway/iiab-internet-off @@ -11,5 +11,5 @@ https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables WARNING: If you want to _permanently_ change your IIAB's default behavior (i.e. to specify whether student/client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in -/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' +/etc/iiab/local_vars.yml — and finally run: sudo iiab-network EOF From 719e81c660ed8da93e9e525c16d298d6e6c8c815 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Nov 2022 01:15:22 -0400 Subject: [PATCH 0171/1184] gateway/iiab-internet-on: Tighter instructions --- roles/network/templates/gateway/iiab-internet-on | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-internet-on b/roles/network/templates/gateway/iiab-internet-on index be99c1533..d616498a7 100644 --- a/roles/network/templates/gateway/iiab-internet-on +++ b/roles/network/templates/gateway/iiab-internet-on @@ -11,5 +11,5 @@ https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables WARNING: If you want to _permanently_ change your IIAB's default behavior (i.e. to specify whether student/client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in -/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' +/etc/iiab/local_vars.yml — and finally run: sudo iiab-network EOF From 26eb7935ba88443c43447732f69d60e05eab6ad6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Nov 2022 21:07:58 -0500 Subject: [PATCH 0172/1184] Recommend ansible-core 2.14.0 --- scripts/ansible | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b574fd2f0..ad27fddd7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.5] -GOOD_VER=2.13.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.0] +GOOD_VER=2.14.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.13.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases (OLD) +# https://github.com/ansible/ansible/commits/stable-2.14 +# https://github.com/ansible/ansible/blob/stable-2.14/changelogs/CHANGELOG-v2.14.rst # https://github.com/ansible/ansible/commits/stable-2.13 # https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst # https://github.com/ansible/ansible/commits/stable-2.12 From b952d65c46a7d2cc6da19db5d2cf76f01a014d21 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 6 Nov 2022 21:38:33 -0500 Subject: [PATCH 0173/1184] Ansible 2.14 disallows 'args:' 'warn: no' --- roles/mongodb/tasks/install.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 5e0a35ba1..54b93c71e 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -80,8 +80,12 @@ - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - - args: - warn: false + #args: + # warn: no + # Ansible 2.14 ERROR: + # "Unsupported parameters for (ansible.legacy.command) module: warn. + # Supported parameters include: removes, strip_empty_ends, _raw_params, + # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." # 2022-10-23: MongoDB only allows auto-install of Debian's x86_64, AND IN ANY # CASE all their MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON From c46ffa142bbea8fa52e6821a94682e56975d9c57 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Nov 2022 09:33:43 -0500 Subject: [PATCH 0174/1184] RPi 3 install/requires ansible-core 2.11.x (for now?) --- iiab-install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-install b/iiab-install index 5ae96be74..d709b8438 100755 --- a/iiab-install +++ b/iiab-install @@ -10,8 +10,8 @@ ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forc CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' -MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.12.7 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 +MIN_ANSIBLE_VER=2.11.12 # 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 14a1b691134fc8da0e7ec326950f4f41cab0fc07 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Nov 2022 09:43:12 -0500 Subject: [PATCH 0175/1184] iiab-install: Clarify ansible-core 2.11 for RPi 3 (PR #3419) --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index d709b8438..08dc7eed7 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.11.12 # 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.11.12 # 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 125d930bdb32bd5a63f5a17d4dc3b0d1193746ce Mon Sep 17 00:00:00 2001 From: root Date: Wed, 9 Nov 2022 21:57:58 -0500 Subject: [PATCH 0176/1184] Til wheels fixed: ansible-core 2.12.10+ PPA on 32-bit RasPiOS --- scripts/ansible | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ad27fddd7..ec17ae84e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -128,6 +128,10 @@ fi ###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ ### > /etc/apt/sources.list.d/iiab-ansible.list +# 2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) +echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ + > /etc/apt/sources.list.d/iiab-ansible.list + # In future we might instead consider 'add-apt-repository ppa:ansible/ansible' # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined # removal using 'apt-add-repository -r' -- however that currently requires @@ -147,6 +151,9 @@ fi ###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg +# 2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) +cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg + ###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' ###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" ###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" @@ -172,13 +179,18 @@ $APT_PATH/apt -y install python3-pip #$APT_PATH/apt -y --allow-downgrades install ansible-core -# 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip -# cache system-wide before installing: -# https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 -# https://github.com/iiab/iiab/pull/3022 -pip3 config --global set global.no-cache-dir false -echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" -pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +if uname -m | grep -q 64; then + # 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip + # cache system-wide before installing: + # https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 + # https://github.com/iiab/iiab/pull/3022 + pip3 config --global set global.no-cache-dir false + echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" + pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +else + echo "2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" + $APT_PATH/apt -y --allow-downgrades install ansible-core +fi # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 1adef0e0ce0972ddc849be8f28c8c00fd8ba0de5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Nov 2022 22:25:30 -0500 Subject: [PATCH 0177/1184] Clarify focal PPA is ansible-core 2.12.10+ (i.e. evolving!) --- scripts/ansible | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ec17ae84e..3f6d6429a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -128,7 +128,7 @@ fi ###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ ### > /etc/apt/sources.list.d/iiab-ansible.list -# 2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) +# 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ > /etc/apt/sources.list.d/iiab-ansible.list @@ -151,7 +151,7 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la ###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg -# 2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) +# 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg ###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' @@ -188,7 +188,7 @@ if uname -m | grep -q 64; then echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 else - echo "2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" + echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" $APT_PATH/apt -y --allow-downgrades install ansible-core fi From 06c4b7aaf619c7f9b79b16f9f70ba7fc2011a3a2 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 10 Nov 2022 12:30:54 -0500 Subject: [PATCH 0178/1184] Block iiab-install of JHub+CWeb on 32-bit, til RasPiOS fixes Rust --- roles/6-generic-apps/tasks/main.yml | 2 +- roles/9-local-addons/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index f43e878f3..648991a4f 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -29,7 +29,7 @@ - name: JUPYTERHUB include_role: name: jupyterhub - when: jupyterhub_install + when: jupyterhub_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) # UNMAINTAINED - name: LOKOLE diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index f9ea8e20f..e8ab5d14b 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -27,7 +27,7 @@ - name: CALIBRE-WEB include_role: name: calibre-web - when: calibreweb_install + when: calibreweb_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) # KEEP NEAR THE VERY END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE From 87ef96b02910e01f8c798597005956fcff3b1934 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 10 Nov 2022 19:29:05 -0500 Subject: [PATCH 0179/1184] Create ubuntu-2304.yml --- vars/ubuntu-2304.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 vars/ubuntu-2304.yml diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml new file mode 100644 index 000000000..e8150f2e4 --- /dev/null +++ b/vars/ubuntu-2304.yml @@ -0,0 +1,23 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2304: True + +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_user: www-data +apache_conf_dir: apache2/sites-available +apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +mysql_service: mariadb +sshd_package: openssh-server +sshd_service: ssh +php_version: "8.1" +postgresql_version: 14 +systemd_location: /lib/systemd/system +python_ver: "3.10" From 56457b9829107bc7fe81f1ab035424db7e519f00 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 10 Nov 2022 19:57:05 -0500 Subject: [PATCH 0180/1184] /library/www/nextcloud initial footprint: 507 -> 519MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 409c8dbf4..1d3e82257 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -92,7 +92,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~138 MB) to {{ nextcloud_root_dir }} (~507 MB initially, 531+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~138 MB) to {{ nextcloud_root_dir }} (~519 MB initially, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 352a8f354013e923574ebc47046dba910d0cb3c4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 10 Nov 2022 21:04:26 -0500 Subject: [PATCH 0181/1184] Update latest.tar.bz2 & /library/www/nextcloud sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 1d3e82257..0d5dafea4 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -92,7 +92,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~138 MB) to {{ nextcloud_root_dir }} (~519 MB initially, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 03fd8b267f4b6f58153df9fcd71373ee54bd521f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 11 Nov 2022 13:00:08 -0500 Subject: [PATCH 0182/1184] /opt/iiab/jupyterhub size estimate: ~304 -> ~271 MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 8ef7ce7d9..d4ce6c0eb 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, after 2 Ansible calls)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~271 MB total, after 2 Ansible calls)" pip: name: - pip From 6333ea1483e9f97c2ffe61c861f4b93063b183a9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Nov 2022 08:00:07 -0500 Subject: [PATCH 0183/1184] minetest/README.rst: Unhelpful mention of ancient OS's --- roles/minetest/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/minetest/README.rst b/roles/minetest/README.rst index 82dfaa397..40ef4bc76 100644 --- a/roles/minetest/README.rst +++ b/roles/minetest/README.rst @@ -5,7 +5,7 @@ Minetest README `Minetest `_ is a `Minecraft `_-inspired creative/explorational building blocks game, written from scratch and licensed under the LGPL (version 2.1 or later). It supports both survival and creative modes along with multiplayer support, dynamic lighting, and an "infinite" map generator. -The Minetest multiplayer server can be installed as part of Internet-in-a-Box (IIAB) on Raspberry Pi (Raspbian), Ubuntu 18.04 and Debian 9 Stretch. +The Minetest multiplayer server can be installed as part of Internet-in-a-Box (IIAB) on Raspberry Pi OS, Ubuntu, or Debian. Please note that the initial configuration is for creative mode, and a number of mods are installed (see the list in `tasks/main.yml `_). From cd8f599dd79095d928d0b7204373fab3c92da415 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Wed, 16 Nov 2022 17:29:30 -0500 Subject: [PATCH 0184/1184] wip --- .../minetest/{tasks => NotUsed}/calc_vars.yml | 0 .../rpi_minetest_install.yml | 0 roles/minetest/README.rst | 2 ++ roles/minetest/defaults/main.yml | 18 +++++----- .../tasks/{provision.yml => install.yml} | 33 +------------------ roles/minetest/tasks/main.yml | 2 +- roles/minetest/tasks/minetest_install.yml | 10 ------ 7 files changed, 12 insertions(+), 53 deletions(-) rename roles/minetest/{tasks => NotUsed}/calc_vars.yml (100%) rename roles/minetest/{tasks => NotUsed}/rpi_minetest_install.yml (100%) rename roles/minetest/tasks/{provision.yml => install.yml} (64%) diff --git a/roles/minetest/tasks/calc_vars.yml b/roles/minetest/NotUsed/calc_vars.yml similarity index 100% rename from roles/minetest/tasks/calc_vars.yml rename to roles/minetest/NotUsed/calc_vars.yml diff --git a/roles/minetest/tasks/rpi_minetest_install.yml b/roles/minetest/NotUsed/rpi_minetest_install.yml similarity index 100% rename from roles/minetest/tasks/rpi_minetest_install.yml rename to roles/minetest/NotUsed/rpi_minetest_install.yml diff --git a/roles/minetest/README.rst b/roles/minetest/README.rst index 40ef4bc76..ac633d53b 100644 --- a/roles/minetest/README.rst +++ b/roles/minetest/README.rst @@ -2,6 +2,8 @@ Minetest README =============== +11/16/2022 THIS NEEDS REVISING + `Minetest `_ is a `Minecraft `_-inspired creative/explorational building blocks game, written from scratch and licensed under the LGPL (version 2.1 or later). It supports both survival and creative modes along with multiplayer support, dynamic lighting, and an "infinite" map generator. diff --git a/roles/minetest/defaults/main.yml b/roles/minetest/defaults/main.yml index 28f847046..052deed38 100644 --- a/roles/minetest/defaults/main.yml +++ b/roles/minetest/defaults/main.yml @@ -1,15 +1,13 @@ -# minetest_install: False -# minetest_enabled: False - -# minetest_port: 30000 -# minetest_server_admin: Admin - -# minetest_default_game: carbone-ng # only carbone-ng and minetest are supported -# minetest_flat_world: False - -# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# Other vars set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # These should not be touched unless minetest packages change +minetest_server_bin: /usr/lib/minetest/minetestserver minetest_config_file: /etc/minetest/minetest.conf minetest_world_dir: /library/games/minetest/worlds/world + +minetest_runas_user: root +minetest_runas_group: root + +#minetest_runas_user: Debian-minetest +#minetest_runas_group: games diff --git a/roles/minetest/tasks/provision.yml b/roles/minetest/tasks/install.yml similarity index 64% rename from roles/minetest/tasks/provision.yml rename to roles/minetest/tasks/install.yml index ac63b5329..25c8e54ff 100644 --- a/roles/minetest/tasks/provision.yml +++ b/roles/minetest/tasks/install.yml @@ -1,6 +1,3 @@ -# Calculate local variables -- include_tasks: calc_vars.yml - - name: Check for Minetest world file ({{ minetest_world_dir }}/world.mt) stat: path: "{{ minetest_world_dir }}/world.mt" @@ -14,29 +11,8 @@ # group: root # mode: '0755' -# rpi only -- include_tasks: rpi_minetest_install.yml - when: not minetest_world.stat.exists and is_raspbian - -# not rpi - include_tasks: minetest_install.yml - when: not minetest_world.stat.exists and not is_raspbian - -- git: - repo: https://github.com/Calinou/carbone-ng.git - dest: "{{ minetest_game_dir }}" - depth: 1 - when: not minetest_world.stat.exists and minetest_default_game == "carbone-ng" - -- name: Give Minetest user ownership of carbone-ng - file: - state: directory - path: "{{ minetest_game_dir }}" - recurse: yes - owner: "{{ minetest_runas_user }}" - group: "{{ minetest_runas_group }}" - # mode: 0755 - when: minetest_default_game == "carbone-ng" + when: not minetest_world.stat.exists # Install games #- include_tasks: minetest_install_games.yml @@ -63,13 +39,6 @@ url: https://github.com/Uberi/Minetest-WorldEdit/archive/master.zip when: minetest_default_game == "minetest" -- name: Remove mod from carbone-ng that prevents our Admin name - file: - state: absent - path: "{{ minetest_game_dir }}/mods/name_restrictions" - when: minetest_default_game == "carbone-ng" - - # RECORD Minetest AS INSTALLED - name: "Set 'minetest_installed: True'" diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml index f5fad6cd1..9955788d6 100644 --- a/roles/minetest/tasks/main.yml +++ b/roles/minetest/tasks/main.yml @@ -22,7 +22,7 @@ - block: - name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: provision.yml # i.e. install.yml in other roles + include_tasks: install.yml when: minetest_installed is undefined - include_tasks: enable-or-disable.yml diff --git a/roles/minetest/tasks/minetest_install.yml b/roles/minetest/tasks/minetest_install.yml index 354907526..8cf943147 100644 --- a/roles/minetest/tasks/minetest_install.yml +++ b/roles/minetest/tasks/minetest_install.yml @@ -1,5 +1,3 @@ -# For non-rpi installs - - name: Install Minetest package package: name: minetest-server @@ -35,11 +33,3 @@ mode: 0755 with_items: - "{{ minetest_world_dir }}" - -- name: Change exec line in generated unit file - lineinfile: - path: /lib/systemd/system/minetest-server.service - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^ExecStart=/usr/lib/minetest/minetestserver', line: 'ExecStart=/usr/lib/minetest/minetestserver --config /etc/minetest/minetest.conf --logfile /var/log/minetest/minetest.log --world "{{ minetest_world_dir }}"' } From cfdba34b641fc92e3fa0aae455065b264cc6928f Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 17 Nov 2022 09:36:26 -0500 Subject: [PATCH 0185/1184] forgot to commit default_vars.yml os vars not needed --- vars/default_vars.yml | 7 ++++++- vars/raspbian-11.yml | 9 --------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9f656a926..c902a32fc 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -631,8 +631,13 @@ internetarchive_port: 4244 # for http://box:4244 minetest_install: False minetest_enabled: False minetest_port: 30000 +minetest_working_dir: /usr/share/games/minetest + minetest_server_admin: Admin -minetest_default_game: carbone-ng # only carbone-ng and minetest are supported +# minetest_default_game: carbone-ng # carbone-ng is not longer compatible so not supported +minetest_default_game: minetest +# minetest_default_game: dreambuilder - after 5.6 +minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }}" minetest_flat_world: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index bb74aca90..beb9c01ac 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -23,12 +23,3 @@ php_version: "7.4" postgresql_version: 13 systemd_location: /lib/systemd/system python_ver: "3.9" - -# Minetest for RPi -minetest_server_bin: /library/games/minetest/bin/minetestserver -minetest_working_dir: /library/games/minetest -minetest_game_dir: /library/games/minetest/games/minetest_game -minetest_rpi_src_tar: minetest.5.1.1.tar.gz -#minetest_rpi_src_url: "https://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_url: "{{ iiab_download_url }}/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_untarred: Minetest From 28b345ab78bbf4cae04f30b60fff924c73a36b17 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 17 Nov 2022 09:41:18 -0500 Subject: [PATCH 0186/1184] mark templates unused --- ...netest-server.service.j2 => minetest-server.service.j2.unused} | 0 .../templates/{minetest.conf.j2 => minetest.conf.j2.unused} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename roles/minetest/templates/{minetest-server.service.j2 => minetest-server.service.j2.unused} (100%) rename roles/minetest/templates/{minetest.conf.j2 => minetest.conf.j2.unused} (100%) diff --git a/roles/minetest/templates/minetest-server.service.j2 b/roles/minetest/templates/minetest-server.service.j2.unused similarity index 100% rename from roles/minetest/templates/minetest-server.service.j2 rename to roles/minetest/templates/minetest-server.service.j2.unused diff --git a/roles/minetest/templates/minetest.conf.j2 b/roles/minetest/templates/minetest.conf.j2.unused similarity index 100% rename from roles/minetest/templates/minetest.conf.j2 rename to roles/minetest/templates/minetest.conf.j2.unused From d5ad79720c26de7eda82e4172ab9f053a96e0039 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 17 Nov 2022 11:56:18 -0500 Subject: [PATCH 0187/1184] fixes --- roles/minetest/tasks/install.yml | 14 +++++--------- vars/default_vars.yml | 2 +- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/roles/minetest/tasks/install.yml b/roles/minetest/tasks/install.yml index 25c8e54ff..1850eda84 100644 --- a/roles/minetest/tasks/install.yml +++ b/roles/minetest/tasks/install.yml @@ -23,20 +23,16 @@ # Install mods - include_tasks: minetest_install_mods.yml with_items: - - name: moreblocks - url: https://github.com/minetest-mods/moreblocks/archive/master.zip - - name: moreores - url: https://github.com/Calinou/moreores/archive/master.zip - name: basic_materials - url: https://gitlab.com/VanessaE/basic_materials/-/archive/master/basic_materials-master.zip + url: https://content.minetest.net/packages/VanessaE/basic_materials/releases/14936/download/ - name: mesecons - url: https://github.com/minetest-mods/mesecons/archive/master.zip + url: https://content.minetest.net/packages/Jeija/mesecons/releases/14247/download/ - name: digilines - url: https://github.com/minetest-mods/digilines/archive/master.zip + url: https://content.minetest.net/packages/Jeija/digilines/releases/13248/download/ - name: pipeworks - url: https://github.com/minetest-mods/pipeworks/archive/master.zip + url: https://content.minetest.net/packages/VanessaE/pipeworks/releases/7488/download/ - name: Minetest-WorldEdit - url: https://github.com/Uberi/Minetest-WorldEdit/archive/master.zip + url: https://content.minetest.net/packages/sfan5/worldedit/releases/13367/download/ when: minetest_default_game == "minetest" # RECORD Minetest AS INSTALLED diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c902a32fc..888162e98 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -637,7 +637,7 @@ minetest_server_admin: Admin # minetest_default_game: carbone-ng # carbone-ng is not longer compatible so not supported minetest_default_game: minetest # minetest_default_game: dreambuilder - after 5.6 -minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }}" +minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }}_game" minetest_flat_world: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX From 1f68641c71d09868ee3c65b7efd4fcec390c11dd Mon Sep 17 00:00:00 2001 From: tim-moody Date: Fri, 18 Nov 2022 09:01:46 -0500 Subject: [PATCH 0188/1184] update readme --- roles/minetest/README.rst | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/roles/minetest/README.rst b/roles/minetest/README.rst index ac633d53b..5d1afaba8 100644 --- a/roles/minetest/README.rst +++ b/roles/minetest/README.rst @@ -2,8 +2,6 @@ Minetest README =============== -11/16/2022 THIS NEEDS REVISING - `Minetest `_ is a `Minecraft `_-inspired creative/explorational building blocks game, written from scratch and licensed under the LGPL (version 2.1 or later). It supports both survival and creative modes along with multiplayer support, dynamic lighting, and an "infinite" map generator. @@ -32,7 +30,7 @@ If changes are necessary, please edit `/etc/iiab/local_vars.yml `_ +- ``minetest_default_game:`` only the default minetest game is supported at present; in future the default will be DreamBuilder - ``minetest_flat_world:`` use a flat mapgen engine to lower computation on client; default is False After installation, you can monitor the 'minetest-server' service with command:: @@ -44,17 +42,6 @@ File Locations - The config file is ``/etc/minetest/minetest.conf`` - The world files are at ``/library/games/minetest/worlds/world`` - -File Locations on Raspberry Pi ------------------------------- - -- The server binary is ``/library/games/minetest/bin/minetestserver`` -- The working directory is ``/library/games/minetest`` -- mods are in ``/library/games/minetest/games//mods`` - -File Locations on Other Platforms ---------------------------------- - - The server binary is ``/usr/lib/minetest/minetestserver`` - The working directory is ``/usr/share/games/minetest`` - mods are in ``/usr/share/games/minetest/games//mods`` @@ -62,6 +49,6 @@ File Locations on Other Platforms To Do ----- -- Add more mods — currently only the default mods are there in carbone-ng +- Add more mods - Add more games - Minetest client software for Windows and Android, included onboard IIAB for offline communities (`#1465 `_) From d44f814e0e7e31e62071da2d114b186214bf56aa Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Nov 2022 12:38:37 -0500 Subject: [PATCH 0189/1184] Move netplan.j2 to netplan.j2.unused (as PR #2380 reverted PR #1634) --- roles/network/templates/network/{netplan.j2 => netplan.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/network/templates/network/{netplan.j2 => netplan.j2.unused} (100%) diff --git a/roles/network/templates/network/netplan.j2 b/roles/network/templates/network/netplan.j2.unused similarity index 100% rename from roles/network/templates/network/netplan.j2 rename to roles/network/templates/network/netplan.j2.unused From cc226b9e2d5333ee0380423b230a339174c1ea8e Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Nov 2022 13:20:26 -0500 Subject: [PATCH 0190/1184] Install Moodle 4.1 LTS, or 4.2dev if OS PHP >= 8.2 --- roles/moodle/defaults/main.yml | 12 ++++++------ roles/moodle/tasks/install.yml | 10 +++++----- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index d455ddd7e..6c3e6db16 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,15 +8,15 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2022-09-27: Currently testing Moodle's master branch is mandatory if your -# OS PHP >= 8.1 -- see moodle/tasks/install.yml for detail! -# (Any moodle_version setting below applies IF-AND-ONLY-IF your OS PHP < 8.1) -#moodle_version: master # Try Moodle's "weekly" 4.1dev pre-release, even if OS PHP < 8.1 -moodle_version: MOODLE_400_STABLE # Use Moodle 4.0 +# 2022-11-27: Currently testing Moodle's master branch is mandatory if your +# OS PHP >= 8.2, see moodle/tasks/install.yml for detail! OR, *IF* your +# OS PHP < 8.2, then {{ moodle_version }} will be attempted: +moodle_version: MOODLE_401_STABLE # Moodle 4.1 LTS +#moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! -moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab +moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab moodle_data: "{{ content_base }}/moodle" # /library moodle_db_name: moodle diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index d42cb05e3..8525b55a9 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -43,21 +43,21 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} >= 8.1" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} >= 8.2" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022) - when: php_version is version('8.1', '>=') + when: php_version is version('8.2', '>=') -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} < 8.1 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} < 8.2 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. master or MOODLE_400_STABLE - when: php_version is version('8.1', '<') + version: "{{ moodle_version }}" # e.g. MOODLE_401_STABLE (Moodle 4.1) + when: php_version is version('8.2', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 3ca4a8873653d895e3175de32934abdd94808d42 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Nov 2022 13:46:29 -0500 Subject: [PATCH 0191/1184] Clarify Moodle 4.1 size on disk; "weekly" master 4.2dev --- roles/moodle/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 8525b55a9..ea98ebe31 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -43,15 +43,15 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} >= 8.2" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.2" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022) + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022) when: php_version is version('8.2', '>=') -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} < 8.2 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.2 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle From 3de6916af27da06f00b6739b9a780bf9228491f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Nov 2022 14:29:18 -0500 Subject: [PATCH 0192/1184] #3430: Moodle 4.2 will require php exif (we're already set!) --- roles/moodle/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index ea98ebe31..734730cde 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -30,6 +30,7 @@ #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + #- php{{ php_version }}-exif # 2022-11-27: Recommended by Moodle 4.1, required by Moodle 4.2 (for image metadata, rotation, etc?) apt package(s) NOT REQUIRED as it's somehow already installed with PHP's core, as confirmed by 'php -m' & 'php -i' on Ubuntu 22.04 and RasPiOS. - php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml From 4c4ce7fa3217edb6d49a231d2af04f18d3160da2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 28 Nov 2022 10:58:19 -0500 Subject: [PATCH 0193/1184] Clarify /library/gitea/bin/gitea-1.17 begins as ~108 MB --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 7e064548f..02dfa7cda 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -43,7 +43,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~100 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~108 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16 From 4385d4eb823b4d7a6f746b89040c9fc629f60e02 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Dec 2022 12:17:48 -0500 Subject: [PATCH 0194/1184] mediawiki/defaults/main.yml: Version 1.39.0 --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 3ab859963..68a13ca74 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 4 +mediawiki_major_version: 1.39 # "1.35" also works +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 7003fa984c0b4d18f32d22d7b6dbc89056d5a317 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Dec 2022 12:50:57 -0500 Subject: [PATCH 0195/1184] Recommend ansible-core 2.14.1 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 3f6d6429a..2766aec7b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.0] -GOOD_VER=2.14.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.1] +GOOD_VER=2.14.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From ef8808b28dc65820ff204b2a57f8833a6adbf2db Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 08:09:23 -0500 Subject: [PATCH 0196/1184] Rename .travis.yml to .travis.yml.unused --- .travis.yml => .travis.yml.unused | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .travis.yml => .travis.yml.unused (100%) diff --git a/.travis.yml b/.travis.yml.unused similarity index 100% rename from .travis.yml rename to .travis.yml.unused From 83a6a2db0b22bde9f5781978538f384f98808388 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 08:24:28 -0500 Subject: [PATCH 0197/1184] www_base/tasks/main.yml: php-stem.yml might later support PHP 8.2 --- roles/www_base/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index f7fe20fc6..0f557148f 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -28,7 +28,7 @@ - name: Install php-stem.yml if php_version == 7.4 and (ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64" or ansible_machine == "x86_64") include_tasks: php-stem.yml when: php_version == 7.4 and (ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64" or ansible_machine == "x86_64") - # or php_version == 8.0 or php_version == 8.1 (IIAB MIGHT SUPPORT THESE LATER IN 2022) + # or php_version == 8.0 or php_version == 8.1 or php_version == 8.2 (IIAB MIGHT SUPPORT THESE LATER IN 2023) # or php_version == 7.2 or php_version == 7.3 (PROBABLY WORK, AT YOUR OWN RISK!) - name: Create dir {{ doc_root }}/home -- if you customized var iiab_home_url e.g. in /etc/iiab/local_vars.yml, that dir is created later -- by www_options/tasks/main.yml From 7746ebd2d265e2acdcb691ef44570b496a64389a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 08:49:26 -0500 Subject: [PATCH 0198/1184] Clean .gitignore: XS bitrot, space pollution, emacs support --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 38f8427ed..eefeddb66 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,8 @@ -xs-config.spec build deprecated .ansible *.patches -*.log +*.log *.retry *~ +.#* From cca40edb3d10fabbab53ac79a1705906a14b83a0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 09:23:21 -0500 Subject: [PATCH 0199/1184] .gitignore enhanced for emacs, which generates even more tmp files since 2022 --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitignore b/.gitignore index eefeddb66..62c1c7bcf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,13 @@ +# https://git-scm.com/docs/gitignore + build deprecated .ansible *.patches *.log *.retry + +# Lines below for emacs, which generates even more tmp files since 2022 *~ .#* +\#*# From b691bd8252a67205f6c6f4c7660fc7c18153b780 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 21 Dec 2022 13:34:30 -0500 Subject: [PATCH 0200/1184] Dynamically extract python_ver & postgresql_version --- roles/0-init/tasks/main.yml | 10 ++++++---- roles/lokole/tasks/install.yml | 17 ++++++++++++----- roles/postgresql/tasks/install.yml | 11 ++++++++--- scripts/local_facts.fact | 16 +++++++++++++--- vars/debian-11.yml | 4 ++-- vars/debian-12.yml | 4 ++-- vars/linuxmint-20.yml | 4 ++-- vars/linuxmint-21.yml | 4 ++-- vars/raspbian-11.yml | 4 ++-- .../{ubuntu-2004.yml => ubuntu-2004.yml.unused} | 0 vars/ubuntu-2204.yml | 4 ++-- vars/ubuntu-2210.yml | 4 ++-- vars/ubuntu-2304.yml | 4 ++-- 13 files changed, 55 insertions(+), 31 deletions(-) rename vars/{ubuntu-2004.yml => ubuntu-2004.yml.unused} (100%) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index a12c91156..27de31b64 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -7,12 +7,13 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 11 vars -- here we extract 3 of those -- rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, iiab_stage: {{ ansible_local.local_facts.stage }}" +- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 14 vars -- here we extract 5 of those -- iiab_stage: {{ ansible_local.local_facts.stage }}, rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, os_ver: {{ ansible_local.local_facts.os_ver }}, python_ver: {{ ansible_local.local_facts.python_ver }}" set_fact: iiab_stage: "{{ ansible_local.local_facts.stage }}" rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" os_ver: "{{ ansible_local.local_facts.os_ver }}" + python_ver: "{{ ansible_local.local_facts.python_ver }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. @@ -21,9 +22,8 @@ when: not iiab_ini_test.stat.exists # 2021-07-30: The 'first_run' flag isn't much used anymore. In theory it's -# still used in these 2 places: -# (1) roles/1-prep/tasks/hardware.yml for raspberry_pi.yml -# (2) roles/network/tasks/named.yml for "Stop named before copying files" +# still used in 1-prep/tasks/hardware.yml for raspberry_pi.yml +# # This needs to be reworked for 0-init speed, and overall understandability. - name: Set first_run flag set_fact: @@ -96,6 +96,8 @@ value: "{{ devicetree_model }}" - option: os_ver value: "{{ os_ver }}" + - option: python_ver + value: "{{ python_ver }}" - option: first_run value: "{{ first_run }}" - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index b472ebdd3..82b1c9cf4 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,10 +2,10 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: "Install 8 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, python3-bcrypt, libffi-dev, libssl-dev, libopenjp2-7" +- name: Install 14 packages for Lokole apt: name: - - python3 + #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact - python3-pip - python3-venv - python3-dev @@ -55,12 +55,19 @@ extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ when: lokole_commit is undefined and lokole_version is undefined -- name: Compile translations +# 2022-12-21: Dynamic callout to Python moved to scripts/local_facts.fact (Python 3 is now a mandatory IIAB pre-req) +# - name: Compile translations +# shell: | +# python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) +# {{ lokole_venv }}/bin/pybabel compile -d {{ item }}/translations +# with_items: +# - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp" + +- name: Compile translations for Python {{ python_ver }} shell: | - python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) {{ lokole_venv }}/bin/pybabel compile -d {{ item }}/translations with_items: - - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp" + - "{{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp" - name: Create system {{ lokole_user }} user ansible.builtin.user: diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 3fa1a95d0..df2918a32 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -6,13 +6,18 @@ - python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present +- name: Run shell command "pg_config --version" to extract MAJOR version numner -- strip off MINOR/PATCH version number(s) + shell: pg_config --version | sed 's/^[^0-9]*//' | sed 's/[^0-9].*//' + register: pg_config_version + +- name: 'Dynamically set Ansible var "postgresql_version: {{ pg_config_version.stdout }}"' + set_fact: + postgresql_version: "{{ pg_config_version.stdout }}" + - name: Install /etc/systemd/system/postgresql-iiab.service from template (0644 by default) template: src: postgresql-iiab.service dest: /etc/systemd/system/postgresql-iiab.service - # owner: root - # group: root - # mode: '0644' - name: Create PostgreSQL data dir /library/pgsql-iiab, owned by postgres:postgres (0700) file: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index ce796fcc3..236e08619 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -11,7 +11,9 @@ STAGE=0 OS="none" -VERSION_ID="none" # This var's combined with the above, before being output +VERSION_ID="none" # Temp var, for: OS_VER="$OS-$VERSION_ID" +OS_VER="none" +PYTHON_VER="none" IIAB_REMOTE_URL="none" IIAB_BRANCH="none" IIAB_COMMIT="none" @@ -63,6 +65,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-17" | \ #"ubuntu-18" | \ #"ubuntu-19" | \ + #"ubuntu-2004" | \ #"ubuntu-2104" | \ #"ubuntu-2110" | \ #"centos-7" | \ @@ -76,7 +79,6 @@ OS_VER="$OS-$VERSION_ID" case $OS_VER in "debian-11" | \ "debian-12" | \ - "ubuntu-2004" | \ "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ @@ -123,6 +125,13 @@ tmp=$(ansible --version) && #ANSIBLE_VERSION=$(echo "$tmp" | head -1 | awk '{print $2}') #ANSIBLE_VERSION=$(echo "$tmp" | head -1 | sed -e 's/.* //') +if tmp=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));'); then + PYTHON_VER=$tmp +else + echo -e "\e[1m\nPython 3 is REQUIRED for Internet-in-a-Box. You might want to run:\n\nsudo apt install python3\n\e[0m" + exit 1 +fi + # THE LAST 3 BELOW ARE DIFFERENT as "systemctl is-enabled" unhelpfully returns # the same error code (i.e. 1) REGARDLESS whether the service is (A) disabled @@ -159,5 +168,6 @@ cat < Date: Wed, 21 Dec 2022 14:07:10 -0500 Subject: [PATCH 0201/1184] postgresql/tasks/install.yml typo: numner -> number --- roles/postgresql/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index df2918a32..dd7ac22b3 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -6,7 +6,7 @@ - python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present -- name: Run shell command "pg_config --version" to extract MAJOR version numner -- strip off MINOR/PATCH version number(s) +- name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s) shell: pg_config --version | sed 's/^[^0-9]*//' | sed 's/[^0-9].*//' register: pg_config_version From b8e0b5e13a398188b9ed3c899c570f34c6d4614c Mon Sep 17 00:00:00 2001 From: root Date: Wed, 21 Dec 2022 14:18:27 -0500 Subject: [PATCH 0202/1184] Cleaner sed in nextcloud, postgresql, iiab-diagnostics --- roles/nextcloud/tasks/install.yml | 2 +- roles/postgresql/tasks/install.yml | 2 +- scripts/iiab-diagnostics | 24 ++++++++++++------------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0d5dafea4..1d6e135cc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -3,7 +3,7 @@ # - name: Try to run 'php -v' to get PHP version # # e.g. converts multi-line "PHP 7.0.33-0ubuntu0.16.04.5 (cli) ( NTS ) ..." to "7.0.33" -# shell: php -v | head -1 | sed 's/^[^0-9.]*//' | sed 's/[^0-9.].*//' +# shell: php -v | head -1 | sed 's/^[^0-9.]*//; s/[^0-9.].*//' # register: php_version_installed # #ignore_errors: yes # NOT NEC: if php is not installed, php_version_installed.stdout will get set to "" diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index dd7ac22b3..6c7cdb4fc 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -7,7 +7,7 @@ state: present - name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s) - shell: pg_config --version | sed 's/^[^0-9]*//' | sed 's/[^0-9].*//' + shell: pg_config --version | sed 's/^[^0-9]*//; s/[^0-9].*//' register: pg_config_version - name: 'Dynamically set Ansible var "postgresql_version: {{ pg_config_version.stdout }}"' diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ed243490c..7361e5621 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -8,18 +8,18 @@ IIAB_RELEASE=$(cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2) OS_VER=$(cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2) YMDT=$(date +%F_%T_%Z) -git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root -HASH1=$(cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1) # --pretty=format:'%h' (8 chars) -BRANCH1=$(cd /opt/iiab/iiab; git branch --show-current) -REMOTE_URL1=$(cd /opt/iiab/iiab; git config remote.$(git config branch.$BRANCH1.remote).url) -PR_COUNT1=$(cd /opt/iiab/iiab; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) -TAG_COMMITS1=$(cd /opt/iiab/iiab; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') -git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root -HASH2=$(cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1) -BRANCH2=$(cd /opt/iiab/iiab-admin-console; git branch --show-current) -REMOTE_URL2=$(cd /opt/iiab/iiab-admin-console; git config remote.$(git config branch.$BRANCH2.remote).url) -PR_COUNT2=$(cd /opt/iiab/iiab-admin-console; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) -TAG_COMMITS2=$(cd /opt/iiab/iiab-admin-console; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') +# git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root +# HASH1=$(cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1) # --pretty=format:'%h' (8 chars) +# BRANCH1=$(cd /opt/iiab/iiab; git branch --show-current) +# REMOTE_URL1=$(cd /opt/iiab/iiab; git config remote.$(git config branch.$BRANCH1.remote).url) +# PR_COUNT1=$(cd /opt/iiab/iiab; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +# TAG_COMMITS1=$(cd /opt/iiab/iiab; git describe --tags | sed 's/-[^-]*$//; s/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') +# git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root +# HASH2=$(cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1) +# BRANCH2=$(cd /opt/iiab/iiab-admin-console; git branch --show-current) +# REMOTE_URL2=$(cd /opt/iiab/iiab-admin-console; git config remote.$(git config branch.$BRANCH2.remote).url) +# PR_COUNT2=$(cd /opt/iiab/iiab-admin-console; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +# TAG_COMMITS2=$(cd /opt/iiab/iiab-admin-console; git describe --tags | sed 's/-[^-]*$//; s/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') echo -e "\nGathers IIAB diagnostics into 1 file, to accelerate troubleshooting. USAGE:" echo From cc659d0837583bbf87e3ee10b3ad00b24798c08b Mon Sep 17 00:00:00 2001 From: root Date: Wed, 21 Dec 2022 19:29:04 -0500 Subject: [PATCH 0203/1184] Dynamically extract php_version & python_version --- iiab-install | 9 ++-- roles/0-init/tasks/main.yml | 11 +++-- roles/jupyterhub/tasks/install.yml | 2 +- roles/lokole/tasks/install.yml | 6 +-- roles/lokole/tasks/setup.yml | 4 +- roles/lokole/templates/lokole-nginx.conf.j2 | 4 +- runrole | 55 ++++++++++++++------- scripts/local_facts.fact | 39 +++++++++------ vars/debian-11.yml | 8 +-- vars/debian-12.yml | 8 +-- vars/linuxmint-20.yml | 6 +-- vars/linuxmint-21.yml | 6 +-- vars/raspbian-11.yml | 8 +-- vars/ubuntu-2004.yml.unused | 6 +-- vars/ubuntu-2204.yml | 6 +-- vars/ubuntu-2210.yml | 6 +-- vars/ubuntu-2304.yml | 6 +-- 17 files changed, 113 insertions(+), 77 deletions(-) diff --git a/iiab-install b/iiab-install index 08dc7eed7..532cbf81d 100755 --- a/iiab-install +++ b/iiab-install @@ -65,7 +65,7 @@ if [ ! -f /etc/iiab/local_vars.yml ]; then echo -e "████████████████████████████████████████████████████████████████████████████████\n" >&2 fi - echo -e "\nEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\n" >&2 + echo -e "\n\e[1mEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 @@ -124,7 +124,7 @@ CURR_ANSIBLE_VER=0 #if [[ $(command -v ansible) ]]; then # Also Works! $(...) nests more easily than backticks #if [[ `which ansible` ]]; then # "which" misses built-in commands like cd, and is RISKY per https://stackoverflow.com/questions/592620/check-if-a-program-exists-from-a-bash-script #if [[ `type -P ansible` ]]; then # "type -P" isn't POSIX compliant; it misses built-in commands like "cd" -if [[ `command -v ansible` ]]; then # "command -v" is POSIX compliant; it catches built-in commands like "cd" +if [[ $(command -v ansible) ]]; then # "command -v" is POSIX compliant; it catches built-in commands like "cd" CURR_ANSIBLE_VER=$(ansible --version | head -1 | cut -f 2- -d " " | sed 's/.* \([^ ]*\)\].*/\1/') # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: #CURR_ANSIBLE_VER=$(ansible --version | head -1 | awk '{print $2}') @@ -179,14 +179,15 @@ fi # /etc/iiab/iiab_state.yml is mandatory and must be created here. Background: # Allow iiab-install to read IIAB_STATE_FILE to not repeat installs of previous # roles that already completed within the stage. -if [ ! -f $IIAB_STATE_FILE ]; then - #touch $IIAB_STATE_FILE +if [ ! -f $IIAB_STATE_FILE ]; then # touch $IIAB_STATE_FILE + echo -e "\nCreating... $IIAB_STATE_FILE" cat > $IIAB_STATE_FILE << EOF # DO *NOT* MANUALLY EDIT THIS, THANKS! # IIAB does NOT currently support uninstalling apps/services. EOF fi + echo -e "\nTRY TO RERUN './iiab-install' IF IT FAILS DUE TO CONNECTIVITY ISSUES ETC!\n" echo -e "\e[1mRunning local Ansible playbooks...\n...Stage 0 will now run\n...followed by Stages $(($STAGE + 1))-9\n...and then the Network Role.\e[0m\n" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 27de31b64..7a1532898 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -7,13 +7,14 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 14 vars -- here we extract 5 of those -- iiab_stage: {{ ansible_local.local_facts.stage }}, rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, os_ver: {{ ansible_local.local_facts.os_ver }}, python_ver: {{ ansible_local.local_facts.python_ver }}" +- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 15 vars -- here we extract 6 of those -- iiab_stage: {{ ansible_local.local_facts.stage }}, rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, os_ver: {{ ansible_local.local_facts.os_ver }}, python_version: {{ ansible_local.local_facts.python_version }}, php_version: {{ ansible_local.local_facts.php_version }}" set_fact: iiab_stage: "{{ ansible_local.local_facts.stage }}" rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" os_ver: "{{ ansible_local.local_facts.os_ver }}" - python_ver: "{{ ansible_local.local_facts.python_ver }}" + python_version: "{{ ansible_local.local_facts.python_version }}" + php_version: "{{ ansible_local.local_facts.php_version }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. @@ -96,8 +97,10 @@ value: "{{ devicetree_model }}" - option: os_ver value: "{{ os_ver }}" - - option: python_ver - value: "{{ python_ver }}" + - option: python_version + value: "{{ python_version }}" + - option: php_version + value: "{{ php_version }}" - option: first_run value: "{{ first_run }}" - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d4ce6c0eb..68f909ea7 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -72,7 +72,7 @@ dest: /etc/systemd/system/jupyterhub.service # 2022-07-07: No longer needed, thx to upstream fixes -# - name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages +# - name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_version }}/site-packages # template: # src: getsite.py.j2 # dest: "{{ jupyterhub_venv }}/bin/getsite.py" diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 82b1c9cf4..a1ea1d357 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -55,7 +55,6 @@ extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ when: lokole_commit is undefined and lokole_version is undefined -# 2022-12-21: Dynamic callout to Python moved to scripts/local_facts.fact (Python 3 is now a mandatory IIAB pre-req) # - name: Compile translations # shell: | # python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) @@ -63,11 +62,12 @@ # with_items: # - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp" -- name: Compile translations for Python {{ python_ver }} +# 2022-12-21: python_version determined by scripts/local_facts.fact -- to match templates/lokole-nginx.conf.j2 +- name: Compile translations for Python {{ python_version }} shell: | {{ lokole_venv }}/bin/pybabel compile -d {{ item }}/translations with_items: - - "{{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp" + - "{{ lokole_venv }}/lib/python{{ python_version }}/site-packages/opwen_email_client/webapp" - name: Create system {{ lokole_user }} user ansible.builtin.user: diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml index a8542f90b..58a5ec716 100644 --- a/roles/lokole/tasks/setup.yml +++ b/roles/lokole/tasks/setup.yml @@ -3,11 +3,11 @@ name: supervisor state: started +# 2022-12-21: python_version determined by scripts/local_facts.fact -- to match templates/lokole-nginx.conf.j2 - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env - python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) - cd {{ lokole_venv }}/lib/python${python_version}/site-packages/ + cd {{ lokole_venv }}/lib/python{{ python_version }}/site-packages/ export FLASK_APP="opwen_email_client.webapp:app" {{ lokole_venv }}/bin/flask manage createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' diff --git a/roles/lokole/templates/lokole-nginx.conf.j2 b/roles/lokole/templates/lokole-nginx.conf.j2 index a2084a160..002961fcf 100644 --- a/roles/lokole/templates/lokole-nginx.conf.j2 +++ b/roles/lokole/templates/lokole-nginx.conf.j2 @@ -1,9 +1,9 @@ location = {{ lokole_url }}/favicon.ico { - alias {{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp/static/favicon.ico; + alias {{ lokole_venv }}/lib/python{{ python_version }}/site-packages/opwen_email_client/webapp/static/favicon.ico; } location ~ ^{{ lokole_url }}/static/(.*)$ { - alias {{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp/static/$1; + alias {{ lokole_venv }}/lib/python{{ python_version }}/site-packages/opwen_email_client/webapp/static/$1; } location {{ lokole_url }}/ { diff --git a/runrole b/runrole index 644665d2f..ad1387e2c 100755 --- a/runrole +++ b/runrole @@ -15,7 +15,7 @@ PLAYBOOK=run-one-role.yml if [ ! -f $PLAYBOOK ]; then echo "Exiting: IIAB Playbook not found." - echo "Please run this in /opt/iiab/iiab (top level of the git repo)." + echo "Please run this in /opt/iiab/iiab (top level of git repo)." exit 1 fi @@ -28,28 +28,48 @@ if [ $# -eq 0 ] || [ "$2" == "--reinstall" ] || [ "$3" == "--reinstall" ]; then exit 0 fi -# 2020-08-05: yes /etc/iiab/iiab_state.yml is necessary, but we DON'T -# want to encourage sloppy operators to delete/touch this file. -# -# (The iiab_state.yml file should always be created by ./iiab-install, -# for IIAB's Ansible roles that then auto-populate this file.) -# -# FYI ./iiab-network and ./iiab-configure likewise warn operators (IN RED!) -# if they try to run without the existence of /etc/iiab/iiab_state.yml : -# -# ERROR! vars file /etc/iiab/iiab_state.yml was not found -# -# Needed for Stages 1-3 if not installed yet -#if [ ! -f $IIAB_STATE_FILE ]; then -# touch $IIAB_STATE_FILE -#fi - if [ "$1" == "--reinstall" ]; then ARGS="$ARGS\"reinstall\":True," # Needs boolean not string so use JSON list REINSTALL=true shift fi + +# 4 snippets to guide -> bootstrap -> accelerate role debugging on bare OS's: + +mkdir -p /etc/iiab # -p avoids errors, effectively like '|| true' +if [ ! -f /etc/iiab/local_vars.yml ]; then + echo -e "\n\e[1mEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 + + echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 + echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 + echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2 + + echo -e ' https://download.iiab.io\n' >&2 + + exit 1 +fi + +# In comparison, ./iiab-network and ./iiab-configure warn operators (IN RED) +# if run without the existence of /etc/iiab/iiab_state.yml +if [ ! -f $IIAB_STATE_FILE ]; then # touch $IIAB_STATE_FILE + echo -e "\n\e[1mCreating... $IIAB_STATE_FILE\e[0m" + cat > $IIAB_STATE_FILE << EOF +# DO *NOT* MANUALLY EDIT THIS, THANKS! +# IIAB does NOT currently support uninstalling apps/services. + +EOF +fi + +if ! [[ $(command -v ansible) ]]; then + echo -e "\n\e[1mPlease install Ansible, by running:\n\nsudo /opt/iiab/iiab/scripts/ansible\e[0m\n" + exit 1 +fi + +mkdir -p /etc/ansible/facts.d +cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact + + ROLE_VAR=$1 # Ansible role name & var name sometimes differ :/ if [ $1 == "calibre-web" ]; then ROLE_VAR=calibreweb @@ -105,6 +125,7 @@ if ! $INSTALL; then ARGS="$ARGS\"${ROLE_VAR}_install\":True," fi + if [ $# -eq 2 ]; then export ANSIBLE_LOG_PATH="$2" else diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 236e08619..b78e21e43 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -13,14 +13,15 @@ STAGE=0 OS="none" VERSION_ID="none" # Temp var, for: OS_VER="$OS-$VERSION_ID" OS_VER="none" -PYTHON_VER="none" -IIAB_REMOTE_URL="none" IIAB_BRANCH="none" -IIAB_COMMIT="none" +IIAB_REMOTE_URL="none" IIAB_RECENT_TAG="none" +IIAB_COMMIT="none" RPI_MODEL="none" DEVICETREE_MODEL="none" ANSIBLE_VERSION="none" +PYTHON_VERSION="none" +PHP_VERSION="none" DHCPCD="none" # The last 3 conditioned on string output not RC. SEE BELOW. NETWORK_MANAGER="none" SYSTEMD_NETWORKD="none" @@ -90,6 +91,7 @@ case $OS_VER in ;; esac + # These next 4 help indicate what version of IIAB tmp=$(git rev-parse --abbrev-ref HEAD) && IIAB_BRANCH=$tmp @@ -102,11 +104,12 @@ tmp=$(git config branch.$IIAB_BRANCH.remote) && { fi } +tmp=$(git describe --tags --abbrev=0) && + IIAB_RECENT_TAG=$tmp + tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp -tmp=$(git describe --tags --abbrev=0) && - IIAB_RECENT_TAG=$tmp grep -iq raspberry /proc/device-tree/model && RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') @@ -119,6 +122,7 @@ grep -iq raspberry /proc/device-tree/model && tmp=$(tr -d '\0' < /proc/device-tree/model) && DEVICETREE_MODEL=$tmp + tmp=$(ansible --version) && ANSIBLE_VERSION=$(echo "$tmp" | head -1 | cut -f 2- -d " " | sed 's/.* \([^ ]*\)\].*/\1/') # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: @@ -126,12 +130,18 @@ tmp=$(ansible --version) && #ANSIBLE_VERSION=$(echo "$tmp" | head -1 | sed -e 's/.* //') if tmp=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));'); then - PYTHON_VER=$tmp + PYTHON_VERSION=$tmp else echo -e "\e[1m\nPython 3 is REQUIRED for Internet-in-a-Box. You might want to run:\n\nsudo apt install python3\n\e[0m" exit 1 fi +tmp=$(apt list php) && + PHP_VERSION=$(echo $tmp | grep -Po '[0-9]+\.[0-9]+' | head -1) +# Extracts the first (topmost, leftmost) MAJOR.MINOR, even if not yet installed +# Safer than: echo $tmp | grep php | head -1 | sed 's/.*://; s/[^0-9.].*//') +# https://stackoverflow.com/questions/16675179/how-to-use-sed-to-extract-substring/16675391#16675391 + # THE LAST 3 BELOW ARE DIFFERENT as "systemctl is-enabled" unhelpfully returns # the same error code (i.e. 1) REGARDLESS whether the service is (A) disabled @@ -157,17 +167,18 @@ tmp=$(systemctl is-enabled systemd-networkd) # https://en.wikipedia.org/wiki/Here_document cat < Date: Wed, 21 Dec 2022 21:12:02 -0500 Subject: [PATCH 0204/1184] local_facts.fact: Transition Linux Mint 20 to 21, as per #3416 --- scripts/local_facts.fact | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index b78e21e43..ed84729f5 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -59,6 +59,7 @@ OS_VER="$OS-$VERSION_ID" # Previously supported Linux distributions / versions: #"fedora-18" | \ #"fedora-22" | \ + #"centos-7" | \ #"debian-8" | \ #"debian-9" | \ #"debian-10" | \ @@ -69,7 +70,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2004" | \ #"ubuntu-2104" | \ #"ubuntu-2110" | \ - #"centos-7" | \ + #"linuxmint-20" | \ #"raspbian-8" | \ #"raspbian-9" | \ #"raspbian-10" | \ @@ -83,7 +84,6 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ - "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") ;; From 313fd279a296ceeaf7953582eb740989a26c0997 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 21:14:12 -0500 Subject: [PATCH 0205/1184] Rename linuxmint-20.yml to linuxmint-20.yml.unused --- vars/{linuxmint-20.yml => linuxmint-20.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{linuxmint-20.yml => linuxmint-20.yml.unused} (100%) diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml.unused similarity index 100% rename from vars/linuxmint-20.yml rename to vars/linuxmint-20.yml.unused From 503d8d0c244db2ccf2f6ace9108057ac7740585b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 22:11:17 -0500 Subject: [PATCH 0206/1184] local_facts.fact: Clarify mechanics for PRs #3438 #3439 --- scripts/local_facts.fact | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index ed84729f5..e68aa93d5 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -3,15 +3,15 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -# 2020-10-27: Most of the 13 variables require a command[*] to be run to +# 2020-10-27: Most of the [15] variables require a command[*] to be run to # establish the var's value. WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE. # # [*] DOESN'T MATTER WHAT COMMAND: so long as it fails with Return Code != 0 -# If statements then use that RC to force the var to these default values... +# If RC == 0, var is forced from its default value here: (using cmd's output) STAGE=0 OS="none" -VERSION_ID="none" # Temp var, for: OS_VER="$OS-$VERSION_ID" +VERSION_ID="none" # Just a temp var, for: OS_VER="$OS-$VERSION_ID" OS_VER="none" IIAB_BRANCH="none" IIAB_REMOTE_URL="none" From 38ee0cfe81fc785adaf65b88bbb767bfe4a7177f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 22:17:23 -0500 Subject: [PATCH 0207/1184] default_vars.yml: Mention /opt/iiab/iiab/vars/.yml --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 888162e98..04d326693 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -753,8 +753,8 @@ pbx_http_port: 83 # OS-DEPENDENT VARS: TURN OFF ALL VARS BELOW AND THEN THE CORRECT -# /opt/iiab/iiab/vars/.yml WILL TURN ON WHAT'S APPROPRIATE. See "How This -# Works" ~32 lines below, and https://github.com/iiab/iiab/wiki/IIAB-Platforms +# /opt/iiab/iiab/vars/.yml WILL TURN ON WHAT'S APPROPRIATE. See +# "How This Works" below, and https://github.com/iiab/iiab/wiki/IIAB-Platforms # Wide to narrow (insofar as poss) is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) From d720e209e339d4725efd51198c66504c02fe6094 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 22 Dec 2022 00:22:56 -0500 Subject: [PATCH 0208/1184] Move stale vars: vars/OS.yml to default_vars.yml or roles/X/defaults --- roles/kiwix/defaults/main.yml | 1 + roles/sshd/defaults/main.yml | 10 ++++++++++ vars/debian-11.yml | 27 ++++++++++++--------------- vars/debian-12.yml | 27 ++++++++++++--------------- vars/default_vars.yml | 8 ++++++++ vars/linuxmint-21.yml | 27 ++++++++++++--------------- vars/raspbian-11.yml | 27 ++++++++++++--------------- vars/ubuntu-2204.yml | 27 ++++++++++++--------------- vars/ubuntu-2210.yml | 27 ++++++++++++--------------- vars/ubuntu-2304.yml | 27 ++++++++++++--------------- 10 files changed, 103 insertions(+), 105 deletions(-) create mode 100644 roles/sshd/defaults/main.yml diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 2696974fd..24c1ff0a9 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -57,5 +57,6 @@ kiwix_url: /kiwix kiwix_url_plus_slash: "{{ kiwix_url }}/" # /kiwix/ kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix +systemctl_program: /bin/systemctl kiwix_nginx_timeout: 600 kiwix_threads: 4 diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml new file mode 100644 index 000000000..5c9c5dc17 --- /dev/null +++ b/roles/sshd/defaults/main.yml @@ -0,0 +1,10 @@ +# sshd_install: True # Required by OpenVPN +# sshd_enabled: True + +# sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! + +sshd_package: openssh-server +sshd_service: ssh diff --git a/vars/debian-11.yml b/vars/debian-11.yml index 56a77a8ad..67020e3c3 100644 --- a/vars/debian-11.yml +++ b/vars/debian-11.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_11: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "7.4" # postgresql_version: 13 # python_version: "3.9" diff --git a/vars/debian-12.yml b/vars/debian-12.yml index e4119b469..abdbf891b 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_12: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 15 # python_version: "3.10" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 04d326693..7a2d22e57 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -272,6 +272,7 @@ pi_swap_file_size: 1024 # THESE 2 LEGACY VARS ARE PRESERVED BUT HAVE NO EFFECT: mysql_install: True mysql_enabled: True +mysql_service: mariadb # 2020-09-24: NGINX is MANDATORY but still evolving - please see: # https://github.com/iiab/iiab/blob/master/roles/nginx/README.md @@ -300,6 +301,8 @@ squid_install: False squid_enabled: False # Enabling this ~= 'iiab_gateway_enabled: True' (ABOVE) gw_squid_whitelist: False # Works with HTTP sites, not HTTPS sites ! gw_block_https: False +proxy: squid # Admin Console uses +proxy_user: proxy # Could move to roles/network/defaults/main.yml # UNMAINTAINED as of July 2021 # DansGuardian REQUIRES Squid (above) be installed & enabled. @@ -320,6 +323,7 @@ iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True +systemd_location: /lib/systemd/system # 2-common iiab-startup also uses # Common UNIX Printing System (CUPS) cups_install: False @@ -332,6 +336,8 @@ samba_enabled: False samba_udp_ports: 137:138 samba_tcp_mports: 139,445 shared_dir : "{{ content_base }}/public" # /library/public +smb_service: smbd # Admin Console uses +nmb_service: nmbd # Could move to roles/samba/defaults/main.yml # roles/www_options HANDLES THE 3 VARS BELOW: @@ -346,6 +352,8 @@ nginx_high_php_limits: False # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False +apache_service: apache2 +apache_user: www-data # Admin Console uses # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index 302b863c8..85d2c51c1 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -1,4 +1,4 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now @@ -6,20 +6,17 @@ is_ubuntu_2204: True is_linuxmint: True is_linuxmint_21: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index 360559dc5..ff03dd183 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -1,4 +1,4 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_debian: True # Opposite of is_ubuntu for now @@ -6,20 +6,17 @@ is_debian_11: True is_raspbian: True is_raspbian_11: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: ssh -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: ssh +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "7.4" # postgresql_version: 13 # python_version: "3.9" diff --git a/vars/ubuntu-2204.yml b/vars/ubuntu-2204.yml index ad9276b76..e619ed95a 100644 --- a/vars/ubuntu-2204.yml +++ b/vars/ubuntu-2204.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2204: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml index 5c3836016..cfe7706f9 100644 --- a/vars/ubuntu-2210.yml +++ b/vars/ubuntu-2210.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2210: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml index 026704b4a..07ed43529 100644 --- a/vars/ubuntu-2304.yml +++ b/vars/ubuntu-2304.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2304: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" From fec9addc0f99ef69d17e024c9c20842878ef6282 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Dec 2022 00:50:07 -0500 Subject: [PATCH 0209/1184] postgresql/tasks/install.yml: Update comment --- roles/postgresql/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 6c7cdb4fc..214f8b028 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,4 +1,4 @@ -- name: 'Install packages: postgresql, postgresql-client' +- name: 'Install packages: postgresql, postgresql-client, python3-psycopg2' package: name: - postgresql From 5d66eb5f89da8eea76d22774260651fb54dd35e9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 23 Dec 2022 17:25:54 -0500 Subject: [PATCH 0210/1184] Might as well align ubuntu-2004.yml.unused w/ others --- vars/ubuntu-2004.yml.unused | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/vars/ubuntu-2004.yml.unused b/vars/ubuntu-2004.yml.unused index 6f700bf0e..bdae9367d 100644 --- a/vars/ubuntu-2004.yml.unused +++ b/vars/ubuntu-2004.yml.unused @@ -4,20 +4,17 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2004: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "7.4" # postgresql_version: 12 # python_ver: "3.8" From 13df79006cc3708cb39997a948c80a72b9585d39 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 23 Dec 2022 17:27:17 -0500 Subject: [PATCH 0211/1184] Might as well align linuxmint-20.yml.unused w/ others --- vars/linuxmint-20.yml.unused | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/vars/linuxmint-20.yml.unused b/vars/linuxmint-20.yml.unused index 24b2e4aa7..3d1c4c7a9 100644 --- a/vars/linuxmint-20.yml.unused +++ b/vars/linuxmint-20.yml.unused @@ -6,20 +6,17 @@ is_ubuntu_20: True is_linuxmint: True is_linuxmint_20: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "7.4" # postgresql_version: 12 # python_version: "3.8" From 3b3d223beba6412afaeaeb857bff46c55012d5ba Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 24 Dec 2022 07:29:02 -0500 Subject: [PATCH 0212/1184] Fix for Issue #3441 --- roles/matomo/tasks/install.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index e5d22fcfb..dabac9274 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -180,6 +180,13 @@ body_format: form-urlencoded status_code: 302 +- name: Set Matomo Directory Permissions + file: + path: "{{ matomo_path }}/matomo" + recurse: yes + owner: "{{ apache_user }}" # e.g. www-data + group: "{{ apache_user }}" + - name: Start Collecting Matomo Data cron: name: "MatomoDataIngestionOnReboot" From dd5c1818070a062410fc920ef338f58cd44ef601 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 24 Dec 2022 08:19:22 -0500 Subject: [PATCH 0213/1184] Add permissions fix as cronjob --- roles/matomo/tasks/install.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index dabac9274..66e3be188 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -205,6 +205,14 @@ cron_file: "matomo_daily" +- name: Start Collecting Matomo Data + cron: + name: "MatomoDataIngestionOnReboot2" + special_time: reboot + job: "sudo chown -R www-data:www-data /library/www/matomo" + user: root + cron_file: "matomo_reboot2" + # RECORD Matomo AS INSTALLED - name: "Set 'matomo_installed: True'" From c7ef1ce3d64da49794cc8af040c0bc35cc4d19f8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 24 Dec 2022 08:48:31 -0500 Subject: [PATCH 0214/1184] matomo/README.adoc: "username" consistency can't hurt --- roles/matomo/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 0ad39328a..ed24ec745 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -53,7 +53,7 @@ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (w === Getting Started -Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. +Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the username and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. From b968fd40f5a78ec1557c250a7c4f1c834b485469 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 24 Dec 2022 08:52:14 -0500 Subject: [PATCH 0215/1184] changes to cronjob hack as test --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 66e3be188..b05060e54 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -209,7 +209,7 @@ cron: name: "MatomoDataIngestionOnReboot2" special_time: reboot - job: "sudo chown -R www-data:www-data /library/www/matomo" + job: "sudo touch /library/www/matomo/tmp/cache/token.php && sudo mkdir /library/www/matomo/tmp/cache/tracker && sudo chown -R www-data:www-data /library/www/matomo" user: root cron_file: "matomo_reboot2" From 12f80696800b7ed4314d9eab20913f213ff36a3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 24 Dec 2022 08:56:10 -0500 Subject: [PATCH 0216/1184] matomo/README.adoc: "time stops" on some IIAB's (lacking RTC) but not all! --- roles/matomo/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index ed24ec745..8ce7d6b6b 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -55,13 +55,13 @@ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (w Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the username and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. -The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. +The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device may not keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* button after clicking *Behavior* and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. === IIAB Tips, Tricks, and Gotchas -1. If your Internet-in-a-Box setup is without power and Internet access, it will not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. +1. If your Internet-in-a-Box setup is without power and Internet access, it may not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. 2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. From 4823353dd957aecb42443caa1f0431e09dec92d7 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 24 Dec 2022 10:30:47 -0500 Subject: [PATCH 0217/1184] Replace shell commands with ansible --- roles/matomo/tasks/install.yml | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index b05060e54..4edb9ce65 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -180,13 +180,6 @@ body_format: form-urlencoded status_code: 302 -- name: Set Matomo Directory Permissions - file: - path: "{{ matomo_path }}/matomo" - recurse: yes - owner: "{{ apache_user }}" # e.g. www-data - group: "{{ apache_user }}" - - name: Start Collecting Matomo Data cron: name: "MatomoDataIngestionOnReboot" @@ -204,14 +197,19 @@ user: root cron_file: "matomo_daily" +- name: Set Permissions for token.php + copy: + content: "" + dest: "{{ matomo_path }}/matomo/tmp/cache/token.php" + group: "{{ apache_user }}" + owner: "{{ apache_user }}" -- name: Start Collecting Matomo Data - cron: - name: "MatomoDataIngestionOnReboot2" - special_time: reboot - job: "sudo touch /library/www/matomo/tmp/cache/token.php && sudo mkdir /library/www/matomo/tmp/cache/tracker && sudo chown -R www-data:www-data /library/www/matomo" - user: root - cron_file: "matomo_reboot2" +- name: Set Permissions for tracker Directory + file: + path: "{{ matomo_path }}/matomo/tmp/cache/tracker" + state: directory + owner: "{{ apache_user }}" + group: "{{ apache_user }}" # RECORD Matomo AS INSTALLED From 9c21d688ad0627d94c5679f8f30350d830a71d72 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 25 Dec 2022 08:28:12 -0500 Subject: [PATCH 0218/1184] iiab-admin/templates/sshpwd-lxde-iiab.sh.j2: Fix {{ sshd_service }} --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index 356789433..373d3888d 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -41,8 +41,8 @@ check_user_pwd() { # [ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ] } -#grep -q "^PasswordAuthentication\s\+no\b" /etc/ssh/sshd_config && return -#systemctl is-active {{ sshd_service }} || return +# grep -q "^PasswordAuthentication\s\+no\b" /etc/ssh/sshd_config && return +# systemctl is-active ssh || return # #3444: Or use Ansible var sshd_service if check_user_pwd "{{ iiab_admin_user }}" "{{ iiab_admin_published_pwd }}" ; then # iiab-admin g0adm1n zenity --warning --width=600 --text="Published password in use by user '{{ iiab_admin_user }}'.\n\nTHIS IS A SECURITY RISK - please change its password using IIAB's Admin Console (http://box.lan/admin) -> Utilities -> Change Password.\n\nSee 'What are the default passwords?' at http://FAQ.IIAB.IO" From a0fa51578cbe2a853dca89262cb2de2fa6099b3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Dec 2022 09:56:40 -0500 Subject: [PATCH 0219/1184] matomo/tasks/install.yml: Lint --- roles/matomo/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 4edb9ce65..a85577936 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -211,6 +211,7 @@ owner: "{{ apache_user }}" group: "{{ apache_user }}" + # RECORD Matomo AS INSTALLED - name: "Set 'matomo_installed: True'" From 0125554869cd050c24f1fd1916720a09b27e4cb1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Dec 2022 18:17:13 -0500 Subject: [PATCH 0220/1184] matomo/README.adoc: Clarify KA Lite restriction --- roles/matomo/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 8ce7d6b6b..0abedbbfa 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -63,7 +63,7 @@ Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* 1. If your Internet-in-a-Box setup is without power and Internet access, it may not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. -2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. +2. One thing Matomo can't track correctly is navigation within KA Lite (Khan Academy) pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. == Credits From 37f7d3eeaf3801d93c45faafbe6b2e0a6c9f3b7b Mon Sep 17 00:00:00 2001 From: root Date: Mon, 26 Dec 2022 16:03:19 -0500 Subject: [PATCH 0221/1184] Too many global vars: put {{ systemctl_program }} to rest --- roles/kiwix/defaults/main.yml | 1 - roles/kiwix/tasks/enable-or-disable.yml | 2 +- roles/kiwix/templates/iiab-make-kiwix-lib | 4 ++-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 24c1ff0a9..2696974fd 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -57,6 +57,5 @@ kiwix_url: /kiwix kiwix_url_plus_slash: "{{ kiwix_url }}/" # /kiwix/ kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix -systemctl_program: /bin/systemctl kiwix_nginx_timeout: 600 kiwix_threads: 4 diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index c3b2d617c..6487d84a2 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -26,7 +26,7 @@ - name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) lineinfile: # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" + line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" dest: /etc/crontab when: kiwix_enabled diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib b/roles/kiwix/templates/iiab-make-kiwix-lib index e69271949..f945bf2a4 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib +++ b/roles/kiwix/templates/iiab-make-kiwix-lib @@ -25,12 +25,12 @@ if flock -n -e 200; then : else /usr/bin/iiab-make-kiwix-lib.py -f # force rebuild of library.xml fi - {{ systemctl_program }} stop kiwix-serve + /usr/bin/systemctl stop kiwix-serve if [ -f $KIWIXLIB ]; then rm $KIWIXLIB fi mv $KIWIXLIB.tmp $KIWIXLIB - {{ systemctl_program }} start kiwix-serve + /usr/bin/systemctl start kiwix-serve else echo "Can't get wait lock for iiab-make-kiwix-lib.py"; exit 1; From f9b5e74d8a19ff56364c5a67be474d4af32f8ba9 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 26 Dec 2022 18:30:03 -0500 Subject: [PATCH 0222/1184] Enable/Disable kiwix-serve 4AM daily cron (using Ansible) --- roles/kiwix/tasks/enable-or-disable.yml | 30 +++++++++++++++++++------ 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index 6487d84a2..493ec86f7 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -17,19 +17,35 @@ when: kiwix_enabled -# TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled" - # In the past kiwix-serve did not stay running, so we'd been doing this hourly. # @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in # future, whenever service fails, if this really catches all cases?? # https://github.com/iiab/iiab/issues/484#issuecomment-342151726 -- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab + +- name: Set cron to restart kiwix-serve 4AM daily, if kiwix_enabled + cron: + name: kiwix-serve daily restart + minute: "0" + hour: "4" + job: /usr/bin/systemctl restart kiwix-serve.service + user: root + cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root when: kiwix_enabled +- name: Remove 4AM daily cron, if not kiwix_enabled + cron: + name: kiwix-serve daily restart + cron_file: kiwix-serve_daily + state: absent + when: not kiwix_enabled + +# - name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) +# lineinfile: +# # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed +# line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" +# dest: /etc/crontab +# when: kiwix_enabled + # - name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) # # * * * * * user-name command to be executed # lineinfile: From f082df8ef42103d047b2df15a89615c67841f987 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Dec 2022 07:17:09 -0500 Subject: [PATCH 0223/1184] /etc/cron.d/kiwix-serve_daily instead of defaults --- roles/kiwix/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index 493ec86f7..0381ae2cd 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -29,7 +29,7 @@ hour: "4" job: /usr/bin/systemctl restart kiwix-serve.service user: root - cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root + cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root or /etc/crontab when: kiwix_enabled - name: Remove 4AM daily cron, if not kiwix_enabled From ffa16d5bfb7b640d0e30f0221f84ca9120e00663 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Dec 2022 07:34:40 -0500 Subject: [PATCH 0224/1184] #3446: Further clarify /etc/cron.d/kiwix-serve_daily instead of... --- roles/kiwix/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index 0381ae2cd..a139a6551 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -29,7 +29,7 @@ hour: "4" job: /usr/bin/systemctl restart kiwix-serve.service user: root - cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root or /etc/crontab + cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root or /etc/cron.daily/* or /etc/crontab when: kiwix_enabled - name: Remove 4AM daily cron, if not kiwix_enabled From ca927e86ee62de95e75f72779f13e4e637808088 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Dec 2022 08:08:20 -0500 Subject: [PATCH 0225/1184] sshd/tasks/install.yml: Comment hygiene, similar to #3444 --- roles/sshd/tasks/install.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index 0be48232d..b772bdef8 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -1,11 +1,11 @@ # TODO: # -# 1) Implement sshd_port IF it's truly needed? Mentioned here as of 2020-09-24: +# 1) Implement sshd_port IF it's truly needed? Mentioned here as of 2020-12-27: # -# vars/default_vars.yml Line 212 -# roles/sshd/tasks/main.yml Lines 41-42 +# vars/default_vars.yml Line 226 +# roles/sshd/tasks/install.yml Lines 45-46 # roles/network/tasks/avahi.yml Line 46 -# roles/network/templates/gateway/iiab-gen-iptables Line 49 & 135 +# roles/network/templates/gateway/iiab-gen-iptables Line 71 & 153 # # 2) Use Ansible handler to reload ssh? @@ -20,7 +20,6 @@ regexp: '^PermitRootLogin' line: 'PermitRootLogin without-password' state: present - #when: sshd_enabled - name: mkdir /root/.ssh file: @@ -29,7 +28,6 @@ owner: root group: root mode: '0700' - #when: sshd_enabled - name: Install dummy root keys as placeholder copy: @@ -39,7 +37,6 @@ group: root mode: '0600' force: no - #when: sshd_enabled # RECORD sshd AS INSTALLED From dfaccc42aea379e69865114f4bdded18549cd908 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Dec 2022 08:11:06 -0500 Subject: [PATCH 0226/1184] Typo: Fix date in comment (ca927e86) --- roles/sshd/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index b772bdef8..86d1e9360 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -1,6 +1,6 @@ # TODO: # -# 1) Implement sshd_port IF it's truly needed? Mentioned here as of 2020-12-27: +# 1) Implement sshd_port IF it's truly needed? Mentioned here as of 2022-12-27: # # vars/default_vars.yml Line 226 # roles/sshd/tasks/install.yml Lines 45-46 From 59bd6eecfd0626ee1ed40e2b64c35b149996c6fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Dec 2022 10:19:34 -0500 Subject: [PATCH 0227/1184] Fix www_options comments: Default is "memory_limit = -1" in cli/php.ini --- roles/www_options/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 05bd3e12f..02becefc1 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -82,7 +82,7 @@ - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install @@ -122,7 +122,7 @@ - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install From 4638bc7124c37730c96263c6cf18e861466d0ede Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Dec 2022 12:15:57 -0500 Subject: [PATCH 0228/1184] Somewhat higher PHP limits for Matomo --- roles/www_options/tasks/main.yml | 20 ++++++++++---------- vars/default_vars.yml | 3 ++- vars/local_vars_large.yml | 3 ++- vars/local_vars_medium.yml | 3 ++- vars/local_vars_small.yml | 3 ++- vars/local_vars_unittest.yml | 3 ++- 6 files changed, 20 insertions(+), 15 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 02becefc1..4138c59ad 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -52,13 +52,13 @@ - debug: - msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install' + msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install' - block: # 5-STANZA BLOCK BEGINS # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -70,9 +70,9 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -84,7 +84,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # WARNING: This might cause excess use of RAM/disk or other resources! # The first 5 values below were chosen by @ericnitschke and @kananigit on @@ -98,7 +98,7 @@ # regular operation it uses: .../fpm/php.ini # And in the past it used: .../apache2/php.ini - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -110,9 +110,9 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -124,14 +124,14 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: name: php{{ php_version }}-fpm state: restarted - when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. + when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. # 'Is a "Rapid Power Off" button possible for low-electricity environments?' diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 7a2d22e57..d35902105 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -341,7 +341,7 @@ nmb_service: nmbd # Could move to roles/samba/defaults/main.yml # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -584,6 +584,7 @@ awstats_enabled: True # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: True matomo_enabled: True +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 624b01603..e6452da31 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -209,7 +209,7 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -342,6 +342,7 @@ awstats_enabled: True # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: True matomo_enabled: True +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 6e695caeb..ed29a7cfc 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -209,7 +209,7 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -342,6 +342,7 @@ awstats_enabled: True # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: True matomo_enabled: True +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 7e3092cbe..3c97b6536 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -209,7 +209,7 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -342,6 +342,7 @@ awstats_enabled: True # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: True matomo_enabled: True +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index f0fd76f47..8356deef1 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -209,7 +209,7 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -342,6 +342,7 @@ awstats_enabled: False # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: False matomo_enabled: False +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 From 3319e287d4ff138df1fa0c2062f88f1cf5316437 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 14:34:52 -0500 Subject: [PATCH 0229/1184] Disable trusted host check for Matomo Per 2022-12-27 IIAB community minutes 3b. --- roles/matomo/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index a85577936..e58cac922 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -211,6 +211,11 @@ owner: "{{ apache_user }}" group: "{{ apache_user }}" +- name: Don't Check for Trusted Host + ansible.builtin.lineinfile: + path: "{{ matomo_path }}/matomo/config/config.ini.php" + line: enable_trusted_host_check=0 + insertafter: "[General]" # RECORD Matomo AS INSTALLED From 34463b800fb5cc57c221e96321b68b038882bb26 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 15:02:38 -0500 Subject: [PATCH 0230/1184] Fix regex for lineinfile --- roles/matomo/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index e58cac922..76e5010c7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -214,8 +214,8 @@ - name: Don't Check for Trusted Host ansible.builtin.lineinfile: path: "{{ matomo_path }}/matomo/config/config.ini.php" - line: enable_trusted_host_check=0 - insertafter: "[General]" + line: "enable_trusted_host_check=0" + insertafter: "^\[General\]$" # RECORD Matomo AS INSTALLED From 7fb4bdde881bcd530070aca36165ead1755163a7 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 15:20:22 -0500 Subject: [PATCH 0231/1184] Escape equals for skip trusted host check --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 76e5010c7..0ad386d86 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -214,7 +214,7 @@ - name: Don't Check for Trusted Host ansible.builtin.lineinfile: path: "{{ matomo_path }}/matomo/config/config.ini.php" - line: "enable_trusted_host_check=0" + line: "enable_trusted_host_check\=0" insertafter: "^\[General\]$" # RECORD Matomo AS INSTALLED From 424f15c4d255e51404d6356c1e9e35e85dee63c1 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 15:56:14 -0500 Subject: [PATCH 0232/1184] Switch from lineinfile to ini_file lineinfile was really struggling to handle a k/v value with "=" in it. ini_file is built for precisely this file format and handles the issue effortlessly. --- roles/matomo/tasks/install.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 0ad386d86..49dc98dc7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -212,10 +212,11 @@ group: "{{ apache_user }}" - name: Don't Check for Trusted Host - ansible.builtin.lineinfile: + ini_file: path: "{{ matomo_path }}/matomo/config/config.ini.php" - line: "enable_trusted_host_check\=0" - insertafter: "^\[General\]$" + section: General + option: enable_trusted_host_check + value: 0 # RECORD Matomo AS INSTALLED From e635b25d7af0ecd1f01f8778bc3b24ff935f1ab2 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Thu, 29 Dec 2022 05:15:05 -0500 Subject: [PATCH 0233/1184] Don't make slash required in Matomo URL --- roles/matomo/templates/matomo-nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 index 21ae9ddfa..0a7b91609 100644 --- a/roles/matomo/templates/matomo-nginx.conf.j2 +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -12,6 +12,6 @@ location ~ ^/matomo(.*)\.php(.*)$ { fastcgi_param PATH_INFO $2; } -location ~ ^/matomo/ { +location ~ ^/matomo(/)? { root /library/www; } From 27b0c5b843537b8990b229e33179a1dd524d3c4c Mon Sep 17 00:00:00 2001 From: cwivagg Date: Thu, 29 Dec 2022 06:20:53 -0500 Subject: [PATCH 0234/1184] Add required PHP extensions --- roles/matomo/tasks/install.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 49dc98dc7..40d9c539d 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -10,6 +10,17 @@ # TASK [matomo : HTTP Get Welcome] *************************************************************************************************************************************** # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +# https://matomo.org/faq/on-premise/matomo-requirements/ +- name: Install Matomo's recommended PHP extensions + package: + name: + - php{{ php_version }}-curl + - php{{ php_version }}-gd + - php{{ php_version }}-cli + - php{{ php_version }}-mysql + - php{{ php_version }}-xml + - php{{ php_version }}-mbstring + - name: Start MariaDB #action: service name=mysql state=started systemd: From 81004687c822a2f9bd18dd9b8408a03a1d3cdc95 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Dec 2022 08:36:45 -0500 Subject: [PATCH 0235/1184] www_options/tasks/set-php-limits.yml run on demand (by 5 roles) --- roles/matomo/tasks/install.yml | 7 + roles/moodle/tasks/install.yml | 5 + roles/nextcloud/tasks/install.yml | 5 + roles/pbx/tasks/freepbx.yml | 5 + roles/wordpress/tasks/install.yml | 6 + roles/www_options/tasks/main.yml | 82 +--------- roles/www_options/tasks/set-php-limits.yml | 177 +++++++++++++++++++++ vars/default_vars.yml | 3 +- vars/local_vars_large.yml | 3 +- vars/local_vars_medium.yml | 3 +- vars/local_vars_small.yml | 3 +- vars/local_vars_unittest.yml | 3 +- 12 files changed, 216 insertions(+), 86 deletions(-) create mode 100644 roles/www_options/tasks/set-php-limits.yml diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index a85577936..694d34c7f 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -2,6 +2,7 @@ # Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running # from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156. + - name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/matomo already exists" meta: noop @@ -10,6 +11,12 @@ # TASK [matomo : HTTP Get Welcome] *************************************************************************************************************************************** # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} + +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + - name: Start MariaDB #action: service name=mysql state=started systemd: diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 734730cde..0ab9c921e 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,6 +17,11 @@ name: postgresql +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: # https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries # https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 1d6e135cc..eb6f350bb 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -40,6 +40,11 @@ # var: php_new +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 5480e7722..471bb4b82 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -2,6 +2,11 @@ # https://github.com/iiab/iiab/tree/master/roles/pbx#readme +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + # 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via # systemd-sysv-install, to '/etc/init.d/asterisk status' etc) is Enabled but # Not Active at this point. diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index a22710438..3dfd96cbf 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -11,6 +11,12 @@ # and security enhancements using timestamps under /library/wordpress, as these # can arise without warning when WordPress is online, since WordPress ~4.8 + +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + # 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: # https://make.wordpress.org/hosting/handbook/server-environment/ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 4138c59ad..dc59083f0 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -51,87 +51,7 @@ when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists -- debug: - msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install' - -- block: # 5-STANZA BLOCK BEGINS - - # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" - lineinfile: - path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" - lineinfile: - path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - # WARNING: This might cause excess use of RAM/disk or other resources! - # The first 5 values below were chosen by @ericnitschke and @kananigit on - # 2018-09-19: https://github.com/iiab/iiab/issues/1147 - - # 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional - # clauses (to reset/restore PHP's defaults) are not necessary at this time. - - # 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES* - # editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during - # regular operation it uses: .../fpm/php.ini - # And in the past it used: .../apache2/php.ini - - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" - lineinfile: - path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" - lineinfile: - path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - - name: Restart 'php{{ php_version }}-fpm' systemd service - systemd: - name: php{{ php_version }}-fpm - state: restarted - - when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. +# 2022-12-29: set-php-limits.yml run on demand (by roles that need it) # 'Is a "Rapid Power Off" button possible for low-electricity environments?' diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/set-php-limits.yml new file mode 100644 index 000000000..e71c22c99 --- /dev/null +++ b/roles/www_options/tasks/set-php-limits.yml @@ -0,0 +1,177 @@ +# As of 2022-12-29, this is invoked by: +# +# roles/matomo/tasks/install.yml +# roles/moodle/tasks/install.yml +# roles/nextcloud/tasks/install.yml +# roles/pbx/tasks/freepbx.yml +# roles/wordpress/tasks/install.yml + +# Ansible's ini_file would normally be best, to tweak .ini files: +# https://docs.ansible.com/ansible/latest/collections/community/general/ini_file_module.html +# +# But in this case, explanatory comments (inserted by lineinfile below) offer +# important context to implementers modifying both php.ini files after the fact. + + +# WARNING: 'nginx_high_php_limits: True' (especially!) might cause excess use of +# RAM/disk or other resources! Five original values below chosen by @kananigit +# and @ericnitschke on 2018-09-19: https://github.com/iiab/iiab/issues/1147 + +# 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional clauses +# (to reset/restore PHP's own defaults) are not necessary at this time. + +# 2021-06-28: WITH PHP 8.x, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES* +# editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during +# regular operation it uses: .../fpm/php.ini +# And in the past it used: .../apache2/php.ini + + +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + lineinfile: + path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: not nginx_high_php_limits and not moodle_install + +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + lineinfile: + path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: not nginx_high_php_limits and not moodle_install + + +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + lineinfile: + path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: nginx_high_php_limits or moodle_install + +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + lineinfile: + path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: nginx_high_php_limits or moodle_install + + +- name: Restart 'php{{ php_version }}-fpm' systemd service + systemd: + name: php{{ php_version }}-fpm + state: restarted + +- name: "Set 'set_php_limits: True' so set-php-limits.yml runs just once (per Ansible run)" + set_fact: + set_php_limits: True + + +# - debug: +# msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install' + +# - block: # 5-STANZA BLOCK BEGINS + +# # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server + +# - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +# lineinfile: +# path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# with_items: +# - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } +# - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } +# - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } +# - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } +# - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } +# - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } +# when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + +# - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +# lineinfile: +# path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# with_items: +# - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } +# - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } +# - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } +# - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } +# - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } +# - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } +# when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + +# # WARNING: This might cause excess use of RAM/disk or other resources! +# # The first 5 values below were chosen by @ericnitschke and @kananigit on +# # 2018-09-19: https://github.com/iiab/iiab/issues/1147 + +# # 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional +# # clauses (to reset/restore PHP's defaults) are not necessary at this time. + +# # 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES* +# # editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during +# # regular operation it uses: .../fpm/php.ini +# # And in the past it used: .../apache2/php.ini + +# - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +# lineinfile: +# path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# with_items: +# - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } +# - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } +# - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } +# - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } +# - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } +# - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } +# when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + +# - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +# lineinfile: +# path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# with_items: +# - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } +# - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } +# - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } +# - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } +# - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } +# - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } +# when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + +# - name: Restart 'php{{ php_version }}-fpm' systemd service +# systemd: +# name: php{{ php_version }}-fpm +# state: restarted + +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. diff --git a/vars/default_vars.yml b/vars/default_vars.yml index d35902105..57768b92d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -504,7 +504,8 @@ postgresql_enabled: False # Warning: Moodle is a serious LMS, that takes a while to install. moodle_install: False moodle_enabled: False -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index e6452da31..96a5e27f3 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -296,7 +296,8 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: True moodle_enabled: True -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index ed29a7cfc..086acca50 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -296,7 +296,8 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 3c97b6536..efda0cd4c 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -296,7 +296,8 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install. moodle_install: False moodle_enabled: False -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 8356deef1..f96fb415b 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -296,7 +296,8 @@ kiwix_enabled: False # Warning: Moodle is a serious LMS, that takes a while to install. moodle_install: False moodle_enabled: False -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps From b597913886050e3e15511be03f11259fc232d895 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Dec 2022 09:05:19 -0500 Subject: [PATCH 0236/1184] Clarify explanation at top of set-php-limits.yml --- roles/www_options/tasks/set-php-limits.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/set-php-limits.yml index e71c22c99..345bc41f6 100644 --- a/roles/www_options/tasks/set-php-limits.yml +++ b/roles/www_options/tasks/set-php-limits.yml @@ -1,4 +1,4 @@ -# As of 2022-12-29, this is invoked by: +# 2022-12-29: This file (set-php-limits.yml) is invoked on demand, by: # # roles/matomo/tasks/install.yml # roles/moodle/tasks/install.yml From 74c680cc6d833058cc41bf2e658e0c6e33fb3383 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Thu, 29 Dec 2022 10:21:34 -0500 Subject: [PATCH 0237/1184] Update README Remove notes about trusted website check to reflect this patch, and add note about time zone. --- roles/matomo/README.adoc | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 0abedbbfa..7bef1f07e 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -41,13 +41,6 @@ Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged a Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ -WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. - -1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see `trusted_hosts[] = "192.168.64.10"`, so I copy `"192.168.64.10"`. -2. Run `sudo nano /library/www/matomo/config/config.ini.php` to edit Matomo's config file. -3. Paste or type the IP address from Step 1 to replace `"box.lan"` in the `trusted_hosts` line, which should be about line 13. When I'm done, my line 13 says `trusted_hosts[] = "192.168.64.10"` instead of `trusted_hosts[] = "box.lan"`. -4. Refresh the Matomo homepage and the warning should be gone. -5. Optionally, see the https://forum.matomo.org/t/trusted-hostname/11963[advanced tips] in https://forum.matomo.org/[Matomo's Forum]. WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) @@ -65,6 +58,9 @@ Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* 2. One thing Matomo can't track correctly is navigation within KA Lite (Khan Academy) pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. +3. Time Zones: The Matomo installer's default behavior in "Configure Matomo to track IIAB" is to pick up the system time zone when none is supplied. If this doesn't work, you can set the time zone to whatever you prefer from the Matomo home page. In testing, Matomo picked up the system time zone on a regular Multipass Ubuntu instance. However, it was unable to do so on a VirtualBox Ubuntu instance. Thus, we provide a fallback behavior "Fallback Configure Matomo to track IIAB" that picks an arbitrary time zone. The fallback fires only when the form with an empty time zone is submitted and returns a 200 status code instead of 302, indicating that form submission failed. + + == Credits Carl Wivagg From eba3225b7c7c16805e32d8da8076991a38de5122 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Dec 2022 10:29:01 -0500 Subject: [PATCH 0238/1184] Rename flag to set_php_limits_done (so it runs once at most, per Ansible run) --- roles/matomo/tasks/install.yml | 2 +- roles/moodle/tasks/install.yml | 2 +- roles/nextcloud/tasks/install.yml | 2 +- roles/pbx/tasks/freepbx.yml | 2 +- roles/wordpress/tasks/install.yml | 2 +- roles/www_options/tasks/set-php-limits.yml | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 694d34c7f..4280de403 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -14,7 +14,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined - name: Start MariaDB diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 0ab9c921e..4e39ddebe 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -19,7 +19,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index eb6f350bb..35e80a825 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -42,7 +42,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 471bb4b82..cc976e97f 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -4,7 +4,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined # 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 3dfd96cbf..b2bcd27b9 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -14,7 +14,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined # 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/set-php-limits.yml index e71c22c99..b9ee0b0a5 100644 --- a/roles/www_options/tasks/set-php-limits.yml +++ b/roles/www_options/tasks/set-php-limits.yml @@ -89,9 +89,9 @@ name: php{{ php_version }}-fpm state: restarted -- name: "Set 'set_php_limits: True' so set-php-limits.yml runs just once (per Ansible run)" +- name: "Set 'set_php_limits_done: True' so set-php-limits.yml runs just once (per Ansible run)" set_fact: - set_php_limits: True + set_php_limits_done: True # - debug: From 2a7eba7297290f25152a6f92ffff434845e70dfc Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Dec 2022 11:48:17 -0500 Subject: [PATCH 0239/1184] Set PHP limits right after PHP reqs/recs, so each role installs smoothly --- roles/matomo/tasks/install.yml | 2 ++ roles/moodle/tasks/install.yml | 10 +++++----- roles/nextcloud/tasks/install.yml | 9 ++++----- roles/pbx/tasks/freepbx.yml | 9 ++++----- roles/wordpress/tasks/install.yml | 10 +++++----- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 4280de403..8c18720d7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,6 +12,8 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +# (Install Matomo's PHP requirements / recommendations here, e.g. 6 extensions) + - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml when: set_php_limits_done is undefined diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4e39ddebe..a39ba33ac 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,11 +17,6 @@ name: postgresql -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined - - # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: # https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries # https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml @@ -49,6 +44,11 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits_done is undefined + + - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.2" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 35e80a825..9352d65cc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -40,11 +40,6 @@ # var: php_new -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined - - # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -91,6 +86,10 @@ # state: present # when: php_version is version('8.0', '<') +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits_done is undefined + - name: Create dir {{ nextcloud_root_dir }} (by default 755 dirs & 644 files) file: diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index cc976e97f..45d28b2a3 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -2,11 +2,6 @@ # https://github.com/iiab/iiab/tree/master/roles/pbx#readme -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined - - # 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via # systemd-sysv-install, to '/etc/init.d/asterisk status' etc) is Enabled but # Not Active at this point. @@ -67,6 +62,10 @@ # state: present # when: php_version is version('8.0', '<') +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits_done is undefined + - name: FreePBX - Install and configure Apache - if pbx_use_apache include_tasks: apache.yml when: pbx_use_apache diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index b2bcd27b9..db9f30087 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,11 +12,6 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined - - # 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: # https://make.wordpress.org/hosting/handbook/server-environment/ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) @@ -44,6 +39,11 @@ # state: present # when: php_version is version('8.0', '<') +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits_done is undefined + + - name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists file: path: "{{ downloads_dir }}/wordpress.tar.gz" From 6f06bfacd0c17458ac521af4ff4bf3152aaec9e6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 30 Dec 2022 01:15:09 +0530 Subject: [PATCH 0240/1184] Allow post-install toggling of nginx_high_php_limits --- roles/www_options/tasks/main.yml | 7 ++++++- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index dc59083f0..59754f749 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -51,7 +51,12 @@ when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists -# 2022-12-29: set-php-limits.yml run on demand (by roles that need it) +# 2022-12-29: set-php-limits.yml is ALSO attempted (on demand) by every +# /tasks/install.yml that needs it (Matomo, Moodle, Nextcloud, PBX, +# WordPress) so './runrole ' and similar are fully self-sufficient! +- name: "Run set-php-limits.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" + include_tasks: set-php-limits.yml + when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 'Is a "Rapid Power Off" button possible for low-electricity environments?' diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 57768b92d..a79ec1e13 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -346,7 +346,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 96a5e27f3..6793fe878 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 086acca50..6cfc82613 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index efda0cd4c..e12612962 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index f96fb415b..8b683f492 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf From 2c20165768cc24a0ba0adb22361189622fbd70ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Dec 2022 15:24:01 -0500 Subject: [PATCH 0241/1184] Use the new 'gitea_version: 1.18' (instead of 1.17) --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 9fb97153a..2a620f8cc 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.17 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. +gitea_version: 1.18 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. iset_suffixes: i386: 386 x86_64: amd64 From e3ef4cded0c7d4739c2f9c4b81d263702e8d7b4d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Dec 2022 17:50:12 -0500 Subject: [PATCH 0242/1184] Explain #3449 set-php-limits.yml (top line summary) --- roles/www_options/tasks/set-php-limits.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/set-php-limits.yml index 67ea12966..7c64fce3e 100644 --- a/roles/www_options/tasks/set-php-limits.yml +++ b/roles/www_options/tasks/set-php-limits.yml @@ -1,4 +1,4 @@ -# 2022-12-29: This file (set-php-limits.yml) is invoked on demand, by: +# 2022-12-29: This file (set-php-limits.yml) is ALSO invoked on demand, by: # # roles/matomo/tasks/install.yml # roles/moodle/tasks/install.yml From 371146c4edb2b82aebdfce8f673648517c741c91 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 30 Dec 2022 02:29:16 -0500 Subject: [PATCH 0243/1184] 0-init/tasks/tz.yml: Why ansible_date_time.tz is a problem --- roles/0-init/tasks/tz.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/roles/0-init/tasks/tz.yml b/roles/0-init/tasks/tz.yml index 017947a05..9874b77b9 100644 --- a/roles/0-init/tasks/tz.yml +++ b/roles/0-init/tasks/tz.yml @@ -1,3 +1,21 @@ +# 2022-12-30: FYI ansible_date_time.tz provides TZ ABBREVIATIONS (equivalent +# to 'date +%Z' output) which leads to serious ambiguity -- and not just (A) +# seasonal EST/EDT ambiguities, or (B) floods of geographic synonyms for the +# very same time zone! More Seriously: (C) both commands above output "IST" +# for both Israel Standard Time (+0200) AND India Standard Time (+0530). Etc! +# +# While Ansible provides 2 other vars that (slightly) help disambiguate +# (ansible_date_time.tz_dst and ansible_date_time.tz_offset), there's a far +# better way -- which is to read the System TZ directly from Linux: +# +# timedatectl show -p "Timezone" --value +# +# This takes care of essentially everything (e.g. output "America/New_York") +# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone +# then (3) if neither exist, then "UTC" is declated (correctly!) One +# drawback: timedatectl if not easily usable within chroot environments. + + - name: "'local_tz: {{ local_tz }}' was set by ansible_date_time.tz in /opt/iiab/iiab/vars/default_vars.yml -- e.g. if Ansible finds symlink /etc/localtime -> ../usr/share/zoneinfo/America/New_York -- it will simplify that to 'EDT' (in the summer) or 'EST' (in the winter)" command: echo From abf5e08f3fe79d5c203183ab0b850dcd27aa5167 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 30 Dec 2022 02:35:10 -0500 Subject: [PATCH 0244/1184] 0-init/tasks/tz.yml: Clarify Time Zone (TZ) extraction --- roles/0-init/tasks/tz.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/tz.yml b/roles/0-init/tasks/tz.yml index 9874b77b9..39fa926a1 100644 --- a/roles/0-init/tasks/tz.yml +++ b/roles/0-init/tasks/tz.yml @@ -12,8 +12,8 @@ # # This takes care of essentially everything (e.g. output "America/New_York") # by checking (1) symlink /etc/localtime then (2) text file /etc/timezone -# then (3) if neither exist, then "UTC" is declated (correctly!) One -# drawback: timedatectl if not easily usable within chroot environments. +# then (3) if neither exist, "UTC" is declated (correctly!) One drawback: +# timedatectl if not easily usable within chroot environments. - name: "'local_tz: {{ local_tz }}' was set by ansible_date_time.tz in /opt/iiab/iiab/vars/default_vars.yml -- e.g. if Ansible finds symlink /etc/localtime -> ../usr/share/zoneinfo/America/New_York -- it will simplify that to 'EDT' (in the summer) or 'EST' (in the winter)" From a02c452110a257ee7c7623fef9f2b9d008095b68 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 30 Dec 2022 14:39:46 +0530 Subject: [PATCH 0245/1184] Store System TZ into fpm/php.ini & cli/php.ini for Matomo etc --- roles/0-init/tasks/main.yml | 13 ++++--- roles/0-init/tasks/{tz.yml => tz.yml.unused} | 18 +-------- roles/matomo/tasks/install.yml | 6 +-- roles/moodle/tasks/install.yml | 6 +-- roles/nextcloud/tasks/install.yml | 6 +-- roles/pbx/tasks/freepbx.yml | 6 +-- roles/wordpress/tasks/install.yml | 6 +-- roles/www_options/tasks/main.yml | 6 +-- .../{set-php-limits.yml => php-settings.yml} | 38 +++++++++++++++++-- vars/default_vars.yml | 7 +--- vars/local_vars_large.yml | 4 +- vars/local_vars_medium.yml | 4 +- vars/local_vars_small.yml | 4 +- vars/local_vars_unittest.yml | 4 +- 14 files changed, 71 insertions(+), 57 deletions(-) rename roles/0-init/tasks/{tz.yml => tz.yml.unused} (75%) rename roles/www_options/tasks/{set-php-limits.yml => php-settings.yml} (88%) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 7a1532898..4c02c6ca5 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -54,8 +54,9 @@ include_tasks: validate_vars.yml when: not (rpi_model | regex_search('\\bW\\b')) # Ansible require double backslashes, e.g. with \b "word boundary" anchors: https://www.regular-expressions.info/wordboundaries.html https://stackoverflow.com/questions/56869119/ansible-regular-expression-to-match-a-string-and-extract-the-line/56869801#56869801 -- name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" - include_tasks: tz.yml +# 2022-12-30: Functionality moved to www_options/tasks/php-settings.yml +# - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" +# include_tasks: tz.yml - name: Set hostname / domain (etc) in various places include_tasks: hostname.yml @@ -103,10 +104,10 @@ value: "{{ php_version }}" - option: first_run value: "{{ first_run }}" - - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist - value: "{{ local_tz }}" - - option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist - value: "{{ etc_localtime.stdout }}" + # - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist + # value: "{{ local_tz }}" + # - option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist + # value: "{{ etc_localtime.stdout }}" - option: FQDN_changed value: "{{ FQDN_changed }}" diff --git a/roles/0-init/tasks/tz.yml b/roles/0-init/tasks/tz.yml.unused similarity index 75% rename from roles/0-init/tasks/tz.yml rename to roles/0-init/tasks/tz.yml.unused index 39fa926a1..dc07f8bc4 100644 --- a/roles/0-init/tasks/tz.yml +++ b/roles/0-init/tasks/tz.yml.unused @@ -1,20 +1,4 @@ -# 2022-12-30: FYI ansible_date_time.tz provides TZ ABBREVIATIONS (equivalent -# to 'date +%Z' output) which leads to serious ambiguity -- and not just (A) -# seasonal EST/EDT ambiguities, or (B) floods of geographic synonyms for the -# very same time zone! More Seriously: (C) both commands above output "IST" -# for both Israel Standard Time (+0200) AND India Standard Time (+0530). Etc! -# -# While Ansible provides 2 other vars that (slightly) help disambiguate -# (ansible_date_time.tz_dst and ansible_date_time.tz_offset), there's a far -# better way -- which is to read the System TZ directly from Linux: -# -# timedatectl show -p "Timezone" --value -# -# This takes care of essentially everything (e.g. output "America/New_York") -# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone -# then (3) if neither exist, "UTC" is declated (correctly!) One drawback: -# timedatectl if not easily usable within chroot environments. - +# 2022-12-30: Functionality moved to www_options/tasks/php-settings.yml - name: "'local_tz: {{ local_tz }}' was set by ansible_date_time.tz in /opt/iiab/iiab/vars/default_vars.yml -- e.g. if Ansible finds symlink /etc/localtime -> ../usr/share/zoneinfo/America/New_York -- it will simplify that to 'EDT' (in the summer) or 'EST' (in the winter)" command: echo diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index ee0333d84..2938e5983 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -23,9 +23,9 @@ - php{{ php_version }}-xml - php{{ php_version }}-mbstring -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: Start MariaDB diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a39ba33ac..ec30d7f34 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -44,9 +44,9 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: True' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.2" diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 9352d65cc..8fc25cd08 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -86,9 +86,9 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: Create dir {{ nextcloud_root_dir }} (by default 755 dirs & 644 files) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 45d28b2a3..df541cd96 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -62,9 +62,9 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: FreePBX - Install and configure Apache - if pbx_use_apache include_tasks: apache.yml diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index db9f30087..cfab49cc0 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -39,9 +39,9 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 59754f749..fba3379ac 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -51,11 +51,11 @@ when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists -# 2022-12-29: set-php-limits.yml is ALSO attempted (on demand) by every +# 2022-12-29: php-settings.yml is ALSO attempted (on demand) by every # /tasks/install.yml that needs it (Matomo, Moodle, Nextcloud, PBX, # WordPress) so './runrole ' and similar are fully self-sufficient! -- name: "Run set-php-limits.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" - include_tasks: set-php-limits.yml +- name: "Run php-settings.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" + include_tasks: php-settings.yml when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/php-settings.yml similarity index 88% rename from roles/www_options/tasks/set-php-limits.yml rename to roles/www_options/tasks/php-settings.yml index 7c64fce3e..887b05c40 100644 --- a/roles/www_options/tasks/set-php-limits.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -1,4 +1,4 @@ -# 2022-12-29: This file (set-php-limits.yml) is ALSO invoked on demand, by: +# 2022-12-29: This file (php-settings.yml) is ALSO invoked on demand, by: # # roles/matomo/tasks/install.yml # roles/moodle/tasks/install.yml @@ -13,6 +13,38 @@ # important context to implementers modifying both php.ini files after the fact. +# 2022-12-30: FYI ansible_date_time.tz provides TZ ABBREVIATIONS (equivalent +# to 'date +%Z' output) which leads to serious ambiguity -- and not just (A) +# seasonal EST/EDT ambiguities, or (B) floods of geographic synonyms for the +# very same time zone! More Seriously: (C) both commands above output "IST" +# for both Israel Standard Time (+0200) AND India Standard Time (+0530). Etc! +# +# While Ansible provides 2 other vars that (slightly) help disambiguate +# (ansible_date_time.tz_dst and ansible_date_time.tz_offset), there's a far +# better way -- which is to read the System TZ directly from Linux: +# +# timedatectl show -p Timezone --value +# +# This takes care of essentially everything (e.g. output "America/New_York") +# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone +# then (3) if neither exist, "UTC" is declated (correctly!) One drawback: +# timedatectl if not easily usable within chroot environments. + +- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) + command: timedatectl show -p "Timezone" --value + register: tz_cli + +- name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini + ini_file: + path: "{{ item }}" + section: Date + option: date.timezone + value: "{{ tz_cli.stdout }}" # e.g. America/New_York or UTC + with_items: + - /etc/php/{{ php_version }}/fpm/php.ini + - /etc/php/{{ php_version }}/cli/php.ini + + # WARNING: 'nginx_high_php_limits: True' (especially!) might cause excess use of # RAM/disk or other resources! Five original values below chosen by @kananigit # and @ericnitschke on 2018-09-19: https://github.com/iiab/iiab/issues/1147 @@ -89,9 +121,9 @@ name: php{{ php_version }}-fpm state: restarted -- name: "Set 'set_php_limits_done: True' so set-php-limits.yml runs just once (per Ansible run)" +- name: "Set 'php_settings_done: True' so php-settings.yml runs just once (per Ansible run)" set_fact: - set_php_limits_done: True + php_settings_done: True # - debug: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a79ec1e13..9236e0899 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -72,9 +72,6 @@ admin_console_group: iiab-admin # This group & sudo log in to Admin Console. # Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("", "$6$<salt>")' -# Time Zone (php used to need timezone set). SEE: roles/0-init/tasks/tz.yml -local_tz: "{{ ansible_date_time.tz }}" - # Set these to False if you do not want to install/enable IIAB Admin Console admin_console_install: True admin_console_enabled: True @@ -346,7 +343,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -505,7 +502,7 @@ postgresql_enabled: False moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 6793fe878..3f6371a41 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -297,7 +297,7 @@ kiwix_enabled: True moodle_install: True moodle_enabled: True # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 6cfc82613..7be767773 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -297,7 +297,7 @@ kiwix_enabled: True moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index e12612962..aa084cf88 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -297,7 +297,7 @@ kiwix_enabled: True moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 8b683f492..b26a793b7 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -297,7 +297,7 @@ kiwix_enabled: False moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps From 322b7729d9e9713dc98379f2dd719c77c1674dbc Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 30 Dec 2022 15:19:12 +0530 Subject: [PATCH 0246/1184] www_options/tasks/php-settings.yml: Cleaner comments --- roles/www_options/tasks/php-settings.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 887b05c40..18fb606f6 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -6,12 +6,6 @@ # roles/pbx/tasks/freepbx.yml # roles/wordpress/tasks/install.yml -# Ansible's ini_file would normally be best, to tweak .ini files: -# https://docs.ansible.com/ansible/latest/collections/community/general/ini_file_module.html -# -# But in this case, explanatory comments (inserted by lineinfile below) offer -# important context to implementers modifying both php.ini files after the fact. - # 2022-12-30: FYI ansible_date_time.tz provides TZ ABBREVIATIONS (equivalent # to 'date +%Z' output) which leads to serious ambiguity -- and not just (A) @@ -26,9 +20,9 @@ # timedatectl show -p Timezone --value # # This takes care of essentially everything (e.g. output "America/New_York") -# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone -# then (3) if neither exist, "UTC" is declated (correctly!) One drawback: -# timedatectl if not easily usable within chroot environments. +# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone if +# nec, then (3) if neither exist, "UTC" is declated (correctly!) Potential +# drawback: timedatectl is not easily usable within chroot environments. - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) command: timedatectl show -p "Timezone" --value @@ -116,6 +110,13 @@ when: nginx_high_php_limits or moodle_install +# To tweak .ini files, Ansible's ini_file is normally better than lineinfile: +# https://docs.ansible.com/ansible/latest/collections/community/general/ini_file_module.html +# +# But for the 6 * 4 above, explanatory comments (inserted by lineinfile) offer +# important context to implementers modifying both php.ini files after the fact. + + - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: name: php{{ php_version }}-fpm From 92926b9040820ab80e32777f28717191b9c34f9d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 30 Dec 2022 05:52:23 -0500 Subject: [PATCH 0247/1184] 0-init/tasks/hostname.yml: Remove stale comments --- roles/0-init/tasks/hostname.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index ed79ccf3b..9e3e22214 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -31,9 +31,6 @@ path: /etc/hosts regexp: '^127\.0\.0\.1' line: '127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan' - #owner: root - #group: root - #mode: 0644 # 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is # for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it From 840f1df60d4d7734d3953ae3b7954b9c2f009b45 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 30 Dec 2022 06:31:13 -0500 Subject: [PATCH 0248/1184] PR #3453 php-settings.yml: Remove unnec quotes --- roles/www_options/tasks/php-settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 18fb606f6..39a2a0bce 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -25,7 +25,7 @@ # drawback: timedatectl is not easily usable within chroot environments. - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) - command: timedatectl show -p "Timezone" --value + command: timedatectl show -p Timezone --value register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From 8f04d45fa226624e0412bc03a16a443341d21f41 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 30 Dec 2022 10:54:03 -0500 Subject: [PATCH 0249/1184] Fix comment Re: matomo/tasks/install.yml Lines 63-199 --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 2938e5983..56439de3e 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -1,6 +1,6 @@ # The sections of code interacting with the Matomo website are modified from code found at https://git.coop/webarch/matomo/. This code is distributed under # Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running -# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156. +# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 63 through 199. - name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/matomo already exists" From 9b6681b4d05ca0f961b9a8897a9c03229aa8bd65 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Jan 2023 01:39:44 -0500 Subject: [PATCH 0250/1184] Pre-release version number 'iiab_base_ver: 8.1' --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9236e0899..f452accb8 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.0 +iiab_base_ver: 8.1 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From db489402d96cb24e28bb2a616522074d903e628d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 4 Jan 2023 08:47:20 -0500 Subject: [PATCH 0251/1184] Travis CI: git mv tests tests.unused --- {tests => tests.unused}/inventory | 0 {tests => tests.unused}/test.yml | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {tests => tests.unused}/inventory (100%) rename {tests => tests.unused}/test.yml (100%) diff --git a/tests/inventory b/tests.unused/inventory similarity index 100% rename from tests/inventory rename to tests.unused/inventory diff --git a/tests/test.yml b/tests.unused/test.yml similarity index 100% rename from tests/test.yml rename to tests.unused/test.yml From 305af9a9bbca98e188c29a42ca1633e45d90b95d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 4 Jan 2023 09:04:51 -0500 Subject: [PATCH 0252/1184] Enable Lokole during MEDIUM/LARGE IIAB installs --- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f452accb8..122128278 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -420,8 +420,8 @@ jupyterhub_venv: /opt/iiab/jupyterhub jupyterhub_port: 8000 # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False -lokole_enabled: False +lokole_install: False # 2022-03-13: Python 3.9+ work +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' # Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 lokole_sim_type: LocalOnly diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 3f6371a41..1a301ed60 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -242,8 +242,8 @@ jupyterhub_install: True jupyterhub_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False # 2022-03-13: Needs work with Python 3.9+ -lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 +lokole_install: True # 2022-03-13: Python 3.9+ work +lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 7be767773..e8d8b1f5e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -242,8 +242,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False # 2022-03-13: Needs work with Python 3.9+ -lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 +lokole_install: True # 2022-03-13: Python 3.9+ work +lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index aa084cf88..aef176b4e 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -242,7 +242,7 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False # 2022-03-13: Needs work with Python 3.9+ +lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index b26a793b7..533c5657d 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -242,8 +242,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False -lokole_enabled: False +lokole_install: False # 2022-03-13: Python 3.9+ work +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False From 06ea7a914665e2cf25105d313c2f88ee021d56d5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 4 Jan 2023 10:15:09 -0500 Subject: [PATCH 0253/1184] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index caf8b425b..8b4a07b84 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW<br>[github.com/iiab/iiab/wiki/IIAB-Contributors-Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide) +# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Technical-Contributors-Guide](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) # THANKS! From a94bc0e070543fe190e70931bb27910de6e2084b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 2 Jan 2023 00:13:35 -0600 Subject: [PATCH 0254/1184] revert to using pip for ansible on 32bit RaspOS --- scripts/ansible | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2766aec7b..1591eb275 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -129,8 +129,8 @@ fi ### > /etc/apt/sources.list.d/iiab-ansible.list # 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) -echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ - > /etc/apt/sources.list.d/iiab-ansible.list +#echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ +# > /etc/apt/sources.list.d/iiab-ansible.list # In future we might instead consider 'add-apt-repository ppa:ansible/ansible' # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined @@ -152,7 +152,7 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg # 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) -cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg +#cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg ###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' ###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" @@ -188,8 +188,13 @@ if uname -m | grep -q 64; then echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 else - echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" - $APT_PATH/apt -y --allow-downgrades install ansible-core +# echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" +# $APT_PATH/apt -y --allow-downgrades install ansible-core + pip3 config --global set global.no-cache-dir false + echo -e "\n\n'pip3 install cryptography==37.0.4' will now run:\n" + pip3 install cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org + echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" + pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 fi # (Re)running collection installs appears safe, with --force-with-deps to force From 08ade5cd1e7b4e6429fec3fd7fc1080decd3e3ac Mon Sep 17 00:00:00 2001 From: cwivagg <cwivagg@gmail.com> Date: Sat, 7 Jan 2023 07:42:17 -0500 Subject: [PATCH 0255/1184] Update matomo-nginx.conf.j2 Fix security problems noted in https://github.com/iiab/iiab/issues/3441. --- roles/matomo/templates/matomo-nginx.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 index 0a7b91609..8ec494bc0 100644 --- a/roles/matomo/templates/matomo-nginx.conf.j2 +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -10,6 +10,7 @@ location ~ ^/matomo(.*)\.php(.*)$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $2; + location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; } } location ~ ^/matomo(/)? { From ccaa118dadb03cb784562981e37bf63a5dbc0583 Mon Sep 17 00:00:00 2001 From: cwivagg <cwivagg@gmail.com> Date: Sat, 7 Jan 2023 08:27:56 -0500 Subject: [PATCH 0256/1184] Update matomo-nginx.conf.j2 Move file to higher precedence to handle non-php files as well. --- roles/matomo/templates/matomo-nginx.conf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 index 8ec494bc0..a5fdce030 100644 --- a/roles/matomo/templates/matomo-nginx.conf.j2 +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -1,3 +1,5 @@ +location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; } + location ~ ^/matomo(.*)\.php(.*)$ { alias /library/www/matomo$1.php$2; # /library/www/matomo proxy_set_header X-Real-IP $remote_addr; @@ -10,7 +12,6 @@ location ~ ^/matomo(.*)\.php(.*)$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $2; - location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; } } location ~ ^/matomo(/)? { From badf12ec284b052ac7d0f1b39fb079b936a0bc7f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 7 Jan 2023 16:39:35 -0500 Subject: [PATCH 0257/1184] Update README.md --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 64b577547..cf71d76e3 100644 --- a/README.md +++ b/README.md @@ -9,14 +9,14 @@ You can build your own tiny, affordable server (an offline digital library) for Internet-in-a-Box gives you the DIY tools to: 1. Download then drag-and-drop to arrange the [very best of the World’s Free Knowledge](https://internet-in-a-box.org/#quality-content). -2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). +2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). 3. Exchange local/indigenous knowledge with nearby communities, using our [Manage Content](https://github.com/iiab/iiab-admin-console/blob/master/roles/console/files/help/InstContent.rst#manage-content) interface and possible mesh networking. -FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support.3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* +FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* ## Installation -Install Internet-in-a-Box (IIAB) from [download.iiab.io](https://download.iiab.io/) +Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: @@ -29,7 +29,7 @@ See our [Tech Docs Wiki](https://github.com/iiab/iiab/wiki) for more about the u After you've installed the software, you should [add content](https://github.com/iiab/iiab/wiki/IIAB-Installation#add-content), which can of course take time when downloading multi-gigabyte Content Packs! -Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab.io/go/FAQ#How_do_I_customize_my_Internet-in-a-Box_home_page.3F) (typically http://box or http://box.lan) using our **drag-and-drop** Admin Console (http://box.lan/admin) &mdash; to arrange Content Packs and IIAB Apps (services) for your local community's needs. +Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab.io/go/FAQ#How_do_I_customize_my_Internet-in-a-Box_home_page%3F) (typically http://box or http://box.lan) using our **drag-and-drop** Admin Console (http://box.lan/admin) &mdash; to arrange Content Packs and IIAB Apps (services) for your local community's needs. ## Community @@ -37,12 +37,12 @@ Global community updates and videos are regularly posted to: **[@internet_in_box _Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over ["How can I help?"](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) <!-- To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide).--> -To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists.3F)" -FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components. +To learn more about our open community architecture for "offline" learning, check out ["What technical documentation exists?"](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists%3F) +FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use%3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components. *Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* From 0c93392146e11c2ef975e0f3a6e66acdb4b33a57 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 8 Jan 2023 10:59:45 -0500 Subject: [PATCH 0258/1184] scripts/ansible: Update explanatory URL --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1591eb275..26e12ac83 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -4,7 +4,7 @@ # https://stackoverflow.com/questions/9952177/whats-the-meaning-of-the-parameter-e-for-bash-shell-command-line/9952249 # PLZ SEE http://FAQ.IIAB.IO > "What is Ansible and what version should I use?" -# https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible +# https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.1] From 31bd87cd1c9f0e1654c6f57fc84ea49915480897 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 18:58:34 -0500 Subject: [PATCH 0259/1184] http://box/info/admin-console offline docs --- roles/nginx/templates/server.conf.j2 | 4 ++ .../templates/iiab-refresh-wiki-docs.sh | 69 +++++++++++-------- 2 files changed, 44 insertions(+), 29 deletions(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..3f69c3a74 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -7,6 +7,10 @@ server { index index.php index.html index.htm; + location /info { + autoindex on; # Directory listing for http://box/info/admin-console/ + } + # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 500M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 5cc9b3f54..833910d2c 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -15,23 +15,32 @@ INPUT=/tmp/iiab-wiki OUTPUT=/tmp/iiab-wiki.out DESTPATH={{ doc_root }}/info # /library/www/html/info DOCSPATH=$DESTPATH/docs # /library/www/html/info/docs +ADMINCONSOLEPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console +# Note 1: sed (below) shortens URLs to 'admin-console' +# Note 2: Depends on "autoindex on;" in roles/nginx/templates/server.conf.j2 rm -rf $INPUT rm -rf $OUTPUT mkdir -p $INPUT mkdir -p $OUTPUT mkdir -p $DOCSPATH +mkdir -p $ADMINCONSOLEPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT - for f in `ls $INPUT`; do FTRIMMED=${f%.md} if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html done - rsync -av $OUTPUT/ $DESTPATH +cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH +for f in `ls $ADMINCONSOLEPATH`; do + FTRIMMED=${f%.md} + pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html + rm $ADMINCONSOLEPATH/$f +done + # Download FAQ etc lynx -reload -source https://wiki.iiab.io/go/FAQ > $DESTPATH/FAQ.html lynx -reload -source https://wiki.iiab.io/go/Security > $DESTPATH/Security.html @@ -54,42 +63,44 @@ cp -p "{{ iiab_dir }}/roles/lokole/Lokole-IIAB_Users_Manual.pdf" $DOCSPATH # # MAKE LINKS REFER TO LOCAL ITEMS... # ...on main page (http://box/info) -sed -i -r "s|https://magazines-attachments.raspberrypi.org/books/full_pdfs/000/000/038/original/BeginnersGuide-4thEd-Eng_v2.pdf|docs/BeginnersGuide-4thEd-Eng_v2.pdf|g" $DESTPATH/index.html -sed -i -r "s|https://.*archive.org/15/items/other_doc/other_doc.pdf|docs/Raspberry_Pi_User_Guide_v4.pdf|g" $DESTPATH/index.html -sed -i -r "s|https://github.com/iiab/iiab/blob/master/roles/lokole/Lokole-IIAB_Users_Manual.pdf|docs/Lokole-IIAB_Users_Manual.pdf|g" $DESTPATH/index.html +sed -i "s|https://magazines-attachments.raspberrypi.org/books/full_pdfs/000/000/038/original/BeginnersGuide-4thEd-Eng_v2.pdf|docs/BeginnersGuide-4thEd-Eng_v2.pdf|g" $DESTPATH/index.html +sed -i "s|https://.*archive.org/15/items/other_doc/other_doc.pdf|docs/Raspberry_Pi_User_Guide_v4.pdf|g" $DESTPATH/index.html +sed -i "s|https://github.com/iiab/iiab/blob/master/roles/lokole/Lokole-IIAB_Users_Manual.pdf|docs/Lokole-IIAB_Users_Manual.pdf|g" $DESTPATH/index.html -# ...and within subpages +# ...and within main subpages for f in $DESTPATH/*.html; do sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.A-Za-z0-9]*)|\1.html|g" $f - sed -i -e "s|https://github.com/xsce/xsce/blob/release-6.2/\(.*\)\.md\">|\1.html\">|g" $f - sed -i -e "s|https://github.com/xsce/xsce/wiki/\(.*\)\">|\1.html\">|g" $f + sed -i "s|https://github.com/iiab/iiab-admin-console/tree/master/docs|admin-console|g" $f - sed -i -e "s|https://wiki.iiab.io/go/FAQ|FAQ.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/FAQ|FAQ.html|g" $f - sed -i -e "s|/go/IIAB/FAQ|FAQ.html|g" $f - sed -i -e "s|http://wiki.iiab.io/FAQ|FAQ.html|g" $f - sed -i -e "s|http://FAQ.IIAB.IO|FAQ.html|g" $f - sed -i -e "s|http://faq.iiab.io|FAQ.html|g" $f - sed -i -e "s|http://schoolserver.org/FAQ|FAQ.html|g" $f - sed -i -e "s|http://schoolserver.org/faq|FAQ.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|FAQ.html|g" $f + sed -i "s|https://github.com/xsce/xsce/blob/release-6.2/\(.*\)\.md\">|\1.html\">|g" $f + sed -i "s|https://github.com/xsce/xsce/wiki/\(.*\)\">|\1.html\">|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/Security|Security.html|g" $f - sed -i -e "s|/go/IIAB/Security|Security.html|g" $f - sed -i -e "s|http://wiki.iiab.io/Security|Security.html|g" $f + sed -i "s|https://wiki.iiab.io/go/FAQ|FAQ.html|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/FAQ|FAQ.html|g" $f + sed -i "s|/go/IIAB/FAQ|FAQ.html|g" $f + sed -i "s|http://wiki.iiab.io/FAQ|FAQ.html|g" $f + sed -i "s|http://FAQ.IIAB.IO|FAQ.html|g" $f + sed -i "s|http://faq.iiab.io|FAQ.html|g" $f + #sed -i "s|http://schoolserver.org/FAQ|FAQ.html|g" $f + #sed -i "s|http://schoolserver.org/faq|FAQ.html|g" $f + #sed -i "s|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|FAQ.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars.yml|local_vars.yml|g" $f - sed -i -e "s|/go/IIAB/local_vars.yml|local_vars.yml|g" $f - sed -i -e "s|http://wiki.iiab.io/local_vars.yml|local_vars.yml|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/Security|Security.html|g" $f + sed -i "s|/go/IIAB/Security|Security.html|g" $f + sed -i "s|http://wiki.iiab.io/Security|Security.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f - sed -i -e "s|/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f - sed -i -e "s|http://wiki.iiab.io/local_vars_min.yml|local_vars_min.yml|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/local_vars.yml|local_vars.yml|g" $f + sed -i "s|/go/IIAB/local_vars.yml|local_vars.yml|g" $f + sed -i "s|https://wiki.iiab.io/local_vars.yml|local_vars.yml|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f - sed -i -e "s|/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f - sed -i -e "s|http://wiki.iiab.io/local_vars_big.yml|local_vars_big.yml|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f + #sed -i "s|/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f + #sed -i "s|http://wiki.iiab.io/local_vars_min.yml|local_vars_min.yml|g" $f + + #sed -i "s|http://wiki.laptop.org/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f + #sed -i "s|/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f + #sed -i "s|http://wiki.iiab.io/local_vars_big.yml|local_vars_big.yml|g" $f done exit 0 From 65cb09c67b424d28aab56547eb6b334cbf1ecfa1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:10:35 -0500 Subject: [PATCH 0260/1184] iiab-refresh-wiki-docs also needs to run w/o Admin Console --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 833910d2c..b297f7a6c 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -34,12 +34,14 @@ for f in `ls $INPUT`; do done rsync -av $OUTPUT/ $DESTPATH -cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH -for f in `ls $ADMINCONSOLEPATH`; do - FTRIMMED=${f%.md} - pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html - rm $ADMINCONSOLEPATH/$f -done +if [ -d /opt/iiab/iiab-admin-console/docs ]; then + cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH + for f in `ls $ADMINCONSOLEPATH`; do + FTRIMMED=${f%.md} + pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html + rm $ADMINCONSOLEPATH/$f + done +fi # Download FAQ etc lynx -reload -source https://wiki.iiab.io/go/FAQ > $DESTPATH/FAQ.html From 1b2930c52d8590dae3eb09c457e5d828fb5222e1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:18:01 -0500 Subject: [PATCH 0261/1184] 'cp -r' was overkill: 'cp /opt/iiab/iiab-admin-console/docs/*' suffices --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index b297f7a6c..c303b89f7 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -35,7 +35,7 @@ done rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then - cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH + cp /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH for f in `ls $ADMINCONSOLEPATH`; do FTRIMMED=${f%.md} pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html From 0ac162fdc6f1b0b25f64a5391c7b3f14aa3c5324 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:42:19 -0500 Subject: [PATCH 0262/1184] 'fancyindex on;' in nginx/templates/iiab.conf.j2 instead + box/info resiliency --- roles/nginx/templates/iiab.conf.j2 | 4 ++++ roles/nginx/templates/server.conf.j2 | 4 ---- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index b66f69cfa..c45c58ae8 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -11,6 +11,10 @@ location /local_content/ { fancyindex on; # autoindex on; } +location /info { + fancyindex on; # Directory listing for http://box/info/admin-console/ +} + location /modules/ { fancyindex on; # Enable fancy indexes. fancyindex_exact_size off; # Output human-readable file sizes. diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 3f69c3a74..84413f4e7 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -7,10 +7,6 @@ server { index index.php index.html index.htm; - location /info { - autoindex on; # Directory listing for http://box/info/admin-console/ - } - # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 500M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index c303b89f7..154fbe9dc 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -17,7 +17,7 @@ DESTPATH={{ doc_root }}/info # /library/www/html/info DOCSPATH=$DESTPATH/docs # /library/www/html/info/docs ADMINCONSOLEPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console # Note 1: sed (below) shortens URLs to 'admin-console' -# Note 2: Depends on "autoindex on;" in roles/nginx/templates/server.conf.j2 +# Note 2: Depends on "fancyindex on;" in roles/nginx/templates/iiab.conf.j2 rm -rf $INPUT rm -rf $OUTPUT @@ -36,10 +36,10 @@ rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then cp /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH - for f in `ls $ADMINCONSOLEPATH`; do + for f in `ls $ADMINCONSOLEPATH/*.md`; do FTRIMMED=${f%.md} - pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html - rm $ADMINCONSOLEPATH/$f + pandoc -s $f -o $FTRIMMED.html + rm $f done fi From 0ff334eeda24702de668fc6bbdbb475e5b8c4883 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:52:34 -0500 Subject: [PATCH 0263/1184] Safer: 'cp /opt/iiab/iiab-admin-console/docs/*.md ...' --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 154fbe9dc..647e985d2 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -27,7 +27,7 @@ mkdir -p $DOCSPATH mkdir -p $ADMINCONSOLEPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT -for f in `ls $INPUT`; do +for f in `ls $INPUT`; do # Unlike below, $f does NOT include path FTRIMMED=${f%.md} if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html @@ -35,8 +35,8 @@ done rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then - cp /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH - for f in `ls $ADMINCONSOLEPATH/*.md`; do + cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINCONSOLEPATH + for f in `ls $ADMINCONSOLEPATH/*.md`; do # Unlike above, $f INCLUDES path FTRIMMED=${f%.md} pandoc -s $f -o $FTRIMMED.html rm $f From 64cd4a40a7be0d384fd433d2f93a1341dcab8d92 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:57:43 -0500 Subject: [PATCH 0264/1184] 'fancyindex_exact_size off;' human-readable for box/info --- roles/nginx/templates/iiab.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index c45c58ae8..df2fc6a94 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -13,6 +13,7 @@ location /local_content/ { location /info { fancyindex on; # Directory listing for http://box/info/admin-console/ + fancyindex_exact_size off; # Output human-readable file sizes. } location /modules/ { From d5fd98b08e18ebd067e1238dd614a5dd4411aeea Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 23:27:21 -0500 Subject: [PATCH 0265/1184] Update iiab-refresh-wiki-docs.sh --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 647e985d2..134c51c71 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -27,7 +27,7 @@ mkdir -p $DOCSPATH mkdir -p $ADMINCONSOLEPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT -for f in `ls $INPUT`; do # Unlike below, $f does NOT include path +for f in `ls $INPUT`; do # Unlike further below, $f does NOT include path FTRIMMED=${f%.md} if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html @@ -36,7 +36,7 @@ rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINCONSOLEPATH - for f in `ls $ADMINCONSOLEPATH/*.md`; do # Unlike above, $f INCLUDES path + for f in $ADMINCONSOLEPATH/*.md; do # Unlike above, $f INCLUDES path FTRIMMED=${f%.md} pandoc -s $f -o $FTRIMMED.html rm $f From e34d84f712ba681b587684ea8543e9324e5e5a25 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 11 Jan 2023 09:57:04 -0500 Subject: [PATCH 0266/1184] Scrape RPi Image docs using ~ not : (and recurse into subdirs) --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 134c51c71..ac03b44bf 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -69,9 +69,10 @@ sed -i "s|https://magazines-attachments.raspberrypi.org/books/full_pdfs/000/000/ sed -i "s|https://.*archive.org/15/items/other_doc/other_doc.pdf|docs/Raspberry_Pi_User_Guide_v4.pdf|g" $DESTPATH/index.html sed -i "s|https://github.com/iiab/iiab/blob/master/roles/lokole/Lokole-IIAB_Users_Manual.pdf|docs/Lokole-IIAB_Users_Manual.pdf|g" $DESTPATH/index.html -# ...and within main subpages -for f in $DESTPATH/*.html; do - sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.A-Za-z0-9]*)|\1.html|g" $f +# ...and within subpages +for f in $(find $DESTPATH -name "*.html"); do # Recursive (even if not yet nec, as of 2023-01-11) +#for f in $DESTPATH/*.html; do # Non-recursive (omits subdirs) + sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.~A-Za-z0-9]*)|\1.html|g" $f sed -i "s|https://github.com/iiab/iiab-admin-console/tree/master/docs|admin-console|g" $f From 98cff07ca3a86d237cba6204bdbd540ccde49e2f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 11 Jan 2023 10:26:57 -0500 Subject: [PATCH 0267/1184] Rename $ADMINCONSOLEPATH to $ADMINDOCSPATH --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index ac03b44bf..9ff61e654 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -15,7 +15,7 @@ INPUT=/tmp/iiab-wiki OUTPUT=/tmp/iiab-wiki.out DESTPATH={{ doc_root }}/info # /library/www/html/info DOCSPATH=$DESTPATH/docs # /library/www/html/info/docs -ADMINCONSOLEPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console +ADMINDOCSPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console # Note 1: sed (below) shortens URLs to 'admin-console' # Note 2: Depends on "fancyindex on;" in roles/nginx/templates/iiab.conf.j2 @@ -24,7 +24,7 @@ rm -rf $OUTPUT mkdir -p $INPUT mkdir -p $OUTPUT mkdir -p $DOCSPATH -mkdir -p $ADMINCONSOLEPATH +mkdir -p $ADMINDOCSPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT for f in `ls $INPUT`; do # Unlike further below, $f does NOT include path @@ -35,8 +35,8 @@ done rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then - cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINCONSOLEPATH - for f in $ADMINCONSOLEPATH/*.md; do # Unlike above, $f INCLUDES path + cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINDOCSPATH + for f in $ADMINDOCSPATH/*.md; do # Unlike above, $f INCLUDES path FTRIMMED=${f%.md} pandoc -s $f -o $FTRIMMED.html rm $f From 5f7b8cc34ff79268e8efde6c5a1150b9aa9dbfa0 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 11 Jan 2023 14:15:00 -0500 Subject: [PATCH 0268/1184] iiab-diagnostics: Highlight /etc/iiab/install-flags sequence --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 7361e5621..f1990d25d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -145,6 +145,7 @@ if [ -s /tmp/iiab-apps-to-be-installed ]; then cat /tmp/iiab-apps-to-be-installed >> $outfile echo >> $outfile fi +cat_cmd 'ls -ltr /etc/iiab/install-flags' 'IIAB install flags' echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile From e65b03b70ad63fcffb0f0e82a2835ec9f66d6869 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Jan 2023 14:27:40 -0500 Subject: [PATCH 0269/1184] Update iiab-diagnostics.README.md per PR #3462 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index be341bb4f..a6d8a3f9e 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-245 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 0f614f1be34b0cf7ff751f8c7131850011e153b7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 12 Jan 2023 08:33:44 -0500 Subject: [PATCH 0270/1184] mediawiki/defaults/main.yml: Version 1.39.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 68a13ca74..21fd715e1 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 6d2725f63b03c971d97de132b937d38ca4247a4a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 13 Jan 2023 11:01:32 -0500 Subject: [PATCH 0271/1184] internetarchive/tasks/install.yml: Enforce Node.js <= 19.x --- roles/internetarchive/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 4ed845706..0427f816c 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 18.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 19.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('18.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 18.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('19.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 19.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" From 7b097908a9946ce3a1db76299ffc012b8e5c3d78 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 19 Jan 2023 21:56:46 -0500 Subject: [PATCH 0272/1184] Try to avoid libssl1.1, now that MongoDB can use libssl3 --- roles/mongodb/tasks/install.yml | 109 ++++++++++++++++++-------------- 1 file changed, 61 insertions(+), 48 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 54b93c71e..cb249f1bd 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -78,7 +78,8 @@ - block: - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} - shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg + #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - #args: # warn: no @@ -87,28 +88,36 @@ # Supported parameters include: removes, strip_empty_ends, _raw_params, # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." - # 2022-10-23: MongoDB only allows auto-install of Debian's x86_64, AND IN ANY - # CASE all their MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON - # ARM v8-A RPi 4, LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. - # -> CAN THIS ENTIRE STANZA BE *DELETED* -- ALWAYS USING UBUNTU REPO BELOW ? - - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }} + # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their + # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. + # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? + - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as # this was recently added to https://repo.mongodb.org/apt/debian/dists/ - repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main + #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main #filename: mongodb-org - when: is_debian and ansible_architecture == "x86_64" + when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" + #when: is_debian and ansible_architecture == "x86_64" - # 2022-10-23: RasPiOS Bullseye *MAY* FAIL when 'focal' changed to 'jammy' ? - - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} + # 2022-01-19: 64-bit RasPiOS likely not supported for now, as MongoDB 6.0's + # ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, JUST LIKE THEIR + # MongoDB 5.0 (tested 2022-06-07 ~120 lines below). + - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse + repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse + #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse #filename: mongodb-org - when: not (is_debian and ansible_architecture == "x86_64") + when: not (is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64") + #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') + #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') + #when: not (is_debian and ansible_architecture == "x86_64") # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS @@ -121,48 +130,52 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - apt_repository: - repo: deb http://security.ubuntu.com/ubuntu focal-security main - #filename: focal-security # If filename focal-security.list is preferred - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + # 2023-01-19: libssl1.1 not longer nec on Ubuntu 22.04+ (and hopefully across + # the board, on Debian 12 etc too?!) since 2022-11-15: + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 + # apt_repository: + # repo: deb http://security.ubuntu.com/ubuntu focal-security main + # #filename: focal-security # If filename focal-security.list is preferred + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 - - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - when: is_debian_12 + # - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + # apt_repository: + # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) - package: - name: libssl1.1 - state: present - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + # - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + # apt_repository: + # repo: deb http://security.debian.org/debian-security bullseye-security main + # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + # when: is_debian_12 - - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - state: absent - when: is_debian_12 + # - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) + # package: + # name: libssl1.1 + # state: present + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - state: absent - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + # - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + # apt_repository: + # repo: deb http://security.debian.org/debian-security bullseye-security main + # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + # state: absent + # when: is_debian_12 - - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - apt_repository: - repo: deb http://security.ubuntu.com/ubuntu focal-security main - state: absent - #filename: focal-security # 100% IGNORED during repo deletion - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + # - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + # apt_repository: + # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + # state: absent + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + + # - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 + # apt_repository: + # repo: deb http://security.ubuntu.com/ubuntu focal-security main + # state: absent + # #filename: focal-security # 100% IGNORED during repo deletion + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 From 8f4024a0e44a65f8a044215fb46e65e67d246456 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 19 Jan 2023 22:37:27 -0500 Subject: [PATCH 0273/1184] Clarify MongoDB CAN use libssl3 on Ubuntu 22.04+ & Debian 12 --- roles/mongodb/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index cb249f1bd..336d026f6 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -130,8 +130,9 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - # 2023-01-19: libssl1.1 not longer nec on Ubuntu 22.04+ (and hopefully across - # the board, on Debian 12 etc too?!) since 2022-11-15: + # 2023-01-19: Retrofitting libssl1.1 onto Ubuntu 22.04+ and Debian 12 is no + # longer nec (certainly on x86_64, and hopefully sufficiently across the + # board?) as MongoDB can finally use libssl3 instead, since 2022-11-15: # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 From 0b23bd3ab53ba3107d893c44909cf84d39cddb11 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 19 Jan 2023 22:58:03 -0500 Subject: [PATCH 0274/1184] mongodb/tasks/install.yml: Comments more future-proof --- roles/mongodb/tasks/install.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 336d026f6..e68c89ff2 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -1,4 +1,5 @@ # MongoDB Install Docs: +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/ # https://www.mongodb.com/docs/manual/installation/ @@ -78,6 +79,7 @@ - block: - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - @@ -90,7 +92,7 @@ # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: @@ -106,9 +108,12 @@ when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" #when: is_debian and ansible_architecture == "x86_64" - # 2022-01-19: 64-bit RasPiOS likely not supported for now, as MongoDB 6.0's - # ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, JUST LIKE THEIR - # MongoDB 5.0 (tested 2022-06-07 ~120 lines below). + # 2022-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on + # MongoDB 6.0.3 (released 2022-11-15) instructions here: + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 + # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR + # MongoDB 5.0, tested 2022-06-07 ~113 lines below). - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From b0cad086c0ea9250e7d5c8735a0359a99e8a5b06 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 19 Jan 2023 23:11:34 -0500 Subject: [PATCH 0275/1184] ASIDE: MongoDB 6.0.3+ MIGHT run on 64-bit Ubuntu on RPi --- roles/mongodb/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index e68c89ff2..2554cc3b1 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -113,7 +113,9 @@ # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR - # MongoDB 5.0, tested 2022-06-07 ~113 lines below). + # MongoDB 5.0, tested 2022-06-07 ~113 lines below). Though MongoDB 6.0.3+ on + # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: + # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From 06f8001cb7325b68b272f2f95294fb1c9f306649 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 20 Jan 2023 00:05:39 -0500 Subject: [PATCH 0276/1184] PR #3469's Debian 11 code path was also tested --- roles/mongodb/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 2554cc3b1..520ab6fe3 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -92,7 +92,7 @@ # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. Tested on Deb 11. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: From 68dfc9239bbd9f48b91806d6fc83f827a6c08524 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 20 Jan 2023 00:09:07 -0500 Subject: [PATCH 0277/1184] 2022 -> 2023: Fix PR #3469 comment typo --- roles/mongodb/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 520ab6fe3..5f1b4788c 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -108,7 +108,7 @@ when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" #when: is_debian and ansible_architecture == "x86_64" - # 2022-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on + # 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on # MongoDB 6.0.3 (released 2022-11-15) instructions here: # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 From 247e582b56ecc39cffbc7de3ac50fc73604b619d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 20 Jan 2023 00:35:35 -0500 Subject: [PATCH 0278/1184] #3469 clarif: IIAB overlays MongoDB 5.0.5 64-bit RPi binaries --- roles/mongodb/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 5f1b4788c..228fe040f 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -116,6 +116,7 @@ # MongoDB 5.0, tested 2022-06-07 ~113 lines below). Though MongoDB 6.0.3+ on # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ + # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~140 LINES BELOW!) - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From ded399934f3d4b705714b5d25caed83ca7c3aaaa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 20 Jan 2023 00:42:36 -0500 Subject: [PATCH 0279/1184] mongodb/tasks/install.yml: Clarify line numbers --- roles/mongodb/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 228fe040f..048601b16 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -92,7 +92,7 @@ # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. Tested on Deb 11. + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: @@ -113,10 +113,10 @@ # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR - # MongoDB 5.0, tested 2022-06-07 ~113 lines below). Though MongoDB 6.0.3+ on + # MongoDB 5.0, tested 2022-06-07 ~116 lines below). Though MongoDB 6.0.3+ on # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ - # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~140 LINES BELOW!) + # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From e9c6cffef23330c9b01b5835a36ea24e0aa884bf Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 21 Jan 2023 12:22:05 -0500 Subject: [PATCH 0280/1184] Install Moodle dev pre-release IFF PHP >= 8.3 --- roles/moodle/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index ec30d7f34..4abac732f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -49,21 +49,21 @@ when: php_settings_done is undefined -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.2" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022) - when: php_version is version('8.2', '>=') + when: php_version is version('8.3', '>=') -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.2 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: "{{ moodle_version }}" # e.g. MOODLE_401_STABLE (Moodle 4.1) - when: php_version is version('8.2', '<') + when: php_version is version('8.3', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 81bb08ffb5f31d6f7e28094058c19701fd83e688 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 24 Jan 2023 12:12:59 -0500 Subject: [PATCH 0281/1184] kolibri/tasks/install.yml: Clarify {{ kolibri_deb_url }} is just an example --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 94a8d4949..676358473 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -40,7 +40,7 @@ - name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: - deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest + deb: "{{ kolibri_deb_url }}" # e.g. https://learningequality.org/r/kolibri-deb-latest environment: KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later From 30e0169f7a613fc8e30c79c329811ddc105957e0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 27 Jan 2023 23:54:43 -0500 Subject: [PATCH 0282/1184] osm-vector-maps/tasks/install.yml: Clarify {{ osm_repo_url }}/{{ maps_branch }} --- roles/osm-vector-maps/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index ab28c7cd6..03642c274 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -29,7 +29,7 @@ - name: Download {{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json to {{ iiab_etc_path }} get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json" + url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json" # e.g. https://raw.githubusercontent.com/iiab/maps/master dest: "{{ iiab_etc_path }}" # /etc/iiab timeout: "{{ download_timeout }}" From 555c7a77119beb7cbfb3ba4278c9a8b8d14d6242 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Jan 2023 08:51:43 -0500 Subject: [PATCH 0283/1184] openvpn/defaults/main.yml: Clarify openvpn_server_real_ip etc --- roles/openvpn/defaults/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index adc23ec2b..136e01f5d 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -1,13 +1,17 @@ +# SECURITY WARNING: https://wiki.iiab.io/go/Security + # openvpn_install: True # openvpn_enabled: False -# For /etc/iiab/openvpn_handle +# Empty string on purpose since ~2016, for /etc/iiab/uuid +# SEE https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/main.yml#L5-L20 # openvpn_handle: "" # cron seems necessary on CentOS: # openvpn_cron_enabled: False # openvpn_server: xscenet.net +# openvpn_server_real_ip: 3.89.148.185 # openvpn_server_virtual_ip: 10.8.0.1 # openvpn_server_port: 1194 From 69bde5e74569817532b973b287beec50ee9caad8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Jan 2023 18:25:00 -0500 Subject: [PATCH 0284/1184] Recommend ansible-core 2.14.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 26e12ac83..48ed3ff61 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.1] -GOOD_VER=2.14.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.2] +GOOD_VER=2.14.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 611a0ac01acfb3334d83742a681955c1858d0c6b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 7 Feb 2023 21:59:41 -0500 Subject: [PATCH 0285/1184] phpMyAdmin 5.2.1 --- roles/phpmyadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index ff6343c56..b898ae5bd 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.2.0 +phpmyadmin_version: 5.2.1 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" From b0f5a85e20a4e15dac4820c6125c5377b53cf326 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 11:34:49 -0500 Subject: [PATCH 0286/1184] Update jupyterhub_config.py.j2 for JupyterHub 3.1.1 & /run/jupyterhub-proxy.pid --- .../templates/jupyterhub_config.py.j2 | 718 ++++++++++++------ 1 file changed, 501 insertions(+), 217 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index a3c5b077f..f8be9a849 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -1,5 +1,18 @@ +# 2023-02-08 for /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py : +# https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html +# +# 1) To generate this 1500+ line stub, I ran JupyterHub 3.1.1's: +# /opt/iiab/jupyterhub/bin/jupyterhub --generate-config +# 2) I manually inserted 9 of IIAB's 10 legacy custom lines below, from: +# grep ^c /opt/iiab/iiab/roles/jupyterhub/templates/jupyterhub_config.py.j2 +# 3) I added the following line on @jvonau's suggestion: (#3475) +# c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" + + # Configuration file for jupyterhub. +c = get_config() #noqa + #------------------------------------------------------------------------------ # Application(SingletonConfigurable) configuration #------------------------------------------------------------------------------ @@ -18,6 +31,53 @@ # Default: 30 # c.Application.log_level = 30 +## Configure additional log handlers. +# +# The default stderr logs handler is configured by the log_level, log_datefmt +# and log_format settings. +# +# This configuration can be used to configure additional handlers (e.g. to +# output the log to a file) or for finer control over the default handlers. +# +# If provided this should be a logging configuration dictionary, for more +# information see: +# https://docs.python.org/3/library/logging.config.html#logging-config- +# dictschema +# +# This dictionary is merged with the base logging configuration which defines +# the following: +# +# * A logging formatter intended for interactive use called +# ``console``. +# * A logging handler that writes to stderr called +# ``console`` which uses the formatter ``console``. +# * A logger with the name of this application set to ``DEBUG`` +# level. +# +# This example adds a new handler that writes to a file: +# +# .. code-block:: python +# +# c.Application.logging_config = { +# 'handlers': { +# 'file': { +# 'class': 'logging.FileHandler', +# 'level': 'DEBUG', +# 'filename': '<path/to/file>', +# } +# }, +# 'loggers': { +# '<application-name>': { +# 'level': 'DEBUG', +# # NOTE: if you don't list the default "console" +# # handler here then it will be disabled +# 'handlers': ['console', 'file'], +# }, +# } +# } +# Default: {} +# c.Application.logging_config = {} + ## Instead of starting the Application, dump configuration to stdout # Default: False # c.Application.show_config = False @@ -60,11 +120,13 @@ # Default: 30 # c.JupyterHub.activity_resolution = 30 -## Grant admin users permission to access single-user servers. +## DEPRECATED since version 2.0.0. # -# Users should be properly informed if this is enabled. +# The default admin role has full permissions, use custom RBAC scopes instead to +# create restricted administrator roles. +# https://jupyterhub.readthedocs.io/en/stable/rbac/index.html # Default: False -c.JupyterHub.admin_access = True +# c.JupyterHub.admin_access = False ## DEPRECATED since version 0.7.2, use Authenticator.admin_users instead. # Default: set() @@ -78,14 +140,23 @@ c.JupyterHub.admin_access = True # Default: False # c.JupyterHub.answer_yes = False +## The default amount of records returned by a paginated endpoint +# Default: 50 +# c.JupyterHub.api_page_default_limit = 50 + +## The maximum amount of records that can be returned at once +# Default: 200 +# c.JupyterHub.api_page_max_limit = 200 + ## PENDING DEPRECATION: consider using services # -# Dict of token:username to be loaded into the database. +# Dict of token:username to be loaded into the database. # -# Allows ahead-of-time generation of API tokens for use by externally managed -# services, which authenticate as JupyterHub users. +# Allows ahead-of-time generation of API tokens for use by externally managed services, +# which authenticate as JupyterHub users. # -# Consider using services for general services that talk to the JupyterHub API. +# Consider using services for general services that talk to the +# JupyterHub API. # Default: {} # c.JupyterHub.api_tokens = {} @@ -112,49 +183,53 @@ c.JupyterHub.admin_access = True # Currently installed: # - default: jupyterhub.auth.PAMAuthenticator # - dummy: jupyterhub.auth.DummyAuthenticator +# - null: jupyterhub.auth.NullAuthenticator # - pam: jupyterhub.auth.PAMAuthenticator # Default: 'jupyterhub.auth.PAMAuthenticator' +# c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator' c.JupyterHub.authenticator_class = 'firstuseauthenticator.FirstUseAuthenticator' ## The base URL of the entire application. # -# Add this to the beginning of all JupyterHub URLs. Use base_url to run -# JupyterHub within an existing website. +# Add this to the beginning of all JupyterHub URLs. +# Use base_url to run JupyterHub within an existing website. # -# .. deprecated: 0.9 -# Use JupyterHub.bind_url +# .. deprecated: 0.9 +# Use JupyterHub.bind_url # Default: '/' +# c.JupyterHub.base_url = '/' c.JupyterHub.base_url = '/jupyterhub' ## The public facing URL of the whole JupyterHub application. # -# This is the address on which the proxy will bind. Sets protocol, ip, base_url +# This is the address on which the proxy will bind. +# Sets protocol, ip, base_url # Default: 'http://:8000' # c.JupyterHub.bind_url = 'http://:8000' ## Whether to shutdown the proxy when the Hub shuts down. # -# Disable if you want to be able to teardown the Hub while leaving the proxy -# running. +# Disable if you want to be able to teardown the Hub while leaving the +# proxy running. # -# Only valid if the proxy was starting by the Hub process. +# Only valid if the proxy was starting by the Hub process. # -# If both this and cleanup_servers are False, sending SIGINT to the Hub will -# only shutdown the Hub, leaving everything else running. +# If both this and cleanup_servers are False, sending SIGINT to the Hub will +# only shutdown the Hub, leaving everything else running. # -# The Hub should be able to resume from database state. +# The Hub should be able to resume from database state. # Default: True # c.JupyterHub.cleanup_proxy = True ## Whether to shutdown single-user servers when the Hub shuts down. # -# Disable if you want to be able to teardown the Hub while leaving the single- -# user servers running. +# Disable if you want to be able to teardown the Hub while leaving the +# single-user servers running. # -# If both this and cleanup_proxy are False, sending SIGINT to the Hub will only -# shutdown the Hub, leaving everything else running. +# If both this and cleanup_proxy are False, sending SIGINT to the Hub will +# only shutdown the Hub, leaving everything else running. # -# The Hub should be able to resume from database state. +# The Hub should be able to resume from database state. # Default: True # c.JupyterHub.cleanup_servers = True @@ -184,33 +259,54 @@ c.JupyterHub.base_url = '/jupyterhub' # Default: False # c.JupyterHub.confirm_no_ssl = False -## Number of days for a login cookie to be valid. Default is two weeks. +## Number of days for a login cookie to be valid. +# Default is two weeks. # Default: 14 # c.JupyterHub.cookie_max_age_days = 14 ## The cookie secret to use to encrypt cookies. # -# Loaded from the JPY_COOKIE_SECRET env variable by default. +# Loaded from the JPY_COOKIE_SECRET env variable by default. # -# Should be exactly 256 bits (32 bytes). -# Default: b'' +# Should be exactly 256 bits (32 bytes). +# Default: traitlets.Undefined +# c.JupyterHub.cookie_secret = traitlets.Undefined c.JupyterHub.cookie_secret = b'helloiiabitsrainingb123456789012' ## File in which to store the cookie secret. # Default: 'jupyterhub_cookie_secret' # c.JupyterHub.cookie_secret_file = 'jupyterhub_cookie_secret' -## The location of jupyterhub data files (e.g. /usr/local/share/jupyterhub) -# Default: '/opt/iiab/jupyter/share/jupyterhub' -# c.JupyterHub.data_files_path = '/opt/iiab/jupyter/share/jupyterhub' +## Custom scopes to define. +# +# For use when defining custom roles, +# to grant users granular permissions +# +# All custom scopes must have a description, +# and must start with the prefix `custom:`. +# +# For example:: +# +# custom_scopes = { +# "custom:jupyter_server:read": { +# "description": "read-only access to a single-user server", +# }, +# } +# Default: {} +# c.JupyterHub.custom_scopes = {} -## Include any kwargs to pass to the database connection. See -# sqlalchemy.create_engine for details. +## The location of jupyterhub data files (e.g. /usr/local/share/jupyterhub) +# Default: '/opt/iiab/jupyterhub/share/jupyterhub' +# c.JupyterHub.data_files_path = '/opt/iiab/jupyterhub/share/jupyterhub' + +## Include any kwargs to pass to the database connection. +# See sqlalchemy.create_engine for details. # Default: {} # c.JupyterHub.db_kwargs = {} ## url for the database. e.g. `sqlite:///jupyterhub.sqlite` # Default: 'sqlite:///jupyterhub.sqlite' +# c.JupyterHub.db_url = 'sqlite:///jupyterhub.sqlite' c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## log all database transactions. This has A LOT of output @@ -221,8 +317,13 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: False # c.JupyterHub.debug_proxy = False -## If named servers are enabled, default name of server to spawn or open, e.g. by -# user-redirect. +## If named servers are enabled, default name of server to spawn or open when no +# server is specified, e.g. by user-redirect. +# +# Note: This has no effect if named servers are not enabled, and does _not_ +# change the existence or behavior of the default server named `''` (the empty +# string). This only affects which named server is launched when no server is +# specified, e.g. by links to `/hub/user-redirect/lab/tree/mynotebook.ipynb`. # Default: '' # c.JupyterHub.default_server_name = '' @@ -245,30 +346,28 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: traitlets.Undefined # c.JupyterHub.default_url = traitlets.Undefined -## Dict authority:dict(files). Specify the key, cert, and/or ca file for an -# authority. This is useful for externally managed proxies that wish to use -# internal_ssl. +## Dict authority:dict(files). Specify the key, cert, and/or +# ca file for an authority. This is useful for externally managed +# proxies that wish to use internal_ssl. # -# The files dict has this format (you must specify at least a cert):: +# The files dict has this format (you must specify at least a cert):: # -# { -# 'key': '/path/to/key.key', -# 'cert': '/path/to/cert.crt', -# 'ca': '/path/to/ca.crt' -# } +# { +# 'key': '/path/to/key.key', +# 'cert': '/path/to/cert.crt', +# 'ca': '/path/to/ca.crt' +# } # -# The authorities you can override: 'hub-ca', 'notebooks-ca', 'proxy-api-ca', -# 'proxy-client-ca', and 'services-ca'. +# The authorities you can override: 'hub-ca', 'notebooks-ca', +# 'proxy-api-ca', 'proxy-client-ca', and 'services-ca'. # -# Use with internal_ssl +# Use with internal_ssl # Default: {} # c.JupyterHub.external_ssl_authorities = {} -## Register extra tornado Handlers for jupyterhub. +## DEPRECATED. # -# Should be of the form ``("<regex>", Handler)`` -# -# The Hub prefix will be added, so `/my-page` will be served at `/hub/my-page`. +# If you need to register additional HTTP endpoints please use services instead. # Default: [] # c.JupyterHub.extra_handlers = [] @@ -282,6 +381,14 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: [] # c.JupyterHub.extra_log_handlers = [] +## Alternate header to use as the Host (e.g., X-Forwarded-Host) +# when determining whether a request is cross-origin +# +# This may be useful when JupyterHub is running behind a proxy that rewrites +# the Host header. +# Default: '' +# c.JupyterHub.forwarded_host_header = '' + ## Generate certs used for internal ssl # Default: False # c.JupyterHub.generate_certs = False @@ -303,19 +410,19 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: '' # c.JupyterHub.hub_bind_url = '' -## The ip or hostname for proxies and spawners to use for connecting to the Hub. +## The ip or hostname for proxies and spawners to use +# for connecting to the Hub. # -# Use when the bind address (`hub_ip`) is 0.0.0.0, :: or otherwise different -# from the connect address. +# Use when the bind address (`hub_ip`) is 0.0.0.0, :: or otherwise different +# from the connect address. # -# Default: when `hub_ip` is 0.0.0.0 or ::, use `socket.gethostname()`, otherwise -# use `hub_ip`. +# Default: when `hub_ip` is 0.0.0.0 or ::, use `socket.gethostname()`, +# otherwise use `hub_ip`. # -# Note: Some spawners or proxy implementations might not support hostnames. -# Check your spawner or proxy documentation to see if they have extra -# requirements. +# Note: Some spawners or proxy implementations might not support hostnames. Check your +# spawner or proxy documentation to see if they have extra requirements. # -# .. versionadded:: 0.8 +# .. versionadded:: 0.8 # Default: '' # c.JupyterHub.hub_connect_ip = '' @@ -346,39 +453,59 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## The ip address for the Hub process to *bind* to. # -# By default, the hub listens on localhost only. This address must be accessible -# from the proxy and user servers. You may need to set this to a public ip or '' -# for all interfaces if the proxy or user servers are in containers or on a -# different host. +# By default, the hub listens on localhost only. This address must be accessible from +# the proxy and user servers. You may need to set this to a public ip or '' for all +# interfaces if the proxy or user servers are in containers or on a different host. # -# See `hub_connect_ip` for cases where the bind and connect address should -# differ, or `hub_bind_url` for setting the full bind URL. +# See `hub_connect_ip` for cases where the bind and connect address should differ, +# or `hub_bind_url` for setting the full bind URL. # Default: '127.0.0.1' # c.JupyterHub.hub_ip = '127.0.0.1' ## The internal port for the Hub process. # -# This is the internal port of the hub itself. It should never be accessed -# directly. See JupyterHub.port for the public port to use when accessing -# jupyterhub. It is rare that this port should be set except in cases of port -# conflict. +# This is the internal port of the hub itself. It should never be accessed directly. +# See JupyterHub.port for the public port to use when accessing jupyterhub. +# It is rare that this port should be set except in cases of port conflict. # -# See also `hub_ip` for the ip and `hub_bind_url` for setting the full bind URL. +# See also `hub_ip` for the ip and `hub_bind_url` for setting the full +# bind URL. # Default: 8081 # c.JupyterHub.hub_port = 8081 +## The routing prefix for the Hub itself. +# +# Override to send only a subset of traffic to the Hub. Default is to use the +# Hub as the default route for all requests. +# +# This is necessary for normal jupyterhub operation, as the Hub must receive +# requests for e.g. `/user/:name` when the user's server is not running. +# +# However, some deployments using only the JupyterHub API may want to handle +# these events themselves, in which case they can register their own default +# target with the proxy and set e.g. `hub_routespec = /hub/` to serve only the +# hub's own pages, or even `/hub/api/` for api-only operation. +# +# Note: hub_routespec must include the base_url, if any. +# +# .. versionadded:: 1.4 +# Default: '/' +# c.JupyterHub.hub_routespec = '/' + ## Trigger implicit spawns after this many seconds. # -# When a user visits a URL for a server that's not running, they are shown a -# page indicating that the requested server is not running with a button to -# spawn the server. +# When a user visits a URL for a server that's not running, +# they are shown a page indicating that the requested server +# is not running with a button to spawn the server. # -# Setting this to a positive value will redirect the user after this many -# seconds, effectively clicking this button automatically for the users, -# automatically beginning the spawn process. +# Setting this to a positive value will redirect the user +# after this many seconds, effectively clicking this button +# automatically for the users, +# automatically beginning the spawn process. # -# Warning: this can result in errors and surprising behavior when sharing access -# URLs to actual servers, since the wrong server is likely to be started. +# Warning: this can result in errors and surprising behavior +# when sharing access URLs to actual servers, +# since the wrong server is likely to be started. # Default: 0 # c.JupyterHub.implicit_spawn_seconds = 0 @@ -398,29 +525,30 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: 10 # c.JupyterHub.init_spawners_timeout = 10 -## The location to store certificates automatically created by JupyterHub. +## The location to store certificates automatically created by +# JupyterHub. # -# Use with internal_ssl +# Use with internal_ssl # Default: 'internal-ssl' # c.JupyterHub.internal_certs_location = 'internal-ssl' ## Enable SSL for all internal communication # -# This enables end-to-end encryption between all JupyterHub components. -# JupyterHub will automatically create the necessary certificate authority and -# sign notebook certificates as they're created. +# This enables end-to-end encryption between all JupyterHub components. +# JupyterHub will automatically create the necessary certificate +# authority and sign notebook certificates as they're created. # Default: False # c.JupyterHub.internal_ssl = False -## The public facing ip of the whole JupyterHub application (specifically -# referred to as the proxy). +## The public facing ip of the whole JupyterHub application +# (specifically referred to as the proxy). # -# This is the address on which the proxy will listen. The default is to listen -# on all interfaces. This is the only address through which JupyterHub should be -# accessed by users. +# This is the address on which the proxy will listen. The default is to +# listen on all interfaces. This is the only address through which JupyterHub +# should be accessed by users. # -# .. deprecated: 0.9 -# Use JupyterHub.bind_url +# .. deprecated: 0.9 +# Use JupyterHub.bind_url # Default: '' # c.JupyterHub.ip = '' @@ -434,14 +562,36 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## Dict of 'group': ['usernames'] to load at startup. # -# This strictly *adds* groups and users to groups. +# This strictly *adds* groups and users to groups. # -# Loading one set of groups, then starting JupyterHub again with a different set -# will not remove users or groups from previous launches. That must be done -# through the API. +# Loading one set of groups, then starting JupyterHub again with a different +# set will not remove users or groups from previous launches. +# That must be done through the API. # Default: {} # c.JupyterHub.load_groups = {} +## List of predefined role dictionaries to load at startup. +# +# For instance:: +# +# load_roles = [ +# { +# 'name': 'teacher', +# 'description': 'Access to users' information and group membership', +# 'scopes': ['users', 'groups'], +# 'users': ['cyclops', 'gandalf'], +# 'services': [], +# 'groups': [] +# } +# ] +# +# All keys apart from 'name' are optional. +# See all the available scopes in the JupyterHub REST API documentation. +# +# Default roles are defined in roles.py. +# Default: [] +# c.JupyterHub.load_roles = [] + ## The date format used by logging formatters for %(asctime)s # See also: Application.log_datefmt # c.JupyterHub.log_datefmt = '%Y-%m-%d %H:%M:%S' @@ -454,6 +604,10 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # See also: Application.log_level # c.JupyterHub.log_level = 30 +## +# See also: Application.logging_config +# c.JupyterHub.logging_config = {} + ## Specify path to a logo image to override the Jupyter logo in the banner. # Default: '' # c.JupyterHub.logo_file = '' @@ -464,20 +618,62 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Setting this can limit the total resources a user can consume. # # If set to 0, no limit is enforced. +# +# Can be an integer or a callable/awaitable based on the handler object: +# +# :: +# +# def named_server_limit_per_user_fn(handler): +# user = handler.current_user +# if user and user.admin: +# return 0 +# return 5 +# +# c.JupyterHub.named_server_limit_per_user = named_server_limit_per_user_fn # Default: 0 # c.JupyterHub.named_server_limit_per_user = 0 -## File to write PID Useful for daemonizing JupyterHub. +## Expiry (in seconds) of OAuth access tokens. +# +# The default is to expire when the cookie storing them expires, +# according to `cookie_max_age_days` config. +# +# These are the tokens stored in cookies when you visit +# a single-user server or service. +# When they expire, you must re-authenticate with the Hub, +# even if your Hub authentication is still valid. +# If your Hub authentication is valid, +# logging in may be a transparent redirect as you refresh the page. +# +# This does not affect JupyterHub API tokens in general, +# which do not expire by default. +# Only tokens issued during the oauth flow +# accessing services and single-user servers are affected. +# +# .. versionadded:: 1.4 +# OAuth token expires_in was not previously configurable. +# .. versionchanged:: 1.4 +# Default now uses cookie_max_age_days so that oauth tokens +# which are generally stored in cookies, +# expire when the cookies storing them expire. +# Previously, it was one hour. +# Default: 0 +# c.JupyterHub.oauth_token_expires_in = 0 + +## File to write PID +# Useful for daemonizing JupyterHub. # Default: '' # c.JupyterHub.pid_file = '' +c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" ## The public facing port of the proxy. # -# This is the port on which the proxy will listen. This is the only port through -# which JupyterHub should be accessed by users. +# This is the port on which the proxy will listen. +# This is the only port through which JupyterHub +# should be accessed by users. # -# .. deprecated: 0.9 -# Use JupyterHub.bind_url +# .. deprecated: 0.9 +# Use JupyterHub.bind_url # Default: 8000 # c.JupyterHub.port = 8000 @@ -493,9 +689,9 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: '' # c.JupyterHub.proxy_auth_token = '' -## Interval (in seconds) at which to check if the proxy is running. -# Default: 30 -# c.JupyterHub.proxy_check_interval = 30 +## DEPRECATED since version 0.8: Use ConfigurableHTTPProxy.check_running_interval +# Default: 5 +# c.JupyterHub.proxy_check_interval = 5 ## The class to use for configuring the JupyterHub proxy. # @@ -517,9 +713,9 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## Recreate all certificates used within JupyterHub on restart. # -# Note: enabling this feature requires restarting all notebook servers. +# Note: enabling this feature requires restarting all notebook servers. # -# Use with internal_ssl +# Use with internal_ssl # Default: False # c.JupyterHub.recreate_internal_certs = False @@ -538,29 +734,29 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## Dict of token:servicename to be loaded into the database. # -# Allows ahead-of-time generation of API tokens for use by externally managed -# services. +# Allows ahead-of-time generation of API tokens for use by externally +# managed services. # Default: {} # c.JupyterHub.service_tokens = {} ## List of service specification dictionaries. # -# A service +# A service # -# For instance:: +# For instance:: # -# services = [ -# { -# 'name': 'cull_idle', -# 'command': ['/path/to/cull_idle_servers.py'], -# }, -# { -# 'name': 'formgrader', -# 'url': 'http://127.0.0.1:1234', -# 'api_token': 'super-secret', -# 'environment': -# } -# ] +# services = [ +# { +# 'name': 'cull_idle', +# 'command': ['/path/to/cull_idle_servers.py'], +# }, +# { +# 'name': 'formgrader', +# 'url': 'http://127.0.0.1:1234', +# 'api_token': 'super-secret', +# 'environment': +# } +# ] # Default: [] # c.JupyterHub.services = [] @@ -585,21 +781,26 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # e.g. `c.JupyterHub.spawner_class = 'localprocess'` # # Currently installed: +# - systemd: systemdspawner.SystemdSpawner +# - systemdspawner: systemdspawner.SystemdSpawner # - default: jupyterhub.spawner.LocalProcessSpawner # - localprocess: jupyterhub.spawner.LocalProcessSpawner # - simple: jupyterhub.spawner.SimpleLocalProcessSpawner # Default: 'jupyterhub.spawner.LocalProcessSpawner' +# c.JupyterHub.spawner_class = 'jupyterhub.spawner.LocalProcessSpawner' c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' +c.SystemdSpawner.dynamic_users = True +c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}' ## Path to SSL certificate file for the public facing interface of the proxy # -# When setting this, you should also set ssl_key +# When setting this, you should also set ssl_key # Default: '' # c.JupyterHub.ssl_cert = '' ## Path to SSL key file for the public facing interface of the proxy # -# When setting this, you should also set ssl_cert +# When setting this, you should also set ssl_cert # Default: '' # c.JupyterHub.ssl_key = '' @@ -618,17 +819,18 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' ## Run single-user servers on subdomains of this host. # -# This should be the full `https://hub.domain.tld[:port]`. +# This should be the full `https://hub.domain.tld[:port]`. # -# Provides additional cross-site protections for javascript served by single- -# user servers. +# Provides additional cross-site protections for javascript served by +# single-user servers. # -# Requires `<username>.hub.domain.tld` to resolve to the same host as +# Requires `<username>.hub.domain.tld` to resolve to the same host as # `hub.domain.tld`. # -# In general, this is most easily achieved with wildcard DNS. +# In general, this is most easily achieved with wildcard DNS. # -# When using SSL (i.e. always) this also requires a wildcard SSL certificate. +# When using SSL (i.e. always) this also requires a wildcard SSL +# certificate. # Default: '' # c.JupyterHub.subdomain_host = '' @@ -644,54 +846,69 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # Default: {} # c.JupyterHub.tornado_settings = {} -## Trust user-provided tokens (via JupyterHub.service_tokens) to have good -# entropy. +## Trust user-provided tokens (via JupyterHub.service_tokens) +# to have good entropy. # -# If you are not inserting additional tokens via configuration file, this flag -# has no effect. +# If you are not inserting additional tokens via configuration file, +# this flag has no effect. # -# In JupyterHub 0.8, internally generated tokens do not pass through additional -# hashing because the hashing is costly and does not increase the entropy of -# already-good UUIDs. +# In JupyterHub 0.8, internally generated tokens do not +# pass through additional hashing because the hashing is costly +# and does not increase the entropy of already-good UUIDs. # -# User-provided tokens, on the other hand, are not trusted to have good entropy -# by default, and are passed through many rounds of hashing to stretch the -# entropy of the key (i.e. user-provided tokens are treated as passwords instead -# of random keys). These keys are more costly to check. +# User-provided tokens, on the other hand, are not trusted to have good entropy by default, +# and are passed through many rounds of hashing to stretch the entropy of the key +# (i.e. user-provided tokens are treated as passwords instead of random keys). +# These keys are more costly to check. # -# If your inserted tokens are generated by a good-quality mechanism, e.g. -# `openssl rand -hex 32`, then you can set this flag to True to reduce the cost -# of checking authentication tokens. +# If your inserted tokens are generated by a good-quality mechanism, +# e.g. `openssl rand -hex 32`, then you can set this flag to True +# to reduce the cost of checking authentication tokens. # Default: False # c.JupyterHub.trust_user_provided_tokens = False ## Names to include in the subject alternative name. # -# These names will be used for server name verification. This is useful if -# JupyterHub is being run behind a reverse proxy or services using ssl are on -# different hosts. +# These names will be used for server name verification. This is useful +# if JupyterHub is being run behind a reverse proxy or services using ssl +# are on different hosts. # -# Use with internal_ssl +# Use with internal_ssl # Default: [] # c.JupyterHub.trusted_alt_names = [] ## Downstream proxy IP addresses to trust. # -# This sets the list of IP addresses that are trusted and skipped when -# processing the `X-Forwarded-For` header. For example, if an external proxy is -# used for TLS termination, its IP address should be added to this list to -# ensure the correct client IP addresses are recorded in the logs instead of the -# proxy server's IP address. +# This sets the list of IP addresses that are trusted and skipped when processing +# the `X-Forwarded-For` header. For example, if an external proxy is used for TLS +# termination, its IP address should be added to this list to ensure the correct +# client IP addresses are recorded in the logs instead of the proxy server's IP +# address. # Default: [] # c.JupyterHub.trusted_downstream_ips = [] ## Upgrade the database automatically on start. # -# Only safe if database is regularly backed up. Only SQLite databases will be -# backed up to a local file automatically. +# Only safe if database is regularly backed up. +# Only SQLite databases will be backed up to a local file automatically. # Default: False # c.JupyterHub.upgrade_db = False +## Return 503 rather than 424 when request comes in for a non-running server. +# +# Prior to JupyterHub 2.0, we returned a 503 when any request came in for a user +# server that was currently not running. By default, JupyterHub 2.0 will return +# a 424 - this makes operational metric dashboards more useful. +# +# JupyterLab < 3.2 expected the 503 to know if the user server is no longer +# running, and prompted the user to start their server. Set this config to true +# to retain the old behavior, so JupyterLab < 3.2 can continue to show the +# appropriate UI when the user server is stopped. +# +# This option will be removed in a future release. +# Default: False +# c.JupyterHub.use_legacy_stopped_server_status_code = False + ## Callable to affect behavior of /user-redirect/ # # Receives 4 parameters: 1. path - URL path that was provided after /user- @@ -709,13 +926,17 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' #------------------------------------------------------------------------------ ## Base class for spawning single-user notebook servers. # -# Subclass this, and override the following methods: +# Subclass this, and override the following methods: # -# - load_state - get_state - start - stop - poll +# - load_state +# - get_state +# - start +# - stop +# - poll # -# As JupyterHub supports multiple users, an instance of the Spawner subclass is -# created for each user. If there are 20 JupyterHub users, there will be 20 -# instances of the subclass. +# As JupyterHub supports multiple users, an instance of the Spawner subclass +# is created for each user. If there are 20 JupyterHub users, there will be 20 +# instances of the subclass. ## Extra arguments to be passed to the single-user server. # @@ -862,12 +1083,32 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # Default: 30 # c.Spawner.http_timeout = 30 +## The URL the single-user server should connect to the Hub. +# +# If the Hub URL set in your JupyterHub config is not reachable from spawned +# notebooks, you can set differnt URL by this config. +# +# Is None if you don't need to change the URL. +# Default: None +# c.Spawner.hub_connect_url = None + ## The IP address (or hostname) the single-user server should listen on. # +# Usually either '127.0.0.1' (default) or '0.0.0.0'. +# # The JupyterHub proxy implementation should be able to send packets to this # interface. -# Default: '' -# c.Spawner.ip = '' +# +# Subclasses which launch remotely or in containers should override the default +# to '0.0.0.0'. +# +# .. versionchanged:: 2.0 +# Default changed to '127.0.0.1', from ''. +# In most cases, this does not result in a change in behavior, +# as '' was interpreted as 'unspecified', +# which used the subprocesses' own default, itself usually '127.0.0.1'. +# Default: '127.0.0.1' +# c.Spawner.ip = '127.0.0.1' ## Minimum number of bytes a single-user notebook server is guaranteed to have # available. @@ -918,6 +1159,35 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # Default: '' # c.Spawner.notebook_dir = '' +## Allowed scopes for oauth tokens issued by this server's oauth client. +# +# This sets the maximum and default scopes +# assigned to oauth tokens issued by a single-user server's +# oauth client (i.e. tokens stored in browsers after authenticating with the server), +# defining what actions the server can take on behalf of logged-in users. +# +# Default is an empty list, meaning minimal permissions to identify users, +# no actions can be taken on their behalf. +# +# If callable, will be called with the Spawner as a single argument. +# Callables may be async. +# Default: traitlets.Undefined +# c.Spawner.oauth_client_allowed_scopes = traitlets.Undefined + +## Allowed roles for oauth tokens. +# +# Deprecated in 3.0: use oauth_client_allowed_scopes +# +# This sets the maximum and default roles +# assigned to oauth tokens issued by a single-user server's +# oauth client (i.e. tokens stored in browsers after authenticating with the server), +# defining what actions the server can take on behalf of logged-in users. +# +# Default is an empty list, meaning minimal permissions to identify users, +# no actions can be taken on their behalf. +# Default: traitlets.Undefined +# c.Spawner.oauth_roles = traitlets.Undefined + ## An HTML form for options a user can specify on launching their server. # # The surrounding `<form>` element and the submit button are already provided. @@ -1021,8 +1291,8 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' ## List of SSL alt names # -# May be set in config if all spawners should have the same value(s), or set at -# runtime by Spawner that know their names. +# May be set in config if all spawners should have the same value(s), +# or set at runtime by Spawner that know their names. # Default: [] # c.Spawner.ssl_alt_names = [] @@ -1046,6 +1316,9 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' ## Set of users that will have admin rights on this JupyterHub. # +# Note: As of JupyterHub 2.0, full admin rights should not be required, and more +# precise permissions can be managed via roles. +# # Admin users have extra privileges: # - Use the admin panel to see list of users logged in # - Add / remove users in some authenticators @@ -1057,6 +1330,7 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # # Defaults to an empty set, in which case no user has admin access. # Default: set() +# c.Authenticator.admin_users = set() c.Authenticator.admin_users = set(['admin']) c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" @@ -1064,7 +1338,8 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" # # Use this with supported authenticators to restrict which users can log in. # This is an additional list that further restricts users, beyond whatever -# restrictions the authenticator has in place. +# restrictions the authenticator has in place. Any user in this list is granted +# the 'user' role on hub startup. # # If empty, does not perform any additional restriction. # @@ -1073,28 +1348,43 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" # Default: set() # c.Authenticator.allowed_users = set() -## The max age (in seconds) of authentication info before forcing a refresh of -# user auth info. +## The max age (in seconds) of authentication info +# before forcing a refresh of user auth info. # -# Refreshing auth info allows, e.g. requesting/re-validating auth tokens. +# Refreshing auth info allows, e.g. requesting/re-validating auth +# tokens. # -# See :meth:`.refresh_user` for what happens when user auth info is refreshed -# (nothing by default). +# See :meth:`.refresh_user` for what happens when user auth info is refreshed +# (nothing by default). # Default: 300 # c.Authenticator.auth_refresh_age = 300 ## Automatically begin the login process # -# rather than starting with a "Login with..." link at `/hub/login` +# rather than starting with a "Login with..." link at `/hub/login` # -# To work, `.login_url()` must give a URL other than the default `/hub/login`, -# such as an oauth handler or another automatic login handler, registered with -# `.get_handlers()`. +# To work, `.login_url()` must give a URL other than the default `/hub/login`, +# such as an oauth handler or another automatic login handler, +# registered with `.get_handlers()`. # -# .. versionadded:: 0.8 +# .. versionadded:: 0.8 # Default: False # c.Authenticator.auto_login = False +## Automatically begin login process for OAuth2 authorization requests +# +# When another application is using JupyterHub as OAuth2 provider, it sends +# users to `/hub/api/oauth2/authorize`. If the user isn't logged in already, and +# auto_login is not set, the user will be dumped on the hub's home page, without +# any context on what to do next. +# +# Setting this to true will automatically redirect users to login if they aren't +# logged in *only* on the `/hub/api/oauth2/authorize` endpoint. +# +# .. versionadded:: 1.5 +# Default: False +# c.Authenticator.auto_login_oauth2_authorize = False + ## Set of usernames that are not allowed to log in. # # Use this with supported authenticators to restrict which users can not log in. @@ -1112,36 +1402,48 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" ## Delete any users from the database that do not pass validation # -# When JupyterHub starts, `.add_user` will be called on each user in the -# database to verify that all users are still valid. +# When JupyterHub starts, `.add_user` will be called +# on each user in the database to verify that all users are still valid. # -# If `delete_invalid_users` is True, any users that do not pass validation will -# be deleted from the database. Use this if users might be deleted from an -# external system, such as local user accounts. +# If `delete_invalid_users` is True, +# any users that do not pass validation will be deleted from the database. +# Use this if users might be deleted from an external system, +# such as local user accounts. # -# If False (default), invalid users remain in the Hub's database and a warning -# will be issued. This is the default to avoid data loss due to config changes. +# If False (default), invalid users remain in the Hub's database +# and a warning will be issued. +# This is the default to avoid data loss due to config changes. # Default: False # c.Authenticator.delete_invalid_users = False ## Enable persisting auth_state (if available). # -# auth_state will be encrypted and stored in the Hub's database. This can -# include things like authentication tokens, etc. to be passed to Spawners as -# environment variables. +# auth_state will be encrypted and stored in the Hub's database. +# This can include things like authentication tokens, etc. +# to be passed to Spawners as environment variables. # -# Encrypting auth_state requires the cryptography package. +# Encrypting auth_state requires the cryptography package. # -# Additionally, the JUPYTERHUB_CRYPT_KEY environment variable must contain one -# (or more, separated by ;) 32B encryption keys. These can be either base64 or -# hex-encoded. +# Additionally, the JUPYTERHUB_CRYPT_KEY environment variable must +# contain one (or more, separated by ;) 32B encryption keys. +# These can be either base64 or hex-encoded. # -# If encryption is unavailable, auth_state cannot be persisted. +# If encryption is unavailable, auth_state cannot be persisted. # -# New in JupyterHub 0.8 +# New in JupyterHub 0.8 # Default: False # c.Authenticator.enable_auth_state = False +## Let authenticator manage user groups +# +# If True, Authenticator.authenticate and/or .refresh_user +# may return a list of group names in the 'groups' field, +# which will be assigned to the user. +# +# All group-assignment APIs are disabled if this is True. +# Default: False +# c.Authenticator.manage_groups = False + ## An optional hook function that you can implement to do some bootstrapping work # during authentication. For example, loading user account details from an # external system. @@ -1176,20 +1478,20 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" ## Force refresh of auth prior to spawn. # -# This forces :meth:`.refresh_user` to be called prior to launching a server, to -# ensure that auth state is up-to-date. +# This forces :meth:`.refresh_user` to be called prior to launching +# a server, to ensure that auth state is up-to-date. # -# This can be important when e.g. auth tokens that may have expired are passed -# to the spawner via environment variables from auth_state. +# This can be important when e.g. auth tokens that may have expired +# are passed to the spawner via environment variables from auth_state. # -# If refresh_user cannot refresh the user auth data, launch will fail until the -# user logs in again. +# If refresh_user cannot refresh the user auth data, +# launch will fail until the user logs in again. # Default: False # c.Authenticator.refresh_pre_spawn = False ## Dictionary mapping authenticator usernames to JupyterHub users. # -# Primarily used to normalize OAuth user names to local users. +# Primarily used to normalize OAuth user names to local users. # Default: {} # c.Authenticator.username_map = {} @@ -1211,29 +1513,11 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" #------------------------------------------------------------------------------ ## Encapsulate encryption configuration # -# Use via the encryption_config singleton below. +# Use via the encryption_config singleton below. # Default: [] # c.CryptKeeper.keys = [] ## The number of threads to allocate for encryption -# Default: 4 -# c.CryptKeeper.n_threads = 4 - -#------------------------------------------------------------------------------ -# Pagination(Configurable) configuration -#------------------------------------------------------------------------------ -## Default number of entries per page for paginated results. -# Default: 100 -# c.Pagination.default_per_page = 100 - -## Maximum number of entries per page for paginated results. -# Default: 250 -# c.Pagination.max_per_page = 250 - -#------------------------------------------------------------------------------ -# Systemdspawner config -#------------------------------------------------------------------------------ -c.SystemdSpawner.dynamic_users = True -c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}' - +# Default: 2 +# c.CryptKeeper.n_threads = 2 From 872c77d7283d8ee2e94287d6d73e35a3504f4022 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 12:17:19 -0500 Subject: [PATCH 0287/1184] jupyterhub/README.md: Clarifs & new screenshots --- roles/jupyterhub/README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 583466e04..a9588d3d9 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -9,7 +9,7 @@ * [JupyterHub changelog](https://jupyterhub.readthedocs.io/en/stable/changelog.html#changelog) * Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (unfortunately the login screen doesn't make that clear, but the teacher _does not_ need to be involved!) * A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks). - * The teacher should set and protect JupyterHub's overall `Admin` password, just in case. As with student accounts, the login screen doesn't make that clear — so just log in with username `Admin` — using any password that you want to become permanent. + * The teacher should set and protect JupyterHub's overall `Admin` password, just in case. As with student accounts, the login screen unfortunately doesn't make that clear — so just log in with username `Admin` — using any password that you want to become permanent. * Individual student folders are created in `/var/lib/private/` on the Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. @@ -26,10 +26,11 @@ In some rare circumstances, it may be necessary to restart JupyterHub's systemd sudo systemctl restart jupyterhub ``` -FYI `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated with the usual formula: +FYI `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated (and deactivated) with the usual: ``` source /opt/iiab/jupyterhub/bin/activate +(jupyterhub) root@box:~# deactivate ``` Passwords are hashed using 4096 rounds of the latest Blowfish (bcrypt's $2b$ algorithm) and stored in: @@ -48,13 +49,13 @@ NOTE: This is the only way to change the password for user 'Admin', because Cont The `Admin` user (and any users given `Admin` privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below). This logs the user out, but does not remove any of their data or home directories. The user can then set a new password in the usual way — simply by logging in. Example: -1. As a user with `Admin` privilege, click **Control Panel** in the top right of your JupyterHub: +1. As a user with `Admin` privilege, click **File > Hub Control Panel** in your JupyterHub: - ![Control panel button in notebook, top right](control-panel-button1.png) + ![image](https://user-images.githubusercontent.com/2458907/217602766-ab6a9d3c-9f92-496e-a0e8-6c18a084e960.png) -2. In the Control Panel, open the **Admin** link in the top left: +2. At the top of the Control Panel, click **Admin**: - ![Admin button in control panel, top left](admin-access-button1.png) + ![image](https://user-images.githubusercontent.com/2458907/217602473-f4f9fd40-b4c1-45e1-88c5-54c6d4b604ff.png) This opens up the JupyterHub Admin page, where you can add / delete users, start / stop peoples’ servers and see who is online. From 8d3864090e5c9cd12602e62f89591f1a65dc42c8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 12:47:39 -0500 Subject: [PATCH 0288/1184] Mention /opt/iiab/jupyterhub (3.1.1) is now ~326 MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 68f909ea7..a34c1afd6 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~271 MB total, after 2 Ansible calls)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~326 MB total, after 2 Ansible calls)" pip: name: - pip From 49bad59d78efcc81d57219fe303be9d25fc3db26 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 13:02:16 -0500 Subject: [PATCH 0289/1184] Cleaner explanation on top of jupyterhub_config.py.j2 --- roles/jupyterhub/templates/jupyterhub_config.py.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index f8be9a849..32daeb53b 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -1,11 +1,11 @@ -# 2023-02-08 for /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py : +# 2023-02-08 /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py update: # https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html # -# 1) To generate this 1500+ line stub, I ran JupyterHub 3.1.1's: +# 1) To generate this 1500+ line stub, I first ran JupyterHub 3.1.1's: # /opt/iiab/jupyterhub/bin/jupyterhub --generate-config -# 2) I manually inserted 9 of IIAB's 10 legacy custom lines below, from: +# 2) Then I manually inserted 9 of IIAB's 10 legacy custom lines below, from: # grep ^c /opt/iiab/iiab/roles/jupyterhub/templates/jupyterhub_config.py.j2 -# 3) I added the following line on @jvonau's suggestion: (#3475) +# 3) Finally I added the following line on @jvonau's suggestion: (#3475) # c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" From 34effae3685f962772662066d7b9902cb75a586d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 19:26:41 -0500 Subject: [PATCH 0290/1184] jupyterhub/README.md: Explain logging, via journalctl --- roles/jupyterhub/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index a9588d3d9..6cb72b2fd 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -71,6 +71,20 @@ The `Admin` user (and any users given `Admin` privilege) can reset user password _WARNING: If on login users see "500 : Internal Server Error", you may need to remove ALL files of the form_ `/run/jupyter-johndoe-singleuser` +### Logging + +To see JupyterHub's (typically very long!) log, run: + +``` +journalctl -u jupyterhub.service +``` + +Sometimes other logs might also be available, e.g.: + +``` +journalctl -u jupyter-admin-singleuser.service +``` + ### PAWS/Jupyter Notebooks for Python Beginners While PAWS is a little bit off topic, if you have an interest in Wikipedia, please do see this 23m 42s video ["Intro to PAWS/Jupyter notebooks for Python beginners"](https://www.youtube.com/watch?v=AUZkioRI-aA&list=PLeoTcBlDanyNQXBqI1rVXUqUTSSiuSIXN&index=8) by Chico Venancio, from 2021-06-01. From 7c046c100b4c8f18a27e32df9069fc0ce96b813f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 19:31:20 -0500 Subject: [PATCH 0291/1184] jupyterhub/README.md: Tighter journalctl logging tips --- roles/jupyterhub/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 6cb72b2fd..45d39ac5c 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -76,13 +76,13 @@ _WARNING: If on login users see "500 : Internal Server Error", you may need to r To see JupyterHub's (typically very long!) log, run: ``` -journalctl -u jupyterhub.service +journalctl -u jupyterhub ``` Sometimes other logs might also be available, e.g.: ``` -journalctl -u jupyter-admin-singleuser.service +journalctl -u jupyter-admin-singleuser ``` ### PAWS/Jupyter Notebooks for Python Beginners From ec9b0b5cba743d3aab4e4da718bc1071c57f6baa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 21:08:01 -0500 Subject: [PATCH 0292/1184] jupyterhub/README.md: Clarify "Hub Control Panel" --- roles/jupyterhub/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 45d39ac5c..2ec6a0730 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -43,9 +43,9 @@ Passwords are hashed using 4096 rounds of the latest Blowfish (bcrypt's $2b$ alg Users can change their password by logging in, and then visiting URL: http://box.lan/jupyterhub/auth/change-password -NOTE: This is the only way to change the password for user 'Admin', because Control Panel > Admin (below) does not permit deletion of this account. +NOTE: This is the only way to change the password for user `Admin`, because **File > Hub Control Panel > Admin** (below) does not permit deletion of this account. -### Control Panel > Admin page, to manage other accounts +### Hub Control Panel > Admin page, to manage other accounts The `Admin` user (and any users given `Admin` privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below). This logs the user out, but does not remove any of their data or home directories. The user can then set a new password in the usual way — simply by logging in. Example: From bb85ab918f1b7b607688294a141540882021a86b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 21:18:16 -0500 Subject: [PATCH 0293/1184] jupyterhub/README.md: File > Hub Control Panel > Admin --- roles/jupyterhub/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 2ec6a0730..a055a55f1 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -45,7 +45,7 @@ Users can change their password by logging in, and then visiting URL: http://box NOTE: This is the only way to change the password for user `Admin`, because **File > Hub Control Panel > Admin** (below) does not permit deletion of this account. -### Hub Control Panel > Admin page, to manage other accounts +### File > Hub Control Panel > Admin, to manage accounts The `Admin` user (and any users given `Admin` privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below). This logs the user out, but does not remove any of their data or home directories. The user can then set a new password in the usual way — simply by logging in. Example: From 5bced2429faaa7101dcf99d766fc99a0b8333d0c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 9 Feb 2023 21:57:19 -0500 Subject: [PATCH 0294/1184] jupyterhub_config.py.j2: Remove unused "c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}'" --- roles/jupyterhub/templates/jupyterhub_config.py.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index 32daeb53b..6ff377a7e 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -790,7 +790,6 @@ c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" # c.JupyterHub.spawner_class = 'jupyterhub.spawner.LocalProcessSpawner' c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' c.SystemdSpawner.dynamic_users = True -c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}' ## Path to SSL certificate file for the public facing interface of the proxy # From 9dd6fb252464217365e730eded145684001430c4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 9 Feb 2023 22:21:45 -0500 Subject: [PATCH 0295/1184] jupyterhub/README.md: Link to jupyterhub/systemdspawner docs --- roles/jupyterhub/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index a055a55f1..db780e595 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -13,6 +13,7 @@ * Individual student folders are created in `/var/lib/private/` on the Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. + * Linux administrators can read more about JupyterHub's [Local Users](https://github.com/jupyterhub/systemdspawner#local-users) and [c.SystemdSpawner.dynamic_users = True](https://github.com/jupyterhub/systemdspawner#dynamic_users) ### Settings From f8efc93d0a2b1ac7cdcdb05d56d6a4b20c7fefd4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 10 Feb 2023 10:01:32 -0500 Subject: [PATCH 0296/1184] Clarify jupyterhub_config.py.j2 for #3476: "8 of IIAB's 10 legacy custom lines" --- roles/jupyterhub/templates/jupyterhub_config.py.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index 6ff377a7e..5abc7deb5 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -1,9 +1,9 @@ -# 2023-02-08 /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py update: +# 2023-02-10 /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py update: # https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html # # 1) To generate this 1500+ line stub, I first ran JupyterHub 3.1.1's: # /opt/iiab/jupyterhub/bin/jupyterhub --generate-config -# 2) Then I manually inserted 9 of IIAB's 10 legacy custom lines below, from: +# 2) Then I manually inserted 8 of IIAB's 10 legacy custom lines below, from: # grep ^c /opt/iiab/iiab/roles/jupyterhub/templates/jupyterhub_config.py.j2 # 3) Finally I added the following line on @jvonau's suggestion: (#3475) # c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" From b2e0d45f2de6b0ec7b8439c181ad9dc97b1eb769 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 15 Feb 2023 16:30:31 -0500 Subject: [PATCH 0297/1184] sugarizer-server-1.5.0 --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index f43f85374..264dbfba0 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -13,7 +13,7 @@ sugarizer_dir_version: sugarizer-1.6.0 # WAS: sugarizer-1.0, sugarizer-master sugarizer_git_version: v1.6.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases -sugarizer_server_dir_version: sugarizer-server-1.4.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0 -sugarizer_server_git_version: v1.4.0 # WAS: v1.0.1, master, dev, f27bf6acd56aba6d99116ef471ca713b0f0dfed3, v1.1.0, v1.1.1, v1.2.0, v1.3.0 +sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 +sugarizer_server_git_version: v1.5.0 # WAS: v1.0.1, master, dev, f27bf6acd56aba6d99116ef471ca713b0f0dfed3, v1.1.0, v1.1.1, v1.2.0, v1.3.0, v1.4.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer-server/commits/dev # AND https://github.com/llaske/sugarizer-server/releases From 64b02509cdff6ec46a4dcb5ce393c9d77aa3e08d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 15 Feb 2023 19:04:43 -0500 Subject: [PATCH 0298/1184] Update size(s) of /opt/iiab/sugarizer-server 1.5.0 --- roles/sugarizer/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 948c128b7..5e9cf3826 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -61,7 +61,7 @@ # CLARIF: during repeat runs of "./runrole sugarizer", this git sync shows # "changed" (whereas above git sync shows "ok"). Reason: "npm install" # (below) modifies /opt/iiab/sugarizer-server/node_modules -- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~9 MB initially, ~195+ MB later) +- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~16 MB initially, ~227+ MB later) git: repo: https://github.com/llaske/sugarizer-server dest: "{{ iiab_base }}/{{ sugarizer_server_dir_version }}" From 9468d1f83a524afa0ed3c59f7195a587c18f2dca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Feb 2023 16:06:31 -0500 Subject: [PATCH 0299/1184] mediawiki/defaults/main.yml: Version 1.39.2 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 21fd715e1..8043db2fc 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 1 +mediawiki_minor_version: 2 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 7fc222d4953499f5731947665085ef3c7ef8b315 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 24 Feb 2023 16:30:47 -0500 Subject: [PATCH 0300/1184] Revert jammy to focal for MongoDB 5.0.5 collateral on arm64/aarch64 --- roles/gitea/defaults/main.yml | 2 +- roles/mongodb/defaults/main.yml | 13 ++++++++++++- roles/mongodb/tasks/install.yml | 33 ++++++++++++++++++--------------- 3 files changed, 31 insertions(+), 17 deletions(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 2a620f8cc..938b87252 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -17,7 +17,7 @@ iset_suffixes: armv6l: arm-6 armv7l: arm-6 # "arm-7" used to work, but no longer since 2019-04-20's Gitea 1.8.0: https://github.com/iiab/iiab/issues/1673 https://github.com/iiab/iiab/pull/1713 -- 2019-07-31: ARM7 support will return at some point, according to: https://github.com/go-gitea/gitea/pull/7037#issuecomment-516735216 (what about ARM8 support for RPi 4?) -gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown') }}" +gitea_iset_suffix: "{{ iset_suffixes[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" gitea_integrity_url: "{{ gitea_download_url }}.asc" diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 0cace8905..a5e2455d3 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,7 +20,18 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 6.0 # 2022-10-23: 4.4 fails on Debian 12 x86_64: +mongodb_arch_dict: + armv6l: unsupported # WAS: 3.0 + armv7l: unsupported # WAS: 3.0 + aarch64: 5.0 + i386: unsupported + x86_64: 6.0 + +mongodb_version: "{{ mongodb_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) + +#mongodb_arm64_version: 5.0 # 2023-02-24: MongoDB 6.0.4 fails to install on +# # 64-bit RasPiOS 11, as it doesn't offer libssl3. +#mongodb_amd64_version: 6.0 # 2022-10-23: 4.4 fails on Debian 12 x86_64: # "No package matching 'mongodb-org' is available". 5.0+ fail on "pre-2011" # CPU's w/o AVX, and on RPi due to MongoDB compiling these for v8.2-A (RPi 4 is # ARM v8-A). SO IIAB ALWAYS OVERLAYS andyfelong.com's 5.0.5 IF 5.0+ SPECIFIED. diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 048601b16..82fab2e9a 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -16,6 +16,9 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) +# 2023-02-24: ALL 54 LINES BELOW (e.g. for 32-bit RasPiOS) MAY NEED TO BE +# REMOVED SOON, due to Sugarizer Server 1.5.0's new MongoDB 3.2+ REQUIREMENT: +# https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170 - block: - name: Create dir /tmp/mongodb-3.0.1x (aarch32) file: @@ -71,18 +74,18 @@ # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") -# 32-bit OS's are handled above: this should handle aarch32 including 32-bit +# 32-bit OS's [WERE] handled above: this should handle aarch32 including 32-bit # Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and # 22.04+ 32-bit might fail untested, and 32-bit Intel might puke as this was # orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel # installers for a while now.) 64-bit OS's proceed below. - block: - - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} + - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg - #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg + #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | apt-key add - + #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_version }}.asc | apt-key add - #args: # warn: no # Ansible 2.14 ERROR: @@ -94,15 +97,15 @@ # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 + - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if x86_64 Debian < 12 apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as # this was recently added to https://repo.mongodb.org/apt/debian/dists/ - repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main - #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main + #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main #filename: mongodb-org when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" @@ -117,10 +120,10 @@ # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} + - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_version }} apt_repository: - repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse - #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse + repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse #filename: mongodb-org when: not (is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64") #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') @@ -250,16 +253,16 @@ # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future command: apt-mark hold mongodb-org mongodb-org-server - when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') - - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin unarchive: remote_src: yes src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" dest: /usr/bin - when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') # end block when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" From 57326cebcefbd9ae783369fea0b2fd4df2541868 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 03:42:23 -0500 Subject: [PATCH 0301/1184] Set WiFi firmware in /lib/firmware/cypress --- roles/firmware/tasks/download.yml | 37 +++++++++++----- roles/firmware/tasks/install.yml | 46 ++++++++++++-------- roles/firmware/templates/iiab-check-firmware | 22 +++++----- vars/default_vars.yml | 6 ++- vars/local_vars_large.yml | 6 ++- vars/local_vars_medium.yml | 6 ++- vars/local_vars_small.yml | 6 ++- 7 files changed, 79 insertions(+), 50 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 949ad3583..ffbd7c6fa 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -1,23 +1,36 @@ -- name: Back up 4 OS-provided WiFi firmware files (or symlinks) to /lib/firmware/brcm/*.orig - copy: - src: /lib/firmware/brcm/{{ item }} - dest: /lib/firmware/brcm/{{ item }}.orig +# 2023-02-24: MONITOR FIRMWARE UPDATES in 3 places especially: +# +# 1. apt changelog firmware-brcm80211 +# https://github.com/RPi-Distro/firmware-nonfree +# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages +# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_* +# 2. apt changelog linux-firmware-raspi +# https://packages.ubuntu.com/search?keywords=linux-firmware-raspi +# 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml + +#- name: Back up 4 OS-provided WiFi firmware files (incl symlink contents) to /lib/firmware/cypress/*.orig +- name: Back up 4 OS-provided WiFi firmware files (or preserve symlinks) to /lib/firmware/cypress/*.orig + # copy: + # src: /lib/firmware/cypress/{{ item }} + # dest: /lib/firmware/cypress/{{ item }}.orig + # local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... + command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig with_items: - - brcmfmac43430-sdio.bin - - brcmfmac43430-sdio.clm_blob - - brcmfmac43455-sdio.bin - - brcmfmac43455-sdio.clm_blob - ignore_errors: yes + - cyfmac43430-sdio.bin + - cyfmac43430-sdio.clm_blob + - cyfmac43455-sdio.bin + - cyfmac43455-sdio.clm_blob + #ignore_errors: yes - name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: url: "{{ iiab_download_url }}/{{ item }}" - dest: /lib/firmware/brcm/ + dest: /lib/firmware/cypress/ timeout: "{{ download_timeout }}" with_items: - - brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin + - brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- SAME AS RASPIOS & UBUNTU'S https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 - - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- SAME AS RASPIOS & UBUNTU'S https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index c0fcfa532..2db1d0bbd 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -4,61 +4,69 @@ # Set 2 symlinks for RPi 3 B+ and 4 (43455) +# COMPARE: update-alternatives --display cyfmac43455-sdio.bin +# https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml#L3-L6 -- name: Populate rpi3bplus_rpi4_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/brcm) +- name: Populate rpi3bplus_rpi4_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/cypress) set_fact: rpi3bplus_rpi4_wifi_firmwares: # Dictionary keys (left side) are always strings, e.g. "19" os: - - brcmfmac43455-sdio.bin.orig - - brcmfmac43455-sdio.clm_blob.orig + - cyfmac43455-sdio.bin.orig # 2023-02-25: 7.45.241 from 2021-11-01 on Ubuntu 22.04.2 too (cyfmac43455-sdio-standard.bin) + - cyfmac43455-sdio.clm_blob.orig # On Ubuntu 22.04.2 too (brcmfmac43455-sdio.clm_blob_2021-11-17_rpi) + ub: + - cyfmac43455-sdio.bin.distrib # 2023-02-25: STALE 7.45.234 from 2021-04-15; on Ubuntu 22.04.2 NOT RasPiOS + - cyfmac43455-sdio.clm_blob.distrib # 4.7K instead of 2.7K w/ above "os" 19: - - brcmfmac43455-sdio.bin_2021-11-30_minimal - - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi + - brcmfmac43455-sdio.bin_2021-11-30_minimal # On Ubuntu 22.04.2 too (cyfmac43455-sdio-minimal.bin) + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # On Ubuntu 22.04.2 too (cyfmac43455-sdio.clm_blob) 24: - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal - - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # On Ubuntu 22.04.2 too (cyfmac43455-sdio.clm_blob) 32: - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 - - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi + - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi # 14K instead of 2.7K w/ above "os" -- name: Symlink /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43455-sdio.bin.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") file: src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }}" - path: /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab + path: /lib/firmware/cypress/cyfmac43455-sdio.bin.iiab state: link force: yes -- name: Symlink /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43455-sdio.clm_blob.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") file: src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }}" - path: /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab + path: /lib/firmware/cypress/cyfmac43455-sdio.clm_blob.iiab state: link force: yes # Set 2 symlinks for RPi Zero W and 3 (43430) -- name: Populate rpizerow_rpi3_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/brcm) +- name: Populate rpizerow_rpi3_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/cypress) set_fact: rpizerow_rpi3_wifi_firmwares: os: - - brcmfmac43430-sdio.bin.orig - - brcmfmac43430-sdio.clm_blob.orig + - cyfmac43430-sdio.bin.orig # 2023-02-25: 7.45.98 from 2021-07-19 on Ubuntu 22.04.2 too + - cyfmac43430-sdio.clm_blob.orig # On Ubuntu 22.04.2 too + ub: + - cyfmac43430-sdio.bin.distrib # 2023-02-25: STALE 7.45.98.118 from 2021-03-30; on Ubuntu 22.04.2 NOT RasPiOS + - cyfmac43430-sdio.clm_blob.distrib # Identical to above 4.7K cyfmac43430-sdio.clm_blob 30: - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 - - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 + - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 # 14K instead of 4.7K w/ above "os" & "ub" -- name: Symlink /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43430-sdio.bin.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") file: src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }}" - path: /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab + path: /lib/firmware/cypress/cyfmac43430-sdio.bin.iiab state: link force: yes -- name: Symlink /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43430-sdio.clm_blob.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") file: src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }}" - path: /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab + path: /lib/firmware/cypress/cyfmac43430-sdio.clm_blob.iiab state: link force: yes diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index b26810440..e47982069 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -14,29 +14,29 @@ iiab_var_value() { } link_fw() { - if [[ $(readlink /lib/firmware/brcm/$1) != $1.iiab ]] ; then - echo - mv /lib/firmware/brcm/$1 /lib/firmware/brcm/$1.$(date +%F-%T) - ln -s $1.iiab /lib/firmware/brcm/$1 - echo -e "\e[1mSymlinked /lib/firmware/brcm/$1 -> $1.iiab\e[0m" - touch /tmp/.fw_modified + if [[ $(readlink /lib/firmware/cypress/$1) != $1.iiab ]] ; then + echo + mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) + ln -s $1.iiab /lib/firmware/cypress/$1 + echo -e "\e[1mSymlinked /lib/firmware/cypress/$1 -> $1.iiab\e[0m" + touch /tmp/.fw_modified fi } if [[ $(iiab_var_value rpi3bplus_rpi4_wifi_firmware) != "os" ]] ; then - link_fw brcmfmac43455-sdio.bin - link_fw brcmfmac43455-sdio.clm_blob + link_fw cyfmac43455-sdio.bin + link_fw cyfmac43455-sdio.clm_blob fi if [[ $(iiab_var_value rpizerow_rpi3_wifi_firmware) != "os" ]] ; then - link_fw brcmfmac43430-sdio.bin - link_fw brcmfmac43430-sdio.clm_blob + link_fw cyfmac43430-sdio.bin + link_fw cyfmac43430-sdio.clm_blob fi if [ -f /tmp/.fw_modified ]; then bash /etc/profile.d/iiab-firmware-warn.sh else - echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/brcm appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" + echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/cypress appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" echo echo -e "\e[100;1m(No reboot appears necessary!)\e[0m" echo diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 122128278..274771ae1 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -131,9 +131,10 @@ hostapd_enabled: True # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -143,7 +144,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1a301ed60..2ea331221 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index e8d8b1f5e..a290fd426 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index aef176b4e..fed0751eb 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi From 4831fd6d7e77ff84eb61c28d609554ce9a4c7d87 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 13:55:41 -0500 Subject: [PATCH 0302/1184] CLARIF: full backup of symlinks + later "doubly timestamped" symlink contents --- roles/firmware/tasks/download.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index ffbd7c6fa..0285fda80 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -9,18 +9,18 @@ # 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml #- name: Back up 4 OS-provided WiFi firmware files (incl symlink contents) to /lib/firmware/cypress/*.orig -- name: Back up 4 OS-provided WiFi firmware files (or preserve symlinks) to /lib/firmware/cypress/*.orig +- name: Back up 4 OS-provided WiFi firmware files (or replicate symlinks) to /lib/firmware/cypress/*.orig -- NOTE that "doubly timestamped" copies (incl any symlinks' contents!) are ALSO made by iiab-check-firmware -- as firmware install completes # copy: # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig - # local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig + # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... + command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, but so far unnec) with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob - cyfmac43455-sdio.bin - cyfmac43455-sdio.clm_blob - #ignore_errors: yes + #ignore_errors: yes # 2023-02-25: Let's INTENTIONALLY surface any errors, e.g. if any future RasPiOS or Ubuntu-on-Rpi lack some of the above 4 files/links? - name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: From d09046b5015262f0c3ff483b61e4dffca3d25997 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 15:41:08 -0500 Subject: [PATCH 0303/1184] roles/firmware for WiFi hotspot: Update in-line docs --- roles/firmware/tasks/download.yml | 11 +++++---- roles/firmware/tasks/install.yml | 2 +- roles/firmware/tasks/main.yml | 24 +++++++++++-------- roles/firmware/templates/iiab-check-firmware | 8 +++---- .../templates/gateway/iiab-gen-iptables | 4 ++-- roles/openvpn/templates/iiab-support | 4 ++-- 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 0285fda80..5ef80332d 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -1,9 +1,12 @@ -# 2023-02-24: MONITOR FIRMWARE UPDATES in 3 places especially: +# 2023-02-25: MONITOR FIRMWARE UPDATES in 3 places especially... # # 1. apt changelog firmware-brcm80211 -# https://github.com/RPi-Distro/firmware-nonfree -# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages -# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_* +# https://github.com/RPi-Distro/firmware-nonfree -> debian/config/brcm80211 (brcm, cypress) +# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages (1.1MB text file, look inside for summary of latest firmware-brcm80211) +# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/ -> firmware-brcm80211_* e.g.: +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 +# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20221012-1~bpo11+1+rpt1_all.deb from 2022-11-17 # 2. apt changelog linux-firmware-raspi # https://packages.ubuntu.com/search?keywords=linux-firmware-raspi # 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 2db1d0bbd..6ce042cee 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -81,7 +81,7 @@ - { src: 'iiab-check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } - { src: 'iiab-firmware-warn.sh', dest: '/etc/profile.d/', mode: '0644' } -- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) +- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) -- creating our 2-or-4 key simlink chains e.g. /lib/firmware/cypress/X.{bin|blob} -> /lib/firmware/cypress/X.{bin|blob}.iiab -> CHOSEN-FIRMWARE-FILE-OR-LINK systemd: name: iiab-check-firmware.service daemon_reload: yes diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index 3e33890ba..dfd094acb 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -3,18 +3,22 @@ # client devices that can access your Raspberry Pi's internal WiFi hotspot. # If IIAB's already installed, you should then run 'cd /opt/iiab/iiab' and -# then 'sudo ./runrole firmware' (do run iiab-check-firmware for more tips!) - -# BACKGROUND AS OF 2022-01-10: -# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 -# https://github.com/iiab/iiab/issues/2853#issuecomment-957836892 -# https://github.com/iiab/iiab/pull/3103 -# https://github.com/RPi-Distro/firmware-nonfree/tree/bullseye/debian/config/brcm80211 (brcm, cypress) -# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 -# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 +# then 'sudo ./runrole firmware' (DO RUN iiab-check-firmware FOR MORE TIPS!) +# 2018-2023 Background & Progress: +# +# Raspberry Pi 3 used to support 32 WiFi connections but is now limited to [4-10] +# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# Opinions about Pi 4B/3B+ WiFi features [practical AP firmware for schools!] +# https://github.com/iiab/iiab/issues/2853#issuecomment-957836892 +# RPi WiFi hotspot firmware reliability fix, incl new/better choices for 3B+ & 4 +# https://github.com/iiab/iiab/pull/3103 +# Set WiFi firmware in /lib/firmware/cypress due to RasPiOS & Ubuntu changes +# https://github.com/iiab/iiab/pull/3482 # RISK: What USB 3.0 stick/drive patterns degrade a Raspberry Pi's 2.4GHz WiFi? -# https://github.com/iiab/iiab/issues/2638 +# https://github.com/iiab/iiab/issues/2638 + +# ► SEE "MONITOR FIRMWARE UPDATES in 3 places especially" in tasks/download.yml ◄ - name: Install firmware (for RPi internal WiFi) include_tasks: install.yml diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index e47982069..9da0135af 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -1,10 +1,10 @@ #!/bin/bash -# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml +# 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 -# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN iiab_var_value() { @@ -16,7 +16,7 @@ iiab_var_value() { link_fw() { if [[ $(readlink /lib/firmware/cypress/$1) != $1.iiab ]] ; then echo - mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) + mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) # i.e. "doubly timestamping" to preserve BOTH last-modif & moving date ln -s $1.iiab /lib/firmware/cypress/$1 echo -e "\e[1mSymlinked /lib/firmware/cypress/$1 -> $1.iiab\e[0m" touch /tmp/.fw_modified @@ -36,7 +36,7 @@ fi if [ -f /tmp/.fw_modified ]; then bash /etc/profile.d/iiab-firmware-warn.sh else - echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/cypress appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" + echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/cypress appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#3482\e[0m" echo echo -e "\e[100;1m(No reboot appears necessary!)\e[0m" echo diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index b11cd4fca..0a8b6a80e 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -34,11 +34,11 @@ IPTABLES=/usr/sbin/iptables IPTABLES_DATA=/etc/sysconfig/iptables {% endif %} -# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml +# 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 -# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 4ba4d70a3..1d88a66b4 100755 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -10,11 +10,11 @@ DEBUG=false # Using /usr/bin/true or /usr/bin/false PLAYBOOK="install-support.yml" INVENTORY="ansible_hosts" -# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml +# 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 -# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # PARSE local_vars.yml JUST AS Ansible & /etc/openvpn/scripts/announcer DO: From ae5daf58300e2cfdff24a3bfe22c12f4a6b2c4b4 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 15:52:54 -0500 Subject: [PATCH 0304/1184] vars/local_vars_unittest.yml: Update WiFi firmware options --- vars/local_vars_unittest.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 533c5657d..721f7e457 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi From c591ed16c32e34f6b2cc5521caf0894cede12625 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 19:17:27 -0500 Subject: [PATCH 0305/1184] Refine PR #3481: MongoDB for aarch64 Ubuntu 22+ or Debian 12+ --- roles/mongodb/tasks/install.yml | 69 +++++++++++++++++++++++++++++---- 1 file changed, 62 insertions(+), 7 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 82fab2e9a..3f9bd1854 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -16,9 +16,9 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) -# 2023-02-24: ALL 54 LINES BELOW (e.g. for 32-bit RasPiOS) MAY NEED TO BE -# REMOVED SOON, due to Sugarizer Server 1.5.0's new MongoDB 3.2+ REQUIREMENT: -# https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170 +- debug: + msg: '9-STANZA BLOCK BELOW, RUNS *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") -- WILL LIKELY BE REMOVED SOON IN 2023, as MongoDB 3.0.1 is insufficient for Sugarizer Server 1.5.0''s new MongoDB 3.2+ REQUIREMENT: https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170' + - block: - name: Create dir /tmp/mongodb-3.0.1x (aarch32) file: @@ -72,7 +72,10 @@ - /var/log/mongodb # end block - when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") + when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + +- debug: + msg: 9-STANZA BLOCK ABOVE, RAN *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") # 32-bit OS's [WERE] handled above: this should handle aarch32 including 32-bit # Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and @@ -80,6 +83,10 @@ # orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel # installers for a while now.) 64-bit OS's proceed below. + +- debug: + msg: 15-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + - block: - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 @@ -130,6 +137,7 @@ #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') #when: not (is_debian and ansible_architecture == "x86_64") + # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix @@ -141,11 +149,52 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - # 2023-01-19: Retrofitting libssl1.1 onto Ubuntu 22.04+ and Debian 12 is no - # longer nec (certainly on x86_64, and hopefully sufficiently across the - # board?) as MongoDB can finally use libssl3 instead, since 2022-11-15: + # 2023-02-25: RETROFITTING libssl1.1 STILL NEC on Ubuntu 22.04+ and Debian 12+ + # *IF* MongoDB < 6.0 (e.g. RPi, where MongoDB 6.0 is a complete non-starter!) + # + # Whereas libssl1.1 is thankfully NO LONGER NEC on x86_64, where MongoDB can + # finally use libssl3 instead, since 2022-11-15: # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + - debug: + msg: 5-STANZA BLOCK FOLLOWS, TO FORCE INSTALL libssl1.1 -- runs *IF* mandated mongodb_version ({{ mongodb_version }}) < 6.0 (i.e. for aarch64/arm64) on Ubuntu 22.04+ or Debian 12+ -- whereas Linux Mint should never need libssl1.1 + + - block: + + - name: Install OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + when: is_ubuntu + + - name: Install OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + when: is_debian + + - name: Force install libssl1.1 + package: + name: libssl1.1 + state: present + + - name: Remove OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + state: absent + when: is_debian + + - name: Remove OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + state: absent + when: is_ubuntu + + when: mongodb_version is version('6.0', '<') and (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_debian_12 and os_ver is version('debian-12', '>=')) + + - debug: + msg: 5-STANZA BLOCK ABOVE, RAN *IF* FORCED INSTALL OF libssl1.1 WAS NEEDED + # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 # apt_repository: # repo: deb http://security.ubuntu.com/ubuntu focal-security main @@ -189,6 +238,7 @@ # #filename: focal-security # 100% IGNORED during repo deletion # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 # apt_repository: @@ -212,6 +262,7 @@ # filename: mongodb-org # when: is_ubuntu and not is_linuxmint + - name: "Install packages: mongodb-org, mongodb-org-server" package: name: @@ -232,6 +283,7 @@ regexp: '^\s*port:' line: " port: {{ mongodb_port }}" # 27017 + # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 # ...as ARM v8-A < ARM v8.2-A ...also reveals: @@ -267,6 +319,9 @@ # end block when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" +- debug: + msg: 15-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + # 2. CONFIGURE MongoDB FOR IIAB From 314631bb3e7e1950adb6f418b211c324bea980bd Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 21:16:17 -0500 Subject: [PATCH 0306/1184] roles/firmware: Tighten up in-line explanations --- roles/firmware/tasks/download.yml | 10 +++++----- roles/firmware/tasks/install.yml | 2 +- roles/firmware/templates/iiab-check-firmware | 16 +++++++++++++++- roles/firmware/templates/iiab-firmware-warn.sh | 2 +- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 5ef80332d..5e4027623 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -2,22 +2,22 @@ # # 1. apt changelog firmware-brcm80211 # https://github.com/RPi-Distro/firmware-nonfree -> debian/config/brcm80211 (brcm, cypress) -# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages (1.1MB text file, look inside for summary of latest firmware-brcm80211) -# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/ -> firmware-brcm80211_* e.g.: +# https://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages (1.1MB text file, look inside for summary of latest firmware-brcm80211) +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/ -> firmware-brcm80211_* e.g.: # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 -# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20221012-1~bpo11+1+rpt1_all.deb from 2022-11-17 +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20221012-1~bpo11+1+rpt1_all.deb from 2022-11-17 # 2. apt changelog linux-firmware-raspi # https://packages.ubuntu.com/search?keywords=linux-firmware-raspi # 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml #- name: Back up 4 OS-provided WiFi firmware files (incl symlink contents) to /lib/firmware/cypress/*.orig -- name: Back up 4 OS-provided WiFi firmware files (or replicate symlinks) to /lib/firmware/cypress/*.orig -- NOTE that "doubly timestamped" copies (incl any symlinks' contents!) are ALSO made by iiab-check-firmware -- as firmware install completes +- name: Back up 4 OS-provided WiFi firmware files (replicate any symlinks) to /lib/firmware/cypress/*.orig -- /usr/bin/iiab-check-firmware will later do similar (e.g. as firmware install completes) -- moving 2-or-4 of these to <ORIGINAL FILENAME>.YYYY-MM-DD-HH:MM:SS ("doubly timestamping" to preserve BOTH last-modif & moving date) # copy: # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, but so far unnec) + command: cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 6ce042cee..4f323ca72 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -81,7 +81,7 @@ - { src: 'iiab-check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } - { src: 'iiab-firmware-warn.sh', dest: '/etc/profile.d/', mode: '0644' } -- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) -- creating our 2-or-4 key simlink chains e.g. /lib/firmware/cypress/X.{bin|blob} -> /lib/firmware/cypress/X.{bin|blob}.iiab -> CHOSEN-FIRMWARE-FILE-OR-LINK +- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) -- finalizing 2-or-4 symlink chains e.g. /lib/firmware/cypress/X.{bin|blob} -> /lib/firmware/cypress/X.{bin|blob}.iiab -> CHOSEN-FIRMWARE-FILE-OR-LINK systemd: name: iiab-check-firmware.service daemon_reload: yes diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index 9da0135af..a7a36a626 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -1,5 +1,19 @@ #!/bin/bash +# The 1st time /usr/bin/iiab-check-firmware runs (at the end of +# firmware/tasks/install.yml) 2-4 lynchpin top links are put in place, +# finalizing symlink chains like: +# +# /lib/firmware/cypress/X.{bin|blob} -> +# /lib/firmware/cypress/X.{bin|blob}.iiab -> +# CHOSEN-FIRMWARE-FILE-OR-LINK +# +# Also backing up top-of-chain originals (file or link!) by moving these to: +# +# /lib/firmware/cypress/<ORIGINAL FILENAME>.YYYY-MM-DD-HH:MM:SS +# +# NOTE these are "doubly timestamped" to preserve BOTH last-modif & moving date. + # 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 @@ -16,7 +30,7 @@ iiab_var_value() { link_fw() { if [[ $(readlink /lib/firmware/cypress/$1) != $1.iiab ]] ; then echo - mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) # i.e. "doubly timestamping" to preserve BOTH last-modif & moving date + mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) ln -s $1.iiab /lib/firmware/cypress/$1 echo -e "\e[1mSymlinked /lib/firmware/cypress/$1 -> $1.iiab\e[0m" touch /tmp/.fw_modified diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index dd2c34dba..f9507496b 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -1,7 +1,7 @@ #!/bin/bash if [ -f /tmp/.fw_modified ]; then - echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" + echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#3482: PLEASE REBOOT!\e[0m" echo echo -e "If you want this warning to stop, reboot to remove /tmp/.fw_modified\n" fi From 665f403565faf330f4c62be72ac347e84b26f9cf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Feb 2023 20:20:04 -0500 Subject: [PATCH 0307/1184] pbx/README.adoc: Louder PHP 7.4 requirement WARNING! --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index bef5c3924..19022571e 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11, or Raspberry Pi OS 11 "Bullseye"]. +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 1165dc715f3dc83165750b8ed60b6c15c819b831 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Feb 2023 20:39:58 -0500 Subject: [PATCH 0308/1184] pbx/README.adoc: Will FreePBX 17 arrive by ~2024 to solve the PHP 8 dilemma? --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 19022571e..babfde19c 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 7d9e1fc62a8eaf38150c4682e2f5feaa447a6dac Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 28 Feb 2023 09:46:17 -0500 Subject: [PATCH 0309/1184] Recommend ansible-core 2.14.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 48ed3ff61..8c085a038 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.2] -GOOD_VER=2.14.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.3] +GOOD_VER=2.14.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From ba8ea3c72c99056fcaef1de989b88f277e020eeb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 1 Mar 2023 14:07:31 -0500 Subject: [PATCH 0310/1184] README.md: Fix RPi images link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cf71d76e3..a16a4437d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.i Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). -- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. +- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. Our [HOW-TO videos](https://www.youtube.com/channel/UC0cBGCxr_WPBPa3IqPVEe3g) can be very helpful and the [Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) wiki page has more intricate details e.g. if you're trying to install Internet-in-a-Box (IIAB) onto a [another Linux](https://github.com/iiab/iiab/wiki/IIAB-Platforms) that has not yet been tried. From 2786eedcb7396be77e19a897d8712a19d7cd4709 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Mar 2023 21:29:03 -0500 Subject: [PATCH 0311/1184] MongoDB: Use jammy repo on amd64 (unless Debian 11) --- roles/mongodb/tasks/install.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 3f9bd1854..8286c6aa3 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -85,7 +85,7 @@ - debug: - msg: 15-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + msg: 16-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" - block: - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} @@ -116,7 +116,11 @@ #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main #filename: mongodb-org when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" - #when: is_debian and ansible_architecture == "x86_64" + + - name: Install mongodb-org's Ubuntu jammy source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if other x86_64 OS + apt_repository: + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_version }} multiverse + when: not (is_debian and os_ver is version('debian-12', '<')) and ansible_architecture == "x86_64" # 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on # MongoDB 6.0.3 (released 2022-11-15) instructions here: @@ -127,12 +131,13 @@ # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_version }} + - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=arm64 ] for MongoDB version {{ mongodb_version }} apt_repository: - repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + repo: deb [ arch=arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse #filename: mongodb-org - when: not (is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64") + when: not ansible_architecture == "x86_64" #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') #when: not (is_debian and ansible_architecture == "x86_64") @@ -320,7 +325,7 @@ when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" - debug: - msg: 15-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + msg: 16-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) # 2. CONFIGURE MongoDB FOR IIAB From 12d7397ff746b89088ff0bac04fa0756ac80fb2a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Mar 2023 00:27:22 -0500 Subject: [PATCH 0312/1184] iiab-diagnostics: Report /lib/firmware/cypress/* not brcm --- scripts/iiab-diagnostics | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f1990d25d..89ddd3311 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -110,10 +110,10 @@ function cat_cmd() { # $1 = command + params, $2 = explanation if [[ $path_cmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else - bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! - #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. + bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/cypress/*43455*' etc! + #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/cypress/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. #eval $1 >> $outfile # Should be identical to below, i.e. insufficient -- "eval" combine ARGs into a single string. - #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT globbing like 'ls -l /lib/firmware/brcm/*43455*' FAILS to output lines w/ filenames that contain spaces (ugly IFS issues!) + #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT globbing like 'ls -l /lib/firmware/cypress/*43455*' FAILS to output lines w/ filenames that contain spaces (ugly IFS issues!) fi echo >> $outfile } @@ -221,8 +221,8 @@ cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' -cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' -cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' cat_cmd 'env' 'Environment variables' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' From bdd08b9b6ddf8ae4d60ea23cdc5e95b05e48efe8 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 15 Mar 2023 17:05:46 -0400 Subject: [PATCH 0313/1184] Add Haitian Creole as Kolibri's 32nd languages --- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 2ea331221..f146713fc 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -289,7 +289,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a290fd426..bdf2b5bf0 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -289,7 +289,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index fed0751eb..1e662400a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -289,7 +289,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 721f7e457..61bc68071 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -289,7 +289,7 @@ kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: False From 4750badc4eb62273d2ffdf270b06fa73a5bab38c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 16 Mar 2023 21:28:42 -0400 Subject: [PATCH 0314/1184] Force 'pip install ansible-core' on Python 3.11+ --- scripts/ansible | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 8c085a038..47488d836 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -186,15 +186,15 @@ if uname -m | grep -q 64; then # https://github.com/iiab/iiab/pull/3022 pip3 config --global set global.no-cache-dir false echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 + pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 else # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" # $APT_PATH/apt -y --allow-downgrades install ansible-core pip3 config --global set global.no-cache-dir false echo -e "\n\n'pip3 install cryptography==37.0.4' will now run:\n" - pip3 install cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org + pip3 install --break-system-packages cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 + pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 fi # (Re)running collection installs appears safe, with --force-with-deps to force From 7ce3881f5c58800759ba009b13813de0b902b7ed Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 00:42:37 -0400 Subject: [PATCH 0315/1184] Fix PR #3491 to install ansible-core on all OS's as Python 3.11+ proliferates --- scripts/ansible | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 47488d836..b52cbe743 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -179,24 +179,22 @@ $APT_PATH/apt -y install python3-pip #$APT_PATH/apt -y --allow-downgrades install ansible-core -if uname -m | grep -q 64; then - # 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip - # cache system-wide before installing: - # https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 - # https://github.com/iiab/iiab/pull/3022 - pip3 config --global set global.no-cache-dir false - echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 -else -# echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" -# $APT_PATH/apt -y --allow-downgrades install ansible-core - pip3 config --global set global.no-cache-dir false - echo -e "\n\n'pip3 install cryptography==37.0.4' will now run:\n" - pip3 install --break-system-packages cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org - echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +# 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip +# cache system-wide before installing: +# https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 +# https://github.com/iiab/iiab/pull/3022 +pip3 config --global set global.no-cache-dir false + +if ! uname -m | grep -q 64; then + # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" + # $APT_PATH/apt -y --allow-downgrades install ansible-core + echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" + pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" fi +echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new: https://github.com/pypa/pip/pull/11780 + # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support # explicit upgrading of collections (--upgrade / -U flag) in version "2.11" From 62543814da6047d0c5097d2584aaa93b935347d9 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 00:53:57 -0400 Subject: [PATCH 0316/1184] scripts/ansible FYI: pip's --break-system-packages is new (Feb 2023) --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index b52cbe743..5caf055df 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -193,7 +193,7 @@ if ! uname -m | grep -q 64; then fi echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 -pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new: https://github.com/pypa/pip/pull/11780 +pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 38e99031d73bdabcd4f657999595e0a919315472 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 17 Mar 2023 06:10:08 -0500 Subject: [PATCH 0317/1184] virtual env for ansible --- scripts/ansible | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 5caf055df..e308dac6a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -160,10 +160,10 @@ fi ###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' ###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) -echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" +#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" #echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" -$APT_PATH/apt update -$APT_PATH/apt -y install python3-pip +#$APT_PATH/apt update +#$APT_PATH/apt -y install python3-pip # 2021-07-29: # 'python3-packaging' dropped for now @@ -185,15 +185,28 @@ $APT_PATH/apt -y install python3-pip # https://github.com/iiab/iiab/pull/3022 pip3 config --global set global.no-cache-dir false -if ! uname -m | grep -q 64; then +#if ! uname -m | grep -q 64; then # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" # $APT_PATH/apt -y --allow-downgrades install ansible-core - echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" - pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" -fi +# echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" +# pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" +#fi -echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 -pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 +#echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +#pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 + +echo -e "\napt update; apt install python3-venv" +$APT_PATH/apt update +$APT_PATH/apt -y install python3-venv + +echo -e "Create virtual envinronment for ansible" +python3 -m venv /usr/local/ansible +/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core +echo -e "Place ansible on path using symlinks" +cd /usr/local/ansible/bin +for bin in $(ls ansible*); do + ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin +done # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 007df549ab8144c6fbd2b7ba2ec75800b8b23b86 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 17 Mar 2023 17:41:04 -0500 Subject: [PATCH 0318/1184] Update scripts/ansible Co-authored-by: A Holt <holta@users.noreply.github.com> --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index e308dac6a..0b88f97f1 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -199,7 +199,7 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -echo -e "Create virtual envinronment for ansible" +echo -e "Create virtual environment for ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "Place ansible on path using symlinks" From d90227e066ff6c0d34c7fc96f9989ddefca6e8b3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 22:53:22 -0400 Subject: [PATCH 0319/1184] venv WIP: scripts/ansible & kalite/tasks/install.yml --- roles/kalite/tasks/install.yml | 2 +- scripts/ansible | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 6f359395d..5fb192475 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -15,7 +15,7 @@ name: - python2 - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - - virtualenv # For Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} + - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. diff --git a/scripts/ansible b/scripts/ansible index 0b88f97f1..d3dda04af 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -160,7 +160,7 @@ fi ###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' ###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) -#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" +#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" #echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" #$APT_PATH/apt update #$APT_PATH/apt -y install python3-pip @@ -183,7 +183,7 @@ fi # cache system-wide before installing: # https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 # https://github.com/iiab/iiab/pull/3022 -pip3 config --global set global.no-cache-dir false +#pip3 config --global set global.no-cache-dir false #if ! uname -m | grep -q 64; then # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" @@ -199,10 +199,10 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -echo -e "Create virtual environment for ansible" +echo -e "Create virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core -echo -e "Place ansible on path using symlinks" +echo -e "Create symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in $(ls ansible*); do ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin From e589bbce0f62d013553cae158cf73442a417de85 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 22:59:02 -0400 Subject: [PATCH 0320/1184] venv WIP: calibre-web/tasks/install.yml packages? --- roles/calibre-web/tasks/install.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 65a88168c..0b5e70c6d 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,6 +3,8 @@ name: - imagemagick - python3-venv + - python3-dev + - build-essential state: present - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails From cfb446479dd7183375c79efbddedef30c9ce7f46 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 23:36:31 -0400 Subject: [PATCH 0321/1184] venv cleanups: lokole, calibre-web, pip stub for Admin Console --- roles/9-local-addons/tasks/main.yml | 5 +++++ roles/calibre-web/tasks/install.yml | 4 ++-- roles/lokole/tasks/install.yml | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index e8ab5d14b..0a2f800d5 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,6 +42,11 @@ name: pbx when: pbx_install +- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' -- SEE PR #3494 -- REMOVE THIS CODE LATER" + package: + name: python3-pip + state: present + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 0b5e70c6d..1bbb6623b 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,9 +1,9 @@ -- name: "Install packages: imagemagick, python3-venv" +- name: "Install packages: imagemagick, python3-venv, build-essential" package: name: - imagemagick - python3-venv - - python3-dev + #- python3-dev - build-essential state: present diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index a1ea1d357..82d8593ca 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,11 +2,11 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Install 14 packages for Lokole +- name: Install 13 packages for Lokole apt: name: #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact - - python3-pip + #- python3-pip - python3-venv - python3-dev - python3-bcrypt # 2019-10-14: Should work across modern Linux OS's From aad12eb928adf81f0f22d51551ad3e083a586d8a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 00:27:22 -0400 Subject: [PATCH 0322/1184] scripts/ansible: Cleaner on-screen output --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index d3dda04af..73fb028e1 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -199,10 +199,10 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -echo -e "Create virtual environment for Ansible" +echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core -echo -e "Create symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" +echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in $(ls ansible*); do ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin From 7db4dc546eee203484e8311ad5c9aa12dfd78025 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 12:25:02 -0400 Subject: [PATCH 0323/1184] Revert #3422 block of JupyterHub & Caliber-Web on 32-bit HW [should've blocked 32-bit OS's] --- roles/6-generic-apps/tasks/main.yml | 2 +- roles/9-local-addons/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 648991a4f..f43e878f3 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -29,7 +29,7 @@ - name: JUPYTERHUB include_role: name: jupyterhub - when: jupyterhub_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) + when: jupyterhub_install # UNMAINTAINED - name: LOKOLE diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 0a2f800d5..bf983a322 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -27,7 +27,7 @@ - name: CALIBRE-WEB include_role: name: calibre-web - when: calibreweb_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) + when: calibreweb_install # KEEP NEAR THE VERY END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE From 9c28f88cb234a701ea11589582f9070710254b7a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 12:42:25 -0400 Subject: [PATCH 0324/1184] 9-local-addons: Install python3-pip 'when: admin_console_install' --- roles/9-local-addons/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index bf983a322..548fac45f 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -46,6 +46,7 @@ package: name: python3-pip state: present + when: admin_console_install - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: From 95d83000335e579f74de691d3e3b121f23308fb7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 19:57:17 -0400 Subject: [PATCH 0325/1184] 9-local-addons: Stub install python3-jinja2 for Admin Console --- roles/9-local-addons/tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 548fac45f..1b41b0dc7 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,9 +42,11 @@ name: pbx when: pbx_install -- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' -- SEE PR #3494 -- REMOVE THIS CODE LATER" +- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' SEE PR #3494 -- INSTALL python3-jinja2 FOR ADMIN CONSOLE 'js-menu : Post process the downloaded menu defs' SEE PR #3496 -- REMOVE THIS CODE LATER" package: - name: python3-pip + name: + - python3-pip + - python3-jinja2 state: present when: admin_console_install From ec855c2ff945f09aa51cc5ba955f2911f804cc5a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 20:14:03 -0400 Subject: [PATCH 0326/1184] Document "/usr/local/ansible/bin/pip3 show ansible-core" --- scripts/ansible | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ansible b/scripts/ansible index 73fb028e1..b077bdde7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -229,6 +229,7 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" +echo -e " /usr/local/ansible/bin/pip3 show ansible-core" echo -e " pip3 show ansible-core" echo -e ' apt -a list "ansible*"' echo -e " ansible-galaxy collection list\n" From cf07e3812137ad5ea1b365ed4ee13fbcf33fc60a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 21:33:04 -0400 Subject: [PATCH 0327/1184] calibre-web/tasks/install.yml: apt pkg 'build-essential' context --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1bbb6623b..0bae3428c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -4,7 +4,7 @@ - imagemagick - python3-venv #- python3-dev - - build-essential + - build-essential # 2023-03-18: Needed (e.g. on Ubuntu 22.04) now that scripts/ansible no longer installs python3-pip state: present - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails From c195613cfeaff7f41e4f4db1027f9a8ca031f9b0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Mar 2023 09:34:27 -0400 Subject: [PATCH 0328/1184] Update pbx/README.adoc --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index babfde19c..f184df6f3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/wiki/IIAB-8.1-Release-Notes#known-issues[WARNING]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 06ea1ef2bd749bc64e3d8a46e49592571a0027e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Mar 2023 18:17:29 -0400 Subject: [PATCH 0329/1184] Tighten up 9-local-addons thx to iiab/iiab-admin-console#526 --- roles/9-local-addons/tasks/main.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 1b41b0dc7..f9ea8e20f 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,14 +42,6 @@ name: pbx when: pbx_install -- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' SEE PR #3494 -- INSTALL python3-jinja2 FOR ADMIN CONSOLE 'js-menu : Post process the downloaded menu defs' SEE PR #3496 -- REMOVE THIS CODE LATER" - package: - name: - - python3-pip - - python3-jinja2 - state: present - when: admin_console_install - - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" From abdb67d32a2628ffd7f25ff063b8f3d738fe9ee4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 19 Mar 2023 22:18:48 -0500 Subject: [PATCH 0330/1184] calibre-web - compiler and header files only when needed --- roles/calibre-web/tasks/install.yml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 0bae3428c..03356fa51 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,10 +3,17 @@ name: - imagemagick - python3-venv - #- python3-dev - - build-essential # 2023-03-18: Needed (e.g. on Ubuntu 22.04) now that scripts/ansible no longer installs python3-pip state: present +# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 +- name: "Install packages: python3-dev, gcc to compile 'netifaces'" + package: + name: + - python3-dev # header files + - gcc # compiler + state: present + when: python_version is version('3.10', '>=') + - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -44,7 +51,7 @@ # ignore_errors: True ## # Implementing this with Ansible command module for now. -- name: Download Calibre-Web dependencies (using pip) into python3 virtual environment {{ calibreweb_venv_path }} +- name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} pip: requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 @@ -95,6 +102,14 @@ backup: yes when: not appdb.stat.exists +# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 +#- name: "Uninstall packages: python3-dev, gcc used to compile 'netifaces'" +# package: +# name: +# - python3-dev # header files +# - gcc # compiler +# state: absent +# when: python_version is version('3.10', '>=') # RECORD Calibre-Web AS INSTALLED From 5bd483c28bc39cab1cfcb289f8fa1cbf4b5aac89 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Mar 2023 08:17:38 -0400 Subject: [PATCH 0331/1184] gitea/defaults/main.yml: 'gitea_version: 1.19' --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 938b87252..fff7e0b28 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.18 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. +gitea_version: 1.19 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. iset_suffixes: i386: 386 x86_64: amd64 From 7ae63f6a58064979af79304e5c54241b96412ca8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Mar 2023 10:23:46 -0400 Subject: [PATCH 0332/1184] calibre-web/tasks/install.yml: PR #3498 doc/readability --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 03356fa51..476a426be 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "Install packages: imagemagick, python3-venv, build-essential" +- name: "Install packages: imagemagick, python3-venv" package: name: - imagemagick @@ -111,6 +111,7 @@ # state: absent # when: python_version is version('3.10', '>=') + # RECORD Calibre-Web AS INSTALLED - name: "Set 'calibreweb_installed: True'" From 1b48a2666a38df779707832fda965ee15a13233b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 21 Mar 2023 10:57:19 -0400 Subject: [PATCH 0333/1184] nextcloud/tasks/install.yml: Clarify Nextcloud 26 prereqs (PHP 8.2 now works!) --- roles/nextcloud/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 8fc25cd08..0ce3cd5a3 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -41,7 +41,9 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. -# 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: +# 2023-03-21: Check the latest required AND recommended prereqs below. +# e.g. Nextcloud 26 now allows installation on PHP 8.2: +# https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/25/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation From a61e1b05905007c49626ad6258910da7bc9fc43c Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 20 Mar 2023 13:08:59 -0500 Subject: [PATCH 0334/1184] use --system-site-packages and install package to omit building 'netifaces' wheel --- roles/calibre-web/tasks/install.yml | 30 +++++++++++------------------ 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 476a426be..36c5da0c5 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,19 +1,19 @@ -- name: "Install packages: imagemagick, python3-venv" +- name: "Install packages: imagemagick, python3-venv, python3-netifaces" package: name: - imagemagick - python3-venv + - python3-netifaces state: present # https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 -- name: "Install packages: python3-dev, gcc to compile 'netifaces'" - package: - name: - - python3-dev # header files - - gcc # compiler - state: present - when: python_version is version('3.10', '>=') - +#- name: "Install packages: python3-dev, gcc to compile 'netifaces'" +# package: +# name: +# - python3-dev # header files +# - gcc # compiler +# state: present +# when: python_version is version('3.10', '>=') - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -56,7 +56,8 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv_site_packages: no - virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} + virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} --system-site-packages + # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 # source bin/activate @@ -102,15 +103,6 @@ backup: yes when: not appdb.stat.exists -# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 -#- name: "Uninstall packages: python3-dev, gcc used to compile 'netifaces'" -# package: -# name: -# - python3-dev # header files -# - gcc # compiler -# state: absent -# when: python_version is version('3.10', '>=') - # RECORD Calibre-Web AS INSTALLED From 7365b41680c7b1b7d8620019b3d5d1deb2c1e5bd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Mar 2023 08:40:29 -0400 Subject: [PATCH 0335/1184] scripts/ansible: Document new OS's PEP 668 guideline --- scripts/ansible | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index b077bdde7..2eb4cd11d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -199,6 +199,9 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv +# 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask +# that virtual environments (venv) be used to safely isolate pip installs: +# https://peps.python.org/pep-0668 echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core From 8fb14e2cf3c08aaf5e81498c66ee3bef09eae1f3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Mar 2023 16:54:30 -0400 Subject: [PATCH 0336/1184] 2-common/tasks/packages.yml: Fix {i2c-tools, python3-pip, python3-venv} docs for #3496 --- roles/2-common/tasks/packages.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 0b33dd637..b694a4194 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -12,7 +12,7 @@ #- exfat-utils # 41kB download: Ditto! See also 'ntfs-3g' below - gawk # 533kB download - htop # 109kB download: RasPiOS installs this regardless - - i2c-tools # 78kB download: RasPiOS installs this regardless -- Low-level bus/chip/register/EEPROM tools e.g. for RTC + - i2c-tools # 78kB download: Low-level bus/chip/register/EEPROM tools e.g. for RTC - logrotate # 67kB download: RasPiOS installs this regardless #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles @@ -22,8 +22,8 @@ #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics - #- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc - #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RasPiOS 10 did not. + #- python3-pip # 337kB download: 2023-03-22: Used to be installed by /opt/iiab/iiab/scripts/ansible -- which would auto-install 'python3-setuptools' and 'python3' etc + #- python3-venv # 1188kB download: 2023-03-22: Already installed by /opt/iiab/iiab/scripts/ansible -- used by roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 no longer auto-installs 'python3-venv' when you install 'python3' - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download From 96323fd1aa74767710389b1a863cadb1b84842b5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 23 Mar 2023 20:58:42 -0400 Subject: [PATCH 0337/1184] 2 vars kolibri/defaults -> default_vars; cleaner /etc/passwd homedir --- roles/kolibri/defaults/main.yml | 18 ++++++++++-------- roles/kolibri/tasks/install.yml | 1 + vars/default_vars.yml | 4 +++- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 43f412f79..53b2eaf60 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -3,11 +3,21 @@ # kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +# Kolibri folder to store its data and configuration files. +# kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri + +# kolibri_user: kolibri # Whereas a vanilla install of Kolibri auto-identifies +# and saves a 'desktop-like' user like {iiab-admin, pi} to /etc/kolibri/username +# (generally the user with lowest UID >= 1000) to allow access to USB devices: +# https://kolibri.readthedocs.io/en/latest/install.html#changing-the-owner-of-kolibri-system-service +# https://github.com/learningequality/kolibri-installer-debian/issues/115 + # kolibri_http_port: 8009 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! + # 2019-09-27: Pinning to a particular version is unfortunately NOT supported # with our new apt approach (.deb installer) at this time. # 2019-06-21: Uncomment this pinning line if you want a particular version of @@ -30,19 +40,11 @@ # Corresponding to: # https://launchpad.net/~learningequality/+archive/ubuntu/kolibri -# Kolibri folder to store its data and configuration files. -kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri - kolibri_url_without_slash: /kolibri kolibri_url: "{{ kolibri_url_without_slash }}/" # /kolibri/ kolibri_exec_path: /usr/bin/kolibri -kolibri_user: kolibri # Whereas a vanilla install of Kolibri auto-identifies -# and saves a 'desktop' user like {iiab-admin, pi} to /etc/kolibri/username, -# towards guaranteeing access to USB devices, per: -# https://kolibri.readthedocs.io/en/latest/install.html#changing-the-owner-of-kolibri-system-service - # To populate /library/kolibri with essential/minimum files and dirs. This # provisions Kolibri with facility name, admin acnt / password, preset type, # and language. You can set this to 'False' when reinstalling Kolibri: diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 676358473..d3f5958f7 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -14,6 +14,7 @@ shell: /bin/false system: yes create_home: no + home: "{{ kolibri_home }}" - name: Create directory {{ kolibri_home }} for Kolibri content, configuration, sqlite3 databases ({{ kolibri_user }}:{{ apache_user }}, by default 0755) file: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 274771ae1..f7b02b4b8 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -483,7 +483,9 @@ kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri +kolibri_user: kolibri # WARNING: https://github.com/learningequality/kolibri-installer-debian/issues/115 kolibri_http_port: 8009 # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From 2e5339fee922cc39547277e2020a4c2602a04107 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 23 Mar 2023 21:14:17 -0400 Subject: [PATCH 0338/1184] Fix doc link "Changing the owner of Kolibri system service" --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 53b2eaf60..d1529fb60 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -9,7 +9,7 @@ # kolibri_user: kolibri # Whereas a vanilla install of Kolibri auto-identifies # and saves a 'desktop-like' user like {iiab-admin, pi} to /etc/kolibri/username # (generally the user with lowest UID >= 1000) to allow access to USB devices: -# https://kolibri.readthedocs.io/en/latest/install.html#changing-the-owner-of-kolibri-system-service +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#changing-the-owner-of-kolibri-system-service # https://github.com/learningequality/kolibri-installer-debian/issues/115 # kolibri_http_port: 8009 From d8fdb75e7c95f605a09e6b7f8beb02eecb6a3084 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 24 Mar 2023 15:51:21 -0400 Subject: [PATCH 0339/1184] pbx/defaults/main.yml: Try asterisk-20-current.tar.gz --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 1ef7b8125..9d478d0d9 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -22,7 +22,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-19-current.tar.gz +asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From c44c20def3863d8dd2b38d7ec321738885bca64c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 24 Mar 2023 19:02:42 -0400 Subject: [PATCH 0340/1184] Doc updates for Asterisk 20 & remaining PHP 7.4 OS's --- roles/pbx/README.adoc | 2 +- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f184df6f3..ed2ef9819 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. *PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/wiki/IIAB-8.1-Release-Notes#known-issues[WARNING]).* diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f7b02b4b8..ec4c3f2d4 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -682,7 +682,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index f146713fc..474854821 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index bdf2b5bf0..73e01e154 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 1e662400a..42adebfea 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 61bc68071..ba081c3db 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From aa66c7e11f674abcf71215f6ede31822e022a92b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 24 Mar 2023 19:49:54 -0400 Subject: [PATCH 0341/1184] TEMPORARY PATCH: Installs older Nextcloud 25 on PHP 7.4 OS's --- roles/nextcloud/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0ce3cd5a3..ce23c1c4c 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -98,6 +98,11 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud +- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP <= 7.4 -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" + set_fact: + nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 + when: php_version is version('7.4', '<=') + - name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" From d2da3f97fad77100c675f1c386207169c0c9a3f0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 25 Mar 2023 07:28:29 -0400 Subject: [PATCH 0342/1184] pbx/README.adoc: Link to Asterisk Security Advisories --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index ed2ef9819..1edb85822 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -289,6 +289,8 @@ Please also check the "Known Issues" at the bottom of https://github.com/iiab/ii _If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ +. Please see Asterisk's Security Advisories: https://www.asterisk.org/downloads/security-advisories/ + . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + If not, the link:tasks/freepbx.yml#L175-L187[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` From 61a9427e7d9c9d579ef752a3279e5a68e3b5908c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Mar 2023 15:57:45 -0400 Subject: [PATCH 0343/1184] Clarify /library/kolibri owner recommendation --- roles/kolibri/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index d3f5958f7..a6b5e5b3d 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -158,6 +158,9 @@ become_user: "{{ kolibri_user }}" when: kolibri_provision +# 2023-03-25: Likely overkill (let's strongly consider removing this stanza?) +# Certainly, setting owner (recursively) is advised when moving /library/kolibri : +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#changing-the-owner-of-kolibri-system-service - name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? file: path: "{{ kolibri_home }}" # /library/kolibri From 031e85a62e7fb98fc2d329193896234b61c41a41 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 27 Mar 2023 14:18:50 -0400 Subject: [PATCH 0344/1184] Recommend ansible-core 2.14.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2eb4cd11d..7c5bbca8c 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.3] -GOOD_VER=2.14.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.4] +GOOD_VER=2.14.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 2a92ef46d0ee9ea28af61cdb658c73ee7bec2549 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 27 Mar 2023 17:38:12 -0400 Subject: [PATCH 0345/1184] kolibri/tasks/install.yml: Tighten up code & in-line docs --- roles/kolibri/tasks/install.yml | 196 ++++++++++++++++++-------------- 1 file changed, 113 insertions(+), 83 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index a6b5e5b3d..85b63478e 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -4,12 +4,31 @@ # https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/offline.yml # https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/online.yml +# Install Kolibri » Debian/Ubuntu +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html + +# Advanced management +# https://kolibri.readthedocs.io/en/latest/manage/advanced.html + +# Working with Kolibri from the command line +# https://kolibri.readthedocs.io/en/latest/manage/command_line.html + +# Customize Kolibri settings with the [ /library/kolibri/options.ini ] file +# https://kolibri.readthedocs.io/en/latest/manage/options_ini.html + +# Test Kolibri server performance +# https://kolibri.readthedocs.io/en/latest/manage/performance.html + +# Provisioning many servers +# https://kolibri.readthedocs.io/en/latest/install/provision.html + + - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" groups: - "{{ apache_user }}" - - disk + - disk # 2023-03-27: IS THIS REALLY NECESSARY? state: present shell: /bin/false system: yes @@ -39,83 +58,86 @@ dest: /etc/kolibri/daemon.conf -- name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html claims: +# "When you use the PPA installation method, upgrades to newer versions +# will be automatic, provided there is internet access available." +# +# IN REALITY: apt upgrading Kolibri is messy, as up-to-5 debconf screens prompt +# PPL WHO DON'T KNOW with the wrong default username, instead of 'kolibri' :/ +# https://github.com/learningequality/kolibri-installer-debian/pull/117 + +# 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 +- name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg + shell: | + gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + +- name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 + +- name: Add signed Kolibri PPA 'focal' (if other/older OS's) + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" + when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) + #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) + +# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) +# apt_repository: +# repo: ppa:learningequality/kolibri +# when: is_ubuntu and not is_linuxmint + +# 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on +# Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) +# BUT equivalent Ansible command (STANZA ABOVE) failed with error... +# "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file." +# ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!) + +# 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks +# about the warning below, arising no matter if codename is 'focal' or 'jammy' +# with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version': +# +# /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release +# warnings.warn( + +# 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also +# want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg + +# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) +# apt_repository: +# repo: ppa:learningequality/kolibri +# codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? +# when: is_linuxmint_21 + +# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) +# apt_repository: +# repo: ppa:learningequality/kolibri +# codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) +# when: is_debian or is_linuxmint_20 + +- name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) + apt: + name: kolibri + when: kolibri_deb_url is undefined + # environment: + # KOLIBRI_HOME: "{{ kolibri_home }}" # 2023-03-27: These don't do a thing + # KOLIBRI_USER: "{{ kolibri_user }}" # for now. + +- name: apt install {{ kolibri_deb_url }} (if kolibri_deb_url IS defined) apt: deb: "{{ kolibri_deb_url }}" # e.g. https://learningequality.org/r/kolibri-deb-latest - environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but - KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later when: kolibri_deb_url is defined + # environment: + # KOLIBRI_HOME: "{{ kolibri_home }}" # 2023-03-27: These don't do a thing + # KOLIBRI_USER: "{{ kolibri_user }}" # for now. -- block: # ELSE... - - # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html says: - # "When you use the PPA installation method, upgrades to newer versions - # will be automatic, provided there is internet access available." - # - # IN REALITY: apt upgrading Kolibri is risky, as 3 pink/blue screens prompt - # PPL WHO DON'T KNOW TO TYPE IN things like Linux username 'kolibri' :/ #3356 - - # 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 - - name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg - shell: | - gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 - gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 - - - name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 - - - name: Add signed Kolibri PPA 'focal' (if other/older OS's) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" - when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) - #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) - - # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) - # apt_repository: - # repo: ppa:learningequality/kolibri - # when: is_ubuntu and not is_linuxmint - - # 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on - # Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) - # BUT equivalent Ansible command (STANZA ABOVE) failed with error... - # "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file." - # ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!) - - # 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks - # about the warning below, arising no matter if codename is 'focal' or 'jammy' - # with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version': - # - # /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release - # warnings.warn( - - # 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also - # want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg - - # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) - # apt_repository: - # repo: ppa:learningequality/kolibri - # codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? - # when: is_linuxmint_21 - - # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) - # apt_repository: - # repo: ppa:learningequality/kolibri - # codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) - # when: is_debian or is_linuxmint_20 - - - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri - apt: - name: kolibri - environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but - KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later - - when: kolibri_deb_url is undefined +- name: Run 'rm -rf /root/.kolibri' to remove "unavoidable" pollution created above + file: + state: absent + path: /root/.kolibri - name: 'Install from template: /etc/systemd/system/kolibri.service' template: @@ -124,8 +146,8 @@ - name: Stop 'kolibri' systemd service, for Kolibri provisioning (after daemon_reload) systemd: - name: kolibri daemon_reload: yes + name: kolibri state: stopped @@ -146,9 +168,13 @@ # become_user: "{{ kolibri_user }}" # when: kolibri_provision +# Run "kolibri manage help provisiondevice" to see CLI options, e.g.: +# --facility_settings FACILITY_SETTINGS +# JSON file containing facility settings +# --device_settings DEVICE_SETTINGS +# JSON file containing device settings - name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language' shell: > - export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" @@ -157,18 +183,22 @@ become: yes become_user: "{{ kolibri_user }}" when: kolibri_provision + environment: + KOLIBRI_HOME: "{{ kolibri_home }}" # 2023-03-27: Required! + #KOLIBRI_USER: "{{ kolibri_user }}" # 2023-03-27: Not nec due to /etc/kolibri/username ? + # 2023-03-25: Likely overkill (let's strongly consider removing this stanza?) # Certainly, setting owner (recursively) is advised when moving /library/kolibri : # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#changing-the-owner-of-kolibri-system-service -- name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? - file: - path: "{{ kolibri_home }}" # /library/kolibri - owner: "{{ kolibri_user }}" # kolibri - group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) - recurse: yes - when: kolibri_provision - +# 2023-03-27: Commented out on a provisional basis (Spring Cleaning) +# - name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? +# file: +# path: "{{ kolibri_home }}" # /library/kolibri +# owner: "{{ kolibri_user }}" # kolibri +# group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) +# recurse: yes +# when: kolibri_provision # 2019-10-07: Moved to roles/httpd/tasks/main.yml # 2019-09-29: roles/kiwix/tasks/kiwix_install.yml installs 4 Apache modules From 190ac34bd99014dad4762534fd4c7a4bc81ff542 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 28 Mar 2023 01:23:29 -0400 Subject: [PATCH 0346/1184] Mention group disk "Mostly equivalent to root access" --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 85b63478e..e27a66510 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -28,7 +28,7 @@ name: "{{ kolibri_user }}" groups: - "{{ apache_user }}" - - disk # 2023-03-27: IS THIS REALLY NECESSARY? + - disk # 2023-03-27: IS THIS REALLY NECESSARY? Unclear. "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups state: present shell: /bin/false system: yes From f878107fec98f6e5f009ed7282b288e64befa1f0 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:56:14 -0400 Subject: [PATCH 0347/1184] Toughen doc URLs with %3F (instead of .3F) --- roles/4-server-options/README.rst | 4 ++-- roles/cups/README.md | 2 +- roles/kolibri/README.rst | 2 +- roles/matomo/README.adoc | 2 +- roles/nextcloud/README.md | 2 +- roles/nodered/README.rst | 2 +- roles/osm-vector-maps/README.md | 4 ++-- roles/pbx/README.adoc | 8 ++++---- roles/pbx/README.rst.unused | 6 +++--- roles/phpmyadmin/README.md | 2 +- roles/remoteit/README.md | 4 ++-- roles/samba/README.rst | 2 +- roles/usb_lib/README.rst | 2 +- 13 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index 6355f85e7..11458d97e 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -2,7 +2,7 @@ 4-server-options README ======================= -Whereas 3-base-server installs critical packages needed by all, this 4th `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ +Whereas 3-base-server installs critical packages needed by all, this 4th `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ This includes more networking fundamentals, that may further be configured later on. @@ -11,7 +11,7 @@ Specifically, these might be installed: - Python libraries - SSH daemon - Bluetooth for Raspberry Pi -- Instant-sharing of `USB stick content <https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content.3F>`_ +- Instant-sharing of `USB stick content <https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content%3F>`_ - CUPS Printing - Samba for Windows filesystems - `www_options <https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml>`_ diff --git a/roles/cups/README.md b/roles/cups/README.md index 6cf926c88..cd727be5f 100644 --- a/roles/cups/README.md +++ b/roles/cups/README.md @@ -8,7 +8,7 @@ This can be useful if a printer is attached to your IIAB &mdash; so student/teac ## Using it -Make sure your IIAB was installed with these 2 lines in [/etc/iiab/local_vars.yml](http://faq.iiab.io/#What_is_local_vars.yml_and_how_do_I_customize_it.3F) : +Make sure your IIAB was installed with these 2 lines in [/etc/iiab/local_vars.yml](http://faq.iiab.io/#What_is_local_vars.yml_and_how_do_I_customize_it%3F) : ``` cups_install: True diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 803ad433e..ff3777519 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -24,7 +24,7 @@ Please look in `/opt/iiab/iiab/roles/kolibri/defaults/main.yml <defaults/main.ym Automatic Device Provisioning ----------------------------- -When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_) the installation will set up the following defaults:: +When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) the installation will set up the following defaults:: kolibri_facility: Kolibri-in-a-Box kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 7bef1f07e..88a558407 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -4,7 +4,7 @@ https://matomo.org/[Matomo] is a web analytics alternative to Google Analytics, == Install it -Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] +Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] One way to do that is by changing these 2 lines: diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 28aed5472..2e346a16f 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -14,7 +14,7 @@ The Nextcloud suite is divided into three main categories: ## Install It -(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F) prior to installing Internet-in-a-Box: +(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it%3F) prior to installing Internet-in-a-Box: nextcloud_install: True nextcloud_enabled: True diff --git a/roles/nodered/README.rst b/roles/nodered/README.rst index aa3dc3236..769905f7f 100644 --- a/roles/nodered/README.rst +++ b/roles/nodered/README.rst @@ -9,7 +9,7 @@ Node-RED is a flow-based development tool for visual programming developed origi Using It -------- -Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ contains:: +Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ contains:: nodered_install: True nodered_enabled: True diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index b87a11dd1..030c411b8 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -18,8 +18,8 @@ 3. Multiple Hi-Res Satellite Photo Regions can be downloaded/installed (one "square" region at a time, thankfully duplicate disk space is avoided when such "squares" overlap!) 4. Some variables have newer meanings: - 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) means install the map program and 7 basic levels of zoom (48MB for OSM + 25 MB for satellite photos). - 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) is once again standardized, solving #2484 install delays. + 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) means install the map program and 7 basic levels of zoom (48MB for OSM + 25 MB for satellite photos). + 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) is once again standardized, solving #2484 install delays. 3. `osm_vector_maps_installed` in `/etc/iiab/iiab_state.yml` means a functioning world map with 7 levels of zoom (z0-z6) has been installed — i.e. a preview of IIAB's mapping system that helps you select Maps Pack(s) and Hi-Res Satellite Photo Region(s) to download and install on your IIAB. (SEE 1. ABOVE) 5. **Drag-and-Drop Map Overlays** — try this by dragging and dropping any relevant GeoJSON file onto the IIAB Maps (http://box/maps) in your browser! For example try this GeoJSON file, to explore the shape of gerrymandered US Congressional districts: https://eric.clst.org/assets/wiki/uploads/Stuff/gz_2010_us_500_11_20m.json diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 1edb85822..360dc3499 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -34,7 +34,7 @@ https://en.wikipedia.org/wiki/FreePBX[FreePBX] is a web-based open source GUI (g Edit /etc/iiab/local_vars.yml to customize your Internet-in-a-Box? [Y/n] ---- + -Accept the challenge! Make sure your IIAB configuration file (https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]) contains: +Accept the challenge! Make sure your IIAB configuration file (https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml]) contains: + ---- pbx_install: True @@ -43,7 +43,7 @@ pbx_enabled: True + FreePBX can be used with either or both web servers, NGINX on port 80 (as is new) and/or Apache on port 83 (as is traditional). + -If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB: +If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] prior to installing IIAB: + ---- pbx_use_apache: False @@ -307,9 +307,9 @@ Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on //// == Raspberry Pi Known Issues -As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. +As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. -It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support.3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] +It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] //// diff --git a/roles/pbx/README.rst.unused b/roles/pbx/README.rst.unused index 19371b11e..867b7e876 100644 --- a/roles/pbx/README.rst.unused +++ b/roles/pbx/README.rst.unused @@ -33,7 +33,7 @@ FreePBX is a web-based open source GUI (graphical user interface) that controls Using It -------- -Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ contains:: +Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ contains:: pbx_install: True pbx_enabled: True @@ -159,9 +159,9 @@ Some useful asterisk commands and information Raspberry Pi Known Issues ------------------------- -|ss| As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a `BIG-sized <http://wiki.laptop.org/go/IIAB/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F>`_ install of IIAB 6.7 on RPi 3 or RPi 3 B+. +|ss| As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a `BIG-sized <http://wiki.laptop.org/go/IIAB/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F>`_ install of IIAB 6.7 on RPi 3 or RPi 3 B+. -It is possible that FreePBX restarts much more reliably when run on a MIN-sized install of IIAB? Please `contact us <http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support.3F>`_ if you can assist here in any way: `#1493 <https://github.com/iiab/iiab/issues/1493>`_ |se| +It is possible that FreePBX restarts much more reliably when run on a MIN-sized install of IIAB? Please `contact us <http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support%3F>`_ if you can assist here in any way: `#1493 <https://github.com/iiab/iiab/issues/1493>`_ |se| Raspberry Pi Zero W Warning --------------------------- diff --git a/roles/phpmyadmin/README.md b/roles/phpmyadmin/README.md index a742f8c9d..379812957 100644 --- a/roles/phpmyadmin/README.md +++ b/roles/phpmyadmin/README.md @@ -8,7 +8,7 @@ 2. phpMyAdmin, because it is a browser-based HTML PHP application, is limited in what it can do, and what it can access — until the "root" user creates users and access privileges, as mentioned above. (HTML servers always run with very low privileges) #### Installing phpMyAdmin -1. First, a user will need to set `phpmyadmin_install: True` and `phpmyadmin_enabled: True` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) +1. First, a user will need to set `phpmyadmin_install: True` and `phpmyadmin_enabled: True` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) 2. Then install IIAB. Or if IIAB is already installed, run: ``` cd /opt/iiab/iiab diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 5a7cf8bbb..8a58110fb 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -43,7 +43,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 2. If your IIAB software is already installed, run `sudo iiab-remoteit` then skip to Step 5. below. -3. If your IIAB software isn't yet installed, set `remoteit_install` and `remoteit_enabled` to `True` in its [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) +3. If your IIAB software isn't yet installed, set `remoteit_install` and `remoteit_enabled` to `True` in its [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) Install [IIAB software](https://download.iiab.io/) e.g. by running `sudo iiab` then follow any on-screen instructions &mdash; until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. --> @@ -98,7 +98,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 1. Copy your remote.it account _license key_ from their Desktop Application (https://remote.it/download/) or from their Web Portal (https://remote.it) &mdash; as shown in this [screenshot](https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account#3.-user-receives-the-device-and-registers-his-account). - Paste it into your IIAB's [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) as in this example: + Paste it into your IIAB's [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) as in this example: ``` remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 diff --git a/roles/samba/README.rst b/roles/samba/README.rst index ff9296f4c..197448760 100644 --- a/roles/samba/README.rst +++ b/roles/samba/README.rst @@ -3,7 +3,7 @@ Samba README Do you want your Internet-in-a-Box (IIAB) to act as a file server for your classroom or school? -If `Samba <https://www.samba.org/samba/docs/>`_ is installed and enabled as part of your IIAB's `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_, your IIAB server can advertise a shared "public" folder, available to Windows PC's and laptops on your network. +If `Samba <https://www.samba.org/samba/docs/>`_ is installed and enabled as part of your IIAB's `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_, your IIAB server can advertise a shared "public" folder, available to Windows PC's and laptops on your network. Default Permissions ------------------- diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 439fa9c86..c27dc0e53 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L76>`_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/releases>`_ documentation: From b7ca3dcc2b46a2fca8003e951a36bc81c584a788 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 28 Mar 2023 16:22:20 -0400 Subject: [PATCH 0348/1184] New Sugarizer 1.7.0 --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 264dbfba0..925e087b6 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -9,8 +9,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -sugarizer_dir_version: sugarizer-1.6.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0 -sugarizer_git_version: v1.6.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0 +sugarizer_dir_version: sugarizer-1.7.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0 +sugarizer_git_version: v1.7.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 From 0f9c6f29f31405822fb22d4be9924eea479d52dd Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 29 Mar 2023 16:19:27 -0400 Subject: [PATCH 0349/1184] Remove KOLIBRI_USER (kolibri) secondary group 'disk' --- roles/kolibri/tasks/install.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index e27a66510..df74817e4 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -26,9 +26,8 @@ - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" - groups: - - "{{ apache_user }}" - - disk # 2023-03-27: IS THIS REALLY NECESSARY? Unclear. "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups + groups: "{{ apache_user }}" # 2023-03-29: Not really necessary (Kolibri is demonstrated to work without group 'www-data'). But it likely doesn't hurt. + #- disk # 2023-03-29: Tested to be unnec with USB sticks (with 64-bit RasPiOS). FWIW group 'disk' is "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups state: present shell: /bin/false system: yes From 85a8dd5c8fe2b2c5ea5e9346b006ba3cd3bec3da Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Mar 2023 16:59:06 -0400 Subject: [PATCH 0350/1184] mediawiki/defaults/main.yml: Version 1.39.3 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 8043db2fc..16943b39a 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 2 +mediawiki_minor_version: 3 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From faa4145d657593a69bae1c45480b7b6e2f1f90e8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Mar 2023 17:53:29 -0500 Subject: [PATCH 0351/1184] mongodb - lockout RasPiOS-32bit --- roles/mongodb/tasks/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 748493c68..4403bed93 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -34,19 +34,19 @@ var: is_debian - debug: var: is_raspbian - -# # might be able to lift this once we know using bionic would work -# - name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64 -# fail: # FORCE IT RED THIS ONCE! -# msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) -# when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian -# ignore_errors: yes - -# ELSE... - +- debug: + var: dpkg_arch +- debug: + var: mongodb_version - block: + - name: EXIT 'mongodb' ROLE & CONTINUE, when 32bit RasPiOS is in use or 'unsupported' + fail: # FORCE IT RED THIS ONCE! + msg: ATTEMPTED MongoDB INSTALLATION WITH 32bit RasPiOS, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) + when: (mongodb_version == "unsupported") or (dpkg_arch == "armhf") + +# ELSE... - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: mongodb_installed is undefined From dcad86f6d17d86f88b92a80f5a7ffea3373546c4 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 09:39:53 -0400 Subject: [PATCH 0352/1184] Block install of MongoDB on 32-bit RasPiOS --- roles/mongodb/tasks/install.yml | 552 ++++++++++++++++---------------- roles/mongodb/tasks/main.yml | 15 +- test.yml | 10 + 3 files changed, 295 insertions(+), 282 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 8286c6aa3..eb5d8b345 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -16,66 +16,66 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) -- debug: - msg: '9-STANZA BLOCK BELOW, RUNS *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") -- WILL LIKELY BE REMOVED SOON IN 2023, as MongoDB 3.0.1 is insufficient for Sugarizer Server 1.5.0''s new MongoDB 3.2+ REQUIREMENT: https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170' +# - debug: +# msg: '9-STANZA BLOCK BELOW, RUNS *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") -- WILL LIKELY BE REMOVED SOON IN 2023, as MongoDB 3.0.1 is insufficient for Sugarizer Server 1.5.0''s new MongoDB 3.2+ REQUIREMENT: https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170' -- block: - - name: Create dir /tmp/mongodb-3.0.1x (aarch32) - file: - path: /tmp/mongodb-3.0.1x - state: directory +# - block: +# - name: Create dir /tmp/mongodb-3.0.1x (aarch32) +# file: +# path: /tmp/mongodb-3.0.1x +# state: directory - - name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) - unarchive: - remote_src: yes - src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages - dest: /tmp/mongodb-3.0.1x +# - name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) +# unarchive: +# remote_src: yes +# src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages +# dest: /tmp/mongodb-3.0.1x - - name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32) - shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin +# - name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32) +# shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin - - name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) - unarchive: - remote_src: yes - src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" - dest: /tmp/mongodb-3.0.1x +# - name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) +# unarchive: +# remote_src: yes +# src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" +# dest: /tmp/mongodb-3.0.1x - - name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (aarch32) - shell: mv /tmp/mongodb-3.0.1x/tools/* /usr/bin +# - name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (aarch32) +# shell: mv /tmp/mongodb-3.0.1x/tools/* /usr/bin - - name: Create Linux group mongodb (aarch32) - group: - name: mongodb - state: present +# - name: Create Linux group mongodb (aarch32) +# group: +# name: mongodb +# state: present - - name: Create Linux user mongodb (aarch32) - user: - name: mongodb - group: mongodb # primary group - groups: mongodb - home: /var/lib/mongodb - shell: /usr/sbin/nologin +# - name: Create Linux user mongodb (aarch32) +# user: +# name: mongodb +# group: mongodb # primary group +# groups: mongodb +# home: /var/lib/mongodb +# shell: /usr/sbin/nologin - - name: Install {{ mongodb_conf }} from template (aarch32) - template: - src: mongod.conf.j2 - dest: "{{ mongodb_conf }}" # /etc/mongod.conf +# - name: Install {{ mongodb_conf }} from template (aarch32) +# template: +# src: mongod.conf.j2 +# dest: "{{ mongodb_conf }}" # /etc/mongod.conf - - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)' - file: - state: directory - path: "{{ item }}" - owner: mongodb - group: mongodb - with_items: - - /var/lib/mongodb - - /var/log/mongodb +# - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)' +# file: +# state: directory +# path: "{{ item }}" +# owner: mongodb +# group: mongodb +# with_items: +# - /var/lib/mongodb +# - /var/log/mongodb - # end block - when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) +# # end block +# when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) -- debug: - msg: 9-STANZA BLOCK ABOVE, RAN *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") +# - debug: +# msg: 9-STANZA BLOCK ABOVE, RAN *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") # 32-bit OS's [WERE] handled above: this should handle aarch32 including 32-bit # Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and @@ -84,248 +84,248 @@ # installers for a while now.) 64-bit OS's proceed below. +# - debug: +# msg: 16-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + +# - block: +- name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg + #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | apt-key add - + #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_version }}.asc | apt-key add - + #args: + # warn: no + # Ansible 2.14 ERROR: + # "Unsupported parameters for (ansible.legacy.command) module: warn. + # Supported parameters include: removes, strip_empty_ends, _raw_params, + # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." + +# 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their +# MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, +# LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. +# -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? +- name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if x86_64 Debian < 12 + apt_repository: + # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ + # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye + # 11 and Bookworm 12 (testing branch) revert to buster for now: + # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as + # this was recently added to https://repo.mongodb.org/apt/debian/dists/ + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main + #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main + #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main + #filename: mongodb-org + when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" + +- name: Install mongodb-org's Ubuntu jammy source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if other x86_64 OS + apt_repository: + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_version }} multiverse + when: not (is_debian and os_ver is version('debian-12', '<')) and ansible_architecture == "x86_64" + +# 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on +# MongoDB 6.0.3 (released 2022-11-15) instructions here: +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 +# WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 +# IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR +# MongoDB 5.0, tested 2022-06-07 ~116 lines below). Though MongoDB 6.0.3+ on +# 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: +# https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ +# So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) +- name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=arm64 ] for MongoDB version {{ mongodb_version }} + apt_repository: + repo: deb [ arch=arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #filename: mongodb-org + when: not ansible_architecture == "x86_64" + #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') + #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') + #when: not (is_debian and ansible_architecture == "x86_64") + + +# 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; +# as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS +# BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix +# may be backported to 6.0, according to 2022-09-29 "official" gossip here...) +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 +# https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 +# echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list +# sudo apt-get update +# sudo apt-get install libssl1.1 +# rm /etc/apt/sources.list.d/focal-security.list + +# 2023-02-25: RETROFITTING libssl1.1 STILL NEC on Ubuntu 22.04+ and Debian 12+ +# *IF* MongoDB < 6.0 (e.g. RPi, where MongoDB 6.0 is a complete non-starter!) +# +# Whereas libssl1.1 is thankfully NO LONGER NEC on x86_64, where MongoDB can +# finally use libssl3 instead, since 2022-11-15: +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + - debug: - msg: 16-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + msg: 5-STANZA BLOCK FOLLOWS, TO FORCE INSTALL libssl1.1 -- runs *IF* mandated mongodb_version ({{ mongodb_version }}) < 6.0 (i.e. for aarch64/arm64) on Ubuntu 22.04+ or Debian 12+ -- whereas Linux Mint should never need libssl1.1 - block: - - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg - #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | apt-key add - - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_version }}.asc | apt-key add - - #args: - # warn: no - # Ansible 2.14 ERROR: - # "Unsupported parameters for (ansible.legacy.command) module: warn. - # Supported parameters include: removes, strip_empty_ends, _raw_params, - # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." - # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their - # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. - # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if x86_64 Debian < 12 + - name: Install OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu apt_repository: - # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ - # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye - # 11 and Bookworm 12 (testing branch) revert to buster for now: - # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as - # this was recently added to https://repo.mongodb.org/apt/debian/dists/ - repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main - #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main - #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main - #filename: mongodb-org - when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + when: is_ubuntu - - name: Install mongodb-org's Ubuntu jammy source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if other x86_64 OS + - name: Install OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian apt_repository: - repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_version }} multiverse - when: not (is_debian and os_ver is version('debian-12', '<')) and ansible_architecture == "x86_64" + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + when: is_debian - # 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on - # MongoDB 6.0.3 (released 2022-11-15) instructions here: - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 - # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR - # MongoDB 5.0, tested 2022-06-07 ~116 lines below). Though MongoDB 6.0.3+ on - # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: - # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ - # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=arm64 ] for MongoDB version {{ mongodb_version }} - apt_repository: - repo: deb [ arch=arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse - #repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse - #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse - #filename: mongodb-org - when: not ansible_architecture == "x86_64" - #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') - #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') - #when: not (is_debian and ansible_architecture == "x86_64") - - - # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; - # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS - # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix - # may be backported to 6.0, according to 2022-09-29 "official" gossip here...) - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 - # https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 - # echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list - # sudo apt-get update - # sudo apt-get install libssl1.1 - # rm /etc/apt/sources.list.d/focal-security.list - - # 2023-02-25: RETROFITTING libssl1.1 STILL NEC on Ubuntu 22.04+ and Debian 12+ - # *IF* MongoDB < 6.0 (e.g. RPi, where MongoDB 6.0 is a complete non-starter!) - # - # Whereas libssl1.1 is thankfully NO LONGER NEC on x86_64, where MongoDB can - # finally use libssl3 instead, since 2022-11-15: - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - - - debug: - msg: 5-STANZA BLOCK FOLLOWS, TO FORCE INSTALL libssl1.1 -- runs *IF* mandated mongodb_version ({{ mongodb_version }}) < 6.0 (i.e. for aarch64/arm64) on Ubuntu 22.04+ or Debian 12+ -- whereas Linux Mint should never need libssl1.1 - - - block: - - - name: Install OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - when: is_ubuntu - - - name: Install OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - when: is_debian - - - name: Force install libssl1.1 - package: - name: libssl1.1 - state: present - - - name: Remove OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - state: absent - when: is_debian - - - name: Remove OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - state: absent - when: is_ubuntu - - when: mongodb_version is version('6.0', '<') and (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_debian_12 and os_ver is version('debian-12', '>=')) - - - debug: - msg: 5-STANZA BLOCK ABOVE, RAN *IF* FORCED INSTALL OF libssl1.1 WAS NEEDED - - # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - # apt_repository: - # repo: deb http://security.ubuntu.com/ubuntu focal-security main - # #filename: focal-security # If filename focal-security.list is preferred - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 - - # - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - # apt_repository: - # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - - # - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - # apt_repository: - # repo: deb http://security.debian.org/debian-security bullseye-security main - # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - # when: is_debian_12 - - # - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) - # package: - # name: libssl1.1 - # state: present - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - - # - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - # apt_repository: - # repo: deb http://security.debian.org/debian-security bullseye-security main - # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - # state: absent - # when: is_debian_12 - - # - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - # apt_repository: - # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - # state: absent - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - - # - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - # apt_repository: - # repo: deb http://security.ubuntu.com/ubuntu focal-security main - # state: absent - # #filename: focal-security # 100% IGNORED during repo deletion - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 - - - # # Debian 10 aarch64 might work below but is blocked in main.yml - # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 - # apt_repository: - # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # filename: mongodb-org - # when: is_raspbian and ansible_architecture == "aarch64" - - # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only - # apt_repository: - # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # filename: mongodb-org - # when: is_linuxmint - - # - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only - # apt_repository: - # # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only - # # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} - # # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: - # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse - # filename: mongodb-org - # when: is_ubuntu and not is_linuxmint - - - - name: "Install packages: mongodb-org, mongodb-org-server" + - name: Force install libssl1.1 package: - name: - - mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?) - - mongodb-org-server + name: libssl1.1 state: present - - name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand - lineinfile: - path: "{{ mongodb_conf }}" # /etc/mongod.conf - regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 - line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb + - name: Remove OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + state: absent + when: is_debian - # GRATUITOUS (port 27017 is already the default) - - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand - lineinfile: - path: "{{ mongodb_conf }}" - regexp: '^\s*port:' - line: " port: {{ mongodb_port }}" # 27017 + - name: Remove OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + state: absent + when: is_ubuntu - - # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... - # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 - # ...as ARM v8-A < ARM v8.2-A ...also reveals: - # - # (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. - # For AMD x86_64, MongoDB 5.x requires Bulldozer or later. - # Roughly speaking, this means post-2011 CPUs with AVX instructions: - # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 - # (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from - # /var/lib/mongodb to /library/dbdata/mongodb - # (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID - # file (it may be zero bytes, but never goes away) as confirmed with - # MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now - # 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock - # (4) mongodb.service needed a more graceful way to shut down than - # 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). - # (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12 - # lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: - # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz - # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future - command: apt-mark hold mongodb-org mongodb-org-server - when: rpi_model != "none" and mongodb_version is version('5.0', '>=') - - - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin - unarchive: - remote_src: yes - src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" - dest: /usr/bin - when: rpi_model != "none" and mongodb_version is version('5.0', '>=') - - # end block - when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + when: mongodb_version is version('6.0', '<') and (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_debian and os_ver is version('debian-12', '>=')) - debug: - msg: 16-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + msg: 5-STANZA BLOCK ABOVE, RAN *IF* FORCED INSTALL OF libssl1.1 WAS NEEDED + +# - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 +# apt_repository: +# repo: deb http://security.ubuntu.com/ubuntu focal-security main +# #filename: focal-security # If filename focal-security.list is preferred +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + +# - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 +# apt_repository: +# repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + +# - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 +# apt_repository: +# repo: deb http://security.debian.org/debian-security bullseye-security main +# #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent +# when: is_debian_12 + +# - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) +# package: +# name: libssl1.1 +# state: present +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + +# - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 +# apt_repository: +# repo: deb http://security.debian.org/debian-security bullseye-security main +# #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent +# state: absent +# when: is_debian_12 + +# - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 +# apt_repository: +# repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main +# state: absent +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + +# - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 +# apt_repository: +# repo: deb http://security.ubuntu.com/ubuntu focal-security main +# state: absent +# #filename: focal-security # 100% IGNORED during repo deletion +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + + +# # Debian 10 aarch64 might work below but is blocked in main.yml +# - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 +# apt_repository: +# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse +# filename: mongodb-org +# when: is_raspbian and ansible_architecture == "aarch64" + +# - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only +# apt_repository: +# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse +# filename: mongodb-org +# when: is_linuxmint + +# - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only +# apt_repository: +# # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only +# # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} +# # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: +# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse +# #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse +# filename: mongodb-org +# when: is_ubuntu and not is_linuxmint + + +- name: "Install packages: mongodb-org, mongodb-org-server" + package: + name: + - mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?) + - mongodb-org-server + state: present + +- name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + lineinfile: + path: "{{ mongodb_conf }}" # /etc/mongod.conf + regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 + line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb + +# GRATUITOUS (port 27017 is already the default) +- name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + lineinfile: + path: "{{ mongodb_conf }}" + regexp: '^\s*port:' + line: " port: {{ mongodb_port }}" # 27017 + + +# 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... +# https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 +# ...as ARM v8-A < ARM v8.2-A ...also reveals: +# +# (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. +# For AMD x86_64, MongoDB 5.x requires Bulldozer or later. +# Roughly speaking, this means post-2011 CPUs with AVX instructions: +# https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 +# (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from +# /var/lib/mongodb to /library/dbdata/mongodb +# (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID +# file (it may be zero bytes, but never goes away) as confirmed with +# MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now +# 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock +# (4) mongodb.service needed a more graceful way to shut down than +# 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). +# (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12 +# lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: +# https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz +# https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ + +- name: If hardware is Raspberry Pi and mongodb_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + command: apt-mark hold mongodb-org mongodb-org-server + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') + +- name: If hardware is Raspberry Pi and mongodb_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + unarchive: + remote_src: yes + src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" + dest: /usr/bin + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') + +# # end block +# when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + +# - debug: +# msg: 16-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) # 2. CONFIGURE MongoDB FOR IIAB diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 4403bed93..c755780d3 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -34,19 +34,22 @@ var: is_debian - debug: var: is_raspbian -- debug: - var: dpkg_arch - debug: var: mongodb_version +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) + command: dpkg --print-architecture + register: dpkg_arch +- debug: + msg: "'dpkg --print-architecture' output: {{ dpkg_arch.stdout }}" + - block: - - name: EXIT 'mongodb' ROLE & CONTINUE, when 32bit RasPiOS is in use or 'unsupported' + - name: EXIT 'mongodb' ROLE, if 'dpkg --print-architecture' shows "armhf" or mongodb_version == "unsupported" or ansible_machine not found fail: # FORCE IT RED THIS ONCE! - msg: ATTEMPTED MongoDB INSTALLATION WITH 32bit RasPiOS, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) - when: (mongodb_version == "unsupported") or (dpkg_arch == "armhf") + msg: MongoDB 3.2+ (as needed by Sugarizer Server 1.5.0) is NO LONGER SUPPORTED on 32-bit Raspberry Pi OS. + when: dpkg_arch.stdout == "armhf" or mongodb_version == "unsupported" or mongodb_version == "unknown" -# ELSE... - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: mongodb_installed is undefined diff --git a/test.yml b/test.yml index ab0aeac9c..bfda3f92a 100644 --- a/test.yml +++ b/test.yml @@ -91,5 +91,15 @@ - debug: var: ansible_machine + - command: dpkg --print-architecture + register: cmd + - debug: + msg: "'dpkg --print-architecture' output: {{ cmd.stdout }}" + + - command: dpkg --print-foreign-architectures + register: cmd + - debug: + msg: "'dpkg --print-foreign-architectures' output: {{ cmd.stdout }}" + # TEST ANSIBLE COMMANDS/MODULES HERE! From cc504e34161f954331f499082ec6f5950dfc7e27 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Mar 2023 17:52:17 -0500 Subject: [PATCH 0353/1184] record dpkg --print-architecture --- roles/0-init/tasks/create_iiab_ini.yml | 2 ++ roles/0-init/tasks/main.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 239ce570d..b4cc742ec 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -43,3 +43,5 @@ value: "{{ rpi_model }}" - option: devicetree_model value: "{{ devicetree_model }}" + - option: dpkg_arch + value: "{{ dpkg_arch }}" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 4c02c6ca5..d4283dcf7 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -15,6 +15,7 @@ os_ver: "{{ ansible_local.local_facts.os_ver }}" python_version: "{{ ansible_local.local_facts.python_version }}" php_version: "{{ ansible_local.local_facts.php_version }}" + dpkg_arch: "{{ ansible_local.local_facts.dpkg_arch }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. From 4eca25a1f7907fd10dc5196e07ea2d325ef9658b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 31 Mar 2023 15:55:27 -0500 Subject: [PATCH 0354/1184] drop local_facts --- roles/0-init/tasks/create_iiab_ini.yml | 6 +++++- roles/0-init/tasks/main.yml | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index b4cc742ec..5e5920545 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -4,6 +4,10 @@ path: "{{ iiab_ini_file }}" state: touch +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) + command: dpkg --print-architecture + register: dpkg_arch + - name: Add 'location' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" @@ -44,4 +48,4 @@ - option: devicetree_model value: "{{ devicetree_model }}" - option: dpkg_arch - value: "{{ dpkg_arch }}" + value: "{{ dpkg_arch.stdout }}" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index d4283dcf7..4c02c6ca5 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -15,7 +15,6 @@ os_ver: "{{ ansible_local.local_facts.os_ver }}" python_version: "{{ ansible_local.local_facts.python_version }}" php_version: "{{ ansible_local.local_facts.php_version }}" - dpkg_arch: "{{ ansible_local.local_facts.dpkg_arch }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. From 902e377c6810aef43bf0c5128a1a5e6292780efa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 22:57:36 -0400 Subject: [PATCH 0355/1184] create_iiab_ini.yml: dpkg_foreign_arch, clarifs, typos --- roles/0-init/tasks/create_iiab_ini.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 5e5920545..e9b07e9a3 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -4,14 +4,18 @@ path: "{{ iiab_ini_file }}" state: touch -- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) command: dpkg --print-architecture register: dpkg_arch +- name: Run command 'dpkg --print-foreign-architectures' (secondary OS arch, if available) + command: dpkg --print-foreign-architectures + register: dpkg_foreign_arch + - name: Add 'location' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: location + section: initial-location option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: @@ -23,7 +27,7 @@ - name: Add 'version' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: version + section: initial-version option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: @@ -31,6 +35,10 @@ value: "{{ ansible_distribution }}" - option: arch value: "{{ ansible_architecture }}" + - option: dpkg_arch + value: "{{ dpkg_arch.stdout }}" + - option: dpkg_foreign_arch + value: "{{ dpkg_foreign_arch.stdout }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" - option: iiab_remote_url @@ -47,5 +55,3 @@ value: "{{ rpi_model }}" - option: devicetree_model value: "{{ devicetree_model }}" - - option: dpkg_arch - value: "{{ dpkg_arch.stdout }}" From f46c7d15551f58509600530be2a9c08bf2ec5dd2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 22:59:42 -0400 Subject: [PATCH 0356/1184] mongodb/tasks/main.yml: Fix 'ansible_architecture' typo --- roles/mongodb/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index c755780d3..aab67fc0f 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -37,7 +37,7 @@ - debug: var: mongodb_version -- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) command: dpkg --print-architecture register: dpkg_arch - debug: From c69d6ef96c24fc3d1606c560339731cce49eedde Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 23:30:51 -0400 Subject: [PATCH 0357/1184] create_iiab_ini.yml: Try {{ os_ver }} alongside redundant/failsafe {{ ansible_facts['distribution'] }} --- roles/0-init/tasks/create_iiab_ini.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index e9b07e9a3..f6cf612f7 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -31,8 +31,10 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: + - option: os_ver + value: "{{ os_ver }}" - option: distribution - value: "{{ ansible_distribution }}" + value: "{{ ansible_facts['distribution'] }}" - option: arch value: "{{ ansible_architecture }}" - option: dpkg_arch From 4a32ba0375126e509d0200af850c6899183f827e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 23:39:21 -0400 Subject: [PATCH 0358/1184] create_iiab_ini.yml: Raise rpi_model & devicetree_model --- roles/0-init/tasks/create_iiab_ini.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index f6cf612f7..980a7fc1b 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -41,6 +41,10 @@ value: "{{ dpkg_arch.stdout }}" - option: dpkg_foreign_arch value: "{{ dpkg_foreign_arch.stdout }}" + - option: rpi_model + value: "{{ rpi_model }}" + - option: devicetree_model + value: "{{ devicetree_model }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" - option: iiab_remote_url @@ -53,7 +57,3 @@ value: "{{ ansible_local.local_facts.iiab_recent_tag }}" - option: install_date value: "{{ ansible_date_time.iso8601 }}" - - option: rpi_model - value: "{{ rpi_model }}" - - option: devicetree_model - value: "{{ devicetree_model }}" From e0251f0ce96f83ba084e89a3a2c0af78b6cb6b97 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 1 Apr 2023 16:28:17 -0400 Subject: [PATCH 0359/1184] Modernize Yarn install w/ signed apt/PPA key --- roles/yarn/tasks/install.yml | 49 ++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index 48628d688..e7f759a96 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,30 +1,41 @@ -- name: "Yarn | GPG" - apt_key: - url: https://dl.yarnpkg.com/debian/pubkey.gpg - state: present +- name: Yarn | Download apt key to /usr/share/keyrings/yarn.gpg + shell: curl https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn.gpg -- name: "Yarn | Ensure Debian sources list file exists" - file: - path: /etc/apt/sources.list.d/yarn.list - owner: root - mode: '0644' - state: touch +- name: Yarn | Add signed Yarn PPA to /etc/apt/sources.list.d/dl_yarnpkg_com_debian.list + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main" + #filename: yarn # If legacy filename yarn.list is preferred -- name: "Yarn | Ensure Debian package is in sources list" - lineinfile: - dest: /etc/apt/sources.list.d/yarn.list - regexp: 'deb https://dl.yarnpkg.com/debian/ stable main' - line: 'deb https://dl.yarnpkg.com/debian/ stable main' - state: present +# 2023-04-01 above avoids DEPRECATED apt-key command & associated problems: +# https://github.com/iiab/iiab/wiki/IIAB-Platforms#etcapttrustedgpg-legacy-keyring-warnings -- name: "Yarn | Update APT cache" +# - name: "Yarn | GPG" +# apt_key: +# url: https://dl.yarnpkg.com/debian/pubkey.gpg +# state: present + +# - name: "Yarn | Ensure Debian sources list file exists" +# file: +# path: /etc/apt/sources.list.d/yarn.list +# owner: root +# mode: '0644' +# state: touch + +# - name: "Yarn | Ensure Debian package is in sources list" +# lineinfile: +# dest: /etc/apt/sources.list.d/yarn.list +# regexp: 'deb https://dl.yarnpkg.com/debian/ stable main' +# line: 'deb https://dl.yarnpkg.com/debian/ stable main' +# state: present + +- name: Yarn | Update APT cache apt: update_cache: yes -- name: "Yarn | Install" +- name: Yarn | Install package: name: yarn - state: latest + #state: latest # No need to mention it, with apt # RECORD Yarn AS INSTALLED From 31a1664483bba99ff6250ef19c2afbf698248599 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 01:04:00 -0500 Subject: [PATCH 0360/1184] pbx - php7.4 only --- roles/pbx/defaults/main.yml | 2 ++ roles/pbx/tasks/main.yml | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 9d478d0d9..6be11c3c0 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -21,6 +21,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +# Allows testing on newer php versions when present in local_vars.yml +# pbx_php74_override asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 81a9dcebd..496e69ecc 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -21,6 +21,11 @@ - block: + - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" + fail: # FORCE IT RED THIS ONCE! + msg: FreePBX 16 requirs PHP 7.4 and is not available. + when: not (php_version == "7.4") and pbx_php74_override is undefined + - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: pbx_installed is undefined From 8833570a8ecf6a35b7382848c60c59bbf806cfaf Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 01:13:50 -0500 Subject: [PATCH 0361/1184] syntax --- roles/pbx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 496e69ecc..0e41ea2e6 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -24,7 +24,7 @@ - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" fail: # FORCE IT RED THIS ONCE! msg: FreePBX 16 requirs PHP 7.4 and is not available. - when: not (php_version == "7.4") and pbx_php74_override is undefined + when: php_version is version('8.0', '>') and pbx_php74_override is undefined - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml From 3d951f7249798872f6fd226774029277f7a8e394 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 01:27:00 -0500 Subject: [PATCH 0362/1184] patch for 64-bit arm installs --- roles/pbx/files/install_prereq.diff | 26 ++++++++++++++++++++++++++ roles/pbx/tasks/asterisk.yml | 6 ++++++ 2 files changed, 32 insertions(+) create mode 100644 roles/pbx/files/install_prereq.diff diff --git a/roles/pbx/files/install_prereq.diff b/roles/pbx/files/install_prereq.diff new file mode 100644 index 000000000..8a870826c --- /dev/null +++ b/roles/pbx/files/install_prereq.diff @@ -0,0 +1,26 @@ +--- install_prereq.orig 2023-04-01 01:41:56.859545082 -0500 ++++ install_prereq 2023-04-01 01:44:28.744269701 -0500 +@@ -25,7 +25,7 @@ + # Asterisk: for addons: + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libspeex-dev libspeexdsp-dev libogg-dev libvorbis-dev libasound2-dev portaudio19-dev libcurl4-openssl-dev xmlstarlet bison flex" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libpq-dev unixodbc-dev libneon27-dev libgmime-2.6-dev libgmime-3.0-dev liblua5.2-dev liburiparser-dev libxslt1-dev libssl-dev" +-PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmysqlclient-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" ++PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmariadb-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libsnmp-dev libiksemel-dev libcorosync-common-dev libcpg-dev libcfg-dev libnewt-dev libpopt-dev libical-dev libspandsp-dev" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libresample1-dev libc-client2007e-dev binutils-dev libsrtp0-dev libsrtp2-dev libgsm1-dev doxygen graphviz zlib1g-dev libldap2-dev" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libcodec2-dev libfftw3-dev libsndfile1-dev libunbound-dev" +@@ -193,8 +193,13 @@ + tocheck="${tocheck} ^${pack}$ ~P^${pack}$" + done + pkgs=$(aptitude -F '%c %p' search ${tocheck} 2>/dev/null | awk '/^p/{print $2}') ++ arch=$(uname -m) + if [ ${#pkgs} -ne 0 ]; then +- echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" ++ if [ "$arch" = "X86_64" ]; then ++ echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" ++ elif [ "$arch" = "aarch64" ]; then ++ echo $pkgs | sed -r -e "s/ ?[^ :]+:armhf//g" ++ fi + fi + } + diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 7c52248bf..f1fc7e9d5 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -55,6 +55,12 @@ # name: aptitude # state: latest +# https://github.com/iiab/iiab/issues/3489 +- name: Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 + ansible.posix.patch: + src: install_prereq.diff + dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" + - name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install args: From 6f63e73d75d0ada34b1c7a58b7f3ad183910e5f2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 02:28:46 -0500 Subject: [PATCH 0363/1184] drop part of patch for 'libmysqlclient-dev' hunk was failing not sure why but aptitude did the right thing anyway --- roles/pbx/files/install_prereq.diff | 9 --------- 1 file changed, 9 deletions(-) diff --git a/roles/pbx/files/install_prereq.diff b/roles/pbx/files/install_prereq.diff index 8a870826c..4c57bc10b 100644 --- a/roles/pbx/files/install_prereq.diff +++ b/roles/pbx/files/install_prereq.diff @@ -1,14 +1,5 @@ --- install_prereq.orig 2023-04-01 01:41:56.859545082 -0500 +++ install_prereq 2023-04-01 01:44:28.744269701 -0500 -@@ -25,7 +25,7 @@ - # Asterisk: for addons: - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libspeex-dev libspeexdsp-dev libogg-dev libvorbis-dev libasound2-dev portaudio19-dev libcurl4-openssl-dev xmlstarlet bison flex" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libpq-dev unixodbc-dev libneon27-dev libgmime-2.6-dev libgmime-3.0-dev liblua5.2-dev liburiparser-dev libxslt1-dev libssl-dev" --PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmysqlclient-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" -+PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmariadb-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libsnmp-dev libiksemel-dev libcorosync-common-dev libcpg-dev libcfg-dev libnewt-dev libpopt-dev libical-dev libspandsp-dev" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libresample1-dev libc-client2007e-dev binutils-dev libsrtp0-dev libsrtp2-dev libgsm1-dev doxygen graphviz zlib1g-dev libldap2-dev" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libcodec2-dev libfftw3-dev libsndfile1-dev libunbound-dev" @@ -193,8 +193,13 @@ tocheck="${tocheck} ^${pack}$ ~P^${pack}$" done From 11817a05a4a0de794dc4be7da3aafe1bd6d9b305 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 02:33:07 -0500 Subject: [PATCH 0364/1184] True --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 6be11c3c0..cbf40897d 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -22,7 +22,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # Allows testing on newer php versions when present in local_vars.yml -# pbx_php74_override +# pbx_php74_override: True asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab From e0a734477633ef9e35d01ea68394a033cfa59706 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 02:40:30 -0500 Subject: [PATCH 0365/1184] Update roles/pbx/tasks/main.yml Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/pbx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 0e41ea2e6..05b9e8c04 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -23,7 +23,7 @@ - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" fail: # FORCE IT RED THIS ONCE! - msg: FreePBX 16 requirs PHP 7.4 and is not available. + msg: FreePBX 16 requires PHP 7.4 and is not available. when: php_version is version('8.0', '>') and pbx_php74_override is undefined - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml From 32c81bbb70106b301b0f84e7b332ca439c1dec80 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 04:31:44 -0500 Subject: [PATCH 0366/1184] Stop asterisk before installing freepbx --- roles/pbx/tasks/freepbx.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index df541cd96..ee7b4eccf 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -11,11 +11,15 @@ # 2021-08-12: Let's try to track the "official" init.d / update-rc.d # instructions ('update-rc.d -f asterisk remove') but using systemd instead, # to be more future-proof? +# 2023-04-02 The above is not true, the service is running from the asterisk install causing +# './start_asterisk start' to do nothing as the service is alredy running resulting in the +# need to use 'ignore' for 'killall -9 safe_asterisk' or './start_asterisk stop' +# Lets get rid of the red warning. - name: "FreePBX - Disable 'asterisk' systemd service, giving FreePBX full control during boot - similar to officially recommended 'update-rc.d -f asterisk remove' at: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9" systemd: daemon_reload: yes name: asterisk - #state: stopped + state: stopped enabled: no From 848a947f9ca4f94121bea53f4cb027b1e2b0e915 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 04:38:57 -0500 Subject: [PATCH 0367/1184] Fix warning during install --- roles/pbx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 2abc11405..fca7a7edd 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -36,7 +36,7 @@ - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables ignore_errors: yes # iptables installed in 2-common, but iiab-gen-tables may not be set up until roles/network runs later - + when: iiab_stage|int == 9 From e3c6d28fc4938210a5ed38828e0139d007efb89c Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 06:09:09 -0500 Subject: [PATCH 0368/1184] add prefix --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index f1fc7e9d5..b2e659fb0 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -56,7 +56,7 @@ # state: latest # https://github.com/iiab/iiab/issues/3489 -- name: Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 +- name: Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" From 09df64c05f90a48637f546f953d628a2fac6d0fe Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 06:17:21 -0500 Subject: [PATCH 0369/1184] clearer logic and remove ignore_errors --- roles/pbx/tasks/enable-or-disable.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index fca7a7edd..aa4794e3a 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -9,7 +9,7 @@ file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: not (pbx_use_apache and pbx_enabled) + when: pbx_use_apache and not pbx_enabled - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -30,12 +30,11 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: not (pbx_use_apache and pbx_enabled) + when: pbx_use_apache and not pbx_enabled ignore_errors: yes # In case Apache not installed - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables - ignore_errors: yes # iptables installed in 2-common, but iiab-gen-tables may not be set up until roles/network runs later when: iiab_stage|int == 9 @@ -84,7 +83,7 @@ path: "{{ nginx_conf_dir }}/freepbx-nginx.conf" state: absent - when: not (pbx_use_nginx and pbx_enabled) + when: pbx_use_nginx and not pbx_enabled - name: "ENACT ABOVE 3-4 SETTINGS FOR NGINX - 'pbx_use_nginx: False' might arise later, so best ALWAYS run these 2..." From 4da7a3fb58ee0cc4604741f4b8631a7d7b0140d3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 06:30:06 -0500 Subject: [PATCH 0370/1184] cover network_enabled: False --- roles/pbx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index aa4794e3a..18f424e8f 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -35,7 +35,7 @@ - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables - when: iiab_stage|int == 9 + when: iiab_stage|int == 9 and network_enabled From 4736bc38733074722b1b3dba4955802661de3995 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 07:10:13 -0500 Subject: [PATCH 0371/1184] improve comment --- roles/pbx/tasks/enable-or-disable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 18f424e8f..4b362059e 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -36,7 +36,8 @@ - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables when: iiab_stage|int == 9 and network_enabled - +# iptables installed in 1-prep via roles/network/tasks/install.yml, but iiab-gen-tables may not be set up until +# roles/network runs later and can be omitted altogether - block: From 07b310f5d5e5fb6cde2bab5f361266558a5cf549 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 08:19:20 -0500 Subject: [PATCH 0372/1184] record apache installation --- roles/pbx/tasks/apache.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index 5462a5ca5..60b15c571 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -39,3 +39,13 @@ dest: /etc/{{ apache_service }}/sites-available/freepbx.conf # apache2 owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" + +- name: "Set 'pbx_apache_installed: True'" + set_fact: + pbx_apache_installed: True + +- name: "Add 'pbx_apache_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^pbx_apache_installed' + line: 'pbx_apache_installed: True' From 912fe4c610ffefd7daaf96337c7c42507d2c2558 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 08:24:45 -0500 Subject: [PATCH 0373/1184] use pbx_apache_installed in place of pbx_use_apache pbx_use_apache is an install time option once installed the service needs to be accounted for --- roles/pbx/tasks/enable-or-disable.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 4b362059e..d3073e655 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -3,13 +3,13 @@ - name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled # http://box:83/freepbx command: a2ensite freepbx.conf - when: pbx_use_apache and pbx_enabled + when: pbx_apache_installed is defined and pbx_enabled - name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled) file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: pbx_use_apache and not pbx_enabled + when: pbx_apache_installed and not pbx_enabled - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -21,8 +21,7 @@ name: "{{ apache_service }}" # apache2 state: restarted enabled: yes - when: pbx_use_apache and pbx_enabled - ignore_errors: yes # In case Apache not installed + when: pbx_apache_installed and pbx_enabled - name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) systemd: @@ -30,8 +29,7 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: pbx_use_apache and not pbx_enabled - ignore_errors: yes # In case Apache not installed + when: pbx_apache_installed and not pbx_enabled - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables From 1fee1c6dd67e808c2c7e22fa5765afb095c2dc47 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 08:31:09 -0500 Subject: [PATCH 0374/1184] use pbx_apache_installed in place of pbx_use_apache2 --- roles/pbx/tasks/enable-or-disable.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index d3073e655..2b08d36d4 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -9,7 +9,7 @@ file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: pbx_apache_installed and not pbx_enabled + when: pbx_apache_installed is defined and not pbx_enabled - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -21,7 +21,7 @@ name: "{{ apache_service }}" # apache2 state: restarted enabled: yes - when: pbx_apache_installed and pbx_enabled + when: pbx_apache_installed is defined and pbx_enabled - name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) systemd: @@ -29,7 +29,7 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: pbx_apache_installed and not pbx_enabled + when: pbx_apache_installed is defined and not pbx_enabled - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables From 094d66e3814f8d96a8b67ed7ba287569eb6f5f92 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 08:47:07 -0500 Subject: [PATCH 0375/1184] record pbx_use_nginx pbx_use_apache --- roles/pbx/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 05b9e8c04..92074d0e0 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -48,6 +48,10 @@ value: PBX - option: description value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' + - option: pbx_use_apache + value: "{{ pbx_use_apache }}" + - option: pbx_use_nginx + value: "{{ pbx_use_nginx }}" - option: pbx_install value: "{{ pbx_install }}" - option: pbx_enabled From f2b1d2293fd87a44113db44e1dc65f12058227cb Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 09:53:28 -0500 Subject: [PATCH 0376/1184] allow in the field twiddling of pbx_use_apache post-install --- roles/pbx/tasks/apache.yml | 6 +++--- roles/pbx/tasks/freepbx.yml | 5 ----- roles/pbx/tasks/main.yml | 3 +++ 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index 60b15c571..ce83871c9 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -42,10 +42,10 @@ - name: "Set 'pbx_apache_installed: True'" set_fact: - pbx_apache_installed: True + apache_installed: True - name: "Add 'pbx_apache_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - regexp: '^pbx_apache_installed' - line: 'pbx_apache_installed: True' + regexp: '^apache_installed' + line: 'apache_installed: True' diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index ee7b4eccf..6582edc81 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -70,11 +70,6 @@ include_tasks: roles/www_options/tasks/php-settings.yml when: php_settings_done is undefined -- name: FreePBX - Install and configure Apache - if pbx_use_apache - include_tasks: apache.yml - when: pbx_use_apache - - # - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} # get_url: # url: "{{ freepbx_url }}/{{ freepbx_src_file }}" diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 92074d0e0..a76f201cd 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -18,6 +18,9 @@ fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes +- name: FreePBX - Install and configure Apache - if pbx_use_apache + include_tasks: apache.yml + when: pbx_use_apache and apache_installed is undefined - block: From 4cf1d94e0292e049bc6df0e43976696f6855c8d0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 10:02:50 -0500 Subject: [PATCH 0377/1184] allow in the field twiddling of pbx_use_apache post-install2 --- roles/pbx/tasks/enable-or-disable.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 2b08d36d4..bc41ef919 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -3,13 +3,13 @@ - name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled # http://box:83/freepbx command: a2ensite freepbx.conf - when: pbx_apache_installed is defined and pbx_enabled + when: apache_installed is defined and pbx_use_apache and pbx_enabled - name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled) file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: pbx_apache_installed is defined and not pbx_enabled + when: apache_installed is defined and (not pbx_enabled or not pbx_use_apache) - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -21,7 +21,7 @@ name: "{{ apache_service }}" # apache2 state: restarted enabled: yes - when: pbx_apache_installed is defined and pbx_enabled + when: apache_installed is defined and pbx_use_apache and pbx_enabled - name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) systemd: @@ -29,7 +29,7 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: pbx_apache_installed is defined and not pbx_enabled + when: apache_installed is defined and (not pbx_use_apache or not pbx_enabled) - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables From 1eb093f064d04131b7cbd187954bb5747be44211 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 10:11:20 -0500 Subject: [PATCH 0378/1184] apache_installed --- roles/pbx/tasks/apache.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index ce83871c9..1e4e33c6b 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -40,11 +40,11 @@ owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" -- name: "Set 'pbx_apache_installed: True'" +- name: "Set 'apache_installed: True'" set_fact: apache_installed: True -- name: "Add 'pbx_apache_installed: True' to {{ iiab_state_file }}" +- name: "Add 'apache_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml regexp: '^apache_installed' From 5bbf96fff60d68a9237db8258ba5be213004a3be Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 10:30:40 -0500 Subject: [PATCH 0379/1184] Should be the last nit --- roles/pbx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index bc41ef919..2a253e5ef 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -82,7 +82,7 @@ path: "{{ nginx_conf_dir }}/freepbx-nginx.conf" state: absent - when: pbx_use_nginx and not pbx_enabled + when: not (pbx_use_nginx and pbx_enabled) - name: "ENACT ABOVE 3-4 SETTINGS FOR NGINX - 'pbx_use_nginx: False' might arise later, so best ALWAYS run these 2..." From cb1ae8d4f44d8cf69efb55f6242fdf16c8212187 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 11:05:04 -0500 Subject: [PATCH 0380/1184] Should be in the 'block' --- roles/pbx/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index a76f201cd..544ddc733 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -18,10 +18,6 @@ fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes -- name: FreePBX - Install and configure Apache - if pbx_use_apache - include_tasks: apache.yml - when: pbx_use_apache and apache_installed is undefined - - block: - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" @@ -33,6 +29,10 @@ include_tasks: install.yml when: pbx_installed is undefined + - name: FreePBX - Install and configure Apache - if pbx_use_apache + include_tasks: apache.yml + when: pbx_use_apache and apache_installed is undefined + - name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle include_tasks: chan_dongle.yml when: asterisk_chan_dongle From 3c360d21fadd42de4cf18b02924d13d1fa3e669f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 2 Apr 2023 23:25:37 -0400 Subject: [PATCH 0381/1184] EXPERIMENTAL: asterisk_patch for RPi + prelim path to PHP 8 --- roles/pbx/defaults/main.yml | 6 ++++-- roles/pbx/tasks/apache.yml | 1 + roles/pbx/tasks/asterisk.yml | 1 + roles/pbx/tasks/enable-or-disable.yml | 17 +++++++++-------- roles/pbx/tasks/freepbx.yml | 16 ++++++++++------ roles/pbx/tasks/main.yml | 14 ++++++-------- vars/local_vars_large.yml | 2 ++ vars/local_vars_medium.yml | 2 ++ vars/local_vars_small.yml | 2 ++ vars/local_vars_unittest.yml | 2 ++ 10 files changed, 39 insertions(+), 24 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index cbf40897d..e1eae4df0 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -21,8 +21,10 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# Allows testing on newer php versions when present in local_vars.yml -# pbx_php74_override: True + +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True + asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index 1e4e33c6b..dd05b7dc9 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -40,6 +40,7 @@ owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" + - name: "Set 'apache_installed: True'" set_fact: apache_installed: True diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index b2e659fb0..ff7fb3ec4 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -60,6 +60,7 @@ ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" + when: asterisk_patch is defined and asterisk_patch - name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 2a253e5ef..6b1639a37 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -1,21 +1,21 @@ - name: JUST 1 SETTING TO TURN ON/OFF FOR APACHE - whereas NGINX below has 4... meta: noop -- name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled # http://box:83/freepbx +- name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if apache_installed is defined and pbx_use_apache and pbx_enabled # http://box:83/freepbx command: a2ensite freepbx.conf when: apache_installed is defined and pbx_use_apache and pbx_enabled -- name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled) +- name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (apache_installed is defined and pbx_use_apache and pbx_enabled) file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: apache_installed is defined and (not pbx_enabled or not pbx_use_apache) + when: not (apache_installed is defined and pbx_use_apache and pbx_enabled) - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." meta: noop -- name: EITHER - Restart & Enable '{{ apache_service }}' systemd service - if pbx_use_apache and pbx_enabled +- name: EITHER - Restart & Enable '{{ apache_service }}' systemd service - if apache_installed is defined and pbx_use_apache and pbx_enabled systemd: daemon_reload: yes name: "{{ apache_service }}" # apache2 @@ -23,19 +23,20 @@ enabled: yes when: apache_installed is defined and pbx_use_apache and pbx_enabled -- name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) +- name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (apache_installed is defined and pbx_use_apache and pbx_enabled) systemd: daemon_reload: yes name: "{{ apache_service }}" state: stopped enabled: no - when: apache_installed is defined and (not pbx_use_apache or not pbx_enabled) + when: not (apache_installed is defined and pbx_use_apache and pbx_enabled) + ignore_errors: yes # If Apache not installed, HIGHLIGHT IN RED FOR IMPLEMENTER/OPERATOR - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables when: iiab_stage|int == 9 and network_enabled -# iptables installed in 1-prep via roles/network/tasks/install.yml, but iiab-gen-tables may not be set up until -# roles/network runs later and can be omitted altogether +# iptables installed in 1-prep via roles/network/tasks/install.yml, but +# iiab-gen-tables may not be set up, until/if roles/network runs later. - block: diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 6582edc81..d8632aa5b 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -11,15 +11,14 @@ # 2021-08-12: Let's try to track the "official" init.d / update-rc.d # instructions ('update-rc.d -f asterisk remove') but using systemd instead, # to be more future-proof? -# 2023-04-02 The above is not true, the service is running from the asterisk install causing -# './start_asterisk start' to do nothing as the service is alredy running resulting in the -# need to use 'ignore' for 'killall -9 safe_asterisk' or './start_asterisk stop' -# Lets get rid of the red warning. +# 2023-04-02: Disagreement remains the same as 2 years ago: +# @jvonau wants to stop service asterisk (from the asterisk install). +# @holta prefers we track Asterisk/FreePBX community's mainline/consensus. - name: "FreePBX - Disable 'asterisk' systemd service, giving FreePBX full control during boot - similar to officially recommended 'update-rc.d -f asterisk remove' at: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9" systemd: daemon_reload: yes name: asterisk - state: stopped + #state: stopped enabled: no @@ -66,10 +65,15 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" +- name: "FreePBX - Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/php-settings.yml when: php_settings_done is undefined +- name: FreePBX - Install and configure Apache - if pbx_use_apache + include_tasks: apache.yml + when: pbx_use_apache and apache_installed is undefined + + # - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} # get_url: # url: "{{ freepbx_url }}/{{ freepbx_src_file }}" diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 544ddc733..a9b580129 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -18,21 +18,19 @@ fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes + - block: - - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" - fail: # FORCE IT RED THIS ONCE! - msg: FreePBX 16 requires PHP 7.4 and is not available. - when: php_version is version('8.0', '>') and pbx_php74_override is undefined + - name: If PHP >= 8 is detected, loudly warn that FreePBX does not support PHP 8+ (as of April 2023) + fail: # FORCE IT RED, allowing adventurous/testing people to proceed at their own risk! + msg: 'FreePBX DOES NOT SUPPORT PHP 8+ AS OF APRIL 2023. YOU ARE PROCEEDING ENTIRELY AT YOUR OWN RISK.' + when: php_version is version('8.0', '>=') + ignore_errors: yes - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: pbx_installed is undefined - - name: FreePBX - Install and configure Apache - if pbx_use_apache - include_tasks: apache.yml - when: pbx_use_apache and apache_installed is undefined - - name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle include_tasks: chan_dongle.yml when: asterisk_chan_dongle diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 474854821..1a5c1d632 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 73e01e154..f57f6879d 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 42adebfea..7185c8a44 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index ba081c3db..f884e1021 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False From 5c1b99f24060ea132b9208aeb7b8ac375455d0d6 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 2 Apr 2023 23:37:45 -0400 Subject: [PATCH 0382/1184] Global search/replace: RaspiOS -> RasPiOS --- scripts/ansible | 8 ++++---- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 7c5bbca8c..377203480 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -25,9 +25,9 @@ GOOD_VER=2.14.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED) ###if grep -q buster /etc/os-release /etc/debian_version; then -### CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros +### CODENAME=bionic # Debian 10, RasPiOS 10 & Buster-like distros ###else -### CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) +### CODENAME=focal # Debian 11+, RasPiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) ###fi # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): @@ -109,7 +109,7 @@ echo -e "(Internet-in-a-Box requests ansible-core $GOOD_VER or higher)\n" # Code above designed to work on all Linux distributions, to preserve options, # in support of any volunteer(s) wanting to port IIAB to a new Linux/distro. -if [ ! -f /etc/debian_version ]; then # e.g. RaspiOS, Ubuntu, Mint & Debian +if [ ! -f /etc/debian_version ]; then # e.g. RasPiOS, Ubuntu, Mint & Debian echo -e "\nEXITING: /etc/debian_version FILE NOT FOUND. Linux OS support info here:" echo -e " https://github.com/iiab/iiab/wiki/IIAB-Platforms\n" exit 1 @@ -140,7 +140,7 @@ fi # 2020-08-20: TEMP WORKAROUND (REVERT TO ANSIBLE 2.9.6) MITIGATING # iiab/iiab#2481 (Ansible 2.9.12 and 2.10.0's 666-TO-600 file permissions -# problem). This workaround installs 2.9.6-1ppa~disco onto RaspiOS, from +# problem). This workaround installs 2.9.6-1ppa~disco onto RasPiOS, from # https://launchpad.net/~ansible/+archive/ubuntu/ansible #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu disco main" \ # > /etc/apt/sources.list.d/iiab-ansible.list diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ec4c3f2d4..b1a48d637 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -170,7 +170,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -682,7 +682,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1a5c1d632..57d96c086 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f57f6879d..0418d39f5 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 7185c8a44..464819e62 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index f884e1021..de25ac024 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 298866de633c85e26c3a55560c2077b5bec2c171 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 2 Apr 2023 23:54:10 -0400 Subject: [PATCH 0383/1184] asterisk.yml: Clarify 'asterisk_patch: True' for RPi #3489 --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index ff7fb3ec4..28c72b855 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -56,7 +56,7 @@ # state: latest # https://github.com/iiab/iiab/issues/3489 -- name: Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 +- name: "Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for Raspberry Pi (#3489) if 'asterisk_patch: True'" ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" From 545d66dbe2e820c3881379c7467696324b5dda85 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 3 Apr 2023 00:25:48 -0400 Subject: [PATCH 0384/1184] pbx/files/install_prereq.diff: X86_64 -> x86_64 ; clean asterisk.yml --- roles/pbx/files/install_prereq.diff | 2 +- roles/pbx/tasks/asterisk.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/pbx/files/install_prereq.diff b/roles/pbx/files/install_prereq.diff index 4c57bc10b..0428b339a 100644 --- a/roles/pbx/files/install_prereq.diff +++ b/roles/pbx/files/install_prereq.diff @@ -7,7 +7,7 @@ + arch=$(uname -m) if [ ${#pkgs} -ne 0 ]; then - echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" -+ if [ "$arch" = "X86_64" ]; then ++ if [ "$arch" = "x86_64" ]; then + echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" + elif [ "$arch" = "aarch64" ]; then + echo $pkgs | sed -r -e "s/ ?[^ :]+:armhf//g" diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 28c72b855..5c1b6747a 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -40,8 +40,6 @@ unarchive: src: "{{ downloads_dir }}/{{ asterisk_src_file }}" dest: "{{ asterisk_src_dir }}" - # owner: root - # group: root extra_opts: [--strip-components=1] creates: "{{ asterisk_src_dir }}/Makefile" From 3636d67a2c5f5dc8aa5f431c3f51fe61482618e4 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 3 Apr 2023 01:02:39 -0400 Subject: [PATCH 0385/1184] pbx/tasks/main.yml: Traditional ordering for iiab.ini --- roles/pbx/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index a9b580129..669f05277 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -49,14 +49,14 @@ value: PBX - option: description value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' - - option: pbx_use_apache - value: "{{ pbx_use_apache }}" - - option: pbx_use_nginx - value: "{{ pbx_use_nginx }}" - option: pbx_install value: "{{ pbx_install }}" - option: pbx_enabled value: "{{ pbx_enabled }}" + - option: pbx_use_apache + value: "{{ pbx_use_apache }}" + - option: pbx_use_nginx + value: "{{ pbx_use_nginx }}" rescue: From 177cf0a5afedee267fbef8d84b6a877de251c8be Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 3 Apr 2023 10:34:46 -0400 Subject: [PATCH 0386/1184] New default 'asterisk_rpi_patch: True' + documentation --- roles/pbx/README.adoc | 16 +++++++++++----- roles/pbx/defaults/main.yml | 8 ++++---- roles/pbx/tasks/asterisk.yml | 4 ++-- vars/default_vars.yml | 6 ++++-- vars/local_vars_large.yml | 8 ++++---- vars/local_vars_medium.yml | 8 ++++---- vars/local_vars_small.yml | 8 ++++---- vars/local_vars_unittest.yml | 8 ++++---- 8 files changed, 37 insertions(+), 29 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 360dc3499..a2c0d4561 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/wiki/IIAB-8.1-Release-Notes#known-issues[WARNING]).* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. @@ -41,15 +41,15 @@ pbx_install: True pbx_enabled: True ---- + -FreePBX can be used with either or both web servers, NGINX on port 80 (as is new) and/or Apache on port 83 (as is traditional). +FreePBX can be used with either or both web servers — NGINX on port 80 (http://box/freepbx) and/or using the old approach with Apache on port 83 (http://box:83/freepbx). + -If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] prior to installing IIAB: +If you still want the older Apache approach, set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] prior to installing IIAB: + ---- -pbx_use_apache: False +pbx_use_apache: True ---- + -Or, if you want to use FreePBX with Apache alone (http://box:83/freepbx), optionally set this line in your /etc/iiab/local_vars.yml: +If you want to disable to new NGINX approach, set this line in your /etc/iiab/local_vars.yml: + ---- pbx_use_nginx: False @@ -61,6 +61,12 @@ If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/ph nginx_high_php_limits: True ---- + +As of April 2023 (https://github.com/iiab/iiab/pull/3523[PR #3523]) IIAB will patch Asterisk automatically (https://github.com/asterisk/asterisk/pull/32[PR asterisk/asterisk#32]) so it can be run experimentally on Raspberry Pi, so long as you keep this default settings: ++ +---- +asterisk_rpi_patch: True +---- ++ Optionally, you may want to enable https://github.com/wdoekes/asterisk-chan-dongle[chan_dongle], which is a channel driver for Huawei UMTS cards (e.g. 3G USB dongles) allowing regular voice calls over GSM mobile networks. You will need to configure a dongle post-install, for it to be recognized properly: + ---- diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index e1eae4df0..2cc6eece6 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -8,9 +8,12 @@ # pbx_install: False # pbx_enabled: False -# pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +# pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also # pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +# asterisk_rpi_patch: True + # asterisk_chan_dongle: False # pbx_signaling_ports_chan_sip: 5160:5161 @@ -22,9 +25,6 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True - asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 5c1b6747a..6214c0d06 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -54,11 +54,11 @@ # state: latest # https://github.com/iiab/iiab/issues/3489 -- name: "Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for Raspberry Pi (#3489) if 'asterisk_patch: True'" +- name: "Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for Raspberry Pi (#3489) if 'asterisk_rpi_patch: True'" ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" - when: asterisk_patch is defined and asterisk_patch + when: asterisk_rpi_patch - name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b1a48d637..8df87c531 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -682,13 +682,15 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False pbx_signaling_ports_chan_sip: 5160:5161 pbx_signaling_ports_chan_pjsip: 5060 diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 57d96c086..84b5ea43c 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 0418d39f5..546c9b248 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 464819e62..f29d97bd0 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index de25ac024..ce408c528 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False From 573516463dc2aa91012b81cce131f991eba63034 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 3 Apr 2023 10:52:58 -0400 Subject: [PATCH 0387/1184] vars files: Squeeze PBX tips back into 80-char width --- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 8df87c531..b1ad7fcdf 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -682,7 +682,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 84b5ea43c..1c1e8b7d3 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 546c9b248..8a8ae98d6 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index f29d97bd0..de02105a9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index ce408c528..e5e086fd6 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 7f0365c2f290d1e09793d2d01d670ccc57685a12 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 4 Apr 2023 07:47:42 -0500 Subject: [PATCH 0388/1184] asterisk_installed --- roles/pbx/tasks/asterisk.yml | 10 ++++++++++ roles/pbx/tasks/install.yml | 1 + 2 files changed, 11 insertions(+) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 6214c0d06..b4c1d8ea0 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -186,3 +186,13 @@ path: /etc/asterisk/asterisk.conf regexp: 'rungroup =' line: 'rungroup = asterisk' + +- name: "Set 'asterisk_installed: True'" + set_fact: + asterisk_installed: True + +- name: "Add 'asterisk_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^asterisk_installed' + line: 'asterisk_installed: True' diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index 474ddb58d..7af2c144e 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -36,6 +36,7 @@ - name: Install Asterisk include_tasks: asterisk.yml + when: asterisk_installed is undefined - name: Install FreePBX include_tasks: freepbx.yml From 1173ec0db0ff34dac32e4a85ca29456cb9521f6e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 4 Apr 2023 11:16:26 -0400 Subject: [PATCH 0389/1184] pbx/tasks/asterisk.yml: #3524 touch-up for iiab_state.yml --- roles/pbx/tasks/asterisk.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index b4c1d8ea0..bc7638191 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -187,6 +187,7 @@ regexp: 'rungroup =' line: 'rungroup = asterisk' + - name: "Set 'asterisk_installed: True'" set_fact: asterisk_installed: True From 413f7404963f679e5fbea0bd49070407d4cdda93 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 4 Apr 2023 16:22:25 -0500 Subject: [PATCH 0390/1184] RasPiOS-12 --- scripts/local_facts.fact | 3 ++- vars/raspbian-12.yml | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 vars/raspbian-12.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index e68aa93d5..ac2b73511 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -85,7 +85,8 @@ case $OS_VER in "ubuntu-2210" | \ "ubuntu-2304" | \ "linuxmint-21" | \ - "raspbian-11") + "raspbian-11" | \ + "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install ;; diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml new file mode 100644 index 000000000..e6fd2f9d5 --- /dev/null +++ b/vars/raspbian-12.yml @@ -0,0 +1,22 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_12: True +is_raspbian: True +is_raspbian_12: True + +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: ssh +# sshd_service: ssh +# systemd_location: /lib/systemd/system +# php_version: "7.4" +# postgresql_version: 13 +# python_version: "3.9" From a6b8a5bfc828149fb983153f6e12632f2880fd15 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 4 Apr 2023 18:11:39 -0400 Subject: [PATCH 0391/1184] default_vars.yml: 'is_raspbian_12: False' for PR #3525 --- vars/default_vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b1ad7fcdf..2e91080d9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -796,6 +796,7 @@ is_debian_11: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) +is_raspbian_12: False is_raspbian_11: False #is_raspbian_10: False #is_raspbian_9: False From 9f87beb9c9b5283aaa225d14dbc4d27818c3c6ad Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 5 Apr 2023 13:02:43 -0500 Subject: [PATCH 0392/1184] workaround python2 being unavailable --- roles/kalite/tasks/install.yml | 6 +++++- scripts/install_python2.sh | 25 +++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100755 scripts/install_python2.sh diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 5fb192475..6eb69859c 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,9 +17,13 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) + when: not (is_debian_12 or is_ubuntu_2304) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. +- name: Use scripts/install_python2.sh to install python2 and virtualenv + command: "{{ iiab_dir }}/scripts/install_python2.sh" + when: is_debian_12 or is_ubuntu_2304 + - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: name: setuptools==44 diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh new file mode 100755 index 000000000..c21ec2ae8 --- /dev/null +++ b/scripts/install_python2.sh @@ -0,0 +1,25 @@ +#!/bin/bash +ARCH=$(dpkg --print-architecture) +cd /tmp +case $ARCH in + "arm64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + apt install ./python2.7-minimal_2.7.18-8_arm64.deb + ;; + "amd64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_amd64.deb + apt install ./libpython2.7-minimal_2.7.18-8_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_amd64.deb + apt install ./python2.7-minimal_2.7.18-8_amd64.deb + ;; + "armhf") + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + ;; +esac +rm *.deb +apt -y install virtualenv From 9880ed1d7651a80c1e8a2ea270bf29cae54ba1cb Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 5 Apr 2023 21:00:39 -0500 Subject: [PATCH 0393/1184] .so files2 --- scripts/install_python2.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index c21ec2ae8..4ee8cd338 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -5,20 +5,26 @@ case $ARCH in "arm64") wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + apt install ./python2.7-stdlib_2.7.18-8_arm64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb apt install ./python2.7-minimal_2.7.18-8_arm64.deb ;; "amd64") wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_amd64.deb apt install ./libpython2.7-minimal_2.7.18-8_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_amd64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_amd64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_amd64.deb apt install ./python2.7-minimal_2.7.18-8_amd64.deb ;; "armhf") wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb + apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb - apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb ;; esac rm *.deb From 847751aed3068fb82887ec5e49899c2217756b87 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 6 Apr 2023 07:14:48 -0500 Subject: [PATCH 0394/1184] support Ubuntu 23.10 --- roles/kalite/tasks/install.yml | 4 ++-- scripts/local_facts.fact | 1 + vars/default_vars.yml | 1 + vars/ubuntu-2310.yml | 21 +++++++++++++++++++++ 4 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 vars/ubuntu-2310.yml diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 6eb69859c..6d0c8765e 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,12 +17,12 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: not (is_debian_12 or is_ubuntu_2304) + when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: is_debian_12 or is_ubuntu_2304 + when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index ac2b73511..27fa281fb 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -84,6 +84,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ + "ubuntu-2310" | \ "linuxmint-21" | \ "raspbian-11" | \ "raspbian-12") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 2e91080d9..4786cbe94 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -773,6 +773,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2310: False is_ubuntu_2304: False is_ubuntu_2210: False is_ubuntu_2204: False diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml new file mode 100644 index 000000000..445ae061b --- /dev/null +++ b/vars/ubuntu-2310.yml @@ -0,0 +1,21 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2310: True + +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system +# php_version: "8.1" +# postgresql_version: 14 +# python_version: "3.10" + From af7a646002e52c5f0439a34268a725ff3391bf6b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 6 Apr 2023 16:17:44 -0500 Subject: [PATCH 0395/1184] amd64 --- scripts/install_python2.sh | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 4ee8cd338..bb7b67339 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -1,5 +1,11 @@ #!/bin/bash +# https://packages.debian.org/bullseye/libpython2.7-stdlib ARCH=$(dpkg --print-architecture) + +apt -y install virtualenv +apt -y install mime-support #transitional package +#apt -y install libffi8 + cd /tmp case $ARCH in "arm64") @@ -11,12 +17,23 @@ case $ARCH in apt install ./python2.7-minimal_2.7.18-8_arm64.deb ;; "amd64") - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_amd64.deb - apt install ./libpython2.7-minimal_2.7.18-8_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_amd64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_amd64.deb - apt install ./python2.7-minimal_2.7.18-8_amd64.deb + wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb + apt install ./libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/libf/libffi7/libffi7_3.3-5ubuntu1_amd64.deb + apt install ./libffi7_3.3-5ubuntu1_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + + wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb ;; "armhf") wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb @@ -28,4 +45,3 @@ case $ARCH in ;; esac rm *.deb -apt -y install virtualenv From cd6d04108afd493493a655549dae7e0d33035545 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 6 Apr 2023 16:56:37 -0500 Subject: [PATCH 0396/1184] arm64 --- scripts/install_python2.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index bb7b67339..28a5bb000 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -9,12 +9,23 @@ apt -y install mime-support #transitional package cd /tmp case $ARCH in "arm64") + wget http://ftp.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4_arm64.deb + apt install ./libssl1.1_1.1.1n-0+deb11u4_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb + apt install ./libffi7_3.3-6_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb apt install ./python2.7-stdlib_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb apt install ./python2.7-minimal_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + apt install ./python2.7_2.7.18-8_arm64.deb ;; "amd64") wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb From 33f00a08535f905595a01d56dcfb865b7319c476 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 6 Apr 2023 17:15:33 -0500 Subject: [PATCH 0397/1184] armhf --- scripts/install_python2.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 28a5bb000..a8246da92 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -47,12 +47,24 @@ case $ARCH in apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb ;; "armhf") + wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb + apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb + + wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb + apt install ./libffi7_3.3-6_armhf.deb + + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb + + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./python2.7_2.7.18-13.2_armhf.deb ;; esac rm *.deb From 5eac4ea24a9f5e91d66a00250a5f28fa3a1b2096 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 8 Apr 2023 02:49:06 -0500 Subject: [PATCH 0398/1184] typo and layout --- scripts/install_python2.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index a8246da92..e057d1c6a 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -19,7 +19,7 @@ case $ARCH in apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./python2.7-stdlib_2.7.18-8_arm64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb apt install ./python2.7-minimal_2.7.18-8_arm64.deb @@ -27,6 +27,7 @@ case $ARCH in wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb apt install ./python2.7_2.7.18-8_arm64.deb ;; + "amd64") wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb apt install ./libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb @@ -46,6 +47,7 @@ case $ARCH in wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb ;; + "armhf") wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb @@ -53,7 +55,6 @@ case $ARCH in wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb apt install ./libffi7_3.3-6_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb From d960b43f98f0031418b4591d491126f561b32c03 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 8 Apr 2023 13:22:58 -0400 Subject: [PATCH 0399/1184] vars/ubuntu-2310.yml: Tweak PR #3527 --- vars/ubuntu-2310.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml index 445ae061b..843810075 100644 --- a/vars/ubuntu-2310.yml +++ b/vars/ubuntu-2310.yml @@ -18,4 +18,3 @@ is_ubuntu_2310: True # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" - From 2722e1ac14f07cac3f864ecf6cb4103e059da699 Mon Sep 17 00:00:00 2001 From: root <albert@einstein.edu> Date: Sun, 9 Apr 2023 14:50:56 -0500 Subject: [PATCH 0400/1184] libssl1.1 use raspi repo --- scripts/install_python2.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index e057d1c6a..3ef5797a6 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -9,8 +9,8 @@ apt -y install mime-support #transitional package cd /tmp case $ARCH in "arm64") - wget http://ftp.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4_arm64.deb - apt install ./libssl1.1_1.1.1n-0+deb11u4_arm64.deb + wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb + apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb apt install ./libffi7_3.3-6_arm64.deb From be1708a6df221781713e567b65c78d581517263e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 9 Apr 2023 17:28:08 -0500 Subject: [PATCH 0401/1184] kalite - dup'd line typo --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index e057d1c6a..454af64d2 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -64,7 +64,7 @@ case $ARCH in wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb apt install ./python2.7_2.7.18-13.2_armhf.deb ;; esac From 9323fd897a069dc21d27264fd2b87b784ff37db9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 9 Apr 2023 21:38:21 -0500 Subject: [PATCH 0402/1184] no path --- roles/www_options/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index fba3379ac..6342bcdd0 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -13,9 +13,9 @@ mode: '0755' # Used to be run by httpd/tasks/install.yml -- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" - include_tasks: roles/httpd/tasks/homepage.yml - when: apache_installed is defined +#- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" +# include_tasks: roles/httpd/tasks/homepage.yml +# when: apache_installed is defined # Used to be run by nginx/tasks/install.yml - name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install From 0ae7073e00ce9521df5fa0426391b77f1a43878f Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 15:14:02 +0100 Subject: [PATCH 0403/1184] Update README.adoc --- roles/pbx/README.adoc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a2c0d4561..0a0c11ef1 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -156,6 +156,22 @@ image::files/linphone_setup.jpg[width='33%'] image::files/linphone_connected.jpg[width='33%'] * _If you've created more than one extension, make a call to another extension!_ If you've not yet made more than one extension, try calling an arbitrary extension, or try calling your own extension (your own phone number). ++ +Due to Linphone's inability for phones to ring when the screen is locked ,you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: + +* Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot +* Go to Account Settings * +* Add new account * +* Select *SIP ACCOUNT* + +** *Account name* is your name,eg John Doe* +** *Sip Server* is your IIAB server's IP address +** *SIP User ID* is your extension number eg 301 +** *SIP Authentification ID* is your extension number eg 301 +** *Password* is the same as above *Secret* +** *Confirm by clicking tick synbol ✓ on top right* + +* If the connection is successful, you will see a green circle next to your name [John Doe]. ** You should see activity in the *FreePBX Statistics* applet at http://box/freebx (or http://box:83/freebx) > *Dashboard* ** Connection details may also be seen in the Asterisk logs at: `/var/logs/asterisk/full` From aeacbc551fea586d1c9c4b88d07c40b75e3ac8ba Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 16:33:27 +0100 Subject: [PATCH 0404/1184] Add files via upload --- roles/pbx/files/Wave_phone_connected.png | Bin 0 -> 29085 bytes roles/pbx/files/wave_sip settings.png | Bin 0 -> 30774 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/pbx/files/Wave_phone_connected.png create mode 100644 roles/pbx/files/wave_sip settings.png diff --git a/roles/pbx/files/Wave_phone_connected.png b/roles/pbx/files/Wave_phone_connected.png new file mode 100644 index 0000000000000000000000000000000000000000..d9310b44a852130e3fc65c0de0a65c43cdd96e90 GIT binary patch literal 29085 zcmd?Rc{H2v|Nj{Tu_i=qC4$ygwJR$2wXK$}wDzcKi`uGUi=EghEwxtF@@~~$TT^Q+ zrD$nU)K2VT7ZK+6{>+*Ao%w!e=A8NCH|Na!5l*hdojcck=enM+=kxJOwAl?KHfDZi z5D3I}#aRCq2t)%19z+NOFp~M9z83gJ<8{kO7gX9Oumn5-JLz240f8zKS&r=Kf#*!_ z#`nEIAnx<051K2t&XGVM4}~lGI(INOYhM}PS{r;m37Ygj&Ydyk$RX+L_)0M^>v4g> zx*YUe2Kp7|gu^@924*m>rLT{X?|=A<2ZL$B|K#cEGBYh{)YpHl-OcT9@Ua%_OiA*p zO0gnQ*lhb`s+{^)-|S{9d-eVO__X%#i>g0WPGdc?O)i5)raT5W1z;)ZtQEf73x7)P zSGg>FfAdZvhVET#Gzxx`YdH1pm-U8BH<LFC?P8`m(lPH;k@wj6D!*K`Zuqs(pSv+A zc$2F=<VXAahK5n@iw_>M@W^nT9@5(6>C>m<>i6-O3W=DR;6?N;b93SZQ>X}V1lYZ` zMhar+$B(K1eW0G0GxY1%95Ar;)T%MSS4%X-lep~=7GYD9Vcwma_R4gblX5{_EaqdI zXJDj5L1%uVT3XrTYtF5n`wzxSMjaA0N(u_vzrw+ecS}BfvbI<6m*{K9zCY{oK1*%e z!B=Cezr{+(gCrlPy0?wJd$o@~O~!J0xKw&=ImtP{zawz?T+`J>^uW;20&otMQl2`2 zfq^Gj7o$AjB%)KJD?71wa%KzW=P|C<t|uOo8y_<zO4+||{A#Kc?7+8@N1iRNh1u`; zPFmjPe$~G`P^2a(D7c=Dl=z5taLBhMh*Lg&`b5=D%}u24ep^_0BrCN0&dT?XeO6+i z@#w%|Gs^a+mEa|%Mzpxx>c?uW2;s=TT=rT!(|vt?SoGx1uIH23hrez7*Bt-;{W~-< zv94luW;Ud{dXImRMHX+DsIixRL27tE*EILSm*d|Fo5(FHa!JIsQIJwF79hf#D!%8C zxuv;3?zJ~?O?Eeykw~V57UlSLzrJX>u%wz}E9BdWbz!uXR43X<GR}>6FN-xEkBpD2 zzx}yT5@nKo`M1_Kw#|1H=ip+RrTSB*evWe^s9wWRC}wS7R*fV7$zb6hJ*b9@LubP0 zprcu#OZKf`StC<Z)1U^=;j{(Ibxm@`2zx`iJDe+yxrF^nf4`H@UvKj<_cpe_Af0iT zhsgDSNRGUuV1JrEBb|nZ29#?sMM<Uhz{9u^MKT-fk_}H%LJsuX%1tJyAFF;LFJw|x zpVUR}NVg((=EGdlOxMvz*KdvQ&!w2we5#!oJ-HYCd=Bnym+7ZZoy7zzc$Dm8e6Eg- z-LDg03cdMai^I0*eSBLm$4fnSH3Fkeg24&n&a1^vpUJ@5Kyr`mo^1+4S8QXycwl+e z$}8u#S;$Kj+n>i%j9TT{FGjzyYaZB*1)Wgi3*u}~4u>@{FQL?z&flPB9p!%)XHyxI zBJpZzlToGv^CgGBiZthWJUn=pyNziMz~)vS5o~-4gqjgF3x&E7)TGOANbQmN^8N0M z@j4I9hTC=v?x^yc`G$W!58JGS>e~wk2|fSoJxs3unQuhVTUuPKcFGMLLSUw7a=l(A zGzm9sG*SZcVw_c@qV%!m*50rDdB!(@YyA28r9Xs5QiN>X<!#XHw7l%!lWmIS-Mg;@ zu?N$~cFjMHgk0T%C}Usc|LMt3)LfnqNknbowDh-pNiB?&yIOsl`PrGz8ozB^qpFV% zR$XOldiag=%lvCgmyvS&7nHSHN-_MMNFz4d!=42suX7IJx0r`*E3i#$bg0(I05ixk z{3vVO`&{-X#Z+^Nx)S06J@7kMbEWBxyhCJfhDOhN!-`Dp$8x51x+|TsH=D@4ZleY~ z)^k*Tb-$Tt@zo2q<QSnMx0D1gQ!Q%sUteN2wh1QPeM74V>Jar_*p25+f=zPV^MaC5 z|BbI-MS?R+Vyu!n%vFkkyYN?n`nsz627cS6*4n4)N{YBI;!dh}dhW>)@x^LIXM--g zkmh)q#`bqb>+>f&MOuGq8+R{KzB_5omI`XkcP=&^@0N{87G<Gxk9UgJit`h;n3MLJ z>7YANw1x@%Pi!xfuB~fKdAodBtJ%vJqIM0g)y*d4FitS+kGfR#;-yt4F!^b3BEd?u z@ioBJ8ST{ElP_aLLQC^>9tTtR#`>}QUnYI;Yi=bcVl-2iVr`G!xqkkA@5Rw(=a>$o z;KPl;4ga-Ht>X&nyljw1$b3#Jv}IP!y=?G?dT--qyjz`}@Q2ibaYb%hq4!OlQ|;BW zA8n~0_9YXtv4=|&rin*u$<G*_vOFT8!MwZTnww0N-(^_GP64kt+pyZWP0s{p>_MB* zC~);Hc^D5b-rlPd3XEx4p-i4MLidn|s4zKdwq_hM3o{d)qZOFBqZh^Q{ZspnOx+Z% zR+P$i_C`SG@!@dO-l*xJ5xIh9-TVO&+YcthlfT!_D%N-mYm!2sb$$vWZjIyx8&I(J zYSo5jY4Nx_0mt!zJfB8UHW8NKCEK|G>(7V8<@fg8;ScEW8Bi=KtT8bpXx%H<%aI|D zwA!DoK3v*#>}TrJDd>Z7gnim?I-yQH&YHwh)~I<j>sR=jnGaiRHAdL7{F`P4H_GK5 zIu4G%Ozg^JDmo>kowW0aH{djm4`%mlPj+pO-F-(=&-|RCQ52f@v%0p`1YC&KHlgEk zt;}RmqfyI=E$%N1qs{@N?O!#IHxntvoL#xj0ij10OJvW^<_~>o>I_n9LS2b>{Tj#R z%Rg+-CxqP1mi1vRSq`Xoc>8jjCQfFLZ=Bc6CScQG|ND{_=JQCWVn1rOwHaxmHTLYw z8j6j0fSL-X8yB^gv`@2su}PEag^_0sA31|-ydGpAkbWjuH31Z`;Xmn>7~!A7Q)6TU z)jBGN#;ke?b?XTgu)l8?o)W<MCA%#tTIiVEV|@66z+p7fL>+7TV~X8^Q?_$YR&Udx z&Tyxb*v<NHP0hHKw=f*Tu7)^;?1#|MA>^2Ql_eCRN(6AbBLdf=__>9}P6o2xbb@tb z<&TK!zLc+xluC4Jrqlb5NtZymWwnX6_DntCKTdZzPQrh57|$GeoF8vxLV8Ln)jT2h z``f&4SHHaUJ|*DfjZ;odw$H>L;B8*oubenqP#Lq25_%+lG!M>YKi*1fdR_rP_6|;$ zYqz_6BiF9F-(xP>XcXA;R~RU3Zb4&=kDF5k$EF%KXFJDEsFNpT+kHAzQa^UDib{7I z$8hO@x)C^8G<JG#B5hy@NZ78>F^N%&ofN>!DmgZJa_p0PKFh05?ZtEi&nTIg>y~>o zC%zVW_8F;qgoWRX{Y)&=83Np%xtX8dhH<79*K@=iA!^FX?T%>E-6WZ`hS|T@Tq&sv zcv$oU*U196A$gT#CvoSiQ&y|2-<mlE$JSETzfknp<n7n!$2At7jXlbAwff{c;-Yw+ zi9qK>FDS1z9S#o=+Gm%4$VT4}_LxD5bO^w`C!P;pw>GKco^EjjE1`0XmDuAO+t}4d zH1@}5<0I3pyn2-zyAz5cv~Sf|{f-#sNjEId8UFp(`8mElNmAyvAKv!x9(y6bG|vw= zjtqJh?gNi4yJmKIa=R?{ryHX*Tlu=tB=~3Tn+Kw-JM{u1d|~IE&+YU8uTatijU3kf zV<E2dW3gy|!oMs<`Rb}Bo<nmMt0u(_Cj{@(a*Na5Nm^oCj_C=PGefcpnX~HXP~~h2 z5h#>CqmJ(9`}xgd!6kZfTUBx~$@zE_>-5nn9rpxp1VR-WN4=8bH|$(|V5D_;(;S0< z-A?vtqWpca+0H}BQbK^XO%}p2@VrVTfpu}+Z(K_%P2_l%a}zAOn>Dpxdn1_Sr{6?4 zg~}ntFap8sA(qDZ)7Rzsk*JdC@`f8l??fSGwo{)Jrl#npzA1byX!@~^>7TAgAMD)c zc2c|1<an8DazU<m^P(B<n`zMD?OGn~6DKuc!nyDe)RGtLuW_jGECRT4iKamZ-!#K^ z(i(TpYb9J92d;&T(rhm8hI8(S%%IHSWjf?Fxb!uGMtP6t#Fch*sD*nzN>PDmPvDAt zWfvDke<eZq9IrxzLtxk}MwHh*_zBC3FpepQ2})ls)1q>z&JLq{C*5CuKoni#JvExF zHNm|7-JL!+=-Ah`)-ESH9fW|$2+hx+o>}5pMLPjivMkDyJ+=I?Y_DA&aoM|LTlc-$ zQ~d<IagQ2*W*~o(LOUe%t(<axUmT<&1HmSWKh~xw1S@zub@vnRn%n;N89Ex%K(TWZ z@7EE}>bQV^9?S}zjA-??h>^HS%wnc*Rxh0i%*3|u;Lg*)0_*;%|3=|Qu!mi$V$cr{ zQDl%mMA6C5ghz2YOWL#GdVo)tV$<s<+}GG3=ZNM0s~YQR`6BX?${>Y>k!9YF?tv-h z*B5v#{&+OEC8Dl$hLx{!7j*OadR)(uUAjsPDHvXm_<E_#T*k!Ckz67bH2pbo5zhJ= z!yce)HEIrHE<DDt{}kd?<%s4b^VRW6@RcL!Tv)&FDC5x#9gBkjXj3b_#(-F`UKWU~ zKU%-NaM+wU%z-<OCAQhcigR@yoIAlI)TB7!{nB?8r24Vr5=M7qYUpwriLZ8&ZG)=| zmb~UVGGebZJdIe<ZtVA#)8?xa(|)iuub4iZyjJIyD!ezV*d$Y<vl@25WpjeVa^N&u zHa)3GE$%0D^IOd2z2wC*a{aB;!i)68s~dNjq;eJ@p~%!Qf<7!<7b(vH&Vw17fORCm z7jR50N~a}J9zmb0UAOp20umC@Y@0xU-alxG1Bx5%C3Gva8ODXZE`D0vJk1b==n5yL zLqg3U=fpyhT(r^Az<+3?MgF_tw`TIw`((P7?$VWS6OjxI87Cj}lqNrW3+YHOzuNox z`+AdDU=v#Yo9#+Rk89f9{f;V{&Cyy+uQ2^=in-ux|GNTcj$tt7wuWpO+uR0jw>q%Q zYEDs?X=hTF>X2!=ZhdHH44=oX;axo9n~0TPeAL%3LU!mU`X7vz(f+iZK{ZJe14}{{ zi+nQ#3Obp1+GMYJ5j3Vg(x|_~2V-p>GzyH|wo#eT>d9Q8v*LMCsc`3<*e2pGx)s(K zV!j7QgsR*(DuL2o=P*dj+|CHlRfkFA%&FVo>LE2}UeV#n+2*T8IRtKD1p6!L{i))S zk9QM}W~b-I)MkXkj!>bx$2XmH-U<x}+3j38gxq9Y{6Z*<*3|EU>(;_vN7OcLqn)(< zO5>m7eREWP!*`hJ7)BV~UW*@rg&*Qxg6d>=hvAMPKe)rGaSHa=!YfC-$}}|g;5tj% zsT$qd;f%E3H@Oe#S$KB#y=QJ3{E7Yz&r_)rE4>&MLkMRkU0Q(#F6trZB4IH6K<?Yy z;l&`1;mGRnVq}1L*_?Q)c-fx#F{{0ds!&8sof?EaPYxp|G`8-55J9H$y&_(m)E^aP zrGLAH?>$Rz(EfyX&v)C$s#AmXwslNcF#bk~;IS&x+b(=dW^K@I?o#Nh1Vi}o=j46* zL$0wM_@M>^C1)SssaFna&4FQ49>3(hBz(ScZ?|ms>-k0%XxvMfM0hK%?%IwMID!Nx zyb}4LHf>!l*=iar(YBQ_k6=$*^e424Jvu|gk;7eI3b{3jFTm-P+`5S<$0!IZ2dxM5 z4-lGz4!vyW6P_*1HZQv8F~U4AmMdYD5L2WEP7@K3*nCKfm&y&L3w6AyqirU<Ma%=^ z+H^oA5(3TTPgsAcYLD}k&O%|)`yriSX?m<Mk=Mdf!N!kmkGs>>l7tX5%-6_WTA^@x zk+(-mO7W(1n&?+aj4gQ_u<lS@I4C+2c>|KK_ncn`qBjQ*qs7qgoB@Yv@@!(5G&`I5 z-X{L6h2ZJC!ZeK*uOCWAUQ4&$3OsyM^f#U3Jt$;qF^z-5^gUgztsNJ<K=>AI{07&z zA4Ce=zYN+J2AL!NaAt}K(xIvtX#)+A>S%ul=jrpp3K-)8VOJIoxFI&qud4UbcClme zW0ZdIK;UMq?G9rYFUkBHuj(0X5Y95j!^mEe%LY8rBbMnh6LaI3fGXGowM5~58DUKV zF{*QV_su4PPWFTLZw51R+T1{)P~sxn!ct(dR*JA7G)gXC>D&bKZMoKHPHqn2*n@MN zT*5GFa3h<825lLSDXpo%M(FX`+bJN17!3HG8x4x}-CfU%RA?D3O$<dIhBg96(+NN+ zEv2Lc5jQ-R_Sw%Mx-7j_ylhdBV74HYSP`)S6bjTqIR<|h5$!h?p1jJQsT;T55?<-G z4`zX0bp-0E0%c_Ev3m~hg=e--=0#Dk^BC0+F&0y$9GBs;k-9hQ@pcj#BJRyR&~j+N z6rGJco)ga$9xIn?ZsSqV&&b4`uo9V`<W|xKTF5;uWT_8Y17-?^6;3EkCo4JdY5s4q z0Tyj}(-Ml?dO8+@b2ZHwv@e?9b~hUbi7Pw|#wN7DRn&Rjk91%-;H+7anl{%>=4n=B zN1k9#WS9eoFDYHZa5Xnk*W4OSC&iT{$cz?)IwmtYRzk#Rk&z2xvSj%}WekdD!0V#0 zu1<-42i5D2v{;=1Ic$cP=4-UpcM<8^0=PqttEpsu83AYE@b!luI9^3F%lGHg)+67R z5_lJML>Q#IIU`fbvjFR17r!atF1Z=`TE>6=?AxMTY<GJIih~~|%Fib+TzX+zBMid1 z-~Rc#wT_O3wVau-7zVcEin2q63z(eWa<Cr>4vE)EZaK*D-`H$X)b*vs3!qXUYCYcL zjN$2We;F}qCV%+8(~XFSIlui_)e{jL0E2hOcJ^!Pc9<ZwjVGy^Uu;jfT<;cRGTKzs zFd`-Da<+Qs(lg8~tYiz3;B!TGb%7WzjDQ-+5W~Bv?fy9(Z6=B5TS&&Jf)Pe}z9S|7 zkj$9O4>Bi@J1+E!aOqYNbNmle8QpCcVguUr)!uAO`-1RXdmIvlY8Xw_IsNE=IMy9g zufXo{NRvdxe)ivw6~zPvv|Y*V5VQF4@PV!$LoKO$Q!1U|=e`AtJu;5o+=bbVri_n9 zw{Efjr|EsTj!CPR_K)<}CYclJuG80;7@p(d>z#HJW|Kd(lHjzdZecKZFt0}wMDnuV z&STqKIOQ{iSL)N}i;YdXK)Z7vMY&U9?1gL+wj~U+k18rn9wby~w_C|FH}BpFk7*g{ zSb2L3!^e9G-Q3DO6+(4goD7gT%ytXv9JX>N*CqUZHgs*v4Fj5Bu^qPd{C2((nm#tO z8L*u>`FuDb;v#<(L;m+P8^0$fdfef^>1VVj<7N4AG;unWIXIP8P^1q#sgHxZ@l3lI zD5R$XeyCQr{NX~NdxxGKh#+>rz&Vy@n(N-ml*5j^YISYOLmMI8^^!d~#?$?x^Xq`$ zCVaFb5<O>9#P(z8Z41qK2rO<<0TQ+&XB;~W->m||BW3)Dgpx`JFCC6vh3)qYTyMVN zc+&OU{)Jz?`?n7zc%hM!&=|yiH%oj^gbF7zXrNtVtJ<ZL4n$TfRG$6>Dvhs%=oY-4 zoGBn`)y#E14X|vT5zkkD0=g6?Pt<xO+NGMKBONnfem{us^7CS7q)9ssaTA4J0|Qz= z{9u{KPF&g`3(%4;+SpWfpw+nXba@A>Bhb=j_x*+`;u#MOXKiT?EB6+1BUiJ=J;pPp zUSJ(qx6XgBGXAUh;DKXH0M(*@lZ){x)T+<am7Ga~{VjDWU`pkBTl6>p6BqLN(SNI1 z{>#xqX`-1XCCeaKoiWOC+tIjI(TWE56Pl*1*cB0tT)eJ4nu$pCba&0_d6O2lW=!;m zA+L@xQgfGbk@z8<pvWD{IJ-7hrpAj<p^B*ClhCk@0XFFG_G<2^345k{ui4GgyFMxj z5{tEuHSZ0$$Mp|5&+@jmU0S+2_>#wQ7K058p8ZHydM3OjZgFzw3HFZ-yQW#$`~K~O z1>Wag<^4^!#=hN5PA9NoJY>rHh`UF4$;|Y&BZ1s)m+b*d=4-1^n?G8fbH-5fmTONn zG>r~<Y#5PB^lmA{wLczE=A-Y5{g{VZHc2b5B=chRd~E3l=|HIBfv7W-_p_IqFUc;< zw|~td{yxTsr<qfs)G@O}aM!g^FZZ%K8yJJ=V(yOXq57QTAl^F1m{nymV4GRkkmIcG zSJFbj0O8tD+iT-kDu-nhN@v7OP5pHB$efK1HzH`*<e84(_8a%V%5VqsUc%qVje*HI z_gt*q0X+zRjck}4vUFQR)9IQm^u1XrJL#Y0xot5M0;>|8C}e|OoG=tZj+oz(#wTi{ zxL_jiCx674g@x7YA}ut+#s5AbX0J|_AzZ*=69L=38l0B+zv}&_rzbmUPhyP>j~CWd zsR)2v*9+>1gmH?navFwdzW^7BCaJlVGqP5Lw?{Fv@oUwCH?|#u1HuZ5ElkW5p2-DZ z$}k|V#AE?8Ojj?ip;L%+%P+9`0+oZG784;(_gdO!rs9EUl3DP95J8{?-a57EjuQ>V z#Wy@mRlcO`*P!M_#56mGKHmHxB6guA5jPuFt5YsR%T5o2Be-e4(>MkK&Y7#vgm=+r zpK6Mp#>)39m%-~Q-g(mdB(QzC@J3PXxMytVU|ty=?IMRyW>+wVs!9)jPY13L<rJs+ z!4#x}7i@ivb|&;Q^@H6LJ@?Ei(qXKRSD??<CKzZU<#dnHa>0kfV!;rnxx|}{ayIxk zI8oYkG%VM9F+z`$utRI0Zz8t}vAH1tE3}wvqieY>vZ%Ug_U2YzDMpPTE?hhWxDJcU zu_J(I{`o|h<PQ1Pr8mpFi=;(*=z6XKMj--++j{xz?z0?ZiJSh(T#9BaW2*v9g?sw4 zT(Af?YZ7?0dst1)^sRcIk&<r0y!=b^-}{W!kGAIErha!cbp75v$D9QV&<cyaH_(4E zV$Z0)T%5n!eW7fp%RcTHr(=U8geOH7quC2J=AzQ&${d~={P6h2Wk023jcuR5clYjm ztKNY@pQ1sFrS5&LgBEBh@=;#-$vLsaotP__o5}3LXes?L5bE5({^M>@)>~82gy%x` z$Oq@cWM6!Hj`*>^Ip;MMV%GznV=fnq@ex{FqtHh)sl*rv6bglt2-c&3I~SPC+d{Zn zpunrr`KBt{vs==J1{F(sXk{>{#r^af9sPG5KU4}1+d(T6+c?)>jZ+hzU_`g#6PH+p zIif>5TH%9Yh4%*wcRQ@-vBI1vk|+A5zgTLD9Wh*r&0HR_(2XbtCXW!zV>fmF>E!2O z>y>w*u1JCK-QGcA{t>qkm73ODbZD-nd%yQD<Sf9JlO%6|?{!S!MsK)3<d%xo5D4jc zvj8~32x@*HyVNR6;a}^aksphO*OR=Yx@j-yhKsj)thcCK9Jcn!o(yvfwAgVB3}5<o zss+dHJ7v$4Ioi(fBp6s~G9d+>B_N?J7E)(zdI7bj&U1M$8h%X^C%D}Scv+O^fFFEm z`*IitCu|%lH=-?65H!%lq}Qz?PqP|!o@VIQI)3{GrO&5vP%C@7;nbjR6yvj4LAR!Y zH|_kw+~wH*1n&R+>kN`ERmh%>G(~NO1K#lDitQW?mmDj<4pZB?i^+2wLWSHAZiF#} zhUE&5jht6nQh@|Pz=LnT?oW(GMBRNdAZLVM$Z$r1o)ez-{?%HK<(yq|XPxh8Z=20y zmo}6)aJb6t2>$4o9$MbW@xs8?DLYvi)~GZ+#y6yOQ1gl=^NBjz6EGVOMn&b5)p$JO z@)N6uaM=WvGW##{a&ML4C`NE7y+z#Ge46bZvwKd2X_qEVtJ?4nv!(&sxd?~LUZ;7% z4%jVn#f#)>RxEWpALL8A&NeJ^wW97C|GiT30%Xq7?(9ZH<<^vMok<iX{a1X%BNUeo z=3)poUPBwJ(pp<0O*7SAwa)7-7OaUqwejD|%}4Wref2d*__gLAJ8w|c7&_6~G6wBv z+MbZiIpV>2>&B)^T6a|VV@HWz_3{tSQZ(ceY1ss?AmF&jL(iT2HGC#y`^QI`7kI#h zdeVY~U>1?Y^6LZoe$Bh{E@*8u?RM_?OONsK{@pb?&9H*5L?aqe==g{6&oQ%VY6<2v ze;7Rk2;>o2`X{23+Bq-o4l}pf(Fa~Ko=iCI)ud`1dOw+T(rV(KBbwI;0-C9g=FME( z>`m>2%{OPY#>%;pFF9RqXvMyd#&3BQyz1{ydzL1ml}k)1idUL1<q2=W;rlzBb~aQa zi&~u27KZ8TbNU4eC~wj7Oo`_dF6_TiOn3!{H`n7i8~;-K>3frj*<sEX4C(_s_3OdY zpM%TKCyiZkA+}CEArJe=G;tHKYVwjm<*N?^+dKXjf5MJlK01OI2y?G4h4lQfYkyr9 zcPb8adEkH<V&HKd@I54ABFxYtF=*jmwQB#ZuK}p0qcY|{3o8#Hs)(S7E+?$?K*idV zLv9z5vSa6}K$|D!mvPS8*uVgWVX!YEU}3k1uk(Tq3f`<3gV#RqYdCr|I+EZ|s2FgS zz-z+RnBQ6F$J>wGeLt;uXbm_wFM6D^SYE#qk<UZQHR;%xy;~t)iy!c?c#uBQpSVeV zKKCZq=k?rO=7eNZ<d%uwLM~#hY{Rr<7;I&#_Du_N@P5@}^6I+Y1K!<O)C?cvjLpX| zl#pgVD&VEKch}%t$@|sTDf%^I3PXO-!r11OQIy8mPa)%!eLl$6%GH|{PL-7j!@qaC zdoo(O2WXhP)NIze&Q?h(QRalE{Q8oI*y>HPGB6ODEu<^5JE@2d($&^8HVi4)pVRzn zeF0%Bn54PYR~GM|im*L%*prrX+e)Zwtboho<Zc0njpf^m`DL%2%@bOFZ3P<H=$zCy zHm2DM1)i_D21pmXVqVoL#~wW9O>F~wQM{RQPMBU;L-zB0{9Y1|;q5D3^(53*pUL+G zV;)0}Cs#R$UP*hUU)C#=^9}v#>tuM+mFdYXXWj5W!+1HQf~f<ZC6{h}u4^o;>6irf zSsqZ`Cj;;CypMP4QJf0Q#qTTbG4Zr+Bj575trM-@4)`;L@l=bh2~v{-N3(c7cCw6C zd{IsObR$FQpIV{)=xfhp@sG0`IRnofUI|z@Ee?Wt`nUElx;J5AVL!O=BDv-8Da*;j zdqH*=CU*MN24L4+P7{z30mVmsr0SchQXS&i*>c>39$^_N3qjGqsSw814<AdH#}pHz z^hV;W=I+t2Q=cL=p>8upd7%CL5?{03Tlfc!1lpL#VPKV6wrRo%pTvxBs}aJN5Xs6n zb942N7IkMZ-Z<)r3|<38M=SWOj~^3d@q0R!x(pnnuW4f3WeLF|tltHF#(z!@&343Z zmp2G#k(%i=-U{lr`Z9RGdp=-_4)#|D{I1~U2bM045!B7Zpq*AuuQ0Q`=l8Uo&c9}- zZ|#a+G_r>ngvd9ZP&f9OBmEd!Mk@CIL}~5_i~k&Lb7x9xaX!!!kVD1!Pq#)KH(<fB zj{^wbriBH3#yt?~QNZc5%;wEk#7Cdit-Hl~@mEIjSySh}EHy+|>~_D#Nmj1tB2OzB z(187P{x{uP(Q#jWT!Kc-TA#w2S3X=Q+d864jiL;ijmu8ZVrSV@4y*EnInc|7Qx)G* z#3{bZ3Bys3Ia)<^FDbk<^XXQ5v1;+<aQUMK7-Fn2lWX@~!@(ux`lU^|e}df^z*qI& zKhYZvr-<S(p`0nhjE_4X_c)iW#ZN^E{^&Rj0WIxcYvXv(`W&)Rf9R;_M2&q?qoL6G z_Z!nj0?#O`UlKbfzg1K=-l|Bq`*repGw9EBl+gOLHjNbTGew$e5_6rfp{~31yIFeP zz~~Ecn{(^DzOZo?`gZMNr85lSN8^AJ{o6%jXjmVe*S2`$`)s_*#K^Xx0L0*`Uubw9 ze#3A0%aIOkcjA=bR-4}Hmq|(~<F+mYxwL<kjHRBPG={z~<<XppgYm_`br=tW1mjo` zgd6H>b2&`YJl|6MgpPiP{Wa#e#2uWdw#Q4E6W3az`OS3CFt`lRog)=NsG(zG&@qtK zRwVi+i4vkY!YjjoB;NNJd|g~$sz1zM_zvneo*kUB^2hLwj*^o74V6i>*M>mwh~zJ2 z=#yrzLe_$o(THK0$3d&iXf59WNjzt3kV0?!i}dqz6O@e;l0Woq6q`IrUPB~OB~PDj z&K8$$cMu1t=@$PHzm-oK#VXTu4$mKgi<;j%g3mJx$p_1;ju$3kck&T1iJ4`<g>Y+= zlM@MNx+!u?2ze5JX|&kZM9d`1?#pUJtdW#nc=|p0<&LoYfHBwF?D!xw{-aEC5A2Kx zWt04O13TQK=PnEmE5?@41S;^&7eQ5<xzD>fJXJVIboug$nkPFW)Pa+j;xKzw2m$i7 zC~Gi`i8a@-^|lTSR#wpSx&dZif)eWfyi}OkFg^Rkj2nd-QURR)P;ktn<8H6kur>#D zLl;*BF)|&QqhBr#-NLq=oha803-d&`8gn7or+gI(^zVcZGnN+xBt43Ue^K8gzysxU z%s|u<C3iI&=Dp0aqU2|v!Wj#aLST%ku~QQ`=E!gz*n^bn5=NIy)|Y{o6`vGqLriU! zfYA2v4!x+bDVj-f^tL-|ifXfbpxt3h2HVdL5OWXK+PbWpvmowsX8LGWz}C0*O}Vvq zC=AG?NA*VY^MU?ry3c<&X*vvx%P(o}-f_M*m>>4C$V1<D^=@d^EDfQ0@qNk-Pq&Dr zv+qI~Z!)j<>t5Wn^f<!-C9nXjL*2r!+c$Qr<7iRh-TFDWU2C7+p+u)(p32|%EbGh7 z7z^)A6{Oiz)_z@cJ*ghLb;Bh6*1TYZ_Zbwt8`##G@2J#XIOKZ~<J12@gpU6<f<e#a zA|oBAu%|<_4i1*`dFBmh;e;2BxD5YI0f>{u92y&@L3*jS@hp0Q8JOZbFN7(r8B(fO zT<|DKkA3qqH@DCIG&}xwiN3Brzcyf<9XkFI8TX#|Jh2(LbwqO?5cE_J7xM$9+7D@) zN%C{zxd8(jh@m^^iLOPI!-7fXC5OnrnT1f6iK9oBI~^(y+Fo0Znoe%AtBYv_1g9f2 zN(MoA20SB}y)3-0>!!*=afP9N{Xb9}AkRD1uKmi&D)k;hLF1cPw*JVQA(fSeglz$N zba-z5=97mgsnYfpG(Ua1Cm>daZeQ{zK3e}uQy45=8DZH|)#8wUqvD1ru-Vsqez?TR zlLDgSrb0HrXLU_x#_nt9cCgoT+qI4CJz%lw>oRs)xcrQu%eH=!Y=l^fc-uB}11NDO ziC%Y+rmPA=!W<V0HKYY94O@NV*n}NYAH|$O>uNtj@%3$zEbs=XR(CUd0)3c4o}@ZU z5<t<^tkq6pUwpf3{wI{jrhMrio1RM(Bit^H^}k&!qqA#U7+yT$1U08R0|v}<Z>OuR z8XR)^FFk{1;JKtq&w!$AA5UTXiEmwrPOXc<yi*>qH#rPCa=@}~WP7f|QqM}_LVp7O zF{Zl<^?FG}H`J)h%RYoxPUB&ovSH%m$9Org3JP9$J2mZ+1Ha+d$)?|wwU^gqHYuM< z!XRZAe<ZLzt(K%4ylEu37A983AVBk)&H_925$*EIf`IuEKyGfZV!cHJj@0C(I^3nc zpHYSfdpIbWoR@QH^ssx+Sd3`eo+|uKy}uak9eK+=4(0LtA8<!bQT|rGQQ{tBh<T{H zJp{#?P{j}$JbiJBYK8e3A%nyqA#Bj-Bc?|;>S6r2&6hlp2KT=VXgCiTYbg4vvZ#!9 zai5d97P>WMAN42yTMy_LJ#=Y&yKmQ<6U7e><v<K?9aA>8mE$Lm_Ec<~@E4auZ_YkI zS7TVL+N$1JVU#gwl-6>>0l~ceS9IhtK&8yHb=N)uB|F|}5sePqO4vQOHQ$KQox4^v zZ2``3O0{oEdvbp8VjokPkR5dT{*T5e!54M1hl;)PnSzC56_CVU`L3BfxdSxRBLUm8 zag#S-Tlw?d-L#ltldbO~&|$<Jaq&mJTq+%L+j)e20Y~-hyp}k>KWDYN{U+^mwaeT< z#&~nXc7N^Y<k4tG*_XbC!LajZcE1m%t*0%}tJYM`raCw}+N+nD=Rk+UE%`gQ4~b7^ z;d5gJZ)N7b6_G|6U9W3J3+2e~cETTNXTK@j#u-dBk#OXp-S#W8d;2t7cA2OH+Ax|6 z1KahL$9F2yQ&%vnUUbiLCY27JW~=p8UH8*;IQyDks1r0iPjnEv^;*Joj)yf#GhsJL zMo`r0Dm+&*naJTdr&-bOBoMo`$=4(|ckH3HM;?j{%(1r`3_3}*9S^Ja_`XlUiU{q0 zAM`2%b&8q}(3lR^_B$m==+%3*I>W0St3U21PuPq@`vy-Awi7*ZjkiX{yI2ThPu?Ua zPC+%^u3Eb1d!C(i9x_|YlJFkYCUG298_Q0(G#~FJ*I#61J<`uH9CoB=+W8_UO{ndl zswp{o7Fpw!-#<vYU+Ut4m|L3Fq^Zdtr#`v5mDnGk-miyQ6B(_vQYX4*B^++zp$kOO z#5!*G>jJV-F+6tk|94)cg|K`5X|{U5ePffno-R~L+V(mnP0NEa;96$?SMKDL?E@3^ zbn$abSa|o%iuCZGUlDPMTiY?=M_;yv{j$OKfq5eGEk9<yGJf<cYjLJe)tV6$J-7J| zsRNUW8ZtSA=}JOcn@O@4#R$#Q^FQ!M_iqd6SSa2>^-h0U3U`=t9VWaKMzF|V7gfFc zk4|Nif}VBuKb*r0h_;Wu(7D=5rGot#R}x`)+Lbc(yITa(3Y>+LuF_YwOC!w=E+qZ{ zn|xD!^;T5*9te}KJbh8bPeAq_JFG3t;tNinT|dTa^FtsZT8?wG^v(=_iqL-ZqFN_Q z1`QBCZeP-g1fg3s(uSq?oA{<sj?C_|x@Z_j60bHPpQcRgPAIZO0AO9pdM7=5E@~WK zor+WJBPG28<3zA*`5I(SsZ{N0kcZl8c^j&3-)Wyx;;)2%B$O|P;Z6pTSsv;7aQ<8e zHoiTa7mmr}5suTC*G#+Q?3NA~m)sTz88G<q0U{M~0ECqm!r{B;AZKVJR3d_5!C6xl z;PdZpSmpndfMgY*<4nQjFyeZ2j_l&zj0o^v3@PYH6xuMn@m@VHed=yFMIWMSG?m*4 zY#3iNRlY7=m(c~kZEa?{XF#|dhg~19N6c(#Z1^S`eQr~n#_D&APB2azafqN-5GO^m zYbRglPki5AKnKDOUp@!(ymJBPy<<(yMq2Ct@SmhiIKgeR7QH2RUxRfl0)a3ILx&N= za1d4<=ZxfVh^V|-$*iCjGQySz8nH;#Z_`7PVCmc(=~=}ACOWw9Ms?Rj=s3@jbNttr za%+$bZBfwu#Ss0^ln#|f`~AtFCMqdPYv)IXeu3zOY(*f=AhJ}a7?)(!_@2!SL7U$B zoS{X8S2ejm7^txs5@OoHZEe?@58S@)-a92$HNKy>(}CNQ+vJ1F0cvr$E$SIy4{5g3 zgl`kn?G8h_V8@)W?w79Nk(fI0^dpV%Cmc^W*zw%q^Ws|M=(UEGQq4dSyzqXk*&CBL zq({d6zi@a69skHF0Xa^C7oOSdpp_QM2lxb5R=SJ@mzqD15Z~*#z*n(7mJ>6#`B;yp z!k~NY_lL9(I-=Y{9`$7`dAKp5utR^G>X96*Sr+vKfr(SUX{_a1v$L?)-hKD;&o&It zy3WNml|;jgc<jl4`mqbQ#Y27E@S7ct&u&>;ukAl_6>HvcUU98?k+?8zgxJGvSh`dg zoX|?^ipX<>hvcE<?SJn45E6W<GVUI>L5zKkK^h4KR+}0@<oeLWji3{Ml>jh!R%7Rf zUZDLey9pCV(sM{(@6PNGA;fZPs2xpT6|$#+*@kX%FNyJXG00g6*UQsLqKCGcj20G( z@uY|*sJ0r$@lMa@XPE>_K%J$t)G1k2Yh9CwB?LSv3HU4ns{m<@*_pq@Cp<aSBFgSB zIN!0mWw>h7Tc){-L!dF^e6E~LAH}?5$?84*+@J9Qm)_o9Y}P-fdJbWenYk^UUsuj9 zQ~ki_n!iel?>|&;%vs=X)Lr<9-V$Xas+OKkxWJj{D>4WqD^zq2lX30<%RW%@-B?{+ ze(Fq6D#M7ZMr2E8g=#M2S|7(gYq?<O)~p(^6Pgufg(C5nrS?qjMJmg;#+1JL#M1g! z-yX<tTAMEY7j^`o{wyG8PIH;_V(%olb)i-=kkInN;u$x4j4($Ncz*c9znDtwx5{OH z%eu$Wy|#76Tm~N6C8L1=9bZ`5@>)#iKEC?F=~!wy?w!T|dZ6g&|IOL?pETV10YKme zAB>KE%KPWfGC#io;4~4AE!zHSJjz}QI(-+@%ppBrPKUd&@>dd~{l)(?m;<0Rt=hu> z1D?YP*MTwX2%`rE2M25KGWi`fgjic1=SbEze%g}wD%KQqd_P0ROh&`v{-HKjP@>o2 zE|GRM4FL~t36CMX{}Lq|Y_l|yot-`O`}cfq1whxY5f8$X5$cI6suRC|yJlNwQ<uW9 zC3BkO7ptA#G&R?@nL9kXJDuJ`7v>ZEQV~Q&rz|>`PGzJibZf1Skzz$Rl0f-fTf4i_ zS#hM+>7m2x0yrXaI|9$w6A}`zvy4AC+k#u=R2u=F`s1fhyUwWV4KgaMro-ZLa$7U1 zlw>z6_|gpT>hk(^Xgy+qxU#(L@^i+3N_=2xnL<;$Uo@=<+b3Gs`0P<FE(?)6DvqpD zHN=TCiZJ56$eNm(<E_^<AxKv4I}2~l(P0+zqE^?xY`hR<6@C2VNyX{1g9tj>3{r?0 zv8{WYcj_ir*|$aR+VXU~7LAin=xkKnwwQs_%?eDR&@XNKoswpWxj~Jm>t1zaB*T~8 zA<H!<Ey^39{iFH>l`dx=8qcTLk&&4hC?suF_hYa>M`LV%8@0U_pp~A+q0div<y3Fi zLOU6>^-X*&=0a)tDQtT_%?cfKLYZ{^Q|XAkE^{MPj`!wf#<x@C+VWX_!C!#F4>bA? zEW&CO;B{S`a(o|6CI>Nes6YKB;SYF2;}W3A<g@oBJ=<E+JyZGb&b4j6;uApp9I0?v z+v<_sKf0kseNM?eA?ISl;#Y2H?A{rBQk3n|(n{Y51=!x8k$aY|jzA9Q1sv7z*GH~7 z%LiEP902FGJgGX`t8H@Kz;vpwo}E01Tx&Wxu4(7C90BI=*(r&h+aGZi#&A}OJLR<H zL4A^ZL;Z-<MoCDwc5k7tS*sZvo%@y&sMG}5?N-mHtbP8@8;%2QE%~IXe$AC(X&d}V zBvj~`c=q#`+5Ua?d#4NXS%I17dw-n9qQ!F-BZWE=eggmH{erqXJjNuRWe2qDWL^ha zF21r205A&mnLDrYSW)(i3?ZWC_Cl|hXaHb^ulA{L>?n97o-!Ull4BK>J{1opb-_|j z4ZnSPQdQsOo*SCvhyOD1hdWEytN^!$C9yK~cj283ucfWgJl4;X)2K7CvNdDRzV^01 z1lmbRejXci?5fSDtq!J%wVfKirAP7$?+jv(RG03ZZw8VAAUd;?1|pFYr`!XA__+3; zN$+9nf4TMClU_HhgZgTDm^EfP;u-1GjbH)EP)|urbz+v+xEZ^~ju~Z@sOb#k`~L{; ze#sxlaAfd^;q53v*dX=wx>>7K_REV%^}P{?PmPTe*xiq|^&a;4Q-+<TWw`0so3dhi z@^q5i=d%hhkab^CvyPeSKBZK^)2V=)E}s!yHpb$<pAzmuYaA-wFJrHO<nyrG#QqI+ zw9E^PEl{OJ^=2s#YVPDg$r`Xi*&uSyi}iY<-{sQ3K!D{6pz6o0d!x>>Uw|KL08v~E zAgsMP8$d+k^u=LEP=*^qKfy1eqX`t-wWwUsZ3H2+8VLphRN&TtYj>W8s(%O5m7cu( zy8m_K^Mx|}K>P;KD^Ps)8pz>f$u#JxY|~MtAZ9A$+4GW5Q+*EZAh(6rmd`eKai<(k zj*4MS9r7Fi9hdoQXaTIXhSrcX$z^ZMO-p??P7wtiQj}oK0nr-SU|3`u58hD$n}D=p z5umZvB^vlNB;D+_Cpy$9<R>xb8vt*vqIK(ww@-6PXYCR%<Oh>km`OPEO#tr~Kbk;I z_6Hqr?~&S|V+?0q>;P33(1diCCV-Jy!eY~bX1S-`G`Y$^To88VjBGP)V={T!yy+=G z`);fPtr3*~dY-Z#nJA<+VdR1j0U^LFIk$^$d@c)^zo2=ZPs6Xe>@Mj(Gm4vacQHTl zML$Dg=n^4I%?psA>|SLMr~`RxK1Vi(&F=DUa$*2sSRYn;x}Wz%jRZU`GbMlh`0?Xk z#XkVm_o?8sV?hqn@RT)@oo4IrDOkOOVK>Q7U#{rejF1gzk@>Q!kg4DpvxeX9)AY_; z#c}pWDQE%{vi`>G1oSSB7&=Tx8gB&7`|w4uLgkB45M6GEcbaV`NBC}ZO#AzyjVSvP zz0<&M4_E^JvLWQQHh{QRvq51?5$#~b%QeQ!vckoyZg@nQJel~)S_r~Ha*0{~314<g zL`knMiYhpZ;yQsF>00iC@|so^IbMZ%5Qa5w3Sg*}?Ur|c-8QYSC7{J@IDDtb;ZC8( z^DN~w;Mvn2prCF2hKvk;p3+mpbNDLBqO|ewDUWgZnLK`lhd7~=aiS)XtoVBddn%z~ z>7A9`Fl}c8eyRjFPkjq_(&d954TR(n<M<Q<TqB4*TnP%ucXImHFb4PsUOsakU-3s= zhN^OMg-DtqHC;3JjW;o*yB9i6Kcj<2kF31)gS|NoXHH@J^%+rB-hn)=%fAw*tye31 zWS#|^h^D_Q7i&{uC<`g`CQF?mDL;jDo%Rbc^ip9B0De9AqDwfcPDi1)IR)92$HTsR zv}pmFf0y9B`*l#55WU2~lJ64bZoi09>BcdJIz{r(roUdT8%)5ubsMQ!R6E{0btY@s z1TX&@q$$*e{H^ntJ(@6?t%D901@8Un)Zol<kX|<=AB2a>rB9W)T3HjijE$Z-yKTGO za&MA<cG(xl=1k8Ei+xqGuFVgAJXCW3N!h-NSc!_<`BqBTS2}Qn1El@55d*>8T#Ov{ zWQ9geJ_g}Itlaj^UU@D7A46L@4w+b*#&eaSTj@=9jkaxxt)6=HI5xw+4GjrKo7?Q` zZA$T5qBfhXpxEYs2v+hQ%ha?So4y>tL#l*xCnhNLXQ>Si--Mkj)P{@Ule+&A`iH5E z?T%8fq;egI!V8q(ptjzSX<><isl$Ql5Y*&=5_YmnHZc4q5ck<MT+bP&>v$nKV`U^h zf8yjW(>Nhx@PvGA+xGsOYc1aM-C~fHvuDcQfd3Z1lprmwQuzD@#N#)LX0eS`KBber zlXK_7dfKC02lOX^;(cr7T3=^{%}ZOOro5IqO|1@1a{F$8C%*cb$B8P>u>bvA8V6VW z=NM;g$d{0Ts906RaL7pCN>7DqS{OA8$f$u;T|dg{tSF={&Z}i{2X`fh;c)Y%vj|Yq zAKwr+t!gD}ihkct^lBNH-Snb(5*;%8jXO7iaIYFhkayzjHcqpJkG0fYGKG6jS!5;d zAQL*(P9+c~qpGscYTc^7TJrAXJ=uG&Z4*!%M^&qrP7Z5yvU(Cjj(7gl4?G9rO{<J! z)8n3fO7jbBfa8;a6Mvt>q$2t!Wp3AC3_<`9t^*5y^?!mnH3!l3Om>pezQo7JpX$YT zC$8*G9#frnkMwN-(Tn`0Wb}W4yZ=>>A^$SpX6fm3K}na=%NypUsQH%xH$cw-9a=FT z#0?!;z#J2|lf_I`%=9kyI(fq!rxa~&gCren`m)Gsz+W1*qdCF6kB<!L_2PUygHf&p zhF2TO*COoBcWr$8Tp`%G9U$oixshsp>PY};p8I^#*{8vQFa~v)o**v7=>E)cNPt$E z(RdhuHvL<=o)epnAZ<C>aP{^ii!S;Er=8no*n{xXOPz@T_RMdk4a-tZ(BZr2x%a*8 zAzJXM`Tk_1)QB|I?V07S+}Y66ip10l(?fC6+~!Nf7(tk3W?&a0RX%uW&Wypf9p7pj zPXJ_*uT=&t<Z2QNEcsaCLT>OZ$J11~Gn)$(WgVaX?g$C8aiC==>Cn&sO)G|%Yq|92 zAskA+Qp~LTAm9|I{gI{ryDf=nQrm?u*hw45*s7b9Q_dMYWr3q_`2eXi;2)sXjpsav zYSl-Yfh$FxGx*LLz+ys!Eik$e@cwy12hh4YH4KI&fA}Ef-|s&$yH7J7g;D1C!D42E z{|9L2s_Ue$la&vFB<eIvcYW69!2>`fDnN2tQ3P5#>lgltRDiUpz6dGvxg#S67sqhn zS!C+oZs5qNQQCL(=N+!<@S283iwXd%R4xj620%*h8I?=nX>=cP{t~z;@?ET@97l?> z=UmLJYb3O{NHD!M0B9rkn>Mt8_I2R(7^D@BlTwuB8MDEN>+1}Juy$y`7z&><3I&uC z86msTwYxy?UTcpYNe;b&G!Y<9=$}8gDy~xx`4O>i0IR^I#hGzB@FqqD;N0RyfRc_G z&<3HF^7PTgC!pD*<Nc<Md=1)Q46H0|m#a_*1A?&AltE%5cyw5;b!|B%Vn4IQaVED? znq!3nB%H-DjQT5Wbxef@aSrS4e%*;dM-D1>+K`)I+*@n4(?+?(#!inyhj20>Q+Q4+ zG}uWedtK1K%>Nqr*C=2Ix&A7?xqfllBOBQFZP?$@alV2=;}k?Mhoc<N3KR75zhe}~ zQ%D7&q_WVM_VAw>l5}W}=D~x};l_mu&o{Jo#TX=xp(28*^GdTvXfnKly*76na@~ZH zBz*}`(x*x-@N#H+xn|q*$S3_kL)cP9i0G>LARCGcPcJf^4P-EggcP5uIc<|V24USK z(v9OIqShD4G{;TD!rQpB`=`w;i?^k9Lo~M*MH?qVn?uIjn*Nr>N($Jp?iTii!wgD_ zd2D#|^fqrPwR0Tbl|#zgKkw5xWltDHpFVb3%pH>J6%G)076o$|J%n-NxzOxzbCn@g zi$rA2I?!ACODJ3*-?2fT)qY(Ecf&9U57!UFv=J0E7t$R99)v6gj|X$WL&HSR1qaV! z?zsi7SOzjj;*z!G1K+%M7t)XSMD39DWW-V#<s5ZQNR6Nzj==(hSnm4T@NzSup=Tub z5yKMjv@H!_z!^rT%N5j<T3P<iVurs=IGzf*vs$+G*!iilI%4Y`uz4;=MmnM7yq!A^ zG_26ul4(bMxbby=&n-&Mgxi|~KBSU<>;kkXA_mh&zPh9^y1k&q4FLs-;l5cq8bmk; zo{zauM%opa5ul69^ghGwxTy<MN1a2(%KIdGK%+c8Y{4Ov>15D)V!DA1gm*;=C+4hD z(rfkNk7G{4k>|#Bn9T;j?7?X9F-=GFvNu>c<+Z_}!Ix*B)wR&M(V;jCWgtw>(15da z>GzOG3_MHg*tC<9!EC2btd%OcP4Me33!*ynAW<wR@H(AElQwUH>J09<%y(8rZ0et) zoJydk`~>68cHNqJFd)L78sZHda)#XNQ!&8(=}H#0e&3Z?S*0p)Td`1URa6Ydp|6@> zf=U^`#u+}W2-H@0sdce8wX}rBc)4P$)hsMW?4ty&vOMQ}?cVw#)GQS3H(yJ31GUPS zmbHlW9LE?<&9<kzX5$b&dBfo9%F7};h<R$XSH*RN@2ING>GE(+jMuz;5_7mG|5nwe zK?pYsK3T|o>0I`uX0i<_$RLng(W?yXU&fjxj#<wKu22WhhKrQO`xEDJM|f6Awyq7m zdYIggiJud>3`q<~?!HD8wIP+=BYH=`Dbp+Y#_4R1C^EH4I3WdC(E8*G0S_6o49z$> zqq!Cj!ds<&ZJ)_Rg6HdnyD}RC4#BepIFy&Wt5v`FJl*^NbL+~PGqHfLp{w?vhNJ&s zPbv>hCxqrn#GniQW6Wp_$u&h!t(ahog#Y~>g-w-<M-Q`e)3=@P{A-Szn=CK8-rx1K ztW;u(0qk>-#b<xcl#B)j%LmpDv1#{W-$}6JIDzkVV6p$5B&>H1@R3U8=imIlX$9&2 z&v&2x^OEIHyOM-Y=VCa0%S8XCbojsX@}DLz2>^MjfL;Cn_^^fY!!FqA^gEmQ{_80I zzjZ18LzVqc@*e-k8?NNEz&dT~Q-1V2>90>3V2ajtn4sUCvTn{d{(m$b<xhwIMj8Y6 zyOo1j|3jaDZ;J09{_g)!G6E*2=-<xA|0f@chIHw&kG1E2_qhHXa6Fad=-&wc)hD0X z;%iC@hv*GXRe8zi-$|!ixrJ&yDIY6MPR(hPoNtJG!#^JWR`zau_MdNzIsMX%1sRLS zip1}q`KlJUy3;5Y4c5=Jv~2ub<Ve4}g(w%U-CjSkL)TZnR!<Y^(XwTc{$#X-RbyW` zG$7kb&bko4H};zkd|#W5S(@tU^Yp#j_pb@fpPBLL(sl3G!$W7<GDdgquM8HAlr5>7 z_o`{xru8*>#=8~G{#I6|5*gXPqP{wQu$i#bEVE3l+CX`)esbE_JU*nn$o@T~qDtl4 zDd3Zi^W45~X*)SAWb@DeQr20<HPwK9SOq~vBn&!~ew1$5KmiFUmFE%Zl9(`>35*bF z>2M%1L|VE=g945c1{=A-=w>vG<~_de$M^eoe&=@<=RWs+{jZw|BKQF^QDjJr4gN}0 zdR(LBA2{Xvb#26=i)d3mTt}XK3>i~)Tzg+qR;Ez<U+sTmBlyHH_4MgMClAJBQ$(!v zum}ph=urwe1{D_@S!=(}WRl6>JLpHrx%ohYM+zFHhu@f}>h>1P9BfIDjXB<s0A~o5 zf}&z+OG^vDQ=ov3aj}=Dr`-8l6O&8ucvwahbUdvrY9H{~ls^8FStTtiOGZ?;)MdOf zSK2%I9bhin9k8IttaXgX+9xx)XXvjbZK<wN?SZHy_hceZyy1D!X?@;IF70K&(BiwU z)ATFxY*auIpI%a3idJAWQDiO6Zt6qunjq8b<tkfqq*-9KMqOu}&qs+>lWUEQ;QsH< z+JseCc!7~ej*$WMq@=D4g{T5fy)o7E!-rEn&*(>*0aBE-ovk0Rod^WtVlRF#*U`bj zRh6{5D%AYM@kQ_5FjbCmjH1bgM{8c~?}^Fb1ux;!Km!khz}DcHVTvW_y~SAQz%Mx} z?LC%~+`#97Ht7mS0oKEDGK<W?54$w`+{)rGzf^j0h!bN+#vl~hc>TSpvzf5h=m_4j zR9N>-*1(tm!F+VehNjWCq_KeTKFNDnR)&}1h01U;Hh*1#b*+@g=dqcvmXrxK5$UL_ z(;fkMkX(`k^ie>g8V!8AU%`)N!%2W(rB(px-EQtZdp#Wthq;%&4t>qD>uSBgr4#Kg z%@;I-iz&>RLWr2X7j4;39GeHqrnPc5!d-ry3KmJb@!iEfI2+hYPpJU`YPY1mdp=R% zewaHjHa_kkX+KZ{JPC=^5^N5C)>Cf;QFB&=bNY7w9kW6kfp&Wve+aB1X<6UM=dgz3 zARTB!f`LH%At1-`Z317O?a6qp4gXtr{CF7p5@kfwJ`L$Fof=I*mF7M4Vd@bm%KS2! z_}&D;p0sXWQfDzGO$hK^zTLF@o7DtQgo68fOdv0aFB}=O79yo;y^K{&;-qW$bAw#z zBekTMX+y1sG@02>wGmI;=6{rxp^U2SCORYUl2!|{U_70IHl4wXyXINBdJ#7<kqRKC z3pY66Ju%}IQv9yfB3I`+dret=ic|O6$>bg;uK`*LHw&(Gj<?t65Km*W@EbzMuq~6q zQvqhFf4$Co$2wis1<A(!=~G3#9l%%m=N!+JusOM`A4mWit9dUr@=rOYo&sb*@2P;- zr{R>K*v5p|MvW|XCu?k23SrW&FDdqkR`nNrtW>cU&c)HCW?&ehFD!eC_mYI>WaI7@ zj2o6~9TaO3J@pF?JZs+CXv7KY;WDpB_F-*xwc?G(zQsB|;rCQh7w7c!EL@2Ogj!^e zg}8@Tv4aqKsve5$>>YaKO8f%T93$b_e~d4O-BbPcTI=cNUTnC=^K+Z`>Mh)aTwAsv zpTh?GbJl$KS8WH+H}#KInCFjQoA;7|hrEuy&qI~^@X!<^3yUo%TG}+uRf2mGXi^iG z5|}W#`>pF~$ya>|wPXa%Y!iUy`CTbAe=~J?`@5(LlHwo_y4v=?qn3^FN{CqD-u!~< z#ZJ$`-*ag)d0zt7bwu#t8vU)R&v!>7VZ*{j<^7N<$m)1SiV3MBr62V}JH==uA{2$= zGazA$Vq|zCyUZlhHo8st$A>=XSG)Bomhk6oY2k8WrEK3rIo@)ad0==OeoL{A;ppol z>N~t2HY7a!M+YJohxZ_|DR@1_j*N@}swi^fpc_c3Cm2&jw$RAsd9}n`Iv&^f{Cp+j z)e<+4waI(-Xc7^=RcqUa_|hL}CP670jdXwQto~lDB|krZI_k5BKIk}vZEmu`<Mj9S z#MsqIz&`>p$k*BNu<8`UmWsaS94+GXSzut3w2Ownkym;8Vj}6{D*ir0Bbiu9yx0L1 z+Bl^&Z8ciz_q|@<EJO()qzQG-fjvZTqQPO-va%yr)1mF@q}kp^V0oJL<#a^R8)^60 z^R|RN=z5ez6<Fk}lLcqXpi;oG4*b;T?gmAm|E~bB?~ncxs1`1lZ*-ytwAg~|3|Z&S zTmxbeu=`z>a_Elyd8|ByUY$~bJ?#1Xk_c~%UWb^31UTXj*RoZ^X*mtd3wEp-su>oq zc6^jO>Ew~&UWI`TM@o6VY-Y*#1kqtrn#LNfSNA$wG&Hx>znkaICLLVwjS;VU!{{{! z^2&9-eeW-(P@YqQLEQ>_iLKi~Zi{W_ju$AkIC{tVSak5%y-)HuyE{K+vt;xXJ7n*p zG|Yt+Wfpv~)lxP-^%^>r>2>%sgO#vcRX~~!Z*%%DMRe;xO?^N+!|Kv!qVMofJD>1| z$8KCE$Bq!jgsJ=y#bh#4Xk6S_GD?(oYCNCmEpY0sLQ8>v)W+tgC6j#_leS;D2CX{P zhuxrA_MY*4qVOonq!5%Dw--&%Zc*cqV4<(%`EpV#7AMppr@hr65@|m)F|xYO<H>(J zd{=_jayIsQ(;17JeGaFoY75Iy`_W2a#I4ma!zn>7+odGbjFIGjR;1w8rwxLV1~p<Y zQ1be0?np=R7qJ>h5Y6pme{4zl$zrbam^r+ZEZeJkzT)AX`d9Nso;bSw2=sRlR1Ob? zzEti^L`7Z1bam`t;bo6e(gm%fqt-ME@Qptj%LEjYeuZqTaeOE5&EH>QwB8~n(v#jg z`48PY9h}Y|S68(+9^sSL(p*c5AD#%ySt1NDfo*xREZ#>oCE8#U@U;z<8!d0bfq#nn zLuN21^({>0ij$uNt7QnYF*CiBGvqK-lr?(2Cp<Q)5-Y@_`{?p4U_A{8fw$^?>I&I; z2~)Qpy}#WlsJ!77y5)s&Iy>rWITO#DH&&Pb*)C}ykEHhb(zJ}XtGNmt#!k+Wg12`z zAT+%or*W}zy15(T6|)`TO@=oMPk%F6Y&`1p`1KP3xbHBb%c0(7hN?Mnc^7I~xdFqE zDU+*)mMvm*W_h^Q!sEGB78tInDvNx$^!k-Qs#mP5f{n-9Y@9tf#YYs7T2uuHZ87bV zM$RrQN@GfHi>8VT$oHqjDQVQyNEAu8V@cpyQQhSh_B~<gd*tEbEFFPD8j6xytb9`W zt6*_)i~QcyMm#b+COz6PQP$Yc|Fd>aggTGANLk0sO8sP(e=IJ$V@5?&C1eiin3Sy8 z4HlBLe&$oi_9(vmCJ+`p=|&s=8cx`Y;N_9>xl*=#9M5FH-pSYe#ohKTQ?4^;j4vw1 z`<SH^5?&~3?T!JHz5N{|v8KR0l4y5DykX^g)CLfrJW%lB+lmR*Q~M&dP+f*EVFzxQ z)Qf1vY|!j~Ljqq>6?a0$lX*D#hyr6f8QkW~*R%unaqeWZ6jNk#WMvd#<4ns7c9c4S z8mlNEk$9GkNA8!ReuYYsm~!mLd7>1ccIgv;?5Z`GJSQI3VX6b$ytB^<wlS#1?i8mj zt9eoZS){_C05uNogTF><(ezF_dcBQEtw4U<5pzM$%(44mhr~p%@iNI79-hV_Ipj3M z&X9zdqC0?crc(pynEsGAepdyQkeW95kbxp3Ha4v5m(r@7zF9ru4hxP-fy?|>m$=U4 zqR-y)@xfwmg$VOO$9dP&LZ&XkyIwzY-u+O==cD<Hi%Q*Wdaom;;%ye56RbkK<##rA z;bq$HF1?}4A>6M;*O<;}ve|)IUXl<kP4~011^{Mi2@G@C*6~(1?Rw<7z?79owjeAN zPiriXPCQEi+nCU1T3#w{Tt6M$W=aCc7hR7ur{c$U1mz`JzKJav$9b|qWYHZPCKw*B zp0_&CtpK!I_MlA(1{)kqy0x;G&@>W!)#I?U#C8;S{+ZUWUHU=NiuV)Z?-zj}Q`UP7 zR{w5YKFHZh2^Ig8a{=%Y5OxJ&su!%-FxhGm&57V0ooxjmo3HWJI-3zg=@Jbw8vg1i zrZQ?E_U~G-r8{`J=&>~;hs0)6nI=d3;L*D)%!-G^`van;HG?r!E}wl95ht!ssBVK; z)cr$v@Hac6LMQ9>1Gc<$H!(Fy_PP_}1tQ5={wF|G!~<Pfc=tR`pNcx)&0A*SS-{Zd zdfJp32dtyh7BzBRpTH)Hv~}T-ClCWBOi#($iK(V?n8P+NM1Q;ZCPd0H!|{z`SD=Wp zu#XVj3_SHCOt^+ty}$0V(G&S!jB#?OZDq^BaQFtI;A<?o?B;*H?V!7qJY*d?AZV|^ zOcUpp0Z%|QJZb->6w@vbVo<*`FqB|)rGKjq#iD|>K&p-2<i<q$hXfU|+2-U_aX?nR zliB8Ta0vqDw{Y^!5^HNnt*pUhVxU>V$t#38W`R>wa&hNG7x~UU!zXOYb5ED36!H6D z%)$kzWWSGHSG9@R05ZST#bu4X)VIp=Nb>p?5zDVOiR+(}!(leYy#d26kTh$wl)xpG zfWX1ebti4;9}g9v;~V$Yucz<Q$(rMir+kybYvr^tNRye;Z=(CJC=tQ`auUUOF$=U> zyh<My)!?4yHi@Bk)*;64NB@ORfin-c+wTzk7oy%sH_JjtwxxuvPrn--wlOKY%;y^l z*xP}9_&r~63Zm~i@>@kbWULR5rjMTS=J(VC(FJ7vY~kT5%TAzYRaiK25bR}$-tA1g z`Asi^(tx5D^I56P-H+qWajhT+K#1ya`fWcW6W{*fvru^V<Tc`Phq3*1`y=aaJS`_R zl4>#N28|aIY>yfXukkk2A#XQocI@AO_G^Zj#KU3UWBFDxC^^zy0-AlcFMYCnc75;M zgl!c52}mSsU&<J;2N-mG8~TdBJs4mr2_N0KP-1JV{HJBBk=sH`bYrCwo>E6JN=kFO zBs>@oH2-7Rp}nCjVq|GTmu}g1e0rPBf?!4S`goa7z{yXy?%aJ}hhR6J%nPEyCOafR zK~8C;4+M~+l}gl<*_87L$*jmCxox?)k{&}jVn=D&%1-rZXwdZrHEm=;5W~<8pz?Zz zlVAOl8+Gad{@$TK*b_|Ew^diB<s&9FY0^wjNtykV(9Q!O^k7Q2-1$dR%=gsM@(K@e z@>qkd9s~Z<?(kQ4_P;VcYvyf!iVv=mWHd0;{K{|(FRb?I#M0FJpACZ#__+C+yZ#Z4 zk`CPYLv*7|EnB(zt(2Co0LIwlNBZ2V-f|pW^U!x#y0>3kv&Ea!Tee1VS@r2?N<5_^ z-a!8J;`Pzm?<v%xtw*Bf6CKX3NAQk_iNk500)pOHf7K<t5Fa2_Hmc;-uR?Gd*C7lB z23P$g%2~&f{8qJLr&V_@`NQuc5Qjl^CJ&J}tyKi(*Hv#*@ytELO^7{V4T|j%XAQm+ z9WiLdz^oQQl@r7=%fQKsJd;Ozt*<|pQ@CgQE&9p8jxd#NUMzcgdGUvxC@!ama?$(4 zv~kfViPQ(bwP)Eed<xqq+)$3Tgl~Q~c%$MY_z$ct<p8hbIhm#AKC+iqcGB|i_=x7= z`E@I+G>-|}6rU+MG@j8>&{UPUZt!IO;uRI;CD6$Bpi6^gH;ZBS*tu5~6&23eSGNbf zWxVq@k`Nb~r{euafuwOnz9{4cwt1X25t?zl{e&<#SM<iqD6NqfLy5^*OI(u*)tYOk z8xhIKik0TY<n>(GEIficGA7rVHU5NgivJP`^o9AF$JjxoM<-C6f%ex{K?^|%o!y<} zokIDjH$xRtDxNhCn(7Yfr21Hw(3J|QC##y(O0;y3Sfe|=4NCmC4IG>4qwicjIEepO zR)NiyU-+78=1M0sk0pLPjv5Y5mG&VzzCa4(3Kz2BM3M4Pb+ALY*f$4BwQFSM2a*hW z`E)hnUUu}BtRD+h2<n7V(Z<RGiR}y_(ep@&`D`)4W+_tMMW_w)D&#Rf+;<mLC<*O8 z@FCVnW9<A#s`)C5^N1xmzxW4I?Jc-=Dq3vilwX)Qq{n$r5J7%#c3=J=DVG(Z>Y~#e zFXjJ<{A1hS!&9V3?70o^8Z0{G%6TvW7e!i!TPO`IJ$dUO)UiOi-K+%EWT2O<AEB(Y zi}n|hj`|ug>YtpFVh4J>;!h=5=NiNS89>Ie+*n1wmm8_kE;*~w>K!v(V7-R?*U!S` zs|SUT{5|!sHkKf|XvSX)#tN$^KeXddZP<x-Apho+)I2ojwS7J_|5c+c;_&l4`#k&c zOMwuCOx)gjU-ze1hl11wY@&v{{M#Z7H$iqMoD}AMc`=5d&0lVt5G-s~JV}4wa5n<J zKsFsKaUs=&aaId3N#hI3GVT6j;uC#0e(kjLzT}2voha&qdF?ogUA{le^sL0+b36() z^xK2fV)&$z!o|#qV4fCY@6DK+UA=KCt6Qrj-G9+hi#~i;E&R6(d(tU6`>ZS2HeE0D z$Gnn9^uUW?S32x7g@;}8=m-WJhk}=L#sU+EwSUrbXB}7FR6u%Md$gV>8teNEtI~WA zbPvS*z)Z_R1h_r+vR-58VoqSVrxxc$g?$-bcsKCPQ$mGqCh&o#{a#6JeBSC;Mus`U z^DaBLzN~nB6k@UdRl`1OIh1-e#y=lwIz2MAKICe4kx|H&<ya7~%7XGVa?~!6&fAsc z)eq7qnqh}BdXvV{a2>pH2|q1mp8<S(v?hHCMR3_Pd8ZNk74qSaLshs*zh34fG>ch& z3e|A*{InaWS8a0g@z;|SoK)PC%aP;nl-uB~9P-Y{sg`<NqJ_1zQ2EKIl!vB|M_laE z@IW(yn<QH&YiwYxZNfN=;2n<4vlUg-ao_#6>dMTqPI2}qF*fqykdgS)?m~`f{EV*z zb;0a+NkkvqU;K9P?oP?kRi+%{l9<8cw~{Jy%p)xQN2TaaCV`WPe#0*BtK#jnw^Sdi zo?KC5PHms@uN(;0P=`NT`z-KDyh@Ox?M9xn)w|#?n>(=mQ3m~l-RdJ9|L<qwKPv$< zX+#_xCVlW$gE2Y((5`r^L_bT{dHn1hB}}Hky>`Sz8=fi6n_WcGoJ;Dgs%;R;ESGjH ztwu{ZfWNBEJC60E>MjnR7oQM#P<>uF(okMYTaH#;C7&>)V%@2dZxm9U#66oQQ#aD+ z>UnbBXkc_SWS-XkVc1yJUY9XRef_;Nc@MY}raIq5b!Ol2&%J)c{HJF}$(6^)ioWZJ zDk!#Z@{2@BC9RBVl*G_4Z@r-%u`1WNB08_AqHA6B?9t_I9{h;DK(Y9fhjYU*sHf~k z<m~=!36>TvcJj9|y4T7fVUF|@?ml;9PWE##CeLoqo76IQf@m>TVBtg63z7T+A>H$I zED)<GM;GJlW4sEMonkT(Pw<VW1GP2MZ~aZ|cLn7pGu60hVWnD7<M#&UP!#t~^nVyb zLS30ZQORqH@)SoCbLg%xI+T%Ly4tw502$q{;m726T)wT~sDv)|fArE4!zZSC@{4N` zwHT9@4vihxR_-UoE-hs8BM|<i2rWCmc!sMf%v&MHLRrysxiN5!6KpdTTaL4n<mYFd z@vqW-cMb%@m<_n2abx`3C|5(AS8)GcFAIsDN6Pm1O#9;?tB(&a9wHWZ+5Xi5T8EW_ zqFyse3NJN!xq>@S&g8EFD$2J8{*0kO@tc^BZhp`GrAd(mW+*W?z)Qs;d{(5IB#naQ z6~*(>@t9!~oP>0>6w=pA1$+dcXHZkeI^A-8q8(%Qbs=5*UH1}L*@4ubI#m9`D^!2= z=3(Awzy2oM10(&tN9#J)!xK765Z`qJ4y1mg#jde2Aq|^c{DJk2@gZRJfvoDd(bC2@ zg|LTjzB$Z`@pM`qOXOF07icc!FfEg1)qGs()pLeSmYk-unvu&@-R;?FMh*upM<=+8 zl;ch;lZz)|fp9*I#9@))FfCe%#EJQq{OYpSXw1)Qgp89R3y<jwQg`mnNUmue@3r>A zR%>U6&Tu=mKMxV3?*<{giP8A9;&Z;C(o)iBYV+r?JL5_DN~;ant~5r26TD|x5t!Dr zN3jT^jcJkhVTLqf@n3qUzHU6xg?h7rMHRN*n<3V!hu50c5^qSqwP8#h<$Vc;yxh0w zMU4u$gxKT1r0%{zYS}XisO1aad~2XEVDTgc(PS<Dki(p6Pe=V-bnyHlYn+W3Yh;b* zQ`XRVr=&9ZB9W{=_B>e^1Nan;T#{~<0);_QYmH<2WcZy2i<ZetvMj?<3a=h02rdh; zMU(20&<D9Yf8LOd%4uIekS%Pj8WM@dHe5{zlaTmqqxLF5sYrCpmAE{vbMpkN*5rGR z6>pXr?Ezul?PrL#bNBE>XF;2P(%;o=i-z_ljR}{{-VL)%ypxz;li{>?;FA%apyV<S z!e|-_nItld)qUWj&?jrFPkvDgO#zL;()+bkc2%G$x-P4gwve`3;q&q$5h1mh5q=8$ zG=p?}cv~4{Ll2ia04rX7ahQg8I60$Auag27lsOkWx>Pi7+L_>SRx}0=w3E7d3j}Vy z*sU?}r>{mYEDjgU*RFC37dcM}_Yfd@MALutRoRGxte<a&b$*uJs-3|MX#kOo>0h{C z^+@%coZrDzeu>Jo?W`(i!)eWOX!$@7`1_A56(0|7Jg{4h&YfjnP$K$ZYjcGS2Wp>f z_WK*9o)M-m?10qy!SDZiuYPw*zWM6*&iusF2j7pY1M*dh_e#bd2r;Q>g5UBMfRDrt zOH5wT_4Z{b_G)Fy4ah8y^Jj^PA+JLAuG$zKNVv2CZ1D`PrQ1fA@MN<?VA1yK0RW2E zp~Hw=-zza5&hOvrlw#*?bEb}rngjO`_^=Q4+%R+ECb5+!$M03!O4jkyb^(YDt2SqR zjjQfj*S!LHv$m4zE`)#$nr+od5BBBud7hLm%f$)+S##apD7VR~b;BjT6tLOa)Iq-8 z<^N#-bxh1wmhlgol56V-R0_P@Fot^vFs2PS!`;@b(<R|Sd9&PRDM+mkInoE7_{3xl zGyPqd@#{>iKLMLu)LPs1AWvxM4=-<oE|2mYa30e9%R%(4S~ZrCV}J^vi>Ch9S3-a; zl3G)BNXz@9AGmi6>8TbSs!U~*9V<-{5<KF5;T&2{xAX2V58t$qs0{*VrnUuJ2F3Z= z14$s|<VRp0xy(7HwxiI%yPrPpkcIs`e%2`^hu(QM|K+jc(1Ox%%5@vHdt293b6d|e zqfU0%SdcW1xBObVWx*Q;c5AU$vH)T;Ko|qpRhUYPhZ|6J#xMIX-Zwmn+bZP3uv$fO z(N}eU{_xEI=rH)Ywpv7a1H^vq>G_1lTP+PjqG;RvxAKa?o9*MHHT`0q-7@XJTjKsg zC1ck!J`jCi!>=^>KD3gBPm`kpUStYAUJTn8qWb6L{&}*;P~2+pzVaqRTYBT(fa00Y zprJgPZu+f5mo}M8lz9HZqR_5l<^KHcqQ!kx9fT*0Ph87-s=eG4_cP=6=`R*-($P@d zgl^Ot3Hh8BcB$RBk;f}xlmDk`hz@L5r)T!gBZ=EoZt3P}&y)vgXN^;FzEud;%b`DB zgBEFm`=*0i>PMV2r25J-YJQgaTUUV<n(+MjAm>a|8(HPLL3Jg?Y0iwQVRLh$)tIs* zuFM;j4{j_Rc>g+0D)7Z;Ts$Zxe_^7=$c%9jy9@Uo9AUUSz{AK)IX(ET7hpmcW+jaE zQ{{fC$Fi@|c00KBOOMryo4NhIuf)15k@=VKSG*VFwfMyl{})cbR1cY#Qs6+`(d<$J z)aO(55Z;g*!F<sA`t@FJA<-PbB1iV_vi>(`(~~u13!s&wQfTyP8D@R{>a)$m+cJ)r zwkmE2P_a8-o;<Qu-#!vL0|r^7z=OVsDEbUHGz(F^=BA4GYF>&jhnURmcoY~AUpJQx z$D!s3au<S|KzHB(hNkzSU~AX*KUTlt>VkLFB}A|4++aMv65KlTiKe+3XMx=O-k)`i zJ8b{IlSN=I<XlID6~_RJ12O^jhA4VGB5_Tv?XxddX7~%JP{3T)>zP`2Ab_tCWqn{f z8O*nf_5dP(OQp|a!3TkWdrf4Vyzw$LNmG~Nqj1)ARtfgX7y8rJp9$Nk#%(Nw^G|dO z*pKgNy>w2+L8qISv=nE{c3|BHm~je^b?DI%%i*3t`o{5sS;k&Bd((EpgbW|_a)+xA zx)P;LqOJqkX(%`R6!EqW%e)|`Y@8h1X-q2hm6?xQPIK&)WCn~y9d7saAD*&tR^hmO zdekwd&f3^_*#$yE#{RqL#4e58pN+AB&RrwOC08VRe)fB>Q_dX7L4k=Qh9NlYyT`+O zQuHtSZw%DQ8k+iq($IE!AH{($Qe|(T(O$XBvaAvJY5gbNx*Bfm!0&a2qaT$Y$yn)X zG>q^atgWu<p>dAfvtK*69Dr2?%03N3Y~LdaRL-yR@bQ2TmR!uPV4Tgqv?R}d<z}zp zSzLGwZCwHbqVtos6Wf~KFCk197h#9MewX!)Ne_&dczf!R8ym$Hs&4rcDx^Sr&(C0{ z@R^U>f}^=a5#Gpi3M~l`QaCK&V8pP=bvuLMwi>6n75Dd;m7E(~XnnRJ*qKt;G*(RW zl}5-lO!U?GG2t0A0|Cke`}XSZN+87(@alF21OKk=mAof64xc`+<{K$0lLQwZhDp_G zI_Xf@I~M5va7HOEKdE)A6_z<m5Q2^P--V9nikx1gHo$&QzESjW&je?fM)YNwICX&t z4mhkN*H=`zpIv4D%37rXXPSKu|DU=J7ys_ER0~J)pW@24n6GwqeB$zJ1FJ9(-RkrG zSuGgeA4e)$lWDRuF3mh$aB8xg+>^->(XGQK7c?cfc&C}^tc|JZc*`-n7D{J^52#RB zYSz~>)07FTJhc($%l_ry8nEKEH4bl?rKeGMQ;<Y!b>+Q+yi^c<q-xJA8bZaCe&_S4 z4#iw-S>%af`^r5Kms+#}7Q&n-NVoV-EngC7K)leLs(%oa&4U9}1UGU7TgDo>F|<MX z=giN=LyF5=d%;g{2Q9~u@3(zC2k7`^C}m+EU@LPRn|5va>&m0MRU--QxYB;GPe&PA zQzH)5zEn}`cF}#F4BGYE{wM}Rijx-s^F#CP&RF*$S$VxQg2wdbr=XXw-!$Lq3_bil z<zO*@Bd5*{*)1qqce=WGsC_vr<XTM?8T!B=9{W(ik(WPGch$JH6k?rSUE1}&=@0*t zAGLj3f#@=C?<zA-49y`~D2mjuP=9tnTqa?|^YbA+?CHtPDb#kO;}xd@gpe>8-11Fr z4Et%bZsB?bTUM6U2mN&W6y@C-u$X-$7*&rh^LIvpk?gUOS!VA7z1_1p{PsLx=wQ); zBHbjj<0Ea@!Mp)!v>+c}f*vLtG*UeXBfM_Fn@k4(BMg5|Qz6BTW8)P32Xo`Mn}Q(K zKy#8j-*;8kr6hK`F(iEOD$7^L_4ods8WEa(KBl-MX+9sz=AF`;IYP8uwb8EZY!1P+ z$-`NvJct|C$w?l=nFC$oy&4ljTv?#IND42r%;jbj%VLgca)L{N1I3y~%L7s4je~D7 zUmtZgc1e$!&!f>%Igqx($0YTDg<s;kIna5|p*O$WZH+n5wX+ky3ZuC6_m0Qo_Phm? zLmkC;8$6bLO%jlM`;SACVGI7Pxp~0T&SuBcu$SC&H?FU)jO|~=--UB?kh9CxTm9}N zmt@kbrn<mxOc|v#Uu!io8pc8~1IE?{2<hW?!ReJhE}IpRdntqrUQS?gkS4|V)ojd; z##jL=6jkU{M;^~Wh@@wALY`?C3+sKVr~vCi6&s<}+Hq#mkRsa5`p($E8NMd}UF%{k zDA>y=XSu1Fr{7rtUea2cL$*IJ?JshojV$+5eNdvQ<3Nv1;H>BmUP#iT^d4uo$(jef zeKW`tCwE7SEruZ`b6T`)nSIPnDOP@LXhrXM4(Vewz69#Z+1&8RuyHaVYIezFW}b~( zSmb5^Ta>oHj)i&*$9XV6n8UcOb;wYu`C@<XMfkc!Lz$u1=L2%%mL=#DseKj+e!eWP zxuSeK{pX2pw7j(EDW1uETZTKdbPMcVg`z4!mg>qgen9JAPThRcMtALoqH$VDao&)^ zT}4I$0|FuAsG~ACG-U&g^aJ<NjVdGw@tf3*E=bq#&O)@*r`xx5U!S0OA8=@eq$PSw z!SZBu7aiAgiL^rg@0&LDOeV+Q8zAb&ZD>q38gk!i<D_E%^-s@XvY{`(a1n@9S_CSE zs1E{1S@UbFnFNsEOny|b>3U4kKm9lUIH;uoHF-LlfmGENJR7bk5IqC}=6l~CLZnb* zUs5~Ib25@edw=`%Y8ibGaHEBsP3-%VXwSdax0frc`}aaSjxs52W0rNNCJM@3Mapiv zaJMO~_1F3>b&d0ro_0&dt~UrAcLnSV9p->)s88LZrA#SSEjBb*2fAdk5)cvwm)y(p zOvecbsR-?bo)+qX{gT8T7=Q5Ann2)VoFyryCmtv85X6wi89>4h$Hz(=e_(6V(#q<w zS<xe^YAA4?LLupO1wO5-__F*3`1a#5bZ0V(?@OCZq=COiT-&E_c>!O6!5IZ?uTIXX zZoAf16u9VP!;(QD5HnqtjZ@bFdlY*1Es&SZwaU^TsODI<A?#_1m@lLRE|JX)x5CY` zC;hD%7jIW(DR(q)GCvD&HjAA3p*iv09AwbTaylfkVZ-iYwnxff?>ZWfU7wfBIzAsw z-j5Mv@^M#Qqc`}`e3na>gW2ou`{L5oAji4vj;^dX6vH^`cJEV3jNF86Q=oX6BQy=! zzQ>2;39)!t8%k^pEC_k>&aP@&;}*@;7%!EER-N^2p}OX#9*&GDZ`QTuaJYX{y7do} zm_l@=3zYC_R9Be3@xBxiE%VyC@oaaM)>doLW@f7zlL6qmN98@QZT!HlVxu>CY;PG% zk1BrIS=C8vl`05I`aMBBNanqBHrI%$-?6iF^6>j@LmC~%L;E93OCdj!@}Hhna!vo) zzo5NiP|VvqkR13uMSvt*;Fz97|0;~QTM>XwI<)wzKn3Ky<+{7;_-UafW}b)DLM)<T z9Ol~P3FZ8_+8Crois*{3xd_$x+2;ipH{-+^%JVJPdXby2TsWtS{HBolkOtrYN38FR zhTgIyQKJnT{7$T$)Imr&{nj%M`bTqt_csDr&M=>F+PWTUZZDIBZmr)xd&LoG+V#o4 z#9~{Rjwb8uzRT7<d!WQBn>BezOdd@R$(fkwWE*DmfwPuBm{~W^Qa{l5!DIb}=p3a> zN~I3U>UiBtYBm6tmi?XD6Z$(3l&s{h3VoRBop>xLHu~E4xc3-qBl1sVC&yATWIQ1x zk0<iRyUQ=@aH0Q?+`a=>L~zMOQt&7{_mM5)+Omu+l2c14uvR{;J9{o}B*}o0K96PK zm%tun@mnSKi=%9%#0#C#t2rLk96Z?y+jv{hbhCxW6Uq>OJSDod-tPb2eas_nbsjwC z|A=#kI&cxM&Cblnzy8tF{30VuHgU>zp7w%~!<><?42+gs0`pd4w4*1ros4!$U3M9x ztVRly4um3mjCljo2DCH(hExfEO}M%)zDf154Zo<^<YcEj4FVlmT}I*#pK0>)|9)v* zh3KhXto_7w^pm>e$B!4Ln1%j>eXsn?_0txKa#`SvC49=7QHdWuZvrV{)D(;`@pom^ z=~0)mGmwF3sYftlzCx8g0J7K9CE2!B(T@Yui3t4<ozgj-?>OS^`__egj-|Gk4#?3W zrZZby_s8z|09~U5a@B6nV*#6opw3{}>{|#tk^*?Wa8fK=8)QbFLWzONYU<j<n>#l! zlxxMa)`H?jUH^8O)h+m>+|uyteJq3!;g3%ATOOcz@K-rdtaQGrPnHk*#C?N8V+0tT zL#a8vzx}o9*ZhqM|J^iJlKj_T3S?`6oHFf})89pdK$Q7E)AY&3Bowf`if_}YDOvH7 zb@^|Y8Zd%R7ZYA6TsHVCLsentxuoWGdIEg<{M2b<?{EUMVcV2%U$eKFRdudJ_ECN# p6X(@!O3}+OB?s(K+PI{iTbj5{&ET&CtW><B^;}P_OvUok{{YFM$>IP2 literal 0 HcmV?d00001 diff --git a/roles/pbx/files/wave_sip settings.png b/roles/pbx/files/wave_sip settings.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a75e4b3edd423de1d36a5801781297337f26fe GIT binary patch literal 30774 zcmb5WbySmq|36AeBO`>-DWOP6*XWWGQ9*h%l9L);LmEVokWxVqr9nE!U`R?x=TN#v zH@}C^_ndpr_xnBf-gE!(ag!nA*|Ycim5X_*r$Ir=NQ#4lL!qUq`V0pLmjnj~5097- z_?KA?DH-4|T+e43$~a|%%<I4%0tY2sB^;c}B(h8B9pFBRhvq9!92~m)w|{W8o^kKt z;Q01wsVY5(TWseLg|ezmp;yn%{W%J7wALQ6gA^N6f5)*sqg4W}PvYEj`Vvjb8P54F zI)O8sUCjya^MoczOQhnr^`rNjbqfap^8twy?_72?-;nIxMB1Iq<>cgK=Bz3V_3vz_ zj*XAoYY}tMDQjtK$Ehk4S3Z4WVrqJyS~)uM*?R`p8D(ND$6w$9Z<2XA5ItXOTpuAo zWU8FNZMFaF@YRrWcycns#Ka`f$<0kqS68<+Z{g`>*7EP^>5pKh((>|?1!iYQ$353$ zH1?DQTeT;946{H{Uao*Q$4mY!a|>FrOpr~|uMV-L!L0|VPlMx_dSpH1qw6_yF$e6J zxHq6Y<}bPME61jrgU-rtTrL_{xX0B`HR3keROKBkp9Z?Qx|T-WHxsxN)I(pcsvu&{ zdwxD5YHi_@Ir54i`0(MwSy!Q6&PV^Foe#Zzy@pOs#g@%gRU;FZg8cm0?fv~X`d(^k zk$LD~x?@;;5W<0D>Cc}(!H*ul`)SWw`}I$msY$(Cw!Vp`|0};&Rr1>t35S&f;>7e9 z4*eO){>NME>jjGq*ELR~&+6Rf0+&91z5jK46-2oTV@WD+_?6@t6ig$ykNha7oNbhC zf&CSBF{mv6{l||3b@ZmbsXTv~?3n1zjkZur>f5_4AN>#4hAs3%J)p7(o2G`YU?W-= zeq`0a&o8;vd8d`>$LFspKIR!-D_s`wkBEl^?eOL7b8}*hEQ7?iFCv3R%LOk#Ffr0o zbmCJ}Bnv-Q#b{Y=k%d{YsWKDeL8*v8ErOyaR{~Lp1MMed-K)@P%vqOEaB_D%!!j1y zY;fwiI;b14RjJXq^3nOS@a2maelj6fo0dhgyUnAW^l=oDu?L!5{kifpcaY(y*L;qN z2eSK}$l%3uSnKIu&`H+$LBHrwflZ=x_pazg=oR8~E)=z;uo#LzlI7kyWg&?tx$&ht z^5FZA??Fw*IxGE|DXrK9_kxz=>4!nr2YLE8Cm}cKt!D%7g(nLk3*{O?E>5+Z&y?bb zlVkn0atM%~+ljyVllKtD;lXEpmW31OmfS)46EjH&H7HWdb4BOmF^_)k))GGH)^^>3 zUJ8%y{sMP)q-x4AzhPm4-@!_QRE1D*RDd`PqnZ?9LpxdWs(Pd(vw9@;m!TPyB%;V; z{}*r3jC<RhJmTX=Mj<dA>EDLcT<s{f;Cd!G7>tHTCu4CU8t*T7J<n8j;vn|aBipsC z^QiuAq`p*Hr(ZH#Gu3g5{s=ARK17;!!hGX&R9|6kzN(t7g6tS3x549`=&#w5DAOkm zRoUXw+hC%dp*-6DU}S++-+9aArb%xGS2BTh-5c#@a^I?L$2x+XRA1H8NwkX_M`wL) z?Pz4A^NpV7tZZlLe*8XD$>HkaWT>p|`rM`T=Xme+)ozG`y<(=F@C9%yFX*^BZ$M(o zHpOK%$9GUbH1j?r;CRZRy5(eEcE+QVqFPsSPE2;chfB0i)jl#U$A6=E>ZPgc2iMvu z`^;jS<8f1WyO+^Z$20DE=3c{UnRa5LOTSu=f0o<T&A!pLzk`8gd_NbTgsgpvcubSH zRll6rx7BU?u(ak`?a{btfWH<KEMv{K#s8?+XA&Caaxfq{q=UMg<cMN^fAvo&<X6dJ zmF3lj(UioDONwjFuzG9je(yv1yNPT;hr^ja33Kc4DdmKlPBC%S$y^%#W<@zZA6HX0 zvptX`Q>%~@Y5ke&i``u(`aFSel4E4TLSm*4Io^*&y%v1ezoy$;o{ywg1)a=EiVFSN zyzd>+==<w_y6wewUEW08kMh>(&6|=}qAh}XzVm)l^lhhV<u*x>^KWcikU=}$tFL9A z+r~ON&4VFFKP-<t3YIh!&XZ@Toa#5rnws^hjJdLM;Fy>xTq4$YLH{0F!es43G}dY~ zFSp%8`uZdH`%|WJe5QZVI0lvVo1Jdu2JB$TtvvG86M9R&dUNrJZb_a9R0qHE*(|MV z94>F%_@2pM;NStgUcYo$<PWaSkNSeoNAvulP)9H;5+zcTkQFLC7qHtRXreEFl<F`| zD|#_C6l{N2Yl#g+w9X=IrRZ~WbrNvicD3#9kf57jVFi|3znnj5UB$LX(p#)qhgv1m zV}h_<^g+-pCY$eDPTZ|0^C3b_$J5T$e~c{Ut9LTcLBMNt2E+ae_h%-&T#TT!cP^=X zE9p<Ea9JS<7xUU}IkB)W4fFvnpbP1hV*jAW`hPl0E0Cm9^|0k;H&f@loHxDv!Q>Z@ zlh{RvIya4ky<aPF*V|)*H%$Um#DmVg%1144&L`vtdGi7vGf8=Tnql$@cg^t}l%CR| zxzA{Mz$sUj_`7(Au&kFWN$$PRlwG=Q<YG`@BkpeNMVasY{>7Ag@0+C2Y$1W?7YjE# zf&&USXG1m1iL#B_Z5@P61rrtlk6vl#^@B!V|0qo>`R7~L^L*U=apQw*hjmZM7;!Re zRd+(?0P^SKd-^JG$(<DJCCh)eI6jDXR)s$V?LPMCCl$^#DXP>@I$Absa$jiuh3Id3 z!1H)Vd8CxXqFc*n&U>O}r*X6J=Y+*fU%2?HTV)qrBsSx1_hC}VWv6*ppHQ3J)mD+h zL0NyML+<)g7n){+JZ=Kt6#qzYgZd~|rq^9`<Pf;>rAw=NAI#qqj?f2ANL%xT7K<z< zn(Nug&RmM$CrGH?N!UU0%?f`2c;i*w&RjE@-lgK~%RiTm!)l*)l6jm@n=h2>CYn<Y zOWlL|h%_oGy9I(TW)=#8OPTl8a$1R!zG0D$?u=_)PEn^^V3M<e*As5xMc~pEOkkCt zPUxI<8CqLTQrHPP>mgA8HEkv!gy35gwl<U+ismn)7lw)m64Jya$h+Y<f3j*IghprC zAeI9O;+6kR)0+6HDcKUU-RWhgUZSEyBq}q>`jl9vE8X`zkz=9#;{EXQW4j{t1P?3w zV08K>%zR&k;hiAL^JLEVM9IKe{E``qjSSGeA{AL|HRR0?HmLiCFVwsjKEZ?p(S7~| zp`ycGn`^3@&}F<wS6gf}rWNdYS6|D-)TBl4aap^#vOxV^3C$pftUWo^Pdg%lO7$HP zM8KmrB`zkxKI$rNtU>2n4howQxni-=MjC6Wn!g*ryyqs*$5alk7v<&l|2v7x%1S9= z`%7}ML>aQytM#^aA^5`Uf~Br$LgYBJ(&=<>$xRMUT~mwdYcMkRe!(bWt;#6o_)bV) z4y)>a^wVfG<mSS%jWv?a8mF>waWWCl_MIc<f~I8;pS0z)+hl^%wQ0L{`*q?Q&lF1e z!>1?FlZ0*r_)i2l%uq@)AY#ItdI@v`2{SJ<E434^E@qkRB=17I1$o*~Cpiz#4@e*5 zYSvApdfRw$c`y`k#V#-}PC-LvHCeNWQo2$Ce;K5vC%ee6R22^0Lup8DFr$r!GNie# zu20&0p<f2^EL2cQ2^`NSXFfWYttUv=#>_zuf2%k}vH0wH(y0}xBF~q8oht-GAM5>S zn6l5hzZn<6Gbp<&=UZ1VmBdLY{TF2P8-O8VEyo+q^ZvURAs2=Di88&S>Qb!hd+_KT z;>;#Y>_fR7g==h5?l1Y1$<Zd9r4JsX^(3Fe4eCG7r<?m^#tnQk$e)gkSkCUG-sm6r zVyd`AmFWFVAnD^<3a0V0*~-115B0=DKcmU&Iie9q(&l_UlJh-wA@%*{TENxOsNC{5 zxO!#Yu+6P)`}lCoQ2*<~)sC+dFyKy>LjZ)3a&$6!b+WKa7_+HwUbOQp{hLBGDKsX^ zKVr#~BG|AktilEDj$CFiJgFd|lRKaDotfJd(PzMFCdwZh*C{d1-{O$%oq`m-{kJT# z@;8?Uqre+?OJB1hDLN$C7*96--h0ZsRrbON*NV6^t3-zP?rqp^CP+O}0y;T_R2)bx zHoUwvo*ZINu<IuZnM5~~FoZ&B)9R-tW=FPWP`{2yXeOdPIrVbGD})B`n`PrCj~mk@ zc8x8Bc<Lb>vcg_i38!|9)(bk>&m{dcUmy?=RXaH_Mxp6<U}MGKw8zy3d}drF*@Wc) zB-H{@y@D#vGs>|!O5$QYi#6n2g?Gm~aUwG8w}J)r#Y!SiJjQ0sedqpcLdWDc=xeRQ zm-XjLaC=K&1J|%Q1vxo1Nnd-B-*Kj2&oymi6bUSdP{0pf(M4x!3qTsUMDQhCVVp|l zsQbQB{tLpsiiaGNcg!hX(G<!v3$abLNl7BRVS^;6=FLOF_ga{d;$$<;YpASTD&8e< zfk3OEv*;^@fx4LyqAuu)WeRU9(<HrW#^hUKrcJ5ApQq-5x>#(%X>PUam!&d@1@}q1 zAU^ubU`0}-Oozy#)GG9$0dMp}4B;_MV1uq=00Nvf9RahVn*NOpwJvvLMUwbBc?Fe4 zEhcb;3JV+j@>|0J0c!Y`Nu&IiGa2;14qyBvfiJI7eFJgQd*9wn-4ltcb>%>uf;QX$ z24mo>LY#cdasKB)yGS*hh$Ha#m*VvZKjCE>x4`H4j5Cm!du)9;g9nj9Hndb12epyL z<FpeR8{!fmvI=_z?Md9FGx?i_NeyN$0c}LgRWR$#^kCd(MbdVCclhG0HRt>!;g+OO z;@SEb*HdbcWm}BUa>c+%Z(xocTVPju5cWl(rqsgeLGk{I%{4p>9@|#Jg{orTu!osb zJ}HIN)zBttm<yG4!UQW;B$trtlk|A)K9l52m_GYTN)U;**2P(6TL$K^O9EEy!Fqw2 zhPm7h`aQ<e!xv@<9h{i^)mus8B-SAa8}n>_K_-$zWJQPwzlXVbPKctfQY1U7s<3`X zdCdD*BgcWw*#-C8gaEbyov55$sXEIN>1n03>QRyp3;LU042s|baBzgOm1RF3YlQ-} zSO`)|GV!9pm6HZWQYp|eDYAv}XXNR0-*`PXijiURQG#!XIU~D$WNX)9wREbVPT|>< z%yD9;wO4%yy>pO0o#)f7WMp2VryI378?eaGN3nXZIOy-j((Go|#HokGk<-&aG1;Ny zk(f7vxuj5zab*E*;exldP7J~_8<Nf&f-?q1o$$)!<Gte<icwXb4Jj<lqNyl>DyyM_ zWwjxU{!d7)bh<MwqI=LhR8cV+QB<nQ9-TsY@EA*}$||E=Bu65Ms<G3VLEB3AgHX*3 z{fI7<Y`^hQO5P=k?5&?<hE3>NW`iRDs`t;t!4A=Q|G+7k!b!L^d%_$;z{K1-01Jy~ z@kwPSl2^`I5W703VQdsXcTdE|nd0w-XS)Y-k8nfgR9n83*}NO;Yuas<y~T-I56hdY zByDw)(5Z=IBK8rt*t^BT(_+kUgPG=q$QjL1Zi7(t0f4)8DIuqyW{9g7MTW>$4U8Hj zRt=5N07Y8`VA#A<%hC8j<5@fYN!Iq<;!=kF{$3~LiJv6rfPh&#zW^J25m#Z5S(=$m zA-H*n3<<N}wI)?u!C%T&v!?O_i>|p$RzRl!EM}DVZGxb~fzCl8<$C&#JhLd6l2vY! zSEyyZFsmv~s6ooqch0-|U`SzMmAC@=Ixi`L#3wT*OPaW>X-6h6K7A^qw1U*rw1#%& zc(LwY$xr}QTc$&3jNeqQkz{$01;TieZ35%#q9GM6et{}t;`wmgDCV9!RD?t|a;eAn z^s`r|Tl!6Hl7@hOHPes%Das3;b{KZxfeps_nHYcT1XyU4{<i@+7UqDp&ryLsFrL!j zzsVYboUYDZS72Cm#X$VBPHh6kEvQ+x5zKm2H#@R=WcAE>W#x3ow{7!?P8RwyaJ;`s zskuLRXqJ)L!Hv?sT{5{x=ddb*5;EE8ovIf@U|1yTtw0n0&VyQwCsPqU_Q&C#0~<|@ za6Z;O<ib?)HTAEts}=ql{kIX7i6J)4L!SZxV08w0tor%sDJ{5KRP=+4VHF$jT&Hd! zm1I&(U`FKyK;90up18GL9dG?sp*+IFu_wMk(zm{w16UWN>0nAhdWKi!Y(Kp%TONy| z5fq%2vR9K7>gIh0mGHu@^K7tt?;cH9p2%oNXvjk){1Qd*uY6k%a*n&-zG^Zubrq*1 zn!GbJroV+_Q&`5KIJV?m*3iAo%dG6#FM@{43GD4O?KTp_t|%lX+avE>d=|Xfi&8ig z7Rx5aS^Bns>OwY%)sKa^y!{ob$-DZvm=X`=opIFaFqG?7$MV_mT3nP>^e2Pi*%g41 zG>7C*vi0Ypv?H2qGxaGFD0W5`yWuy*4ZrEDPz_9Wl3(V;nOx?`8XxpGyJi9~n;|{Z zFT0|D$2Icb=#EH!9Yd>raIaXXm!Dh1Kf2wIE;U$n$Tr*P518w$QllEmMp7)nFHon7 zX~%F^#8WEe*f{KrxlqT?2bHXGI-7$Tjbq51(5faW59oh>leKW!J?FO}aNzmazI`^! z-oqmA)tb8J-Gd>#8Gs0%Of|z+!|E&VtYlqn(dD`Bz7{=@q<Lv0iNGDSD>Ep}<d)ZY zpu@Pf|GR}(V9qv?M!|FVjo^imF*MTame!<(KqCaa64v&uq7Yv<RTwko+PH3^GdB<8 z9UcPvYrPe)tz5W{O45$}bX_L#>B7x*o&I27%^JWv)957_irODO{1LdL=b1nI?UtJa z5atH%Ye`}@%iHGBe0=0(cHh^7WCn}e;oS@l+=g3Y<?af3jaP}XJA3_}x~M4S&+fIW zxdHwP@tb>&N1ut<_Qj~v#8}?!aagQjM#;Rx?${It4}&TP3<=1|^7A1gB*NbOjIxO$ z$1hD~(Vd*kW3Js}m~0U4_`~w&;E6@>1Q#nZN)ZOZdS*wuB0{C*M1phmK!wG{!$~k# z%#ut2@3`1F3hhnByG068q${IG*7C{Rrv?ksY<|3W-<`m;S}I*lYZDFXMSsLAR0Lqo zYp*f#h(sIPx8$F)b>8&q{3BocJuTX<yd;t%1LLC09wJ}S+0f=-XP)f=aX-&o|D%<3 zv|xscj&PPcp0rti%jE7+-qA?slpsF7C-#mF!%iM|dPto>NVqn7V;W?|mb72&4i@nC zZ4bq@5F&}-dz$2U`u&IVr5W<~J`JmlEgL!}ZlOPSK~S+aNv20a8)h6#lkS~xWuhaO zU~usFU5Hpk0o9E4v^KjO+4GmQTXFSp_IB?ndlC`u9N^OC3|o4|)|-$-=JNCCW!W3h zcgClh@w3;bXoce)0(~V-@EtW{>NumSrMFD}^x+7bX5d$Ua_J>6wOhiL_aS&Mf~`O( zXk8o9C4&X!A~{$wwtpEWc7Z{WMb_m2ImkSo8iI`uUSp?n>C}t)#rB_?Ibue2!Svo_ z-)NwJ$BZ_}E`ZZOSzd=gTNO8fB})BOf>bV~nbE9Lyck9~xQG8zB>ko2M916$JSAa< zNfxO(x8i?Ei1~8&KsDLMYsuN!`D%LpYo!nME@HFm$R_I)%=2jz6<j9jw{Ke~vQ^6E z)hm;za19UP_5z0H`SORK<7Rzq!!7_T$qnuKME~jjTg1EHno<|WhB(p0=J&cOz(%LX zb#2>Ul<T-y$pG2H=^DPCwQy=b?T{DL+;(quxlvs5o@zMWlKM{FLU8ciAazpKJNAu7 z&gCuRMPaKlC1Evhvf&70@L1=bRB-^n?yF{S%$;UW^KLFz=iiC2hQepPMs<TNhzXqO zHkd5-w0Lt;EdsG!Vo)T3`){8qKl&tk{Y;UnZ$pSAaqrYJsa%QW(D=4t$B`iQYz&N_ zRXuyzdc*|25H2V?=Ym|!6wd82=KS)9L%@KgJAPin&5zn+V$Rnt%`s#I8o8EVr{leo zbf1YybW`Q*@Iq(GJ=29POdPfsx%W~kv*GEr*fKC4kI|p9JI@e5%i_=nYxzm%GP&PD zY;7bO8PO@uqNJ`*&J;#FL=$B7#Y;kiPz^qArFm#bZW<1jR7AmZbzq<*thXd!`zTSS z$M7dGsTHb&TNTzn%^Td5{5&qYH;I1~+vt$+O#v5o<A=EM_1_`6g{^qe!Jhs_c>(<e z!R9^Xg+f8<D8DH;=WLBjIjz4W922*j;EJE{xXVx#gI7i(M<_njIb_$-T|4i;=>qUl zKy6}Plo&CPxgxSii}v|xohAOsSRgIaN3yuM;n#&1j09Qb8grb+rq5;eXwXi<<{pgs z9&anWC3SN@%ck8AvDC$9R;EemJQ7N#9!N#GG{x4&wM|9o1o{GQCT^rLs4EsFC&la= z>cdWoWkIz|M=9p6X<gVo^|jonAW$N_I0TAc!Z7iWRcJAgkZ(#uGGc+;`c3J#rr?Bg z8MZj9EN72+vFZd#W&c++loOmn2y@z;>luo0n_1g;<eo~@&s^e}9TYOH*hshxxFwDw zL3^^K67gAkX1vF0&0G1Oxb7~(c<`vFh&edPC%DbbB5VvCFYU8PLD0wywhdzMh_1~q z;+mH>3P&-GG~QI4W@EgGmA|bF@|Kx5__PD$-QuDeNnqy3YF7orY6Mb*1`}txvy;!q zT#@KA1j!7>xFF~2f9AP`AT2$4bT|NK!4ML1ktH}R?0t_^TRlkl^t{oZ?I9n}doV+y zmq+Jh;o@2nmJM1jh|UM$mqj3#=iU(|YM8{1a;qv{L1X;2gY0#K?u<jTT{K!^Wz5Mh z<RBLsfmjDzD)&hu=qzh2Cfd15)gPz)?fLGEYp%4axr4`t3ISNq$divwld{T1@+2In zqPUw6G8~8u$`}MdT>kqZ{e9Xvo%|d~Ss<0#g5Pz9PC1(L^9eV=Z5(y}H;?%r+~$_n zB)zOarRSfv6QX|5T`$phD!`$89E^@GuMfqSq`LjExbYaN(+YJLv<#Admuyn-nuT_E zIgkz`h!84xgj6-b$l%U&wM81IsRn(`RsJkUe{4`^6EgXPne0nq=Oy}9R0!|UBCxE5 z4$#9-8Sm1ckj;b;s|1Qi>35zvH1$5bYzk^m_nti^Rhn+AiP%Gl46gP`mrS9(Lp=n{ zl7`kjvxV?98ZiggU6E9lhcV^)Q(BQ%KEYV=P$6?FN_0bEkzw>doDI&S^z+z($T{6S z$Q&T|Tp1=#A|n4uId44}#NUvZndCYGcJ+CJwqUQCFsEKuyQYA)OEnKUnkx)Dqu>zr zaWVvvVB-=6-Cr_=h%sV0_yUdIEu%C(6EHh)m~ZjwT=)^rFxx0_wvTOIu83MDr-NG9 zM`$OkO{4AZ_$>QCy`>=^=#Mq#{({?_-kou?%#7W98%3=8PO_|u(17!5xdzn?j=Az( z1Cl|~Gzj5Ny3q}&qfTt6fHL3c(M|I_FBSA{{;dQj53qVbpSIX{y2!AP7b4TJkBJjc zc`NLIONO4jDbKq3cR+BsIWg2(k%xq4k!vg|(msvGS)hmyg41PpN)RUP3EyG26tu_W z^5()hZ?UffrA?L)6(t*Fb_g1b*ZPw`4AjTC(KO-yBhKKaxV&EzZPqZUwL9N3(<vM= z2bdX~2N5NJWw0|$A3)PT8urP`6IhLN3D{-y1u9>sr_akz=LEf_$Q}EyLWR<ES@~xM z>Mx*h+B5<}Y#@@we$2WN^0=o>Q+Ub3@83OzsGySa=KUx1bdp;V5gKC3!pirh2StLb zKgGj|%<!e6mV<RoK~V}<>-xd+7-jYhved&lzttQFj5PB6bUCT$`v#JrQdz*cf-L@{ zj9igV;!s|ni<j7IoyDNVFrr3Bk8J;bl&sFQs9i5@oe>Y7GGE04jlP@+%bOk!L0T5T zeC!}s(@ECg6l(bU{xE6tI=S`ws62oy(I`v_^TO&|d#XReu8`CI&p9BI?RM)<aH!&` z6a|D0zr{w$s)6kvBH<eG;N)Py<!VAJgON6~{jsR{rGETg2+vFTf2oFnGU6-uC~zMn zrbrRTId_Xi&|3z=8UZ0JFzpTP*?ynU2`u%gD@WS>N#f(KQ&U~<gbDAh*mY4XIAe~i zJV!ktrlGj4DA)h{3|WFy0tW>*1*hl^#{*Q1xfen&2Iaq5x@wppawTI}D4Eg761dml zH2E9qRxdzI(0#{?YBEaXaTM=suyQ*)nGFS4@QVAm8ezP+VbiZ;(48H%n(dhw!0F{3 z&DL4??pERw!WpCaTJR$R&f-00P^_N^iPX~Dl8MGAWSg+c3b#(^ef(0H9<e?OuoE9j z{d$lnN7_9D%k?LQY?(Xn%kXH9b+RA>oAPshE=k2il5<{$3x&a=$r80suCDtmuQ5K# zftU7kQ~*r$Vi49_k+sE)$sbRSw&2HS>Qp>`PRBEb%fs{4(hIo88<Ei8-~y&x5`0e= ztG!`s4JhK>r+8+YLFKX_zziyixGU4sY1OlEHt1`nnvq0huw-JJTkqbCRc8wU0|r5W zAS#Mo4L1@?lOC65o)Xm0IN-A8!UX}Ym2dfq@(KQZlkA==J1rCQZcMUU6%i8?dud$E zwVgEYzFmOOGEacfM909@0zm3O%(GelSyq!%@QWPDy2W1ntDDZdvi(H7Nm7_-F9407 zR%U!BrzhRzBm`sSq9c@*NDQ=}AA}LHY67m!6X1PY*7PD&qf=m2cDu%K8nBh*<yN1) zgA)L(!##vsbv8O7PJfuoaKy|2t0ak7E}(d!9=V#wtr=~H>zz(0$|$+PlPis%t|N9i zvv4hOwW@FfW3oDL`!?j3G#)BS5K6HpOT4sBoI@SsT;4EF!DgfW`Kb`0rf{JTeqG2? zuQ1=QNt~Tq4SR<$7Pg<-N#pb-!WkuncM(Ih8=;f|?R?uH`*ZsBk27Q9s|SrBvphVT z<|PM(3n%~Uv(=!zw|FW7q06joSLpm)93^YENSzK(-EfY(ik6f^j&*ZB2Xar>ZqI6w z*f;2;oQN$`x$oBxFW)5BU+gqp@e@G-n|pYEO)pz&_(bR~@FZ`ECB+T!tJG4)#xqNg z&{P0wvfqz**h`~(^9t;h<apK@V1>E({VJp^5i>8%fbIY*y$x9utN%Aj<R0;R_^Z+H zqB4Ds0!jXReDJ?d!mwWdzU3z#<Dy6P6b8)8VawfqOR(%BfwFJMlvM1l@%rp{iE-9# z*m6m@TD?p`1x}-dejh{YG2O(KC7)Ogjlu-);GfCq+A=jQJ8^|~jLL1{59Jc35k4k7 zSuO9Igleph1yFO_{wS^852KDJ8I}TM-<ChTxL~&KIGpx0Q`gLwEUn*p`KYDZW~v8e zHVXzM7iQTe*h%5U4p*lFyRR2v!p9x$_c=S-`IkYo<gCOPL^>Y1%ZMbts#D*iI+wP) z6D!OJ+>S}d<%E&;dqj;^Pb=yjX?G-Bu@r0ziaA&bWDAY;E9IQ8WzUjc`EJfXx?1_N z0H=>QNrvM^r|U{)2}<YQQNe3|66zX!YdWfbJSZMw&QCn32NqlKOV~veQD_HLwTtk^ z;4>34>m7IGY3#Bs+k`a>UT5u%^P`fpBqR+ch4_eNH|uSpAc1#|`X8e4QVJ$9k9WId zOrI*h_I3CJw9DgyBukkajISzI!HY4Y?K_I{&@!p{E8<pBk!Jp=^|XMRGmLm~$$ECF z)Nr?wf({XS1s#dTCtIz|tAKbc9LxBiDsM?5RVqQH?w7Pw*n4<4C1;8OUl&8BLNPTV z)(J<&SGHm!F#!eH!ez2rlCn_uN~TJw7_MO2O7ozC1PjF`YH3lKg^~$rh2dDxlE_(H z=zn2Xg)UN?w&UXv;NcfhxhmM-R3yQJn3gG(_S&4Pw$~CXbdA1p;o-6sH!a0fb<tE1 zkV|4>w?7%LPY(HDvDRs-G6-YV&x273sO1am@=#afcR?uFarMf{W#1R$GBg00`f~Mr z0aZ9pkQ)fMnEl^}Cyb1YVjlbmW4`+d2?^8yB2(sfa&-+*Q2}Bxq4Oz#(EKG#n?qF) z_|pH&flZ4W^Cxz&)!Kl$RdiKQK;U8-Y`M7<!5miz3O1M!f(%NqZCR0a+{r<=o}C<g z{d9-w;%p3@Cm(gEOIiU7O-`(+5F;eh&N6O|38=5|7MWeXvwg$owPE+5RaP2EHsnE) z7@ALAt^hlE3PLlHp9I+ueJ$b)qFLFCDajaj-~KtFhfgT{$8X8d1gon}&V<h{mxr<5 zQEnY2>TmBds+rndtqGb)T5vgdRhG7bjDln;L`=p1$7(iiCGMAFLQvw{uvqRwmt+J5 z?(={6K-UVS9i;RcW3mDl0Q(uDeSU}DY%y<P^_(g_&*mn>7QDPFY00qyhGLwRQ;F=< zGTMO6YmwNW+%B@O8holTE3jqrtAzREN7B4gO3t8?%(Qoz`I(ksXAHT)=T2>G+1j%@ zwf)>r3b;n@S#odmq{pDDqGX82csJ-rFJXBN<xH+M1{-b4A*mg^yy%SIq%$^nj|z)E zSv(DqO4q8%Jk9ch#cqx%SCWoGUpqTj-%_#7@lsQJ`ayxPsg*4E+*f2-2@Ik<)ufrP zHZycHAKzyJ+;V%8y{-q&_Ax{Az$EW~@Y>Ynj==C#fmX_;*+ZP00k#}iX*+p0ec~(V z*?D@~rQP@sBcUW39rh|9hj1=|4s*Vj$8_<zvUqrchbK7OS$$f-)?R&O-S6sXB51+X zz2$>Bkl=W=Jv)8u8RlVy%oqUTG9hU1NwfrZ0ieQ}BzE?azmujYj>S^+>B@BHiOG2Q zS_zM_k`h$(Q0YO5i|ezY5c}J_K%s6{TFV}iZ0h@uvJI#5;$m!-!^Kh*+i|@nm)}1V z0n9S)iNXfsk$ulQj;Y%?#EE~7_xP`Qzg3pDy5;T!&n77#ol&JLF~vOtxJuPAG`#12 zWA~i@&W;N<{H0!)ppyABSHE356NqFs5wsVwhv=E`+tb8K6TiagvPly%(JvgDfuUJ~ zV!eJW2G3H@?lAoR{<yN-u9ugK=Pu6xN3i`iCpoF#LeR-sL3_V+Xe{-~JtK?Z;Goo$ zn7~`2n-?-hK0TEGuN5%r1KCnC7uWZe%z40%@edAR@rPCJ8>z*RDN0Yi$HUlL0d-w{ zAk&keJffI{WXP}o6Y3|{EF=3vF|jUc<ks|C75=l7<2%1z9h+=arcsY|k9Sv~)Q_H; z4moLBXfS&E!u&(wP{z)L;#p>Kzgx-b2f50p-HLw68oeY#VORQ)vjTl=_nS*B`l3Lq zMi`~NNwpgLk8OkXB)&0x&I(^A*VQ`NBIxKv-u(OXg!JCO&w%8NMdRguUr?hCPl<J` zj$9v&o>a&7at~LMmr!`)6qU>iLt)hiqVz=eIM%i7_Df&hyfL8el^~?!Z11;>Mgeb| z)r-(4Ptrp@dk7dl{n#IH53V++&5+K175hcmX0d)P==>1I#nq2G;q_+*qy^oT<Wuhq zw$$PaJ%w$rws}BgJURR-6!eStVaHm=Rh(z$*;>=WmD{v^mg{T=pA{+d=k`xjG~{t- zTI+YArv(hjf0@f7LOll1tRVse8Pc5&_f*#EcY-grSKZhqI9m!*#HddwBxm0ZN?nn+ z`FYs^u?8c0{N8Z~t$?7wkMhp7L%QccMq#SyjSdSSV9x~j{dQe6!`KhB@=2Br6ri6A z@aXX*>7aXbHoanqHSEZg==&sRd3PAhgLV!mgZJ=v)3{h?-H(TV|8{(4Nh!CdSf`Y@ zE%ut%-SKST@I%{am(VP$iU(lAsD|^O-o}X<a7Xq<4W-nX-cp)nyrhV*)%~Fv_asht zp}6XMl{^eirW5=`+qo=d$arv({eoSN6tl{Vh>F#J3z#HULd^CL9MU)+C{)vlY_pY$ zSVy44a7A8W*{=7Zyk=qO+PZFH8mtF16_oWEDH|n81X7B>A6W5yydWNyS=y0~v9|%+ zKaCoJn9=CM^|7S>NhhWJ7Hc;U^4Ppcgq%A{x)In6h)*0kO-Aq5jOuASm;QWtq08xx zW({zewvKyrNqD_s)b@nQt^RXTDUP3Q?kM1(k0lvUX(~9y^s3z9U`19X1#)<$-uvzT z&mV4&u-U?o-36xnlEtu;gqXx>OF>wENB+*!p_3^GHute_MQ{>>y0;W8D?T0Wg_rrk z6?y7ExT<}Xfb%6S0kiY)7WR){ujst1og{ypK^d>AP50qLT4vZlC#8a%D_{-n;6XK) zRzP?23%?fHeU*(E=9HtNSMHPvMmN}|#@m3}k1~j;I5-aY9>E4aijOWk^o|<j`y9u_ z#NexN>5--?F}G)E(O|1Q<mqa;Sj<+3LawXxXu{RfmkV~Y|C(1eX)J8d_W&mU2;jJ2 zR;dyX-w48Ro!Cp^JaYf6ekXfuZT@LW&tsbCJixVogI;Xlfxha&M=CWo5Sj7z#&`k) z?n`*an|R!^{r#I9Jp+L@RTkUNS^Ysa9T7!Kg-Y<XrKo9T`o(Oiq{cAa3c?M7S{?IS zY)sOPE4;y>@)nM9+<s{p<ZX1HIuyC|Bn3A(4~VYqykBNm{N6-uqQ=u<kO>RR6wdHC zEEgs|9|cQ6Ju1KbwWXV2#s7@-d<4YxkcvHW>RQHwye={K9(4Cfbpa<Y`!)j!Y<fCE z9r%cHAfL#LSE<yXvVZ4Vy@a2}Pw6CaSYm){wnB0JM(>a2KfI-I97NK~Jg=&E5@iu} zk$ms;_L&LiCV#Je*UwcZ4)scQM|!$i>0XDHS)?k#tpwu#v8#JEL`Miedc@)>-c=QK zt|I>l;&B7I!{{hyW<TrDzg{N0yB{zZWWU6W9BHxRgqG9mCa|)>sM7q$ZW)*7>s7c~ z=fLNm=s%wWgac1K^l9&9KOwJ7FtB3hCZFW#*eVi7lW{-@FO0!_1(aQ2TysV<-$u&A zA5`S=c=>7`(KO3N+J^RzY`|jBdWr7nhlwYObz$(3%VoBJ4r+R*&+K8I!c{;@(*OKa zHy5m9E60h#UrYNva-exA6mnJ_a2KWP57I%URx%Q%L`PlmNk*vuy$4e?3w?7sUf23> zqJ8uWnM$S^kQNN4`K1y~2E)qsCLLDtm`CGYgavXu_xfCKd8-f)2@HUr6?==<OJ>tA zb?xhlk(LxM!@IyClho$6wZ#VjQ2!`Ny5#_ECKLLw-5ZNscE_+oYGsu(&G$51XW|e_ z!VegWeoquuS$h9@;gph`Ro~lkFep1usqqWYmets1m#?C&yR5UGBqR%iqc}&}(8O9m zZe=wk3@}h<y267YSAb~l(G@mdY7G1jS7$<xB+MDi97j5F*zc%!B=d~4S6h#zSH`S8 zUh-d#6#iX}&JBRa>2)MAoiv{8YSNcV&l9;p!qpT!fE95pR|#TU=8yMW%q(e|Z*(h( ze<Xa`LvyE*h}`}zi_BPLLM7;!%R-S=iw!OO8e?;53z&#UkNuDS7zI|mS*!RwUl+JM zAUSe(W_R%)t+EJ^%4ie(2P!4P419d7JO&=-k=sQGn={+}ZR<jZJAQib;9)b>=Pb%G zUdD$zBD=dKH6u?Ttx@tzQ<%?rUL#r-3n0QBX$r>h$8Y{>CfOKx`6I0!aM6EJTUJhn zk3Tn#?$uBu7{ndqHFJ7Z+%#5GQS-V)x~Spn)Cr9{!j7aaONZK_QkEjSukz{4Q?0g_ zGa|LpNeconfiitF0kbTR;rp?|1=1ETp}70nv)MzCS`xHhGeI{F)bG{j02B<V)^H~N zU1w^*O1e8VwQK9_VXHbyo0-{0w)ca$6WOI%6Hk&8R~~{$KkJGR!wuQzOAD#@6=8zU zdgeYJ8Tcw<^P9;%S7r!lsG3VK!alOd!Hj#f15D%t^<-WvgY^Bi!_`gU&}gX#7GPZM z=c<pXEmWS{#&eUu^OWxX7n5QGYLk|Xub8xw9{eaJ&5OY$e<z5)+Es};q)xQi;$lX} zBzc>$O=?VPK5Pqf-j^*K2<5<viO=lrQ<l-6#Z~bQ(x}QrU@D2qm{zM6S*Rp17%6SU zeFee0uB%-Q*evhtK5tFa>aTVEsJP{1p31<^7K{b`MCrHm9hPToTWro7_Y)k)^fz!+ z<#C#ys}^vrF{J~P1M-fJ17VEwKWN0q4s9TilKbBSD%vD@xz7Kk_KMuHj{oFWk~ME* z`2YQIrpehs^gQ-#5m#%ePpXe8umqpewbH(gb%!`vzeo))ELv#R$|~?He`{bw3-(X; zzkxkW-}AuCVq<n|1<Oy=$^sdH362-aUSZ`SeB-ddu4?m2#s4&_qH>__z6wf{3)8-P z%AEnibb3vvw8t&Z_<@<b>8+^*gz#_$9WSfJITihFjvpv8gUI)vUS271poqLS60{*o zL(SBIa^fcTknO}7)-qWE{agZ7e-J6;)sVw!+y000diuZ0)@0E1bT6_>xncg~MW$<= z<M2uj(*Dj4X6mBsH?eiSUCNbmibkCZt_${;wjX}^WGJL&ww##=Tc}nV6LVar>zz#w z4_K`@7k;&QX3moeO=Bm2r{$f|oEqbC>LN$jgTvumIG!cp`hAz^n1+pJz5?`C>FHp? zR4K7`AXY5$Rb7T;%7JkPd9;?Jlw?h!mftD4Jk99XVDXU~0Tz^acn`vFnSqCMT3YrN zL{?;&OE5Yi@<XcHgo6&enr7;j*?Q8ldq)1E|LRx2iBQ{R)lmGvb8j%uDDGp;9t69W zQAToHTK4*?<A8|CO7$fW*<Hyc^^ADzyJnYezEU00w%^+aBo1E$@dzY}n$lIript)@ z>m)bT$wQaS>AXY=*z_y-0}$q{|AhcCk!T3VT^+r6M-fTfDF@4vNYFu;rWfr2YgK~8 zG@oeaP>J`DMab1rf4tnqMBDWT`Mq}hDbFGK^i0Wj@<7hy6(9gt0}`)8{w_mK0$7Bz znhqkW&(0)juX79#CHr&>e<%A#aEX9p7t5XIgTa0TR}+xp7Ny}#S_KmQ{rwf9G;uCS z1WBg1yBx(_lkboY-=*9jkS^D)DhC<@!FQp6htAfPMxtWRndbWQ&&$jhW&2!>S|FBd z$MZ7N?_n<Qrp(ol2{E?Kt9PjTk;5Ac6Z@44+tyyLL@6XMx1A4`h%N9p@1EW3;KsY6 z4g)%y<#nwAAUIBc=C9dY9obqS<a<hv(V6cHmcwff1)khc3r^!b9Sxt3JM;x@H&?sC ztk}gzzk}GBb8$Sq9-A}J?2J6>c*r4-u-ihop>H#ho^Pnf34T11RF1xF5m@yKlV74} z^bgB$ZK!S?`?+lgYYRe&%vm2G$;hu`I`Q$WW>s<_&{O7OtGeYOlD)`}Q4q8ecIu8C zN#L0Mq!bbOX4J^SuPY(fjqFRi%W|~RP_F#kDHVrmoVdO@hzPUf+k6AEq3{yV@MZ>Q zft0<nfwx<!ta3;EEO^(%x%6MDUvp(oJ)U}Em`zD@N_#<}oWY_2|2)3Fs_^v1Zrg%9 zF;dh!Bos<B*hsnaNO(T<)1odrpP3E7xQ-ZpG052kBCr&N;~HSFQM9zC)(>yBz_$mo zH=adtjPoQJ^#3-&Nzn_+(KlbWG}LE~IX`!GZ=((Q%K7xa-oKOJG+<&bR#uOR6?2=F zI$;%_3_6}i6N!oFAuxb@>o5&4zm~W#*nTUXa>vK@5r%jala(UvXX*2`{5j7hEkZo+ zTPhXG|3z66Z<l~d=5nty=z)(abZfE_()W0dl=at6C7Knu8Sx3u<D~}wqU6hu;^v#D zQ>I-T8>I;Ec0moF(={CpzpqxXsDJHZ%d`0)q*qCjlRUX1n#`OU39a7(JZ@pfaj?If z;MX6xa6!}%1i^u%&C@XJ;tX}bk2Vc5hrZm^eCRxAIzN8^viAElx=@b-<KmNtwYNtT za&>}VRaYpGzuVJE-chzfg3w_>g48^W1G<q4&7>-nHbV0&CIVD%#V3^HChfzBX=V^4 zP~y*kCn&{%x*2imYY**wDk7j75vE3ui*LiL(+*3lT-oIV5eF~d!I{~%K(N@z#%IEf zCs$0c_6144lZ;YAz`DRjE=8TRYa0h&)p{DE7ji2GMCdqBQR}I^VZ-<8n!A+4!tf&A zduiasgH?D1$keqSCMMJQN(#G;4<oA)MIGXyo?7_kgoDez1z{B>4XhUoV)u2jiI)C> z(hj?&Sz8~)gD@fMUcUKYy_|*m*ptk&gSJ^=KQA$6FP;+6mt}!8U{65K9BcIcciK_Q zS&o-hIr`31q$JyPZ6pYzlB$y<^8%=I0TP&Dq0a4!p?gA-=lx$B$l$S7F5pZ?y^l!| z=K&rg<*)z$X+8cAC-VRQUF~0EPNPR0X8#f6oSgpaDQP+X;320|7GO@eEu``PivO>0 z=l-o9s`>wP2((RJ{N*GkKVVwjpDisqkSSVp<;(oA@YJ}XB8bdH1$K%NpU4$=ep!`Y z+}b*yF7=YR3@$rfNl`gBJ$<eOzWy0?w%Cjj_t2~OwCsYW?!N&%L8Ymr_}Xo?{UU`c z{(&q>q0;94-r|A+ZgFw(uRw1}VeU=equVffaZQbwxTNGvBPx-;mZT2gjBq<P={E)C zomRr*RaI5TK_y&w2Opwd{1%C?{QQ~YLwfp!2(q@OrbY;s8}-u$*XeR@H#ps`alNnx zfVV}K*Zb+~XRCSoOzzE<Kv|_8kR}X)zTL(`TN_%#>^5@#QQFy_u^yvHsnVP*G14b< zOn-cD9Cn5AqPhlVq`Uueg5=19A0?PgpyVXqayX*B{x989&#*{O_hCszc)CWaKI+~C zm35}ohl<WXpjI#l^ncp=<7KO3w=M=1ZZ2I=(NwLj>Pyav)q7e0rX2DHEZ|F#C1quU zNm;|T_Mf(wrg&PTQ<hz__-uhL3TvY4aizJb>E;Z|D9{1{#fpj1j+{+9m)qIL2hRfz zO9qSI-{e+>GJQE7&=gQc*>3w>St$beIh|FveU@B8WJ;MPleVE}N>qfDy+s__*?I$t zhs<PkxFr&ny8t~Eee%8(K){(XZW31Qp(RySk8f)Uc^c<grlkK=TM@=Dy}mcWwkpwu zfE*)vYayF@%PyEMcDDJ{yC<<JKr*QcL<glhJ2Qvj+UK|ZwOfB7E_x;e&{PX=3tZ`d zaONMU{X<VXV57LG@K#)KnyrV;e;>>i5xu%xRnRYQJ^zk&{qpzGHDDcN|0gQcC)gyA zS$Td0R193(j!yuz;MH}{r~t?q=y%?#gcfk@9rw>#`rh8&O+?l!J8c7eb3fS0D|E99 zK7VcKY80p*y`OG|S?@giLiWPqCGl-grEpYFb|5KPpFOW&hM;#e0{z0k08rcZt-dVI zlllb!<9O7qX*=yM<aALC@JlJRce~_Sq^YeLM);FIX;)sKZw5pbQY)Oydb<6cacwgH zC=6Ae2H?o-Q;~2$U|TQ`h`*_wanlAG8+lB#{6*RC69J1%%(e$aA14%yjdS}1?!E16 z5mK^lsb6Id1$Iw>&j3$3>pwD5X5RH-k(;I$N68=Eh4b;ck=rKEt;p(yB;ozfiq6#| zKLFZ0!A)5=d9v5bPCW7@B9QTMk$qvXEHcW&_{Z+qKYs+e!gnEvlD+^C7#?2%=`1}U zi&VRsv*`*5QorQz=n*Wwv%{mv%G(}-QzwO_&TTIWt!0!TKEdv`4+y}L`hCAYtBei> zA6JVxjd1S<dkko5*r|Ojk2IzOB7NWbO<gM0WL9TAXTOyJ{i~XB6X&nu<HlTopDt6{ zw9^Q2gN?s(@QVuuDq4jMqW1Ml&tJS~APToyv<qBjTF@M)(8_YDim9u*6}(4*HJM%_ zyZlJ_ZK9MheMbW65IX_pw#|0~JogbmugnA@y)9yXBeuIkc|hT5=O?q*Z>9O~qnung zW^Ectthq!c?(r#7zf@eR^Tar9|E2_iAI!vSze@}{p5nc&;|b!7A3cd6q<E7=xU5ba z0=zBH#liVXp<oC2`FhdlZ7-tceB(zGygNfh%PA&GiG50gk%6*<Mv0k31>Vd(!iTE* zV#uk~H3vY#QO_Yr`h4JlZuw<>4}j!+ZQ8A1`63l_z6<iVQZ;?B4FMPh6h4<r1qq{< zEIc~yINh2H0MPjwcbBu~Y$dD70oed{0wCpF==5AjTse>(&E=7!JRaS!0Jy)Pi~vB2 zbE7)jF;eDa`=Myi+jZrq20N_yOOx~$(s>8xhday49)PM=&szx?vGo%;(bQjR=X_@T z8hL^CCbGvH{0U_f3x8EtL)Rz`7rx|SF^gL+_yM@t#XvD@d);yO4RK{WQ1E%`BsuNK z<(tgF^yzD1lj8mEI4fq32PYXKHna7`do>wgf>QBEkSo93m;E`i6BJ4C*1brf|I|}W z4b-m};5N;5{orDzI4Z1_F%<6YeK6Z@31ri}0A^k!yHnpeiUsEHL}wRfy(+{d<?bN* zoygN}!M(R@`#2X=e7WI=8-MyvlHCcGZoOi_Ep-o=mYB4{-+kEvbQ$OWaNg~9i=K!q z-ez<OklA8m#hcI&F!qcWi6;|k{;lTzw~)(xR!VYT0C;sgIiZ4&OK%J`SpMOs0r_Z0 zcYX#@IAAHX^eNii{L&A`1Rdqd2f)clq6w2!fJy)R@M7U=-rTE^0lb&2!MZ+=at}UW zIw1z*1M`@E+SC9EC!6H~mxvU^)?Ul7_P2-Ok9tp-rw_^<=$t%3#wn^=XG!7U$4iNr z5NZpxo?^V(afu3U8<|e&=Dx6eAa_=3-oIucoE9EBJkXJ{6i9%tj~USxI;xCSxhsuo zxlgW8X4ANM7X1e2IEA&*9PR+O_4=cyuzV<H)s91{4<31hswyzt)xrUSd-x_A4^Atf zoz0xf9Py0ey=V^j@lXm8ia_Pli^49u%kVIHMcc_JC2QK|0KjN{i=4cJpKa>;^8@8E zt_`l2w6O8{3F5w6qi{h~T5gS1iI+EsQ#Ixa6&5NS4PG4;$BU<mP~U?m;SasVHE5J4 z26IMB?OWW*?Yb=;)&L}=0W>_o$vQHK!(*-5NW!G9Cqu>5OXeOX*u&^tmi&=1OHTLU zT{DqVU>wYwFZr7W`jAmFz0(+^w|<39hR8%1_>s9kvUTnw61s<bkFm4stB~7~2)mgB zL8S2T7f-)L8?a0DiZMbck?C|m+4s&wjz>1l+b$9J7K-t%iTKmajg4udJAQ9Kr7{!u zEn%)!vIvCd9wE5Xs)Rj0{WNA`)DByraI91iwO|&pjJO}4p5JjjsWH{%&2<+@XylZI zJ%>MNFtQM(eIU_RJXXTQ$TWR%$w2^q`TSV;-Q=-%!*=y}qZIiZQ9QyG6MGffk(QR~ z-wYOALMn!Nzyt`wm$$gCPy-*Oq@p&fc;;N9U~dHV<@O*LW<>Z2SEv*a$ug^%?hOy5 zVM9-9m~A<*v{4xk=Fd*jV_#(8z=ER%&_E1q?Z6vQGGw*^00uGtADGLLPzaDJ{2OmS z8{if(()-;Stxry8O=fCA%7MiHxqC?b{C^?R|G>jO4Qdid;bVoZxGOT5Rz7$SHKhrp z_pEC|Ffop@eh&*C7ht>Z#sL}dGT}aLGz`=tIi+RpMnmGMF8j1|LJy?!;FmuPeXcdm zIB8Zr1z~$6@`!LD<u3X%Og#XIy*A`Y$mzK{7ctcy!>^m5l37qwmzwdw<5FWCI<-n7 z#pWDoN%p%VO4A@h)v!Al8eg{i7Pmj``>QVaE61-QGVxUT-BMWL(_=36=~rPmNKe5& z4O|i6Tb{jq8O?=y>#o%e<4|2)OH~`p6h*K8v4xOBgoc=Dy(E?8+<;KaO{)Bo4E|e+ zz{EUhS!K8knX;mh&GD8rM1ha3A|YvsnwN&K3(*QtQ$P-}daYnTJq^H>p!X~*-Esio z3JNzPPxa%@Fzsw(byc5YAWrHLE*{dLB9?o%rw*$4PcFIGgZS<|<v}zj0Phn=`IFm; zsqhM`Y*w7(&pU|N4uAQr2Me!LRKLMW!&M{Jk2BWZ@}It59rtI}Sw{br*EvEXI#4tb zso4=4)WS65Hc9d;>O%;5W(OI0Rgz8(oQ%};Al!8vo+G<2toD$ii_V7r$%N<%-IM5p z3~bh^7Cu%4&Aa;Er|^g?M`uR`qWLhFCYNMMizfFTOc;B2l}6I(;Z7_GwzB)dn<zhE zaaG@H7g^!~FYP}lh^q7ex!l$gV8&-MSor{7b(m}P?z11t%`pcQ+9^HR?bM)ytcCto zz(KO-&GCAVhV}9n+1mF^L8DmGZc*faG>(PK70FBnBOer%#(%o!C4YvlFHj-Xz{deV zWH-L$R{{H2dIlJTqBMxD44cGXz;2eO972k>0cwulY;qy6{vU2mRXa$$9{c73=m5V? zwT(pAN`SqSNn&bGm}?H~!zp09uVFLy>>P6a?Cq`J-F|ez$rVca&EFmuAWzfR3aAkd zmKW0#a)Sz&OO&~gUTYwMebCGTUkqyv21-0~x~L(U5iS%u6G(ui=tDAHo3Y()USK@q z&5xykJvFs9oL_BuiJ{N*7Juv<RQ=-RtF8pJi3Men0c`NL3(_x_u!Tjlog4r^Da2vC z(IJIb-)9L7xZC5ClWSO$A3N&DKn<l{*f=f^SgfwE0F-GzAJ6o|+r27arvXht-H8BB z_e?n;HlMlx!H}N23je3Qvxtg1VE?^Jmo$u^bV;WuDIwh*(gF_M-8l#dNOuh&Ej_@{ z4I(mhH%NEa{qdf=x&L$SUEjsKV8LP*{FpiOJm2^{cSmIfbv@B{z{G#~p3>_db+b~i zJ?-msyQX6DYeVn-jZV}Uk&B;L%fK2!`sjPTk!%T+DLpL=A(2=#(hrbeI8D??y^t&D zQ;pl;xnLjZyc<v01taF~=2yzX(|xbAqf9tow!7s2M$_}5aQ=GY4Xj8aq6`NDX0N(U zw2y2zvFb>KQyZ2Io_*&E<k(6_TQhi3G4weH$nmF|13#tl5y6Uh2)4)8o)|(jYlQO- zxTpZg0**3bzLU7Db*A9SB^-(EkPv$FdmsE_eJXFalMD6Zc411+RYnmsRJZ5Vd-|81 zzbx=q*A$8*Um!uakU|1NAKnA=4s%=A^l#hCnFgTn@|m9(RRGDa=2<U*LYcG6VHaR4 z7h$qmlonVCAw;;h-5O+LgOC~yqHyiFrP|x+Zd1$NBL}&H7{hGY`~@Da)_kQLdhy@e zQAh{??mJ>q-!@Z;Czn&XYpk>GRq3)&Cw`VMH7hjU#rgH`)8o|cfqYLU5gxCoKD;bv z+A=&!ZNTdRwMV_;K>$YWa=B2iiCu$o%Tm5HE<ffn5Hq{he_RMP2Sx+sC!d5|AM^)U z39~C&Z+6c5L?5_t$atA>biokv55~(jW_KQV0InfY)XrQ)N%C7?nFqn|kHFCC-(ukK ztgH9$F+=CawwsB{!V%vCXFFJcwDAHuDHAHQEZUUhGCE-paTeim4a4Jl^qL1RWCD2B zD@ecA!^LKff&zr_v>-7&=99!%s(`Z8@sm?834@RUHtM&lzjV@<2V(4VJU*uRCvM!Y zP&7jLg1u`jW;9>=mJk?rcXyjD+ne!)_*THrdm~A!Hj?yj;t3ZArU64$t<CQq0qh{V z)}Q_0MA&ziZI8aqX!tKeK#q!V(oUynd|D}w_p3Ud8;Qcc&}e4>V!*+_`NnOU`YGS> z^x=76O7{4NN{#L!<}vvEsR!Q|4ta`XuoLZ>iOB@vDN>94ak;6pVfJ(Rkhjru#i^us z_|NVr-Qmt+*#06L;20cuE}J+|Nc9Lb5!g86SiFkShF`xie8w)i5F4)~@D^A<91l(i zMUU~dzl1N<{)2wFSVM8ZS!Mq7E=w9tKj>K|%VJ%D>-aLVXoTeBdq_4f(IM$-ym(O) zIY<s<ZQZ*&g5sXRC#9urv?WDQ{sAv*sf>$B&lp=UD$T4r@K_wAYbIgxEEa~*71VL^ zr$^T^a|4h)Z}+FNvi=ctUxPlZNKoOG0^{I~+uipg56O1>PD1V1F;~=`Xg2YOi0U9x zbsq(YGA4kA;k1cDMfyUHgsNu^M{kFr6QXvJIku;ux8)=?O~a;N9tK14De~!+0C<Vb z8nN*_e4a?^Pa|uF^y?6FLF~-^)xGNMD-5)_?@5zM<MZQt;O}?8ezg@>4OI4dqLZ44 zBkO)UrRio2REm&vR6+fxmxkrf+Y_W}cEoDJO8pE7@Sk44k?L{l)_u)>QDY3{!ULJ; zItzE=i!AeFZQ&JOk)8GplWmHMc81D)@<Ep^lNG%MY8cloAZiiWfAKd@)5eqRbah7k ze^!3g5VNx-KrRbNYpskF&;4&5D^=hLOY|Qd>uEZ{DhlBcud~Ghq&KEix+mRAVxW6K z{Xcl4y#M6r|HlmT-(UY9QrdqX&VL`y|4nB7|L(n!ppYg+|D<5EhSw(57yf=ov?wSp zs~ex9*Og^n(TRBT7F_2VX@6@d*h=>{RmihiQXI08LPCn+d|OkkF>4iBE{}&fmz?_k z>W5ClEX74N>jxk+%6ge%Y25i&PwhvVEtu^spDGi&7}!d2qg<DH2oo!4bjP%6{cj2o zHvM2;zR?<@!kcP2s<OB)uU>qOS3g4636I3oADsQ8=L9^jD^S2vz@ti1UCL|TnWkR} zg%*NgTd~9sZC|{}zBiGJvu<^Rkb{$T!8M+QQKGe}<+y5Tm&+8$T}kEjwO6_Hp9TPB zwq=?oPS*%s?)Sb45L#6PP-m@ncJB&meA^EZ2sP2k@$vOOW@hHu7`944RrYAom0`SQ zW8s;qw4FOO(EA}*UMZ8(+bbm+v;V#oE>6~nE8=Ch9pkN&p<Vwrc;f@5Y6F~IkDF(= zsL%J9@6kq4L|-4%WI%m=B*yW;2|Xx4GC{9No^@D9LGzQj)mIyt0zS>+iaL6}=~f0p z$l#9?jm4&rY`gKPDGsdxN$MKo*Hyzf%e|TaR}92Va~pWCx`G#3eNwHV)wF)ACjSBv z9$OX5$p5omNMb!$DDLrKq51a19tV4*xgylr4^Qxfuy25Jn|{H@`L(J&K$P3xNIf|@ z`EovUs96Q6K|SdwxZV(nYd};Z#>aJFmP53<R<*Ttg--F|)d;y}*-5-9UG1)uxe!ZL z^K*bR0lKa!OX6pnxz*sdUxfD%L@?<vlgw$b+ll`*WwvZQyWb$*@WW1wIhvn_r4F$` zd6@O8ws`ze=#&9I9Qa_qk%E1Ywv$y}W+;eicpWJpv%{G3GSs<qx-6@9%h!_*A$P;& zH<;<GTB*|~?)Memk1Gy=^|k0xyk+5|%nj|W^|l%)8543QmmAs-SU`j&v1+=?7q^-e zZVYr+=F({v>~u!RL+BX@93_4l6N$_b-8}Ki#*5YOrGB*;wfQa1N`=xYXpC>*BS;h3 zk)z=XKt^9*``<)q^46}u9=)^k(9mG=F8p~|Xzt$^BfwsIND4k2Z3$muY|~C8KFH%3 zxn6EnDay<0X@wa<GjIF2c9^ZZGwy1#Z;4zzJ@ZQ@cCsf5W;ahXwAE8LQ<7RZb0?7V z`81Q?71n7TBzfss<}*wbjZdfjzO)u}9#Anwfla$pAgx-c%vf1jA@*i!#?}Yo$DUTn zz9|ED1A7w;9+S?HGho##d=gxr#7)0oxpK86U24`Cl?Xf}<_TcyO{Va>GT|=-dInVI zdoyD!OF%dm0eBv90H2I+WD1b7)C~*_b{6x!t!%!YX<6$^%y2+vXJ^lz#Cv{5cxuyx zi+ooYj&tw|g;FYa&*2<Hy3G$QU2|fN$PHrb3>WomCU4-sPea+$JMzx+Gtl6^6QQQ! zeKDWE!RJqW`umE-O0B#Rm*=;vhl`V3Tg!DT@50W?-yPOBO=BeBzB+9M-!w9{(ivmf zYXXvprkkc7LJYz5$(r0&YE3Q8!eaHpLO?F1Ki{9@#{mLB`nugnFbwS1_#}s`!2Wrh zE=3O|-ef@AW3<ukY&QU@qf;hA&YooX#gYoZ%E;pXPAcKG<p1bPO7MqPxon`O&%7ii zhclqp@50smVHWMgCO2bS1P;u;>;wQ+!ikLg3j_-uUgts(#;cV6j;-b0L7fJFCA%$b zB@7%&taZexDso`pVuBRq-YdLv!}>8f$?4PYZ2yOAUb9|oWyb5B(fsf!wv%YkFNZt8 zg;C^NutFS}bQwI0AdJCKEfRwW$S)X@C0Hh*QRv;I$Jc)$q8Xu=Q_GJKL(2LN)+*o6 zyfic`VJ(*73zkzWM``x6k-r)1QZ6jCYf+17<Uu?quSj~iWM@ofW3rSLhj5X<`Q`Wa zyk1{@lygdea#FL(hVyPl{0+ZRaN57*y=Uf@8GgMnv-P6f8br*~yK9E-=YV28ybvo+ z#Ysep9@T9}V$$roo22#G@lzWZ2=;!_17e&l2*==`ITVY`ZrWnAG`^ojg($B8e`rmr zZKtI4#t|Xa`qRge!UP=sGh==G39|uI^IO9i%Ob_~{idfTB&{R3V%wxCeaDCV0h>(e zi7CKaW&9N#{SxA0_5~trI0l$O`)#*p+iMj9*NjV`uiE&RA$*2N*QV)0Po5w9y1rdw zfj5Rt{1zTj=V`jPye}<>S>JcpO47q1AxEKAbHR!R=v#A6#F7nX#4;F}WX@{NqWip< zX1KUks?W{f^lIJZ{9d_$%U(%#SXfKWc{m>CzE^v;1Fz<7DKkpbonX|gPbkQhXew~5 z9FZe^+$wgNn2spc|8!V;Fql}}yJKOVS}cW?XGvr7qJuo0x8sfGC4uuW$q)e-p4~H) z=pjXGAVKJ0_6mT5Xe(i64@#91@5C^{&ramQv*TcJ%`m?_-^651^#d3G5AumbmC>J| zGFkq_O(0!<DHkrb(rYSns!ef%YN8X;p`KSD#fd>qGvFIh^{s*k>j1wu#^e!L*j(}Z zHc%1DvyQ|0g6EARzJE@mzJ?@+7oBxtaX?4xj%UW3we6SC3{r6ilLfl?1_)h4&z=%1 zi%isBA-V7m2j(J_8RVByd>er<b@$^kSX;<SD_c2yLLKdgYaN^ChE^i8je%6=V4Avf z!ys=@XH;fFL1aZ6-!SWba++Lo(ZQx}ihpup(I9Vmp?%uu*HtyJ<M@bNHaIOyYtW(y zBax+0TizS`W_L-Z=&;Ul_KS*UiB)mU?gX?6Ax9Af#cWn+nDmMq*c*FjV;cPP-t1Ti z!w#8$9VlPO0^<D9w@)jk%NjI#8ohKX`-?5!&9N#N#a}Y|6oD51uNX~-8nczViZUNZ zwv(=R;65rT8%`RW&yG2i`A#PxVFv`BbPBaXD~hp<ADJxwWNas<Xhq+7%-ilPBzhtt zr1Y{qRxy+>0iwVw4sQg$6meLvWrujydo;Y*e^&4(HrIY9@u3_?9tbfkp1O+Tfcp+G zK}N6)=&&E3xFMlZRu7?4I3uyu?U5dUN~1nvD6F2n=nF5?StXMX4tp1jqGb*V!H}H% zoSmlNEnhk~_S=(fyVx>YKHf@8i9-XYw#m{CIfhTcIE~G>4*u@%_*Y?)(;v*GV?w7N z4P}JO<W;kz5+({C$s4`MR7@7qCV?+|yLz3L`bcV-1^un-xpbiY9l5ZQhqt{%{gRbP zATe65FMtBc2SnP37xBcMd~%-mr6d}HkM{h5GN6G1geR)J6!J|>PlkN17Jh$wemR*? z^y<vr$Zy-+-d2V-3pJ7LvrDh3&QIuTX<mHg@1e1=mV;lxnysN7=Q3#b$4`*RYno@+ zN<Y{UA^d^Hw0Is)5a10I;GB&fe%X=c;jub8aUFoidw_rWA}*&4A98XM)F+i0X}5oe zb=}KCH!@GE<9j|aMvE(oV1L<N#k*_Vh#_8JkdM$iA1s?lLY=cTOxJa2IAKjpSHULN z$*Ny;S>sJTkoh!nW}y|g`HrtBt<V$vaiO->@boutS*-{TXQ*dU9czou?AYfJ!{Wj` zR$JJ?Y%#fnf*Ve=>g2#zN5^F^P57UMS>sg=kh?BX<i4!RPqW@A**Tk<Xi_VXXy`~g z9kCsN!=NBB!_=+<n*KPk=^ggW8vu1t$VVFsIpnyh!5D05gA&}qCcXDh;AlNaP71{r z0Obe?#bC?w6BAI=aRBa4-sRc=d0sd*qUYP4^w2`0gCeS?tUomV))`<YT*n9SO?@5{ z4hB-}9j9_$$6=fwo2XoHwe>vdhj_pomqMx{CMpIfml4)9#%0HtM-CvLD0bFu3K1XJ zQZNcz2z?s>DasxfgqMN#pl}%Kxi?s4Vm75@SVdQRR?X@~9QWzEoSu43guSnB9q#8z z?KAl)_`5L$c={WAnbP{n!iVS@gk|`JeD)g=&U1dT)GwEHc}?DF`gU1Tku#e63AIy} zVFfF`c*ul#1iR1_Jk4ph#0d3hS3WsdmaH@nhb3E(k|%*i*eYg+qWD0ui-uoRm^dzz zaa4HvN{MZS*SvAB;<U0)Mwj9%-mfZN00*=gzWRJBQs~z`fSB|2;<RbPuGIj6@*II+ zRb#W#qx+iTy9>;4{teXk4xcI=U|Zc?RT%b)M|ZBfi^D_6_%tyF7&KAggon;lYI|Me zN4F+NerR(&rV-D@Gz-qh_KmEqH_ZcNG_?GVh;mpWyn!Z*6O$RoQd&?$mt#}i>n_1e ze=*kWFv)2chl}V@eZMoL50RH4I&NkA4#~zlPuujHik`VaY#MKAp0ZcVyMob5i|xZl zUqSQ41@)5jR4x0oOs|pjA1@c(f?dvjPK-^}?<FeDn>h%0jwp_mu+<=}7(jfJ2HSR* z2M?r6%I?wDvLh2(g<x}ExPD-Rn)!<k!tXaHt;H2((kru(##PPaAb|t&P=%f?RZ5iC zF9HKUnMX=Tg_z~$IpymF4E9BD+*Q1zDSga(Suxiyc$^f*Nu;Oq-Gpd8*j7)kb8>3J z`|<VK39r6ZKYwD3Z+Dk5tLYfxvxEHre_t~JqL;5xd!DfV)xSBw*&ll%Xn{ZRUd%g> z)IL7k7CmQq>CiO?U^@|y_e)#8DlzZ-aXoV!bN&jA7@%(#-n~^ubfhIM#iTNJ2<Nec z@Jmi{^wNJL?WH{W2y06~GgDZPyi?B}i07CLH`3!x)_@kOm69@GVl)5Y3C=WF974|X zCbRtHeNcB<h$Sr=Z<p4YKgWu*uNvpYJ0eg1(tyjhRcnN|+oeU@KteC~ZNYF@LG7sA z{n$D<UJdN|iOgtGI67-KfgQfp=yFkq3oT-3C~S0NtBBAUPjpk}`MsN>KUsC@o|GaJ z64-O<u^iSLy&m?g@2mL?<(5M*1Z^$v#3TWts4dR2Z7r{yU-y%m02)V<<QiGm1VPRs zJbWLE*7>*198RxC;fEw8<)bRX3ZZkXIk1A^uJC!Zmi-3Uu)37An8&@af9%wL>(Nyy zKwfi3I2@+Eo=!qKJ(XzOPwfUpI*hKOMvMr)JhwP<33glZbti2DY>x*CEQ2-MhK0#P z(rc=hA>_)DSAi$Fs``4oi7D@?@iv9W6ZPIOv(+RC7o=*jEoRJQSR`D?)U|}`h?k|C z7(_6i3N>jb6(tU<@7on>fEUgWQWx@XJO}Qgcwt6|ywGsh4}*IT^;*#40m+<^Sl)tK zORt8>CXS@U-XC(!?5i4SWP9$|8SLMB*ikU2T9BJLQOFa+(!)CQr{@*EJKId|=~iq; zUDa^tp|0j4w5Bwg|GJ!0`oy7<P_cca_!(6Tvu`<1(xwWD>KNQC#9h2*RPYTxKb?(2 z$6q&iQTf%@vwL}(A*OrCO`G5nb%h2uAcYGw6#wjEYGUeIkOlrWvV&?IF4^lif5}97 z5<D%LVSo{Yhx2kxEQ&C0)9tXl1VK*LR4!C)E(CrEg;&L*?QG6_I^Rc-Q=l(!oe+B( z=+)|6zM!==HwiB<#uqMgG|CO1kzXhquQ93DloGUZ-K}fH0V|a#RJMq+9bf9>++BM# zdipas2<4>k`WAZ9GT=pT<~k`4R*w(;Im{fEzb|29ojNLv?LcgfcLiy>|H{0PK}uHT z(pg(=xjgU|Q3-h-63F$SVp4(2rVgu~?*^c>uEbmOUnkzj*rFo-X><RT6#|V_2Yl-a zc*7wP_Y$?!K@}g%Z>-XsS4apa3I{(|S-yvE0sDIu<@1jHjl_K>^1<BFPeCWW<mjWc zIMDE0@$9V0WZo)HSf82LA8OWxkA7pT)wr}7BEC&q?qKq<yI7F}+-=5v==P%b;dyet z2O1hk#^P6ElQb=#zk4t{+hwF9!_FHD^fjUcoXcn-$2SMG*9K$>sn3$<T!Gmvkqe@m zZ3W`ttU6d|;l_Ex%QT^!oi@0$2~C|u0au%6y|K>Z`cVGPc!L*KIgy>jI?Pw)@vxBO zGIx3iEvhl3xNQH?be3x4HrwPchZglZtNyiNyjOi%(W1Zza^9b$#$tVE+mb(NaI9)3 z5`8)yPBLbE6&R7zybN|k5*PsYIpv$s2|x5lI@B6xbfp0ccKe6!W>#jZsr4J!3<#~Q zSmSK%RcyBe)xHLEJy$KzP48!UYw%K!E((Hzl)uqAY>AD8uDn6JSfKfw6nTmccOD6$ zXvl?kGC219yYmQVtqzQFJ@MZ6=Hl25az=~yT0*BOjj4f2@I=hFllEH?8}|Ftf0+$m z@VzGC5*@}oxA<rjNX|w9>}VWkw(!y3EYVe}#e%m4B+YCLQpHCe)$^3{?+ShtdY$GC zmFJepl9xA_?krgwdmW!&#$O8;S1y$943?aoAm1(^cv=LCgoN)d=3P$JD+{!@-W6fT zO#Ugiw^ER{ZP5}iog+r1`C6+fcFk+(S}o!)FzU;d@0zlQ7v;?~2}S}zAXOjd7p*9P z-qE|^_@ADyWv!N|;a^LzUyR=81R-!Yqa~Rs>}ax(`6-`^4XC;>uOOPlu)5iaDGk8& z4~Bq0bI<q15MpZl;}XeBCp*Sv)N2L&*PJF>gH_MyBWQKPMvr?ipn)BH?y$5i<rrOY z!2n}0|E&&!i!5i|1M#m5t;9PMBKYj@wIvv?jp)^K@M4Q8r6;{Ih|ZJ#PX!dF)Lkcw zwtz<V3OUGSjLl>oQpCL;dE1+IBSV4bcz|&kqdks~zGKl%X<9q}>*uv$fj@A^;B&;R ziq#x8`@4c~<EG!YV8>%)<nh*H@X5~Q$1glP+T<k&U!I|{eL^xsOU=+&DH};WoVPq} zSTQ<r0Ra#DQ9Bcm1zzi*FOK=JHo<_-RzS=^H6eofW2T<3%gw;Lf4h`5sHdVJic+QH zrveiX8}T8YLzjxfV*Prru}*ZM!+gpU^*dWy^zLt$$k$#+W@e-y&56*dJa9`B!HL)` z7MpCbyXQ}zS`la}FA%iq8ymn<tCf7+ciOS`k@u@fV;mpf1UnTgI`#?^xg=z85HWF` z-x;q2e<PW;OM8H>2_oPA=9mPt^q|};!k&&PI(z88Y!NelJbAXAM@?g&FCF7Xjg0(? ziz)`1EflYf98yc`=7IuvRecxko=x96QzRQX6zL~7OjJg(VRdi;bK;5OjwtWmj0C{% z>fkLd;8kR+l-)=QH!&{<mw)T6by`apZ?0ZsKKQ&#sV}jh7uWkvt8n{tM}4Wf@N80k zq_B}^Kekvom5m;fWsr>W7;5xNRG{7TaUa!K$KyE&kKY{VBU-!Ps~kGa>A+0Nz+f)8 zhaC<OhO1kW{A~Qa=73p79WRlRBS?&k86U|6TSqPRpI#j9Nwn&U;;~131<DE@D)Q=R zABEzaO^aeP)vw-v{bt&c$euJU2`me=z0^m3GCZp*+f_8nj#OZ%=Ej2q1qIr*6xI7= zF8U_ggjeN!k8IX3N@zMSLimd!#jzh8#p2h@iMU^JKIGjce%#@X_j3r6xJlAV+t4w0 zylYE2ORVMuRCkirW97ck<#@?XhVZsBdy#23(TZ%Va3?8D!}h#<;7_($9`^!k3*uz4 z3y7l{kiaJvH^Z^Zz4<e}+TFmJt>(qmo`zQJmE6?a_|?`YH|~nonM?Hr?-*3E`NPSB z(xtH^Hu6qFLB{_;D8w)MW65PdeVX~ui}R)3=_x31wQ9>x^}Qm9_s8OqDNyy!RsN3k zJ@EKMLnu+~>gU(R&RNm#@uGu)B;S&&>H*XA0<)is%Kmc^%PFd(s1DHD32z9<8Qq{2 z#eNs>e-UqZ;fO7^Od$$b(~Et5YqXRhx#Z#*Lu3dEy+%rOq>VqqJ>;D=pWw%5?|TDS z4t=S<j|Mo3T>dIG_MzGwY1g@5ge})Iupknc2i07atwYjE5V!ViabX&D(1mxp9JWo1 za^T)F0sp2^9j!R8*$=_;X^22tZRK584%zd=mKFcxstGcrvB}-CjHXnOM#5<=>PX-n zaYa|6tVBm!zh#66!F&`a_svQaKWCb<c@$>1qFDfhkC=qd|2i?b<p)=+<R@s5(-=$_ z-$)yOYW0Top+ahIiQzBisKAP;`ha+UKbkncC(S+F?Bh@*7d7{y7ys#Xm3V8O8bOwj z8?nh<S>wA)NQX!i<bVdX*HJS4E>;R5XSgc(s<sJ&dH#)28{f?{kk^@9zC2xwKWWJW z=27R-ur7R}iG7({dWc3vFnP>tR(G?U6|#_?BxS#^&ti>uEx%bCmcY<@TH(K&H!{dl z7&e$t;mcjXlI_E%`1UYsQW*z4M{JG2@P4U;l&0o&k=eL?f5RI6dXW~Vx<a;L^TQ;0 zmDH?cs5{+}ae(LnbN^W0HV|oqXt-d9U=pysEVtvDN7iG$@kW1UM``kbG}!FpFE=~e zS(Dp0v-<RU0h=U|4Y^0+1pM(wLu4o6ml9r_%n#f|{E5;z5Y)uoh08_7HAC_(WyvcE zzNm;hCyL$cA<JS@DS}Epo?h`rC*N*t>UNc*WtcSReQ)>uGH6YjdNNA;ukRN{KTvuu zHVN|Ti03$N68!|TdVK=5C)NGveUys|+8W3tzfAWOohUHJIz%QG7cTyt1NXe7tWl*% z!Qy)LGjq+Ec4E5Dv|s(U(m4I;c$xKR{y3TPoG9Z&icCVG_ma%^D!EkAw=5QDnkNsU zs@Xoio>D7Ii^-bXq*!K55v@r#V?oiOq{fSoN~FsO^!PDh)tjKetx|z|POa7fNS`_I z<mkAPLfdP*>o)V0G6jYWS~!U$1N#DNd*@v+zsY?nIG6h<|B+$#g2P${sW)UL<RhZ; z6W&jc^%ncKR&f6^^@B#R&{45->#L3`rpk(tYOI(*r=G%+l9GiKd|^b7-vNfF+3?u& z#e9emHCdEI_t=Zhkhnj}j+w@}8L)>{@y{S1bY#cs7+zWmC|5|(Z70_WiiezstPlnL zeun&OoA7>Cd5_h<v*RgxgVsJd)v4MS!|^}+S$!>F<rZqScWmYpS{TRe@(6fu(zx1$ z;Bb|hnPFPOVk);F&fXZ0ZR27N?{r9RA=s^iqgc+FrR45D@|#w(rI6l69HZ+CqaHXB z$$H=)sTIesBAFL-0pb?vFSZID;x`%R9qhRIAr2Z8e>Q|J`V^xvdqnI+R+2&;*{~7P zv#aMuQlt6R#2o7%PF{H~-}^Ud7@(NT=^fL^AfYOyO)HDYFrsdlT5NB4>@f<h=mebV z^rNkiGR)5VBQr@xT#+y^Wd?fulz=h{X)lj-Tubm&ym}!9>qlynmCqnOkKKof4v`sV zRU;QM5C-;2uIc<>X4CZm6_iK6t$~j{9~j&>G@W;oFB$&rxfEDrk7L2@nqg^BI%%;v z_qA%x16xR(Z?5Vnv<j`+p8*;DMW+ggbz|V$gmQgSt&9rntWx$FKQ%Kkim2#3=%O#W zv*u_0B=*{>&ipUf@%%DmsM2f&)(d<eqA(k2h?8JbGv`y*43Zz-N`ImkHOP#?<C6@i zjZ>OT064kl3vIHq7Vp<%&U!uL_)qkFvfsB-t+vLEywCQHMA{-PisV~BsgPJ$e!uiH z%I9d4<D6hM>zU`~YrnpGW8e!A+Sq|TD3nJ~gTZ1c^lvk4ay*~rl%INd*ukDAQM1r< z^G%9kk(0FzbGp^5F@<wCBQ;IjOYt;TD*s4}Oc_EDoQ=?(E=Q5or!3zWyORuK*X?MU zI41N^kM*0<gkj~EO_I@B^?xSQSV82k!VEPvw>j!0t-Gd?wp1~6`c@N1I|=M$Yb628 ztbh59|I|l6aIP#lF(K_YOj2{Cy`m`4UOsjbN&?T{a$2_a;FEI^_$w`tF-R#j;{7#d z@T$&hM*Hq6Do{Y7U_=KZ!1!-Q8{NkoCd*Y?%DX}v&)?x_A>kxJ9fJ7KOkSjYi*@Rg zjz%oPriwynb#F83@TSPPo}*%_<vVrVv`yaRYtlk8`Qa;hPn&@+9h-0T>aV;sopl>D zv=;>@-1WH>ttylbe{<{ePH=uuHdm}s(~X=-NyIfoqCg7HapA!Wk716+@<k@&CnGnG z7vDT2Wq*nz0|BSo=v53<l_S>qkSj%cWIGc7PmtW6-M0FnE+-tn@aIl1{l9b>lf{tD zNcR{Ii%<W&lSir$OM^+RXN%f3?NtxmnX&Fgis>MTufMyfniRu9<G>!gNz;*E4=H6i zI*5LSf~xEX-1Mm6b)D7lM>t&*Cl_@Dqu#zVDC!huhWO6olGK05zVn#T&qySu^iks+ z42PfcMkd#IETlRyeYbX8CW8h#{&-4rqlLUOGyc8KD0&^yW-;taQ_d@NEFG9-aVz~m zqufnu%H?lxE&z6**cct36sB9c!^+*7r`JSFPb(`MEGxBCUEsPIaG7esE!r~j<0-G+ zAuBFRW5l2QTbmY`oLtyD`GePD534xOa!F&hlv(&{FTL2Srxom_E}O;)wkX-25l+-j zYw!C&yzu*$iNC7KF2a*A8vWB-|L0a&k*<o|y+f=<E@C<)pDJXoqS+JD?Vp$l+aZKX zGQf3+6kHcB2gy=@Ko+~z_67aRdsf-FNmeNYx;@eiZ}8uTG^`%9-X2`Eoo+eOSR4KY ziU)t!yK3$%pqbhho@woKQSjWxoT?all<WLemAJgbg2cNn%7<7b!TZ|Uk;U69eW=h2 zx^lSd!0sS4z8bg`BzT7#*^gUJv2;N<43Wz{am9D5?3V`d(%$)eN#V!89s?T=^!{u# zLSNpoE{g+tM?P)*^Q0lsMQ`AB{iJ>Ws>}ZRhq?g5@vTUf$5GbvzN@R392wLpLif+2 z>}1!I-@_QY`|h`daR$>klARSLgPn>*;ucLL!W#qT0r(&V1@-!S%6|GbiEx~A(o2}- z_@@I}&t?F8e%E^PFRgDfV@QxaWaWWNW_XF>_&a(VehIykXnI+5x7ioxzZH*Lirb~q zethLs4|?FFSAMRC2~wgD7G#$P>t_$YJ&P;!4_$WsjTGY3ht%aOMYikFvgOVTgw+)f z55R6_jTq9NP1~)>h*BQ?vC~5ZdEf90WwWJ}!~_3}^Rq!{BiKsbm3d!3j^dRdb<6R? zx`s7Qca9hfv}~p+?M?sC3;H<moI1(eR|S1vVb6)UIpjt$kNM2&i+%2FUr;i89_6C7 zbRMOgMjGAak<Y>#PvMEw*#3ka$wk+{F!<Bf<~0n*7A?}t7v`v5Q((Rb8a4R>)LUbg zT$qOm8pW`vnCXp;(Fr(~I0gPlo4v1pDy`9TnVbt5yJ)CkN0NlC-LWB45XQ(}-&`W( z>?zRsE?*+8EmG^Cd--G&D90vGF^ySfdrnf~JK5t4P?(>56R!Mm2(W{<0hUt1l6_|k z5dRmZBSWR&qVW2c`%ue_>Qc<}IY!_YELN%eWhHjyN}Mz$__n@Be&2|SkqtuLt4MK8 zj*S=&cR7;e@(^lXa9bK)+RagNjB=s*;Svwpx&q+p%gPc=9IK3#ym%1Y&H;ICGzyQL zWNnW(k@Azx`e|P^^D8Xn()a81ZwAc$W&K;v7d7VC3M`8XdHoK`c-tk-_Pp(R&SJf^ zwV^mu6j@rk>4+T`Tm^kw8=UG7@5dIsS-2dvm+TV3x5Hu3)XfN<j;qME-XdF(2EUz} z&i1oE-EYAsQ3)0ke1&{dZ{kp~UnQjtpU9UFjp36p5zOZ}beWQ`<#4N}%%kg3M?uy! z<lH-c_o7R8)MS$+@}Wu_Q8a`kJ>%PAP<akB0jVvu-rq4iyTwp8&pE%@HG15!H~;Z6 zsQ~4go)TCdO*l2^y0JYjgYO8x4~D12;$r_e?dO;3a+Ks0(HcvPJpi3{^y9gUw2P-5 zp-wAf4e94XiMy_Wp4y?mo#M=i67nTh*RzxE`<$MFPn$lHLAO$OA@me~3d}ce_KZFY zQEDA@k2DCpydTWXLPf|m##6$v^n4IqONgT|mdn+h(n>dc;9S(3JCOyCuIPj3RWVX; z;l>Dgk)PJxeS8s-K5Fc6ED88tGf;wAm<ym+MYEjXFPt1qC`{KqGjt3+E02GvoNm(! zZaN&bbl^rnx5p4?GtP+E+)^krPq~<Isk&#r>(Kr@qUl3%Ep@@S!p`huZ9UQ;K87VL z^Pc=?bLQvI^y?iaHP@BZQOn+Q3LlTxY^QD+$<=J>iU{cNkunjqM=vvknyBf16?@`> zy8QXD1w#|d&0DQictQ}tAEO<OW#(CL;%iw!c&qKhIaq<=0S#g(?baWWA?YL$>0w@{ zVYK{-w%Bp_`plHaY{au<cX&c4N|)QfaV#aEd+5{zSXlSxh8J%D?EW@TnU^OuaEbF4 zOCVl_a6R7$`dFQfo903f6*Med1!IBpGTMMccQCP)^F4rM!R|5ju%^c`;xPkhQ|-`! zxqDzf1;y{>l_2~J9}nJKCS3I|Jtbe4a5E%6j}x!z5U6}-^{5#qJP8W_NZ}cpK|)z2 zafdE_pIa(N8t4sCRS&-!c5E^nEuhKtfbqVFs&Qlw3L=H@izNpy9jj(R;^Ax<_<NcL zshhgmdFi^#DYplT?sunucsH|}$HKa_WNClr+$JR!9*>B`_eT2)oL6(+m&hUV-4`~E zatAjR<YVSt+eR`~M|ILm(s$K{%8GrM`3u54!4)5zb}Q@Lnl5$($KW4o)LeCCOS0n; zrzG0>5i+H3rOlAc-e>&!N^*ss@B+myY>BS<dXz>jRmDLMml>;qzU}RM%*4UYVJLyg ze8!O9MU|pQy{Z#-WcsHJB9X*6Yl5(~*R(I|b!CwH8g=E7PTB)lmEY#k{IcLotiZeX zM94N>DW)+Y`NcDaB>Y-O5?i0|m)7nSmdHsltIJ&pzQmeVzIiJ;m{=Pxf}CncU?63f zbpznl4i-KwGHon6F7+#~$N5yn^ai*~adMt0h%}03)IdXmc2(M7cF@cl@uooFB+)Ye zHVqpz*d@-WiRm@1FI04uhT<e->f;A0Y?o{q(aWSYj~`{%idm4Y;A(^40@J21bo5r7 zEtYSTQ)g@_BxQFdOMf3EyGoQ5*#ESbz4y}3TptJvEiTQ!^W=F&Yp*cDm*6ayNX)x~ zUgs*h2iIar1KfR?^Q2_G-Gj@2qdeunHKcK?)ltr(w>Ufcam;M3Wvw435{TgILL@g? z$f5Y1DxVuoDXlLg9H&?BRqnhW%%0yib^uKx)s9s!d{KEvvLxP~DP4^;Y6KbBR9EMf zD}B#)r?HL%G{!f<9U5;(dy9v1aoRvu`xEr<ZbKzw=?drcF!GcHZ8g$`1fd{r*e?NH z^PhARDpZTA?QZuDF)?~Afp--3?0HUPPwUUfI7Y~+&bLc{jgm5X9aB}Em-n|X;RoyX z+(e1w{;R{TdU7@6U*tN*$mPYT*^-ovPMe2uHr;8Db#C7k)zc62sjl>tF1A?TEqqf$ z?wO>AFMu`kLfje4R6i4C`myPwS6yk`ENK|$Fc{W%8-1yM_9!iRl|7K(COd;K0>Kg@ z(P!1_E<gH~Xfy?#U;8qW7b}Bah21Z=`}+o@%L;0XL=rb{Td18YNBCK8jvn{tArXDq z>|%IB5!|=mS3dW-b9W|^VlDpZMPHfM4q3mBf;Z-(rlwGM+&+K2;&Ez~pQ*1T3^67` z-a?9FdTpZ9EremXV2BLBT#}xHzFJJ`Upd=OP98hNaVijXX6T;I`1Vo=yf7o{?w<)& zo+KtQrDFFBJaj$Rae+U*24&K>J)sLyHRTq!{Ag>4%$uw?6`<Ppvb`UPi{#Hse00J` zV|$Zk&UaNz{~=Y9EKuW%`;`0-`panh1_AU+)4(t;ny>QeTY)^>X}HsRtYfuRgpH0s zp6FrcN4T<vPSVeuJGKCwrVx;HV+|Dv_2g<kZJbV!3UzUYs_ONf?n)Pod9^@(g`6Zo z&>wx%dlrsabtOZWMCC#7PptN9AhY$9%AQ!akySOMM}npbSqy}S%*@2550R*~Gu<AY zziV^;(Zp!kM*lZ5M$#060LcRKB3o*$#?r?tnu8^x0Bb3Dc}>9QHA8Pe-W($dZbUZ$ zvSZH1DlNN@L!xpHvAbY5f>tPO?hq!tU%RHnjv(VS<o+idL60rop`CPHPxH4rbgtBV zo2|Ww@X>K!^e*0wio<k(O4$@c+<=Xv^6R4^&FKd!0v~-<R)c>#s*^rHJ%QqmEYNM0 zSLkF>wmXiKVHNv23i`M<7pw5R9nAtfv3|ksi-)usxWaSg;hf;<^4Psf{q#&!uV?E& zwC^kPAJJTq)#x;J*P=qW7rtK&HVH-aNCSU-E^gFZq{<NiF-@-AET77OhvW0b450}6 x;Qt(!`VYtF?JK|+7kUDT{^w{eb-^QA`arSzH=`gS;MVUm*-uK672?K0{|io2T`K?p literal 0 HcmV?d00001 From ad57d68b672c0d41fd660a0132439573576328d1 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 16:54:18 +0100 Subject: [PATCH 0405/1184] Add files via upload --- roles/pbx/files/Wave_sip_phone_connected.png | Bin 0 -> 23473 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/pbx/files/Wave_sip_phone_connected.png diff --git a/roles/pbx/files/Wave_sip_phone_connected.png b/roles/pbx/files/Wave_sip_phone_connected.png new file mode 100644 index 0000000000000000000000000000000000000000..88d85b1cd9bff4c5fb6c967b80a15a8e5786d78d GIT binary patch literal 23473 zcmeFYWmMbI*YDZlPJklCf)yz4?(Ve3-K{tjw*n!!TPaqgg%(S2r?_kJU<uj=cW3xN zGizq<y)S3Yef7M^$v$T#E5CKl&N*j)_h-kx(^AIAp~QLd;sw5{io%B%FJ2PAc!9!! zh4DNhRl{ua{PxoOgR<O<>Iv$<&mA-eSxwm&FQCb|_g3i7eQXaEBkvb4$lm<t^-}c% z)A5TJCQ7Obvbz4}2l<$JX37Cg>p@NAPIDEm!<voTZY#L`6gqg=OrRH9bRrgc5%l3` zX_i<7+u1U5M*zCg7eAIM@D?$sR%8xW(>O<K<K{*`HXLM~bxh{v&&_>o$ny1lV{#*1 zG415Nqwz2)?mZz{<}pMcZ9AIH-2@-19m9!=(5sk(m>U?7XMKMRb#`%q{JQ(8f1*>b z)?j^caS^&wX*e`_1>mUGXS)_c9vn1eWs$Ly#m_G+IB05WT1hXkW~y1Wt@pY+I%3_8 zZhJLzJ)ZP_h<R$$UCCUTuJx$L%&Tz_v50E^RNI;_gbB0d>^-204LI9DcYTq?*f_G6 zI-qWYaVaPiz{pKU7mDZUxy{-flhXI=2v^<DC?+%|*F&nhs><~pUUAHeJA|)|jZHHF zfo$yK8wR;4g51?<eah9jHYxz|SM~~#c6z$Qk<PdhGo|dN$$T@M5|<qGE{|y%UO)Bz zry8FC;~3*Z_t|VBIVPe8JLR^qD>z;C;K4NCFEaCsQABevEi{gMRInOx=S9B+H^72Q zFE*sF8%Ycl`y_o(@yhP~N~NAdrJa+!>e1~#lK4IU0f+ulvVL;qU~jqPZHl~eqN|TU zZ{B-s?EO#O302`kUQ8~#{7lo>^p}`xx6P=;b`g!QO;?14s=R0AP{fPh*-%Ge?esN3 zV}Ah{@>iP%jB)MUUpJ&=jObM~JL<{<5<34$lHt>8TTFiWI3CHoOnSxMr{aMGvSq6I zbA0|z!H7ZI0pSbycaWy^dWGO`jI;RVK1~U6S_H0&ddT!Y9CUfcTQilwiVJ-<0i&PQ z{UiNK?C8A1?plH^7W7ICQsysKPLB=`X%~r|UU5{opZgj+%-!0vxB1)l2MVK1rQK%@ zP3*TiXjACn*09@V>D`{0ml#6gaMijDK<3h5<Yn`*1a`PXW}4pZ5_>_#F@S*(b-w3v zD&%dSLsq#CX!J~}R&7R>403VXE|?_|A2iZ=xb&42=@n_qa!j+j#;c~&&HnD^B&DfD zU~pz9YLmbG99d0`;S!_DR;*UOUVC(^;;AW%(78&mrAH-QrDm=WzEm?s;V&|$DU81Z zckS42XG%tn=cy4?VG`ezgdy^L7-&pmo`;KVWeL?$4y3?Z-Fq)Ro7tJ&wnK|G=k@Ey z<bwr2NdQBEGGExO;L7xC#jU=&NLEUL!#zYN6a{I6=!=cC0*jLT9r`jo=kD8EL$<W6 z`Op&MzjnyLRPu_5;(JQ-nI}hjm8?R+e(llYd0>Tr0PKV%|J8_e;rxjpaCwX9)ubMP zfKn_mH}+j9u3mLU?<3TDwbkdc^QvRAAoTVxWLzRvUC)p_Nd8si-U@?fzl=zh#6^8F z*~&7N1mCO6*4_6RNLnma^H}Te@WFsAK_fxuy2LrLHqXeVwlL4ORf|KY`s0>d5WKQ> zd}2hX|6z_k;DY3yt*X;&!vH5VW$3z~y}0{fwCg^e#(RwSa@69Hk9wCvS`MvJ@RW40 z)1Ls=0ATLpqr;>0TEWa4gzkN0VY69mScrx3YD|>9tTC!%c3D`H{V92+=^m(a4V}*u z_1-`3C1@H1hDltb-osfYav=%GKEM7r(#Vs6^(;=4{hwt8I1Avy$MdpFi>C_<-=mHz zFp{?&TR-LL;`|&BEGXdSDQO-AYjl;}TEyt7NnG#-dVxL>3fxZF?Q&HFKD@oSE=uG6 ziTcKU!wxz0OaEl&>eHF&x<#$8^vqtFK*nuHVqm~sU}o{~icZ(=5$owkLQo&-RT$Lr zU!2eUk<;S8%}Q~hoQJ_=_u8BT&C77<u>A4MDatQ2^!gHcJG(?psNb>tFiBr8tgPf2 zgw|}pn%tWRL-yp0x>r8^(JYc11WF^a0|9})lLn!J<5HpZ6v>QqB7ydeOF+e_i;0Pe zZmSp4UQ8VK)0WphJ}!$;=*!0?aw_|KBBq6>rm(vvI>7aCSbv92QgKDaXp+RKib?CI zpB;CrM~&LS2$Jq2XNx=IwxiCw2w+eALZ71H(}8;!)r9i9lU|>i&fAaT_c6VZUp96x zYQj1mt_P(Xak-l5Oo81StvLqg&EtY9K^i0xuWR~wPn#PW=HjBPkL3&ckTfFin5R># zX{z6qH?@M9rF9+7ug2c#tLr(Jvm18>8Lh3`UT}`@h*8;=zuPMK*u6q~3`VB?L1O;9 zmUS~f43alfRvsih@*fn(5b}#c>FF!wF^cYNjaY3D&h0?{AQdY6X?fIjY%AVYHL=WB zQyzs;;U{`BQ<tVZRFPHK?e6KjvL-(Dts7pxuWLMC)B2C?uAe*9D(uoBj4Ti)+<B5H z%UZrD@Y%V#W#I9y>j_rfcGx-<PaAp-r|0O~7@%^muL*lV!tYJoTKcu5Zno$?Y&{h# z#_!`=Tt__I?@Bj`AGPxf?7h|bf!2LHTP9^^ULX{5d%khC>|BG7@AG(nQ`G(E9X#IR z-ny9!1r#NF|NNWoi^~np^1V#>c_dUE`Y4_qh&cBBG<7a0iIzyW`AM7s$eGr&kBFY2 zGVBhv-pF3l&WFWvVkez7u`6{Y8g$%^DKBr)?(d29^t@<aC86iB9+Du!r}di&KRKxs z?W2InAQ$9()#VUlGN_qe$rQJ1i@W%It|oNOt?fW4m)8bt7WQyK-&smS^t2<~^%_BP zMowQs0K|IbdyYRrU^QG@jH|+n^^=sc*H_=d!L4MGa@}V&EiK=3N+A~>395B>STnEa zT#*83<m09m9w0lzslv5GPt%L2KYuS2<nw2Hbykp|re$T;HnD%Oz+Jn0A@%XeqdT_I zqn6Mo5NCcv>`%-*=vbYLh3erc!sl*T%Srk-UGfk)8yga<|LO7QX_-En+PWrS+&KbB zNqnQs*m^#re&GIe=`LUL4e>N*@sQbZ)p68Nd`10qCjCT`#5?vam0#kvt?RDMGEw4k z(WYp(bGIN!&gOC7LE1U&=_<^9G>a408?W$Y%%KMm;ST_!{oToR_jPWN7TECXK$=~` z3ByD*KF-KIT_-<@2=E04C`5TL!(gs6rK$nj$IT2XF4|vs=s{1vQ3*kx=!l>0C!eSh zFLf*bW7MN7b7IMPob;1N58#)kJA0^;chhlP5)m*=?RPLmMDwJOq1~`s+{8VMuiqy= z{4?mnfdOxZlq24KAaw7zn5T0jl)m@CI^%Q?h!5F71!AEnwZCR~7!13Q&VSyNg?#?$ z-XXglk#s|tXac2HlqBQT>rcI{md6G@<DWF4QtN{oso@i3&W*RK_GX<Eoy4IXRebyK zytqQ0i~F;PtEvtVIn@C{je^x*^nw5@uusj#(#_LF#aJjrq^(AJG%&>CN$5&v09bI+ zAC`YOZwGsLsyaMPA#fRDIbM?%--q<_9SQQ2e;$i|vD6>-$#X~>NNc->wExdq6|`*F ze)oENx2G)qwc|9iW~?Ciba;QSBzYo9{IGd!{1!0p+O(e4v2Vvc+75RpD+v79XxSa{ z4kKf5h9%41ZNy=1kB>aX<#K;1$3za^UR~|F1Y3W+91FS};|w1Qx~mM43-Vns^NaHC z;060PFWRn&L|OoqqP$NgrGS*6H;>X!H<J!rv^nuIJ94RJzDssFCaClweL<&N!%I)0 zXJP#0KgKv?$NG8Ctlo(n_GAY{5-gzfc#ppE<{dVrjs!N<*E;?AVHbaBn9;&&&jnt3 zK9o*95`w+yheLP$LZh=i?6?3+0lWF+r!P%c<P5p!a!eR=aMgFL^ITV&c}wjs{>{;c z5nws0K=Yx8N%qFR3rM$o;YMe-X2!PDuO_v?RS!SkZEbS9r!!=9t=}p{O#F64b1A4M zfc5Sc|H{_l?k0c9&&@F7;VRjEqBHcNW9gwHsBV0%PaU-FdXpm~++Kn^QDx8+qC|ID zFO!TQr91bnE7QWhD+moNAq`@e!tg#DS`{L!Qixf?c&b^@a}VSRFkabKnhM9gQ6N;O zwL<67_}29FynWLog&ei5<LVEPXiE@jxRXasu^X_@S%&k>S~0+=v?vI8=Lac8kYjcG z%F?&*DL#5Uj^*%=Q<<{niq`Ee#<CPpfM2XR_V^&E<)B}($shOnbI3)vw{#-VK~YQ7 zyq+EuzkOnYG~}rZpcA}}Pg~lLOn8hC%0~qEBZDEcp)ww?sY*|a@T$KK<lEzg#gm{R zMISCQ0aDzcWQxT-L1={y|LpAJend;%nSwb+1O>9kou^2FKe_OiqGpks`&)ex?m>9M z@#QHi$#y~^x)i50fT@&XZ$1kzW$>H35x45u7RAM_0D}`RE}@{cz|f}a%dZ7)lSpRg zvy1t8vI_Td!kf9-slBq>01%vP%n>imK_Uv}`^KhN)a4;LwX^&9JZ!h7WiYgU#l?ms zz4GSnE8G0h&W8#XM>(waoFzDow>u_>t}mM?{@JsKLm~;KM8?v2^p&X{1;&h~RED%E zY41d$TTmx#xY*)|25oxd)8noa@g<3=r19fL=*;t?Hz^i=@FGOGMS$|kMcsr+VA|gJ z!~$<ahsE>jnZa>R+Pg^UYgBJ%wy`?E{KM5c5HXN4#Q9eIYQ_7YvTg#Wml!Sefj8+I zH4887Mfj$1U%s;<{KX8KX|zWSH(WtF<l$zOO(C|0V*Uh~rT!)IrdRsD*Mk$RIJQbn z;lK7u0*K3Tb|>7R@zoIW9Cxjm2R{z`KE`X+X15<J1f7T~!{R6QApvVL7N_^U2Z|1y z5c0ydDf8R=^n+sZ!jI&g8x*<1ZA->06vwijv*jJu$qmsxNu>Lr#yGRb8Ge`LvEKdB zuJ&~|ScbHufkQqQ6D$O89x*X!Ge)iB=Ye_36f4hIM$A9(^t|gjN}2Kk2|&=ttFEVz zTtR33FEVy(k)kL&!b9pi+>W2P1BTV*j%2tsYP8+87%d~t6}bc7@4;8|2(t*h-<T$2 zt59d5cZf-zBHqMD@<1o3(e0Erd!-rVzi^yr2S4ABz&@1hyV=cxdoV-Qu?C5!_TA_J zjHLc^YxL<qHfFAi5PE?<T#G=fFEQwp!cJSaeW;H6pFO<Hss{t+j{n8p6MR5}(wV=H z!Hy4L+EH`sdhop)$?hVqEYc3U{Uh5><fL%bw*KG-_$Ay9$G_YSd)$@XfS?iL4N2Pz zco|@EtrTOUd}hQnnrZfw0P}YHjX71<>08Xe88<&YHZNxj8HYnoYZs|54OM)Lb)ieu z=I(79Jh`IZ#~*Kg1syzAy@Bm~_;B>AJNX)`S!P>CL52UVxJ*&eM)|dRp&{j=gh%%0 z5shBU*cR>HBEPVwyLBKl&ZNYdM$js-oeS?ZSJ(aN)TZ|?ifqeXaeR+0D@o~>16(o= ztX>Qb8u07$Mm*lN%f_ZC+Apf=8n=@nm)`J3j;!9EDBMU#bY4$cnK8q%vN9{aShZgJ zhi{PtI97$e%T87i>EwZbej}0p<eO`n_ed|x!fwmxxx&ts!(LS;8Fbyw$qE2S4*&6V z2b@rG6P(ybd^sl;TG(#n+9k12*vrt-!k%385XLRqhN3Vl*#uK`(&M=dzB#GRV7KzR zsB#Z+7D-lJ?IjTB=tF<c5E8?hz7lqm9rhY=G9^!l&MU<uqvE(HaD83Okk#_-RY<P# z1R!cpteuyvqm0{^pA=q#Mp)dLW+dMru{W4|CgUJ2M*sSR^R%tMM(6KnWm}6Sp_|~{ zX+x8V!=zBqY5>ckdQ#p;5<cyBbBRnfpbIS3jA7JQY@(8a_*>J;Kz!1hjNN=<N=!*M zlt}DkOX{%ulcH%prsliDw#XOL{>fth%4O3-wns9%xh2K)hoFPBR7r4%$`?QQA>Q4j z=x$zcC2W>jA<ksre1kg}jw>(WXn0+s9QyC)c4*Zf`Q9yGPV0dcTofhkiObsyWTc~K zg`hDjhiKA8?+O-v{^n%Z<5?sHR8vgkKPTbR)^K`cCZFHo3SC^O)AQ-moyJgTevcrJ z4yLau4~nJ@bOcaw6x2<M!kFu|v6@PUS<s@7Pn1`*#Qv57$WD|cpc^r;-1Yk%IyJm9 z$WF7JCT)5s*hCo^@@c4RS4!Y~k$<<tn>qoq!pmbNS!R4#_kE7+uIy;d;ptR-aH&YD zSjLSq?wZv&S^TTR5KX~L+@@q@H;Cc9Va#tYT{&XGcoePxSxzKx(9?4uGyiCQSLdBv zN6z_WpZ3@M(k#WApBd|wiM-^%pK#nnblIZt6z+yZK=~B3sb9NF8cew|&_~EDofrvz zoouD|0)0RyckH`IXgh5pzm_2i?D{(#B<HK_?>X#aNbE2X@3|Yu0aaK8X6FrtnkJAh zpwIjc?McA9(3Tj&orqnCIqCKc$@<OPXcG#Z5Y+(KBmyw3hf~nivAehCx%GjQxt7~~ z&UkOkH(T)kE|bJtDc`a`zz&A3qaRj<-5SE49(4APV;8x6;0E{Y^5rljNy97pw_r@w z;j&arcKIk<+x500L==@0hi<TimNV~Nws4-EazIqTUeS2t&!#nH=|myujBCieGpr-& zz_=2V06Jss1EHmQjUPjgPMQnWg~j|8Iaa3U5wOfxij0~1jQoehXrebqWsklPG3XY= zPWLDVPRPGlOv2Ac)-h>~jd~CuulosiH!+Wush#q8O|zO=DLmIutiNJaw3Ug+&^X2X zO+2ILO%$2WIr{vCkR!a=Ml;ntj~u~s3}S~f(8ge7VNKTFKi}R$zmRvI{u+0lK%Ibp z#YAbDldY@qgxgtH20eN*`m*dwwR7D_i~GWPxrRC?&%Xb&i`(x07V{y2iyaSCmz^-e zfIS~Gn4$vFy7=z;>6Qo6zFC%dXRD4Dc~VfiVPgK~;plgilA>aAB3k*Bu8XDg;K^X8 z;c!V9o77ziDd4KE)QZob`*P}xUg*<(ZIX1B$o>2Pr-0fMuC_G6XXzxkFqpK4Bza)~ z`VTQ=2Aqfmd0^hlN|0>=df#XRFn?>S*zAmkU-ya36QjQc^S(l;iBMA=nqKz%(_l@l z`Hn}uJnig@Wnar_R-9Q7=$^ls=kOb!``}M+gqoijk0D)0@8^+m?bcgur2!U_i+O@2 z3{NRx(SJ-$!J<$5pBijG*Xxc5fZYCD38IeC0}JyEMi3wf$Nd1NsB%sn3$S*lxC|G- zcYPl0ohnLXHi-fZ<Kel2jhR|z_LHt(J-xHouaO+65py}tj=MP$Qc}ii@WuB{>K=lU z$t93JA6b*QF~w9a_cvnFF^Fj0%ml(uhax={Xu$@ZAK-)5H*8(N?NReLzP6p27hf_1 zqAw<hk2Q{a`Km?oMxPM+2|oeWVZ1!`MX!~};R~gxT}&4jaq;MA-5$HqUhANZP(W&D zZB()Yv<AVZ2WJ@$H9n|OxXO^bW<T6QtX&&8M-EXESwHd8F{Lh2pDB$XFGsLq;^jg@ z@-s(Bg{4w5A?*H}`15vt57kV;z>>BFm!L4WH|MvVUeMvVL|0U+Lv$?SaLCxbso(o| z*P~4spIlg8zLMK_#@JEG!go<}Ja50ZwVdn5>86yG8Tmfe=;OQeYfjt5!63Uq%dyGG zn-Hhw_ilWcW(z&BIV%;_-4M4M6_}NwL4lLf6hSZMOE9fS-`5Puy-J<M!NxpuntA*n z+D@2}itVoZ56Qi~?z~hxXKZZjdRy5tF9scMyvnIE>*8%EgA6}t=kpCS`_)q&^~1+q z@z*+YFB=mHS(tcqHI9cWZhDh4u+8ZE3TiQr7>5<n7B-5f4s1x3$oj46gMHJQ%$}91 z>F1cmYJPtDmDG*Ff{W1A#?M9%cyO+y%~w~mr}`>0=*llHiNunSaRyK73B`}7{kp_* z`@$F?rpB3k2dcok(fOHW7d_y@N-*-k_q@mEU?XzZFhnQh3;EKrI~=ut<)>9`=I<Xq z0x)c48mABwVUwdQ&6^6ClH+c>6rpg26td9^x}erCRYArcnpm58oe-G7<_1`oIRJ-4 zTF%hg&8QcX7Ao_x?DPGiz%?6po{gI=?F1<cm;HW)h(&_IkN5o#yes}RYtWI-W>7Qe zx>I)}q`bij=fuUKOnJ-3yV?w)UuEvlvG!tTTw0`liFSSI!0o`d4j;CXT+yHR)}Ehg z%(%l<ugMjvWRO{=Us-E(M$puFxwA?jW-T9YPwcVT1QTi#xw!j{j{9?hva0{z!&7n1 z*<9YY&v4zRWY~P3#To64aWe*R{IQ!b6wo=`<3O-zaHsWQEpsGDcKsyD52Q_VoS$`F z{mz_kEJ(>Hx$oMGE6J5oid*b)zNwQG{24SE5Nw|=TyS=ScCYv(q7VsZ9F~zl+!@<k zuLv@l_Qc(R7T5QE9p!Tq2oSaVJrEz0Y|R|8@!(G+jX@y+2WAxq(xL4`o&MuB2R7@S z-H&%=giD)L9PKK;*2>X>O^qOo_iTDS3I~UD#BD+;V}Y)@oSdAEK?`ekS2djr`j?fE z11|0dx10<!b6>RK7A6}<3UL{L;|B0{DmtPeoKC@+p))bxy#tc0G}>g?<L7_3!r-MI zZX**2cxfqZ<*Ah*T^zn=8gelQZ{yF4mN|)4?`*0KsEaSTV@YuIq@!-X7KtO+i1w%F z1E6ciIIxS0UA{C-Cg{z@)?Ze2Hc?+3yyZ;xT_!xVaB6blT3($~Z4CWK<U1PY>buQ- zSUc`k<ag6tX6#t|mY<*&KVNeG=;fUGX3lR0qm_r4)%$Di17YnoYd`L;-b3TSXinHI z2v@ZbH&)m`82=+Cdn8qxjC`plm{7G%n35NmgP>w9D+~>U$N^s5!yQ*F?*1+8C;XYj zvhdpU&JYOf3>@60m%fB1M_EXRUiShC3U$9tD~HSK8t$t59R=@-_lO3EClMN*4Qnaj zy}XSMyN*7FvPczuJ_bn556*m7?<K#!=9&FZxKAh58(#&Oq{WD`^~0A8^DX^|zxKA( zlL)jmF=((f{=j+pyELG&-RkQq3}!o;`vbOVGTP{`*JZZ`y$t+J@<Xe!DnzdWPa3hv zDXXF{ZR^a&Ud1;YRnjr3?`C49?I%UUgcjd-cR}|lGU1!9fC~sDng+hbXoG{PdK`e< zZToz8&$=dU=ZNp$@7WmA0*+wj>;EWo2?iX;oaTKI-0decq@4|Shkjk+cwwQJe+tpn zQHVCE_@`%Nc>D=4kr-AR-suab-kK1;wX=e&#b-r~<ZdRr)AlIjD5#elvACn|#U1ij zy_Y8@*__cbn38`Y2kXSeu8*0vkn!i)fWfJcRPCl~pBOG@V~5?3WSf;O_d=U_iB<gt z?fSWG3}mGch%n9|cyZEHt;YQbLS2y4?l9@19#G;V?7OTFvz5eO)&ICxm$=$FDZd*T ziRY#?m6RW&k1~%TpNOn(;~Gmpb~Tg&KFfri{K3j(MKUiS7}t=iqldMlrF;2ZSjg2X zdF88#-JrJMyst;d({Upyo!7g(h$$vFMh(w2ve8J9V<XMZs(8BmkjtgZ+l4MEQ18N- zd&@-@58CEgntB!ocHvjsM;vxVvRHp15>V;hc-ozy%LYb8WlaXVkw;}T80l&kcU7(b z*E{O3FTY(P`@~0+skWJ<kE1S^eR7X~rOESJLl<&fa<}>Mf|PhRCCQ>2sO`L4cVXw% zMnYA7ahg@Wi|w)eRpZHmtr@c|W<AlE^0t@^8k;oB-hXocd|uLyWDW-N-s4ePy^u0Y z{LOO|4(xP}mqrU;ge3EL92^`(l3|4+R&W63F2~dkx!ju<7gy+`;AC48<!b(`Z!Pp% zc!^pfaFFGArAZqX7B-UOW`y=kERUtHE@y?|^?f((l?n#T&Tz(&GWToMpbsh#&)wW( z<dyi3`neyjruKuE)wSuZSxcUpYw23fjRAjFiI?2w_gp`vUv+vrd@^iMC|UP*Y%d!Z zhb83)$7${te5``O4yKZBeD~@DxYQDNBEcTyj%7R{sLl}>W7KH#=)nCQ<fFhME9>(D za;{cXx3UR*q~s*STwlxQvr_}$fWilo!ax!9m{uD-%23G~1c<Y^FHkCDSTWkJeSFj> z?Dzo)Lh@MjT-?0cacx>7LoEMUB>@Y@EIh|}^3;&DFS$2iVV6%47m?o-!if<}LoxDH zj?UXUv3l-2l5ph!35C{g<NNFDpYqHCM<m2M80+}$>lbm8^4-INr=jx*dad)#kT-RS zX4R~kuKJG0JQzJNejK50X4vqVR$X@9nOECJp26aha>wr<f@7zQ!T0IWN6;Wst<%&g zIzuvnP`8HD?~l)dZip3MCL9+(!vu=wWPb6>Aj*9p^f(fTXML8M9LyAhrM=5QhlNV_ z!jPl8)r0)-^!fsT2ck1(nx^dG#k01)s2yFS+!2?$8P;Cj&bDxK$n#XX{vdtEZki4! zv6yy1WchS%gmt5nFFtFrBY?u}uKjJ_;WycMYs6%TCACND;dJe5<NcG<=$Z0HJIaK% z14+A}Pbb9UHyKgggTB&3Xl%k-ZKgc`+Q&7I|2VBBhE^^mS6RT^k;3i}`Q)#g1>?+Z zg_1`)0ZFB!n<-%d(i)ZaT=eJ#$|qJ)Puhm%mi}T=AGU0kZurRs{43*-HC=1-l}04Y z;@qu!#gHu#veAYGb1KkoABi?z`qyg*MCO~s0*w2*!Uqnlft%ez;NiJOj#z(^1Y*ci zk0+q@Sw{7^!i;|zE%*uM+7vZxTuD@koy1SrBZ`HxU{UY*-or3BW_f?9&h$5j1i%kj z)wKLeucAkEMNe)+?o@(SPJ+rGyuR#VImmc=Uz{!c@_1jxz^`jH_-x#_Tiu+xlHd@* zlQU8imSf6!VNlfpb;MtTyk6#LJ#!PkIoC-5KJww^0OZ!Z)gA|FC~2ifC(q+szZ{P# z(y9;E0JAH39@L5<1df$>;t&c154u&%6zitv1l)iBLR5I{ef>>J&(q?h=e;K_Or-H- z^a5gOIN*#KKd`CmYqe>L#%LZ1A*!da=&WB~U*DDcL*1C8W91gbBNFY;cmC|AJy>!* z6ZbN&h`;KE4YLQ);ExB5x~?|*4-*Hiy;uH{>|ePK^9@nY#f`l?0k0hl3RkT<j%IN+ zopDPDODH7|0sfVSZx^Jm*V-BC8Q4<DCl>;-Uj_u58eq_ewxI2hR0^z2sXWMN@XVv& zi%i%|ZO~6RfNlsaPzJ3TldL1<Spg(HF=q_#bwAs++tWVX=X04xhG>p!2JE!@DS&OF zilfEpM6Q35=Cd;MQqvdU?<=VwD#*@IXT44Rvx(YHSHs6mnqW%8Z6+PHS3%;Hv*cAx zAAE89soZ{kbiL3N^1Ix(9M)YuaTD18Z0{%7Ex~`X=6zi>@jJ(}ftfDwLKfIbOl9h_ z!V67hebq}7pQY$BMZ`gQSZ(>{g_Qy?w%kUjO|y%4XiV!9lvXkN0$}n){@}^AU`O-v z<-Kxh{G*j)aMYs3^JDowQuoVrtYTmGKeSU?niwp#Hlwc?y03Of&hK^n8%rW^{{E-0 z!~!**{_&OT;5TbR?1S2!Ur_u5fwyVE$q=5cVHTArz~-o1n6nOUbhNiW0gJ!G(#(7J z^dI#`K|$%`UxbE#X#T|_ti(rD<vPvW@=U@<>YC8He-i=Jdw$PV?<OJptP%m%>m;A( zj~2XzCEOwwnu~)HSP0rj1YH<~#3=ybvQ61|dc3pTtaM!FoYhBxKJ<N^B}0p$TRY}K z0)AMkk;z8>);<wUa2}VF5b>{kk6s9)pyX&FR@(O*JOLD)&q?8FPg5)?w~X+|RsQ-; z%GZ`Co>O{NDL0VsrnTUY{gkz}f}|7!c+?Jm4+^hhAWf8%4{P20jSAdi+1!LFGM<$| zU&KYRV*z*Zh$-=xsC)oZHyb<=bIMnoXtZU696z}!Yb;$hLMXd|<|P)C(pQ|PUCSO< zeX<8)3N$Ah;P02gqM|J)-f%6=s?F+gz7U1yry-{nTRB+A1O^D~1LR^P;mtNlYkDf7 zL4)~L(a)hKwnLupziK(J-PJ1)jT{z~B`<JfxD5we8bb2?>FskJ?Il%}Pm{V>sR<y3 z|8D;Ongd=oweK?<ALJN76r}k0_>t<*Ucm7Be`}Lt-O}Z5sfR_cr0ls0PDHJc!{QZ- zOE1%+F(j3XnSSr$^pWzvtfFCkdIdgW;{T!HVwwxrqX$vY)T)30!_6rw>L7rVisG}a z@}GhKYF-81o+B;j6)5}1sV@FcBj?ZmWwc^E+!|n|g8xg@_<z3g-`4+o0{?q9{(Cn5 z?|;*OJHvlF!~a%icy)Jsi=iI{u>SOFbo=!8FMwP^lC_Bm?7u96@znoS(EgwF?f);` z;iys`rHNti-6&s${hZY*1U_^?o{g^~Rg}<<7k&0*>MbbfRo3;J=dsYaT1c}YtoKIK zSALO&Ott781biD<Q8Q|0W|lukimWuukUe)P-q?O0eRlejaAI_HH1PowWwr&LXE2G1 zvb^NsX7NsBD@DH6V%-b&+n%jD3>Bq|q<{>EgLY63TP@b`umlw60QL%RM*)*^x5}BD z_mb^<$IE$Mx020Vu4tQ^+xPO&Dqh`tPtv-y6?M`vB}-lUFY*?E;=!lCer9w^ybEkY z4X^yS&G+tgBnV=z<2LDok=BSi`H-=_U#&x%thKSnm`u^W_AN!?eh&d*%nu(C<`BdT z7If3ANa*gbd#NCqrCuJ0dcj>2Gx@O7cn2nXBt%ZSg0<KEOI_j9$_H#r$sFdyzNP%_ zDJcnR*Tuj=Tq`#wr3h@Pll^b+hN|R2j2i9MMgD*3dHUfvm!boQJ6qObg;dw?ypNx# zxr-o`*6?V-q~6bk;a*jeESWY*#ypE)%&4vD{vd}`59^=0we#~r$fKhsweQ4iK=}NE zFi352amsOZb+xg<yF&8#H)^Bjrcy4S-7nYmHASrX<r!;bpm)M}K0nLK>qUAF^Vkl{ zc%M7>A$h{N#YM|iSX)(ffhs&WG+IDdxCwM&r_E9KCYh7BGk>g<DNAp--|OG(Pv3ng zuIugj>-j%_Xin|r?$D6`{?%s9XQfzxERNuZ+(Q=3??*GeVubCKz6J&b9h?jTo5~8! zH&6D@YM0$KHOCJrT?Z0g`|cG*gU>TZN&VhzvL}XwJm_BrJAHH`*tXybh?eaiiT7TS zIlo@vSa5Q2Ils>83Czz%&nHX#)xW8bGyO}y#@N+)zPh2>6;?Tlq}v_)DhS&d%W?hl zL$fYaTiILPyS%P6=bX1jcul@l?94yNv;w_GzO(;<un|{p@(+f#`ghxog7u54gGM*+ zvIZZG9VX|+<|Sqg$GW((%|UkY16<+9`9@vj!BtY8dyVwXyWC8@_BH*=u4+q3^G@^G z`JG)-_0@SmwJ!97e*MSk8u&sIv2H0RSRgs?uq2ssfWb%thrTHM-D@Y6adS&gY4pL$ zr_=4xgJ-w~i}d3Bk9HFodD1&4NpDC03WJ(PQg(gN_A`C7TRi*m`SK}#LAlA>2qTFJ z)7I9GAwl^~3}p}84%vqeM(|AJ3Qs0^(lZg3XY^%)o9#x){=;<kJd(F>pwnxDc&&Os z8_~gx_Yb0_jBb)0l10?k_gNf9*2z-0<utyFR=!iRm{F%+MLexpE&7gzSqkyol5n3q z2WiL^Ko3}<kp{Z=?;k-O+%p3W)(_t%Km<cH3(R4|4)+qLLyVWtnfd2vuWh_gdR<IR zOs+LX{DLrg{h2eGj<VA)AH{n0mql|k!~sf=ym;y`f91HghTWDj8z4rBTTtLtW4ES{ ztI63o9`$W`Kfms7ZSOFJwr)plPOL-AJhb=WGIM-Ou`Yk9ZAt0^%zuD&L}kk25+t%- zv#DHF;X)E0GH+ZOymuczf5h<N(%IV#0iQ|3UE;?Yes4q1B!i*j_)5;(I~`Z$k=N_; zz5ltr?#SOiWzo+pD>s*r1a%fpg#61tBBEVCe>(A`-Jv2B?G#=)Ii7#$iw7&oFHQ4j zW3qER8hyA?SvNj<IPADuOZm}DC@ld}Hw5(tT(4W8K?i3})l@`@v_Xe4j7eDdv9%1G z0zwGYuc{7Xk<WDa(lbUtbNYF6%RqyKAZ!zVfhmb2{GwUY^f~Eb7Y{UZNoUrq-AtC2 z!ji9I-QaF@b^A^yl;^jVs{FMn7Lo+>lbhMoq!^_mPs1QjQ~S9vIvlkWW$RsN67Kfq zDfoo4&Bu9;>x<y9mT2=_qtDlnYs{-9o$<Q;@XiRDPM^#Uq#z6Ij6l!?I=A0BnALhQ z<3wKISv#KZI6u4KoR~>VxE@{o%;1y$!vOW2P1<}|%$6fY{RSxh)+g6;HX$zmz4SzZ zor$*WcX^-A4-M?ZxH!se-FJcK>Dp4Fx~7DQ_p96~%m}I~cEt5FSTJBemS@EuJS5jD zLQ938h_@KMzPPvXcy~l7Ntc-MuxZA71;VIF3F!!tr3*WWw?KPu2(gq^A+-D401bTz zY&&R#?Kf{G*U9e!DNiG83>~zkAL=FVk9*;HE#A8XJBnjXA*ouY*?~i8x5SEt7ns0c zp1zaPbS<17l@-91q1NvzOGM0<+Cu*t(-yv2c@C}_($O#p&)kAIembU`sUHN$rhg1d z?B6uni>~}zL(iu8?h3_e>nbRBmVeGYt6Seh=Nmk8C2OIM$hdSDXPeydawK%P-_`fJ zQs1P@uETY$y?f_VbrU(4#0r<hnL_TGVdGo3qE~fkgs!Vxp7h-ZV)d_cisbly%`kfp z2fq>*qQJrX(-b1tHeMhpE<lUJa`{ns^^*?Z^}VUjoZjWEj&{_82pek$MlUuFKcr9r zt=#f_R##(%#&3nFl8KExi)2t$7(caHN7Yk6W=3X>PN+0dZP+6wm@e6Rd%ZBDCs>X? zV>n<^ni~rRKjl-ZIoLr!De$j2*{YREQ{cjmMuCKADJuI}0{;Y7sF3>_^$gC#8{of$ zy3YzRVV|}_0O)>LSTu|$HdOJTB+e`%JDK2|-jbwL+Dp`Vtls_qBr%Hq#NQ33PhAC3 zTKh~^MYKn9-A#S3*(Y<Ejs_M~5lTX53YHfgLcSBUH7r|M7<KknFU`1jq&r+g%EpB* zGWXy6HD%-YUJQh`m9;IYC3;te+y<M}dR6&c25ls2&YPXK!u~jrx)+9rE4E)cQe-O1 zp%%UP9FZW2BG=vivV#ovisCW!qQU|l-KJcAb2INbYt$qwVco0n3BVjETS+`ne}~IV z|I@KA8b|T|KawgPbAEol)wLWgK$()(sdy%pYbG8ml{u--mepfY@@g@P+?+z8wDI(i zFlM)wC41@C2YIkxH%VZpm>1*xDaMM`rp9bsbDTauhG~i-XjQ?y&E6G2Gm^?vq6guQ zN^=&xnfj_~j<`=Ryl0v%3^?138vY>mqwrzhp(yEt{dM<CPdn*eq&im%lgpo9`qid( z?E2LZokG8VzdKJ#EH$t#!xrw+V)X<4nrh3{3kv53>|y2x?j~j`hbC(d7Ed>kmxgc^ zlNICBKED8)^ZE?QBt>#>a@vZsV`GWRwb0yovxbsUbmyOykUz;^?8A-`=t83%jcrW> ze07|7wqH0s)rUrN=<yf8jz#-PMP#b^!dvYB#d^^M;ox(S;i3E%JEKNZsTofj8Q=}% zr({ewIycl9>mN}nd9JFkFNfsGquZ<Y+A!x|U|Go?be@2n`NCvYpb%?qO$k+UGOY9w z4c%(v1~x1fr#FwKu@dwlF>gZmXoj-~egr2uhDBudm9jZ~<3QN5pV9WE7UZki%&09x z+X20T&hwz6w+NI{BK4^Hqfx%N1?y8<BKX%n*IqEb@4ugAJLz4I%I#myelJ`4$6ol% zPAf;jsbQboun2wl<{f6#MLxweFAMdbKs5`?dV5Q-Ni5{JZUx!4)5@xb*=V_$HJSoU z3VD`bOJMBA0CoF{5!m>0JHH$tuxV*{-X>b;95(Wy3^P__4z^M`&8#P}e_Pve9uXyE zQ|zpL^xFwFeKWxL6bUv=sX@I{LOd(*`<7A=>P#AA7}l4DGKLQ)&59K0%yIbEvWlD5 zdIn>QBswwzjmr^Ms{KER`^-6MVc7t8g!a9m^$3af4*HjyvQrw*Eh68$gQn>7q6tH5 zL!-Pp4|osHu-Xa{P-HtpM@}Apf2i{Tg^Z*}rsc&=B7~<f5-ZLA(4ME>3PH_EI5R2b zR+t9NAPwj@1D02j-^KYOX_`@EWFX@!m=^$cVz~U&TV=6wC!I3%Zrl8jSyePl^*8e- zeL&vu_M8Kib;BS0!1?AgbpV@zwYDQm0eIptF4I)uOPbl=+o|2Z2Zw%8OR?|!WH#R? zxg@<BJD%nSmxC;PGeWk|S(atDwVXLJDr;tJ%#4N`jU%g0r{8{`-2#vLN>@!NvV~RB zcdfl^YWfclB-hQ4#f8TzniF=l>IeG|3dcuhFYx%KzJ%vz{q?4ZI!>Z_zKNTFNT8IZ z>ZBaK&Num`>>j!M7<O+dT`fdZ3;?qrx`>wnfM<m`P-M0vB4T4c8FW#ygep-q(u>?t z_2GBZb!K29l#O_^WnNpSzO%=(Tl_Koo~tza^sAt^KC55j>v`9sHMcs4@kZiFbAORL zl#v(8E$`N2aOW9GD*NbZdq3F9<pgknkFntIq8&f1s|dqAXsy**WCNpZD*stM=M?xk zKNq2=SK7G)JGOt3F6ZudlRo&4AB-N{-U%&ovM(%dR;_UvuSEPhUk1_$^gjL@`|GRJ zwuAy~q?YP++1YCG-9%L%(`1Lu>bmz2Fq>Rns|9@=Hb$;4+bB~D3{yH4YwUq-=`sZw z_$bO&`I*VEx4OQr@On}dHhue0Ti9cpj}Zj~Mf$MOW~Q0*T%zcrQ9qV1CNyk{_=f$C z$rPAM0btF?0@V>pcChvUb)Ik=V}t~D0N_wWw3J?mLjjXF)@ij6z&-Ps;+>KJ-B=hi zIF@_xZ@;$KO{uJN!Y3~l0`jqt=zBWC*2Zlz)%}($Qd3}&!|MfSalV-tECw!zd>?&^ zQ@mY>wF>Ye*_-t_#TQfbH*m$7ip#mLWNox;vMTzH*4)~!IVjks%=KKzhT@`N{&mM2 zahpfo+yj)E#U%&)Rg<a`+smFCdxyz9H)K!~?1xvO<XYj<t=hD{>yn%B$|;peLnEx_ zuO^VZn%o+y+!W$BSPlZ=CI8a?Zlfxz;I9<^uwPQ_SqApGPn8v@_d(7_DXAHr@CM9# z-qB2sQmh-7mkUUNA_t;@Gq0-%sRyC6i`vOblt#(B18ZSn5#?5%01Jd-AjJ=}hmwlk zGw$C!yAIM1MikZXXnza8RiAFF=@j9BrGsYtiO!I>Y4SBu+tKL6XW1h391>U0^rbgL zuV@nesmz*()F|thP3*Vjq^VdwV6eF_;e(#^+N}NR1?Rl{lUmTpHq*LvOY9P$4lD$` znsu+kAn&%9b_gA`%^lKNT*?1MRy8ZpeT)3+@~5%DgN5~;xHV;0rz)oJqQh>M3_FT~ zooLkYx!|_w)H4A?*{1mO&jj7I@m!(kk@%q$x=`fr0FnEt4Qsna3qZExnhyPv)b&PW zuPyuEmoxE&U)(4uvR<FCXj6>vl$Lx*k=E$*atV`POJhdRY^wGCU0D_tIg-7hzl55; z@Gd-0Eiim^Ne5OAdOR<Ce6tb&y+AC<FI&zG)-H-COe6yq>1}yVPfC@dKE=@gwV`Nh zvl=%{3kagEUg8Uzp4xI9t?MlMK3;okkK}A-eU<B?G;bTNM^#m_=rX!s+t^<*`*no5 zqEWAM%lua2X7td)CHnks*zKnwv|GQGq3Y-#G$5MBt!_7PcZYo3!dOr!K~3dj5beCD zXIh5ZV6WCIH4aB+U^bVTn8<K+lpLXqwieewoSKNP+eGXg!sqghX?imqabJ$lOb;5h zw-nq@UZ)J?(-#>x=*hhM1t=>J`hc{6J!2T{0NUMjVF6>1;JMHp(M-6d-_=$x?@0LI z%`^QfOqj*!E$tpKYSNQ-y?LZp6PVd?J6A){OY=;SR&q_eY#eS2(X*c=s>be%hEv=X z>yd7DOI6}h+o=V5x(xbU4o)PCzn_)gN%;7>d3Hl^5T(ExpYU50th$eU7il!i$BpTA z={K3{estUWXP;Y3vWLs1qRCfST}`Uf$k+)2<TkRC4l16^5~6Xrvh&^_(7d?(iOgD> z-+8OgO1iJ2ZQ%VK_IN!c>U%>qQR~-vBJsQpH9eQo1hmf8tQ?`}A&5enKA&bBgxn;4 ztj$bd>V3<~S2!TMUBVK>%n%h#$740@B2Ai_<2~`ctOUhZ;~&;;E#Z@Z5+#cjqKWK2 z!R}=enmj*RGR}Z4byGdGy!_jWQYp%59(KTQ&JR2IA_JVd11np&CoD88s&s2uZ|{C+ z7Lv`h)XeZvXW*WEm2f)!wvjHyOhfb<6yE0XpAxG<C^eDn;YJF#XKnz!TNwXKO;KVk z+x9=o*Rwf>e@i}F3G$t2FA-^@MGSkP6}%aIt4&RY3F9c)JO0LWk%{>SD{S{uLI{n5 z!oSFr-@m7d-$AYQ8?8g^x!mXX<kM9z6vf@Dml`$og7*GO1r<YATXT(FqX=Ex{6AJz znH$tva2(XSx0T-qmn{7PV+)B^EZ$d6{>W-te#2ehTBgY_-iQ9HBrI}{H1NTgi@^<k zPKI3N`-QvUR(=^Rn)~lJ#KA9N$<~=egpCp(JfdJDH~dzCjZ|CfL%BrF?>Y(r2}(FN zOCI15V<lu^)wdU47%jb!hxJon5RPvpu8Vtl276Hv0C-sYj6SVnXU0JVtYyA>W`2Al zz<l_*&kC0eN1dAFi^di`<o;KdYiNMF)V}tR3D`6S+ldKZg0UwUOa3JyT4p5>Sq0A$ z+)ij{aGYki+vW~)$`x|QiRkfoF<sOx=aO)TQmsfcYVi^xZ@333cOJW;3%<4iI>q&p zU%p>wW$cOBzSxi_1W&v`CRm`<xwjWhpT-0(p@*-xX9QF9)EY1BT}(wMb-3jmZ;sg4 zjpy4pNqE#qE^j%xeVVR5zr9`-U#<S-8the36=Gd?QHeZ-zDqwkYV5DNxTI<_`)W*i zaH1^Sf^OYt^?-3Ecg6mv^Yrft4d?iGrusITpv#Q+MoiOzF;Oz#Ke{^OCt~4(A~v1g z1-`_|REw9!Nw&$G6p|Dj^k>M5lZpD_b@uyRLEnS?EBTqIs3`RQYbqV`QCxWQ%}#FQ z+i~vPC18QJhw`>vaH3_JQs{!5O&{>Cd<xVi-OnThK&S@vVOuFg#j4K8Q@`czOIFpm zw^W>|u*pm%ln9cW)S`V)?)dG#e?V-l&l#i@9oE@L?=ma7^L(YFD@}Ze39O9AGYL>3 zMk2FJ+)iGMYl%P9dz3i@EnFT$VAmurDV8sfO>!-B{VC(jrB%%3)!ST=-qVg8%i3<u zy|l=4D-D>fJ17(~>&$PeLg4n%`}N1;KVMG+_1-RB+7k}Ox6~Lm<iLasO(vO5c!H{F z#Ks@80_8&OxD2-={9;1QIO4?SSK{FCW)A}gv}aPd<Z+tTS|-wFSjfhWjU+u)!ocI+ zb1)i=P96W~k*ADqFO6OHVJ7n3qChi+)ab)YQh|2HDCuPR-A1jTjYrIg@AY=bEDvO^ z$@fzF3DOs&83NNA5E&J1>PxFAcs9hzack}|;@T?&%>U(Nh4M{xX|zpWdi^^sEL3gA z!RAdvhY#sKVmK4A0WZ6asSJVIA4g-rL<=_5Ml-zcyPzDe2d1X`F;Ra8Vc~>A%imfw zZt`9p;dU!aAd+`K11ILl+e0(d^*1`C^xPQ}?HAV0At6_tcD}2nH$qFW#kc&s#`6Y{ zhWvtsiz+yQHgum%wQ<#cJm2jqXs~lhaXX?j@fpLMe%#u2fQ|JC<t`)0J&D*B8k(mB zOuBH@r20;i)}rOGR1-!IDbkg<-hNx08g^kLlBBTbvf1C(<{}*28!o<4@BeQ7LDojG z<a7W>6SWj_(pH1x;pgF6kbw7EL8ARLL<*7z(V)nJ7JhnnQp~zh=o%=+_J;HeEr6(- z(3|_WSm+h`$#M+!N&7Q37tv3&6N-TrevWQ+PD=%6nux)X7YTG1i@iQ3cS=GG@%i%H zMZix}opqFnjtwzmxyksQ`hUe`>E?06MSK7%BuP92ZF!IvJvG6R=o<^CNUIXt%uwgb zv)f&#w|B=?U0sf6JK9%7nkC~at>fl(8+1YAqTVi#dDy<YI>`NQaItH7g`vq6Wl-;H z+yjI+^K$Hgjw|AivrAynVCdC-oy+67SnkH(UzaC6)xqXyL^i6_r_u2CJV`D?RYqQB zGF9DRHZvC$tQY8mp=?ZkoUAg;RePe##;~3MfL`IIhJNis4|%5tguE1h?H$IuNJWUn z{MU97-M~D+?hCt-|9(&RdM?0%67Z;sD^JhCQ9x~X+ThFD>t!KS52qs#_`3M=9YG&? zdV#nL9`dsn(`sMl&9|~FX;S7wB0!)=QmR`_vD)ruMY7&S;5*ElzZlz*iV>u8rcj0E zGtjp|ZP&iqZ~N9AJIbH$<pM1--rHoZw>QrnZl-uayK_CI{x0pwr?s-V2i6@suLinX zAjQ<VLh<M8R!4sf<H_6BaX%NrDj&2~|B8NJuOn`-B;9e@?>k$%qMa;U62}tx)%g5u zxy}vgc+tAtCOI~$+moje(#%{8t_TFBWTsMlOif^AYDj!N>7sK3NLchQPpKTlh>*rX z3%fr}GwIm3S<&p?sQH&!Tjy=UDiG-J#)4qcceBjL824t@2=(F$6^Y*V@4ZmrUSQ}D zNC~#+FEH&~(XTQky_~L?ivvmuSt{{&$%r|EPB^Vgxo?5)G1~0}cEo3d){IueQVO5N z)ioMx6Qd&fiQSh-$mW?5Dqn4Sdp#2=xR5qEQaxn_MA44jX#|%fejLoV9!YS_m%TWZ zRmylxqGZwI(?l5X{&otr^T-NG7Pn;dalNB&ac-XH0j<W&hBe9B{@~K;f4yOcYu7#_ zITqQ&3xTx6Cq?!aOWQwSYKa$(ML)+oucnOKZr27SdVGAB`yw8;)hFwX3LdtlYEY}s z%sRC`<rKP(1?z4k!AbNnn}W@xB2qRY6!{>6#BEryS8_`m;xb?v`J~L4h`5}XW&YQ5 z^J`>dkMF*jTk0y|<g4|G=4qpscuq4yCOnhgzdjihB7&QKL-D}B_ehA-m{i&RW<4m9 zz|xniq}}Rq^7W*3f79=c1f^EHlL$3qCl>Sk>l79le`wDpCix%nf|Qyq#v5wH{>fIW z3kl2oTapnWq0kvkBcdyRE;x_rrWS_w0m_|CsE3vYIl!&b_9viAWK!V^?_nSBKw`6w zdyIEw*?zoFikJe$^*WU`C04QzHIjGLM%LS@!hv~wNPJK3u{wpUX)Ru={%7;t)bfli z=?M5L<~(Svt$%7?{!1}#;#^P*Da^$#tV6P88oe0WZ7-0qpMuSm&|z}#QFo!+epWtN zIEC-c%|+GElQ%NT8;9|vT%f98Nlu^htf+wJc&O$16C%ESF6ZHRA2w!9DHa6|yWe2F zURFzpZ&C?=GZ>@rs%VdU{|vmal{3hDPb8FSYat+mkXZ@$XRv-QL7Hg!OGSm3neCdC zPJaESV4o46w@^e&o=ICoi_%&ufdwvR-cl@x))#-@x1xMr&fg(<v$?V5!$FQnMD3B0 zv2OP)P33X=wq-DenN{Lc-xdjpWo#O^p@CEOg<nGxP>469(J3rE62rvgvs`qlp)SL? zmpaVNMYFUO7gUo#+=!H8<9@k17=?M^KM5Mz;FhvcW`PA0llbh_%W98@fh=Dn=goEL z-UW0dcXlQ0{|Ffq=Ip7#ijD0&yy{ks4`sYPPMX3?uRDFecksluN(bz9*25r`K{`Ag zh{;d^*%J|gp+Zum0CoqNMq%NR0*V<pSYTeDu~AW&_~RJoP?2g2g5xwc_QyiUU+igU zlq~TJOm;?7m3^^M#^d7&>5S=PeurhFiy93CYa_fk+2cdQ!7p*7@{$((0_j6!V_5MR z>5q9f-jM&Hukk#KWyiIN8^T8Za-8_#2mc(Stbj7XQ5N`#bp>k-|Lh}N%7t^8TR@yR zXRP2l<Q?(Gam_scvXJkrN8yXY9@EQt?5AFZx)mGEkhU_oe+YzA3)@5YCDX(+SDx># z1cl~S>&`qa4c<nkbXbpDD4jhnp3Uv%-M2BIDP?Yf`Le&M!?t8TjH_=mZtzq)z5R9f z*rbkj>nXbx(m26I#LL?)kj84i4{5wZ4(};(zkWVLnjjjUoPyVJPgpp%H)2xDh%+i= zJ_W~;LZO0Da7<e9U{ZWtA{CM`bu2Ur5sL!96fXP2K0lv=h&>m6Aqq~s9_#VZ>u`?$ zah>RYyy05BCIOhAp#kyC1;3r)jz#R@!=#+24gWMY(gDPub<)D))=XqVJkI`o0r^ip z<A^5{kK`w&K2Na{AM%v=h6d<=z&?)QYRir7u=KQ&X4ZlI2oMh#l24p7RuC@H;#$-j z<~ztgtV4vFyD(fIxNeLm^^Q2=XcrvAs^U1}8S7GrYo3f<z;8IO)-ks*knXXdx5q`e zWuo<DK3pT)TFf4NVuRiB;0oK+<87p+H9SXxm~82GK`pjeW2xEJZ7f^4wb?c|6l}c@ zRr=bBwrtC4yK~u-*4tcXTY9~W%1zebR!W_Ba!jJeALH>q_h%rNjU8^Zj3^{z7==b9 zqd+Jeo<!v-NN%fLf5Y|Rp(GkSlXMi$VBvY3DEQc$Jihet&=4tP!o&~$^GcDw{~<O? zmX}|CdDzEs3LaCOb3@qU4Dq6p#vYjK^5ZVVjlB542S1QkL{B4m6iw&Yn}<f}``P9( zb9#T^9QKjEeL=hq6V{XucgQG@PkriBAs&<`WyCu9%5Z=<#(3hFvLS7R#gezXVUbZb z<PYbOe*E%G3gr~?W{jZxi6__K=M!K4@|VLyX6)l8!6!fY$q+ZJMdB3dmH!cM(iY<F z!iWD@E-{UOzmdQ{epm+QdBk$8;DNI+j}hMJZno&Y)wXoiS}QlT+gHBzecR|lP;P0q z4Lx2DC$v~^wb3@LFWF7EKVqGJ{yi&u?AJ?{+Qvq=(&o&zx`XB!Z`j>lth25%_iEZb z>}Kor@OypO)a#Z{uOI6RuF3j+KX+|-APy-REh9chLd7A&S(14a63<fbo=+ag;&E~I zQDE<T-}^%EKttj-B0|9PA>aJwH|^YW&$U}`xivg8&(o~*THpA_H|$40`cZg<ocsG< z`qGy|*gPW7TndjW^TZ()gqQKs2&gFB4H?Udx;x@KTe%jubFaGkD!b$@mxNotQ>RP~ z78q&c30@v0=k60f2jIolKmF-XLxUn8zV)qdg$m5GB;+A^iQ5;1M&<FR5#q2UiSGp$ zTo7*Ivi*fGd?DmD$64}nAnrDO<ttwakBYzPO>eU0Pc64AzkOvmhcf;4x4#|INZByF z_}~XW7{a3Lcz-LxIaX=J0*FFE_)M~LbAbHjk$u*=rAr4#oWA?r?}qU^4+N6;STMu~ z@%i+pKOOeRa{buHJ{BHR;8_};u;w`7P!GvFe)2&XV^LDx?E9yG`ln#oQ5U&`McgP~ zAdYc;PpOtOYijg{-tXafV_v>`t@XR`%{=TNJN5a;TelmpcP%a14{yA~es%8(D|8%e z53Js5H{JJ$RU7Bn%Jp09u1A)6Lq6E<U%uI%*w|xFbv4*`Z~U$O<nD)UX{pgB9Wm3s ze#0Yn^`gag>ykCLs<**9>)P#yzx<6o@Wd)UcVpAsFenyXj4Iywc%DB~8yor@$%sON z5|iol3cxx~H1dcv8Owfd2~x2r%vZeP6(Q44JMFa4JH6ozZwLjCUqmN<T!{;_j-`SK zF+`%0zV@}R4ULUw83^-=E3ODn$zmN)XjE_>3>$BV1A-U@6hT|@)CxQ2oO8l9ap2{^ zRL)B;y);xRdP^)bCM`(^4U#8DN#hA896xxAn~Fz;+*d^L!kXeOVOS<KG#by<S6?00 zX_SaJf=|Q2+9bX_xJ5eN`HpvnbTLe$>}hm7(TXV1czB@e;)^d1jg)ette>f;-&3$I zuzV;FIvgwuu7gOEpVTutHaanWZB2T(jm<fvgEUZYsE3@(@4n~^SSJk9LLEeGu(bd2 zAOA6kBIoi>7Cy&8=SP_M#UJS-&sZma!#jB0Qi*kDZ)gawiu9qSuNNBXY{uLvwsPH8 zyZin}ZRt~;cF-X+?9nCbZT?|Lcn3Bkw3QQ1IK+Co%l5MK5B4@V(b`)l*vZGW+p2Z_ zAuijyI=%d+*^4eX(H?sIX`AI?EV^f@z3$@kY+H|yo!lD9cy`2fU~<PqJM55yt)sPQ zJWbMAPmVt`d-bC|8Uc>X!XX^=KolgVEWc%l-)-To;#5Wokj$iU#U3kM$oElTG$JY| zJs@F{`J6*R<8R}pjbR`DxW=T8NrO+ke*gR54`MdnaBbpEV_-d2M1EsKW&Y?#KN>0y z=^@SdBX39#@gzN@pS%MmYU!zBB^#?o_Dpb{7zgr=r#IjF*0<WV*IpZXRpLoUz^!=F zNLp!>ln;%C#uh~g0YXf$0uW8Yj&*`OU>|wJ{;^CSb%N^v@gvV)_qx~FHP>7d>RrrJ z>Kg0(x*9RzH$w;j)+F<Jq>*|=TIdY<fg)u@zEICdEBV21rD&|=8`qvVVPeQPEG;II z36stM;bMtDKKDu7Mnj(u6PfI+_qbR3tG4)|Cv5h#N%niMILjV;;2z^K6Fz7)p;)$q zrnJ}zhtIVMo*i}DH&~qyd)g}f)>hr_0~oUjzHII9w3&@no6%6QwtlmgzO6Q+(QIa0 zlWkpXw&saPZAx>U9XhMQjy-%H_lfMz+iwjMw)LKsC2xDAdv6(0NT?)Kj@SrT=Sfw1 zB6?yfBae$?D&P3a8|`zS`&{U$C~OLnOvV}^V)P7{&WI1z2xcf1js}YbLvMhI%+rXx zUf}hwf4zO?GoJ}V1k6o7DZu9(DD3fu3PR<@kp?Q+%U}L-`}oH{9)@tdlY@#yg?-O^ z-V++p8E2jmDidiXpXj|1M8Y6EDlAL#6t^#kc||_c2(Us}zVVH33}yI|m%JqW_>iF^ zjfsYdb%6!O5R$mFAIpV(SS<ABSe-Ob{9<7;<oN1WzZ$}40-AJ>6>)NtAJCD%{1^|h z#<Jk)S}X@d1dEmz6n*K7UkV~f8DL!zPu{8Gwpn;8nK>(l)0~f(VC~|ca(>NgUK2VC zo<^n|$sa_B^T<oC`}3dwJctOE8TEqmsl&7pmU~M}YqO`VXr*4a+?$Ga@QkVU+na8% zFMZ;RcK)d++WZc)6AznX_uu*p`_1*&*!;;&cK9?Gkg^YHetC->JfUFgAG^mMS@f_A zNWUH2npsQF2AfgeYt!l~b`aYx66Zhf80%j1q@8~Bd~0;Eaj&-Mrt56QV-MRICm+vm z0&VN&P1fXfv)_$^y=BBFTdDX|42&Hr6g?74M1^ByHknyV93yg!3c&LhJgJBOsM;)J zj|SX2<&kB!afA{5aII*yu%F|EJ)Xqt#`v+05MV`7nW%JBRF;SWc|zRS4&!9f<Lf+T z&64nlGv~97+ZUD<kcOD|#3Nc-IF6C8#0y9hBEd0)ljSEq@d>-^vdcm_vrRgPKb-|( zQ8wg3ZMm@=t1{x@M_!agxbZ1x@|f$zYm=8TPe~6;;)*{SdaSqjiFv^~>BfI78$^TQ z4xJrCHHNTUC#DT3f7S^f7t=}|iTSfvl)OFpIdx5~wza3%>RQ{w)2Q9tZSnr5$1M_` z`(*6nnraPRB^$kdHM&(%Dtp}gP|=4YJSSKtPQHg<4tsRMaH-@6$iqACe9-C}o9(Gp zPutPQ9BYTppJL&eHV=Sqt=_|&(Bx&;*OPxZt1zOC5jxSBR+b|Q37JHOlaaA80o$?Q z*iYe5Xi;1!DEt7K8w)%7rBbqtJu?*|R#eW5=TP|UuMLaqvK&tcKV}j|#jHPZAYD<^ zSjI*Z^MVRX1B>T!95{C{-SJK9d6LEzuFD@HP5ffH#QcoQxS#ySx|%h6R=CAYoUsU* zFX4RrkT%LOraM$3cWkqtAud+sSd|fB5>~7Wz&aup>rfOF{ML#~ET<Sp!og4U$1<j! z<KewBUE6HR<S9WgV!C1*z!8U7_JoIvafl+eH#8NzzE{fLc)jCw<tTey^Oj--55K}) zH1|W3=GJT-8zoPlOGL5Whk0~NUbbFA!*<EzTJSXWPzK%}c@sS)TwlkXwtm~RrPG>P z+HA_Sj_^`x!YjE*PxN6=|MnhhZg7EhDJqjzPy0yhm5@NpWLzu=_5o%mjcg?F%Q^V< zPzLty%+PDFjQcq^u1A0Sn%e8KjB$zEz;<ok40jGo(nmJzE-%KCcwMNCPc7`PjrUOE zIk8+k<%4mr4KrSAch^b6gJVt#h-(zB821=AT&$CW=^-k<8vW)k8s9bk5YrHsao=Ft zhxi{0>iOM^2N{GU{2JHA3n7VV@MA7@9$6QOJRu={SROI0Rra~nky{ePlRD-n=9?Bi zdKJ#*Ja122hh6T9h!AblEfRdt^^rroZ+aw#3dzVS;6%?uGZ>ypL?E6sQo|W~jYvE< zUbFVtzNGfLwQ(6Pu94x+VHwUFAuq;~-NmPtq46FH$6~ypHtxfvad+2A!h<H<7*_-V z;&!}dSogmem%zYk^y_Q+4kw-$iRaaxAHp2)H`M=F;QBGp$@+B=2EU%$Kj8r~tb=-f z7gP12n=g5fT7k#u{XBl5%iWiJiHHyyX=Lg7L%^ifmxP)BvX^k&GW9VHOP+e=7smN- zZ#XOWKN_A{34{>i#z6abhX~?WMO1Q!wcxf1zWjgw%!fZd>~UGCb>Xphci0p=JDT_o zf#84al5iFRf{1Y~jz#eaZtswg2(ceQ7{XA(8*eTdc~g%LF$nK;b?cuczmf44A6zax zJG=ah8X0k~K{j}LHP|@0&q0eNFmN`z<MF*jLL$WeB(&*)#v6uCxF{lSJ0KvwL_~t+ z;eHqb1s9}ehzrA`9gdJg7@Y4eS}B8;%Agy)h=7Ddi2X=xyty?1-Xwh^HuhXRa!Z6E z4SsS-3G(7+GCZkqyKHkyI2Vxtsma5R;x#B7L?CX*eS40CM2P(fpVG^C9DoK+<F0yp z=C*Cc+w*`h1aZi$KFpcW;5lc9%dLyt<swnzJj@_RE-Fz<uw?v14?lB111?;5hud4Y zx)5T&u|otPZ`j<v<=#xRINYWP4k5u;?K!y%0y5yD<&j$-`R(0&VwLa)M8w@re*@P= z#PZ{NM;?12gh)U_B7{grLL!7nMnWQlNJc_3#>7Xlaq;&c{5E9hW7lH*iNC{%Wg*57 z<?a|jMJ*5fIyU|y7V%)oFGJ%mMcKzP3XI(NIH>)h9r+($l_184;&}WJ>Hi{#0~MAf z@6DhB^K*CJ@e$vN!S`YKc{lsXce(L#lmo9BAfIEI@PaKdc974t6z0vFm+_8DF?wRA z#$K>?n-^WLS-U2@oQG{J6o@^i7<<TD-UP?n+pq!=6W$ZU`$ELnz+2`bq0UQ4(s6^D z{{m4+c<Bx=hvqHpym5<t@g+Nm3CG3wKpykT&(DAU^WhbY2n$2cDB>cWC?w=HXpUqI z;JqwVQr;^XGZxX{eWAP)6-$Jk5qQH^oKKM(9|wGfg7?x=9^|*Ik?}<q$runTFM<K_ zJ-2+#ju$2)DpY1Fb@UqrM~pq>Ept+Q*M=84dr??Vcm5H2F*XdfNF*fV44<!9zI^%M zJ4d6SNJz#HCRcgSEN_Qr(iLlvp(Jx9Vr-C*>|?M}xFt*_Mnu>Sf->-JVKKH~35KOt z@Y*4z#CvSf9LYWg(LhA{`uhf~k^C*_RCxW3{U1X|K754*f@Q)jck*8%GWOKwsVtIl zCQJbOAGd#*kVRNzW{)4y@`%<5`H!Gr6~;L%kq#C~6cUztAZ?tXBJ)9VCjSr*Dl-*Z zj1S~D0z$n;JaEeIv1h1mD2K-xDsh|}iKt?aFNjIBNTO9D#)m<xWd8j5A(v}2duYZF zR}lNNaQNK>!vmSB;y{3og<<dhx;;JIsATBA+U?=ihwU0i3M9h5==LT2ZiUH8iHJB* zpe|FVsoVRCk=pOjeS6Zz2ZiLBPG);|0mfq^xv>CCB;L*w;y{DCJr=)G9<Kcjb;B{- zv5~fG*LRw1eWpNweZ%d4CgOQ1PQOnP2RhX8;p+b0xV>d}=MCLgyS?*z!TvvB8CTao S>CycF0000<MNUMnLSTaTM%WDi literal 0 HcmV?d00001 From 35c503945a9ea2ad39017fb6034d9567248c37a8 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 16:55:59 +0100 Subject: [PATCH 0406/1184] Delete Wave_phone_connected.png --- roles/pbx/files/Wave_phone_connected.png | Bin 29085 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 roles/pbx/files/Wave_phone_connected.png diff --git a/roles/pbx/files/Wave_phone_connected.png b/roles/pbx/files/Wave_phone_connected.png deleted file mode 100644 index d9310b44a852130e3fc65c0de0a65c43cdd96e90..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29085 zcmd?Rc{H2v|Nj{Tu_i=qC4$ygwJR$2wXK$}wDzcKi`uGUi=EghEwxtF@@~~$TT^Q+ zrD$nU)K2VT7ZK+6{>+*Ao%w!e=A8NCH|Na!5l*hdojcck=enM+=kxJOwAl?KHfDZi z5D3I}#aRCq2t)%19z+NOFp~M9z83gJ<8{kO7gX9Oumn5-JLz240f8zKS&r=Kf#*!_ z#`nEIAnx<051K2t&XGVM4}~lGI(INOYhM}PS{r;m37Ygj&Ydyk$RX+L_)0M^>v4g> zx*YUe2Kp7|gu^@924*m>rLT{X?|=A<2ZL$B|K#cEGBYh{)YpHl-OcT9@Ua%_OiA*p zO0gnQ*lhb`s+{^)-|S{9d-eVO__X%#i>g0WPGdc?O)i5)raT5W1z;)ZtQEf73x7)P zSGg>FfAdZvhVET#Gzxx`YdH1pm-U8BH<LFC?P8`m(lPH;k@wj6D!*K`Zuqs(pSv+A zc$2F=<VXAahK5n@iw_>M@W^nT9@5(6>C>m<>i6-O3W=DR;6?N;b93SZQ>X}V1lYZ` zMhar+$B(K1eW0G0GxY1%95Ar;)T%MSS4%X-lep~=7GYD9Vcwma_R4gblX5{_EaqdI zXJDj5L1%uVT3XrTYtF5n`wzxSMjaA0N(u_vzrw+ecS}BfvbI<6m*{K9zCY{oK1*%e z!B=Cezr{+(gCrlPy0?wJd$o@~O~!J0xKw&=ImtP{zawz?T+`J>^uW;20&otMQl2`2 zfq^Gj7o$AjB%)KJD?71wa%KzW=P|C<t|uOo8y_<zO4+||{A#Kc?7+8@N1iRNh1u`; zPFmjPe$~G`P^2a(D7c=Dl=z5taLBhMh*Lg&`b5=D%}u24ep^_0BrCN0&dT?XeO6+i z@#w%|Gs^a+mEa|%Mzpxx>c?uW2;s=TT=rT!(|vt?SoGx1uIH23hrez7*Bt-;{W~-< zv94luW;Ud{dXImRMHX+DsIixRL27tE*EILSm*d|Fo5(FHa!JIsQIJwF79hf#D!%8C zxuv;3?zJ~?O?Eeykw~V57UlSLzrJX>u%wz}E9BdWbz!uXR43X<GR}>6FN-xEkBpD2 zzx}yT5@nKo`M1_Kw#|1H=ip+RrTSB*evWe^s9wWRC}wS7R*fV7$zb6hJ*b9@LubP0 zprcu#OZKf`StC<Z)1U^=;j{(Ibxm@`2zx`iJDe+yxrF^nf4`H@UvKj<_cpe_Af0iT zhsgDSNRGUuV1JrEBb|nZ29#?sMM<Uhz{9u^MKT-fk_}H%LJsuX%1tJyAFF;LFJw|x zpVUR}NVg((=EGdlOxMvz*KdvQ&!w2we5#!oJ-HYCd=Bnym+7ZZoy7zzc$Dm8e6Eg- z-LDg03cdMai^I0*eSBLm$4fnSH3Fkeg24&n&a1^vpUJ@5Kyr`mo^1+4S8QXycwl+e z$}8u#S;$Kj+n>i%j9TT{FGjzyYaZB*1)Wgi3*u}~4u>@{FQL?z&flPB9p!%)XHyxI zBJpZzlToGv^CgGBiZthWJUn=pyNziMz~)vS5o~-4gqjgF3x&E7)TGOANbQmN^8N0M z@j4I9hTC=v?x^yc`G$W!58JGS>e~wk2|fSoJxs3unQuhVTUuPKcFGMLLSUw7a=l(A zGzm9sG*SZcVw_c@qV%!m*50rDdB!(@YyA28r9Xs5QiN>X<!#XHw7l%!lWmIS-Mg;@ zu?N$~cFjMHgk0T%C}Usc|LMt3)LfnqNknbowDh-pNiB?&yIOsl`PrGz8ozB^qpFV% zR$XOldiag=%lvCgmyvS&7nHSHN-_MMNFz4d!=42suX7IJx0r`*E3i#$bg0(I05ixk z{3vVO`&{-X#Z+^Nx)S06J@7kMbEWBxyhCJfhDOhN!-`Dp$8x51x+|TsH=D@4ZleY~ z)^k*Tb-$Tt@zo2q<QSnMx0D1gQ!Q%sUteN2wh1QPeM74V>Jar_*p25+f=zPV^MaC5 z|BbI-MS?R+Vyu!n%vFkkyYN?n`nsz627cS6*4n4)N{YBI;!dh}dhW>)@x^LIXM--g zkmh)q#`bqb>+>f&MOuGq8+R{KzB_5omI`XkcP=&^@0N{87G<Gxk9UgJit`h;n3MLJ z>7YANw1x@%Pi!xfuB~fKdAodBtJ%vJqIM0g)y*d4FitS+kGfR#;-yt4F!^b3BEd?u z@ioBJ8ST{ElP_aLLQC^>9tTtR#`>}QUnYI;Yi=bcVl-2iVr`G!xqkkA@5Rw(=a>$o z;KPl;4ga-Ht>X&nyljw1$b3#Jv}IP!y=?G?dT--qyjz`}@Q2ibaYb%hq4!OlQ|;BW zA8n~0_9YXtv4=|&rin*u$<G*_vOFT8!MwZTnww0N-(^_GP64kt+pyZWP0s{p>_MB* zC~);Hc^D5b-rlPd3XEx4p-i4MLidn|s4zKdwq_hM3o{d)qZOFBqZh^Q{ZspnOx+Z% zR+P$i_C`SG@!@dO-l*xJ5xIh9-TVO&+YcthlfT!_D%N-mYm!2sb$$vWZjIyx8&I(J zYSo5jY4Nx_0mt!zJfB8UHW8NKCEK|G>(7V8<@fg8;ScEW8Bi=KtT8bpXx%H<%aI|D zwA!DoK3v*#>}TrJDd>Z7gnim?I-yQH&YHwh)~I<j>sR=jnGaiRHAdL7{F`P4H_GK5 zIu4G%Ozg^JDmo>kowW0aH{djm4`%mlPj+pO-F-(=&-|RCQ52f@v%0p`1YC&KHlgEk zt;}RmqfyI=E$%N1qs{@N?O!#IHxntvoL#xj0ij10OJvW^<_~>o>I_n9LS2b>{Tj#R z%Rg+-CxqP1mi1vRSq`Xoc>8jjCQfFLZ=Bc6CScQG|ND{_=JQCWVn1rOwHaxmHTLYw z8j6j0fSL-X8yB^gv`@2su}PEag^_0sA31|-ydGpAkbWjuH31Z`;Xmn>7~!A7Q)6TU z)jBGN#;ke?b?XTgu)l8?o)W<MCA%#tTIiVEV|@66z+p7fL>+7TV~X8^Q?_$YR&Udx z&Tyxb*v<NHP0hHKw=f*Tu7)^;?1#|MA>^2Ql_eCRN(6AbBLdf=__>9}P6o2xbb@tb z<&TK!zLc+xluC4Jrqlb5NtZymWwnX6_DntCKTdZzPQrh57|$GeoF8vxLV8Ln)jT2h z``f&4SHHaUJ|*DfjZ;odw$H>L;B8*oubenqP#Lq25_%+lG!M>YKi*1fdR_rP_6|;$ zYqz_6BiF9F-(xP>XcXA;R~RU3Zb4&=kDF5k$EF%KXFJDEsFNpT+kHAzQa^UDib{7I z$8hO@x)C^8G<JG#B5hy@NZ78>F^N%&ofN>!DmgZJa_p0PKFh05?ZtEi&nTIg>y~>o zC%zVW_8F;qgoWRX{Y)&=83Np%xtX8dhH<79*K@=iA!^FX?T%>E-6WZ`hS|T@Tq&sv zcv$oU*U196A$gT#CvoSiQ&y|2-<mlE$JSETzfknp<n7n!$2At7jXlbAwff{c;-Yw+ zi9qK>FDS1z9S#o=+Gm%4$VT4}_LxD5bO^w`C!P;pw>GKco^EjjE1`0XmDuAO+t}4d zH1@}5<0I3pyn2-zyAz5cv~Sf|{f-#sNjEId8UFp(`8mElNmAyvAKv!x9(y6bG|vw= zjtqJh?gNi4yJmKIa=R?{ryHX*Tlu=tB=~3Tn+Kw-JM{u1d|~IE&+YU8uTatijU3kf zV<E2dW3gy|!oMs<`Rb}Bo<nmMt0u(_Cj{@(a*Na5Nm^oCj_C=PGefcpnX~HXP~~h2 z5h#>CqmJ(9`}xgd!6kZfTUBx~$@zE_>-5nn9rpxp1VR-WN4=8bH|$(|V5D_;(;S0< z-A?vtqWpca+0H}BQbK^XO%}p2@VrVTfpu}+Z(K_%P2_l%a}zAOn>Dpxdn1_Sr{6?4 zg~}ntFap8sA(qDZ)7Rzsk*JdC@`f8l??fSGwo{)Jrl#npzA1byX!@~^>7TAgAMD)c zc2c|1<an8DazU<m^P(B<n`zMD?OGn~6DKuc!nyDe)RGtLuW_jGECRT4iKamZ-!#K^ z(i(TpYb9J92d;&T(rhm8hI8(S%%IHSWjf?Fxb!uGMtP6t#Fch*sD*nzN>PDmPvDAt zWfvDke<eZq9IrxzLtxk}MwHh*_zBC3FpepQ2})ls)1q>z&JLq{C*5CuKoni#JvExF zHNm|7-JL!+=-Ah`)-ESH9fW|$2+hx+o>}5pMLPjivMkDyJ+=I?Y_DA&aoM|LTlc-$ zQ~d<IagQ2*W*~o(LOUe%t(<axUmT<&1HmSWKh~xw1S@zub@vnRn%n;N89Ex%K(TWZ z@7EE}>bQV^9?S}zjA-??h>^HS%wnc*Rxh0i%*3|u;Lg*)0_*;%|3=|Qu!mi$V$cr{ zQDl%mMA6C5ghz2YOWL#GdVo)tV$<s<+}GG3=ZNM0s~YQR`6BX?${>Y>k!9YF?tv-h z*B5v#{&+OEC8Dl$hLx{!7j*OadR)(uUAjsPDHvXm_<E_#T*k!Ckz67bH2pbo5zhJ= z!yce)HEIrHE<DDt{}kd?<%s4b^VRW6@RcL!Tv)&FDC5x#9gBkjXj3b_#(-F`UKWU~ zKU%-NaM+wU%z-<OCAQhcigR@yoIAlI)TB7!{nB?8r24Vr5=M7qYUpwriLZ8&ZG)=| zmb~UVGGebZJdIe<ZtVA#)8?xa(|)iuub4iZyjJIyD!ezV*d$Y<vl@25WpjeVa^N&u zHa)3GE$%0D^IOd2z2wC*a{aB;!i)68s~dNjq;eJ@p~%!Qf<7!<7b(vH&Vw17fORCm z7jR50N~a}J9zmb0UAOp20umC@Y@0xU-alxG1Bx5%C3Gva8ODXZE`D0vJk1b==n5yL zLqg3U=fpyhT(r^Az<+3?MgF_tw`TIw`((P7?$VWS6OjxI87Cj}lqNrW3+YHOzuNox z`+AdDU=v#Yo9#+Rk89f9{f;V{&Cyy+uQ2^=in-ux|GNTcj$tt7wuWpO+uR0jw>q%Q zYEDs?X=hTF>X2!=ZhdHH44=oX;axo9n~0TPeAL%3LU!mU`X7vz(f+iZK{ZJe14}{{ zi+nQ#3Obp1+GMYJ5j3Vg(x|_~2V-p>GzyH|wo#eT>d9Q8v*LMCsc`3<*e2pGx)s(K zV!j7QgsR*(DuL2o=P*dj+|CHlRfkFA%&FVo>LE2}UeV#n+2*T8IRtKD1p6!L{i))S zk9QM}W~b-I)MkXkj!>bx$2XmH-U<x}+3j38gxq9Y{6Z*<*3|EU>(;_vN7OcLqn)(< zO5>m7eREWP!*`hJ7)BV~UW*@rg&*Qxg6d>=hvAMPKe)rGaSHa=!YfC-$}}|g;5tj% zsT$qd;f%E3H@Oe#S$KB#y=QJ3{E7Yz&r_)rE4>&MLkMRkU0Q(#F6trZB4IH6K<?Yy z;l&`1;mGRnVq}1L*_?Q)c-fx#F{{0ds!&8sof?EaPYxp|G`8-55J9H$y&_(m)E^aP zrGLAH?>$Rz(EfyX&v)C$s#AmXwslNcF#bk~;IS&x+b(=dW^K@I?o#Nh1Vi}o=j46* zL$0wM_@M>^C1)SssaFna&4FQ49>3(hBz(ScZ?|ms>-k0%XxvMfM0hK%?%IwMID!Nx zyb}4LHf>!l*=iar(YBQ_k6=$*^e424Jvu|gk;7eI3b{3jFTm-P+`5S<$0!IZ2dxM5 z4-lGz4!vyW6P_*1HZQv8F~U4AmMdYD5L2WEP7@K3*nCKfm&y&L3w6AyqirU<Ma%=^ z+H^oA5(3TTPgsAcYLD}k&O%|)`yriSX?m<Mk=Mdf!N!kmkGs>>l7tX5%-6_WTA^@x zk+(-mO7W(1n&?+aj4gQ_u<lS@I4C+2c>|KK_ncn`qBjQ*qs7qgoB@Yv@@!(5G&`I5 z-X{L6h2ZJC!ZeK*uOCWAUQ4&$3OsyM^f#U3Jt$;qF^z-5^gUgztsNJ<K=>AI{07&z zA4Ce=zYN+J2AL!NaAt}K(xIvtX#)+A>S%ul=jrpp3K-)8VOJIoxFI&qud4UbcClme zW0ZdIK;UMq?G9rYFUkBHuj(0X5Y95j!^mEe%LY8rBbMnh6LaI3fGXGowM5~58DUKV zF{*QV_su4PPWFTLZw51R+T1{)P~sxn!ct(dR*JA7G)gXC>D&bKZMoKHPHqn2*n@MN zT*5GFa3h<825lLSDXpo%M(FX`+bJN17!3HG8x4x}-CfU%RA?D3O$<dIhBg96(+NN+ zEv2Lc5jQ-R_Sw%Mx-7j_ylhdBV74HYSP`)S6bjTqIR<|h5$!h?p1jJQsT;T55?<-G z4`zX0bp-0E0%c_Ev3m~hg=e--=0#Dk^BC0+F&0y$9GBs;k-9hQ@pcj#BJRyR&~j+N z6rGJco)ga$9xIn?ZsSqV&&b4`uo9V`<W|xKTF5;uWT_8Y17-?^6;3EkCo4JdY5s4q z0Tyj}(-Ml?dO8+@b2ZHwv@e?9b~hUbi7Pw|#wN7DRn&Rjk91%-;H+7anl{%>=4n=B zN1k9#WS9eoFDYHZa5Xnk*W4OSC&iT{$cz?)IwmtYRzk#Rk&z2xvSj%}WekdD!0V#0 zu1<-42i5D2v{;=1Ic$cP=4-UpcM<8^0=PqttEpsu83AYE@b!luI9^3F%lGHg)+67R z5_lJML>Q#IIU`fbvjFR17r!atF1Z=`TE>6=?AxMTY<GJIih~~|%Fib+TzX+zBMid1 z-~Rc#wT_O3wVau-7zVcEin2q63z(eWa<Cr>4vE)EZaK*D-`H$X)b*vs3!qXUYCYcL zjN$2We;F}qCV%+8(~XFSIlui_)e{jL0E2hOcJ^!Pc9<ZwjVGy^Uu;jfT<;cRGTKzs zFd`-Da<+Qs(lg8~tYiz3;B!TGb%7WzjDQ-+5W~Bv?fy9(Z6=B5TS&&Jf)Pe}z9S|7 zkj$9O4>Bi@J1+E!aOqYNbNmle8QpCcVguUr)!uAO`-1RXdmIvlY8Xw_IsNE=IMy9g zufXo{NRvdxe)ivw6~zPvv|Y*V5VQF4@PV!$LoKO$Q!1U|=e`AtJu;5o+=bbVri_n9 zw{Efjr|EsTj!CPR_K)<}CYclJuG80;7@p(d>z#HJW|Kd(lHjzdZecKZFt0}wMDnuV z&STqKIOQ{iSL)N}i;YdXK)Z7vMY&U9?1gL+wj~U+k18rn9wby~w_C|FH}BpFk7*g{ zSb2L3!^e9G-Q3DO6+(4goD7gT%ytXv9JX>N*CqUZHgs*v4Fj5Bu^qPd{C2((nm#tO z8L*u>`FuDb;v#<(L;m+P8^0$fdfef^>1VVj<7N4AG;unWIXIP8P^1q#sgHxZ@l3lI zD5R$XeyCQr{NX~NdxxGKh#+>rz&Vy@n(N-ml*5j^YISYOLmMI8^^!d~#?$?x^Xq`$ zCVaFb5<O>9#P(z8Z41qK2rO<<0TQ+&XB;~W->m||BW3)Dgpx`JFCC6vh3)qYTyMVN zc+&OU{)Jz?`?n7zc%hM!&=|yiH%oj^gbF7zXrNtVtJ<ZL4n$TfRG$6>Dvhs%=oY-4 zoGBn`)y#E14X|vT5zkkD0=g6?Pt<xO+NGMKBONnfem{us^7CS7q)9ssaTA4J0|Qz= z{9u{KPF&g`3(%4;+SpWfpw+nXba@A>Bhb=j_x*+`;u#MOXKiT?EB6+1BUiJ=J;pPp zUSJ(qx6XgBGXAUh;DKXH0M(*@lZ){x)T+<am7Ga~{VjDWU`pkBTl6>p6BqLN(SNI1 z{>#xqX`-1XCCeaKoiWOC+tIjI(TWE56Pl*1*cB0tT)eJ4nu$pCba&0_d6O2lW=!;m zA+L@xQgfGbk@z8<pvWD{IJ-7hrpAj<p^B*ClhCk@0XFFG_G<2^345k{ui4GgyFMxj z5{tEuHSZ0$$Mp|5&+@jmU0S+2_>#wQ7K058p8ZHydM3OjZgFzw3HFZ-yQW#$`~K~O z1>Wag<^4^!#=hN5PA9NoJY>rHh`UF4$;|Y&BZ1s)m+b*d=4-1^n?G8fbH-5fmTONn zG>r~<Y#5PB^lmA{wLczE=A-Y5{g{VZHc2b5B=chRd~E3l=|HIBfv7W-_p_IqFUc;< zw|~td{yxTsr<qfs)G@O}aM!g^FZZ%K8yJJ=V(yOXq57QTAl^F1m{nymV4GRkkmIcG zSJFbj0O8tD+iT-kDu-nhN@v7OP5pHB$efK1HzH`*<e84(_8a%V%5VqsUc%qVje*HI z_gt*q0X+zRjck}4vUFQR)9IQm^u1XrJL#Y0xot5M0;>|8C}e|OoG=tZj+oz(#wTi{ zxL_jiCx674g@x7YA}ut+#s5AbX0J|_AzZ*=69L=38l0B+zv}&_rzbmUPhyP>j~CWd zsR)2v*9+>1gmH?navFwdzW^7BCaJlVGqP5Lw?{Fv@oUwCH?|#u1HuZ5ElkW5p2-DZ z$}k|V#AE?8Ojj?ip;L%+%P+9`0+oZG784;(_gdO!rs9EUl3DP95J8{?-a57EjuQ>V z#Wy@mRlcO`*P!M_#56mGKHmHxB6guA5jPuFt5YsR%T5o2Be-e4(>MkK&Y7#vgm=+r zpK6Mp#>)39m%-~Q-g(mdB(QzC@J3PXxMytVU|ty=?IMRyW>+wVs!9)jPY13L<rJs+ z!4#x}7i@ivb|&;Q^@H6LJ@?Ei(qXKRSD??<CKzZU<#dnHa>0kfV!;rnxx|}{ayIxk zI8oYkG%VM9F+z`$utRI0Zz8t}vAH1tE3}wvqieY>vZ%Ug_U2YzDMpPTE?hhWxDJcU zu_J(I{`o|h<PQ1Pr8mpFi=;(*=z6XKMj--++j{xz?z0?ZiJSh(T#9BaW2*v9g?sw4 zT(Af?YZ7?0dst1)^sRcIk&<r0y!=b^-}{W!kGAIErha!cbp75v$D9QV&<cyaH_(4E zV$Z0)T%5n!eW7fp%RcTHr(=U8geOH7quC2J=AzQ&${d~={P6h2Wk023jcuR5clYjm ztKNY@pQ1sFrS5&LgBEBh@=;#-$vLsaotP__o5}3LXes?L5bE5({^M>@)>~82gy%x` z$Oq@cWM6!Hj`*>^Ip;MMV%GznV=fnq@ex{FqtHh)sl*rv6bglt2-c&3I~SPC+d{Zn zpunrr`KBt{vs==J1{F(sXk{>{#r^af9sPG5KU4}1+d(T6+c?)>jZ+hzU_`g#6PH+p zIif>5TH%9Yh4%*wcRQ@-vBI1vk|+A5zgTLD9Wh*r&0HR_(2XbtCXW!zV>fmF>E!2O z>y>w*u1JCK-QGcA{t>qkm73ODbZD-nd%yQD<Sf9JlO%6|?{!S!MsK)3<d%xo5D4jc zvj8~32x@*HyVNR6;a}^aksphO*OR=Yx@j-yhKsj)thcCK9Jcn!o(yvfwAgVB3}5<o zss+dHJ7v$4Ioi(fBp6s~G9d+>B_N?J7E)(zdI7bj&U1M$8h%X^C%D}Scv+O^fFFEm z`*IitCu|%lH=-?65H!%lq}Qz?PqP|!o@VIQI)3{GrO&5vP%C@7;nbjR6yvj4LAR!Y zH|_kw+~wH*1n&R+>kN`ERmh%>G(~NO1K#lDitQW?mmDj<4pZB?i^+2wLWSHAZiF#} zhUE&5jht6nQh@|Pz=LnT?oW(GMBRNdAZLVM$Z$r1o)ez-{?%HK<(yq|XPxh8Z=20y zmo}6)aJb6t2>$4o9$MbW@xs8?DLYvi)~GZ+#y6yOQ1gl=^NBjz6EGVOMn&b5)p$JO z@)N6uaM=WvGW##{a&ML4C`NE7y+z#Ge46bZvwKd2X_qEVtJ?4nv!(&sxd?~LUZ;7% z4%jVn#f#)>RxEWpALL8A&NeJ^wW97C|GiT30%Xq7?(9ZH<<^vMok<iX{a1X%BNUeo z=3)poUPBwJ(pp<0O*7SAwa)7-7OaUqwejD|%}4Wref2d*__gLAJ8w|c7&_6~G6wBv z+MbZiIpV>2>&B)^T6a|VV@HWz_3{tSQZ(ceY1ss?AmF&jL(iT2HGC#y`^QI`7kI#h zdeVY~U>1?Y^6LZoe$Bh{E@*8u?RM_?OONsK{@pb?&9H*5L?aqe==g{6&oQ%VY6<2v ze;7Rk2;>o2`X{23+Bq-o4l}pf(Fa~Ko=iCI)ud`1dOw+T(rV(KBbwI;0-C9g=FME( z>`m>2%{OPY#>%;pFF9RqXvMyd#&3BQyz1{ydzL1ml}k)1idUL1<q2=W;rlzBb~aQa zi&~u27KZ8TbNU4eC~wj7Oo`_dF6_TiOn3!{H`n7i8~;-K>3frj*<sEX4C(_s_3OdY zpM%TKCyiZkA+}CEArJe=G;tHKYVwjm<*N?^+dKXjf5MJlK01OI2y?G4h4lQfYkyr9 zcPb8adEkH<V&HKd@I54ABFxYtF=*jmwQB#ZuK}p0qcY|{3o8#Hs)(S7E+?$?K*idV zLv9z5vSa6}K$|D!mvPS8*uVgWVX!YEU}3k1uk(Tq3f`<3gV#RqYdCr|I+EZ|s2FgS zz-z+RnBQ6F$J>wGeLt;uXbm_wFM6D^SYE#qk<UZQHR;%xy;~t)iy!c?c#uBQpSVeV zKKCZq=k?rO=7eNZ<d%uwLM~#hY{Rr<7;I&#_Du_N@P5@}^6I+Y1K!<O)C?cvjLpX| zl#pgVD&VEKch}%t$@|sTDf%^I3PXO-!r11OQIy8mPa)%!eLl$6%GH|{PL-7j!@qaC zdoo(O2WXhP)NIze&Q?h(QRalE{Q8oI*y>HPGB6ODEu<^5JE@2d($&^8HVi4)pVRzn zeF0%Bn54PYR~GM|im*L%*prrX+e)Zwtboho<Zc0njpf^m`DL%2%@bOFZ3P<H=$zCy zHm2DM1)i_D21pmXVqVoL#~wW9O>F~wQM{RQPMBU;L-zB0{9Y1|;q5D3^(53*pUL+G zV;)0}Cs#R$UP*hUU)C#=^9}v#>tuM+mFdYXXWj5W!+1HQf~f<ZC6{h}u4^o;>6irf zSsqZ`Cj;;CypMP4QJf0Q#qTTbG4Zr+Bj575trM-@4)`;L@l=bh2~v{-N3(c7cCw6C zd{IsObR$FQpIV{)=xfhp@sG0`IRnofUI|z@Ee?Wt`nUElx;J5AVL!O=BDv-8Da*;j zdqH*=CU*MN24L4+P7{z30mVmsr0SchQXS&i*>c>39$^_N3qjGqsSw814<AdH#}pHz z^hV;W=I+t2Q=cL=p>8upd7%CL5?{03Tlfc!1lpL#VPKV6wrRo%pTvxBs}aJN5Xs6n zb942N7IkMZ-Z<)r3|<38M=SWOj~^3d@q0R!x(pnnuW4f3WeLF|tltHF#(z!@&343Z zmp2G#k(%i=-U{lr`Z9RGdp=-_4)#|D{I1~U2bM045!B7Zpq*AuuQ0Q`=l8Uo&c9}- zZ|#a+G_r>ngvd9ZP&f9OBmEd!Mk@CIL}~5_i~k&Lb7x9xaX!!!kVD1!Pq#)KH(<fB zj{^wbriBH3#yt?~QNZc5%;wEk#7Cdit-Hl~@mEIjSySh}EHy+|>~_D#Nmj1tB2OzB z(187P{x{uP(Q#jWT!Kc-TA#w2S3X=Q+d864jiL;ijmu8ZVrSV@4y*EnInc|7Qx)G* z#3{bZ3Bys3Ia)<^FDbk<^XXQ5v1;+<aQUMK7-Fn2lWX@~!@(ux`lU^|e}df^z*qI& zKhYZvr-<S(p`0nhjE_4X_c)iW#ZN^E{^&Rj0WIxcYvXv(`W&)Rf9R;_M2&q?qoL6G z_Z!nj0?#O`UlKbfzg1K=-l|Bq`*repGw9EBl+gOLHjNbTGew$e5_6rfp{~31yIFeP zz~~Ecn{(^DzOZo?`gZMNr85lSN8^AJ{o6%jXjmVe*S2`$`)s_*#K^Xx0L0*`Uubw9 ze#3A0%aIOkcjA=bR-4}Hmq|(~<F+mYxwL<kjHRBPG={z~<<XppgYm_`br=tW1mjo` zgd6H>b2&`YJl|6MgpPiP{Wa#e#2uWdw#Q4E6W3az`OS3CFt`lRog)=NsG(zG&@qtK zRwVi+i4vkY!YjjoB;NNJd|g~$sz1zM_zvneo*kUB^2hLwj*^o74V6i>*M>mwh~zJ2 z=#yrzLe_$o(THK0$3d&iXf59WNjzt3kV0?!i}dqz6O@e;l0Woq6q`IrUPB~OB~PDj z&K8$$cMu1t=@$PHzm-oK#VXTu4$mKgi<;j%g3mJx$p_1;ju$3kck&T1iJ4`<g>Y+= zlM@MNx+!u?2ze5JX|&kZM9d`1?#pUJtdW#nc=|p0<&LoYfHBwF?D!xw{-aEC5A2Kx zWt04O13TQK=PnEmE5?@41S;^&7eQ5<xzD>fJXJVIboug$nkPFW)Pa+j;xKzw2m$i7 zC~Gi`i8a@-^|lTSR#wpSx&dZif)eWfyi}OkFg^Rkj2nd-QURR)P;ktn<8H6kur>#D zLl;*BF)|&QqhBr#-NLq=oha803-d&`8gn7or+gI(^zVcZGnN+xBt43Ue^K8gzysxU z%s|u<C3iI&=Dp0aqU2|v!Wj#aLST%ku~QQ`=E!gz*n^bn5=NIy)|Y{o6`vGqLriU! zfYA2v4!x+bDVj-f^tL-|ifXfbpxt3h2HVdL5OWXK+PbWpvmowsX8LGWz}C0*O}Vvq zC=AG?NA*VY^MU?ry3c<&X*vvx%P(o}-f_M*m>>4C$V1<D^=@d^EDfQ0@qNk-Pq&Dr zv+qI~Z!)j<>t5Wn^f<!-C9nXjL*2r!+c$Qr<7iRh-TFDWU2C7+p+u)(p32|%EbGh7 z7z^)A6{Oiz)_z@cJ*ghLb;Bh6*1TYZ_Zbwt8`##G@2J#XIOKZ~<J12@gpU6<f<e#a zA|oBAu%|<_4i1*`dFBmh;e;2BxD5YI0f>{u92y&@L3*jS@hp0Q8JOZbFN7(r8B(fO zT<|DKkA3qqH@DCIG&}xwiN3Brzcyf<9XkFI8TX#|Jh2(LbwqO?5cE_J7xM$9+7D@) zN%C{zxd8(jh@m^^iLOPI!-7fXC5OnrnT1f6iK9oBI~^(y+Fo0Znoe%AtBYv_1g9f2 zN(MoA20SB}y)3-0>!!*=afP9N{Xb9}AkRD1uKmi&D)k;hLF1cPw*JVQA(fSeglz$N zba-z5=97mgsnYfpG(Ua1Cm>daZeQ{zK3e}uQy45=8DZH|)#8wUqvD1ru-Vsqez?TR zlLDgSrb0HrXLU_x#_nt9cCgoT+qI4CJz%lw>oRs)xcrQu%eH=!Y=l^fc-uB}11NDO ziC%Y+rmPA=!W<V0HKYY94O@NV*n}NYAH|$O>uNtj@%3$zEbs=XR(CUd0)3c4o}@ZU z5<t<^tkq6pUwpf3{wI{jrhMrio1RM(Bit^H^}k&!qqA#U7+yT$1U08R0|v}<Z>OuR z8XR)^FFk{1;JKtq&w!$AA5UTXiEmwrPOXc<yi*>qH#rPCa=@}~WP7f|QqM}_LVp7O zF{Zl<^?FG}H`J)h%RYoxPUB&ovSH%m$9Org3JP9$J2mZ+1Ha+d$)?|wwU^gqHYuM< z!XRZAe<ZLzt(K%4ylEu37A983AVBk)&H_925$*EIf`IuEKyGfZV!cHJj@0C(I^3nc zpHYSfdpIbWoR@QH^ssx+Sd3`eo+|uKy}uak9eK+=4(0LtA8<!bQT|rGQQ{tBh<T{H zJp{#?P{j}$JbiJBYK8e3A%nyqA#Bj-Bc?|;>S6r2&6hlp2KT=VXgCiTYbg4vvZ#!9 zai5d97P>WMAN42yTMy_LJ#=Y&yKmQ<6U7e><v<K?9aA>8mE$Lm_Ec<~@E4auZ_YkI zS7TVL+N$1JVU#gwl-6>>0l~ceS9IhtK&8yHb=N)uB|F|}5sePqO4vQOHQ$KQox4^v zZ2``3O0{oEdvbp8VjokPkR5dT{*T5e!54M1hl;)PnSzC56_CVU`L3BfxdSxRBLUm8 zag#S-Tlw?d-L#ltldbO~&|$<Jaq&mJTq+%L+j)e20Y~-hyp}k>KWDYN{U+^mwaeT< z#&~nXc7N^Y<k4tG*_XbC!LajZcE1m%t*0%}tJYM`raCw}+N+nD=Rk+UE%`gQ4~b7^ z;d5gJZ)N7b6_G|6U9W3J3+2e~cETTNXTK@j#u-dBk#OXp-S#W8d;2t7cA2OH+Ax|6 z1KahL$9F2yQ&%vnUUbiLCY27JW~=p8UH8*;IQyDks1r0iPjnEv^;*Joj)yf#GhsJL zMo`r0Dm+&*naJTdr&-bOBoMo`$=4(|ckH3HM;?j{%(1r`3_3}*9S^Ja_`XlUiU{q0 zAM`2%b&8q}(3lR^_B$m==+%3*I>W0St3U21PuPq@`vy-Awi7*ZjkiX{yI2ThPu?Ua zPC+%^u3Eb1d!C(i9x_|YlJFkYCUG298_Q0(G#~FJ*I#61J<`uH9CoB=+W8_UO{ndl zswp{o7Fpw!-#<vYU+Ut4m|L3Fq^Zdtr#`v5mDnGk-miyQ6B(_vQYX4*B^++zp$kOO z#5!*G>jJV-F+6tk|94)cg|K`5X|{U5ePffno-R~L+V(mnP0NEa;96$?SMKDL?E@3^ zbn$abSa|o%iuCZGUlDPMTiY?=M_;yv{j$OKfq5eGEk9<yGJf<cYjLJe)tV6$J-7J| zsRNUW8ZtSA=}JOcn@O@4#R$#Q^FQ!M_iqd6SSa2>^-h0U3U`=t9VWaKMzF|V7gfFc zk4|Nif}VBuKb*r0h_;Wu(7D=5rGot#R}x`)+Lbc(yITa(3Y>+LuF_YwOC!w=E+qZ{ zn|xD!^;T5*9te}KJbh8bPeAq_JFG3t;tNinT|dTa^FtsZT8?wG^v(=_iqL-ZqFN_Q z1`QBCZeP-g1fg3s(uSq?oA{<sj?C_|x@Z_j60bHPpQcRgPAIZO0AO9pdM7=5E@~WK zor+WJBPG28<3zA*`5I(SsZ{N0kcZl8c^j&3-)Wyx;;)2%B$O|P;Z6pTSsv;7aQ<8e zHoiTa7mmr}5suTC*G#+Q?3NA~m)sTz88G<q0U{M~0ECqm!r{B;AZKVJR3d_5!C6xl z;PdZpSmpndfMgY*<4nQjFyeZ2j_l&zj0o^v3@PYH6xuMn@m@VHed=yFMIWMSG?m*4 zY#3iNRlY7=m(c~kZEa?{XF#|dhg~19N6c(#Z1^S`eQr~n#_D&APB2azafqN-5GO^m zYbRglPki5AKnKDOUp@!(ymJBPy<<(yMq2Ct@SmhiIKgeR7QH2RUxRfl0)a3ILx&N= za1d4<=ZxfVh^V|-$*iCjGQySz8nH;#Z_`7PVCmc(=~=}ACOWw9Ms?Rj=s3@jbNttr za%+$bZBfwu#Ss0^ln#|f`~AtFCMqdPYv)IXeu3zOY(*f=AhJ}a7?)(!_@2!SL7U$B zoS{X8S2ejm7^txs5@OoHZEe?@58S@)-a92$HNKy>(}CNQ+vJ1F0cvr$E$SIy4{5g3 zgl`kn?G8h_V8@)W?w79Nk(fI0^dpV%Cmc^W*zw%q^Ws|M=(UEGQq4dSyzqXk*&CBL zq({d6zi@a69skHF0Xa^C7oOSdpp_QM2lxb5R=SJ@mzqD15Z~*#z*n(7mJ>6#`B;yp z!k~NY_lL9(I-=Y{9`$7`dAKp5utR^G>X96*Sr+vKfr(SUX{_a1v$L?)-hKD;&o&It zy3WNml|;jgc<jl4`mqbQ#Y27E@S7ct&u&>;ukAl_6>HvcUU98?k+?8zgxJGvSh`dg zoX|?^ipX<>hvcE<?SJn45E6W<GVUI>L5zKkK^h4KR+}0@<oeLWji3{Ml>jh!R%7Rf zUZDLey9pCV(sM{(@6PNGA;fZPs2xpT6|$#+*@kX%FNyJXG00g6*UQsLqKCGcj20G( z@uY|*sJ0r$@lMa@XPE>_K%J$t)G1k2Yh9CwB?LSv3HU4ns{m<@*_pq@Cp<aSBFgSB zIN!0mWw>h7Tc){-L!dF^e6E~LAH}?5$?84*+@J9Qm)_o9Y}P-fdJbWenYk^UUsuj9 zQ~ki_n!iel?>|&;%vs=X)Lr<9-V$Xas+OKkxWJj{D>4WqD^zq2lX30<%RW%@-B?{+ ze(Fq6D#M7ZMr2E8g=#M2S|7(gYq?<O)~p(^6Pgufg(C5nrS?qjMJmg;#+1JL#M1g! z-yX<tTAMEY7j^`o{wyG8PIH;_V(%olb)i-=kkInN;u$x4j4($Ncz*c9znDtwx5{OH z%eu$Wy|#76Tm~N6C8L1=9bZ`5@>)#iKEC?F=~!wy?w!T|dZ6g&|IOL?pETV10YKme zAB>KE%KPWfGC#io;4~4AE!zHSJjz}QI(-+@%ppBrPKUd&@>dd~{l)(?m;<0Rt=hu> z1D?YP*MTwX2%`rE2M25KGWi`fgjic1=SbEze%g}wD%KQqd_P0ROh&`v{-HKjP@>o2 zE|GRM4FL~t36CMX{}Lq|Y_l|yot-`O`}cfq1whxY5f8$X5$cI6suRC|yJlNwQ<uW9 zC3BkO7ptA#G&R?@nL9kXJDuJ`7v>ZEQV~Q&rz|>`PGzJibZf1Skzz$Rl0f-fTf4i_ zS#hM+>7m2x0yrXaI|9$w6A}`zvy4AC+k#u=R2u=F`s1fhyUwWV4KgaMro-ZLa$7U1 zlw>z6_|gpT>hk(^Xgy+qxU#(L@^i+3N_=2xnL<;$Uo@=<+b3Gs`0P<FE(?)6DvqpD zHN=TCiZJ56$eNm(<E_^<AxKv4I}2~l(P0+zqE^?xY`hR<6@C2VNyX{1g9tj>3{r?0 zv8{WYcj_ir*|$aR+VXU~7LAin=xkKnwwQs_%?eDR&@XNKoswpWxj~Jm>t1zaB*T~8 zA<H!<Ey^39{iFH>l`dx=8qcTLk&&4hC?suF_hYa>M`LV%8@0U_pp~A+q0div<y3Fi zLOU6>^-X*&=0a)tDQtT_%?cfKLYZ{^Q|XAkE^{MPj`!wf#<x@C+VWX_!C!#F4>bA? zEW&CO;B{S`a(o|6CI>Nes6YKB;SYF2;}W3A<g@oBJ=<E+JyZGb&b4j6;uApp9I0?v z+v<_sKf0kseNM?eA?ISl;#Y2H?A{rBQk3n|(n{Y51=!x8k$aY|jzA9Q1sv7z*GH~7 z%LiEP902FGJgGX`t8H@Kz;vpwo}E01Tx&Wxu4(7C90BI=*(r&h+aGZi#&A}OJLR<H zL4A^ZL;Z-<MoCDwc5k7tS*sZvo%@y&sMG}5?N-mHtbP8@8;%2QE%~IXe$AC(X&d}V zBvj~`c=q#`+5Ua?d#4NXS%I17dw-n9qQ!F-BZWE=eggmH{erqXJjNuRWe2qDWL^ha zF21r205A&mnLDrYSW)(i3?ZWC_Cl|hXaHb^ulA{L>?n97o-!Ull4BK>J{1opb-_|j z4ZnSPQdQsOo*SCvhyOD1hdWEytN^!$C9yK~cj283ucfWgJl4;X)2K7CvNdDRzV^01 z1lmbRejXci?5fSDtq!J%wVfKirAP7$?+jv(RG03ZZw8VAAUd;?1|pFYr`!XA__+3; zN$+9nf4TMClU_HhgZgTDm^EfP;u-1GjbH)EP)|urbz+v+xEZ^~ju~Z@sOb#k`~L{; ze#sxlaAfd^;q53v*dX=wx>>7K_REV%^}P{?PmPTe*xiq|^&a;4Q-+<TWw`0so3dhi z@^q5i=d%hhkab^CvyPeSKBZK^)2V=)E}s!yHpb$<pAzmuYaA-wFJrHO<nyrG#QqI+ zw9E^PEl{OJ^=2s#YVPDg$r`Xi*&uSyi}iY<-{sQ3K!D{6pz6o0d!x>>Uw|KL08v~E zAgsMP8$d+k^u=LEP=*^qKfy1eqX`t-wWwUsZ3H2+8VLphRN&TtYj>W8s(%O5m7cu( zy8m_K^Mx|}K>P;KD^Ps)8pz>f$u#JxY|~MtAZ9A$+4GW5Q+*EZAh(6rmd`eKai<(k zj*4MS9r7Fi9hdoQXaTIXhSrcX$z^ZMO-p??P7wtiQj}oK0nr-SU|3`u58hD$n}D=p z5umZvB^vlNB;D+_Cpy$9<R>xb8vt*vqIK(ww@-6PXYCR%<Oh>km`OPEO#tr~Kbk;I z_6Hqr?~&S|V+?0q>;P33(1diCCV-Jy!eY~bX1S-`G`Y$^To88VjBGP)V={T!yy+=G z`);fPtr3*~dY-Z#nJA<+VdR1j0U^LFIk$^$d@c)^zo2=ZPs6Xe>@Mj(Gm4vacQHTl zML$Dg=n^4I%?psA>|SLMr~`RxK1Vi(&F=DUa$*2sSRYn;x}Wz%jRZU`GbMlh`0?Xk z#XkVm_o?8sV?hqn@RT)@oo4IrDOkOOVK>Q7U#{rejF1gzk@>Q!kg4DpvxeX9)AY_; z#c}pWDQE%{vi`>G1oSSB7&=Tx8gB&7`|w4uLgkB45M6GEcbaV`NBC}ZO#AzyjVSvP zz0<&M4_E^JvLWQQHh{QRvq51?5$#~b%QeQ!vckoyZg@nQJel~)S_r~Ha*0{~314<g zL`knMiYhpZ;yQsF>00iC@|so^IbMZ%5Qa5w3Sg*}?Ur|c-8QYSC7{J@IDDtb;ZC8( z^DN~w;Mvn2prCF2hKvk;p3+mpbNDLBqO|ewDUWgZnLK`lhd7~=aiS)XtoVBddn%z~ z>7A9`Fl}c8eyRjFPkjq_(&d954TR(n<M<Q<TqB4*TnP%ucXImHFb4PsUOsakU-3s= zhN^OMg-DtqHC;3JjW;o*yB9i6Kcj<2kF31)gS|NoXHH@J^%+rB-hn)=%fAw*tye31 zWS#|^h^D_Q7i&{uC<`g`CQF?mDL;jDo%Rbc^ip9B0De9AqDwfcPDi1)IR)92$HTsR zv}pmFf0y9B`*l#55WU2~lJ64bZoi09>BcdJIz{r(roUdT8%)5ubsMQ!R6E{0btY@s z1TX&@q$$*e{H^ntJ(@6?t%D901@8Un)Zol<kX|<=AB2a>rB9W)T3HjijE$Z-yKTGO za&MA<cG(xl=1k8Ei+xqGuFVgAJXCW3N!h-NSc!_<`BqBTS2}Qn1El@55d*>8T#Ov{ zWQ9geJ_g}Itlaj^UU@D7A46L@4w+b*#&eaSTj@=9jkaxxt)6=HI5xw+4GjrKo7?Q` zZA$T5qBfhXpxEYs2v+hQ%ha?So4y>tL#l*xCnhNLXQ>Si--Mkj)P{@Ule+&A`iH5E z?T%8fq;egI!V8q(ptjzSX<><isl$Ql5Y*&=5_YmnHZc4q5ck<MT+bP&>v$nKV`U^h zf8yjW(>Nhx@PvGA+xGsOYc1aM-C~fHvuDcQfd3Z1lprmwQuzD@#N#)LX0eS`KBber zlXK_7dfKC02lOX^;(cr7T3=^{%}ZOOro5IqO|1@1a{F$8C%*cb$B8P>u>bvA8V6VW z=NM;g$d{0Ts906RaL7pCN>7DqS{OA8$f$u;T|dg{tSF={&Z}i{2X`fh;c)Y%vj|Yq zAKwr+t!gD}ihkct^lBNH-Snb(5*;%8jXO7iaIYFhkayzjHcqpJkG0fYGKG6jS!5;d zAQL*(P9+c~qpGscYTc^7TJrAXJ=uG&Z4*!%M^&qrP7Z5yvU(Cjj(7gl4?G9rO{<J! z)8n3fO7jbBfa8;a6Mvt>q$2t!Wp3AC3_<`9t^*5y^?!mnH3!l3Om>pezQo7JpX$YT zC$8*G9#frnkMwN-(Tn`0Wb}W4yZ=>>A^$SpX6fm3K}na=%NypUsQH%xH$cw-9a=FT z#0?!;z#J2|lf_I`%=9kyI(fq!rxa~&gCren`m)Gsz+W1*qdCF6kB<!L_2PUygHf&p zhF2TO*COoBcWr$8Tp`%G9U$oixshsp>PY};p8I^#*{8vQFa~v)o**v7=>E)cNPt$E z(RdhuHvL<=o)epnAZ<C>aP{^ii!S;Er=8no*n{xXOPz@T_RMdk4a-tZ(BZr2x%a*8 zAzJXM`Tk_1)QB|I?V07S+}Y66ip10l(?fC6+~!Nf7(tk3W?&a0RX%uW&Wypf9p7pj zPXJ_*uT=&t<Z2QNEcsaCLT>OZ$J11~Gn)$(WgVaX?g$C8aiC==>Cn&sO)G|%Yq|92 zAskA+Qp~LTAm9|I{gI{ryDf=nQrm?u*hw45*s7b9Q_dMYWr3q_`2eXi;2)sXjpsav zYSl-Yfh$FxGx*LLz+ys!Eik$e@cwy12hh4YH4KI&fA}Ef-|s&$yH7J7g;D1C!D42E z{|9L2s_Ue$la&vFB<eIvcYW69!2>`fDnN2tQ3P5#>lgltRDiUpz6dGvxg#S67sqhn zS!C+oZs5qNQQCL(=N+!<@S283iwXd%R4xj620%*h8I?=nX>=cP{t~z;@?ET@97l?> z=UmLJYb3O{NHD!M0B9rkn>Mt8_I2R(7^D@BlTwuB8MDEN>+1}Juy$y`7z&><3I&uC z86msTwYxy?UTcpYNe;b&G!Y<9=$}8gDy~xx`4O>i0IR^I#hGzB@FqqD;N0RyfRc_G z&<3HF^7PTgC!pD*<Nc<Md=1)Q46H0|m#a_*1A?&AltE%5cyw5;b!|B%Vn4IQaVED? znq!3nB%H-DjQT5Wbxef@aSrS4e%*;dM-D1>+K`)I+*@n4(?+?(#!inyhj20>Q+Q4+ zG}uWedtK1K%>Nqr*C=2Ix&A7?xqfllBOBQFZP?$@alV2=;}k?Mhoc<N3KR75zhe}~ zQ%D7&q_WVM_VAw>l5}W}=D~x};l_mu&o{Jo#TX=xp(28*^GdTvXfnKly*76na@~ZH zBz*}`(x*x-@N#H+xn|q*$S3_kL)cP9i0G>LARCGcPcJf^4P-EggcP5uIc<|V24USK z(v9OIqShD4G{;TD!rQpB`=`w;i?^k9Lo~M*MH?qVn?uIjn*Nr>N($Jp?iTii!wgD_ zd2D#|^fqrPwR0Tbl|#zgKkw5xWltDHpFVb3%pH>J6%G)076o$|J%n-NxzOxzbCn@g zi$rA2I?!ACODJ3*-?2fT)qY(Ecf&9U57!UFv=J0E7t$R99)v6gj|X$WL&HSR1qaV! z?zsi7SOzjj;*z!G1K+%M7t)XSMD39DWW-V#<s5ZQNR6Nzj==(hSnm4T@NzSup=Tub z5yKMjv@H!_z!^rT%N5j<T3P<iVurs=IGzf*vs$+G*!iilI%4Y`uz4;=MmnM7yq!A^ zG_26ul4(bMxbby=&n-&Mgxi|~KBSU<>;kkXA_mh&zPh9^y1k&q4FLs-;l5cq8bmk; zo{zauM%opa5ul69^ghGwxTy<MN1a2(%KIdGK%+c8Y{4Ov>15D)V!DA1gm*;=C+4hD z(rfkNk7G{4k>|#Bn9T;j?7?X9F-=GFvNu>c<+Z_}!Ix*B)wR&M(V;jCWgtw>(15da z>GzOG3_MHg*tC<9!EC2btd%OcP4Me33!*ynAW<wR@H(AElQwUH>J09<%y(8rZ0et) zoJydk`~>68cHNqJFd)L78sZHda)#XNQ!&8(=}H#0e&3Z?S*0p)Td`1URa6Ydp|6@> zf=U^`#u+}W2-H@0sdce8wX}rBc)4P$)hsMW?4ty&vOMQ}?cVw#)GQS3H(yJ31GUPS zmbHlW9LE?<&9<kzX5$b&dBfo9%F7};h<R$XSH*RN@2ING>GE(+jMuz;5_7mG|5nwe zK?pYsK3T|o>0I`uX0i<_$RLng(W?yXU&fjxj#<wKu22WhhKrQO`xEDJM|f6Awyq7m zdYIggiJud>3`q<~?!HD8wIP+=BYH=`Dbp+Y#_4R1C^EH4I3WdC(E8*G0S_6o49z$> zqq!Cj!ds<&ZJ)_Rg6HdnyD}RC4#BepIFy&Wt5v`FJl*^NbL+~PGqHfLp{w?vhNJ&s zPbv>hCxqrn#GniQW6Wp_$u&h!t(ahog#Y~>g-w-<M-Q`e)3=@P{A-Szn=CK8-rx1K ztW;u(0qk>-#b<xcl#B)j%LmpDv1#{W-$}6JIDzkVV6p$5B&>H1@R3U8=imIlX$9&2 z&v&2x^OEIHyOM-Y=VCa0%S8XCbojsX@}DLz2>^MjfL;Cn_^^fY!!FqA^gEmQ{_80I zzjZ18LzVqc@*e-k8?NNEz&dT~Q-1V2>90>3V2ajtn4sUCvTn{d{(m$b<xhwIMj8Y6 zyOo1j|3jaDZ;J09{_g)!G6E*2=-<xA|0f@chIHw&kG1E2_qhHXa6Fad=-&wc)hD0X z;%iC@hv*GXRe8zi-$|!ixrJ&yDIY6MPR(hPoNtJG!#^JWR`zau_MdNzIsMX%1sRLS zip1}q`KlJUy3;5Y4c5=Jv~2ub<Ve4}g(w%U-CjSkL)TZnR!<Y^(XwTc{$#X-RbyW` zG$7kb&bko4H};zkd|#W5S(@tU^Yp#j_pb@fpPBLL(sl3G!$W7<GDdgquM8HAlr5>7 z_o`{xru8*>#=8~G{#I6|5*gXPqP{wQu$i#bEVE3l+CX`)esbE_JU*nn$o@T~qDtl4 zDd3Zi^W45~X*)SAWb@DeQr20<HPwK9SOq~vBn&!~ew1$5KmiFUmFE%Zl9(`>35*bF z>2M%1L|VE=g945c1{=A-=w>vG<~_de$M^eoe&=@<=RWs+{jZw|BKQF^QDjJr4gN}0 zdR(LBA2{Xvb#26=i)d3mTt}XK3>i~)Tzg+qR;Ez<U+sTmBlyHH_4MgMClAJBQ$(!v zum}ph=urwe1{D_@S!=(}WRl6>JLpHrx%ohYM+zFHhu@f}>h>1P9BfIDjXB<s0A~o5 zf}&z+OG^vDQ=ov3aj}=Dr`-8l6O&8ucvwahbUdvrY9H{~ls^8FStTtiOGZ?;)MdOf zSK2%I9bhin9k8IttaXgX+9xx)XXvjbZK<wN?SZHy_hceZyy1D!X?@;IF70K&(BiwU z)ATFxY*auIpI%a3idJAWQDiO6Zt6qunjq8b<tkfqq*-9KMqOu}&qs+>lWUEQ;QsH< z+JseCc!7~ej*$WMq@=D4g{T5fy)o7E!-rEn&*(>*0aBE-ovk0Rod^WtVlRF#*U`bj zRh6{5D%AYM@kQ_5FjbCmjH1bgM{8c~?}^Fb1ux;!Km!khz}DcHVTvW_y~SAQz%Mx} z?LC%~+`#97Ht7mS0oKEDGK<W?54$w`+{)rGzf^j0h!bN+#vl~hc>TSpvzf5h=m_4j zR9N>-*1(tm!F+VehNjWCq_KeTKFNDnR)&}1h01U;Hh*1#b*+@g=dqcvmXrxK5$UL_ z(;fkMkX(`k^ie>g8V!8AU%`)N!%2W(rB(px-EQtZdp#Wthq;%&4t>qD>uSBgr4#Kg z%@;I-iz&>RLWr2X7j4;39GeHqrnPc5!d-ry3KmJb@!iEfI2+hYPpJU`YPY1mdp=R% zewaHjHa_kkX+KZ{JPC=^5^N5C)>Cf;QFB&=bNY7w9kW6kfp&Wve+aB1X<6UM=dgz3 zARTB!f`LH%At1-`Z317O?a6qp4gXtr{CF7p5@kfwJ`L$Fof=I*mF7M4Vd@bm%KS2! z_}&D;p0sXWQfDzGO$hK^zTLF@o7DtQgo68fOdv0aFB}=O79yo;y^K{&;-qW$bAw#z zBekTMX+y1sG@02>wGmI;=6{rxp^U2SCORYUl2!|{U_70IHl4wXyXINBdJ#7<kqRKC z3pY66Ju%}IQv9yfB3I`+dret=ic|O6$>bg;uK`*LHw&(Gj<?t65Km*W@EbzMuq~6q zQvqhFf4$Co$2wis1<A(!=~G3#9l%%m=N!+JusOM`A4mWit9dUr@=rOYo&sb*@2P;- zr{R>K*v5p|MvW|XCu?k23SrW&FDdqkR`nNrtW>cU&c)HCW?&ehFD!eC_mYI>WaI7@ zj2o6~9TaO3J@pF?JZs+CXv7KY;WDpB_F-*xwc?G(zQsB|;rCQh7w7c!EL@2Ogj!^e zg}8@Tv4aqKsve5$>>YaKO8f%T93$b_e~d4O-BbPcTI=cNUTnC=^K+Z`>Mh)aTwAsv zpTh?GbJl$KS8WH+H}#KInCFjQoA;7|hrEuy&qI~^@X!<^3yUo%TG}+uRf2mGXi^iG z5|}W#`>pF~$ya>|wPXa%Y!iUy`CTbAe=~J?`@5(LlHwo_y4v=?qn3^FN{CqD-u!~< z#ZJ$`-*ag)d0zt7bwu#t8vU)R&v!>7VZ*{j<^7N<$m)1SiV3MBr62V}JH==uA{2$= zGazA$Vq|zCyUZlhHo8st$A>=XSG)Bomhk6oY2k8WrEK3rIo@)ad0==OeoL{A;ppol z>N~t2HY7a!M+YJohxZ_|DR@1_j*N@}swi^fpc_c3Cm2&jw$RAsd9}n`Iv&^f{Cp+j z)e<+4waI(-Xc7^=RcqUa_|hL}CP670jdXwQto~lDB|krZI_k5BKIk}vZEmu`<Mj9S z#MsqIz&`>p$k*BNu<8`UmWsaS94+GXSzut3w2Ownkym;8Vj}6{D*ir0Bbiu9yx0L1 z+Bl^&Z8ciz_q|@<EJO()qzQG-fjvZTqQPO-va%yr)1mF@q}kp^V0oJL<#a^R8)^60 z^R|RN=z5ez6<Fk}lLcqXpi;oG4*b;T?gmAm|E~bB?~ncxs1`1lZ*-ytwAg~|3|Z&S zTmxbeu=`z>a_Elyd8|ByUY$~bJ?#1Xk_c~%UWb^31UTXj*RoZ^X*mtd3wEp-su>oq zc6^jO>Ew~&UWI`TM@o6VY-Y*#1kqtrn#LNfSNA$wG&Hx>znkaICLLVwjS;VU!{{{! z^2&9-eeW-(P@YqQLEQ>_iLKi~Zi{W_ju$AkIC{tVSak5%y-)HuyE{K+vt;xXJ7n*p zG|Yt+Wfpv~)lxP-^%^>r>2>%sgO#vcRX~~!Z*%%DMRe;xO?^N+!|Kv!qVMofJD>1| z$8KCE$Bq!jgsJ=y#bh#4Xk6S_GD?(oYCNCmEpY0sLQ8>v)W+tgC6j#_leS;D2CX{P zhuxrA_MY*4qVOonq!5%Dw--&%Zc*cqV4<(%`EpV#7AMppr@hr65@|m)F|xYO<H>(J zd{=_jayIsQ(;17JeGaFoY75Iy`_W2a#I4ma!zn>7+odGbjFIGjR;1w8rwxLV1~p<Y zQ1be0?np=R7qJ>h5Y6pme{4zl$zrbam^r+ZEZeJkzT)AX`d9Nso;bSw2=sRlR1Ob? zzEti^L`7Z1bam`t;bo6e(gm%fqt-ME@Qptj%LEjYeuZqTaeOE5&EH>QwB8~n(v#jg z`48PY9h}Y|S68(+9^sSL(p*c5AD#%ySt1NDfo*xREZ#>oCE8#U@U;z<8!d0bfq#nn zLuN21^({>0ij$uNt7QnYF*CiBGvqK-lr?(2Cp<Q)5-Y@_`{?p4U_A{8fw$^?>I&I; z2~)Qpy}#WlsJ!77y5)s&Iy>rWITO#DH&&Pb*)C}ykEHhb(zJ}XtGNmt#!k+Wg12`z zAT+%or*W}zy15(T6|)`TO@=oMPk%F6Y&`1p`1KP3xbHBb%c0(7hN?Mnc^7I~xdFqE zDU+*)mMvm*W_h^Q!sEGB78tInDvNx$^!k-Qs#mP5f{n-9Y@9tf#YYs7T2uuHZ87bV zM$RrQN@GfHi>8VT$oHqjDQVQyNEAu8V@cpyQQhSh_B~<gd*tEbEFFPD8j6xytb9`W zt6*_)i~QcyMm#b+COz6PQP$Yc|Fd>aggTGANLk0sO8sP(e=IJ$V@5?&C1eiin3Sy8 z4HlBLe&$oi_9(vmCJ+`p=|&s=8cx`Y;N_9>xl*=#9M5FH-pSYe#ohKTQ?4^;j4vw1 z`<SH^5?&~3?T!JHz5N{|v8KR0l4y5DykX^g)CLfrJW%lB+lmR*Q~M&dP+f*EVFzxQ z)Qf1vY|!j~Ljqq>6?a0$lX*D#hyr6f8QkW~*R%unaqeWZ6jNk#WMvd#<4ns7c9c4S z8mlNEk$9GkNA8!ReuYYsm~!mLd7>1ccIgv;?5Z`GJSQI3VX6b$ytB^<wlS#1?i8mj zt9eoZS){_C05uNogTF><(ezF_dcBQEtw4U<5pzM$%(44mhr~p%@iNI79-hV_Ipj3M z&X9zdqC0?crc(pynEsGAepdyQkeW95kbxp3Ha4v5m(r@7zF9ru4hxP-fy?|>m$=U4 zqR-y)@xfwmg$VOO$9dP&LZ&XkyIwzY-u+O==cD<Hi%Q*Wdaom;;%ye56RbkK<##rA z;bq$HF1?}4A>6M;*O<;}ve|)IUXl<kP4~011^{Mi2@G@C*6~(1?Rw<7z?79owjeAN zPiriXPCQEi+nCU1T3#w{Tt6M$W=aCc7hR7ur{c$U1mz`JzKJav$9b|qWYHZPCKw*B zp0_&CtpK!I_MlA(1{)kqy0x;G&@>W!)#I?U#C8;S{+ZUWUHU=NiuV)Z?-zj}Q`UP7 zR{w5YKFHZh2^Ig8a{=%Y5OxJ&su!%-FxhGm&57V0ooxjmo3HWJI-3zg=@Jbw8vg1i zrZQ?E_U~G-r8{`J=&>~;hs0)6nI=d3;L*D)%!-G^`van;HG?r!E}wl95ht!ssBVK; z)cr$v@Hac6LMQ9>1Gc<$H!(Fy_PP_}1tQ5={wF|G!~<Pfc=tR`pNcx)&0A*SS-{Zd zdfJp32dtyh7BzBRpTH)Hv~}T-ClCWBOi#($iK(V?n8P+NM1Q;ZCPd0H!|{z`SD=Wp zu#XVj3_SHCOt^+ty}$0V(G&S!jB#?OZDq^BaQFtI;A<?o?B;*H?V!7qJY*d?AZV|^ zOcUpp0Z%|QJZb->6w@vbVo<*`FqB|)rGKjq#iD|>K&p-2<i<q$hXfU|+2-U_aX?nR zliB8Ta0vqDw{Y^!5^HNnt*pUhVxU>V$t#38W`R>wa&hNG7x~UU!zXOYb5ED36!H6D z%)$kzWWSGHSG9@R05ZST#bu4X)VIp=Nb>p?5zDVOiR+(}!(leYy#d26kTh$wl)xpG zfWX1ebti4;9}g9v;~V$Yucz<Q$(rMir+kybYvr^tNRye;Z=(CJC=tQ`auUUOF$=U> zyh<My)!?4yHi@Bk)*;64NB@ORfin-c+wTzk7oy%sH_JjtwxxuvPrn--wlOKY%;y^l z*xP}9_&r~63Zm~i@>@kbWULR5rjMTS=J(VC(FJ7vY~kT5%TAzYRaiK25bR}$-tA1g z`Asi^(tx5D^I56P-H+qWajhT+K#1ya`fWcW6W{*fvru^V<Tc`Phq3*1`y=aaJS`_R zl4>#N28|aIY>yfXukkk2A#XQocI@AO_G^Zj#KU3UWBFDxC^^zy0-AlcFMYCnc75;M zgl!c52}mSsU&<J;2N-mG8~TdBJs4mr2_N0KP-1JV{HJBBk=sH`bYrCwo>E6JN=kFO zBs>@oH2-7Rp}nCjVq|GTmu}g1e0rPBf?!4S`goa7z{yXy?%aJ}hhR6J%nPEyCOafR zK~8C;4+M~+l}gl<*_87L$*jmCxox?)k{&}jVn=D&%1-rZXwdZrHEm=;5W~<8pz?Zz zlVAOl8+Gad{@$TK*b_|Ew^diB<s&9FY0^wjNtykV(9Q!O^k7Q2-1$dR%=gsM@(K@e z@>qkd9s~Z<?(kQ4_P;VcYvyf!iVv=mWHd0;{K{|(FRb?I#M0FJpACZ#__+C+yZ#Z4 zk`CPYLv*7|EnB(zt(2Co0LIwlNBZ2V-f|pW^U!x#y0>3kv&Ea!Tee1VS@r2?N<5_^ z-a!8J;`Pzm?<v%xtw*Bf6CKX3NAQk_iNk500)pOHf7K<t5Fa2_Hmc;-uR?Gd*C7lB z23P$g%2~&f{8qJLr&V_@`NQuc5Qjl^CJ&J}tyKi(*Hv#*@ytELO^7{V4T|j%XAQm+ z9WiLdz^oQQl@r7=%fQKsJd;Ozt*<|pQ@CgQE&9p8jxd#NUMzcgdGUvxC@!ama?$(4 zv~kfViPQ(bwP)Eed<xqq+)$3Tgl~Q~c%$MY_z$ct<p8hbIhm#AKC+iqcGB|i_=x7= z`E@I+G>-|}6rU+MG@j8>&{UPUZt!IO;uRI;CD6$Bpi6^gH;ZBS*tu5~6&23eSGNbf zWxVq@k`Nb~r{euafuwOnz9{4cwt1X25t?zl{e&<#SM<iqD6NqfLy5^*OI(u*)tYOk z8xhIKik0TY<n>(GEIficGA7rVHU5NgivJP`^o9AF$JjxoM<-C6f%ex{K?^|%o!y<} zokIDjH$xRtDxNhCn(7Yfr21Hw(3J|QC##y(O0;y3Sfe|=4NCmC4IG>4qwicjIEepO zR)NiyU-+78=1M0sk0pLPjv5Y5mG&VzzCa4(3Kz2BM3M4Pb+ALY*f$4BwQFSM2a*hW z`E)hnUUu}BtRD+h2<n7V(Z<RGiR}y_(ep@&`D`)4W+_tMMW_w)D&#Rf+;<mLC<*O8 z@FCVnW9<A#s`)C5^N1xmzxW4I?Jc-=Dq3vilwX)Qq{n$r5J7%#c3=J=DVG(Z>Y~#e zFXjJ<{A1hS!&9V3?70o^8Z0{G%6TvW7e!i!TPO`IJ$dUO)UiOi-K+%EWT2O<AEB(Y zi}n|hj`|ug>YtpFVh4J>;!h=5=NiNS89>Ie+*n1wmm8_kE;*~w>K!v(V7-R?*U!S` zs|SUT{5|!sHkKf|XvSX)#tN$^KeXddZP<x-Apho+)I2ojwS7J_|5c+c;_&l4`#k&c zOMwuCOx)gjU-ze1hl11wY@&v{{M#Z7H$iqMoD}AMc`=5d&0lVt5G-s~JV}4wa5n<J zKsFsKaUs=&aaId3N#hI3GVT6j;uC#0e(kjLzT}2voha&qdF?ogUA{le^sL0+b36() z^xK2fV)&$z!o|#qV4fCY@6DK+UA=KCt6Qrj-G9+hi#~i;E&R6(d(tU6`>ZS2HeE0D z$Gnn9^uUW?S32x7g@;}8=m-WJhk}=L#sU+EwSUrbXB}7FR6u%Md$gV>8teNEtI~WA zbPvS*z)Z_R1h_r+vR-58VoqSVrxxc$g?$-bcsKCPQ$mGqCh&o#{a#6JeBSC;Mus`U z^DaBLzN~nB6k@UdRl`1OIh1-e#y=lwIz2MAKICe4kx|H&<ya7~%7XGVa?~!6&fAsc z)eq7qnqh}BdXvV{a2>pH2|q1mp8<S(v?hHCMR3_Pd8ZNk74qSaLshs*zh34fG>ch& z3e|A*{InaWS8a0g@z;|SoK)PC%aP;nl-uB~9P-Y{sg`<NqJ_1zQ2EKIl!vB|M_laE z@IW(yn<QH&YiwYxZNfN=;2n<4vlUg-ao_#6>dMTqPI2}qF*fqykdgS)?m~`f{EV*z zb;0a+NkkvqU;K9P?oP?kRi+%{l9<8cw~{Jy%p)xQN2TaaCV`WPe#0*BtK#jnw^Sdi zo?KC5PHms@uN(;0P=`NT`z-KDyh@Ox?M9xn)w|#?n>(=mQ3m~l-RdJ9|L<qwKPv$< zX+#_xCVlW$gE2Y((5`r^L_bT{dHn1hB}}Hky>`Sz8=fi6n_WcGoJ;Dgs%;R;ESGjH ztwu{ZfWNBEJC60E>MjnR7oQM#P<>uF(okMYTaH#;C7&>)V%@2dZxm9U#66oQQ#aD+ z>UnbBXkc_SWS-XkVc1yJUY9XRef_;Nc@MY}raIq5b!Ol2&%J)c{HJF}$(6^)ioWZJ zDk!#Z@{2@BC9RBVl*G_4Z@r-%u`1WNB08_AqHA6B?9t_I9{h;DK(Y9fhjYU*sHf~k z<m~=!36>TvcJj9|y4T7fVUF|@?ml;9PWE##CeLoqo76IQf@m>TVBtg63z7T+A>H$I zED)<GM;GJlW4sEMonkT(Pw<VW1GP2MZ~aZ|cLn7pGu60hVWnD7<M#&UP!#t~^nVyb zLS30ZQORqH@)SoCbLg%xI+T%Ly4tw502$q{;m726T)wT~sDv)|fArE4!zZSC@{4N` zwHT9@4vihxR_-UoE-hs8BM|<i2rWCmc!sMf%v&MHLRrysxiN5!6KpdTTaL4n<mYFd z@vqW-cMb%@m<_n2abx`3C|5(AS8)GcFAIsDN6Pm1O#9;?tB(&a9wHWZ+5Xi5T8EW_ zqFyse3NJN!xq>@S&g8EFD$2J8{*0kO@tc^BZhp`GrAd(mW+*W?z)Qs;d{(5IB#naQ z6~*(>@t9!~oP>0>6w=pA1$+dcXHZkeI^A-8q8(%Qbs=5*UH1}L*@4ubI#m9`D^!2= z=3(Awzy2oM10(&tN9#J)!xK765Z`qJ4y1mg#jde2Aq|^c{DJk2@gZRJfvoDd(bC2@ zg|LTjzB$Z`@pM`qOXOF07icc!FfEg1)qGs()pLeSmYk-unvu&@-R;?FMh*upM<=+8 zl;ch;lZz)|fp9*I#9@))FfCe%#EJQq{OYpSXw1)Qgp89R3y<jwQg`mnNUmue@3r>A zR%>U6&Tu=mKMxV3?*<{giP8A9;&Z;C(o)iBYV+r?JL5_DN~;ant~5r26TD|x5t!Dr zN3jT^jcJkhVTLqf@n3qUzHU6xg?h7rMHRN*n<3V!hu50c5^qSqwP8#h<$Vc;yxh0w zMU4u$gxKT1r0%{zYS}XisO1aad~2XEVDTgc(PS<Dki(p6Pe=V-bnyHlYn+W3Yh;b* zQ`XRVr=&9ZB9W{=_B>e^1Nan;T#{~<0);_QYmH<2WcZy2i<ZetvMj?<3a=h02rdh; zMU(20&<D9Yf8LOd%4uIekS%Pj8WM@dHe5{zlaTmqqxLF5sYrCpmAE{vbMpkN*5rGR z6>pXr?Ezul?PrL#bNBE>XF;2P(%;o=i-z_ljR}{{-VL)%ypxz;li{>?;FA%apyV<S z!e|-_nItld)qUWj&?jrFPkvDgO#zL;()+bkc2%G$x-P4gwve`3;q&q$5h1mh5q=8$ zG=p?}cv~4{Ll2ia04rX7ahQg8I60$Auag27lsOkWx>Pi7+L_>SRx}0=w3E7d3j}Vy z*sU?}r>{mYEDjgU*RFC37dcM}_Yfd@MALutRoRGxte<a&b$*uJs-3|MX#kOo>0h{C z^+@%coZrDzeu>Jo?W`(i!)eWOX!$@7`1_A56(0|7Jg{4h&YfjnP$K$ZYjcGS2Wp>f z_WK*9o)M-m?10qy!SDZiuYPw*zWM6*&iusF2j7pY1M*dh_e#bd2r;Q>g5UBMfRDrt zOH5wT_4Z{b_G)Fy4ah8y^Jj^PA+JLAuG$zKNVv2CZ1D`PrQ1fA@MN<?VA1yK0RW2E zp~Hw=-zza5&hOvrlw#*?bEb}rngjO`_^=Q4+%R+ECb5+!$M03!O4jkyb^(YDt2SqR zjjQfj*S!LHv$m4zE`)#$nr+od5BBBud7hLm%f$)+S##apD7VR~b;BjT6tLOa)Iq-8 z<^N#-bxh1wmhlgol56V-R0_P@Fot^vFs2PS!`;@b(<R|Sd9&PRDM+mkInoE7_{3xl zGyPqd@#{>iKLMLu)LPs1AWvxM4=-<oE|2mYa30e9%R%(4S~ZrCV}J^vi>Ch9S3-a; zl3G)BNXz@9AGmi6>8TbSs!U~*9V<-{5<KF5;T&2{xAX2V58t$qs0{*VrnUuJ2F3Z= z14$s|<VRp0xy(7HwxiI%yPrPpkcIs`e%2`^hu(QM|K+jc(1Ox%%5@vHdt293b6d|e zqfU0%SdcW1xBObVWx*Q;c5AU$vH)T;Ko|qpRhUYPhZ|6J#xMIX-Zwmn+bZP3uv$fO z(N}eU{_xEI=rH)Ywpv7a1H^vq>G_1lTP+PjqG;RvxAKa?o9*MHHT`0q-7@XJTjKsg zC1ck!J`jCi!>=^>KD3gBPm`kpUStYAUJTn8qWb6L{&}*;P~2+pzVaqRTYBT(fa00Y zprJgPZu+f5mo}M8lz9HZqR_5l<^KHcqQ!kx9fT*0Ph87-s=eG4_cP=6=`R*-($P@d zgl^Ot3Hh8BcB$RBk;f}xlmDk`hz@L5r)T!gBZ=EoZt3P}&y)vgXN^;FzEud;%b`DB zgBEFm`=*0i>PMV2r25J-YJQgaTUUV<n(+MjAm>a|8(HPLL3Jg?Y0iwQVRLh$)tIs* zuFM;j4{j_Rc>g+0D)7Z;Ts$Zxe_^7=$c%9jy9@Uo9AUUSz{AK)IX(ET7hpmcW+jaE zQ{{fC$Fi@|c00KBOOMryo4NhIuf)15k@=VKSG*VFwfMyl{})cbR1cY#Qs6+`(d<$J z)aO(55Z;g*!F<sA`t@FJA<-PbB1iV_vi>(`(~~u13!s&wQfTyP8D@R{>a)$m+cJ)r zwkmE2P_a8-o;<Qu-#!vL0|r^7z=OVsDEbUHGz(F^=BA4GYF>&jhnURmcoY~AUpJQx z$D!s3au<S|KzHB(hNkzSU~AX*KUTlt>VkLFB}A|4++aMv65KlTiKe+3XMx=O-k)`i zJ8b{IlSN=I<XlID6~_RJ12O^jhA4VGB5_Tv?XxddX7~%JP{3T)>zP`2Ab_tCWqn{f z8O*nf_5dP(OQp|a!3TkWdrf4Vyzw$LNmG~Nqj1)ARtfgX7y8rJp9$Nk#%(Nw^G|dO z*pKgNy>w2+L8qISv=nE{c3|BHm~je^b?DI%%i*3t`o{5sS;k&Bd((EpgbW|_a)+xA zx)P;LqOJqkX(%`R6!EqW%e)|`Y@8h1X-q2hm6?xQPIK&)WCn~y9d7saAD*&tR^hmO zdekwd&f3^_*#$yE#{RqL#4e58pN+AB&RrwOC08VRe)fB>Q_dX7L4k=Qh9NlYyT`+O zQuHtSZw%DQ8k+iq($IE!AH{($Qe|(T(O$XBvaAvJY5gbNx*Bfm!0&a2qaT$Y$yn)X zG>q^atgWu<p>dAfvtK*69Dr2?%03N3Y~LdaRL-yR@bQ2TmR!uPV4Tgqv?R}d<z}zp zSzLGwZCwHbqVtos6Wf~KFCk197h#9MewX!)Ne_&dczf!R8ym$Hs&4rcDx^Sr&(C0{ z@R^U>f}^=a5#Gpi3M~l`QaCK&V8pP=bvuLMwi>6n75Dd;m7E(~XnnRJ*qKt;G*(RW zl}5-lO!U?GG2t0A0|Cke`}XSZN+87(@alF21OKk=mAof64xc`+<{K$0lLQwZhDp_G zI_Xf@I~M5va7HOEKdE)A6_z<m5Q2^P--V9nikx1gHo$&QzESjW&je?fM)YNwICX&t z4mhkN*H=`zpIv4D%37rXXPSKu|DU=J7ys_ER0~J)pW@24n6GwqeB$zJ1FJ9(-RkrG zSuGgeA4e)$lWDRuF3mh$aB8xg+>^->(XGQK7c?cfc&C}^tc|JZc*`-n7D{J^52#RB zYSz~>)07FTJhc($%l_ry8nEKEH4bl?rKeGMQ;<Y!b>+Q+yi^c<q-xJA8bZaCe&_S4 z4#iw-S>%af`^r5Kms+#}7Q&n-NVoV-EngC7K)leLs(%oa&4U9}1UGU7TgDo>F|<MX z=giN=LyF5=d%;g{2Q9~u@3(zC2k7`^C}m+EU@LPRn|5va>&m0MRU--QxYB;GPe&PA zQzH)5zEn}`cF}#F4BGYE{wM}Rijx-s^F#CP&RF*$S$VxQg2wdbr=XXw-!$Lq3_bil z<zO*@Bd5*{*)1qqce=WGsC_vr<XTM?8T!B=9{W(ik(WPGch$JH6k?rSUE1}&=@0*t zAGLj3f#@=C?<zA-49y`~D2mjuP=9tnTqa?|^YbA+?CHtPDb#kO;}xd@gpe>8-11Fr z4Et%bZsB?bTUM6U2mN&W6y@C-u$X-$7*&rh^LIvpk?gUOS!VA7z1_1p{PsLx=wQ); zBHbjj<0Ea@!Mp)!v>+c}f*vLtG*UeXBfM_Fn@k4(BMg5|Qz6BTW8)P32Xo`Mn}Q(K zKy#8j-*;8kr6hK`F(iEOD$7^L_4ods8WEa(KBl-MX+9sz=AF`;IYP8uwb8EZY!1P+ z$-`NvJct|C$w?l=nFC$oy&4ljTv?#IND42r%;jbj%VLgca)L{N1I3y~%L7s4je~D7 zUmtZgc1e$!&!f>%Igqx($0YTDg<s;kIna5|p*O$WZH+n5wX+ky3ZuC6_m0Qo_Phm? zLmkC;8$6bLO%jlM`;SACVGI7Pxp~0T&SuBcu$SC&H?FU)jO|~=--UB?kh9CxTm9}N zmt@kbrn<mxOc|v#Uu!io8pc8~1IE?{2<hW?!ReJhE}IpRdntqrUQS?gkS4|V)ojd; z##jL=6jkU{M;^~Wh@@wALY`?C3+sKVr~vCi6&s<}+Hq#mkRsa5`p($E8NMd}UF%{k zDA>y=XSu1Fr{7rtUea2cL$*IJ?JshojV$+5eNdvQ<3Nv1;H>BmUP#iT^d4uo$(jef zeKW`tCwE7SEruZ`b6T`)nSIPnDOP@LXhrXM4(Vewz69#Z+1&8RuyHaVYIezFW}b~( zSmb5^Ta>oHj)i&*$9XV6n8UcOb;wYu`C@<XMfkc!Lz$u1=L2%%mL=#DseKj+e!eWP zxuSeK{pX2pw7j(EDW1uETZTKdbPMcVg`z4!mg>qgen9JAPThRcMtALoqH$VDao&)^ zT}4I$0|FuAsG~ACG-U&g^aJ<NjVdGw@tf3*E=bq#&O)@*r`xx5U!S0OA8=@eq$PSw z!SZBu7aiAgiL^rg@0&LDOeV+Q8zAb&ZD>q38gk!i<D_E%^-s@XvY{`(a1n@9S_CSE zs1E{1S@UbFnFNsEOny|b>3U4kKm9lUIH;uoHF-LlfmGENJR7bk5IqC}=6l~CLZnb* zUs5~Ib25@edw=`%Y8ibGaHEBsP3-%VXwSdax0frc`}aaSjxs52W0rNNCJM@3Mapiv zaJMO~_1F3>b&d0ro_0&dt~UrAcLnSV9p->)s88LZrA#SSEjBb*2fAdk5)cvwm)y(p zOvecbsR-?bo)+qX{gT8T7=Q5Ann2)VoFyryCmtv85X6wi89>4h$Hz(=e_(6V(#q<w zS<xe^YAA4?LLupO1wO5-__F*3`1a#5bZ0V(?@OCZq=COiT-&E_c>!O6!5IZ?uTIXX zZoAf16u9VP!;(QD5HnqtjZ@bFdlY*1Es&SZwaU^TsODI<A?#_1m@lLRE|JX)x5CY` zC;hD%7jIW(DR(q)GCvD&HjAA3p*iv09AwbTaylfkVZ-iYwnxff?>ZWfU7wfBIzAsw z-j5Mv@^M#Qqc`}`e3na>gW2ou`{L5oAji4vj;^dX6vH^`cJEV3jNF86Q=oX6BQy=! zzQ>2;39)!t8%k^pEC_k>&aP@&;}*@;7%!EER-N^2p}OX#9*&GDZ`QTuaJYX{y7do} zm_l@=3zYC_R9Be3@xBxiE%VyC@oaaM)>doLW@f7zlL6qmN98@QZT!HlVxu>CY;PG% zk1BrIS=C8vl`05I`aMBBNanqBHrI%$-?6iF^6>j@LmC~%L;E93OCdj!@}Hhna!vo) zzo5NiP|VvqkR13uMSvt*;Fz97|0;~QTM>XwI<)wzKn3Ky<+{7;_-UafW}b)DLM)<T z9Ol~P3FZ8_+8Crois*{3xd_$x+2;ipH{-+^%JVJPdXby2TsWtS{HBolkOtrYN38FR zhTgIyQKJnT{7$T$)Imr&{nj%M`bTqt_csDr&M=>F+PWTUZZDIBZmr)xd&LoG+V#o4 z#9~{Rjwb8uzRT7<d!WQBn>BezOdd@R$(fkwWE*DmfwPuBm{~W^Qa{l5!DIb}=p3a> zN~I3U>UiBtYBm6tmi?XD6Z$(3l&s{h3VoRBop>xLHu~E4xc3-qBl1sVC&yATWIQ1x zk0<iRyUQ=@aH0Q?+`a=>L~zMOQt&7{_mM5)+Omu+l2c14uvR{;J9{o}B*}o0K96PK zm%tun@mnSKi=%9%#0#C#t2rLk96Z?y+jv{hbhCxW6Uq>OJSDod-tPb2eas_nbsjwC z|A=#kI&cxM&Cblnzy8tF{30VuHgU>zp7w%~!<><?42+gs0`pd4w4*1ros4!$U3M9x ztVRly4um3mjCljo2DCH(hExfEO}M%)zDf154Zo<^<YcEj4FVlmT}I*#pK0>)|9)v* zh3KhXto_7w^pm>e$B!4Ln1%j>eXsn?_0txKa#`SvC49=7QHdWuZvrV{)D(;`@pom^ z=~0)mGmwF3sYftlzCx8g0J7K9CE2!B(T@Yui3t4<ozgj-?>OS^`__egj-|Gk4#?3W zrZZby_s8z|09~U5a@B6nV*#6opw3{}>{|#tk^*?Wa8fK=8)QbFLWzONYU<j<n>#l! zlxxMa)`H?jUH^8O)h+m>+|uyteJq3!;g3%ATOOcz@K-rdtaQGrPnHk*#C?N8V+0tT zL#a8vzx}o9*ZhqM|J^iJlKj_T3S?`6oHFf})89pdK$Q7E)AY&3Bowf`if_}YDOvH7 zb@^|Y8Zd%R7ZYA6TsHVCLsentxuoWGdIEg<{M2b<?{EUMVcV2%U$eKFRdudJ_ECN# p6X(@!O3}+OB?s(K+PI{iTbj5{&ET&CtW><B^;}P_OvUok{{YFM$>IP2 From d0d95b323f97e3db74a93ec8ddd7000a0e8a7703 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 16:57:23 +0100 Subject: [PATCH 0407/1184] Add files via upload From 32e5324ebdaa3a0e6bd87e776ddd56b7486e8fe3 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:00:57 +0100 Subject: [PATCH 0408/1184] Add files via upload From 273c1fd2571634f3c7fcc27427852ff5b003a615 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:06:02 +0100 Subject: [PATCH 0409/1184] Update README.adoc --- roles/pbx/README.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 0a0c11ef1..064911399 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -170,8 +170,11 @@ Due to Linphone's inability for phones to ring when the screen is locked ,you ca ** *SIP Authentification ID* is your extension number eg 301 ** *Password* is the same as above *Secret* ** *Confirm by clicking tick synbol ✓ on top right* ++ +image::files/wave_sip settings.png[width='33%'] * If the connection is successful, you will see a green circle next to your name [John Doe]. +image::files/Wave_sip_phone_connected.png[width='33%'] ** You should see activity in the *FreePBX Statistics* applet at http://box/freebx (or http://box:83/freebx) > *Dashboard* ** Connection details may also be seen in the Asterisk logs at: `/var/logs/asterisk/full` From 0d900a32abdb1eee4643f5cf042d380b67220c38 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:08:48 +0100 Subject: [PATCH 0410/1184] Update README.adoc --- roles/pbx/README.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 064911399..85f76de56 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -174,6 +174,7 @@ Due to Linphone's inability for phones to ring when the screen is locked ,you ca image::files/wave_sip settings.png[width='33%'] * If the connection is successful, you will see a green circle next to your name [John Doe]. ++ image::files/Wave_sip_phone_connected.png[width='33%'] ** You should see activity in the *FreePBX Statistics* applet at http://box/freebx (or http://box:83/freebx) > *Dashboard* From 0695907bc0a77cb7b7160d80086eb00e2212e4aa Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:31:32 +0100 Subject: [PATCH 0411/1184] Update README.adoc --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 85f76de56..f6a168cb6 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -169,7 +169,7 @@ Due to Linphone's inability for phones to ring when the screen is locked ,you ca ** *SIP User ID* is your extension number eg 301 ** *SIP Authentification ID* is your extension number eg 301 ** *Password* is the same as above *Secret* -** *Confirm by clicking tick synbol ✓ on top right* +** *Confirm by clicking tick symbol ✓ on top right* + image::files/wave_sip settings.png[width='33%'] From 660f2f094086501b8c263c1e122fad1e385a3263 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 10 Apr 2023 12:34:21 -0400 Subject: [PATCH 0412/1184] pbx/README.adoc copyedits/suggestions for review --- roles/pbx/README.adoc | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f6a168cb6..7be24bec4 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -157,23 +157,23 @@ image::files/linphone_connected.jpg[width='33%'] * _If you've created more than one extension, make a call to another extension!_ If you've not yet made more than one extension, try calling an arbitrary extension, or try calling your own extension (your own phone number). + -Due to Linphone's inability for phones to ring when the screen is locked ,you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: +Due to Linphone's inability for phones to ring when the screen is locked, you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: -* Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot -* Go to Account Settings * -* Add new account * -* Select *SIP ACCOUNT* +** Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot +** Go to Account Settings +** Add new account +** Select *SIP ACCOUNT* -** *Account name* is your name,eg John Doe* -** *Sip Server* is your IIAB server's IP address -** *SIP User ID* is your extension number eg 301 -** *SIP Authentification ID* is your extension number eg 301 -** *Password* is the same as above *Secret* -** *Confirm by clicking tick symbol ✓ on top right* -+ +*** *Account name* is your name, e.g. John Doe* +*** *Sip Server* is your IIAB server's IP address +*** *SIP User ID* is your extension number, e.g. 301 +*** *SIP Authentification ID* is your extension number, e.g. 301 +*** *Password* is the same as above *Secret* +*** *Confirm by clicking tick symbol ✓ (top right) ++ image::files/wave_sip settings.png[width='33%'] -* If the connection is successful, you will see a green circle next to your name [John Doe]. +** If the connection is successful, you will see a green circle next to your name [John Doe]. + image::files/Wave_sip_phone_connected.png[width='33%'] From 28345650f9504429e67343269f23c8a632c824d4 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:36:47 +0100 Subject: [PATCH 0413/1184] Update README.adoc --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7be24bec4..8d8dc3dc3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -157,7 +157,7 @@ image::files/linphone_connected.jpg[width='33%'] * _If you've created more than one extension, make a call to another extension!_ If you've not yet made more than one extension, try calling an arbitrary extension, or try calling your own extension (your own phone number). + -Due to Linphone's inability for phones to ring when the screen is locked, you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: +Due to Linphone's inability for phones to ring when the screen is locked, you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_app], on an Android phone. After you open the app, follow these steps: ** Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot ** Go to Account Settings From b75b5a65e46fd61b74be4ebb451b500cfb1cff95 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 10 Apr 2023 13:06:45 -0400 Subject: [PATCH 0414/1184] pbx/README.adoc: Copyedit tweak --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 8d8dc3dc3..f92f2836f 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -164,7 +164,7 @@ Due to Linphone's inability for phones to ring when the screen is locked, you ca ** Add new account ** Select *SIP ACCOUNT* -*** *Account name* is your name, e.g. John Doe* +*** *Account name* is your name, e.g. John Doe *** *Sip Server* is your IIAB server's IP address *** *SIP User ID* is your extension number, e.g. 301 *** *SIP Authentification ID* is your extension number, e.g. 301 From f27a34708a2a3f1a8cda115268641a6347096e28 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 08:27:28 -0500 Subject: [PATCH 0415/1184] FUTURE python2 - use bullseye for armhf --- scripts/install_python2.sh | 106 ++++++++++++++++++++----------------- 1 file changed, 58 insertions(+), 48 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 9ca66c156..4a9c0f20c 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -4,68 +4,78 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv apt -y install mime-support #transitional package -#apt -y install libffi8 +# libpython2.7-stdlib from ubuntu-22.04 used in amd64 is compiled against libssl3 and libffi8 +# `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - "arm64") - wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb - apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb + #"amd64") + #wget http://mirrors.edge.kernel.org/ubuntu/pool/main/libf/libffi/libffi8_3.4.2-4_amd64.deb + #apt install ./libffi8_3.4.2-4_amd64.deb - wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb - apt install ./libffi7_3.3-6_arm64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - apt install ./python2.7-minimal_2.7.18-8_arm64.deb + #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + #;; - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - apt install ./python2.7_2.7.18-8_arm64.deb - ;; - - "amd64") - wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb - apt install ./libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/libf/libffi7/libffi7_3.3-5ubuntu1_amd64.deb - apt install ./libffi7_3.3-5ubuntu1_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + #"arm64") + #wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb + #apt install ./libffi7_3.3-6_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + #apt install ./python2.7-minimal_2.7.18-8_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + #apt install ./python2.7_2.7.18-8_arm64.deb + #;; + + "arm64"|"amd64") + apt -y install libffi8 + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +EOF ;; +# assume armhf is from raspbian "armhf") - wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb - apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb + #apt install ./libffi7_3.3-6_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb - apt install ./libffi7_3.3-6_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb + #apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb - apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb + #apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb - apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + #apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb - apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb - apt install ./python2.7_2.7.18-13.2_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb + #apt install ./python2.7_2.7.18-13.2_armhf.deb + #rm *.deb + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb http://raspbian.raspberrypi.org/raspbian/ bullseye main +deb http://archive.raspberrypi.org/debian/ bullseye main +EOF ;; esac -rm *.deb + +apt update +apt -y install python2 +rm /etc/apt/sources.list.d/python2.list +apt update From c17cf8dcc8685d2c399f741ecb698ee28be9c50d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 08:38:37 -0500 Subject: [PATCH 0416/1184] FUTURE python2 - use jammy for armhf on ubuntu --- scripts/install_python2.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 4a9c0f20c..12afe891d 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -43,6 +43,7 @@ case $ARCH in #apt install ./python2.7_2.7.18-8_arm64.deb #;; +# trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu "arm64"|"amd64") apt -y install libffi8 cat << EOF >> /etc/apt/sources.list.d/python2.list @@ -51,7 +52,6 @@ deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF ;; -# assume armhf is from raspbian "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb #apt install ./libffi7_3.3-6_armhf.deb @@ -68,10 +68,18 @@ EOF #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb #apt install ./python2.7_2.7.18-13.2_armhf.deb #rm *.deb - cat << EOF >> /etc/apt/sources.list.d/python2.list + + if [ -f /etc/rpi-issue ]; then + cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://raspbian.raspberrypi.org/raspbian/ bullseye main deb http://archive.raspberrypi.org/debian/ bullseye main EOF + else + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb http://ports.ubuntu.com/ jammy main universe +deb http://ports.ubuntu.com/ jammy-updates main universe +EOF + fi ;; esac From 29d0f0bf902ed8d7ceedfa44f83cace5a780330c Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 09:29:22 -0500 Subject: [PATCH 0417/1184] notes and dependencies --- scripts/install_python2.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 12afe891d..8e3aaf70b 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -5,7 +5,7 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv apt -y install mime-support #transitional package -# libpython2.7-stdlib from ubuntu-22.04 used in amd64 is compiled against libssl3 and libffi8 +# libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in @@ -45,7 +45,7 @@ case $ARCH in # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu "arm64"|"amd64") - apt -y install libffi8 + apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe @@ -69,12 +69,15 @@ EOF #apt install ./python2.7_2.7.18-13.2_armhf.deb #rm *.deb +# armhf compile flags differ between RasPiOS and Ubuntu +# libssl1.1 would be available via bullseye if/when needed if [ -f /etc/rpi-issue ]; then cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://raspbian.raspberrypi.org/raspbian/ bullseye main deb http://archive.raspberrypi.org/debian/ bullseye main EOF else + apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe From 57833472a9eee5a3037d077204a9e97a9d853c2e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 10:09:05 -0500 Subject: [PATCH 0418/1184] media-types --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 8e3aaf70b..8b6ee9536 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -3,7 +3,7 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv -apt -y install mime-support #transitional package +apt -y install media-types # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` From 32d40f038d32fe4864920de20538666a5d086d4a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 10:57:39 -0500 Subject: [PATCH 0419/1184] more notes --- scripts/install_python2.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 8b6ee9536..ae672bf43 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -1,8 +1,12 @@ #!/bin/bash +# https://packages.debian.org/search?keywords=libpython2.7-stdlib&searchon=names&suite=all&section=all # https://packages.debian.org/bullseye/libpython2.7-stdlib +# https://packages.ubuntu.com/search?keywords=libpython2.7-stdlib&searchon=names&suite=all&section=all +# https://packages.ubuntu.com/jammy-updates/libpython2.7-stdlib ARCH=$(dpkg --print-architecture) apt -y install virtualenv +# https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 apt -y install media-types # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 From 5253c31d93f04977b23cf167b5ef474ea740ad5d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 13:36:40 -0500 Subject: [PATCH 0420/1184] bookworm armhf --- scripts/install_python2.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index ae672bf43..a04b876d0 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -74,13 +74,7 @@ EOF #rm *.deb # armhf compile flags differ between RasPiOS and Ubuntu -# libssl1.1 would be available via bullseye if/when needed - if [ -f /etc/rpi-issue ]; then - cat << EOF >> /etc/apt/sources.list.d/python2.list -deb http://raspbian.raspberrypi.org/raspbian/ bullseye main -deb http://archive.raspberrypi.org/debian/ bullseye main -EOF - else + if ! [ -f /etc/rpi-issue ]; then apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe @@ -92,5 +86,5 @@ esac apt update apt -y install python2 -rm /etc/apt/sources.list.d/python2.list +rm /etc/apt/sources.list.d/python2.list || true apt update From 6e08ff35ebbd763d4ffde111babec8fa7a49c5de Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 22:21:01 -0500 Subject: [PATCH 0421/1184] switch back to explicit dependencies --- scripts/install_python2.sh | 74 ++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 40 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index a04b876d0..61475e24c 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -7,54 +7,50 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 -apt -y install media-types +apt -y install media-types libffi8 libssl3 # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - #"amd64") - #wget http://mirrors.edge.kernel.org/ubuntu/pool/main/libf/libffi/libffi8_3.4.2-4_amd64.deb - #apt install ./libffi8_3.4.2-4_amd64.deb + "arm64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + apt install ./python2.7-minimal_2.7.18-8_arm64.deb - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + apt install ./python2.7_2.7.18-8_arm64.deb + rm *.deb + ;; - #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb - #;; + "amd64") + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #"arm64") - #wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb - #apt install ./libffi7_3.3-6_arm64.deb + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - #apt install ./python2.7-minimal_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - #apt install ./python2.7_2.7.18-8_arm64.deb - #;; + wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + rm *.deb + ;; # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu - "arm64"|"amd64") - apt -y install libffi8 libssl3 - cat << EOF >> /etc/apt/sources.list.d/python2.list -deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe -EOF - ;; +# "arm64"|"amd64") +# apt -y install +# cat << EOF >> /etc/apt/sources.list.d/python2.list +#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +#EOF +# ;; "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb @@ -75,16 +71,14 @@ EOF # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then - apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF fi + apt update + apt -y install python2 + rm /etc/apt/sources.list.d/python2.list || true + apt update ;; esac - -apt update -apt -y install python2 -rm /etc/apt/sources.list.d/python2.list || true -apt update From f95db00faf64e3e7ff11a8af2e573e404449807a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 22:34:00 -0500 Subject: [PATCH 0422/1184] switch order for easier diff --- scripts/install_python2.sh | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 61475e24c..3d8595b3b 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -13,21 +13,6 @@ apt -y install media-types libffi8 libssl3 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - "arm64") - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - apt install ./python2.7-minimal_2.7.18-8_arm64.deb - - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - apt install ./python2.7_2.7.18-8_arm64.deb - rm *.deb - ;; - "amd64") wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb @@ -43,6 +28,21 @@ case $ARCH in rm *.deb ;; + "arm64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + apt install ./python2.7-minimal_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + apt install ./python2.7_2.7.18-8_arm64.deb + rm *.deb + ;; + # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu # "arm64"|"amd64") # apt -y install From e6c4170f7c817eb481dce2e53d1924b294729fb5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 23:13:25 -0500 Subject: [PATCH 0423/1184] pending feedback keyring --- scripts/install_python2.sh | 56 +++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 3d8595b3b..72c08c5ef 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -13,44 +13,44 @@ apt -y install media-types libffi8 libssl3 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - "amd64") - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #"amd64") + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb - rm *.deb + #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + #rm *.deb ;; - "arm64") - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + #"arm64") + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - apt install ./python2.7-minimal_2.7.18-8_arm64.deb + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + #apt install ./python2.7-minimal_2.7.18-8_arm64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - apt install ./python2.7_2.7.18-8_arm64.deb - rm *.deb - ;; + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + #apt install ./python2.7_2.7.18-8_arm64.deb + #rm *.deb + #;; # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu -# "arm64"|"amd64") -# apt -y install -# cat << EOF >> /etc/apt/sources.list.d/python2.list -#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe -#EOF -# ;; + "arm64"|"amd64") + apt -y install ubuntu-keyring + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +EOF + ;; "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb From 3aaeca991e0903457b0f33d117ad274bb9207999 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 23:18:53 -0500 Subject: [PATCH 0424/1184] using repos --- scripts/install_python2.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 72c08c5ef..3da8acb84 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -76,9 +76,10 @@ deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF fi - apt update - apt -y install python2 - rm /etc/apt/sources.list.d/python2.list || true - apt update ;; esac + +apt update +apt -y install python2 +rm /etc/apt/sources.list.d/python2.list || true +apt update From 3e10fa7bf9e4e5fb49cea41ece852dbf7c89cc1c Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 23:20:42 -0500 Subject: [PATCH 0425/1184] forgot a # --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 3da8acb84..083904e03 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -26,7 +26,7 @@ case $ARCH in #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb #rm *.deb - ;; + #;; #"arm64") #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb From df3590fb47d7db3568425c4c8590ef512793a6a9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 01:08:39 -0500 Subject: [PATCH 0426/1184] thoughts going forward --- roles/kalite/tasks/install.yml | 9 +++++++++ scripts/install_python2.sh | 16 +++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 6d0c8765e..674b18f03 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -20,6 +20,15 @@ when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. +#- name: Install Ubuntu keyrings on Debian +# get_url: +# url: +# dest: /etc/apt/keyrings/ +# mode: 0644 +# timeout: "{{ download_timeout }}" +# when: is_debian_12 + +# use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 083904e03..3caa3f52e 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -45,10 +45,19 @@ case $ARCH in # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu "arm64"|"amd64") - apt -y install ubuntu-keyring + #apt -y install ubuntu-keyring cat << EOF >> /etc/apt/sources.list.d/python2.list -deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +# gave 404 errors on U23.04 x86_64 VM +#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe + +# works on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe + +# keys for Debian future work maybe +#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe +#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe EOF ;; @@ -72,6 +81,7 @@ EOF # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then cat << EOF >> /etc/apt/sources.list.d/python2.list +# these might change deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF From ba2d00fd5af000ecad53c93a72895871cc01a3e2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 01:29:23 -0500 Subject: [PATCH 0427/1184] split the arm64/amd64 repos --- scripts/install_python2.sh | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 3caa3f52e..f7d119742 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -13,7 +13,7 @@ apt -y install media-types libffi8 libssl3 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - #"amd64") + "amd64") #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb @@ -26,9 +26,14 @@ case $ARCH in #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb #rm *.deb - #;; + # works on U23.04 x86_64 VM + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe +EOF + ;; - #"arm64") + "arm64") #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb @@ -41,25 +46,21 @@ case $ARCH in #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb #apt install ./python2.7_2.7.18-8_arm64.deb #rm *.deb - #;; + # gave 404 errors on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +EOF + ;; # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu - "arm64"|"amd64") - #apt -y install ubuntu-keyring - cat << EOF >> /etc/apt/sources.list.d/python2.list -# gave 404 errors on U23.04 x86_64 VM -#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe - -# works on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm -deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe -deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe - +# "arm64"|"amd64") +# cat << EOF >> /etc/apt/sources.list.d/python2.list # keys for Debian future work maybe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe -EOF - ;; +#EOF +# ;; "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb From 1738f7c54040784e0cf33a69565fb273be9a51c0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 01:38:04 -0500 Subject: [PATCH 0428/1184] always overwrite --- scripts/install_python2.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f7d119742..f7f494b43 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -27,7 +27,7 @@ case $ARCH in #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb #rm *.deb # works on U23.04 x86_64 VM - cat << EOF >> /etc/apt/sources.list.d/python2.list + cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe EOF @@ -47,7 +47,7 @@ EOF #apt install ./python2.7_2.7.18-8_arm64.deb #rm *.deb # gave 404 errors on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm - cat << EOF >> /etc/apt/sources.list.d/python2.list + cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF @@ -55,7 +55,7 @@ EOF # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu # "arm64"|"amd64") -# cat << EOF >> /etc/apt/sources.list.d/python2.list +# cat << EOF > /etc/apt/sources.list.d/python2.list # keys for Debian future work maybe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe @@ -81,7 +81,7 @@ EOF # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then - cat << EOF >> /etc/apt/sources.list.d/python2.list + cat << EOF > /etc/apt/sources.list.d/python2.list # these might change deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe From ca4cd1a2606cdb07c5d314ce3efc7b8c439b33e2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 01:58:41 -0500 Subject: [PATCH 0429/1184] apt export --- scripts/install_python2.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f7f494b43..a18a3d316 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -3,6 +3,7 @@ # https://packages.debian.org/bullseye/libpython2.7-stdlib # https://packages.ubuntu.com/search?keywords=libpython2.7-stdlib&searchon=names&suite=all&section=all # https://packages.ubuntu.com/jammy-updates/libpython2.7-stdlib +export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) apt -y install virtualenv From 191ba3912995239964a9a49322075587ae38bd24 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 02:28:05 -0500 Subject: [PATCH 0430/1184] seems to be always installed --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index a18a3d316..cf51e4cd3 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -8,7 +8,7 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 -apt -y install media-types libffi8 libssl3 +#apt -y install media-types libffi8 libssl3 # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` From fbb614b1c66c1b92c8714be6a1c6b7164fd8761e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 08:45:56 -0500 Subject: [PATCH 0431/1184] cleanup --- scripts/install_python2.sh | 63 ++++++++------------------------------ 1 file changed, 12 insertions(+), 51 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index cf51e4cd3..d61b125d7 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -3,6 +3,16 @@ # https://packages.debian.org/bullseye/libpython2.7-stdlib # https://packages.ubuntu.com/search?keywords=libpython2.7-stdlib&searchon=names&suite=all&section=all # https://packages.ubuntu.com/jammy-updates/libpython2.7-stdlib + +# payload to be installed: +# libpython2-stdlib +# libpython2.7-minimal +# libpython2.7-stdlib +# python2-minimal +# python2.7-minimal +# python2.7 +# python2 + export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) @@ -15,18 +25,6 @@ apt -y install virtualenv cd /tmp case $ARCH in "amd64") - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb - #rm *.deb # works on U23.04 x86_64 VM cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe @@ -35,18 +33,6 @@ EOF ;; "arm64") - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - #apt install ./python2.7-minimal_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - #apt install ./python2.7_2.7.18-8_arm64.deb - #rm *.deb # gave 404 errors on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe @@ -54,36 +40,11 @@ deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF ;; -# trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu -# "arm64"|"amd64") -# cat << EOF > /etc/apt/sources.list.d/python2.list -# keys for Debian future work maybe -#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe -#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe -#EOF -# ;; - "armhf") - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb - #apt install ./libffi7_3.3-6_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb - #apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb - #apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb - #apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb - #apt install ./python2.7_2.7.18-13.2_armhf.deb - #rm *.deb - -# armhf compile flags differ between RasPiOS and Ubuntu + # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then + # these might change cat << EOF > /etc/apt/sources.list.d/python2.list -# these might change deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF From a1aaf70975c83cc7cab64935932b7ea0098f4f62 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 14 Apr 2023 08:50:23 -0500 Subject: [PATCH 0432/1184] 2210 2304 fixed https://bugs.launchpad.net/bugs/1951586 --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 6757846d3..918e66ebe 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -26,7 +26,7 @@ fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 -if [ -f /run/netplan/wpa-$IFACE.conf ]; then +if [ -f /run/netplan/wpa-$IFACE.conf ] && ! $(grep country /run/netplan/wpa-$IFACE.conf); then NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` echo "cover netplan lack of country=" From bb95816c793392a868439dd063655558b4ac5686 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 04:31:03 -0500 Subject: [PATCH 0433/1184] use country value in hostapd if present --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 918e66ebe..2370c152f 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -26,11 +26,16 @@ fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 -if [ -f /run/netplan/wpa-$IFACE.conf ] && ! $(grep country /run/netplan/wpa-$IFACE.conf); then +if [ -f /run/netplan/wpa-$IFACE.conf ] && $(grep country /run/netplan/wpa-$IFACE.conf); then + REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') + sed -i -e "s/^country.*/country=$REG_DOM/" /etc/hostapd/hostapd.conf.iiab + cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf +else NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` echo "cover netplan lack of country=" - sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry=US|' /run/netplan/wpa-$IFACE.conf + sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf + fi # IIAB hint for NetworkManager # could scrape /etc/NetworkManager/system-connections/ looking for ssid From 2f321dc0a464f2cce71809e4b4379c4176270a62 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 05:23:42 -0500 Subject: [PATCH 0434/1184] use 'iw reg get' in hostapd if present --- roles/network/tasks/sysd-netd-debian.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index f1b860d85..2be2772df 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -87,6 +87,17 @@ systemd: daemon_reload: yes +- name: Detect WiFi country code in use + command: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: discovered_wireless_iface != "none" + +- name: Set Wifi Region country code for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM }}" + when: REG_DOM is defined and REG_DOM.stdout | length > 0 + - name: Clone wifi if needed systemd: name: iiab-clone-wifi From 7845a8bddc2d7abd3ef80a04cd2cf3b3a877aea2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 05:55:50 -0500 Subject: [PATCH 0435/1184] hints for iiab-hotspot-on|off --- roles/network/templates/hostapd/iiab-hotspot-off | 4 +++- roles/network/templates/hostapd/iiab-hotspot-on | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index eb5951c6b..98fb9dbf2 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -38,6 +38,8 @@ fi echo -e "\nPlease reboot to enable upstream WiFi access.\n" exit 0 {% endif %} +#is_raspbian +{% endif %} #wifi_up_down {% endif %} -{% endif %} +#network_enabled diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 04d551774..3f809bf44 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -46,7 +46,10 @@ systemctl enable hostapd echo -e "\nPlease reboot to activate hostapd feature.\n" exit 0 {% endif %} +#is_raspbian +{% endif %} #wifi_up_down {% endif %} +#can_be_ap {% endif %} -{% endif %} +#network_enabled From 4089be6b253b237820f669e11226032f2e82125b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 08:31:52 -0500 Subject: [PATCH 0436/1184] always remove old virtual environment --- roles/calibre-web/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 36c5da0c5..3c8e4345e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -22,6 +22,11 @@ line: ' <policy domain="coder" rights="read" pattern="PDF" />' state: present +- name: Remove previous virtual environment {{ calibreweb_venv_path }} + file: + path: "{{ calibreweb_venv_path }}" + state: absent + - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: state: directory From 061a96a5adb85cd490987841ec536b2f612e26e8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 13:43:16 -0500 Subject: [PATCH 0437/1184] positional ordering --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 3c8e4345e..7ffb5a32e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -61,7 +61,7 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv_site_packages: no - virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} --system-site-packages + virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 From 3ae4627956429bf7916c4e2b97b6962312e706e3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 19:20:11 -0500 Subject: [PATCH 0438/1184] use shell --- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 2be2772df..680b8316e 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -88,14 +88,14 @@ daemon_reload: yes - name: Detect WiFi country code in use - command: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True when: discovered_wireless_iface != "none" - name: Set Wifi Region country code for hostapd when present set_fact: - host_country_code: "{{ REG_DOM }}" + host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM is defined and REG_DOM.stdout | length > 0 - name: Clone wifi if needed From e63028f8eeb3d9d711e7cf8add5c9458a81a9f22 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 19:38:48 -0500 Subject: [PATCH 0439/1184] record --- roles/network/tasks/restart.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 1576a2af3..074ec5086 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -14,6 +14,16 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled +- name: Record host_country_code_applied in network of iiab_ini_file + ini_file: + dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: host_country_code_applied + value: "{{ host_country_code }}" + - name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed template: owner: root From 7a31b02a6720e642baf4b76d68c4995176729503 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 17 Apr 2023 13:58:21 -0400 Subject: [PATCH 0440/1184] Allow rescue/continue if CUPS or Samba installs fail --- roles/2-common/tasks/packages.yml | 6 ++--- roles/cups/tasks/main.yml | 45 ++++++++++++++++++------------- roles/samba/tasks/main.yml | 45 ++++++++++++++++++------------- 3 files changed, 55 insertions(+), 41 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index b694a4194..ad80ef98b 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, plocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events @@ -16,12 +16,12 @@ - logrotate # 67kB download: RasPiOS installs this regardless #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles - #- mlocate # 92kB download - - plocate # 97kB download: Faster & smaller than locate & mlocate #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics + #- mlocate # 92kB download + - plocate # 97kB download: Faster & smaller than locate & mlocate #- python3-pip # 337kB download: 2023-03-22: Used to be installed by /opt/iiab/iiab/scripts/ansible -- which would auto-install 'python3-setuptools' and 'python3' etc #- python3-venv # 1188kB download: 2023-03-22: Already installed by /opt/iiab/iiab/scripts/ansible -- used by roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 no longer auto-installs 'python3-venv' when you install 'python3' - rsync # 351kB download: RasPiOS installs this regardless diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index 2c9531814..a709ac090 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -23,26 +23,33 @@ quiet: yes -- name: Install CUPS if 'cups_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: cups_installed is undefined +- block: + - name: Install CUPS if 'cups_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: cups_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'cups' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: cups + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: CUPS + - option: description + value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."' + - option: cups_install + value: "{{ cups_install }}" + - option: cups_enabled + value: "{{ cups_enabled }}" -- name: Add 'cups' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: cups - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: CUPS - - option: description - value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."' - - option: cups_install - value: "{{ cups_install }}" - - option: cups_enabled - value: "{{ cups_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index 801d725f4..12d06f2d4 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Samba if 'samba_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: samba_installed is undefined +- block: + - name: Install Samba if 'samba_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: samba_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'samba' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: samba + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Samba + - option: description + value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."' + - option: samba_install + value: "{{ samba_install }}" + - option: samba_enabled + value: "{{ samba_enabled }}" -- name: Add 'samba' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: samba - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Samba - - option: description - value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."' - - option: samba_install - value: "{{ samba_install }}" - - option: samba_enabled - value: "{{ samba_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From f79f4c0f46cfc23b8eb8be56ffd8e241d0a0e5cd Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 18 Apr 2023 16:08:08 -0500 Subject: [PATCH 0441/1184] clearer logic --- .../templates/hostapd/iiab-test-wifi.j2 | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 2370c152f..e358d4dbb 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -26,17 +26,22 @@ fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 -if [ -f /run/netplan/wpa-$IFACE.conf ] && $(grep country /run/netplan/wpa-$IFACE.conf); then - REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') - sed -i -e "s/^country.*/country=$REG_DOM/" /etc/hostapd/hostapd.conf.iiab - cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf -else - NETPLAN=1 +if [ -f /run/netplan/wpa-$IFACE.conf ]; then SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` - echo "cover netplan lack of country=" - sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf - + REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') + if [ -z "$REG_DOM" ]; then + NETPLAN=1 + echo "cover netplan wifi client lack of country=" + sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf + else + echo "set hostapd wifi country to $REG_DOM" + if [ -f /etc/hostapd/hostapd.conf.iiab ]; then + sed -i 's|^country.*|country=$REG_DOM|' /etc/hostapd/hostapd.conf.iiab + cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf + fi + fi fi + # IIAB hint for NetworkManager # could scrape /etc/NetworkManager/system-connections/ looking for ssid if [ -f /etc/iiab/iiab.env ]; then From ff905ef5d878f830271bb0b16adf253640bf0f54 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 18 Apr 2023 23:35:43 -0500 Subject: [PATCH 0442/1184] dispatcher has a call to alter hostapd.conf --- roles/network/tasks/restart.yml | 8 ++++++++ roles/network/tasks/sysd-netd-debian.yml | 6 ------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 074ec5086..0e1ccd980 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -36,6 +36,14 @@ - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } when: can_be_ap +- name: Enable & Restart networkd-dispatcher.service + systemd: + name: networkd-dispatcher + state: restarted + enabled: yes + masked: no + when: systemd_networkd_active + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: name: hostapd diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 680b8316e..e1b73db61 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -118,9 +118,3 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service - systemd: - name: networkd-dispatcher - state: restarted - enabled: yes - masked: no From 27c3b1b9a08406e84ce27b3acb441a595c69e1c6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 18 Apr 2023 23:33:56 -0500 Subject: [PATCH 0443/1184] Just set and let the next stanza in main handle the call --- roles/network/tasks/NM-debian.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index d5dad9ffc..200911a91 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -71,8 +71,9 @@ when: wan_ip != "dhcp" - name: Use systemd-networkd to handle br0 - include_tasks: sysd-netd-debian.yml - when: iiab_lan_iface == "br0" and not systemd_networkd_active + set_fact: + systemd_networkd_active: True + when: iiab_lan_iface == "br0" - name: Reload systemd systemd: From 5341cc6ca20af8ac0522736725f550f09723d7e5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 19 Apr 2023 10:38:50 -0500 Subject: [PATCH 0444/1184] typo, use double quotes, always restart netplan wifi --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 6 +++--- roles/network/templates/hostapd/netd-disp2 | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index e358d4dbb..39ae8caa8 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -29,14 +29,14 @@ fi if [ -f /run/netplan/wpa-$IFACE.conf ]; then SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') + NETPLAN=1 if [ -z "$REG_DOM" ]; then - NETPLAN=1 echo "cover netplan wifi client lack of country=" - sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf + sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf else echo "set hostapd wifi country to $REG_DOM" if [ -f /etc/hostapd/hostapd.conf.iiab ]; then - sed -i 's|^country.*|country=$REG_DOM|' /etc/hostapd/hostapd.conf.iiab + sed -i "s|^country.*|country_code=$REG_DOM|" /etc/hostapd/hostapd.conf.iiab cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf fi fi diff --git a/roles/network/templates/hostapd/netd-disp2 b/roles/network/templates/hostapd/netd-disp2 index 78e258627..7b9218899 100644 --- a/roles/network/templates/hostapd/netd-disp2 +++ b/roles/network/templates/hostapd/netd-disp2 @@ -13,6 +13,9 @@ if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then systemctl stop wpa_supplicant systemctl restart hostapd systemctl start wpa_supplicant + if [ -f /run/netplan/wpa-wlan0.conf ]; then + systemctl restart netplan-wpa-wlan0.service + fi else echo "Upstream Channel greater than 13 or is the same - not changing hostapd.conf" fi From 3c3affb16a907e46e0ef32fdf8f0ac9f4a15bfb7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 19 Apr 2023 10:44:39 -0500 Subject: [PATCH 0445/1184] softcode --- roles/network/templates/hostapd/netd-disp2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/netd-disp2 b/roles/network/templates/hostapd/netd-disp2 index 7b9218899..e6a8fca72 100644 --- a/roles/network/templates/hostapd/netd-disp2 +++ b/roles/network/templates/hostapd/netd-disp2 @@ -13,8 +13,8 @@ if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then systemctl stop wpa_supplicant systemctl restart hostapd systemctl start wpa_supplicant - if [ -f /run/netplan/wpa-wlan0.conf ]; then - systemctl restart netplan-wpa-wlan0.service + if [ -f /run/netplan/wpa-$IFACE.conf ]; then + systemctl restart netplan-wpa-$IFACE.service fi else echo "Upstream Channel greater than 13 or is the same - not changing hostapd.conf" From b286d9d6e940195d7d6dbc58479d0a98489c5ed8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 19 Apr 2023 10:46:45 -0500 Subject: [PATCH 0446/1184] easier diff --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 39ae8caa8..205f77fc7 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -27,9 +27,9 @@ fi # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 if [ -f /run/netplan/wpa-$IFACE.conf ]; then + NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') - NETPLAN=1 if [ -z "$REG_DOM" ]; then echo "cover netplan wifi client lack of country=" sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf From d831f057692c82b4da7c0185178126d83b59427d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 20 Apr 2023 10:02:34 -0500 Subject: [PATCH 0447/1184] NM ssid detection --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 205f77fc7..c3a49a847 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -22,10 +22,10 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` fi -# covers netplan's bugs workaround # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 +# covers netplan systemd use on server with bug workarounds if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` @@ -50,8 +50,14 @@ if [ -f /etc/iiab/iiab.env ]; then SSID=$CLIENT_SSID fi fi + +# NetworkManager +if [[ $SSID == "NA" ]]; then + SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) +fi echo "ssid is $SSID" -if [[ $SSID == "" ]] || [[ $SSID == "NA" ]]; then + +if [[ $SSID == "" ]]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" From 908c8f495136c19e7f420bddea6265b95c52d27d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 20 Apr 2023 10:43:18 -0500 Subject: [PATCH 0448/1184] tighten up when to install ap0 file --- roles/network/tasks/NM-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 200911a91..9cb2cf1db 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -22,7 +22,7 @@ dest: /etc/NetworkManager/conf.d/ap0-manage.conf src: network/ap0-manage.conf mode: 0644 - when: wifi_up_down + when: discovered_wireless_iface != "none" and wifi_up_down - name: Copy manage.conf for NetworkManager when wifi_up_down False template: From 4fe56e787efbaa120aa1c1be2b9f2447ab72773f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 20 Apr 2023 10:43:55 -0500 Subject: [PATCH 0449/1184] tighten up when to run wifi detection --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 3df0f2c36..7f5bd34a4 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -12,7 +12,7 @@ - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel - when: discovered_wireless_iface != "none" + when: has_wifi_gateway is defined - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: From 8aaa459d9c7bd29d8bae6dbfb334b982b602998a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 20 Apr 2023 12:56:14 -0500 Subject: [PATCH 0450/1184] restarting seems excessive just use start --- roles/network/templates/network/dnsmasq.sh.j2 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/network/dnsmasq.sh.j2 b/roles/network/templates/network/dnsmasq.sh.j2 index 00df42bf3..6a7f7179a 100755 --- a/roles/network/templates/network/dnsmasq.sh.j2 +++ b/roles/network/templates/network/dnsmasq.sh.j2 @@ -1,7 +1,6 @@ #!/bin/bash if [ "$IFACE" == "{{ iiab_lan_iface }}" ]; then - echo "Restarting dnsmasq in 5 seconds" - /bin/sleep 5 && /bin/systemctl --no-block restart dnsmasq.service - echo "Restarted dnsmasq" + /bin/systemctl --no-block start dnsmasq.service + echo "Started dnsmasq" fi From 07a63f3b8a57e5d7633ae637a4fca5e4a8861ce7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 09:59:29 -0400 Subject: [PATCH 0451/1184] Tighten up templates/hostapd/iiab-hotspot-off just a bit? --- roles/network/templates/hostapd/iiab-hotspot-off | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 98fb9dbf2..0b917b4df 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -11,13 +11,11 @@ systemctl disable iiab-clone-wifi.service systemctl disable iiab-wifi-test.service systemctl stop iiab-clone-wifi.service echo " IIAB hotspot access point Disabled" -exit 0 +#exit 0 {% else %} {% if is_raspbian %} # hotspot-off before ap0_updown sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf -systemctl disable hostapd -systemctl stop hostapd #systemctl disable dnsmasq #systemctl stop dnsmasq systemctl daemon-reload @@ -35,8 +33,8 @@ systemctl restart dhcpcd if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf fi -echo -e "\nPlease reboot to enable upstream WiFi access.\n" -exit 0 +echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" +#exit 0 {% endif %} #is_raspbian {% endif %} From d1a7ab2b74adaf09599e726ec5e23d27d43ff155 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 10:03:57 -0400 Subject: [PATCH 0452/1184] Tighten up templates/hostapd/iiab-hotspot-on just a bit? --- roles/network/templates/hostapd/iiab-hotspot-on | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 3f809bf44..bd7c4fa0e 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -14,8 +14,7 @@ sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} systemctl enable iiab-clone-wifi.service systemctl enable hostapd systemctl enable iiab-wifi-test.service -echo -e "\nPlease reboot to activate hostapd feature.\n" -exit 0 +#exit 0 {% else %} {% if is_raspbian %} # just do what we have always done in hotspot-on @@ -38,13 +37,12 @@ systemctl start dnsmasq # ip link set dev wlan0 promisc off #fi {% else %} -#ubuntu +#ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then sed -i -e "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf fi systemctl enable hostapd -echo -e "\nPlease reboot to activate hostapd feature.\n" -exit 0 +#exit 0 {% endif %} #is_raspbian {% endif %} @@ -53,3 +51,5 @@ exit 0 #can_be_ap {% endif %} #network_enabled + +echo -e "\nPlease reboot to activate hostapd feature.\n" From cdc77b121ccda228401de111edf9b404cc1dbaa8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 10:06:54 -0400 Subject: [PATCH 0453/1184] Clarifying templates/hostapd/iiab-hotspot-off ? --- roles/network/templates/hostapd/iiab-hotspot-off | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 0b917b4df..e59c18ebe 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -13,6 +13,7 @@ systemctl stop iiab-clone-wifi.service echo " IIAB hotspot access point Disabled" #exit 0 {% else %} +echo " IIAB hotspot access point Disabled" {% if is_raspbian %} # hotspot-off before ap0_updown sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf @@ -29,7 +30,7 @@ systemctl restart dhcpcd # ip link set dev wlan0 promisc on #fi {% else %} -#ubuntu +#ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf fi From 319b75fe7d30083d58ff28ab6c1e61a9552533e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 11:50:04 -0400 Subject: [PATCH 0454/1184] iiab-hotspot-off: sed "-e" flag optional --- roles/network/templates/hostapd/iiab-hotspot-off | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index e59c18ebe..25a5053be 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -3,7 +3,7 @@ echo -e "Networking role disabled\n" echo -e "For details, see: https://github.com/iiab/iiab/pull/3302\n" {% else %} -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} +sed -i "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} systemctl disable hostapd systemctl stop hostapd {% if wifi_up_down %} @@ -16,7 +16,7 @@ echo " IIAB hotspot access point Disabled" echo " IIAB hotspot access point Disabled" {% if is_raspbian %} # hotspot-off before ap0_updown -sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf +sed -i "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf #systemctl disable dnsmasq #systemctl stop dnsmasq systemctl daemon-reload @@ -32,7 +32,7 @@ systemctl restart dhcpcd {% else %} #ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then - sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf + sed -i "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf fi echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" #exit 0 From 9ed5cd53c7aa020f75332a2cd8e69d9e1516e719 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 11:50:51 -0400 Subject: [PATCH 0455/1184] iiab-hotspot-on: sed "-e" flag optional --- roles/network/templates/hostapd/iiab-hotspot-on | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index bd7c4fa0e..03ca2d4ae 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -9,7 +9,7 @@ echo -e "If you add Wi-Fi hardware, run 'cd /opt/iiab/iiab' then 'sudo ./iiab-ne echo -e "For details, see: https://github.com/iiab/iiab/pull/3179\n" exit 1 {% else %} -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} +sed -i "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} systemctl enable iiab-clone-wifi.service systemctl enable hostapd @@ -19,7 +19,7 @@ systemctl enable iiab-wifi-test.service {% if is_raspbian %} # just do what we have always done in hotspot-on cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf -sed -i -e "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf +sed -i "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf # shut down wlan0 in case connected to network ip link set wlan0 down systemctl enable hostapd @@ -39,7 +39,7 @@ systemctl start dnsmasq {% else %} #ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then - sed -i -e "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf + sed -i "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf fi systemctl enable hostapd #exit 0 From 262ca468e977740764b0a0fc26dfa496c687c124 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 22 Apr 2023 22:05:01 -0500 Subject: [PATCH 0456/1184] tighten up when to run wifi detection more --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 7f5bd34a4..e46f810b9 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -12,7 +12,7 @@ - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel - when: has_wifi_gateway is defined + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: From 0c037b276305621f19fbd5cd6abd72dad90c1f41 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 01:24:20 -0500 Subject: [PATCH 0457/1184] \[], echo, run netplan restart sooner, NM wait, move hostapd restart --- .../templates/hostapd/iiab-test-wifi.j2 | 37 +++++++++++-------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index c3a49a847..50f34fae2 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -9,11 +9,13 @@ SSID="NA" # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then + echo "systemd-network" SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` fi -# covers raspbian +# covers stock raspbian if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then + echo "RasPiOS" RASPBIAN=1 if /usr/sbin/rfkill list wifi | grep -q "Soft blocked: yes" ; then echo "unblocking WiFi" @@ -28,10 +30,11 @@ fi # covers netplan systemd use on server with bug workarounds if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 + echo "Netplan systemd" SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') if [ -z "$REG_DOM" ]; then - echo "cover netplan wifi client lack of country=" + echo "cover netplan wifi client lack of country= setting to {{ host_country_code }}" sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf else echo "set hostapd wifi country to $REG_DOM" @@ -52,12 +55,14 @@ if [ -f /etc/iiab/iiab.env ]; then fi # NetworkManager -if [[ $SSID == "NA" ]]; then +if [ $SSID == "NA" ] && [ ! -z $(pgrep NetworkManager) ]; then + echo "NetworkManager" + sleep 15 SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) fi echo "ssid is $SSID" -if [[ $SSID == "" ]]; then +if [ $SSID == "" ]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" @@ -76,14 +81,23 @@ for result in $FREQ; do echo "channel $result is 5Ghz - ignoring" fi done + echo "Using $FREQ2 for $SSID" -if [[ $FREQ2 == "" ]]; then + +if [ $NETPLAN -eq 1 ]; then + echo "Netplan2" + # This is more of a netplan workaround should go away. + /bin/systemctl restart netplan-wpa-$IFACE.service +fi + +if [ $FREQ2 == "" ]; then echo "Couldn't find frequency to use exiting" if [ $NETPLAN -eq 1 ]; then - echo "Netplan2" + echo "Netplan3" fi exit 0 fi + # ubuntu on boot exits at this point timing - issue with wpa_cli and scanning CHAN=$(($FREQ2 - 2407 )) CHAN=$(($CHAN / 5 )) @@ -94,14 +108,7 @@ if [ $CHAN -ne $HOSTAPD ]; then echo "Editing Hostapd for channel $CHAN" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf + /bin/systemctl --no-block restart hostapd fi -systemctl stop wpa_supplicant -systemctl stop hostapd -systemctl start hostapd -systemctl start wpa_supplicant -if [ $NETPLAN -eq 1 ]; then - echo "Netplan3" - # This is more of a netplan workaround should go away. - systemctl restart netplan-wpa-$IFACE.service -fi + exit 0 From b17cab4794c3189decab7deb35d7dd7186a7a948 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 01:25:24 -0500 Subject: [PATCH 0458/1184] run after NM and netplan --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 682680a07..6f86b7e34 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -2,11 +2,11 @@ Description=IIAB find channel freq for ssid After=wpa_supplicant.service Wants=wpa_supplicant.service +After=NetworkManager.service +After=netplan-wpa-{{ discovered_wireless_iface }}.service Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service -Before=NetworkManager.service -Before=netplan-wpa-{{ discovered_wireless_iface }}.service Before=network.target [Service] From 472fdfd1527aae807fed80544fe30b382b5f00d6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 01:59:52 -0500 Subject: [PATCH 0459/1184] style --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 50f34fae2..5b90cd691 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -62,7 +62,7 @@ if [ $SSID == "NA" ] && [ ! -z $(pgrep NetworkManager) ]; then fi echo "ssid is $SSID" -if [ $SSID == "" ]; then +if [ -z $SSID ]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" @@ -90,7 +90,7 @@ if [ $NETPLAN -eq 1 ]; then /bin/systemctl restart netplan-wpa-$IFACE.service fi -if [ $FREQ2 == "" ]; then +if [ -z $FREQ2 ]; then echo "Couldn't find frequency to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan3" @@ -109,6 +109,7 @@ if [ $CHAN -ne $HOSTAPD ]; then cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf /bin/systemctl --no-block restart hostapd + echo "Restarted hostapd" fi exit 0 From a6cd9ded51d1e0233a06c4b2581e6fff4c7e0198 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 02:03:16 -0500 Subject: [PATCH 0460/1184] replace backtics --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 5b90cd691..0b92ca259 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -10,7 +10,7 @@ SSID="NA" # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then echo "systemd-network" - SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` + SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi # covers stock raspbian @@ -21,7 +21,7 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then echo "unblocking WiFi" rfkill unblock wifi fi - SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` + SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 @@ -31,7 +31,7 @@ fi if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 echo "Netplan systemd" - SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` + SSID=$(grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') if [ -z "$REG_DOM" ]; then echo "cover netplan wifi client lack of country= setting to {{ host_country_code }}" @@ -71,7 +71,7 @@ if [ -z $SSID ]; then fi wpa_cli -i $IFACE scan > /dev/null sleep 2 -FREQ=`wpa_cli -i $IFACE scan_results | grep $SSID | awk '{print $2}'` +FREQ=$(wpa_cli -i $IFACE scan_results | grep $SSID | awk '{print $2}') for result in $FREQ; do echo "frequency is $result for $SSID" if [ $result -lt 2485 ] && [ $result -gt 2407 ]; then @@ -102,7 +102,7 @@ fi CHAN=$(($FREQ2 - 2407 )) CHAN=$(($CHAN / 5 )) echo "channel is $CHAN for $SSID" -HOSTAPD=`grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` +HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" if [ $CHAN -ne $HOSTAPD ]; then echo "Editing Hostapd for channel $CHAN" From d7d6404c534d2314e6e62681b4079ab505da6c2b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 08:02:57 -0500 Subject: [PATCH 0461/1184] tighten up country code detection --- roles/network/tasks/rpi_debian.yml | 2 ++ roles/network/tasks/sysd-netd-debian.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 4dbcd97ee..29b6e0591 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -39,6 +39,7 @@ shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' register: country_code ignore_errors: True + when: wifi_up_down and can_be_ap - name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf set_fact: @@ -52,6 +53,7 @@ line: country={{ host_country_code }} when: country_code is defined and country_code.stdout | length == 0 +# This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill shell: rfkill unblock 0 ignore_errors: True diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index e1b73db61..6051971b9 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -91,7 +91,7 @@ shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True - when: discovered_wireless_iface != "none" + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Set Wifi Region country code for hostapd when present set_fact: From 348974be6fab3b0a11b986a3da98f7c3437a48a4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 08:21:09 -0500 Subject: [PATCH 0462/1184] stdout country code detection --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 6051971b9..5f66db11c 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -96,7 +96,7 @@ - name: Set Wifi Region country code for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM is defined and REG_DOM.stdout | length > 0 + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - name: Clone wifi if needed systemd: From a49a0680d35c3530919363f25c20a94d069d3c58 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 12:23:33 -0500 Subject: [PATCH 0463/1184] drop NA --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 0b92ca259..b312867c2 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -2,7 +2,7 @@ IFACE={{ discovered_wireless_iface }} RASPBIAN=0 NETPLAN=0 -SSID="NA" +SSID="" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. None # of the backends that use wpa_supplicant should be active yet based on the Before= After= lines # in the iiab-wifi-test.service unit file. @@ -55,7 +55,7 @@ if [ -f /etc/iiab/iiab.env ]; then fi # NetworkManager -if [ $SSID == "NA" ] && [ ! -z $(pgrep NetworkManager) ]; then +if [ -z $SSID ] && [ ! -z $(pgrep NetworkManager) ]; then echo "NetworkManager" sleep 15 SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) From c49adcf39596b7b39f673c24db605fd9837e3537 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 13:53:05 -0500 Subject: [PATCH 0464/1184] borrow some bits from iiab-clone-wifi --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 6f86b7e34..4b3a5472c 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,5 +1,9 @@ [Unit] Description=IIAB find channel freq for ssid +Requires=network-pre.target +BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=iiab-clone-wifi.service After=wpa_supplicant.service Wants=wpa_supplicant.service After=NetworkManager.service From bc4850a09c1d8544fbfa81d939d0543566d408dc Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 13:55:37 -0500 Subject: [PATCH 0465/1184] RasPiOS could be running NM backend, test if dhcpcd is running, drop rfkill --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index b312867c2..2fc85a962 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -3,9 +3,12 @@ IFACE={{ discovered_wireless_iface }} RASPBIAN=0 NETPLAN=0 SSID="" -# when we get here br0 should be available and dbus wpa_supplicant was started if enabled. None -# of the backends that use wpa_supplicant should be active yet based on the Before= After= lines -# in the iiab-wifi-test.service unit file. +# when we get here br0 should be available and dbus wpa_supplicant was started if enabled. Some +# of the backends that use wpa_supplicant should be active based on the Before= After= lines in +# the iiab-wifi-test.service unit file. + +echo "iiab-test-wifi called" +echo "running pid $$" # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then @@ -14,13 +17,9 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then fi # covers stock raspbian -if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then +if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ ! -z $(pgrep dhcpcd) ]; then echo "RasPiOS" RASPBIAN=1 - if /usr/sbin/rfkill list wifi | grep -q "Soft blocked: yes" ; then - echo "unblocking WiFi" - rfkill unblock wifi - fi SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi From cf67d4c9d775861dd475db877defa808b42a6932 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 14:56:10 -0500 Subject: [PATCH 0466/1184] netplan-systemd staging --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 4b3a5472c..23223c854 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -3,6 +3,8 @@ Description=IIAB find channel freq for ssid Requires=network-pre.target BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=network-pre.target + After=iiab-clone-wifi.service After=wpa_supplicant.service Wants=wpa_supplicant.service @@ -11,7 +13,6 @@ After=netplan-wpa-{{ discovered_wireless_iface }}.service Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service -Before=network.target [Service] Type=oneshot From ef6486b09b929c863af4f2d3830c775e8a638f67 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 16:11:03 -0500 Subject: [PATCH 0467/1184] grouping, recording, staging --- roles/network/tasks/computed_services.yml | 19 ----------- roles/network/tasks/hostapd.yml | 40 +++++++++++++++++++++++ roles/network/tasks/main.yml | 5 +-- roles/network/tasks/restart.yml | 10 ------ roles/network/tasks/sysd-netd-debian.yml | 11 ------- 5 files changed, 43 insertions(+), 42 deletions(-) diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 9527ed7d3..2a113ce15 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -81,22 +81,3 @@ value: "{{ dnsmasq_enabled }}" - option: no_net_restart value: "{{ no_net_restart }}" - - option: hostapd_enabled - value: "{{ hostapd_enabled }}" - - option: host_ssid - value: "{{ host_ssid }}" - - option: host_wifi_mode - value: "{{ host_wifi_mode }}" - - option: host_channel - value: "{{ host_channel }}" - -- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} - ini_file: - dest: "{{ iiab_ini_file }}" - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index e46f810b9..7f732f73f 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,6 +9,17 @@ enabled: no when: not hostapd_enabled +- name: Detect WiFi country code in use + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set Wifi Region country code for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel @@ -88,3 +99,32 @@ regexp: '^HOSTAPD_ENABLED=*' line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}' state: present + +- name: Record host_country_code_applied and host_channel in network of {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: hostapd_enabled + value: "{{ hostapd_enabled }}" + - option: host_ssid + value: "{{ host_ssid }}" + - option: host_wifi_mode + value: "{{ host_wifi_mode }}" + - option: host_country_code_applied + value: "{{ host_country_code }}" + - option: host_channel + value: "{{ host_channel }}" + +- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: client_wifi_channel + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index f00939911..9e2954892 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -61,8 +61,6 @@ # when: squid_install and FQDN_changed and iiab_stage|int == 9 #### Start services - - name: hostapd - include_tasks: hostapd.yml - name: computed_services include_tasks: computed_services.yml - name: enable_services @@ -94,6 +92,9 @@ #when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 #### end network layout + - name: hostapd + include_tasks: hostapd.yml + - name: Restart services include_tasks: restart.yml diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 0e1ccd980..0d33f210f 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -14,16 +14,6 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled -- name: Record host_country_code_applied in network of iiab_ini_file - ini_file: - dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: host_country_code_applied - value: "{{ host_country_code }}" - - name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed template: owner: root diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 5f66db11c..1681f6cf7 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -87,17 +87,6 @@ systemd: daemon_reload: yes -- name: Detect WiFi country code in use - shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" - register: REG_DOM - ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - -- name: Set Wifi Region country code for hostapd when present - set_fact: - host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - - name: Clone wifi if needed systemd: name: iiab-clone-wifi From d738fdc1efe5140358ed0f89be2dcb65bb14a8d5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 01:10:03 -0500 Subject: [PATCH 0468/1184] use dash in place of bash, drop last bashism --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 2fc85a962..cbebb3439 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh IFACE={{ discovered_wireless_iface }} RASPBIAN=0 NETPLAN=0 @@ -44,15 +44,6 @@ if [ -f /run/netplan/wpa-$IFACE.conf ]; then fi fi -# IIAB hint for NetworkManager -# could scrape /etc/NetworkManager/system-connections/ looking for ssid -if [ -f /etc/iiab/iiab.env ]; then - source /etc/iiab/iiab.env - if [ ! -z $CLIENT_SSID ]; then - SSID=$CLIENT_SSID - fi -fi - # NetworkManager if [ -z $SSID ] && [ ! -z $(pgrep NetworkManager) ]; then echo "NetworkManager" From 995bc6308bbc76de5ae29d029b358df1e6ec747a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 01:12:37 -0500 Subject: [PATCH 0469/1184] drop unused assignment --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index cbebb3439..6693090ae 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -19,7 +19,6 @@ fi # covers stock raspbian if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ ! -z $(pgrep dhcpcd) ]; then echo "RasPiOS" - RASPBIAN=1 SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi From cb86366b134d016ff7ebec29fc8e3031bba9f7f3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 01:38:56 -0500 Subject: [PATCH 0470/1184] shellcheck --- .../templates/hostapd/iiab-test-wifi.j2 | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 6693090ae..948c8bd2a 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -1,6 +1,5 @@ #!/bin/sh IFACE={{ discovered_wireless_iface }} -RASPBIAN=0 NETPLAN=0 SSID="" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. Some @@ -17,7 +16,7 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then fi # covers stock raspbian -if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ ! -z $(pgrep dhcpcd) ]; then +if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ -n "$(pgrep dhcpcd)" ]; then echo "RasPiOS" SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi @@ -44,14 +43,14 @@ if [ -f /run/netplan/wpa-$IFACE.conf ]; then fi # NetworkManager -if [ -z $SSID ] && [ ! -z $(pgrep NetworkManager) ]; then +if [ -z "$SSID" ] && [ -n "$(pgrep NetworkManager)" ]; then echo "NetworkManager" sleep 15 SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) fi echo "ssid is $SSID" -if [ -z $SSID ]; then +if [ -z "$SSID" ]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" @@ -60,10 +59,10 @@ if [ -z $SSID ]; then fi wpa_cli -i $IFACE scan > /dev/null sleep 2 -FREQ=$(wpa_cli -i $IFACE scan_results | grep $SSID | awk '{print $2}') +FREQ=$(wpa_cli -i $IFACE scan_results | grep "$SSID" | awk '{print $2}') for result in $FREQ; do echo "frequency is $result for $SSID" - if [ $result -lt 2485 ] && [ $result -gt 2407 ]; then + if [ "$result" -lt 2485 ] && [ "$result" -gt 2407 ]; then FREQ2=$result break else @@ -79,7 +78,7 @@ if [ $NETPLAN -eq 1 ]; then /bin/systemctl restart netplan-wpa-$IFACE.service fi -if [ -z $FREQ2 ]; then +if [ -z "$FREQ2" ]; then echo "Couldn't find frequency to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan3" @@ -88,12 +87,12 @@ if [ -z $FREQ2 ]; then fi # ubuntu on boot exits at this point timing - issue with wpa_cli and scanning -CHAN=$(($FREQ2 - 2407 )) -CHAN=$(($CHAN / 5 )) +CHAN=$((FREQ2 - 2407 )) +CHAN=$((CHAN / 5 )) echo "channel is $CHAN for $SSID" HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" -if [ $CHAN -ne $HOSTAPD ]; then +if [ "$CHAN" -ne "$HOSTAPD" ]; then echo "Editing Hostapd for channel $CHAN" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf From 04ce0a9d7fb9cf7ec45e64f1be25b27f1cc2f2c4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 09:17:07 -0500 Subject: [PATCH 0471/1184] netplan2 --- .../templates/hostapd/iiab-test-wifi.j2 | 29 ++++++++++++++----- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 948c8bd2a..2df652560 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -5,6 +5,7 @@ SSID="" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. Some # of the backends that use wpa_supplicant should be active based on the Before= After= lines in # the iiab-wifi-test.service unit file. +# https://github.com/iiab/iiab/pull/3542#issuecomment-1519647266 echo "iiab-test-wifi called" echo "running pid $$" @@ -31,6 +32,7 @@ if [ -f /run/netplan/wpa-$IFACE.conf ]; then SSID=$(grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') if [ -z "$REG_DOM" ]; then + NETPLAN=2 echo "cover netplan wifi client lack of country= setting to {{ host_country_code }}" sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf else @@ -52,11 +54,28 @@ echo "ssid is $SSID" if [ -z "$SSID" ]; then echo "Couldn't find ssid $SSID to use exiting" - if [ $NETPLAN -eq 1 ]; then + if [ $NETPLAN -gt 0 ]; then echo "Netplan1" fi exit 0 fi + +if [ $NETPLAN -gt 0 ]; then + echo "Netplan2" + wpa_processes=$(ps -A | grep wpa_supplicant | wc -l) + if [ $wpa_processes -eq 1 ]; then + # This is more of a netplan workaround should go away. + echo "Starting netplan wifi" + NETPLAN=2 + else + echo "Restarting netplan wifi" + fi + # This one handles the changing of the country code from above + if [ $NETPLAN -eq 2 ]; then + /bin/systemctl restart netplan-wpa-$IFACE.service + sleep 2 + fi +fi wpa_cli -i $IFACE scan > /dev/null sleep 2 FREQ=$(wpa_cli -i $IFACE scan_results | grep "$SSID" | awk '{print $2}') @@ -72,15 +91,9 @@ done echo "Using $FREQ2 for $SSID" -if [ $NETPLAN -eq 1 ]; then - echo "Netplan2" - # This is more of a netplan workaround should go away. - /bin/systemctl restart netplan-wpa-$IFACE.service -fi - if [ -z "$FREQ2" ]; then echo "Couldn't find frequency to use exiting" - if [ $NETPLAN -eq 1 ]; then + if [ $NETPLAN -gt 0 ]; then echo "Netplan3" fi exit 0 From e1722645c5e516326edee6e1103c9240b0de9437 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 10:25:46 -0500 Subject: [PATCH 0472/1184] shellcheck and whitespace --- scripts/ansible | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 377203480..fa92cae32 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -96,7 +96,7 @@ echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" -if [ $(command -v ansible) ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" +if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ") # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: #CURR_VER=$(ansible --version | head -1 | awk '{print $2}') @@ -201,14 +201,13 @@ $APT_PATH/apt -y install python3-venv # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask # that virtual environments (venv) be used to safely isolate pip installs: -# https://peps.python.org/pep-0668 +# https://peps.python.org/pep-0668 echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" -cd /usr/local/ansible/bin -for bin in $(ls ansible*); do - ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin +for bin in /usr/local/ansible/bin/ansible*; do + ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" done # (Re)running collection installs appears safe, with --force-with-deps to force From 544a1f29598f0a1bfaab49ea3b67a15c65c0e92d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 10:34:54 -0500 Subject: [PATCH 0473/1184] https://github.com/iiab/iiab/issues/3547 --- scripts/ansible | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index fa92cae32..76a00b777 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -204,6 +204,12 @@ $APT_PATH/apt -y install python3-venv # https://peps.python.org/pep-0668 echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible + +# Same detection as local_facts.fact https://github.com/iiab/iiab/issues/3547 +if [ -f /etc/rpi-issue ] && [ "$(dpkg --print-architecture)" = armhfp ]; then + /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 +fi + /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" for bin in /usr/local/ansible/bin/ansible*; do From a17103f14fc8006daa26cbcc0d987c0a53fd874b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:46:24 +0100 Subject: [PATCH 0474/1184] Explain & lint templates/hostapd/iiab-test-wifi.j2 --- adm-run-roles-tmp.yml | 15 +++++++++++++++ .../templates/hostapd/iiab-test-wifi.j2 | 19 +++++++++++++++---- 2 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 adm-run-roles-tmp.yml diff --git a/adm-run-roles-tmp.yml b/adm-run-roles-tmp.yml new file mode 100644 index 000000000..8f6888707 --- /dev/null +++ b/adm-run-roles-tmp.yml @@ -0,0 +1,15 @@ +--- +- hosts: all + become: yes + + vars_files: + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml + + roles: + - { role: 0-init } + - { role: captiveportal } + - { role: lokole } + - { role: network } diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 948c8bd2a..1fe9d09ff 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -1,4 +1,17 @@ #!/bin/sh + +# 2023-04-24 PR #3542 / PR #3549 context: +# "systemd-network" "RasPiOS" have files with the client wifi info within them, +# those can be parsed for the ssid without needing the related service running +# first. +# "Netplan systemd" "NetworkManager" need to be running to be able to parse for +# the ssid, from the generated config file for "Netplan systemd" and from the +# running environment for "NetworkManager". +# "iiab-wifi-test.service" acts as a bit of a traffic cop keeping the ordering +# of the services more deterministic when active and tries to catch a channel +# mismatch between client wifi's current setting and what is contained within +# hostapd.conf early in the boot process. + IFACE={{ discovered_wireless_iface }} NETPLAN=0 SSID="" @@ -87,8 +100,8 @@ if [ -z "$FREQ2" ]; then fi # ubuntu on boot exits at this point timing - issue with wpa_cli and scanning -CHAN=$((FREQ2 - 2407 )) -CHAN=$((CHAN / 5 )) +CHAN=$((FREQ2 - 2407)) +CHAN=$((CHAN / 5)) echo "channel is $CHAN for $SSID" HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" @@ -99,5 +112,3 @@ if [ "$CHAN" -ne "$HOSTAPD" ]; then /bin/systemctl --no-block restart hostapd echo "Restarted hostapd" fi - -exit 0 From 78c22d3df58ac39abb5ec66bdc937c2b77d60611 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 24 Apr 2023 13:07:24 -0400 Subject: [PATCH 0475/1184] scripts/ansible: 2.14.5, cryptography==40.0.1 on armhf, for-loop fix --- scripts/ansible | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 76a00b777..ed368d1e6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.4] -GOOD_VER=2.14.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.5] +GOOD_VER=2.14.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -205,14 +205,21 @@ $APT_PATH/apt -y install python3-venv echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible -# Same detection as local_facts.fact https://github.com/iiab/iiab/issues/3547 -if [ -f /etc/rpi-issue ] && [ "$(dpkg --print-architecture)" = armhfp ]; then +# "if not ubuntu" (covers RasPiOC & Debian) would also work, but is overbroad: +# if ! grep -qi ubuntu /etc/os-release; then +# +# if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then +# +# 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. +# Release problems chart: https://www.piwheels.org/project/cryptography/ +if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" -for bin in /usr/local/ansible/bin/ansible*; do +cd /usr/local/ansible/bin +for bin in ansible*; do ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" done From 78603de7e6e3b1b99395f039b97c7da1ab937c5e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 12:23:56 -0500 Subject: [PATCH 0476/1184] capture running code --- .../templates/hostapd/iiab-test-wifi.j2 | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 2df652560..25c61b3a2 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -61,21 +61,25 @@ if [ -z "$SSID" ]; then fi if [ $NETPLAN -gt 0 ]; then - echo "Netplan2" - wpa_processes=$(ps -A | grep wpa_supplicant | wc -l) - if [ $wpa_processes -eq 1 ]; then + echo "Netplan2 sleep 10" + sleep 10 + wifi_processes=$(ps -A | grep wpa_supplicant | wc -l) + if [ $wifi_processes -eq 1 ]; then # This is more of a netplan workaround should go away. - echo "Starting netplan wifi" + echo "Problem - Now Starting netplan wifi" NETPLAN=2 else - echo "Restarting netplan wifi" + echo "Not Restarting netplan wifi sleep 20" + sleep 20 fi # This one handles the changing of the country code from above if [ $NETPLAN -eq 2 ]; then - /bin/systemctl restart netplan-wpa-$IFACE.service - sleep 2 + echo "Restarting netplan-wpa-$IFACE sleep 20" + /bin/systemctl --no-block restart netplan-wpa-$IFACE.service + sleep 20 fi fi +sleep 10 wpa_cli -i $IFACE scan > /dev/null sleep 2 FREQ=$(wpa_cli -i $IFACE scan_results | grep "$SSID" | awk '{print $2}') @@ -99,9 +103,8 @@ if [ -z "$FREQ2" ]; then exit 0 fi -# ubuntu on boot exits at this point timing - issue with wpa_cli and scanning -CHAN=$((FREQ2 - 2407 )) -CHAN=$((CHAN / 5 )) +CHAN=$((FREQ2 - 2407)) +CHAN=$((CHAN / 5)) echo "channel is $CHAN for $SSID" HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" @@ -112,5 +115,3 @@ if [ "$CHAN" -ne "$HOSTAPD" ]; then /bin/systemctl --no-block restart hostapd echo "Restarted hostapd" fi - -exit 0 From ba9e9ee01ae133a6d17125e5c7e4bebd29b3e821 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 12:27:00 -0500 Subject: [PATCH 0477/1184] capture running service --- .../templates/hostapd/iiab-wifi-test.service.j2 | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 23223c854..8d99e4a85 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,16 +1,10 @@ [Unit] Description=IIAB find channel freq for ssid -Requires=network-pre.target -BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=network-pre.target - -After=iiab-clone-wifi.service -After=wpa_supplicant.service -Wants=wpa_supplicant.service +Requisite=sys-subsystem-net-devices-wlan0.device +Requisite=iiab-clone-wifi.service +Requisite=wpa_supplicant.service After=NetworkManager.service After=netplan-wpa-{{ discovered_wireless_iface }}.service -Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service From 088537b9b86b117d7529249cc09af66100744166 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 12:42:16 -0500 Subject: [PATCH 0478/1184] clean up netd-disp2 --- roles/network/templates/hostapd/netd-disp2 | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/roles/network/templates/hostapd/netd-disp2 b/roles/network/templates/hostapd/netd-disp2 index e6a8fca72..2e39b26c2 100644 --- a/roles/network/templates/hostapd/netd-disp2 +++ b/roles/network/templates/hostapd/netd-disp2 @@ -2,20 +2,15 @@ if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then echo "NET-DISP-WiFi $IFACE $STATE" # If we are here we have a dhcp ip address - CHAN=`iw $IFACE info|grep channel|cut -d' ' -f2` + CHAN=$(iw "$IFACE" info|grep channel|cut -d' ' -f2) echo "Using channel $CHAN for carrier" - HOSTAPD=`grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` + HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" if [ $CHAN -ne $HOSTAPD ] && [ $CHAN -lt 14 ]; then echo "Editing Hostapd for channel $CHAN" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf - sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf - systemctl stop wpa_supplicant + sed -i "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf systemctl restart hostapd - systemctl start wpa_supplicant - if [ -f /run/netplan/wpa-$IFACE.conf ]; then - systemctl restart netplan-wpa-$IFACE.service - fi else echo "Upstream Channel greater than 13 or is the same - not changing hostapd.conf" fi From bfbb4f06f2891ef0894e64e52c33b56a4d5031cc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 24 Apr 2023 13:48:24 -0400 Subject: [PATCH 0479/1184] Delete adm-run-roles-tmp.yml --- adm-run-roles-tmp.yml | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 adm-run-roles-tmp.yml diff --git a/adm-run-roles-tmp.yml b/adm-run-roles-tmp.yml deleted file mode 100644 index 8f6888707..000000000 --- a/adm-run-roles-tmp.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: all - become: yes - - vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml - - roles: - - { role: 0-init } - - { role: captiveportal } - - { role: lokole } - - { role: network } From 25e44b3385ad3674c3e9f69e3295ab8029d153aa Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 12:53:09 -0500 Subject: [PATCH 0480/1184] service set start timeout --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 8d99e4a85..450844b98 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -9,6 +9,7 @@ Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service [Service] +TimeoutStartSec=120 Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/iiab-test-wifi From fb2a9c82222f39c3d1a839454b335e71a1ee1ea1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 24 Apr 2023 14:02:35 -0400 Subject: [PATCH 0481/1184] Revert c49adcf "borrow some bits from iiab-clone-wifi" (& preserve cf67d4c "netplan-systemd staging" ?) --- .../templates/hostapd/iiab-wifi-test.service.j2 | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 23223c854..1110a9a21 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,11 +1,13 @@ [Unit] Description=IIAB find channel freq for ssid -Requires=network-pre.target -BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=network-pre.target -After=iiab-clone-wifi.service +# 2023-04-24 PR #3549: c49adcf went too far and broke netplan-systemd +#Requires=network-pre.target +#BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +#After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +#After=iiab-clone-wifi.service + +After=network-pre.target After=wpa_supplicant.service Wants=wpa_supplicant.service After=NetworkManager.service @@ -13,6 +15,7 @@ After=netplan-wpa-{{ discovered_wireless_iface }}.service Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service +#Before=network.target [Service] Type=oneshot From 40e4b9cce9df8872ba7ad3339401256bb2c919b4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 25 Apr 2023 10:31:28 -0500 Subject: [PATCH 0482/1184] softcode --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 555bf06f6..baa73eed6 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,6 +1,6 @@ [Unit] Description=IIAB find channel freq for ssid -Requisite=sys-subsystem-net-devices-wlan0.device +Requisite=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device Requisite=iiab-clone-wifi.service Requisite=wpa_supplicant.service From 18fe41b9c60d4dba5148a2f57ff16d3201dc7039 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Apr 2023 15:44:14 -0400 Subject: [PATCH 0483/1184] moodle_version: MOODLE_402_STABLE (for Moodle 4.2) --- roles/moodle/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 6c3e6db16..57f48e4a6 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,10 +8,10 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2022-11-27: Currently testing Moodle's master branch is mandatory if your -# OS PHP >= 8.2, see moodle/tasks/install.yml for detail! OR, *IF* your -# OS PHP < 8.2, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_401_STABLE # Moodle 4.1 LTS +# 2023-04-25: Currently testing Moodle's master branch is mandatory if your +# OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your +# OS PHP < 8.3, then {{ moodle_version }} will be attempted: +moodle_version: MOODLE_402_STABLE # Moodle 4.2 #moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From cac14ee4bbf8c5c686965ca6bde1f361c7dc38e9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Apr 2023 15:46:43 -0400 Subject: [PATCH 0484/1184] moodle/tasks/install.yml: Update comments for Moodle 4.2 --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4abac732f..c449b6c4e 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -30,7 +30,7 @@ #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - #- php{{ php_version }}-exif # 2022-11-27: Recommended by Moodle 4.1, required by Moodle 4.2 (for image metadata, rotation, etc?) apt package(s) NOT REQUIRED as it's somehow already installed with PHP's core, as confirmed by 'php -m' & 'php -i' on Ubuntu 22.04 and RasPiOS. + #- php{{ php_version }}-exif # 2022-11-27: Recommended by Moodle 4.1, possibly required by Moodle 4.2 (for image metadata, rotation, etc?) apt package(s) NOT REQUIRED as it's somehow already installed with PHP's core, as confirmed by 'php -m' & 'php -i' on Ubuntu 22.04 and RasPiOS. - php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml @@ -62,7 +62,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_401_STABLE (Moodle 4.1) + version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2) when: php_version is version('8.3', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From fda10dbe66864fa90644bc4a405c979c8d4ef202 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 26 Apr 2023 06:43:28 -0500 Subject: [PATCH 0485/1184] jupyterhub use --system-site-packages for psutils --- roles/jupyterhub/tasks/install.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index a34c1afd6..223985f5b 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,11 +13,16 @@ when: nodejs_installed is undefined -- name: "Install package: python3-venv" +- name: "Install package: python3-psutil" package: - name: python3-venv + name: python3-psutil state: present +- name: Remove previous virtual environment {{ jupyterhub_venv }} + file: + path: "{{ jupyterhub_venv }}" + state: absent + - name: Make 3 directories to hold JupyterHub config file: state: directory @@ -41,7 +46,7 @@ - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 @@ -58,7 +63,7 @@ - ipywidgets virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" + virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir" - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" From eacfec8c91ef603909d8a3dd94c1cd4070bde0ad Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 26 Apr 2023 06:45:27 -0500 Subject: [PATCH 0486/1184] remove python3-venv from roles --- roles/calibre-web/tasks/install.yml | 1 - roles/lokole/tasks/install.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7ffb5a32e..29affb3d2 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -2,7 +2,6 @@ package: name: - imagemagick - - python3-venv - python3-netifaces state: present diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 82d8593ca..bf4e64e7f 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -7,7 +7,6 @@ name: #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact #- python3-pip - - python3-venv - python3-dev - python3-bcrypt # 2019-10-14: Should work across modern Linux OS's #- bcrypt does not exist on Ubuntu 19.10 From dc35445c9c45edad6752ca60f61cc7dbe0acc2ff Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 26 Apr 2023 07:17:40 -0500 Subject: [PATCH 0487/1184] remove nodesource.list if failed --- roles/nodejs/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 3990e10b3..08b08bdb9 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -94,6 +94,12 @@ # warn: no # creates: /etc/apt/sources.list.d/nodesource.list +- name: Remove /etc/apt/sources.list.d/nodesource.list if install failed above + file: + path: /etc/apt/sources.list.d/nodesource.list + state: absent + when: curl_nodesource.failed + - name: Install latest Node.js -- includes /usr/bin/npm if nodesource installed above package: #name: nodejs={{ nodejs_version }} From 4bd5d1e9f638bdfb04c5c275ccf84f9768168acf Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 26 Apr 2023 07:20:13 -0500 Subject: [PATCH 0488/1184] verbage in other roles --- roles/calibre-web/tasks/install.yml | 2 +- roles/lokole/tasks/install.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 29affb3d2..285d138a1 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "Install packages: imagemagick, python3-venv, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - imagemagick diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index bf4e64e7f..f26457f87 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,7 +2,7 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Install 13 packages for Lokole +- name: Install 12 packages for Lokole apt: name: #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact From cc0a32cd676bf61a4aa736de76184f1c477e94dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Apr 2023 17:48:07 -0400 Subject: [PATCH 0489/1184] matomo/tasks/nginx.yml: Remove stale refs to box/maps --- roles/matomo/tasks/nginx.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/nginx.yml b/roles/matomo/tasks/nginx.yml index 8d432ee8c..46465dffb 100644 --- a/roles/matomo/tasks/nginx.yml +++ b/roles/matomo/tasks/nginx.yml @@ -1,10 +1,10 @@ -- name: Enable http://box/maps & http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template +- name: Enable http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template template: src: matomo-nginx.conf.j2 dest: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d when: matomo_enabled -- name: Disable http://box/maps & http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf +- name: Disable http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf file: path: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d state: absent From fc46f34f653d86b90128c9b59098de978f1336db Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Apr 2023 17:51:03 -0400 Subject: [PATCH 0490/1184] matomo/tasks/main.yml: Explanation for nginx.yml was stale! --- roles/matomo/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index eec80e81a..b99de06e7 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -21,7 +21,7 @@ - block: - - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + - name: Enable/Disable/Reload NGINX for Matomo include_tasks: nginx.yml - name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml From 8eb29a9edea2b99833473c786c23bd660472d764 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Apr 2023 18:57:05 -0400 Subject: [PATCH 0491/1184] rpi_debian.yml: Fix both "country_code is defined" -> "country_code.stdout is defined" --- roles/network/tasks/rpi_debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 29b6e0591..247b969df 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -44,14 +44,14 @@ - name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf set_fact: host_country_code: "{{ country_code.stdout }}" - when: country_code is defined and country_code.stdout | length > 0 + when: country_code.stdout is defined and country_code.stdout | length > 0 - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} - when: country_code is defined and country_code.stdout | length == 0 + when: country_code.stdout is defined and country_code.stdout | length == 0 # This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill From df08ecfef6e6615cf171592caa90334224296ab4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 27 Apr 2023 07:49:40 -0400 Subject: [PATCH 0492/1184] "Couldn't find an UPSTREAM SSID in files like wpa_supplicant.conf" --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index d364c5a5f..709a92fbb 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -5,7 +5,7 @@ # those can be parsed for the ssid without needing the related service running # first. # "Netplan systemd" "NetworkManager" need to be running to be able to parse for -# the ssid, from the generated config file for "Netplan systemd" and from the +# the ssid, from the generated config file for "Netplan systemd" and from the # running environment for "NetworkManager". # "iiab-wifi-test.service" acts as a bit of a traffic cop keeping the ordering # of the services more deterministic when active and tries to catch a channel @@ -66,7 +66,9 @@ fi echo "ssid is $SSID" if [ -z "$SSID" ]; then - echo "Couldn't find ssid $SSID to use exiting" + echo "Couldn't find an UPSTREAM SSID in files like wpa_supplicant.conf -- so exiting." + echo "CLARIF: This is normal when UPSTREAM WIFI is not active, as there would be no" + echo "UPSTREAM SSID to extract, e.g. if 'wifi_up_down: False'" if [ $NETPLAN -gt 0 ]; then echo "Netplan1" fi From 1884f484aeb35e370f792b7fc675bf46878418b4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 27 Apr 2023 10:40:04 -0500 Subject: [PATCH 0493/1184] iiab-clone-wifi needs template from hostapd - record wifi_up_down --- roles/network/tasks/hostapd.yml | 14 ++++++++++++++ roles/network/tasks/restart.yml | 18 ++++++------------ roles/network/tasks/rpi_debian.yml | 6 ------ roles/network/tasks/sysd-netd-debian.yml | 7 ------- 4 files changed, 20 insertions(+), 25 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 7f732f73f..4d64bf843 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -100,6 +100,18 @@ line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}' state: present +- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed + template: + owner: root + group: root + mode: 0644 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } + when: can_be_ap + - name: Record host_country_code_applied and host_channel in network of {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini @@ -113,6 +125,8 @@ value: "{{ host_ssid }}" - option: host_wifi_mode value: "{{ host_wifi_mode }}" + - option: wifi_up_down + value: "{{ wifi_up_down }}" - option: host_country_code_applied value: "{{ host_country_code }}" - option: host_channel diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 0d33f210f..ec1dda7b6 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -14,18 +14,6 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled -- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed - template: - owner: root - group: root - mode: 0644 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } - when: can_be_ap - - name: Enable & Restart networkd-dispatcher.service systemd: name: networkd-dispatcher @@ -34,6 +22,12 @@ masked: no when: systemd_networkd_active +- name: Clone wifi if needed + systemd: + name: iiab-clone-wifi + state: restarted + when: wifi_up_down and can_be_ap and ansible_ap0 is undefined + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: name: hostapd diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 247b969df..fc02dccd7 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -78,12 +78,6 @@ systemd: daemon_reload: yes -- name: Clone wifi if needed - systemd: - name: iiab-clone-wifi - state: restarted - when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - - name: Restart the networking service if appropriate systemd: name: networking diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 1681f6cf7..391494382 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -87,12 +87,6 @@ systemd: daemon_reload: yes -- name: Clone wifi if needed - systemd: - name: iiab-clone-wifi - state: restarted - when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - - name: Enable & Restart systemd-networkd.service systemd: name: systemd-networkd @@ -106,4 +100,3 @@ state: restarted enabled: yes masked: no - From 84f3ee80734e2c14e1458643e9bc0040c2ddcafe Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 29 Apr 2023 13:30:40 -0400 Subject: [PATCH 0494/1184] pbx/README.adoc: Link to #3556 PHP 8 speculation --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f92f2836f..7cab471dc 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3557]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 38083b431464875ac60d25df6106d6dcda5239a0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 29 Apr 2023 13:32:22 -0400 Subject: [PATCH 0495/1184] pbx/README.adoc: Fix typo (link to #3556) --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7cab471dc..a9c8b3087 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3557]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 0324dfb918c010cce3bf88246ecac57dff6ae7a4 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 14:25:30 -0400 Subject: [PATCH 0496/1184] Revert to Moodle 4.1 if PHP 7 + toughen Moodle/Nextcloud --- roles/moodle/tasks/install.yml | 36 +++++++++++++++++++++++++------ roles/nextcloud/tasks/install.yml | 4 ++-- 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index c449b6c4e..a3cd511de 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -49,13 +49,27 @@ when: php_settings_done is undefined -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" - git: - repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle - dest: "{{ moodle_base }}" # /opt/iiab/moodle - depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022) - when: php_version is version('8.3', '>=') +- name: Does /opt/iiab/moodle exist? + stat: + path: /opt/iiab/moodle + register: opt_iiab_moodle + +# 2023-04-30: Allows re-running (e.g. 'sudo iiab') if git clone was already +# begun, avoiding this error: (arises from 'www-data' ownership) +# "Failed to set a new url https://github.com/moodle/moodle for origin: +# fatal: detected dubious ownership in repository at '/opt/iiab/moodle' +# To add an exception for this directory, call: +# git config --global --add safe.directory /opt/iiab/moodle" + +- name: If /opt/iiab/moodle exists, move it to /tmp/opt-iiab-moodle.old (TO BE DELETED ON NEXT BOOT) -- allows re-running if git clone (below) was already begun + shell: rm -rf /tmp/opt-iiab-moodle.old && mv /opt/iiab/moodle /tmp/opt-iiab-moodle.old + when: opt_iiab_moodle.stat.exists + + +- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER MOODLE 4.1 LTS ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" + set_fact: + moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS + when: php_version is version('8.0', '<') - name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 git: @@ -65,6 +79,14 @@ version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2) when: php_version is version('8.3', '<') +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" + git: + repo: "{{ moodle_repo_url }}" + dest: "{{ moodle_base }}" + depth: 1 + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023) + when: php_version is version('8.3', '>=') + - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: path: "{{ moodle_base }}" diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ce23c1c4c..843cf84bc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -98,10 +98,10 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP <= 7.4 -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" +- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" set_fact: nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 - when: php_version is version('7.4', '<=') + when: php_version is version('8.0', '<') - name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: From d768757f7affeab24184714628bc19686c886404 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 17:33:51 -0400 Subject: [PATCH 0497/1184] network/tasks/install.yml: Clarify 4 sysctl defaults --- roles/network/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 08a749707..c41f88a09 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -55,11 +55,11 @@ name: "{{ item.name }}" value: "{{ item.value }}" with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } + - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet; Default: 0 + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2 + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1 #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled; Default: 0 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 6e493c9131bfd9ac2c2ca310220a6bd9c660d5e6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 18:42:08 -0400 Subject: [PATCH 0498/1184] network/tasks/install.yml: Clarify 4 sysctl vars --- roles/network/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index c41f88a09..bb8b9592f 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -55,11 +55,11 @@ name: "{{ item.name }}" value: "{{ item.value }}" with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet; Default: 0 - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2 - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1 - #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled; Default: 0 + - { name: 'net.ipv4.ip_forward', value: '1' } # Default: 0. Masquerading LAN->Internet + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router); Default: 1 + #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 47a771f8c176f4370c4846601fcd30eae30e8352 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 18:43:11 -0400 Subject: [PATCH 0499/1184] network/tasks/install.yml: Remove typo in comment --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index bb8b9592f..232b67ddc 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -57,7 +57,7 @@ with_items: - { name: 'net.ipv4.ip_forward', value: '1' } # Default: 0. Masquerading LAN->Internet - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router); Default: 1 + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router) #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET From e044de856abb7359074968194305c1773bc88f79 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 19:15:44 -0400 Subject: [PATCH 0500/1184] Enable sysctl's IPv6 during Munin install/enable, so munin-node.service starts --- roles/munin/tasks/enable-or-disable.yml | 12 ++++++++++++ roles/munin/tasks/install.yml | 12 ++++++++++++ roles/network/tasks/install.yml | 2 +- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/roles/munin/tasks/enable-or-disable.yml b/roles/munin/tasks/enable-or-disable.yml index 1b0d3ac28..fce74cae5 100644 --- a/roles/munin/tasks/enable-or-disable.yml +++ b/roles/munin/tasks/enable-or-disable.yml @@ -1,3 +1,9 @@ +# SEE ALSO roles/network/tasks/install.yml +- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 0 + - name: Enable & Start 'munin-node' systemd service systemd: name: munin-node @@ -6,6 +12,12 @@ state: started when: munin_enabled +# SEE ALSO roles/network/tasks/install.yml +- name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 1 + - name: Disable & Stop 'munin-node' systemd service systemd: name: munin-node diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 7d439ff5a..a889ff15b 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,3 +1,9 @@ +# SEE ALSO roles/network/tasks/install.yml +- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 0 + - name: "Install 5 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra, python3-passlib" package: name: @@ -9,6 +15,12 @@ - python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below state: present +# SEE ALSO roles/network/tasks/install.yml +- name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 1 + - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd htpasswd: path: /etc/munin/munin-htpasswd diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 232b67ddc..71aa2a1eb 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -59,7 +59,7 @@ - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router) #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6. SEE ALSO: roles/munin/tasks/install.yml & enable-and-disable.yml #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 21a7d70c7e625f51c6b6c7b5011781b6576137ec Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 1 May 2023 11:21:39 -0400 Subject: [PATCH 0501/1184] Toughen up vnStat: Mitigate #3539 db errors, stop using 2011's /etc/vnstat.conf, etc --- roles/vnstat/tasks/install.yml | 39 +++++++++++++------ .../{vnstat.conf.j2 => vnstat.conf.j2.unused} | 0 test.yml | 8 +++- 3 files changed, 33 insertions(+), 14 deletions(-) rename roles/vnstat/templates/{vnstat.conf.j2 => vnstat.conf.j2.unused} (100%) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 84bec243c..f1d65ada9 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,21 +1,36 @@ -# Similar code block in roles/network/tasks/detected_network.yml -- name: "Setting iiab_wan_iface to '{{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" - set_fact: - iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" - when: ansible_default_ipv4.gateway is defined - - - name: Install 'vnstat' package package: name: vnstat state: present -- name: Install /etc/vnstat.conf from template - template: - src: vnstat.conf.j2 - dest: /etc/vnstat.conf - mode: '0744' +# Similar code block in roles/network/tasks/detected_network.yml (line ~35) and roles/network/tasks/computed_network.yml (lines ~74 and ~110) +- name: "Setting iiab_wan_iface to '{{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" + set_fact: + iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: ansible_default_ipv4.gateway is defined + +# 2023-05-01: Probably no longer nec, as line 'Interface ""' in /etc/vnstat.conf automatically selects the default interface +- name: Insert 'Interface "{{ iiab_wan_iface }}"' into /etc/vnstat.conf + lineinfile: + path: /etc/vnstat.conf + regexp: '^Interface ' + line: 'Interface "{{ iiab_wan_iface }}"' + +# - name: Install /etc/vnstat.conf from template +# template: +# src: vnstat.conf.j2 +# dest: /etc/vnstat.conf +# mode: '0744' + + +# 2023-05-01: https://github.com/vergoh/vnstat/issues/134#issuecomment-663836557 +- name: 'Precautionary Start & Enable of vnstat.service, to mitigate intermittent #3539 (''Failed to open database "/var/lib/vnstat/vnstat.db" in read-only mode'') during WAN db creation just below' + systemd: + name: vnstat + daemon_reload: true + state: started + enabled: true - name: Create database for WAN to collect vnStat data shell: /usr/bin/vnstat -i {{ iiab_wan_iface }} diff --git a/roles/vnstat/templates/vnstat.conf.j2 b/roles/vnstat/templates/vnstat.conf.j2.unused similarity index 100% rename from roles/vnstat/templates/vnstat.conf.j2 rename to roles/vnstat/templates/vnstat.conf.j2.unused diff --git a/test.yml b/test.yml index bfda3f92a..8eb2e9be0 100644 --- a/test.yml +++ b/test.yml @@ -27,11 +27,15 @@ - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini descriptions for azuracast, captiveportal, mosquitto, munin, nodejs, osm-vector-maps, sshd debug: - msg: '"''"' # FAILS: '"\'"' + msg: '"''"' # OR: '''' FAILS: '"\'"' - name: BACKSLASH to escape double quotes... "'\"'" e.g. cups/tasks/install.yml debug: - msg: "'\"'" # FAILS: "'""'" + msg: "'\"'" # OR: "\"" FAILS: "'""'" + + - name: "Entire string must be enclosed in quotes if using ' #' Space-then-Pound/Hash sequence -- or right side will be a comment! e.g. roles/vnstat/install.yml" + debug: + msg: "Left side # Right side" - name: a shows "VARIABLE IS NOT DEFINED!" -- whereas b (w/o whitespace) AND c (with space) AND d (with tab, STRICTLY DISALLOWED IN YAML BY ansible-core 2.11.6) showed null (without quotes!) -- whereas e (singlequotes) and f (doublequotes) show "" empty string set_fact: From 423eecc29363a07dce8310d1396a614350212031 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 1 May 2023 11:41:04 -0400 Subject: [PATCH 0502/1184] CLARIF: Let's use apt version of /etc/vnstat.conf (not 2011-era template) --- roles/vnstat/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index f1d65ada9..70e4f56cc 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -10,7 +10,7 @@ iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" when: ansible_default_ipv4.gateway is defined -# 2023-05-01: Probably no longer nec, as line 'Interface ""' in /etc/vnstat.conf automatically selects the default interface +# 2023-05-01: Probably no longer nec, as line 'Interface ""' in /etc/vnstat.conf (as installed by apt) automatically selects the default interface - name: Insert 'Interface "{{ iiab_wan_iface }}"' into /etc/vnstat.conf lineinfile: path: /etc/vnstat.conf From 7b214064faf69e54e61e43f08cd7f61bc18d426d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 1 May 2023 18:46:27 -0400 Subject: [PATCH 0503/1184] Allow multiple (timestamped) backups of WiFi firmware originals --- roles/firmware/tasks/download.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 5e4027623..c2927c0f9 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -17,7 +17,7 @@ # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - command: cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) + shell: mv /lib/firmware/cypress/{{ item }}.orig /lib/firmware/cypress/{{ item }}.orig.$(date +%F-%T) || true && cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob From 38a292227d91ef03e1ba91c43786b030aaf9d5a5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 1 May 2023 20:29:49 -0400 Subject: [PATCH 0504/1184] Clarify PR #3564 (pre-download WiFi firmware backups) --- roles/firmware/tasks/download.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index c2927c0f9..abda2e6b4 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -17,7 +17,12 @@ # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - shell: mv /lib/firmware/cypress/{{ item }}.orig /lib/firmware/cypress/{{ item }}.orig.$(date +%F-%T) || true && cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) + # 2023-05-01 CLARIF OF BELOW: + # 1) Even if 'mv' fails, no matter it'll continue to 'cp' below + # 2) 'cp -P' == 'cp --no-dereference' sufficient to replicate these symlinks and files ('cp -d' & 'cp -a' are incrementally stronger, and so probably can't hurt) + shell: | + mv /lib/firmware/cypress/{{ item }}.orig /lib/firmware/cypress/{{ item }}.orig.$(date +%F-%T) + cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob From 7e1dff54d2c25ac6f60c2cccf0b05f62a8959544 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 3 May 2023 03:52:39 -0400 Subject: [PATCH 0505/1184] scripts/ansible: Fix typo in comment --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index ed368d1e6..0fc8f611e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -205,7 +205,7 @@ $APT_PATH/apt -y install python3-venv echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible -# "if not ubuntu" (covers RasPiOC & Debian) would also work, but is overbroad: +# "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: # if ! grep -qi ubuntu /etc/os-release; then # # if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then From 139696fa3136a7060a665410a4d9cce5955b2dbf Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 3 May 2023 17:00:02 -0400 Subject: [PATCH 0506/1184] If 32-bit OS, bypass Sugarizer & Explain during iiab-install --- roles/7-edu-apps/tasks/main.yml | 15 ++++++++++++++- roles/mongodb/tasks/main.yml | 9 ++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 8f223b1fd..c5f15e117 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -40,10 +40,23 @@ name: pathagar when: pathagar_install is defined and pathagar_install +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3422 and #3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) + command: dpkg --print-architecture + register: dpkg_arch + when: sugarizer_install + +- name: Explain bypassing of Sugarizer install if 32-bit OS + fail: # FORCE IT RED THIS ONCE! + msg: "BYPASSING SUGARIZER INSTALL ATTEMPT, as Sugarizer Server 1.5.0 requires MongoDB 3.2+ which is NO LONGER SUPPORTED on 32-bit Raspberry Pi OS. 'dpkg --print-architecture' output for your OS: {{ dpkg_arch.stdout }}" + when: sugarizer_install and not dpkg_arch.stdout is search("64") + ignore_errors: True + - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install + when: sugarizer_install and dpkg_arch.stdout is search("64") - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index aab67fc0f..1dc712a0a 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -37,7 +37,9 @@ - debug: var: mongodb_version -- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3422 and #3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) command: dpkg --print-architecture register: dpkg_arch - debug: @@ -45,10 +47,11 @@ - block: - - name: EXIT 'mongodb' ROLE, if 'dpkg --print-architecture' shows "armhf" or mongodb_version == "unsupported" or ansible_machine not found + - name: EXIT 'mongodb' ROLE, if 'dpkg --print-architecture' appears to be 32-bit (i.e. does not contain "64") or mongodb_version == "unsupported" or ansible_machine not found fail: # FORCE IT RED THIS ONCE! msg: MongoDB 3.2+ (as needed by Sugarizer Server 1.5.0) is NO LONGER SUPPORTED on 32-bit Raspberry Pi OS. - when: dpkg_arch.stdout == "armhf" or mongodb_version == "unsupported" or mongodb_version == "unknown" + when: not dpkg_arch.stdout is search("64") or mongodb_version == "unsupported" or mongodb_version == "unknown" + #when: dpkg_arch.stdout == "armhf" or mongodb_version == "unsupported" or mongodb_version == "unknown" - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml From 1939ad22e186ff3524e1faa6e8d39351c4d7acaf Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 6 May 2023 00:48:07 -0400 Subject: [PATCH 0507/1184] GHA Stub: .github/workflows/10min-iiab-test-install.yml --- .github/workflows/10min-iiab-test-install.yml | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 .github/workflows/10min-iiab-test-install.yml diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml new file mode 100644 index 000000000..3aa1d159a --- /dev/null +++ b/.github/workflows/10min-iiab-test-install.yml @@ -0,0 +1,53 @@ +name: '"10 min" IIAB test install' +# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 + +# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html +on: [push, pull_request, workflow_dispatch] + +# on: +# push: +# +# pull_request: +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# +# # Set your workflow to run every day of the week from Monday to Friday at 6:00 UTC +# schedule: +# - cron: "0 6 * * 1-5" + +jobs: + test-install: + runs-on: ubuntu-latest + steps: + - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + - name: Check out repository code + uses: actions/checkout@v3 + - run: echo "🍏 This job's status is ${{ job.status }}." + - name: GitHub Actions "runner" environment + run: | + whoami # runner + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + # ls + # ls $GITHUB_WORKSPACE + # ls ${{ github.workspace }} + # ls -la /opt # az, containerd, google, hostedtoolcache, microsoft, mssql-tools, pipx, pipx_bin, post-generation, runner, vsts + # apt update + # apt dist-upgrade -y + # apt autoremove -y + - name: Set up /opt/iiab/iiab + run: | + mkdir /opt/iiab + mv $GITHUB_WORKSPACE /opt/iiab + mkdir $GITHUB_WORKSPACE # OR SUBSEQUENT STEPS WILL FAIL ('working-directory: /opt/iiab/iiab' hacks NOT worth it!) + - name: Set up /etc/iiab/local_vars.yml + run: | + sudo mkdir /etc/iiab + # touch /etc/iiab/local_vars.yml + sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + - run: sudo /opt/iiab/iiab/scripts/ansible + - run: sudo ./iiab-install + working-directory: /opt/iiab/iiab + - run: iiab-summary + - run: cat /etc/iiab/iiab_state.yml From cb36d2b02fd80e7cc6a16dad105fa6e8fa056e1c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 May 2023 11:05:39 -0400 Subject: [PATCH 0508/1184] Try aarch64 version of kiwix-tools 3.5.0+ --- roles/kiwix/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 2696974fd..92cd15e26 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -31,7 +31,7 @@ kiwix_arch_dict: x86_64: x86_64 armv6l: armhf armv7l: armhf - aarch64: armhf + aarch64: aarch64 # ansible_architecture might also work, if not quite as well: # https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 From 5eab78b6bf2498e9c4dc08e7a34663304b8d9121 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 May 2023 19:23:46 -0400 Subject: [PATCH 0509/1184] Clarify kiwix/defaults/main.yml as kiwix-tools & RasPiOS evolve --- roles/kiwix/defaults/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 92cd15e26..286d09440 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# INSTRUCTIONS TO REINSTALL Kiwix: -# (1) VERIFY THESE VARS IN /etc/iiab/local_vars.yml +# ONLINE UPGRADE INSTRUCTIONS: +# (1) VERIFY VARS IN /etc/iiab/local_vars.yml # kiwix_install: True # kiwix_enabled: True -# (2) RUN: cd /opt/iiab/iiab; ./runrole --reinstall kiwix +# (2) RUN: cd /opt/iiab/iiab; sudo ./runrole --reinstall kiwix # FYI /library/zims contains 3 important things: @@ -25,13 +25,13 @@ kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ #kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ #kiwix_base_url: "{{ iiab_download_url }}/" # e.g. https://download.iiab.io/packages/ -kiwix_arch_dict: - #i386: - i686: i586 - x86_64: x86_64 - armv6l: armhf - armv7l: armhf - aarch64: aarch64 +kiwix_arch_dict: # 'dpkg --print-architecture' key would be: + #i386: # ? + i686: i586 # ? + x86_64: x86_64 # amd64 + armv6l: armhf # arm6l + armv7l: armhf # arm7l BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574 + aarch64: aarch64 # arm64 BEWARE: "32-bit" RasPiOS suddenly boots 64-bit kernel since March 2023 -- #3516, explained at https://github.com/iiab/iiab/pull/3422#issuecomment-1533441463 # ansible_architecture might also work, if not quite as well: # https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 From e227fdc29e7f37991d184f6eac9a98e1245ea494 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 May 2023 22:22:01 -0400 Subject: [PATCH 0510/1184] roles/kiwix/README.rst: Clarify proxying --- roles/kiwix/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/README.rst b/roles/kiwix/README.rst index e635be2de..db77fd05e 100644 --- a/roles/kiwix/README.rst +++ b/roles/kiwix/README.rst @@ -14,7 +14,7 @@ Locations - Your ZIM files go in ``/library/zims/content`` - Your ZIM index files used to go in directories under ``/library/zims/index`` (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!) -- The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats) +- The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats, Matomo, ETC) - Use URL http://box:3000/kiwix if you want to avoid the proxy Your ``/library/zims/library.xml`` (containing essential metadata for the ZIM files you've installed) can be regenerated if necessary, by running: From b1a219bcae70fa7ee656dfa10d5cd8fb1886a9e0 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 14 May 2023 09:06:29 -0400 Subject: [PATCH 0511/1184] Revert to kiwix-tools 3.4.0 if armhf 3.5.0 downloads --- roles/kiwix/defaults/main.yml | 6 +++--- roles/kiwix/tasks/install.yml | 10 ++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 286d09440..3d3472f1a 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -25,12 +25,12 @@ kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ #kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ #kiwix_base_url: "{{ iiab_download_url }}/" # e.g. https://download.iiab.io/packages/ -kiwix_arch_dict: # 'dpkg --print-architecture' key would be: +kiwix_arch_dict: # 'dpkg --print-architecture' key would be: (to mitigate #3516 in future, if truly nec?) #i386: # ? i686: i586 # ? x86_64: x86_64 # amd64 - armv6l: armhf # arm6l - armv7l: armhf # arm7l BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574 + armv6l: armhf # armhf + armv7l: armhf # armhf BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574, PR #3576 aarch64: aarch64 # arm64 BEWARE: "32-bit" RasPiOS suddenly boots 64-bit kernel since March 2023 -- #3516, explained at https://github.com/iiab/iiab/pull/3422#issuecomment-1533441463 # ansible_architecture might also work, if not quite as well: diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 8a95d52ba..b28f3636e 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -19,6 +19,14 @@ timeout: "{{ download_timeout }}" register: kiwix_dl # PATH /opt/iiab/downloads + ACTUAL filename put in kiwix_dl.dest, for unarchive ~28 lines below +- name: "2023-05-14: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" + get_url: + url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz + dest: "{{ downloads_dir }}" + timeout: "{{ download_timeout }}" + register: kiwix_dl + when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" + - name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) stat: path: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix @@ -58,6 +66,8 @@ src: "{{ kiwix_dl.dest }}" # See ~28 lines above, e.g. /opt/iiab/downloads/kiwix-tools_linux-x86_64-3.3.0-1.tar.gz dest: "{{ kiwix_path }}/bin" extra_opts: --strip-components=1 + owner: root # 2023-05-14: When unpacking let's avoid bogus owner/group, + group: root # arising from UID/GID on Kiwix's build machine. # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU From e3bb5c1ed59ca1bbcf1755d608e68d3a8a933b9c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 May 2023 20:29:43 -0400 Subject: [PATCH 0512/1184] Update debian-12.yml --- vars/debian-12.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/debian-12.yml b/vars/debian-12.yml index abdbf891b..3b51e4478 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -15,6 +15,6 @@ is_debian_12: True # sshd_package: openssh-server # sshd_service: ssh # systemd_location: /lib/systemd/system -# php_version: "8.1" +# php_version: "8.2" # postgresql_version: 15 -# python_version: "3.10" +# python_version: "3.11" From a23faea688f42498255d208e16b013330005682c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 May 2023 20:31:46 -0400 Subject: [PATCH 0513/1184] Update ubuntu-2304.yml --- vars/ubuntu-2304.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml index 07ed43529..72bb3d960 100644 --- a/vars/ubuntu-2304.yml +++ b/vars/ubuntu-2304.yml @@ -16,5 +16,5 @@ is_ubuntu_2304: True # sshd_service: ssh # systemd_location: /lib/systemd/system # php_version: "8.1" -# postgresql_version: 14 -# python_version: "3.10" +# postgresql_version: 15 +# python_version: "3.11" From 1157bb0f248804169fb9ca01e966fceab197cb7a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 May 2023 20:32:46 -0400 Subject: [PATCH 0514/1184] Update raspbian-12.yml --- vars/raspbian-12.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml index e6fd2f9d5..9fa4b1e75 100644 --- a/vars/raspbian-12.yml +++ b/vars/raspbian-12.yml @@ -17,6 +17,6 @@ is_raspbian_12: True # sshd_package: ssh # sshd_service: ssh # systemd_location: /lib/systemd/system -# php_version: "7.4" -# postgresql_version: 13 -# python_version: "3.9" +# php_version: "8.2" +# postgresql_version: 15 +# python_version: "3.11" From 9f866078a0ac9d7405a1088926084cc46cf7b91c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 May 2023 20:33:43 -0400 Subject: [PATCH 0515/1184] Update ubuntu-2310.yml --- vars/ubuntu-2310.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml index 843810075..ed40633df 100644 --- a/vars/ubuntu-2310.yml +++ b/vars/ubuntu-2310.yml @@ -15,6 +15,6 @@ is_ubuntu_2310: True # sshd_package: openssh-server # sshd_service: ssh # systemd_location: /lib/systemd/system -# php_version: "8.1" -# postgresql_version: 14 -# python_version: "3.10" +# php_version: "8.2" +# postgresql_version: 15 +# python_version: "3.11" From 687c497669384fdf9908d438055d93b267d7ece8 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 15 May 2023 14:03:21 -0400 Subject: [PATCH 0516/1184] Recommend ansible-core 2.15.0 --- iiab-install | 4 ++-- scripts/ansible | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/iiab-install b/iiab-install index 532cbf81d..2be185afc 100755 --- a/iiab-install +++ b/iiab-install @@ -10,8 +10,8 @@ ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forc CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' -MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.11.12 # 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 +MIN_ANSIBLE_VER=2.13.9 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false diff --git a/scripts/ansible b/scripts/ansible index 0fc8f611e..d117ca996 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.5] -GOOD_VER=2.14.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.0] +GOOD_VER=2.15.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 7f714e7c65d4de4497137c51fb0ae071353ca139 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 15 May 2023 16:51:08 -0400 Subject: [PATCH 0517/1184] Fix PR #3576, allowing regular Kiwix installs too! --- roles/kiwix/tasks/install.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index b28f3636e..0adaeef36 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -24,7 +24,17 @@ url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz dest: "{{ downloads_dir }}" timeout: "{{ download_timeout }}" - register: kiwix_dl + #register: kiwix_dl # CLOBBERS kiwix_dl.dest WHEN THIS STANZA DOES NOT RUN :/ + when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" + +# Ansible does not allow changing individuals subfields in a dictionary, but +# this crude hack works, overwriting the entire kiwix_dl dictionary var with +# the single (needed) key/value pair. (Or "register: tmp_dl" could be set +# above, if its other [subfields, key/value pairs, etc] really mattered...) +- name: "2023-05-15: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" + set_fact: + kiwix_dl: + dest: /opt/iiab/downloads/kiwix-tools_linux-armhf-3.4.0.tar.gz when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" - name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) From 58961b862c203d3152338b6e7e3e0849c0b55b38 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 15 May 2023 17:53:44 -0400 Subject: [PATCH 0518/1184] More consistent punctuation in local_vars files --- vars/default_vars.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4786cbe94..fc2826b03 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -502,7 +502,7 @@ kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk postgresql_install: False postgresql_enabled: False -# Warning: Moodle is a serious LMS, that takes a while to install. +# Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index de02105a9..35514ab81 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -295,7 +295,7 @@ kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu kiwix_install: True kiwix_enabled: True -# Warning: Moodle is a serious LMS, that takes a while to install. +# Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index e5e086fd6..4cc01a9c6 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -295,7 +295,7 @@ kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu kiwix_install: False kiwix_enabled: False -# Warning: Moodle is a serious LMS, that takes a while to install. +# Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, From ea2dc1ae62eb6e2ae27e10855e210550c8726385 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Acevedo=20=28Neomatrix=29?= <josuecevedo@gmail.com> Date: Mon, 15 May 2023 20:53:35 -0600 Subject: [PATCH 0519/1184] GitHub Actions .github/workflows/10min-iiab-test-install-raspbian.yml for CI/CD & QA (#1) * add .github/workflows/10min-iiab-test-install-raspbian.yml --- .../10min-iiab-test-install-raspbian.yml | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/workflows/10min-iiab-test-install-raspbian.yml diff --git a/.github/workflows/10min-iiab-test-install-raspbian.yml b/.github/workflows/10min-iiab-test-install-raspbian.yml new file mode 100644 index 000000000..b92a3caf1 --- /dev/null +++ b/.github/workflows/10min-iiab-test-install-raspbian.yml @@ -0,0 +1,69 @@ +name: '"10 min" IIAB raspbian test install' +# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 + +# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html +on: [push, pull_request, workflow_dispatch] + +# on: +# push: +# +# pull_request: +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# +# # Set your workflow to run every day of the week from Monday to Friday at 6:00 UTC +# schedule: +# - cron: "0 6 * * 1-5" + +jobs: + test-install: + runs-on: ubuntu-latest + strategy: + matrix: + arch: [aarch64] + include: + #- target: zero_raspbian + # cpu: arm1176 + # cpu_info: cpuinfo/raspberrypi_zero_w + # base_image: raspbian_lite:latest + #- target: zero_raspios + # cpu: arm1176 + # cpu_info: cpuinfo/raspberrypi_zero_w + # base_image: raspios_lite:latest + #- target: zero2_raspios + # cpu: cortex-a7 + # cpu_info: cpuinfo/raspberrypi_zero2_w + # base_image: raspios_lite:latest + - arch: aarch64 + cpu: cortex-a53 + cpu_info: cpuinfo/raspberrypi_zero2_w_arm64 + base_image: raspios_lite_arm64:latest + steps: + #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + #- name: Check out repository code + - uses: actions/checkout@v2 + - uses: pguyot/arm-runner-action@v2 + with: + image_additional_mb: 1024 + base_image: ${{ matrix.base_image }} + cpu: ${{ matrix.cpu }} + cpu_info: ${{ matrix.cpu_info }} + copy_repository_path: /opt/iiab/iiab + commands: | + test `uname -m` = ${{ matrix.arch }} + grep Model /proc/cpuinfo + echo "🍏 This job's status is ${{ job.status }}." + whoami # runner + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + sudo apt-get update -y --allow-releaseinfo-change + sudo apt-get install --no-install-recommends -y git + ls /opt/iiab/iiab + sudo mkdir /etc/iiab + sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + sudo /opt/iiab/iiab/scripts/ansible + sudo ./iiab-install + cd /opt/iiab/iiab + iiab-summary + cat /etc/iiab/iiab_state.yml From 0812cc4bc3290572d657dad9cb3f11102b55f319 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Acevedo=20=28Neomatrix=29?= <josuecevedo@gmail.com> Date: Mon, 15 May 2023 21:02:00 -0600 Subject: [PATCH 0520/1184] Update 10min-iiab-test-install-raspbian.yml change 'target' to 'arch' --- .github/workflows/10min-iiab-test-install-raspbian.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install-raspbian.yml b/.github/workflows/10min-iiab-test-install-raspbian.yml index b92a3caf1..35dfa9f5e 100644 --- a/.github/workflows/10min-iiab-test-install-raspbian.yml +++ b/.github/workflows/10min-iiab-test-install-raspbian.yml @@ -21,17 +21,17 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [aarch64] + arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] include: - #- target: zero_raspbian + #- arch: zero_raspbian # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspbian_lite:latest - #- target: zero_raspios + #- arch: zero_raspios # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspios_lite:latest - #- target: zero2_raspios + #- arch: zero2_raspios # cpu: cortex-a7 # cpu_info: cpuinfo/raspberrypi_zero2_w # base_image: raspios_lite:latest From 23ef49f7dffa091de387aeaebd29c8b318b36337 Mon Sep 17 00:00:00 2001 From: codeneomatrix <josuecevedo@gmail.com> Date: Mon, 15 May 2023 23:16:04 -0600 Subject: [PATCH 0521/1184] change namefile --- ...aspbian.yml => 30min-iiab-test-install-raspios.yml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename .github/workflows/{10min-iiab-test-install-raspbian.yml => 30min-iiab-test-install-raspios.yml} (91%) diff --git a/.github/workflows/10min-iiab-test-install-raspbian.yml b/.github/workflows/30min-iiab-test-install-raspios.yml similarity index 91% rename from .github/workflows/10min-iiab-test-install-raspbian.yml rename to .github/workflows/30min-iiab-test-install-raspios.yml index 35dfa9f5e..bdb7a082f 100644 --- a/.github/workflows/10min-iiab-test-install-raspbian.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -1,4 +1,4 @@ -name: '"10 min" IIAB raspbian test install' +name: '"30 min" IIAB test install raspios' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html @@ -21,17 +21,17 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] + arch: [aarch64] include: - #- arch: zero_raspbian + #- target: zero_raspbian # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspbian_lite:latest - #- arch: zero_raspios + #- target: zero_raspios # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspios_lite:latest - #- arch: zero2_raspios + #- target: zero2_raspios # cpu: cortex-a7 # cpu_info: cpuinfo/raspberrypi_zero2_w # base_image: raspios_lite:latest From 8e9401dbe85c3816f087347c6eb06ac457ac8860 Mon Sep 17 00:00:00 2001 From: codeneomatrix <josuecevedo@gmail.com> Date: Mon, 15 May 2023 23:17:51 -0600 Subject: [PATCH 0522/1184] update file --- .github/workflows/30min-iiab-test-install-raspios.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index bdb7a082f..1262fed71 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -21,17 +21,17 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [aarch64] + arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] include: - #- target: zero_raspbian + #- arch: zero_raspbian # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspbian_lite:latest - #- target: zero_raspios + #- arch: zero_raspios # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspios_lite:latest - #- target: zero2_raspios + #- arch: zero2_raspios # cpu: cortex-a7 # cpu_info: cpuinfo/raspberrypi_zero2_w # base_image: raspios_lite:latest From 8339e46c5d181964bae4a73694e4948f6e6d8ed5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 16 May 2023 01:42:22 -0400 Subject: [PATCH 0523/1184] Set rpi_model from /proc/cpuinfo for QEMU --- scripts/local_facts.fact | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 27fa281fb..4debf731a 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -113,8 +113,9 @@ tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp -grep -iq raspberry /proc/device-tree/model && - RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') +grep -iq raspberry /proc/cpuinfo && + RPI_MODEL=$(grep -i raspberry /proc/cpuinfo | sed 's/.*: //') + #RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') # /proc/device-tree/model e.g. 'Parallels ARM Virtual Machine' identical to... # /sys/firmware/devicetree/base/model (also true on RPi hardware!) From 95cb6f415c778f0406b56e4d0abfcd5f79eeadf7 Mon Sep 17 00:00:00 2001 From: codeneomatrix <josuecevedo@gmail.com> Date: Tue, 16 May 2023 10:16:53 -0600 Subject: [PATCH 0524/1184] update actions/checkout to v3.1.0 --- .github/workflows/10min-iiab-test-install.yml | 2 +- .github/workflows/30min-iiab-test-install-raspios.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 3aa1d159a..0926191af 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -23,7 +23,7 @@ jobs: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - name: Check out repository code - uses: actions/checkout@v3 + uses: actions/checkout@v3.1.0 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index 1262fed71..e1cb81c17 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -43,7 +43,7 @@ jobs: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." #- name: Check out repository code - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.1.0 - uses: pguyot/arm-runner-action@v2 with: image_additional_mb: 1024 From 9ca80db3fad692b12f6a41dd3cc7b9d297ed4a20 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 19 May 2023 15:45:38 -0400 Subject: [PATCH 0525/1184] 'pip install virtualenv==20.21.1' for KA Lite on Ubuntu 23.10 --- roles/kalite/tasks/install.yml | 4 ++-- scripts/install_python2.sh | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 674b18f03..09f9858dc 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -38,7 +38,7 @@ name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv virtualenv_site_packages: no - virtualenv_command: /usr/bin/virtualenv + virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) @@ -50,7 +50,7 @@ version: "{{ kalite_version }}" virtualenv: "{{ kalite_venv }}" virtualenv_site_packages: no - virtualenv_command: /usr/bin/virtualenv + virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index d61b125d7..f4cf75a19 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -16,7 +16,12 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) -apt -y install virtualenv +# Older version http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb +# unfortunately drags in newer 20.23+ version of python3-virtualenv, preventing Python 2. +# So let's try pip: (which installs to /usr/local/bin) +apt -y install python3-pip +pip install virtualenv==20.21.1 --break-system-packages +#apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 #apt -y install media-types libffi8 libssl3 From e1df2a50613ece4a31d4babf76a1ff29abc64b2f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 19 May 2023 16:38:32 -0400 Subject: [PATCH 0526/1184] kalite/tasks/install.yml: Force Python 2 if Debian > 11 or Ubuntu > 22.04 --- roles/kalite/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 09f9858dc..f17a3353c 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,7 +17,8 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) + when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_12, and is more future-proof than... + #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. #- name: Install Ubuntu keyrings on Debian @@ -31,7 +32,8 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 + when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_12, and is more future-proof than... + #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: From b61053cc3a842f860e93ecec1a4ed360b76500e1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 19 May 2023 17:38:34 -0400 Subject: [PATCH 0527/1184] kalite/tasks/install.yml: Fix typos "is_linuxmint_21" --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index f17a3353c..2300de138 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,7 +17,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_12, and is more future-proof than... + when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_21, and is more future-proof than... #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. @@ -32,7 +32,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_12, and is more future-proof than... + when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_21, and is more future-proof than... #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 From 6dec23b6c3238d851b7c29cecacaaf774917c15e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 19 May 2023 17:48:16 -0400 Subject: [PATCH 0528/1184] scripts/install_python2.sh: Explain pip install of older virtualenv --- scripts/install_python2.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f4cf75a19..b12eccf58 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -16,9 +16,12 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) -# Older version http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb -# unfortunately drags in newer 20.23+ version of python3-virtualenv, preventing Python 2. -# So let's try pip: (which installs to /usr/local/bin) +# 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer +# supports Python 2. Older version from Ubuntu 23.04 seemed plausible... +# http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb +# ...but drags in newer 20.23+ version of python3-virtualenv, leaving us +# with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. +# Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: apt -y install python3-pip pip install virtualenv==20.21.1 --break-system-packages #apt -y install virtualenv From e8a3129f13855866f4bc417e19d3fa0704283d41 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 20 May 2023 08:53:45 -0400 Subject: [PATCH 0529/1184] Further clarify kalite/tasks/install.yml --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 2300de138..a819a2cee 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,7 +17,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_21, and is more future-proof than... + when: is_debian_11 or is_ubuntu_2204 # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. @@ -32,7 +32,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_21, and is more future-proof than... + when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 From 5b4f4d79e62c3dc078bcdeaab441ea91c1529f9a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 May 2023 11:09:03 -0400 Subject: [PATCH 0530/1184] Begin transition to 'nodejs_version: 20.x' --- roles/internetarchive/tasks/install.yml | 6 +++--- roles/nodejs/README.md | 10 +++++----- vars/default_vars.yml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 0427f816c..8932c3f26 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 19.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 20.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('19.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 19.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('20.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 20.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 7a151adc6..33c6bcb02 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -8,15 +8,15 @@ Nodesource.com often supports Debian long before each Debian release, whereas fo For late-breaking details on Nodesource.com support for your particular Linux OS, keep an eye on: - https://github.com/nodesource/distributions#deb -- https://deb.nodesource.com/node_18.x/dists/ - - https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/ - - https://nodejs.org/dist/latest-v18.x/ +- https://deb.nodesource.com/node_20.x/dists/ + - https://deb.nodesource.com/node_20.x/pool/main/n/nodejs/ + - https://nodejs.org/dist/latest-v20.x/ - https://deb.nodesource.com/node_19.x/dists/ - https://deb.nodesource.com/node_19.x/pool/main/n/nodejs/ - https://nodejs.org/dist/latest-v19.x/ - _ETC!_ -If Nodesource.com does not yet support your Linux OS and IIAB's asked to install Node.js &mdash; IIAB will then [fall back](https://github.com/iiab/iiab/blob/15a689e30b4eea325e4bb8d35e19990dd8062fbc/roles/nodejs/tasks/install.yml#L103-L107) to: (running the equivalent of) +If Nodesource.com does not yet support your Linux OS and IIAB's asked to install Node.js &mdash; IIAB will then [fall back](https://github.com/iiab/iiab/blob/91a5cd33f34d5d2a55e75bf0cdc85bcd9d7b4821/roles/nodejs/tasks/install.yml#L103-L107) to: (running the equivalent of) ``` sudo apt install nodejs npm @@ -41,7 +41,7 @@ On the original Raspberry Pi Zero W (ARMv6) however: Node.js applications like I If necessary, run `sudo apt purge nodejs npm` then `sudo rm /etc/apt/sources.list.d/nodesource.list` then `sudo apt update` and then attempt to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/install.yml) _on the Raspberry Pi Zero W itself_ (`cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs`). -Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) &mdash; if that is your preference, consider a more recent version like: https://nodejs.org/dist/latest-v18.x/ +Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) &mdash; if that is your preference, consider a more recent version like: https://nodejs.org/dist/latest-v20.x/ Either way, you'll (likely) then also need to run: `sudo apt install npm` diff --git a/vars/default_vars.yml b/vars/default_vars.yml index fc2826b03..11e13f7dc 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -443,7 +443,7 @@ mosquitto_port: 1883 # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -nodejs_version: 18.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20 +nodejs_version: 20.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 7209bcd97d98bf1177def425ecccd95a27296b62 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 20 May 2023 17:33:37 -0400 Subject: [PATCH 0531/1184] install_python2.sh: Summarize messy virtualenv options --- scripts/install_python2.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index b12eccf58..c4ad4b897 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -15,12 +15,11 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) - # 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer -# supports Python 2. Older version from Ubuntu 23.04 seemed plausible... +# supports Python 2. Older versions from Ubuntu 22.04 (#3583) & 23.04 like... # http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb -# ...but drags in newer 20.23+ version of python3-virtualenv, leaving us -# with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. +# ...unfortunately drag in newer 20.23+ version of python3-virtualenv, leaving +# us with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. # Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: apt -y install python3-pip pip install virtualenv==20.21.1 --break-system-packages From a55c033a1668c3f7f77b00902ad98f0fb91bfd0a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 20 May 2023 17:35:03 -0400 Subject: [PATCH 0532/1184] Update install_python2.sh --- scripts/install_python2.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index c4ad4b897..5e0089f3b 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -15,6 +15,7 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) + # 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer # supports Python 2. Older versions from Ubuntu 22.04 (#3583) & 23.04 like... # http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb From 4e430da1a9868c6709d2973747eb5a9a1fb7b930 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 May 2023 20:30:27 -0400 Subject: [PATCH 0533/1184] Pin python3-platformdirs & python3-virtualenv to 22.04 for Python 2 on 23.10 ? --- scripts/install_python2.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 5e0089f3b..01269fda9 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -22,8 +22,9 @@ ARCH=$(dpkg --print-architecture) # ...unfortunately drag in newer 20.23+ version of python3-virtualenv, leaving # us with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. # Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: -apt -y install python3-pip -pip install virtualenv==20.21.1 --break-system-packages +#apt -y install python3-pip +#pip install virtualenv==20.21.1 --break-system-packages +# #apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 #apt -y install media-types libffi8 libssl3 @@ -61,6 +62,12 @@ EOF esac apt update +# 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less +# fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) +apt -y install python3-platformdirs=2.5.1-1 +apt-mark hold python3-platformdirs +apt -y install python3-virtualenv=20.13.0+ds-2 +apt-mark hold virtualenv apt -y install python2 rm /etc/apt/sources.list.d/python2.list || true apt update From 352ddcf6953bbbef9157890846e181e3ed1b9069 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 May 2023 07:52:17 -0400 Subject: [PATCH 0534/1184] install_python2.sh: Clarify virtualenv (22.04 for now, 23.04 later?) --- scripts/install_python2.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 01269fda9..7d0de2062 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -68,6 +68,8 @@ apt -y install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs apt -y install python3-virtualenv=20.13.0+ds-2 apt-mark hold virtualenv +# 2023-05-21 PR #3587: Above 4 lines should really install a more recent +# version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? apt -y install python2 rm /etc/apt/sources.list.d/python2.list || true apt update From 842bf91f764754f80c569712a85a613eb318a363 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 May 2023 08:25:39 -0400 Subject: [PATCH 0535/1184] install_python2.sh: Honor Bookworm's built-in virtualenv --- scripts/install_python2.sh | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 7d0de2062..f7e0bbd90 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -62,14 +62,18 @@ EOF esac apt update -# 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less -# fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) -apt -y install python3-platformdirs=2.5.1-1 -apt-mark hold python3-platformdirs -apt -y install python3-virtualenv=20.13.0+ds-2 -apt-mark hold virtualenv -# 2023-05-21 PR #3587: Above 4 lines should really install a more recent -# version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? +if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) need this. Ubuntu 23.04 tolerates it. + # 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less + # fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) + apt -y install python3-platformdirs=2.5.1-1 + apt-mark hold python3-platformdirs + apt -y install python3-virtualenv=20.13.0+ds-2 + apt-mark hold virtualenv + # 2023-05-21 PR #3587: Above 4 lines should really install a more recent + # version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? +else + apt -y install virtualenv # Debian 12 & RasPiOS 12 are A-Ok with built-in virtualenv 20.17.1 (<= 20.21.1) +fi apt -y install python2 rm /etc/apt/sources.list.d/python2.list || true apt update From 987fd7324f3bbb58212261cfc070cd3faa6d2e33 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 May 2023 09:18:25 -0400 Subject: [PATCH 0536/1184] install_python2.sh: Clarify pip & apt virtualenv options --- scripts/install_python2.sh | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f7e0bbd90..50089b4e1 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -17,13 +17,20 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) # 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer -# supports Python 2. Older versions from Ubuntu 22.04 (#3583) & 23.04 like... +# supports Python 2. Root cause is virtualenv 20.22.0 (2023-04-19) which +# removed Python 2 support: https://virtualenv.pypa.io/en/latest/changelog.html +# Unfortunately older versions from Ubuntu 22.04 (#3583) & 23.04 like... # http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb -# ...unfortunately drag in newer 20.23+ version of python3-virtualenv, leaving +# ...can drag in newer 20.23+ version of python3-virtualenv, leaving # us with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. # Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: -#apt -y install python3-pip -#pip install virtualenv==20.21.1 --break-system-packages +# +#iif grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) needs this. Ubuntu 23.04 tolerates it. +# apt -y install python3-pip +# pip install virtualenv==20.21.1 --break-system-packages +#else +# apt -y install virtualenv # Debian 12 & RasPiOS 12 are A-Ok with built-in virtualenv 20.17.1 (<= 20.21.1) +#fi # #apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 @@ -62,7 +69,7 @@ EOF esac apt update -if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) need this. Ubuntu 23.04 tolerates it. +if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) needs this. Ubuntu 23.04 tolerates it. # 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less # fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) apt -y install python3-platformdirs=2.5.1-1 From 56d27330636cc456d8296564801c998f05f75bcf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 22 May 2023 11:56:18 -0400 Subject: [PATCH 0537/1184] TEMPORARILY revert ansible-core 2.15.0 to 2.14.6 for #3588 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index d117ca996..838fdb538 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -216,7 +216,7 @@ if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi -/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core +/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core==2.14.6 # 2023-05-22: TEMPORARILY REVERT FROM 2.15.0 UNTIL ansible/ansible#80863 FIXED (e.g. for FreePBX, #3588) echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do From 8ae4f020e988c4eb3f55dd0105af957c13365d4b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 22 May 2023 17:47:29 -0400 Subject: [PATCH 0538/1184] Refine PR #3590 to document ansible-core 2.14.6 recommendation --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 838fdb538..3ae46a4c9 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.0] -GOOD_VER=2.15.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.6] +GOOD_VER=2.14.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From a57710c117a3f1b627e79d98d780e7b23d763ce7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 26 May 2023 21:47:14 -0400 Subject: [PATCH 0539/1184] local_vars_medium.yml: Avoid Lokole for now due to #3572 --- vars/local_vars_medium.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 8a8ae98d6..776d94614 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -244,8 +244,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: True # 2022-03-13: Python 3.9+ work -lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 +lokole_install: False # 2022-03-13: Python 3.9+ work +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False From fc524462baefb7e35498a793f5d28a5b42d12b0d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 27 May 2023 03:26:04 -0400 Subject: [PATCH 0540/1184] Record approx disk usage for 45 roles (to iiab.ini) --- roles/awstats/tasks/install.yml | 16 ++++++++++++++++ roles/azuracast/tasks/install.yml | 16 ++++++++++++++++ roles/calibre-web/tasks/install.yml | 16 ++++++++++++++++ roles/calibre/tasks/install.yml | 16 ++++++++++++++++ roles/captiveportal/tasks/install.yml | 16 ++++++++++++++++ roles/cups/tasks/install.yml | 16 ++++++++++++++++ roles/gitea/tasks/install.yml | 16 ++++++++++++++++ roles/gitea/tasks/main.yml | 2 +- roles/iiab-admin/tasks/main.yml | 16 ++++++++++++++++ roles/internetarchive/tasks/install.yml | 16 ++++++++++++++++ roles/jupyterhub/tasks/install.yml | 16 ++++++++++++++++ roles/kalite/tasks/install.yml | 16 ++++++++++++++++ roles/kiwix/tasks/install.yml | 16 ++++++++++++++++ roles/kolibri/tasks/install.yml | 16 ++++++++++++++++ roles/lokole/tasks/install.yml | 16 ++++++++++++++++ roles/matomo/tasks/install.yml | 16 ++++++++++++++++ roles/mediawiki/tasks/install.yml | 16 ++++++++++++++++ roles/minetest/tasks/install.yml | 20 +++++++++++++++++--- roles/mongodb/tasks/install.yml | 16 ++++++++++++++++ roles/monit/tasks/install.yml | 16 ++++++++++++++++ roles/moodle/tasks/install.yml | 16 ++++++++++++++++ roles/mosquitto/tasks/install.yml | 16 ++++++++++++++++ roles/munin/tasks/install.yml | 16 ++++++++++++++++ roles/mysql/tasks/install.yml | 16 ++++++++++++++++ roles/network/tasks/install.yml | 16 ++++++++++++++++ roles/nextcloud/tasks/install.yml | 16 ++++++++++++++++ roles/nextcloud/tasks/main.yml | 2 +- roles/nginx/tasks/install.yml | 16 ++++++++++++++++ roles/nodejs/tasks/install.yml | 20 ++++++++++++++++++++ roles/nodered/tasks/install.yml | 16 ++++++++++++++++ roles/openvpn/tasks/install.yml | 16 ++++++++++++++++ roles/osm-vector-maps/tasks/install.yml | 16 ++++++++++++++++ roles/pbx/tasks/install.yml | 16 ++++++++++++++++ roles/phpmyadmin/tasks/install.yml | 16 ++++++++++++++++ roles/postgresql/tasks/install.yml | 16 ++++++++++++++++ roles/pylibs/tasks/main.yml | 16 ++++++++++++++++ roles/remoteit/tasks/install.yml | 16 ++++++++++++++++ roles/samba/tasks/install.yml | 16 ++++++++++++++++ roles/sshd/tasks/install.yml | 17 +++++++++++++++++ roles/sugarizer/tasks/install.yml | 16 ++++++++++++++++ roles/transmission/tasks/install.yml | 16 ++++++++++++++++ roles/usb_lib/tasks/install.yml | 17 +++++++++++++++++ roles/vnstat/tasks/install.yml | 16 ++++++++++++++++ roles/wordpress/tasks/install.yml | 20 ++++++++++++++++++++ roles/wordpress/tasks/main.yml | 6 ------ roles/www_base/tasks/main.yml | 17 +++++++++++++++++ roles/www_options/tasks/main.yml | 16 ++++++++++++++++ roles/yarn/tasks/install.yml | 16 ++++++++++++++++ 48 files changed, 734 insertions(+), 11 deletions(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index f88e7174c..5585c19ca 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: 'Install package: awstats' package: name: awstats @@ -93,6 +98,17 @@ # RECORD AWStats AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'awstats_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: awstats + option: awstats_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'awstats_installed: True'" set_fact: awstats_installed: True diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 8ce9474d2..741e164f5 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -25,6 +25,11 @@ # 5. Run './runrole --reinstall azuracast' in /opt/iiab/iiab +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: AzuraCast - Make config directory {{ azuracast_host_dir }} file: path: "{{ azuracast_host_dir }}" @@ -102,6 +107,17 @@ # RECORD AzuraCast AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'azuracast_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: azuracast + option: azuracast_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'azuracast_installed: True'" set_fact: azuracast_installed: True diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 285d138a1..674880514 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: imagemagick, python3-netifaces" package: name: @@ -110,6 +115,17 @@ # RECORD Calibre-Web AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'calibreweb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre-web + option: calibreweb_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'calibreweb_installed: True'" set_fact: calibreweb_installed: True diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index 6a435c968..7646167a4 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. APT INSTALL CALIBRE 4.12+ or 5.12+ (calibre, calibredb, calibre-server etc) ON ALL OS'S - name: "Install OS's latest packages: calibre, calibre-bin" @@ -79,6 +84,17 @@ # 5. RECORD Calibre AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'calibre_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre + option: calibre_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'calibre_installed: True'" set_fact: calibre_installed: True diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index ab25d50b6..791d516fa 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: python3-dateutil, python3-jinja2" package: name: @@ -51,6 +56,17 @@ # RECORD Captive Portal AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'captiveportal_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: captiveportal + option: captiveportal_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'captiveportal_installed: True'" set_fact: captiveportal_installed: True diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 12296cfe5..e080b68cf 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -2,6 +2,11 @@ # (OR ANY MEMBER OF LINUX GROUP 'lpadmin') AS SET UP BELOW... +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 'cups' package package: name: cups @@ -124,6 +129,17 @@ # RECORD CUPS AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'cups_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: cups + option: cups_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'cups_installed: True'" set_fact: cups_installed: True diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 02dfa7cda..59f9d0be9 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. Prepare to install Gitea: create user and directory structure - name: Shut down existing Gitea instance (if we're reinstalling) @@ -105,6 +110,17 @@ # 5. RECORD Gitea AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'gitea_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: gitea + option: gitea_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'gitea_installed: True'" set_fact: gitea_installed: True diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 4fbd7359e..335911c96 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -27,7 +27,7 @@ - include_tasks: enable-or-disable.yml - - name: Add 'gitea' to list of services at {{ iiab_ini_file }} + - name: Add 'gitea' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: gitea diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 09a408aa4..f9d6d38a5 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -2,6 +2,11 @@ # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install text-mode packages, useful during remote access: lynx, screen" package: name: @@ -35,6 +40,17 @@ # RECORD iiab-admin AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'iiab_admin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: iiab-admin + option: iiab_admin_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'iiab_admin_installed: True'" set_fact: iiab_admin_installed: True diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 0427f816c..9f67851cf 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -30,6 +30,11 @@ state: present +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2. CREATE 2 DIRS, WIPE /opt/iiab/internetarchive/node_modules & RUN YARN - name: mkdir {{ internetarchive_dir }} @@ -64,6 +69,17 @@ # 4. RECORD Internet Archive AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'internetarchive_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: internetarchive + option: internetarchive_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'internetarchive_installed: True'" set_fact: internetarchive_installed: True diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 223985f5b..eeffed232 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,6 +13,11 @@ when: nodejs_installed is undefined +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install package: python3-psutil" package: name: python3-psutil @@ -104,6 +109,17 @@ # RECORD JupyterHub AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'jupyterhub_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: jupyterhub + option: jupyterhub_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'jupyterhub_installed: True'" set_fact: jupyterhub_installed: True diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index a819a2cee..dc802f8cc 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Download {{ kalite_requirements }} to {{ pip_packages_dir }}/kalite.txt get_url: url: "{{ kalite_requirements }}" @@ -105,6 +110,17 @@ # RECORD KA Lite AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'kalite_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kalite + option: kalite_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'kalite_installed: True'" set_fact: kalite_installed: True diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 0adaeef36..e8a606b13 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -6,6 +6,11 @@ when: kiwix_arch == "unsupported" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. PUT IN PLACE: /opt/iiab/downloads/kiwix-tools_linux-*.tar.gz, move /opt/iiab/kiwix/bin aside if nec, create essential dirs, and test.zim if nec (library.xml is created later, by enable-or-disable.yml) # 2022-10-04: get_url might be removed in future (unarchive below can handle @@ -118,6 +123,17 @@ # 5. RECORD Kiwix AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'kiwix_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kiwix + option: kiwix_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'kiwix_installed: True'" set_fact: kiwix_installed: True diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index df74817e4..3b5826f6c 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -23,6 +23,11 @@ # https://kolibri.readthedocs.io/en/latest/install/provision.html +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" @@ -209,6 +214,17 @@ # RECORD Kolibri AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'kolibri_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kolibri + option: kolibri_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'kolibri_installed: True'" set_fact: kolibri_installed: True diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index f26457f87..5f8c76d4f 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,6 +2,11 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 12 packages for Lokole apt: name: @@ -133,6 +138,17 @@ # RECORD Lokole AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'lokole_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: lokole + option: lokole_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'lokole_installed: True'" set_fact: lokole_installed: True diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 56439de3e..97c321d83 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,6 +12,11 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # https://matomo.org/faq/on-premise/matomo-requirements/ - name: Install Matomo's recommended PHP extensions package: @@ -239,6 +244,17 @@ # RECORD Matomo AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'matomo_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: matomo + option: matomo_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'matomo_installed: True'" set_fact: matomo_installed: True diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 145c1dc3d..b5af608c1 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # https://www.mediawiki.org/wiki/Manual:Installation_requirements#PHP - name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml' package: @@ -95,6 +100,17 @@ # RECORD MediaWiki AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mediawiki_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mediawiki + option: mediawiki_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mediawiki_installed: True'" set_fact: mediawiki_installed: True diff --git a/roles/minetest/tasks/install.yml b/roles/minetest/tasks/install.yml index 1850eda84..e9e9982b9 100644 --- a/roles/minetest/tasks/install.yml +++ b/roles/minetest/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Check for Minetest world file ({{ minetest_world_dir }}/world.mt) stat: path: "{{ minetest_world_dir }}/world.mt" @@ -7,9 +12,6 @@ file: state: directory path: /library/games - # owner: root - # group: root - # mode: '0755' - include_tasks: minetest_install.yml when: not minetest_world.stat.exists @@ -35,8 +37,20 @@ url: https://content.minetest.net/packages/sfan5/worldedit/releases/13367/download/ when: minetest_default_game == "minetest" + # RECORD Minetest AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'minetest_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: minetest + option: minetest_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'minetest_installed: True'" set_fact: minetest_installed: True diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index eb5d8b345..8efb7d91d 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -4,6 +4,11 @@ # https://www.mongodb.com/docs/manual/installation/ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. INSTALL MongoDB PACKAGES AND/OR BINARIES # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so @@ -367,6 +372,17 @@ # 3. RECORD MongoDB AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mongodb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mongodb + option: mongodb_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mongodb_installed: True'" set_fact: mongodb_installed: True diff --git a/roles/monit/tasks/install.yml b/roles/monit/tasks/install.yml index bc6173468..7dd9802d1 100644 --- a/roles/monit/tasks/install.yml +++ b/roles/monit/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 'monit' package package: name: monit @@ -35,6 +40,17 @@ # RECORD Monit AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'monit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: monit + option: monit_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'monit_installed: True'" set_fact: monit_installed: True diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a3cd511de..cb19f242c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,6 +17,11 @@ name: postgresql +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: # https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries # https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml @@ -189,6 +194,17 @@ # RECORD Moodle AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'moodle_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: moodle + option: moodle_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'moodle_installed: True'" set_fact: moodle_installed: True diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml index 6ba7fd0d0..5f1fdde01 100644 --- a/roles/mosquitto/tasks/install.yml +++ b/roles/mosquitto/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: mosquitto, mosquitto-clients" package: name: "{{ item }}" @@ -32,6 +37,17 @@ # RECORD Mosquitto AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mosquitto_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mosquitto + option: mosquitto_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mosquitto_installed: True'" set_fact: mosquitto_installed: True diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index a889ff15b..cb6460c9f 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # SEE ALSO roles/network/tasks/install.yml - name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 sysctl: @@ -44,6 +49,17 @@ # RECORD Munin AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'munin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: munin + option: munin_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'munin_installed: True'" set_fact: munin_installed: True diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index ceff65c66..3abfc3d30 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql, python3-pymysql' package: name: @@ -61,6 +66,17 @@ # RECORD MySQL AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mysql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mysql + option: mysql_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mysql_installed: True'" set_fact: mysql_installed: True diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 71aa2a1eb..10ed94b5e 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 @@ -101,6 +106,17 @@ # RECORD Network AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'network_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: network + option: network_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'network_installed: True'" set_fact: network_installed: True diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 843cf84bc..ee1bed19f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # CHECK FOR PHP VERSION AUTOMATICALLY, TO DETERMINE WHICH NEXTCLOUD TO INSTALL. # INSPIRED BY: github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml @@ -119,6 +124,17 @@ # RECORD Nextcloud AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nextcloud_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nextcloud + option: nextcloud_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nextcloud_installed: True'" set_fact: nextcloud_installed: True diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index d98ae5b27..1308da347 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -31,7 +31,7 @@ - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: Nextcloud + section: nextcloud option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index d9f3c4dda..a9e4c0b6c 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Stop & Disable '{{ apache_service }}' systemd service, in case it exists systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml @@ -66,6 +71,17 @@ # RECORD NGINX AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nginx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nginx + option: nginx_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nginx_installed: True'" set_fact: nginx_installed: True diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 08b08bdb9..fcc6aaaea 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -1,3 +1,12 @@ +# Lokole PDF (User's Guide) gets copied for offline use (http://box/info) here: +# https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 + + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. TEST IF Node.js ALEADY INSTALLED & IF SO WARN IT'LL BE REPLACED # 2019-02-03: BELOW TESTS IF 'nodejs' VERSION IS ALREADY INSTALLED: @@ -161,6 +170,17 @@ # 3. RECORD Node.js AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nodejs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodejs + option: nodejs_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nodejs_installed: True'" set_fact: nodejs_installed: True diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 7ee0a7d73..70a213087 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -23,6 +23,11 @@ # when: nodejs_version != "12.x" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & # Ubermix that often include an older version of Node-RED. Brutal, as this # removes customizations on graphical desktop OS's e.g. Raspbian Desktop's: @@ -138,6 +143,17 @@ # RECORD Node-RED AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nodered_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodered + option: nodered_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nodered_installed: True'" set_fact: nodered_installed: True diff --git a/roles/openvpn/tasks/install.yml b/roles/openvpn/tasks/install.yml index cbe2e36af..4241fa723 100644 --- a/roles/openvpn/tasks/install.yml +++ b/roles/openvpn/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: ncat, nmap, openvpn, sudo" package: name: @@ -100,6 +105,17 @@ # RECORD OpenVPN AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'openvpn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: openvpn + option: openvpn_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'openvpn_installed: True'" set_fact: openvpn_installed: True diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 03642c274..17a82b5b4 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" package: state: present @@ -196,6 +201,17 @@ # RECORD OSM Vector Maps AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'osm_vector_maps_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: osm-vector-maps + option: osm_vector_maps_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'osm_vector_maps_installed: True'" set_fact: osm_vector_maps_installed: True diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index 7af2c144e..934d1dbe3 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -22,6 +22,11 @@ # when: nodejs_version != "12.x" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2021-08-09: Moved to roles/pbx/tasks/apache.yml # - name: "Set 'apache_install: True' and 'apache_enabled: True'" @@ -44,6 +49,17 @@ # RECORD PBX AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'pbx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: pbx + option: pbx_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'pbx_installed: True'" set_fact: pbx_installed: True diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index 345927a04..6c5ccc499 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Download {{ phpmyadmin_dl_url }} to {{ downloads_dir }} get_url: url: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.0.4/phpMyAdmin-5.0.4-all-languages.zip @@ -48,6 +53,17 @@ # RECORD phpMyAdmin AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'phpmyadmin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: phpmyadmin + option: phpmyadmin_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'phpmyadmin_installed: True'" set_fact: phpmyadmin_installed: True diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 214f8b028..f16a06b8d 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: 'Install packages: postgresql, postgresql-client, python3-psycopg2' package: name: @@ -90,6 +95,17 @@ # RECORD PostgreSQL AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'postgresql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: postgresql + option: postgresql_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'postgresql_installed: True'" set_fact: postgresql_installed: True diff --git a/roles/pylibs/tasks/main.yml b/roles/pylibs/tasks/main.yml index f7ffa0f1d..aecabbeb8 100644 --- a/roles/pylibs/tasks/main.yml +++ b/roles/pylibs/tasks/main.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install iiab lib files template: src: "{{ item.src }}" @@ -13,6 +18,17 @@ # RECORD pylibs AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'pylibs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: pylibs + option: pylibs_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'pylibs_installed: True'" set_fact: pylibs_installed: True diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 360cb7397..6f2bedae6 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # - name: Fail if architecture remoteit_device_suffix == "unknown" # fail: # msg: "Could not find a remote.it Device Package (.deb) for CPU architecture \"{{ ansible_architecture }}\"" @@ -124,6 +129,17 @@ # RECORD remote.it AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'remoteit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: remoteit + option: remoteit_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'remoteit_installed: True'" set_fact: remoteit_installed: True diff --git a/roles/samba/tasks/install.yml b/roles/samba/tasks/install.yml index 4b804168f..6c2b47fa0 100644 --- a/roles/samba/tasks/install.yml +++ b/roles/samba/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Create smb user: {{ smbuser }}" user: name: "{{ smbuser }}" @@ -31,6 +36,17 @@ # RECORD Samba AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'samba_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: samba + option: samba_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'samba_installed: True'" set_fact: samba_installed: True diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index 86d1e9360..20e8b4bf5 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -9,6 +9,12 @@ # # 2) Use Ansible handler to reload ssh? + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install ssh daemon using package: {{ sshd_package }}" package: name: "{{ sshd_package }}" @@ -41,6 +47,17 @@ # RECORD sshd AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'sshd_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: sshd + option: sshd_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'sshd_installed: True'" set_fact: sshd_installed: True diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 5e9cf3826..95206dc7a 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -27,6 +27,11 @@ # when: nodejs_version != "12.x" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2. DOWNLOAD+LINK /opt/iiab/sugarizer - name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~740 MB) @@ -232,6 +237,17 @@ # 6. RECORD Sugarizer AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'sugarizer_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: sugarizer + option: sugarizer_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'sugarizer_installed: True'" set_fact: sugarizer_installed: True diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 015116b82..17a87d1c0 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install BitTorrent packages: transmission-daemon, transmission-cli" package: name: @@ -55,6 +60,17 @@ # RECORD Transmission AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'transmission_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: transmission + option: transmission_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'transmission_installed: True'" set_fact: transmission_installed: True diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 6510ab336..bea8638ee 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,6 +7,12 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Does systemd-udevd.service exist stat: path: "{{ systemd_location }}/systemd-udevd.service" @@ -87,6 +93,17 @@ # RECORD 'USB_LIB' AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'usb_lib_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: usb_lib + option: usb_lib_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'usb_lib_installed: True'" set_fact: usb_lib_installed: True diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 70e4f56cc..0d34e5cfc 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 'vnstat' package package: name: vnstat @@ -42,6 +47,17 @@ # RECORD vnStat AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'vnstat_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: vnstat + option: vnstat_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'vnstat_installed: True'" set_fact: vnstat_installed: True diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index cfab49cc0..449891e37 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,6 +12,15 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + +- name: Provision MySQL DB + include_tasks: setup.yml + + # 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: # https://make.wordpress.org/hosting/handbook/server-environment/ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) @@ -131,6 +140,17 @@ # RECORD WordPress AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'wordpress_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: wordpress + option: wordpress_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'wordpress_installed: True'" set_fact: wordpress_installed: True diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index aa93c6672..106343a84 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -23,19 +23,13 @@ - block: - - name: Provision MySQL DB for WordPress, if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: setup.yml - when: wordpress_installed is undefined # and not installing - - name: Install WordPress if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: wordpress_installed is undefined - - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - - name: Add 'wordpress' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 0f557148f..8e278d60b 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,6 +1,12 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2021-06-27: Antifragile roles can become less brittle by fully declaring # their own dependencies (i.e. for modularity, separation-of-concerns, # encapsulation, compartmentalization, scope sanity, etc). @@ -54,6 +60,17 @@ # RECORD www_base AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'www_base_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: www_base + option: www_base_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'www_base_installed: True'" set_fact: www_base_installed: True diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 6342bcdd0..eea007b7f 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -2,6 +2,11 @@ # Role "www_options" runs here, probably in 4-SERVER-OPTIONS. +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # HOMEPAGE - name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.) @@ -119,6 +124,17 @@ # RECORD www_options AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'www_options_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: www_options + option: www_options_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'www_options_installed: True'" set_fact: www_options_installed: True diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index e7f759a96..5d8e3a258 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Yarn | Download apt key to /usr/share/keyrings/yarn.gpg shell: curl https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn.gpg @@ -40,6 +45,17 @@ # RECORD Yarn AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'yarn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: yarn + option: yarn_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'yarn_installed: True'" set_fact: yarn_installed: True From 3c5b071c25deb46ef5ec57c0937af557b4549bb3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 27 May 2023 14:07:13 -0400 Subject: [PATCH 0541/1184] Estimate IIAB software disk usage, in /etc/iiab/iiab.ini 'summary' section --- roles/0-init/tasks/create_iiab_ini.yml | 19 +++++++++++++------ roles/9-local-addons/tasks/main.yml | 15 +++++++++++++++ 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 980a7fc1b..002e09225 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -1,7 +1,11 @@ -# workaround for fact that auto create does not work on iiab_ini_file (/etc/iiab/iiab.ini) +- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }}) to later estimate iiab_software_disk_usage + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + +# workaround for fact that auto create does not work on iiab_ini_file - name: Create {{ iiab_ini_file }} file: - path: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini state: touch - name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) @@ -12,10 +16,11 @@ command: dpkg --print-foreign-architectures register: dpkg_foreign_arch -- name: Add 'location' variable values to {{ iiab_ini_file }} + +- name: Add 'summary' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: initial-location + section: summary option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: @@ -23,11 +28,13 @@ value: "{{ iiab_base }}" - option: iiab_dir value: "{{ iiab_dir }}" + - option: disk_space_a_priori + value: "{{ df1.stdout }}" -- name: Add 'version' variable values to {{ iiab_ini_file }} +- name: Add 'initial-versions' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: initial-version + section: initial-versions option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index f9ea8e20f..7070973c6 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,6 +42,21 @@ name: pbx when: pbx_install +- name: Read 'disk_space_a_priori' from /etc/iiab/iiab.ini + set_fact: + df1: "{{ lookup('ansible.builtin.ini', 'disk_space_a_priori', section='summary', file=iiab_ini_file) }}" + +- name: Record currently available disk space, to compare with original 'disk_space_a_priori' + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add ESTIMATED 'iiab_software_disk_usage = {{ df1|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: summary + option: iiab_software_disk_usage + value: "{{ df1|int - df2.stdout|int }}" + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" From 7205219292258593234a9a6a22fa7f7096d89017 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 27 May 2023 15:24:13 -0400 Subject: [PATCH 0542/1184] create_iiab_ini.yml: Rename iiab.ini section to 'initial' --- roles/0-init/tasks/create_iiab_ini.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 002e09225..98c195b67 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -31,10 +31,10 @@ - option: disk_space_a_priori value: "{{ df1.stdout }}" -- name: Add 'initial-versions' variable values to {{ iiab_ini_file }} +- name: Add 'initial' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: initial-versions + section: initial option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: From e06f833c6b1bebfc07e9ac607562c5011a3c7c79 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 27 May 2023 15:47:51 -0400 Subject: [PATCH 0543/1184] Explain saving disk_space_a_priori to iiab.ini --- roles/0-init/tasks/create_iiab_ini.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 98c195b67..6e3e08a73 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -1,4 +1,4 @@ -- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }}) to later estimate iiab_software_disk_usage +- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }} below) to later estimate iiab_software_disk_usage shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' register: df1 From efa974b26a51c36565df0df5085b2d572cecf205 Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Sat, 27 May 2023 14:52:30 -0600 Subject: [PATCH 0544/1184] add iiab size --- scripts/iiab-item-size.py | 128 ++++++++++++++++++++++++++++++++++++++ scripts/iiab-size.py | 44 +++++++++++++ 2 files changed, 172 insertions(+) create mode 100644 scripts/iiab-item-size.py create mode 100644 scripts/iiab-size.py diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py new file mode 100644 index 000000000..c4727a221 --- /dev/null +++ b/scripts/iiab-item-size.py @@ -0,0 +1,128 @@ +#!/usr/bin/python3 +# Creates json files for presets + +import os, sys, syslog +from datetime import date +import pwd, grp +import shutil +import argparse +import sqlite3 +import iiab.iiab_lib as iiab +import iiab.adm_lib as adm +import requests +import json + +all_menu_defs = adm.get_all_menu_defs() + +def main(): + parser = argparse.ArgumentParser(description="Get size for item.") + parser.add_argument("name", help="Name item.") + + # menu_dir + args = parser.parse_args() + + name = args.name + + content= get_item_size(name) + + #print('size: ',iiab.human_readable(content["size"])) + print(f'content ', content) + + sys.exit() + +def get_zims_size_from_header(url): + #url = 'https://download.kiwix.org/zim/other/mdwiki_en_all_2023-03.zim' + response = requests.head(url, allow_redirects=True) + size = 0 + if (response.status_code == 200): + size = int(response.headers.get('Content-Length', 0)) + return size + +def get_zims_size_from_file(name): + data_output = {} + data_output['download_url']= '' + data_output['size'] = 0 + + with open('/etc/iiab/kiwix_catalog.json') as json_file: + data = json.load(json_file)['zims'] + result = { data[element]['perma_ref']: data[element] for element in list(data.keys())} + if result.get(name) is not None: + data_output['download_url']= result[name]['download_url'] + data_output['size']= (int(result[name].get('size',0)) * 1024) + 1023 + return data_output + +def get_zims_size(name): + data = get_zims_size_from_file(name) + #if data['size'] <= 1023: + # data['size'] = get_zims_size_from_header(data['download_url']) + return data + +def get_oer2go_size_from_file(name): + data_output = {} + data_output['download_url']= '' + data_output['size'] = 0 + + with open('/etc/iiab/oer2go_catalog.json') as json_file: + data = json.load(json_file)['modules'] + if data.get(name) is not None: + data_output['download_url']= data[name]['rsync_url'] + data_output['size']= (int(data[name].get('ksize',0)) * 1024) + 1023 + return data_output + +def get_map_size_from_file(name): + data_output = {} + data_output['download_url']= '' + data_output['size'] = 0 + + with open('/etc/iiab/map-catalog.json') as json_file: + data = json.load(json_file)['base'] + result = { data[element]['perma_ref']: data[element] for element in list(data.keys())} + if result.get(name) is not None: + data_output['download_url']= result[name]['archive_url'] + data_output['size']= (int(result[name].get('size',0))) + 1023 + return data_output + + +def get_item_size(name_input): + return [get_size(element) for element in [name_input]] + +def get_items_size(name_input): + return [get_size(element) for element in name_input] + +def element_unknown(name): + return {"size":0} + +def build_otput(name, type_element, function): + data = function(name) + if data['size']== 0: + print(name, "element",type_element,"not found") + + return { + "name": name + ,"type": type_element + ,"size": data['size'] + } + +def get_size(name_input): + if name_input in all_menu_defs: + info = all_menu_defs[name_input] + intended_use = info["intended_use"] + + if intended_use == "html": + name_element = info["moddir"] + return build_otput(name_element, "module", get_oer2go_size_from_file) + + elif intended_use == "zim": + name_element = info["zim_name"] + return build_otput(name_element, "zim", get_zims_size) + + elif intended_use == "webroot": + name_element = info["name"] + return build_otput(name_element, "map", get_map_size_from_file) + + return build_otput(name_input, "unknown", element_unknown) + +# Now start the application +if __name__ == "__main__": + main() + diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py new file mode 100644 index 000000000..851119089 --- /dev/null +++ b/scripts/iiab-size.py @@ -0,0 +1,44 @@ +#!/usr/bin/python3 +# Creates json files for presets + +import os, sys, syslog +from datetime import date +import pwd, grp +import shutil +import argparse +import sqlite3 +import iiab.iiab_lib as iiab +import iiab.adm_lib as adm +import requests +import json +import importlib +from functools import reduce +iiab_item_size = importlib.import_module("iiab-item-size") + +def main(): + parser = argparse.ArgumentParser(description="Read menu file for get size.") + parser.add_argument("menuFile", help="Is the menu file.") + # menu_dir + args = parser.parse_args() + + menu_file = args.menuFile + if not os.path.exists(menu_file): + print('Menu file ' + menu_file + ' not found.') + exit(1) + + total_size= content_from_menu(menu_file) + + print('total: ',iiab.human_readable(total_size)) + print(f'total (bytes): ', total_size) + + sys.exit() + +def content_from_menu(menu_file): + menu = adm.read_json(menu_file) + items = iiab_item_size.get_items_size(menu["menu_items_1"]) + total_size = reduce(lambda accumulator,item: accumulator+int(item['size']), items, 0) + return total_size + +# Now start the application +if __name__ == "__main__": + main() From 87bdd3fa0cf4cce79429facf93b90f4e7e4ac000 Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Mon, 29 May 2023 21:47:48 -0600 Subject: [PATCH 0545/1184] update function get_size --- scripts/iiab-item-size.py | 79 +++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 12 deletions(-) diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py index c4727a221..e7f8d486d 100644 --- a/scripts/iiab-item-size.py +++ b/scripts/iiab-item-size.py @@ -95,7 +95,7 @@ def element_unknown(name): def build_otput(name, type_element, function): data = function(name) if data['size']== 0: - print(name, "element",type_element,"not found") + print(name, ": the size of this",type_element,"element is unknown") return { "name": name @@ -103,22 +103,77 @@ def build_otput(name, type_element, function): ,"size": data['size'] } + +intended_use_dict = { + "azuracast":{ + "name":"name" + ,"type":"azuracast" + ,"function":element_unknown + } + ,"calibre":{ + "name":"name" + ,"type":"calibre" + ,"function":element_unknown + } + ,"external":{ + "name":"name" + ,"type":"external" + ,"function":element_unknown + } + ,"html":{ + "name":"moddir" + ,"type":"module" + ,"function":get_oer2go_size_from_file + } + ,"info":{ + "name":"name" + ,"type":"info" + ,"function":element_unknown + } + ,"internetarchive":{ + "name":"name" + ,"type":"internetarchive" + ,"function":element_unknown + } + ,"kalite":{ + "name":"name" + ,"type":"kalite" + ,"function":element_unknown + } + ,"kolibri":{ + "name":"name" + ,"type":"kolibri" + ,"function":element_unknown + } + ,"map":{ + "name":"name" + ,"type":"map" + ,"function":get_map_size_from_file + } + ,"webroot":{ + "name":"name" + ,"type":"webroot" + ,"function":element_unknown + } + ,"zim":{ + "name":"zim_name" + ,"type":"zim" + ,"function":get_zims_size + } +} + + def get_size(name_input): if name_input in all_menu_defs: info = all_menu_defs[name_input] intended_use = info["intended_use"] - if intended_use == "html": - name_element = info["moddir"] - return build_otput(name_element, "module", get_oer2go_size_from_file) - - elif intended_use == "zim": - name_element = info["zim_name"] - return build_otput(name_element, "zim", get_zims_size) - - elif intended_use == "webroot": - name_element = info["name"] - return build_otput(name_element, "map", get_map_size_from_file) + try: + data_intend = intended_use_dict[intended_use] + name_element = info[data_intend["name"]] + return build_otput(name_element, data_intend["type"], data_intend["function"]) + except: + pass return build_otput(name_input, "unknown", element_unknown) From c22a713ec414b963ae19819f041870854624c136 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 30 May 2023 16:15:03 -0400 Subject: [PATCH 0546/1184] scripts/iiab-item-size.py: Clarify PR #3594 --- scripts/iiab-item-size.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py index e7f8d486d..6e1261ba3 100644 --- a/scripts/iiab-item-size.py +++ b/scripts/iiab-item-size.py @@ -1,5 +1,6 @@ #!/usr/bin/python3 -# Creates json files for presets +# Auto-calculate IIAB + EduPack disk space needs, in advance [& design review] +# https://github.com/iiab/iiab/pull/3594 import os, sys, syslog from datetime import date @@ -180,4 +181,3 @@ def get_size(name_input): # Now start the application if __name__ == "__main__": main() - From 7cecb4d89bdd277ac432a03d1f0fdec90aacadcd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 30 May 2023 16:16:46 -0400 Subject: [PATCH 0547/1184] scripts/iiab-size.py: Clarify PR #3594 --- scripts/iiab-size.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py index 851119089..c44e7034b 100644 --- a/scripts/iiab-size.py +++ b/scripts/iiab-size.py @@ -1,5 +1,6 @@ #!/usr/bin/python3 -# Creates json files for presets +# Auto-calculate IIAB + EduPack disk space needs, in advance [& design review] +# https://github.com/iiab/iiab/pull/3594 import os, sys, syslog from datetime import date From a9585365c019891299632463d01cc9517e57cb18 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Jun 2023 19:33:01 -0400 Subject: [PATCH 0548/1184] transmission/README.rst: Add "Docs" section --- roles/transmission/README.rst | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 40f6e38fc..2112fc778 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -103,7 +103,19 @@ More advanced configuration and status are in directory ``/var/lib/transmission- stats.json torrents/ -These are further explained in https://github.com/transmission/transmission/wiki/Configuration-Files (to align with the above, apt package transmission-daemon sets user debian-transmission's home directory to ``/var/lib/transmission-daemon`` in /etc/passwd). +These are further explained in |ss| https://github.com/transmission/transmission/wiki/Configuration-Files |se| (to align with the above, apt package transmission-daemon sets user debian-transmission's home directory to ``/var/lib/transmission-daemon`` in /etc/passwd). + +Docs +---- + +As of June 2023, these docs appear to be the most up-to-date: + +- https://github.com/transmission/transmission/tree/main/docs + - https://github.com/transmission/transmission/blob/main/docs/Configuration-Files.md + - https://github.com/transmission/transmission/blob/main/docs/Headless-Usage.md +- https://wiki.archlinux.org/title/transmission (updated regularly) +- https://cli-ck.io/transmission-cli-user-guide/ (2016 but still useful) +- https://trac.transmissionbt.com/wiki (2006-2019) Logging ------- From 30c54e844804c70afa6c9a1312b7369b757a469e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Jun 2023 19:43:54 -0400 Subject: [PATCH 0549/1184] transmission/tasks/install.yml: Remove stale comment --- roles/transmission/tasks/install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 17a87d1c0..7f64d0e70 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -16,7 +16,6 @@ path: "{{ transmission_download_dir }}" # /library/transmission owner: "{{ transmission_user }}" # debian-transmission group: "{{ transmission_group }}" # debian-transmission - # mode: '0755' - name: Stop 'transmission-daemon' systemd service, before modifying its settings systemd: From 03531dfdecf4025304ba6241e354799756b19727 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Acevedo=20=28Neomatrix=29?= <josuecevedo@gmail.com> Date: Wed, 7 Jun 2023 21:58:51 -0600 Subject: [PATCH 0550/1184] GitHub Actions .github/workflows/30min-iiab-test-install-debian12.yml for CI/CD & QA (#2) * add debian12 --- .../30min-iiab-test-install-debian12.yml | 58 +++++++++++++++++++ .../30min-iiab-test-install-raspios.yml | 2 +- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/30min-iiab-test-install-debian12.yml diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml new file mode 100644 index 000000000..e98618e20 --- /dev/null +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -0,0 +1,58 @@ +name: '"30 min" IIAB test install debian 12' +# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 + +# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html +on: [push, pull_request, workflow_dispatch] + +# on: +# push: +# +# pull_request: +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# +# # Set your workflow to run every day of the week from Monday to Friday at 6:00 UTC +# schedule: +# - cron: "0 6 * * 1-5" + +jobs: + test-install: + runs-on: ubuntu-latest + strategy: + matrix: + arch: [debian12] + include: + - arch: debian12 + cpu: cortex-a7 + cpu_info: cpuinfo/raspberrypi_3b + base_image: https://raspi.debian.net/daily/raspi_3_bookworm.img.xz + # source https://raspi.debian.net/daily-images/ + steps: + #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + #- name: Check out repository code + - uses: actions/checkout@v3.1.0 + - uses: pguyot/arm-runner-action@v2 + with: + image_additional_mb: 1024 + base_image: ${{ matrix.base_image }} + cpu: ${{ matrix.cpu }} + cpu_info: ${{ matrix.cpu_info }} + copy_repository_path: /opt/iiab/iiab + commands: | + #test `uname -m` = ${{ matrix.arch }} + grep Model /proc/cpuinfo + echo "🍏 This job's status is ${{ job.status }}." + whoami # runner + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + apt-get update -y --allow-releaseinfo-change + apt-get install --no-install-recommends -y git + ls /opt/iiab/iiab + mkdir /etc/iiab + cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + /opt/iiab/iiab/scripts/ansible + ./iiab-install + cd /opt/iiab/iiab + iiab-summary + cat /etc/iiab/iiab_state.yml diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index e1cb81c17..dea22ffa6 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -52,7 +52,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - test `uname -m` = ${{ matrix.arch }} + #test `uname -m` = ${{ matrix.arch }} grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 249d6fd24d0b3bde959df21532cc65752e66fa11 Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:08:00 -0600 Subject: [PATCH 0551/1184] echo hostnamectl --- .github/workflows/30min-iiab-test-install-debian12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index e98618e20..ac139cd76 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,7 +41,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - #test `uname -m` = ${{ matrix.arch }} + echo "${{ hostnamectl }}" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 815f098475c02e65ce3851274422ff56e117b67e Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:13:52 -0600 Subject: [PATCH 0552/1184] update hostnamectl --- .github/workflows/30min-iiab-test-install-debian12.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index ac139cd76..f73f5d93b 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -27,6 +27,7 @@ jobs: cpu: cortex-a7 cpu_info: cpuinfo/raspberrypi_3b base_image: https://raspi.debian.net/daily/raspi_3_bookworm.img.xz + os: linux # source https://raspi.debian.net/daily-images/ steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." @@ -41,7 +42,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "${{ hostnamectl }}" + echo "$(hostnamectl)"" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 28d51dd064dbc3a5710f5b1bac0a3e524127c443 Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:17:09 -0600 Subject: [PATCH 0553/1184] remove OS parameter --- .github/workflows/30min-iiab-test-install-debian12.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index f73f5d93b..f9b3ea8bc 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -27,7 +27,6 @@ jobs: cpu: cortex-a7 cpu_info: cpuinfo/raspberrypi_3b base_image: https://raspi.debian.net/daily/raspi_3_bookworm.img.xz - os: linux # source https://raspi.debian.net/daily-images/ steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." From ba404ac0f9197335b93e42e8876ae7da267e314d Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:20:54 -0600 Subject: [PATCH 0554/1184] remove quote --- .github/workflows/30min-iiab-test-install-debian12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index f9b3ea8bc..1584642a5 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,7 +41,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "$(hostnamectl)"" + echo "$(hostnamectl)" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From bac736d6166fff71963995141b1f87385bb0034c Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:27:31 -0600 Subject: [PATCH 0555/1184] add uname --- .github/workflows/30min-iiab-test-install-debian12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 1584642a5..a7c5d1249 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,7 +41,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "$(hostnamectl)" + echo "$(uname -srm)" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 81ba0fc7b797b69a0427fd47e8b1a8ed5229de9b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 14:49:07 -0400 Subject: [PATCH 0556/1184] GHA: Try recording more 'runner context' on top of job --- .github/workflows/30min-iiab-test-install-debian12.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index a7c5d1249..1262fac8d 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,9 +41,11 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "$(uname -srm)" - grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." + echo -e "Complete 'runner context':\n{{ $matrix }}" + uname -srm + hostnamectl + grep Model /proc/cpuinfo whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} apt-get update -y --allow-releaseinfo-change From dddd7ce0b4e351f4ddce46fc2316de00c2f6ae68 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:04:52 -0400 Subject: [PATCH 0557/1184] GHA: Try dumping runner contexts --- .../30min-iiab-test-install-debian12.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 1262fac8d..0753cd422 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -32,7 +32,23 @@ jobs: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." #- name: Check out repository code + - name: Dump GitHub context + env: + GITHUB_CONTEXT: ${{ toJSON(github) }} + run: echo "$GITHUB_CONTEXT" + - name: Dump matrix context + env: + MATRIX_CONTEXT: ${{ toJSON(matrix) }} + run: echo "$MATRIX_CONTEXT" - uses: actions/checkout@v3.1.0 + - name: Dump GitHub context + env: + GITHUB_CONTEXT: ${{ toJSON(github) }} + run: echo "$GITHUB_CONTEXT" + - name: Dump matrix context + env: + MATRIX_CONTEXT: ${{ toJSON(matrix) }} + run: echo "$MATRIX_CONTEXT" - uses: pguyot/arm-runner-action@v2 with: image_additional_mb: 1024 @@ -44,7 +60,6 @@ jobs: echo "🍏 This job's status is ${{ job.status }}." echo -e "Complete 'runner context':\n{{ $matrix }}" uname -srm - hostnamectl grep Model /proc/cpuinfo whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} From 751931a917e61baa07905bf5561307d4a4c960ed Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:14:46 -0400 Subject: [PATCH 0558/1184] GHA: Try tightening up, with 'uname -a' --- .../30min-iiab-test-install-debian12.yml | 20 +++++-------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 0753cd422..2ae59027d 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -31,24 +31,15 @@ jobs: steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - #- name: Check out repository code - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJSON(github) }} - run: echo "$GITHUB_CONTEXT" + #- name: Dump GitHub context (typically almost 500 lines) + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: echo "$GITHUB_CONTEXT" - name: Dump matrix context env: MATRIX_CONTEXT: ${{ toJSON(matrix) }} run: echo "$MATRIX_CONTEXT" - uses: actions/checkout@v3.1.0 - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJSON(github) }} - run: echo "$GITHUB_CONTEXT" - - name: Dump matrix context - env: - MATRIX_CONTEXT: ${{ toJSON(matrix) }} - run: echo "$MATRIX_CONTEXT" - uses: pguyot/arm-runner-action@v2 with: image_additional_mb: 1024 @@ -58,8 +49,7 @@ jobs: copy_repository_path: /opt/iiab/iiab commands: | echo "🍏 This job's status is ${{ job.status }}." - echo -e "Complete 'runner context':\n{{ $matrix }}" - uname -srm + uname -a # uname -srm grep Model /proc/cpuinfo whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} From 935cc5606ec62da574a5dc145d4b703ba9546a0f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:23:01 -0400 Subject: [PATCH 0559/1184] Similarly update 10min-iiab-test-install.yml --- .github/workflows/10min-iiab-test-install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 0926191af..16cddfcd9 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -22,11 +22,16 @@ jobs: steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + #- name: Dump GitHub context (typically almost 500 lines) + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: echo "$GITHUB_CONTEXT" - name: Check out repository code uses: actions/checkout@v3.1.0 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | + uname -a whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} # ls From 4d6bdaf808a27a3a1b571df8410329d7b99bd0ca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:25:48 -0400 Subject: [PATCH 0560/1184] Update 10min-iiab-test-install.yml --- .github/workflows/10min-iiab-test-install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 16cddfcd9..2e567f984 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -31,9 +31,9 @@ jobs: - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | - uname -a - whoami # runner - pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + uname -a # uname -srm + whoami # Typically 'runner' instead of 'root' + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} # ls # ls $GITHUB_WORKSPACE # ls ${{ github.workspace }} From feccd64b4ac3bf378f43158bc92ab768f1cd92aa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:26:25 -0400 Subject: [PATCH 0561/1184] Update 30min-iiab-test-install-debian12.yml --- .github/workflows/30min-iiab-test-install-debian12.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 2ae59027d..d61230890 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -49,10 +49,10 @@ jobs: copy_repository_path: /opt/iiab/iiab commands: | echo "🍏 This job's status is ${{ job.status }}." - uname -a # uname -srm grep Model /proc/cpuinfo - whoami # runner - pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + uname -a # uname -srm + whoami # Typically 'root' instead of 'runner' + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} apt-get update -y --allow-releaseinfo-change apt-get install --no-install-recommends -y git ls /opt/iiab/iiab From 0170835529ed660f8a0b64ff87231fdd91bf6eaa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:30:47 -0400 Subject: [PATCH 0562/1184] Try 30min-iiab-test-install-raspios.yml like -debian12.yml --- .../30min-iiab-test-install-raspios.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index dea22ffa6..ea89758ed 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -42,7 +42,14 @@ jobs: steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - #- name: Check out repository code + #- name: Dump GitHub context (typically almost 500 lines) + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: echo "$GITHUB_CONTEXT" + - name: Dump matrix context + env: + MATRIX_CONTEXT: ${{ toJSON(matrix) }} + run: echo "$MATRIX_CONTEXT" - uses: actions/checkout@v3.1.0 - uses: pguyot/arm-runner-action@v2 with: @@ -52,11 +59,12 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | + echo "🍏 This job's status is ${{ job.status }}." #test `uname -m` = ${{ matrix.arch }} grep Model /proc/cpuinfo - echo "🍏 This job's status is ${{ job.status }}." - whoami # runner - pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + uname -a # uname -srm + whoami # Typically 'root' instead of 'runner' + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} sudo apt-get update -y --allow-releaseinfo-change sudo apt-get install --no-install-recommends -y git ls /opt/iiab/iiab From 10ab5dc91b6feba1db9819a59e134e3944656041 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:32:20 -0400 Subject: [PATCH 0563/1184] Rename 30min-iiab-test-install-debian12.yml to 30min-iiab-test-install-deb12-on-rpi3.yml --- ...all-debian12.yml => 30min-iiab-test-install-deb12-on-rpi3.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{30min-iiab-test-install-debian12.yml => 30min-iiab-test-install-deb12-on-rpi3.yml} (100%) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml similarity index 100% rename from .github/workflows/30min-iiab-test-install-debian12.yml rename to .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml From 0845b9b484cef79523971f3514eb6b190b5fa3cb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:47:42 -0400 Subject: [PATCH 0564/1184] Likewise update job name to "deb12 on rpi3" --- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index d61230890..9940b2781 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install debian 12' +name: '"30 min" IIAB test install deb12 on rpi3' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html From 3f63c0b4dd407d75d283a868340828f34e2a1aed Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 10 Jun 2023 09:10:47 -0400 Subject: [PATCH 0565/1184] Clean df syntax, for each app's disk usage in iiab.ini --- roles/0-init/tasks/create_iiab_ini.yml | 6 +++--- roles/9-local-addons/tasks/main.yml | 12 ++++++------ roles/awstats/tasks/install.yml | 12 ++++++------ roles/azuracast/tasks/install.yml | 12 ++++++------ roles/calibre-web/tasks/install.yml | 12 ++++++------ roles/calibre/tasks/install.yml | 12 ++++++------ roles/captiveportal/tasks/install.yml | 12 ++++++------ roles/cups/tasks/install.yml | 12 ++++++------ roles/gitea/tasks/install.yml | 12 ++++++------ roles/iiab-admin/tasks/main.yml | 12 ++++++------ roles/internetarchive/tasks/install.yml | 12 ++++++------ roles/jupyterhub/tasks/install.yml | 12 ++++++------ roles/kalite/tasks/install.yml | 12 ++++++------ roles/kiwix/tasks/install.yml | 12 ++++++------ roles/kolibri/tasks/install.yml | 12 ++++++------ roles/lokole/tasks/install.yml | 12 ++++++------ roles/matomo/tasks/install.yml | 12 ++++++------ roles/mediawiki/tasks/install.yml | 12 ++++++------ roles/minetest/tasks/install.yml | 12 ++++++------ roles/mongodb/tasks/install.yml | 12 ++++++------ roles/monit/tasks/install.yml | 12 ++++++------ roles/moodle/tasks/install.yml | 12 ++++++------ roles/mosquitto/tasks/install.yml | 12 ++++++------ roles/munin/tasks/install.yml | 12 ++++++------ roles/mysql/tasks/install.yml | 12 ++++++------ roles/network/tasks/install.yml | 12 ++++++------ roles/nextcloud/tasks/install.yml | 12 ++++++------ roles/nginx/tasks/install.yml | 12 ++++++------ roles/nodejs/tasks/install.yml | 12 ++++++------ roles/nodered/tasks/install.yml | 12 ++++++------ roles/openvpn/tasks/install.yml | 12 ++++++------ roles/osm-vector-maps/tasks/install.yml | 12 ++++++------ roles/pbx/tasks/install.yml | 12 ++++++------ roles/phpmyadmin/tasks/install.yml | 12 ++++++------ roles/postgresql/tasks/install.yml | 12 ++++++------ roles/pylibs/tasks/main.yml | 12 ++++++------ roles/remoteit/tasks/install.yml | 12 ++++++------ roles/samba/tasks/install.yml | 12 ++++++------ roles/sshd/tasks/install.yml | 12 ++++++------ roles/sugarizer/tasks/install.yml | 12 ++++++------ roles/transmission/tasks/install.yml | 12 ++++++------ roles/usb_lib/tasks/install.yml | 12 ++++++------ roles/vnstat/tasks/install.yml | 12 ++++++------ roles/wordpress/tasks/install.yml | 12 ++++++------ roles/www_base/tasks/main.yml | 12 ++++++------ roles/www_options/tasks/main.yml | 12 ++++++------ roles/yarn/tasks/install.yml | 12 ++++++------ 47 files changed, 279 insertions(+), 279 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 6e3e08a73..75b2b338f 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -1,5 +1,5 @@ -- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }} below) to later estimate iiab_software_disk_usage - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record disk_used_a_priori (permanently, into {{ iiab_ini_file }} below) to later estimate iiab_software_disk_usage + shell: df -B1 --output=used / | tail -1 register: df1 # workaround for fact that auto create does not work on iiab_ini_file @@ -28,7 +28,7 @@ value: "{{ iiab_base }}" - option: iiab_dir value: "{{ iiab_dir }}" - - option: disk_space_a_priori + - option: disk_used_a_priori value: "{{ df1.stdout }}" - name: Add 'initial' variable values to {{ iiab_ini_file }} diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 7070973c6..ac657cd5c 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,20 +42,20 @@ name: pbx when: pbx_install -- name: Read 'disk_space_a_priori' from /etc/iiab/iiab.ini +- name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini set_fact: - df1: "{{ lookup('ansible.builtin.ini', 'disk_space_a_priori', section='summary', file=iiab_ini_file) }}" + df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}" -- name: Record currently available disk space, to compare with original 'disk_space_a_priori' - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record currently used disk space, to compare with original 'disk_used_a_priori' + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add ESTIMATED 'iiab_software_disk_usage = {{ df1|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add ESTIMATED 'iiab_software_disk_usage = {{ df2.stdout|int - df1|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: summary option: iiab_software_disk_usage - value: "{{ df1|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1|int }}" - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 5585c19ca..24a005c74 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -98,16 +98,16 @@ # RECORD AWStats AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'awstats_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'awstats_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: awstats option: awstats_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'awstats_installed: True'" set_fact: diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 741e164f5..bd25d96fb 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -25,8 +25,8 @@ # 5. Run './runrole --reinstall azuracast' in /opt/iiab/iiab -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -107,16 +107,16 @@ # RECORD AzuraCast AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'azuracast_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'azuracast_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: azuracast option: azuracast_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'azuracast_installed: True'" set_fact: diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 674880514..ebeefb6d7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -115,16 +115,16 @@ # RECORD Calibre-Web AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'calibreweb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'calibreweb_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: calibre-web option: calibreweb_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'calibreweb_installed: True'" set_fact: diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index 7646167a4..82218ada0 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -84,16 +84,16 @@ # 5. RECORD Calibre AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'calibre_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'calibre_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: calibre option: calibre_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'calibre_installed: True'" set_fact: diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index 791d516fa..b76ad39b0 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -56,16 +56,16 @@ # RECORD Captive Portal AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'captiveportal_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'captiveportal_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: captiveportal option: captiveportal_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'captiveportal_installed: True'" set_fact: diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index e080b68cf..e4e2e04ed 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -2,8 +2,8 @@ # (OR ANY MEMBER OF LINUX GROUP 'lpadmin') AS SET UP BELOW... -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -129,16 +129,16 @@ # RECORD CUPS AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'cups_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'cups_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: cups option: cups_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'cups_installed: True'" set_fact: diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 59f9d0be9..c46abbdab 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -110,16 +110,16 @@ # 5. RECORD Gitea AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'gitea_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'gitea_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: gitea option: gitea_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'gitea_installed: True'" set_fact: diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index f9d6d38a5..fabe0bffe 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -2,8 +2,8 @@ # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -40,16 +40,16 @@ # RECORD iiab-admin AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'iiab_admin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'iiab_admin_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: iiab-admin option: iiab_admin_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'iiab_admin_installed: True'" set_fact: diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 9f67851cf..0d36c09c8 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -30,8 +30,8 @@ state: present -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -69,16 +69,16 @@ # 4. RECORD Internet Archive AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'internetarchive_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'internetarchive_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: internetarchive option: internetarchive_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'internetarchive_installed: True'" set_fact: diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index eeffed232..8d7273215 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,8 +13,8 @@ when: nodejs_installed is undefined -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -109,16 +109,16 @@ # RECORD JupyterHub AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'jupyterhub_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'jupyterhub_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: jupyterhub option: jupyterhub_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'jupyterhub_installed: True'" set_fact: diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index dc802f8cc..7df40364d 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -110,16 +110,16 @@ # RECORD KA Lite AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'kalite_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'kalite_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: kalite option: kalite_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'kalite_installed: True'" set_fact: diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index e8a606b13..3ad37ba2c 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -6,8 +6,8 @@ when: kiwix_arch == "unsupported" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -123,16 +123,16 @@ # 5. RECORD Kiwix AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'kiwix_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'kiwix_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: kiwix option: kiwix_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'kiwix_installed: True'" set_fact: diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 3b5826f6c..f0a06d292 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -23,8 +23,8 @@ # https://kolibri.readthedocs.io/en/latest/install/provision.html -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -214,16 +214,16 @@ # RECORD Kolibri AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'kolibri_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'kolibri_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: kolibri option: kolibri_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'kolibri_installed: True'" set_fact: diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 5f8c76d4f..a002268fc 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,8 +2,8 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -138,16 +138,16 @@ # RECORD Lokole AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'lokole_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'lokole_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: lokole option: lokole_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'lokole_installed: True'" set_fact: diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 97c321d83..d6f8060a4 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,8 +12,8 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -244,16 +244,16 @@ # RECORD Matomo AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'matomo_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'matomo_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: matomo option: matomo_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'matomo_installed: True'" set_fact: diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index b5af608c1..204fc0c45 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -100,16 +100,16 @@ # RECORD MediaWiki AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mediawiki_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mediawiki_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mediawiki option: mediawiki_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mediawiki_installed: True'" set_fact: diff --git a/roles/minetest/tasks/install.yml b/roles/minetest/tasks/install.yml index e9e9982b9..9c00a10c2 100644 --- a/roles/minetest/tasks/install.yml +++ b/roles/minetest/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -40,16 +40,16 @@ # RECORD Minetest AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'minetest_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'minetest_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: minetest option: minetest_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'minetest_installed: True'" set_fact: diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 8efb7d91d..10c2f39f5 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -4,8 +4,8 @@ # https://www.mongodb.com/docs/manual/installation/ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -372,16 +372,16 @@ # 3. RECORD MongoDB AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mongodb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mongodb_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mongodb option: mongodb_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mongodb_installed: True'" set_fact: diff --git a/roles/monit/tasks/install.yml b/roles/monit/tasks/install.yml index 7dd9802d1..8d523c653 100644 --- a/roles/monit/tasks/install.yml +++ b/roles/monit/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -40,16 +40,16 @@ # RECORD Monit AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'monit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'monit_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: monit option: monit_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'monit_installed: True'" set_fact: diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index cb19f242c..570e782b7 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,8 +17,8 @@ name: postgresql -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -194,16 +194,16 @@ # RECORD Moodle AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'moodle_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'moodle_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: moodle option: moodle_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'moodle_installed: True'" set_fact: diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml index 5f1fdde01..d4b7271a0 100644 --- a/roles/mosquitto/tasks/install.yml +++ b/roles/mosquitto/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -37,16 +37,16 @@ # RECORD Mosquitto AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mosquitto_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mosquitto_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mosquitto option: mosquitto_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mosquitto_installed: True'" set_fact: diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index cb6460c9f..4366a19d8 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -49,16 +49,16 @@ # RECORD Munin AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'munin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'munin_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: munin option: munin_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'munin_installed: True'" set_fact: diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 3abfc3d30..87bcd9c1a 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -66,16 +66,16 @@ # RECORD MySQL AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mysql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mysql_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mysql option: mysql_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mysql_installed: True'" set_fact: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 10ed94b5e..188713b8f 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -106,16 +106,16 @@ # RECORD Network AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'network_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'network_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: network option: network_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'network_installed: True'" set_fact: diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ee1bed19f..4262bddc5 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -124,16 +124,16 @@ # RECORD Nextcloud AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nextcloud_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nextcloud_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nextcloud option: nextcloud_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nextcloud_installed: True'" set_fact: diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index a9e4c0b6c..b45920dd1 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -71,16 +71,16 @@ # RECORD NGINX AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nginx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nginx_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nginx option: nginx_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nginx_installed: True'" set_fact: diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index fcc6aaaea..830b1e002 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -2,8 +2,8 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -170,16 +170,16 @@ # 3. RECORD Node.js AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nodejs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nodejs_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nodejs option: nodejs_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nodejs_installed: True'" set_fact: diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 70a213087..b7c711ac5 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -23,8 +23,8 @@ # when: nodejs_version != "12.x" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -143,16 +143,16 @@ # RECORD Node-RED AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nodered_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nodered_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nodered option: nodered_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nodered_installed: True'" set_fact: diff --git a/roles/openvpn/tasks/install.yml b/roles/openvpn/tasks/install.yml index 4241fa723..53f5dc7f2 100644 --- a/roles/openvpn/tasks/install.yml +++ b/roles/openvpn/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -105,16 +105,16 @@ # RECORD OpenVPN AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'openvpn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'openvpn_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: openvpn option: openvpn_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'openvpn_installed: True'" set_fact: diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 17a82b5b4..f46016ebc 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -201,16 +201,16 @@ # RECORD OSM Vector Maps AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'osm_vector_maps_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'osm_vector_maps_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: osm-vector-maps option: osm_vector_maps_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'osm_vector_maps_installed: True'" set_fact: diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index 934d1dbe3..ef9dea71d 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -22,8 +22,8 @@ # when: nodejs_version != "12.x" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -49,16 +49,16 @@ # RECORD PBX AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'pbx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'pbx_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: pbx option: pbx_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'pbx_installed: True'" set_fact: diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index 6c5ccc499..7d510de69 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -53,16 +53,16 @@ # RECORD phpMyAdmin AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'phpmyadmin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'phpmyadmin_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: phpmyadmin option: phpmyadmin_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'phpmyadmin_installed: True'" set_fact: diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index f16a06b8d..f07cf943d 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -95,16 +95,16 @@ # RECORD PostgreSQL AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'postgresql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'postgresql_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: postgresql option: postgresql_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'postgresql_installed: True'" set_fact: diff --git a/roles/pylibs/tasks/main.yml b/roles/pylibs/tasks/main.yml index aecabbeb8..9283c44f3 100644 --- a/roles/pylibs/tasks/main.yml +++ b/roles/pylibs/tasks/main.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -18,16 +18,16 @@ # RECORD pylibs AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'pylibs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'pylibs_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: pylibs option: pylibs_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'pylibs_installed: True'" set_fact: diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 6f2bedae6..4610f63fc 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -129,16 +129,16 @@ # RECORD remote.it AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'remoteit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'remoteit_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: remoteit option: remoteit_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'remoteit_installed: True'" set_fact: diff --git a/roles/samba/tasks/install.yml b/roles/samba/tasks/install.yml index 6c2b47fa0..1ebc623ed 100644 --- a/roles/samba/tasks/install.yml +++ b/roles/samba/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -36,16 +36,16 @@ # RECORD Samba AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'samba_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'samba_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: samba option: samba_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'samba_installed: True'" set_fact: diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index 20e8b4bf5..b5b3271bc 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -10,8 +10,8 @@ # 2) Use Ansible handler to reload ssh? -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -47,16 +47,16 @@ # RECORD sshd AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'sshd_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'sshd_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: sshd option: sshd_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'sshd_installed: True'" set_fact: diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 95206dc7a..e0f973037 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -27,8 +27,8 @@ # when: nodejs_version != "12.x" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -237,16 +237,16 @@ # 6. RECORD Sugarizer AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'sugarizer_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'sugarizer_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: sugarizer option: sugarizer_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'sugarizer_installed: True'" set_fact: diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 7f64d0e70..90c133511 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -59,16 +59,16 @@ # RECORD Transmission AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'transmission_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'transmission_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: transmission option: transmission_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'transmission_installed: True'" set_fact: diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index bea8638ee..5db37908b 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -8,8 +8,8 @@ # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -93,16 +93,16 @@ # RECORD 'USB_LIB' AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'usb_lib_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'usb_lib_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: usb_lib option: usb_lib_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'usb_lib_installed: True'" set_fact: diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 0d34e5cfc..46db71ddd 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -47,16 +47,16 @@ # RECORD vnStat AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'vnstat_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'vnstat_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: vnstat option: vnstat_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'vnstat_installed: True'" set_fact: diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 449891e37..38fb08180 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,8 +12,8 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -140,16 +140,16 @@ # RECORD WordPress AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'wordpress_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'wordpress_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: wordpress option: wordpress_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'wordpress_installed: True'" set_fact: diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 8e278d60b..8efe11472 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -2,8 +2,8 @@ # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -60,16 +60,16 @@ # RECORD www_base AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'www_base_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'www_base_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: www_base option: www_base_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'www_base_installed: True'" set_fact: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index eea007b7f..9e41f6e76 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -2,8 +2,8 @@ # Role "www_options" runs here, probably in 4-SERVER-OPTIONS. -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -124,16 +124,16 @@ # RECORD www_options AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'www_options_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'www_options_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: www_options option: www_options_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'www_options_installed: True'" set_fact: diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index 5d8e3a258..331a10474 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -45,16 +45,16 @@ # RECORD Yarn AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'yarn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'yarn_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: yarn option: yarn_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'yarn_installed: True'" set_fact: From e5a9cee54fb749cd87b9cb3a74f97d89bd60bb88 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 11 Jun 2023 07:59:09 -0400 Subject: [PATCH 0566/1184] Stub support for upcoming Debian 13 "Trixie" pre-releases --- scripts/local_facts.fact | 1 + vars/debian-13.yml | 5 +++++ vars/default_vars.yml | 1 + vars/ubuntu-2310.yml | 15 --------------- 4 files changed, 7 insertions(+), 15 deletions(-) create mode 100644 vars/debian-13.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 4debf731a..885fbec8e 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -81,6 +81,7 @@ OS_VER="$OS-$VERSION_ID" case $OS_VER in "debian-11" | \ "debian-12" | \ + "debian-13" | \ "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ diff --git a/vars/debian-13.yml b/vars/debian-13.yml new file mode 100644 index 000000000..09ef89f68 --- /dev/null +++ b/vars/debian-13.yml @@ -0,0 +1,5 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_13: True diff --git a/vars/default_vars.yml b/vars/default_vars.yml index fc2826b03..5502204b9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -790,6 +790,7 @@ is_linuxmint_21: False is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) +is_debian_13: False is_debian_12: False is_debian_11: False #is_debian_10: False diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml index ed40633df..165a64a46 100644 --- a/vars/ubuntu-2310.yml +++ b/vars/ubuntu-2310.yml @@ -3,18 +3,3 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2310: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: openssh-server -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" From 73f1d6cf8e64ca3335e6b82d3146477cfa6504dd Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 11 Jun 2023 21:33:35 -0400 Subject: [PATCH 0567/1184] WIP: Try 'transmission_compile_latest: True' --- roles/transmission/README.rst | 5 ++- roles/transmission/defaults/main.yml | 1 + roles/transmission/tasks/install.yml | 48 ++++++++++++++++++++++++++-- vars/default_vars.yml | 1 + vars/local_vars_large.yml | 1 + vars/local_vars_medium.yml | 1 + vars/local_vars_small.yml | 1 + vars/local_vars_unittest.yml | 1 + 8 files changed, 56 insertions(+), 3 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 2112fc778..80af71b96 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -111,10 +111,13 @@ Docs As of June 2023, these docs appear to be the most up-to-date: - https://github.com/transmission/transmission/tree/main/docs + - https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md - https://github.com/transmission/transmission/blob/main/docs/Configuration-Files.md + - https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md - https://github.com/transmission/transmission/blob/main/docs/Headless-Usage.md -- https://wiki.archlinux.org/title/transmission (updated regularly) - https://cli-ck.io/transmission-cli-user-guide/ (2016 but still useful) + - https://github.com/transmission/transmission#command-line-interface-notes ("``transmission-cli`` is deprecated and exists primarily to support older hardware dependent upon it. In almost all instances, ``transmission-remote`` should be used instead.") +- https://wiki.archlinux.org/title/transmission (updated regularly) - https://trac.transmissionbt.com/wiki (2006-2019) Logging diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index f6763f593..96fd188d4 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -1,6 +1,7 @@ # Transmission is a BitTorrent downloader for large Content Packs etc # transmission_install: False # transmission_enabled: False +# transmission_compile_latest: True # transmission_username: Admin # transmission_password: changeme diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 90c133511..eaf211bfa 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -10,6 +10,47 @@ - transmission-cli state: present + +- block: + + - name: "TRY TO COMPILE & INSTALL very latest Transmission, installing ~5 binaries in /usr/local/bin to take precedence over above binaries in /usr/bin (attempt surgery on systemd unit file from apt install above!)" + meta: noop + + # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#on-unix + - name: apt install build-essential cmake libcurl4-openssl-dev libssl-dev # git python3 + package: + name: + - build-essential + - cmake + - libcurl4-openssl-dev + - libssl-dev + state: present + + # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time + - name: Git clone latest to /opt/iiab/transmission + git: + repo: https://github.com/transmission/transmission + dest: /opt/iiab/transmission + #version: 4.0.x # Otherwise default branch 'main' + depth: 1 + force: yes + + - name: Compile & Install (CAN TAKE 10+ MINUTES, OR MUCH MORE ON A RASPBERRY PI!) + shell: | + cd /opt/iiab/transmission + git submodule update --init --recursive + mkdir build + cd build + cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo .. + make + make install + + - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service changing /usr/bin/transmission* to /usr/local/bin/transmission* + command: sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml + + when: transmission_compile_latest + + - name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }} file: state: directory @@ -23,7 +64,10 @@ state: stopped ignore_errors: yes -- name: Back up prior /etc/transmission-daemon/settings.json (original file from apt, or new symlink contents) to /etc/transmission-daemon/settings.json.old* +# 'transmission-daemon -d' (--dump-settings) CAN GENERATE A NEW settings.json +# ...then customize ~8 var lines to create a new templates/settings.json.j2 + +- name: Back up prior /etc/transmission-daemon/settings.json (file originally from apt, or new symlink contents) to /etc/transmission-daemon/settings.json.old* copy: src: /etc/transmission-daemon/settings.json dest: /etc/transmission-daemon/settings.json.old @@ -52,7 +96,7 @@ - name: "Reverse Transmission's fragile OOTB symlink -- instead we establish /etc/transmission-daemon/settings.json -> /var/lib/transmission-daemon/.config/transmission-daemon/settings.json -- REASON: /etc/transmission-daemon/settings.json was intermittently being IGNORED, as Transmission sometimes breaks its own symlink from /var/lib/transmission-daemon/.config/transmission-daemon/settings.json (by turning it into a file instead)" file: path: /etc/transmission-daemon/settings.json - src: /var/lib/transmission-daemon/.config/transmission-daemon/settings.json + src: /var/lib/transmission-daemon/.config/transmission-daemon/settings.json # Symlink /var/lib/transmission-daemon/home/settings.json also points to this state: link force: yes diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 5502204b9..47a03b1aa 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -543,6 +543,7 @@ sugarizer_port: 8089 # Transmission is a BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False +transmission_compile_latest: True transmission_username: Admin transmission_password: changeme diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1c1e8b7d3..7a98cfa37 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -320,6 +320,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 776d94614..237063f15 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -320,6 +320,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 35514ab81..83c58e62a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -320,6 +320,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 4cc01a9c6..940142665 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -320,6 +320,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: From d03ff5d6298fb3b26be9522feaa02774b9c00c52 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 11 Jun 2023 22:17:46 -0400 Subject: [PATCH 0568/1184] Hint: use transmission-remote NOT deprecated transmission-cli --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index eaf211bfa..280d210f7 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -13,7 +13,7 @@ - block: - - name: "TRY TO COMPILE & INSTALL very latest Transmission, installing ~5 binaries in /usr/local/bin to take precedence over above binaries in /usr/bin (attempt surgery on systemd unit file from apt install above!)" + - name: "TRY TO COMPILE & INSTALL very latest Transmission, installing ~5 binaries in /usr/local/bin to take precedence over above ~6 binaries in /usr/bin (attempt surgery on systemd unit file from apt install above!)" meta: noop # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#on-unix From beae3643b9898aaf7adbc34c25b0c4f6e7158307 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 11 Jun 2023 22:37:23 -0400 Subject: [PATCH 0569/1184] transmission-daemon.service: --log-error -> --log-level=error --- roles/transmission/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 280d210f7..4ab86a05d 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -45,8 +45,10 @@ make make install - - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service changing /usr/bin/transmission* to /usr/local/bin/transmission* - command: sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml + - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service (1) changing --log-error to --log-level=error (2) changing /usr/bin/transmission* to /usr/local/bin/transmission* + shell: | + sed -i 's/--log-error/--log-level=error/' /lib/systemd/system/transmission-daemon.service # --log-error deprecated since 2020 + sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml when: transmission_compile_latest From 122a84588a9af4a763d67e8c1330cf150c21faf2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 00:44:14 -0400 Subject: [PATCH 0570/1184] transmission/tasks/install.yml: Clarify compile link --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 4ab86a05d..d0266f9dd 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -26,7 +26,6 @@ - libssl-dev state: present - # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - name: Git clone latest to /opt/iiab/transmission git: repo: https://github.com/transmission/transmission @@ -35,6 +34,7 @@ depth: 1 force: yes + # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - name: Compile & Install (CAN TAKE 10+ MINUTES, OR MUCH MORE ON A RASPBERRY PI!) shell: | cd /opt/iiab/transmission From 7f09784fe187fd34e6ee922a195656e4ee1f92ec Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 00:48:31 -0400 Subject: [PATCH 0571/1184] 'transmission-daemon --log-level=error' since ~2020 --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index d0266f9dd..61b3ec4f4 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -47,7 +47,7 @@ - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service (1) changing --log-error to --log-level=error (2) changing /usr/bin/transmission* to /usr/local/bin/transmission* shell: | - sed -i 's/--log-error/--log-level=error/' /lib/systemd/system/transmission-daemon.service # --log-error deprecated since 2020 + sed -i 's/--log-error/--log-level=error/' /lib/systemd/system/transmission-daemon.service # --log-error deprecated since ~2020 sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml when: transmission_compile_latest From 71010c0feed88d73e370ffd349d7d50a98a7c0d7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 00:51:20 -0400 Subject: [PATCH 0572/1184] Clarify 'git clone https://github.com/transmission/transmission' --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 61b3ec4f4..2fc2fde70 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -26,7 +26,7 @@ - libssl-dev state: present - - name: Git clone latest to /opt/iiab/transmission + - name: Git clone https://github.com/transmission/transmission to /opt/iiab/transmission git: repo: https://github.com/transmission/transmission dest: /opt/iiab/transmission From 16ba23bf3e5c5e7df1c71a76a04156fccb8143bc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 01:00:58 -0400 Subject: [PATCH 0573/1184] transmission/README.rst: Link to transmission-rpc docs --- roles/transmission/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 80af71b96..90048c596 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -115,6 +115,8 @@ As of June 2023, these docs appear to be the most up-to-date: - https://github.com/transmission/transmission/blob/main/docs/Configuration-Files.md - https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md - https://github.com/transmission/transmission/blob/main/docs/Headless-Usage.md + - https://github.com/transmission/transmission/blob/main/docs/rpc-spec.md + - https://transmission-rpc.readthedocs.io - https://cli-ck.io/transmission-cli-user-guide/ (2016 but still useful) - https://github.com/transmission/transmission#command-line-interface-notes ("``transmission-cli`` is deprecated and exists primarily to support older hardware dependent upon it. In almost all instances, ``transmission-remote`` should be used instead.") - https://wiki.archlinux.org/title/transmission (updated regularly) From 9df95cedf8b9bd9cddc8e7a77ca875bdd5c7c79a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 01:31:19 -0400 Subject: [PATCH 0574/1184] transmission/README.rst: Overhaul logging instructions --- roles/transmission/README.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 90048c596..8df899064 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -125,14 +125,14 @@ As of June 2023, these docs appear to be the most up-to-date: Logging ------- -To turn on logging and/or record the Process ID (PID), follow these instructions: https://pawelrychlicki.pl/Home/Details/59/transmission-daemon-doesnt-create-a-log-file-nor-a-pid-file-ubuntu-server-1804 +Increase logging by changing transmission-daemon's ``--log-level=error`` to ``--log-level=debug`` in ``/lib/systemd/system/transmission-daemon.service`` -This gives permissions to user ``debian-transmission`` — if you use these 3 lines in ``/lib/systemd/system/transmission-daemon.service`` : +(Options are: ``critical``, ``error``, ``warn``, ``info``, ``debug`` or ``trace``) -:: +Then run:: - RuntimeDirectory=transmission-daemon - LogsDirectory=transmission-daemon - ExecStart=/usr/bin/transmission-daemon -f --log-error --log-debug --logfile /var/log/transmission-daemon/transmission.log --pid-file /run/transmission-daemon/transmission.pid + systemctl daemon-reload + systemctl restart transmission-daemon + journalctl -eu transmission-daemon Noting that one should not normally edit files in ``/lib`` or ``/usr/lib`` — systemd has a command for customizing unit files: ``systemctl edit --full transmission-daemon.service`` From 2c8423394690bafc9e9cdefe4e856626818b1452 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 09:59:31 -0400 Subject: [PATCH 0575/1184] Compiling Transmission requires 'apt install libsystemd-dev' --- roles/transmission/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 2fc2fde70..570b9cd8a 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -17,13 +17,15 @@ meta: noop # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#on-unix - - name: apt install build-essential cmake libcurl4-openssl-dev libssl-dev # git python3 + # https://github.com/transmission/transmission/issues/5362 tips thanks to @tearfur + - name: apt install build-essential cmake libcurl4-openssl-dev libssl-dev libsystemd-dev # git python3 package: name: - build-essential - cmake - libcurl4-openssl-dev - libssl-dev + - libsystemd-dev state: present - name: Git clone https://github.com/transmission/transmission to /opt/iiab/transmission From 251694f2f257db3870c0acce09fb2f70760073ca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 12:56:36 -0400 Subject: [PATCH 0576/1184] Free up disk (~1.6 GB) after Transmission compile --- roles/transmission/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 570b9cd8a..20dc9a5f2 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -37,7 +37,7 @@ force: yes # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - - name: Compile & Install (CAN TAKE 10+ MINUTES, OR MUCH MORE ON A RASPBERRY PI!) + - name: Compile, install & remove detritus (CAN TAKE 50 MINUTES OR MORE ON A RASPBERRY PI 4!) shell: | cd /opt/iiab/transmission git submodule update --init --recursive @@ -46,6 +46,8 @@ cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo .. make make install + cd + rm -rf /opt/iiab/transmission # 2023-06-12: Frees up 1.1 GB on 32-bit RasPiOS. Frees up 1.6 GB on 64-bit RasPiOS. - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service (1) changing --log-error to --log-level=error (2) changing /usr/bin/transmission* to /usr/local/bin/transmission* shell: | From 934f2c1799cdc2ac6a6ab8a4e1b97ab0a8e449cc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 14:25:12 -0400 Subject: [PATCH 0577/1184] Kiwix support for 'armv6l: armv6' & 'armv7l: armv8' (tentative!) --- roles/kiwix/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 3d3472f1a..0010929c9 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -29,8 +29,8 @@ kiwix_arch_dict: # 'dpkg --print-architecture' key would be: (to mitigate # #i386: # ? i686: i586 # ? x86_64: x86_64 # amd64 - armv6l: armhf # armhf - armv7l: armhf # armhf BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574, PR #3576 + armv6l: armv6 # armhf + armv7l: armv8 # armhf BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574, PR #3576 aarch64: aarch64 # arm64 BEWARE: "32-bit" RasPiOS suddenly boots 64-bit kernel since March 2023 -- #3516, explained at https://github.com/iiab/iiab/pull/3422#issuecomment-1533441463 # ansible_architecture might also work, if not quite as well: From 21ca31877878465f2ffca4a0334ad1c702aa222e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 14:29:47 -0400 Subject: [PATCH 0578/1184] Revert May's kiwix-tools armhf 3.5.0 workaround to 3.4.0 --- roles/kiwix/tasks/install.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 3ad37ba2c..a78f71d21 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -24,23 +24,23 @@ timeout: "{{ download_timeout }}" register: kiwix_dl # PATH /opt/iiab/downloads + ACTUAL filename put in kiwix_dl.dest, for unarchive ~28 lines below -- name: "2023-05-14: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" - get_url: - url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz - dest: "{{ downloads_dir }}" - timeout: "{{ download_timeout }}" - #register: kiwix_dl # CLOBBERS kiwix_dl.dest WHEN THIS STANZA DOES NOT RUN :/ - when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" - -# Ansible does not allow changing individuals subfields in a dictionary, but -# this crude hack works, overwriting the entire kiwix_dl dictionary var with -# the single (needed) key/value pair. (Or "register: tmp_dl" could be set -# above, if its other [subfields, key/value pairs, etc] really mattered...) -- name: "2023-05-15: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" - set_fact: - kiwix_dl: - dest: /opt/iiab/downloads/kiwix-tools_linux-armhf-3.4.0.tar.gz - when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" +# - name: "2023-05-14: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" +# get_url: +# url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz +# dest: "{{ downloads_dir }}" +# timeout: "{{ download_timeout }}" +# #register: kiwix_dl # CLOBBERS kiwix_dl.dest WHEN THIS STANZA DOES NOT RUN :/ +# when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" +# +# # Ansible does not allow changing individuals subfields in a dictionary, but +# # this crude hack works, overwriting the entire kiwix_dl dictionary var with +# # the single (needed) key/value pair. (Or "register: tmp_dl" could be set +# # above, if its other [subfields, key/value pairs, etc] really mattered...) +# - name: "2023-05-15: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" +# set_fact: +# kiwix_dl: +# dest: /opt/iiab/downloads/kiwix-tools_linux-armhf-3.4.0.tar.gz +# when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" - name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) stat: From c4e94c5be04831b862da0e387cb4eb6300113b1c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 22:08:51 -0400 Subject: [PATCH 0579/1184] kiwix/defaults/main.yml: Update redirect doc link --- roles/kiwix/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 0010929c9..52e881796 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -42,6 +42,7 @@ kiwix_arch: "{{ kiwix_arch_dict[ansible_machine] | default('unsupported') }}" # Latest official kiwix-tools release, per Kiwix permalink redirects: # https://www.kiwix.org/en/downloads/kiwix-serve/ # https://github.com/kiwix/container-images/issues/236 +# https://github.com/kiwix/kiwix-tools/issues/623 kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}.tar.gz" #kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}-3.3.0-1.tar.gz" # Version can be hard-coded if you prefer (as was done til 2022-10-04) From 87d3bccd25cad912c72c0e91987a793ac401011f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 23:08:57 -0400 Subject: [PATCH 0580/1184] remote.it workaround for incoming ICMP firewalls e.g. GitHub Actions --- roles/remoteit/tasks/enable-or-disable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 5fba120ca..0023e0b17 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -33,7 +33,7 @@ # service, that they removed from 4.15.2 device packages on 2022-09-07. # (Either way, the job below never deletes /etc/remoteit/registration) -- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don''t already have a license key in /etc/remoteit/registration) -- FYI this spawns 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' +- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don''t already have a license key in /etc/remoteit/registration) -- FYI this should spawn 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' command: /usr/share/remoteit/refresh.sh when: remoteit_enabled @@ -59,6 +59,7 @@ name: schannel enabled: no state: stopped + ignore_errors: yes # 2023-06-12: Let's make these rare-but-unavoidable errors RED very intentionally, as below. Thanks to @neomatrixcode for surfacing this GitHub Actions problem, likely arising from inbound ICMP being blocked during remote.it install and/or above refresh.sh setup: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#cloud-hosts-used-by-github-hosted-runners when: not remoteit_enabled - name: Stop & Disable "Remote tcp connection services" remoteit@* found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service From b3f284c35a82b033707441978e2b08ec96910fbd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 13 Jun 2023 00:33:45 -0400 Subject: [PATCH 0581/1184] Update/clarify remote.it's latest pricing/plans --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 8a58110fb..218094d06 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [October 2022](https://remote.it/pricing/), 5 IIAB devices can be managed for free, and an unlimited number can be managed for $10/month. +As of [June 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From 8387cd94a3a82aef1ff04cdd10f40add8da5325a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 15 Jun 2023 09:01:38 -0400 Subject: [PATCH 0582/1184] nextcloud/tasks/install.yml: Clarify Nextcloud 27 reqs --- roles/nextcloud/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 4262bddc5..090c184fc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -46,12 +46,12 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. -# 2023-03-21: Check the latest required AND recommended prereqs below. -# e.g. Nextcloud 26 now allows installation on PHP 8.2: +# 2023-03-21 & 2023-06-15: Check latest required AND recommended prereqs below. +# e.g. Nextcloud 26 now works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0 # https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/25/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/26/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From 36c5caecd1612f59e60641f806da0088f3ba7c0c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 20 Jun 2023 13:41:41 -0400 Subject: [PATCH 0583/1184] Recommend ansible-core 2.15.1 --- scripts/ansible | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 3ae46a4c9..2a9be4a75 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.6] -GOOD_VER=2.14.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.1] +GOOD_VER=2.15.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -216,7 +216,8 @@ if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi -/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core==2.14.6 # 2023-05-22: TEMPORARILY REVERT FROM 2.15.0 UNTIL ansible/ansible#80863 FIXED (e.g. for FreePBX, #3588) +# 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) +/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do From ed73e94b460baff5d8e36f365f8c3bc2deb72c5a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 20 Jun 2023 14:44:25 -0400 Subject: [PATCH 0584/1184] freepbx.yml: Interim use of 'nohup' for ansible 2.15.x regression --- roles/pbx/tasks/freepbx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index d8632aa5b..521ecedc5 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -238,7 +238,7 @@ chdir: "{{ freepbx_src_dir }}" creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx with_items: - - ./start_asterisk start + - nohup ./start_asterisk start # 2023-06-20: Interim use of 'nohup' until ansible 2.15.x solves regression ansible/ansible#80863 - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} From c6316c1df7cf78c6a23a03f8faab784377f9ff5a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 20 Jun 2023 15:24:15 -0400 Subject: [PATCH 0585/1184] freepbx.yml: Clarify 2-step FreePBX install (1st stab) --- roles/pbx/tasks/freepbx.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 521ecedc5..5a44d86fd 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -232,7 +232,8 @@ dest: /etc/asterisk/cdr_mysql.conf -- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) +# 2023-05-21: Asterisk is normally OFF at this point (but that doesn't matter, either way!) +- name: FreePBX - 2-step install - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) command: "{{ item }}" args: chdir: "{{ freepbx_src_dir }}" From 822c4c2e08c7d0a7282bd425546c08585427be49 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 21 Jun 2023 09:21:39 -0400 Subject: [PATCH 0586/1184] Interim hack to start Asterisk til ansible-core 2.15.x recovers --- roles/pbx/tasks/freepbx.yml | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 5a44d86fd..daa2f4e3c 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -232,16 +232,30 @@ dest: /etc/asterisk/cdr_mysql.conf -# 2023-05-21: Asterisk is normally OFF at this point (but that doesn't matter, either way!) -- name: FreePBX - 2-step install - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) - command: "{{ item }}" +# 2023-05-21: Asterisk is in fact normally OFF at this point (shouldn't matter!) +# - name: FreePBX - Spawn 'nohup ./start_asterisk start' in {{ freepbx_src_dir }} +# command: nohup ./start_asterisk start +# args: +# chdir: "{{ freepbx_src_dir }}" + +# 2023-06-21: Interim use of 'nohup' didn't quite solve ansible 2.15.x +# regression ansible/ansible#80863, which led to PR's #3588 and #3604. +- name: FreePBX - INTERIM USE OF 'systemctl start asterisk' TIL ANSIBLE FIXES 2.15.x REGRESSION ansible/ansible#80863 -- 'nohup ./start_asterisk start' ALSO DOESN'T WORK WITH 2.15.0 AND 2.15.1 + systemd: + name: asterisk + state: started + #enabled: yes + +# 2023-06-21: Commands to try to see if Asterisk has started & stabilized? +# pidof asterisk +# /usr/sbin/asterisk -rx 'core show version' +# journalctl -eu asterisk + +- name: FreePBX - WAIT 5 SECONDS TO SIMULATE './start_asterisk start' (REQUIRED DUE TO ABOVE ANSIBLE BUG) THEN install FreePBX to {{ freepbx_install_dir }} - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) + shell: sleep 5 && ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} args: chdir: "{{ freepbx_src_dir }}" - creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx - with_items: - - nohup ./start_asterisk start # 2023-06-20: Interim use of 'nohup' until ansible 2.15.x solves regression ansible/ansible#80863 - - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} - # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} + #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 From ea3bb783cc65c23258c2d3acb7242bc1974c3bd8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 21 Jun 2023 09:53:43 -0400 Subject: [PATCH 0587/1184] Clarify freepbx.yml hack, to start Asterisk (awaiting ansible-core 2.15.x fix) --- roles/pbx/tasks/freepbx.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index daa2f4e3c..8ca2cd83f 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -240,18 +240,18 @@ # 2023-06-21: Interim use of 'nohup' didn't quite solve ansible 2.15.x # regression ansible/ansible#80863, which led to PR's #3588 and #3604. -- name: FreePBX - INTERIM USE OF 'systemctl start asterisk' TIL ANSIBLE FIXES 2.15.x REGRESSION ansible/ansible#80863 -- 'nohup ./start_asterisk start' ALSO DOESN'T WORK WITH 2.15.0 AND 2.15.1 +- name: FreePBX - INTERIM USE OF 'systemctl start asterisk' TIL ANSIBLE FIXES 2.15.x REGRESSION ansible/ansible#80863 -- AS EVEN 'nohup ./start_asterisk start' DOESN'T WORK WITH 2.15.0 AND 2.15.1 systemd: name: asterisk state: started #enabled: yes -# 2023-06-21: Commands to try to see if Asterisk has started & stabilized? +# 2023-06-21: Commands to try, to see if Asterisk has started & stabilized? # pidof asterisk # /usr/sbin/asterisk -rx 'core show version' # journalctl -eu asterisk -- name: FreePBX - WAIT 5 SECONDS TO SIMULATE './start_asterisk start' (REQUIRED DUE TO ABOVE ANSIBLE BUG) THEN install FreePBX to {{ freepbx_install_dir }} - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) +- name: FreePBX - WAIT 5 SECONDS TO SIMULATE './start_asterisk start' (REQUIRED DUE TO ABOVE ANSIBLE BUG) THEN... install FreePBX to {{ freepbx_install_dir }} - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) shell: sleep 5 && ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} args: chdir: "{{ freepbx_src_dir }}" From cf724194f81d683b76980510cc26e3ad971447b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 22 Jun 2023 08:00:11 -0400 Subject: [PATCH 0588/1184] Update nextcloud/README.md PHP & prereq links --- roles/nextcloud/README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 2e346a16f..6b4622bcf 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike> -(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini: +(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : - upload_max_filesize - post_max_size @@ -34,10 +34,13 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi - max_input_time - max_input_vars (Moodle 3.11+ requires 5000+ with PHP 8+) -Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/main.yml#L53-L133) +FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle requires). -(4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/php-settings.yml#L55-L110) +(4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: + +- https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml From d7ec19a70b0455b1d07bb2b75528600b1403543a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 22 Jun 2023 08:07:04 -0400 Subject: [PATCH 0589/1184] Fix doc link to www_options/tasks/php-settings.yml --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 6b4622bcf..adea58ee9 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -36,7 +36,7 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle requires). -Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/php-settings.yml#L55-L110) +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/php-settings.yml#L55-L110](../www_options/tasks/php-settings.yml#L55-L110) (4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: From dd2ed569511c5703ccb7c1d019a98bdf855ee048 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 22 Jun 2023 09:27:57 -0400 Subject: [PATCH 0590/1184] nextcloud/README.md: Strike ownyourbits.com (site died) --- roles/nextcloud/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index adea58ee9..64747521b 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -60,8 +60,8 @@ Do not install the [Nextcloud News](https://apps.nextcloud.com/apps/news) app (a Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? -- https://ownyourbits.com/nextcloudpi/ -- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ +- ~https://ownyourbits.com/nextcloudpi/~ +- ~https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/~ - https://github.com/nextcloud/nextcloudpi Please [contact us](https://internet-in-a-box.org/contributing.html) if you can help! From 55caae4eec5d4c17a23f169907410e78847844e3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Jun 2023 05:00:22 -0400 Subject: [PATCH 0591/1184] README.md: Link to FAQ "quick install" tips --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a16a4437d..f2485c06c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible3F)) as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 9b57d39bf5535caf9fbea04358b1afefab740daa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Jun 2023 05:01:54 -0400 Subject: [PATCH 0592/1184] README.md: Fix typo in URL --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f2485c06c..633e0b392 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible3F)) as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 586bfc5cb1abf6b4333a21d3fa89695f115432dc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Jun 2023 09:23:09 -0400 Subject: [PATCH 0593/1184] nodejs/README.md: Soften 64-bit "Zero 2 W" warning --- roles/nodejs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 33c6bcb02..7e2716bc9 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -35,7 +35,7 @@ sudo ./runrole --reinstall nodejs Raspberry Pi Zero W Warning --------------------------- -UPDATE: The Zero 2 W released 2021-10-28 is 64-bit (ARMv7) so may or may not have such serious problems... +UPDATE: The Zero 2 W released 2021-10-28 is 64-bit (ARMv7) so may not have such serious problems... On the original Raspberry Pi Zero W (ARMv6) however: Node.js applications like Internet Archive, JupyterHub, Node-RED, PBX (Asterisk/FreePBX) and Sugarizer won't work — if you installed Node.js while on Raspberry Pi 3, 3 B+ (ARMv7) or Raspberry Pi 4 (ARMv8). From 4be4ac68d435492229f278787ac82810e7fe4f66 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 27 Jun 2023 17:02:11 -0400 Subject: [PATCH 0594/1184] usb_lib/tasks/install.yml: Fix exFAT doc URL --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 5db37908b..e0699a652 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -78,7 +78,7 @@ # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... -# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml#L22-L23 +# SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 - name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf lineinfile: regexp: '^FILESYSTEMS=.*' From 712b26c4025608c1eaf3c8f0afb483295f3d95dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:29:13 -0400 Subject: [PATCH 0595/1184] MediaWiki 1.40.0 (new release) --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 16943b39a..aa695a65c 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 3 +mediawiki_major_version: 1.40 # "1.35" also works +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 975ce2f54e1fee82ba6412641b47a51ac078921d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 2 Jul 2023 14:06:22 -0400 Subject: [PATCH 0596/1184] PR #3605: Add "1.40" quotes for trailing zero --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index aa695a65c..22cd060ad 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.40 # "1.35" also works +mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" From 6cf233b33201ff4c583f5bdc4e843042529cb42b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 12:11:10 -0400 Subject: [PATCH 0597/1184] calibre-web-nginx.conf.j2: Quote all 3 URL params --- roles/calibre-web/templates/calibre-web-nginx.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/templates/calibre-web-nginx.conf.j2 b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 index d1f2da25b..2ebfe47fe 100644 --- a/roles/calibre-web/templates/calibre-web-nginx.conf.j2 +++ b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 @@ -5,7 +5,7 @@ location {{ calibreweb_url1 }}/ { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url1 }}; + proxy_set_header X-Script-Name "{{ calibreweb_url1 }}"; proxy_pass http://127.0.0.1:8083; } @@ -14,7 +14,7 @@ location {{ calibreweb_url2 }}/ { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url2 }}; + proxy_set_header X-Script-Name "{{ calibreweb_url2 }}"; proxy_pass http://127.0.0.1:8083; } @@ -23,6 +23,6 @@ location {{ calibreweb_url3 }}/ { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url3 }}; + proxy_set_header X-Script-Name "{{ calibreweb_url3 }}"; proxy_pass http://127.0.0.1:8083; } From 65295a100c07d1779da839b071643b82f122b22a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 22:30:01 -0400 Subject: [PATCH 0598/1184] Softcode calibreweb_repo_url in install.yml --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index ebeefb6d7..17640c3ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -45,7 +45,7 @@ ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 - name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: - repo: https://github.com/janeczku/calibre-web.git + repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes depth: 1 From 8df3848b96319daaebf5c3c5d6a9b7bf403c7f6a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 22:31:51 -0400 Subject: [PATCH 0599/1184] Softcode calibreweb_repo_url in defaults/main.yml --- roles/calibre-web/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 7abab0bd8..250deeaf6 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -14,6 +14,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 calibreweb_venv_path: /usr/local/calibre-web-py3 From 41f4617a4f70cdbf2d78291b7e120254d28fc6b1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 22:42:16 -0400 Subject: [PATCH 0600/1184] calibre-web/tasks/install.yml: Mention 0.6.20 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 17640c3ed..24f44d0f7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -49,7 +49,7 @@ dest: "{{ calibreweb_venv_path }}" force: yes depth: 1 - version: "{{ calibreweb_version }}" # e.g. master, 0.6.17 + version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 ## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) #- name: Download calibre-web dependencies into vendor subdirectory. From 303498a9d18591864a55a6c82ad735b359be7e17 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 23:01:55 -0400 Subject: [PATCH 0601/1184] Note {{ calibreweb_repo_url }} in Ansible output for #3606 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 24f44d0f7..b8a735587 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -43,7 +43,7 @@ - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 -- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) +- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From c8307501e5e3498a12fcc5392dfa8a4ce9214f69 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 23:18:31 -0400 Subject: [PATCH 0602/1184] www_options/tasks/main.yml: Clarify iiab_home_url --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 9e41f6e76..a78b1f7f3 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -12,7 +12,7 @@ - name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.) file: state: directory - path: "{{ doc_root }}{{ iiab_home_url }}" # /library/www/html/home + path: "{{ doc_root }}{{ iiab_home_url }}" # e.g. /library/www/html/home owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: '0755' From c28e5e6a6724417a82f032d9d48f8cb690c253ff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jul 2023 11:16:30 -0400 Subject: [PATCH 0603/1184] calibre-web/tasks/install.yml: Install ffmpeg not just imagemagick --- roles/calibre-web/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index b8a735587..62d55f32f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -6,6 +6,7 @@ - name: "Install packages: imagemagick, python3-netifaces" package: name: + - ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved! - imagemagick - python3-netifaces state: present From e7b314334a283a4ae1cb23b4a8017d4c4f3cec59 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jul 2023 11:20:17 -0400 Subject: [PATCH 0604/1184] Clarify install of ffmpeg during Calibre-Web install --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62d55f32f..36f1ae5e6 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,7 +3,7 @@ register: df1 -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install packages: ffmpeg, imagemagick, python3-netifaces" package: name: - ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved! From c657581e69a08fb78aab04aed0c43fa691a7be56 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jul 2023 14:50:53 -0400 Subject: [PATCH 0605/1184] calibre-web/tasks/install.yml: Update + clean comments! --- roles/calibre-web/tasks/install.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 36f1ae5e6..1c0a9505f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -19,6 +19,7 @@ # - gcc # compiler # state: present # when: python_version is version('3.10', '>=') + - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -43,7 +44,13 @@ - "{{ calibreweb_config }}" # /library/calibre-web/config - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 -## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 +# FYI since May 2021, Calibre-Web (major releases) can be installed with pip: +# https://pypi.org/project/calibreweb/ +# https://github.com/janeczku/calibre-web/issues/456 +# https://github.com/janeczku/calibre-web/issues/677 +# https://github.com/janeczku/calibre-web/pull/927 +# https://github.com/janeczku/calibre-web/pull/1459 + - name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web @@ -52,15 +59,6 @@ depth: 1 version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 -## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) -#- name: Download calibre-web dependencies into vendor subdirectory. -# pip: -# requirements: "{{ calibreweb_path }}/requirements.txt" -# chdir: "{{ calibreweb_path }}" -# extra_args: '--target vendor' -# ignore_errors: True -## -# Implementing this with Ansible command module for now. - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} pip: requirements: "{{ calibreweb_venv_path }}/requirements.txt" From 31644737ae90cf6b8a6e9bb41116e7a152c8a1ee Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 16 Jul 2023 16:02:11 -0400 Subject: [PATCH 0606/1184] New Gitea release 1.20 --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index fff7e0b28..1bbdb828c 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.19 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. +gitea_version: "1.20" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 831fdad5dd013c9ea6c06fb04ba390e8ae96c42b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 16 Jul 2023 18:21:42 -0400 Subject: [PATCH 0607/1184] Patch app.ini.j2 for Gitea 1.20 --- roles/gitea/defaults/main.yml | 2 +- roles/gitea/tasks/install.yml | 6 +++--- roles/gitea/templates/app.ini.j2 | 28 +++++++++++++++++++++------- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 1bbdb828c..e2311c804 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -19,7 +19,7 @@ iset_suffixes: gitea_iset_suffix: "{{ iset_suffixes[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) -gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" +gitea_download_url: "https://dl.gitea.com/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" gitea_integrity_url: "{{ gitea_download_url }}.asc" gitea_root_directory: "{{ content_base }}/gitea" # /library/gitea diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index c46abbdab..592e148f3 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -48,10 +48,10 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~108 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" - dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16 + dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.20 mode: 0775 timeout: "{{ download_timeout }}" @@ -63,7 +63,7 @@ - name: Verify Gitea binary with GPG signature shell: | - gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }} + gpg --keyserver keys.openpgp.org --recv {{ gitea_gpg_key }} gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }} ignore_errors: yes diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2 index 00d503fdb..98add8b15 100644 --- a/roles/gitea/templates/app.ini.j2 +++ b/roles/gitea/templates/app.ini.j2 @@ -2,7 +2,8 @@ ; Copy required sections to your own app.ini (default is custom/conf/app.ini) ; and modify as needed. -; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation. +; see https://docs.gitea.com/administration/config-cheat-sheet for additional documentation. +; https://docs.gitea.com/next/administration/config-cheat-sheet ; App name that shows in every page title APP_NAME = {{ gitea_display_name }} @@ -23,9 +24,11 @@ DEFAULT_PRIVATE = last ; Global limit of repositories per user, applied at creation time. -1 means no limit MAX_CREATION_LIMIT = -1 ; Mirror sync queue length, increase if mirror syncing starts hanging -MIRROR_QUEUE_LENGTH = 1000 +; 2023-07-16 ERROR: MIRROR_QUEUE_LENGTH = 1000 +; `[repository].MIRROR_QUEUE_LENGTH`. Use new options in `[queue.mirror]` ; Patch test queue length, increase if pull request patch testing starts hanging -PULL_REQUEST_QUEUE_LENGTH = 1000 +; 2023-07-16 ERROR: PULL_REQUEST_QUEUE_LENGTH = 1000 +; `[repository].PULL_REQUEST_QUEUE_LENGTH`. Use new options in `[queue.pr_patch_checker]` ; Preferred Licenses to place at the top of the List ; The name here must match the filename in conf/license or custom/conf/license PREFERRED_LICENSES = Apache License 2.0,MIT License @@ -201,13 +204,22 @@ PPROF_DATA_PATH = data/tmp/pprof LANDING_PAGE = home ; Enables git-lfs support. true or false, default is false. LFS_START_SERVER = false -; Where your lfs files reside, default is data/lfs. -LFS_CONTENT_PATH = {{ gitea_lfs_root }} ; LFS authentication secret, change this yourself LFS_JWT_SECRET = ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. LFS_HTTP_AUTH_EXPIRY = 20m +; lfs [Large File Storage] storage will override storage +; +[lfs] +;STORAGE_TYPE = local +; +; Where your lfs files reside, default is data/lfs. +PATH = {{ gitea_lfs_root }} +; +; override the minio base path if storage type is minio +;MINIO_BASE_PATH = lfs/ + ; Define allowed algorithms and their minimum key length (use -1 to disable a type) [ssh.minimum_key_sizes] ED25519 = 256 @@ -240,7 +252,8 @@ ISSUE_INDEXER_PATH = indexers/issues.bleve ; repo indexer by default disabled, since it uses a lot of disk space REPO_INDEXER_ENABLED = false REPO_INDEXER_PATH = indexers/repos.bleve -UPDATE_BUFFER_LEN = 20 +; 2023-07-16 ERROR: UPDATE_BUFFER_LEN = 20 +; `[indexer].UPDATE_BUFFER_LEN`. Use new options in `[queue.issue_indexer]` MAX_FILE_SIZE = 1048576 [admin] @@ -360,7 +373,8 @@ PAGING_NUM = 10 [mailer] ENABLED = false ; Buffer length of channel, keep it as it is if you don't know what it is. -SEND_BUFFER_LEN = 100 +; 2023-07-16 ERROR: SEND_BUFFER_LEN = 100 +; `[mailer].SEND_BUFFER_LEN`. Use new options in `[queue.mailer]` ; Name displayed in mail title SUBJECT = %(APP_NAME)s ; Mail server From 89148e8214803ea78c20ae666e8a967dd0eb9acf Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 16 Jul 2023 18:38:54 -0400 Subject: [PATCH 0608/1184] Clarify bogus PGP signing of Gitea binary downloads --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 592e148f3..957da4822 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -61,7 +61,7 @@ dest: "{{ gitea_checksum_path }}" timeout: "{{ download_timeout }}" -- name: Verify Gitea binary with GPG signature +- name: Verify Gitea binary with GPG signature ("BAD signature" FALSE ALARMS continue as of 2023-07-16, despite their claims at https://docs.gitea.com/installation/install-from-binary#verify-gpg-signature) shell: | gpg --keyserver keys.openpgp.org --recv {{ gitea_gpg_key }} gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }} From ff6a0cf4d8f92b1fc580d7c23f79ccb31ad4d460 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Jul 2023 22:35:02 -0400 Subject: [PATCH 0609/1184] Recommend ansible-core 2.15.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2a9be4a75..be37b2556 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.1] -GOOD_VER=2.15.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.2] +GOOD_VER=2.15.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 8df708d47393f2c9e24f1469432d054056e9d672 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Jul 2023 22:40:26 -0400 Subject: [PATCH 0610/1184] iiab-install: MIN_ANSIBLE_VER=2.13.11 alongside PR #3610 --- iiab-install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-install b/iiab-install index 2be185afc..bd7185f41 100755 --- a/iiab-install +++ b/iiab-install @@ -10,8 +10,8 @@ ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forc CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' -MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.9 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 +MIN_ANSIBLE_VER=2.13.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 17413fd5703514c19389106628fe306715b3e3cc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Jul 2023 19:15:19 -0400 Subject: [PATCH 0611/1184] calibre-web/README.rst: Outline log levels --- roles/calibre-web/README.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 44df76aa4..cc8fb2b3b 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -56,6 +56,12 @@ You can manage the backend Calibre-Web server with these systemd commands:: systemctl status calibre-web systemctl stop calibre-web +Errors and warnings can be seen if you run:: + + journalctl -u calibre-web + +Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's web **Configuration > Basic Configuration > Logfile Configuration**. + Configuration ------------- From db7d85c50c82d75d462b8002f6b58a8c51659557 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Jul 2023 19:18:55 -0400 Subject: [PATCH 0612/1184] calibre-web/README.rst: Tidy up / clarify --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index cc8fb2b3b..418e4a57a 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -60,7 +60,7 @@ Errors and warnings can be seen if you run:: journalctl -u calibre-web -Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's web **Configuration > Basic Configuration > Logfile Configuration**. +Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration** (details below). Configuration ------------- From 64cdb3869c09b3ac0495faa810b72fb71e774dcc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 24 Jul 2023 22:55:16 -0400 Subject: [PATCH 0613/1184] venv pip requirements.txt tips (e.g. for Calibre-Web) --- roles/calibre-web/tasks/install.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1c0a9505f..96bdda124 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -68,12 +68,13 @@ # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 -# source bin/activate -# python3 -m pip list ('pip list' probably sufficient, likewise below) +# source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) +# python3 -m pip list ('pip list' sufficient *IF* path set above!) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt # deactivate -# https://pip.pypa.io/en/latest/user_guide/#requirements-files +# https://pip.pypa.io/en/stable/user_guide/#requirements-files +# https://pip.pypa.io/en/latest/reference/requirements-file-format/ - name: Install /etc/systemd/system/calibre-web.service from template template: From 3934563ad689456061c400aeb5ea81eb86fd1dce Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 04:28:14 -0400 Subject: [PATCH 0614/1184] Remote.It CLI can no longer coexist with remoteit Device Package --- roles/remoteit/tasks/install.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 4610f63fc..f8905e7ee 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -118,13 +118,18 @@ msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" when: remoteit_arch == "unknown" -- name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) - get_url: - url: "{{ remoteit_cli_url }}" - dest: /usr/bin/remoteit - mode: 0755 - force: yes - timeout: "{{ download_timeout }}" +# 2023-07-26: Remote.It CLI used to coexist fine with their "Device Package" +# e.g. it worked with remoteit apt package 4.17.12 in Q2 2023. +# But no longer--with remoteit apt package 4.18.4 (in Q3 2023) which fails to +# install with error: "Device Package cannot coexist with Remote.It CLI" +# +# - name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) +# get_url: +# url: "{{ remoteit_cli_url }}" # e.g. https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux +# dest: /usr/bin/remoteit +# mode: 0755 +# force: yes +# timeout: "{{ download_timeout }}" # RECORD remote.it AS INSTALLED From 9ac22d65ef87b68329bf77415ac43a84aaae93ca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 04:34:11 -0400 Subject: [PATCH 0615/1184] Remote.It CLI can no longer coexist with remoteit Device Package --- roles/remoteit/defaults/main.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index 5acf6b379..0011567bd 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -41,16 +41,19 @@ # SEE https://www.remote.it/download-list # https://www.remote.it/download-list?products=cli to refine arch/URL below # BUT https://docs.remote.it/software/cli/overview can be useful OR stale :/ -remoteit_arch_dict: - armv6: arm-v6 - armv6l: arm-v6 - armv7: arm-v7 - armv7l: arm-v7 - armv8: aarch64 - aarch64: aarch64 - x86_64: x86_64 -remoteit_arch: "{{ remoteit_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) -remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux +# +# 2023-07-26: Remote.It CLI can no longer coexist with their "Device Package" +# SEE remoteit/tasks/install.yml Line ~121. +# remoteit_arch_dict: +# armv6: arm-v6 +# armv6l: arm-v6 +# armv7: arm-v7 +# armv7l: arm-v7 +# armv8: aarch64 +# aarch64: aarch64 +# x86_64: x86_64 +# remoteit_arch: "{{ remoteit_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) +# remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux # OPTION #1: Run 'sudo iiab-remoteit' after IIAB is installed. From aeb7b60ca7ef3f89a523b29b00712167fe9c8734 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 04:36:46 -0400 Subject: [PATCH 0616/1184] remoteit/tasks/install.yml: Fully excise remote.it CLI --- roles/remoteit/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index f8905e7ee..8d8874f2e 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -113,16 +113,16 @@ mode: 0755 -- name: Fail if architecture remoteit_arch == "unknown" - fail: - msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" - when: remoteit_arch == "unknown" - # 2023-07-26: Remote.It CLI used to coexist fine with their "Device Package" # e.g. it worked with remoteit apt package 4.17.12 in Q2 2023. # But no longer--with remoteit apt package 4.18.4 (in Q3 2023) which fails to # install with error: "Device Package cannot coexist with Remote.It CLI" # +# - name: Fail if architecture remoteit_arch == "unknown" +# fail: +# msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" +# when: remoteit_arch == "unknown" +# # - name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) # get_url: # url: "{{ remoteit_cli_url }}" # e.g. https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux From c62d986316186821c0f23727bb96fda7e007de1c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 05:02:44 -0400 Subject: [PATCH 0617/1184] remoteit/README.md: CLI can no longer coexist w/ Device Package --- roles/remoteit/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 218094d06..5a6eb663c 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [June 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [July 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" @@ -14,13 +14,13 @@ For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> " 2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. - COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage + 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist](https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage <!-- ### Install remote.it onto an IIAB + register it + authorize services/ports --> ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports <!-- ### OPTION #1: Run `sudo iiab-remoteit` to enable remote.it --> -Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is already installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. +Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is already installed on your IIAB, most important. 1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB: @@ -158,7 +158,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s <!-- "auto-registration" of remote.it, and other more advanced configuration options, see: --> - https://docs.remote.it - - https://docs.remote.it/developer-tools/cli-usage + - ~https://docs.remote.it/developer-tools/cli-usage~ - https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account - https://support.remote.it - https://support.remote.it/hc/en-us/categories/360003417511-Getting-Started From 8acf624c52c8975a8f1598e8e3fd99297a10feda Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 05:28:12 -0400 Subject: [PATCH 0618/1184] remoteit/README.md: Fix doc URL for #3611 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 5a6eb663c..a6d5774a6 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -14,7 +14,7 @@ For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> " 2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. - 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist](https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage + 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist]([https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132](https://github.com/iiab/iiab/blob/9d27ff04184fc971b0a8737ba0d14b69d433a5ad/roles/remoteit/tasks/install.yml#L116-L132)) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage <!-- ### Install remote.it onto an IIAB + register it + authorize services/ports --> ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports From ff5fc18f183ed4c457dcfcbb56087b325e9f99af Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 05:29:35 -0400 Subject: [PATCH 0619/1184] remoteit/README.md: Really fix doc URL for #3611 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index a6d5774a6..43395bdc7 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -14,7 +14,7 @@ For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> " 2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. - 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist]([https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132](https://github.com/iiab/iiab/blob/9d27ff04184fc971b0a8737ba0d14b69d433a5ad/roles/remoteit/tasks/install.yml#L116-L132)) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage + 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist](https://github.com/iiab/iiab/blob/9d27ff04184fc971b0a8737ba0d14b69d433a5ad/roles/remoteit/tasks/install.yml#L116-L132) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage <!-- ### Install remote.it onto an IIAB + register it + authorize services/ports --> ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports From 8b628f96024b415c970348a30df69d040715f618 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 06:43:04 -0400 Subject: [PATCH 0620/1184] calibre-web/README.rst: Clarify ebook-convert may need ~1GB --- roles/calibre-web/README.rst | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 418e4a57a..d55cd0949 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -18,16 +18,18 @@ e-books using an existing Calibre database. Teachers can upload e-books, adjust e-book metadata, and create custom e-book collections ("bookshelves"): https://github.com/janeczku/calibre-web#about -This Ansible role installs Calibre-Web as part of your Internet-in-a-Box (IIAB) -as a possible alternative to Calibre. +This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for +your Internet-in-a-Box (IIAB). -*WARNING: Calibre-Web depends on Calibre's own* ``/usr/bin/ebook-convert`` *program, -so we strongly recommend you also install Calibre during your IIAB -installation!* +*NOTE: Calibre-Web takes advantage of Calibre's own +`/usr/bin/ebook-convert <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ +program if that's installed — so consider installing Calibre during your IIAB +installation — if you tolerate the weighty ~1 GB (of graphical OS libraries) +that Calibre mandates!* -Please note Calibre-Web's Ansible playbook is ``/opt/iiab/iiab/roles/calibre-web`` -whereas its Ansible variables ``calibreweb_*`` do **not** include the dash, -per Ansible recommendations. +Please note Calibre-Web's Ansible playbook is +``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables +``calibreweb_*`` do **not** include the dash, per Ansible recommendations. Using It -------- From 71dfda824b6c12e2ecb51160b0cb4f36ef0577bd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 06:45:44 -0400 Subject: [PATCH 0621/1184] calibre-web/README.rst: URL syntax cleanup --- roles/calibre-web/README.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d55cd0949..011f422eb 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -21,11 +21,11 @@ https://github.com/janeczku/calibre-web#about This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for your Internet-in-a-Box (IIAB). -*NOTE: Calibre-Web takes advantage of Calibre's own +*NOTE: Calibre-Web takes advantage of Calibre's own* `/usr/bin/ebook-convert <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ -program if that's installed — so consider installing Calibre during your IIAB -installation — if you tolerate the weighty ~1 GB (of graphical OS libraries) -that Calibre mandates!* +*program if that's installed — so consider also installing Calibre during your +IIAB installation — if you tolerate the weighty ~1 GB (of graphical OS +libraries) that Calibre mandates!* Please note Calibre-Web's Ansible playbook is ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables From 93d99f9d0ab08d6dadc908bc65506622e9120e38 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 4 Aug 2023 18:51:35 -0400 Subject: [PATCH 0622/1184] calibre-web/README.rst: Clarify "Configuration" buttons --- roles/calibre-web/README.rst | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 011f422eb..a1bf69260 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -14,9 +14,9 @@ Calibre-Web README ================== Calibre-Web provides a clean interface for browsing, reading and downloading -e-books using an existing Calibre database. Teachers can upload e-books, -adjust e-book metadata, and create custom e-book collections ("bookshelves"): -https://github.com/janeczku/calibre-web#about +e-books using a `Calibre <https://calibre-ebook.com/whats-new>`_ database. +Teachers can upload e-books, adjust e-book metadata, and create custom e-book +collections ("bookshelves"): https://github.com/janeczku/calibre-web#about This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for your Internet-in-a-Box (IIAB). @@ -62,19 +62,25 @@ Errors and warnings can be seen if you run:: journalctl -u calibre-web -Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration** (details below). +Log verbosity level can be +`adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ +within Calibre-Web's **Configuration > Basic Configuration > Logfile +Configuration** (details below). Configuration ------------- -To configure Calibre-Web, log in as user 'Admin' then click 'Admin' on top. -Check 'Configuration' options near the bottom of the page. +To configure Calibre-Web browse to http://box/books then click **Guest** to log +in as user **Admin** (default passwords above!) -Critical settings are stored in:: +Then click the leftmost **Admin** button to administer — considering all 3 +**Configuration** buttons further below. + +These critical settings are stored in:: /library/calibre-web/config/app.db -Your e-book metadata is stored in a Calibre-style database:: +Whereas your e-book metadata is stored in a Calibre-style database:: /library/calibre-web/metadata.db From fc75b456bddb6e77b7f57361377a30e7d973b63b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 4 Aug 2023 22:29:48 -0400 Subject: [PATCH 0623/1184] calibre-web/README.rst: Refine links --- roles/calibre-web/README.rst | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index a1bf69260..dfc34c648 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -14,12 +14,15 @@ Calibre-Web README ================== Calibre-Web provides a clean interface for browsing, reading and downloading -e-books using a `Calibre <https://calibre-ebook.com/whats-new>`_ database. +e-books using a `Calibre database <https://manual.calibre-ebook.com/db_api.html>`_. Teachers can upload e-books, adjust e-book metadata, and create custom e-book -collections ("bookshelves"): https://github.com/janeczku/calibre-web#about +collections ("bookshelves"): -This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for -your Internet-in-a-Box (IIAB). +https://github.com/janeczku/calibre-web#about + +This Ansible role installs Calibre-Web, as a modern alternative to +`Calibre <https://calibre-ebook.com/whats-new>`_, +for your Internet-in-a-Box (IIAB). *NOTE: Calibre-Web takes advantage of Calibre's own* `/usr/bin/ebook-convert <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ @@ -29,7 +32,7 @@ libraries) that Calibre mandates!* Please note Calibre-Web's Ansible playbook is ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables -``calibreweb_*`` do **not** include the dash, per Ansible recommendations. +``calibreweb_*`` do **not** include the dash. Using It -------- From 86610263193d3880711e8d45635362f9a462a1f3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 08:01:51 -0400 Subject: [PATCH 0624/1184] calibre-web/README.rst: Overhaul intro --- roles/calibre-web/README.rst | 45 +++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index dfc34c648..8e816ef14 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -13,26 +13,39 @@ Calibre-Web README ================== -Calibre-Web provides a clean interface for browsing, reading and downloading -e-books using a `Calibre database <https://manual.calibre-ebook.com/db_api.html>`_. -Teachers can upload e-books, adjust e-book metadata, and create custom e-book -collections ("bookshelves"): +This Ansible role installs +`Calibre-Web <https://github.com/janeczku/calibre-web#readme>`_ as a modern +client-server alternative to Calibre, for your +`Internet-in-a-Box (IIAB) <https://internet-in-a-box.org>`_. -https://github.com/janeczku/calibre-web#about +Calibre-Web provides a clean web interface for students to browse, read and +download e-books using a +`Calibre-compatible database <https://manual.calibre-ebook.com/db_api.html>`_. -This Ansible role installs Calibre-Web, as a modern alternative to -`Calibre <https://calibre-ebook.com/whats-new>`_, -for your Internet-in-a-Box (IIAB). +Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" +collections — to help students build the best local library! -*NOTE: Calibre-Web takes advantage of Calibre's own* -`/usr/bin/ebook-convert <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ -*program if that's installed — so consider also installing Calibre during your -IIAB installation — if you tolerate the weighty ~1 GB (of graphical OS -libraries) that Calibre mandates!* +.. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg -Please note Calibre-Web's Ansible playbook is -``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables -``calibreweb_*`` do **not** include the dash. +🍒 GURU TIPS 🍒 + +* Calibre-Web takes advantage of Calibre's own `/usr/bin/ebook-convert + <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ program + if that's installed — so consider also installing + `Calibre <https://calibre-ebook.com/whats-new>`_ during your IIAB + installation — *if you tolerate the weighty ~1 GB (of graphical OS libraries) + that Calibre mandates!* + +* If you choose to also install Calibre (e.g. by running + ``sudo apt install calibre``) then you'll get useful e-book + importing/organizing tools like + `/usr/bin/calibredb <https://manual.calibre-ebook.com/generated/en/calibredb.html>`_. + +* WARNING: Calibre-Web's Ansible playbook is + ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables (in + `/etc/iiab/local_vars.yml + <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) + ``calibreweb_*`` do **not** include the dash. Using It -------- From 31c9ef6297aadc887d98ee2f648a5d92dd8b224c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 08:20:39 -0400 Subject: [PATCH 0625/1184] calibre-web/README.rst: Clarify hyphen mess! --- roles/calibre-web/README.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 8e816ef14..ef80c67d4 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -41,11 +41,11 @@ collections — to help students build the best local library! importing/organizing tools like `/usr/bin/calibredb <https://manual.calibre-ebook.com/generated/en/calibredb.html>`_. -* WARNING: Calibre-Web's Ansible playbook is - ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables (in - `/etc/iiab/local_vars.yml +* WARNING: Calibre-Web's Ansible role (playbook) is + ``/opt/iiab/iiab/roles/calibre-web`` which contains a hyphen, whereas its + Ansible variables (in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) - ``calibreweb_*`` do **not** include the dash. + ``calibreweb_*`` do **not** contain a hyphen! Using It -------- From 11a978b1daf0c89cb4f5d5167f487b0b070a4fc7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 12:00:20 -0400 Subject: [PATCH 0626/1184] scripts/ansible: Install cryptography 40.0.1 on ALL 32-bit arch's --- scripts/ansible | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index be37b2556..0e61dc7f2 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -212,7 +212,8 @@ python3 -m venv /usr/local/ansible # # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ -if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM +#if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM +if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi From ceccade90ccd494c754ba75501636f26931c9606 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 13:30:13 -0400 Subject: [PATCH 0627/1184] scripts/ansible: Update doc links --- scripts/ansible | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0e61dc7f2..d8285f680 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -33,23 +33,24 @@ GOOD_VER=2.15.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags -# https://github.com/ansible/ansible/releases (OLD) +# https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.15 +# https://github.com/ansible/ansible/blob/stable-2.15/changelogs/CHANGELOG-v2.15.rst # https://github.com/ansible/ansible/commits/stable-2.14 # https://github.com/ansible/ansible/blob/stable-2.14/changelogs/CHANGELOG-v2.14.rst # https://github.com/ansible/ansible/commits/stable-2.13 # https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst # https://github.com/ansible/ansible/commits/stable-2.12 # https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-v2.12.rst -# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_12.rst # https://pypi.org/project/ansible-core/ -# https://pypi.org/project/ansible-base/ -# https://releases.ansible.com/ansible-core/ +# https://pypi.org/project/ansible-base/ (OLD) +# https://releases.ansible.com/ansible-core/ (OLD) # https://releases.ansible.com/ansible-base/ (OLD) # https://launchpad.net/~ansible # https://launchpad.net/~ansible-gha # https://launchpad.net/~ansible/+archive/ubuntu/ansible # https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 (OLD) -# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ +# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible-core/ # FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743) From b439aa77245aac9fa94b9cd4e49821d123099754 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 14:18:28 -0400 Subject: [PATCH 0628/1184] calibre-web/README.rst: 2 tiny copyedit cleanups --- roles/calibre-web/README.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index ef80c67d4..3957ccd24 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -43,9 +43,9 @@ collections — to help students build the best local library! * WARNING: Calibre-Web's Ansible role (playbook) is ``/opt/iiab/iiab/roles/calibre-web`` which contains a hyphen, whereas its - Ansible variables (in `/etc/iiab/local_vars.yml + Ansible variables ``calibreweb_*`` (in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) - ``calibreweb_*`` do **not** contain a hyphen! + do **not** contain a hyphen! Using It -------- @@ -134,7 +134,7 @@ manually:: cd /usr/local/calibre-web-py3 git pull -This older way *is no longer recommended*:: +This older way is *no longer recommended*:: cd /opt/iiab/iiab ./iiab-install --reinstall # OR: ./iiab-configure From 6fce6c784798ea655c8f4594277ba9ad1310a65a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 10:59:38 -0400 Subject: [PATCH 0629/1184] calibre-web/README.rst: New 'Install It' section --- roles/calibre-web/README.rst | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 3957ccd24..6e167a9e4 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -41,16 +41,25 @@ collections — to help students build the best local library! importing/organizing tools like `/usr/bin/calibredb <https://manual.calibre-ebook.com/generated/en/calibredb.html>`_. -* WARNING: Calibre-Web's Ansible role (playbook) is - ``/opt/iiab/iiab/roles/calibre-web`` which contains a hyphen, whereas its - Ansible variables ``calibreweb_*`` (in `/etc/iiab/local_vars.yml - <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) - do **not** contain a hyphen! +Install It +---------- + +Install Calibre-Web by setting these 2 variables in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_:: + + calibreweb_install: True + calibreweb_enabled: True + +Then install IIAB (`download.iiab.io <https://download.iiab.io>`_). Or if IIAB's already installed, run:: + + cd /opt/iiab/iiab + sudo ./runrole calibre-web + +NOTE: Calibre-Web's Ansible role (playbook) in `/opt/iiab/iiab/roles <https://github.com/iiab/iiab/tree/master/roles>`_ is ``calibre-web`` which contains a hyphen — *whereas its Ansible variables* ``calibreweb_*`` *do NOT contain a hyphen!* Using It -------- -After installation, try out Calibre-Web at http://box/books (or box.lan/books). +Try Calibre-Web on your own IIAB by browsing to http://box/books (or box.lan/books). Typically students access it without a password (to read and download books) whereas teachers add books using an administrative account, as follows:: From 318ef5aade5a9e4ecba65f989d7cd35432048319 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 11:38:19 -0400 Subject: [PATCH 0630/1184] calibre-web/README.rst: Clarify password recovery --- roles/calibre-web/README.rst | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 6e167a9e4..9ac41ff27 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -59,19 +59,23 @@ NOTE: Calibre-Web's Ansible role (playbook) in `/opt/iiab/iiab/roles <https://gi Using It -------- -Try Calibre-Web on your own IIAB by browsing to http://box/books (or box.lan/books). +Try Calibre-Web on your own IIAB by browsing to http://box/books (or http://box.lan/books). -Typically students access it without a password (to read and download books) -whereas teachers add books using an administrative account, as follows:: +*Students* access it without a password (to read and download books). + +*Teachers* add and arrange books using an administrative account, by clicking **Guest** then logging in with:: Username: Admin Password: changeme -If the default configuration is not found, the Calibre-Web server creates a -new settings file with calibre-web's own default administrative account:: +🍒 GURU TIPS 🍒 - Username: admin - Password: admin123 +* If Calibre-Web's configuration file (app.db) goes missing, the administrative account will revert to:: + + Username: admin + Password: admin123 + +* If you lose your password, you can change it with the ``-s [username]:[newpassword]`` command-line option: https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password Backend ------- From 77b6f79213aa8dc694442f864b3be8d7cc2c62b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 13:02:59 -0400 Subject: [PATCH 0631/1184] calibre-web/README.rst: Touchups --- roles/calibre-web/README.rst | 40 ++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9ac41ff27..9168a5f03 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -23,7 +23,7 @@ download e-books using a `Calibre-compatible database <https://manual.calibre-ebook.com/db_api.html>`_. Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" -collections — to help students build the best local library! +collections — to help students build the best local community library! .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg @@ -77,25 +77,6 @@ Try Calibre-Web on your own IIAB by browsing to http://box/books (or http://box. * If you lose your password, you can change it with the ``-s [username]:[newpassword]`` command-line option: https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password -Backend -------- - -You can manage the backend Calibre-Web server with these systemd commands:: - - systemctl enable calibre-web - systemctl restart calibre-web - systemctl status calibre-web - systemctl stop calibre-web - -Errors and warnings can be seen if you run:: - - journalctl -u calibre-web - -Log verbosity level can be -`adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ -within Calibre-Web's **Configuration > Basic Configuration > Logfile -Configuration** (details below). - Configuration ------------- @@ -119,6 +100,25 @@ See also:: Finally, take note of Calibre-Web's `FAQ <https://github.com/janeczku/calibre-web/wiki/FAQ>`_ and official docs on its `Runtime Configuration Options <https://github.com/janeczku/calibre-web/wiki/Configuration>`_ and `Command Line Interface <https://github.com/janeczku/calibre-web/wiki/Command-Line-Interface>`_. +Backend +------- + +You can manage the backend Calibre-Web server with these systemd commands:: + + systemctl enable calibre-web + systemctl restart calibre-web + systemctl status calibre-web + systemctl stop calibre-web + +Errors and warnings can be seen if you run:: + + journalctl -u calibre-web + +Log verbosity level can be +`adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ +within Calibre-Web's **Configuration > Basic Configuration > Logfile +Configuration** (details below). + Back Up Everything ------------------ From 7b807b4bb0bfd9759727b75d488367a2542972b3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 13:18:36 -0400 Subject: [PATCH 0632/1184] calibre-web/README.rst: Clarify need to run as root --- roles/calibre-web/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9168a5f03..458d8132e 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -110,6 +110,8 @@ You can manage the backend Calibre-Web server with these systemd commands:: systemctl status calibre-web systemctl stop calibre-web +Run all commands `as root <https://unix.stackexchange.com/questions/3063/how-do-i-run-a-command-as-the-system-administrator-root>`_. + Errors and warnings can be seen if you run:: journalctl -u calibre-web @@ -136,7 +138,7 @@ But first: back up your content **and** settings, as explained above. **Also move your /library/calibre-web/config/app.db AND/OR /library/calibre-web/metadata.db out of the way — if you're sure you want to fully reset your Calibre-Web settings (to install defaults) AND/OR remove all -e-book metadata! Then run**:: +e-book metadata! Then run, as root**:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web From 6a0ad0c5ae9521a604269a2b2dd8cbf2de13ce46 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 14:52:28 -0400 Subject: [PATCH 0633/1184] calibre-web/README.rst: Tighten up systemctl examples --- roles/calibre-web/README.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 458d8132e..1076f7ce8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -103,12 +103,11 @@ Finally, take note of Calibre-Web's `FAQ <https://github.com/janeczku/calibre-we Backend ------- -You can manage the backend Calibre-Web server with these systemd commands:: +You can manage the backend Calibre-Web server with systemd commands like:: - systemctl enable calibre-web - systemctl restart calibre-web systemctl status calibre-web systemctl stop calibre-web + systemctl restart calibre-web Run all commands `as root <https://unix.stackexchange.com/questions/3063/how-do-i-run-a-command-as-the-system-administrator-root>`_. From b3e682f24e59cf0d16797b946a08e186fa6adef9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 14:59:53 -0400 Subject: [PATCH 0634/1184] calibre-web/README.rst: Fix to "details above" --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 1076f7ce8..37be1bcc0 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -118,7 +118,7 @@ Errors and warnings can be seen if you run:: Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's **Configuration > Basic Configuration > Logfile -Configuration** (details below). +Configuration** (details above). Back Up Everything ------------------ From 79a22d5af6b55f8e441d058eaa5c3fc4ab4c5b12 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 15:57:15 -0400 Subject: [PATCH 0635/1184] calibre-web/README.rst: Try for < 80 chars for source readability --- roles/calibre-web/README.rst | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 37be1bcc0..d213dc9fa 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -44,38 +44,48 @@ collections — to help students build the best local community library! Install It ---------- -Install Calibre-Web by setting these 2 variables in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_:: +Install Calibre-Web by setting these 2 variables in +`/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_:: calibreweb_install: True calibreweb_enabled: True -Then install IIAB (`download.iiab.io <https://download.iiab.io>`_). Or if IIAB's already installed, run:: +Then install IIAB (`download.iiab.io <https://download.iiab.io>`_). Or if +IIAB's already installed, run:: cd /opt/iiab/iiab sudo ./runrole calibre-web -NOTE: Calibre-Web's Ansible role (playbook) in `/opt/iiab/iiab/roles <https://github.com/iiab/iiab/tree/master/roles>`_ is ``calibre-web`` which contains a hyphen — *whereas its Ansible variables* ``calibreweb_*`` *do NOT contain a hyphen!* +NOTE: Calibre-Web's Ansible role (playbook) in +`/opt/iiab/iiab/roles <https://github.com/iiab/iiab/tree/master/roles>`_ is +``calibre-web`` which contains a hyphen — *whereas its Ansible variables* +``calibreweb_*`` *do NOT contain a hyphen!* Using It -------- -Try Calibre-Web on your own IIAB by browsing to http://box/books (or http://box.lan/books). +Try Calibre-Web on your own IIAB by browsing to http://box/books (or +http://box.lan/books). *Students* access it without a password (to read and download books). -*Teachers* add and arrange books using an administrative account, by clicking **Guest** then logging in with:: +*Teachers* add and arrange books using an administrative account, by clicking +**Guest** then logging in with:: Username: Admin Password: changeme 🍒 GURU TIPS 🍒 -* If Calibre-Web's configuration file (app.db) goes missing, the administrative account will revert to:: +* If Calibre-Web's configuration file (app.db) goes missing, the administrative + account will revert to:: Username: admin Password: admin123 -* If you lose your password, you can change it with the ``-s [username]:[newpassword]`` command-line option: https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password +* If you lose your password, you can change it with the + ``-s [username]:[newpassword]`` command-line option: + https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password Configuration ------------- @@ -98,7 +108,12 @@ See also:: /library/calibre-web/metadata_db_prefs_backup.json -Finally, take note of Calibre-Web's `FAQ <https://github.com/janeczku/calibre-web/wiki/FAQ>`_ and official docs on its `Runtime Configuration Options <https://github.com/janeczku/calibre-web/wiki/Configuration>`_ and `Command Line Interface <https://github.com/janeczku/calibre-web/wiki/Command-Line-Interface>`_. +Finally, take note of Calibre-Web's +`FAQ <https://github.com/janeczku/calibre-web/wiki/FAQ>`_ and official docs on +its +`Runtime Configuration Options <https://github.com/janeczku/calibre-web/wiki/Configuration>`_ +and +`Command Line Interface <https://github.com/janeczku/calibre-web/wiki/Command-Line-Interface>`_. Backend ------- @@ -109,7 +124,8 @@ You can manage the backend Calibre-Web server with systemd commands like:: systemctl stop calibre-web systemctl restart calibre-web -Run all commands `as root <https://unix.stackexchange.com/questions/3063/how-do-i-run-a-command-as-the-system-administrator-root>`_. +Run all commands +`as root <https://unix.stackexchange.com/questions/3063/how-do-i-run-a-command-as-the-system-administrator-root>`_. Errors and warnings can be seen if you run:: From 61f3d4a9c20fb930365fbda9c2a11f42b9da8d90 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 21:52:06 -0400 Subject: [PATCH 0636/1184] calibre-web/README.rst: Small refinements --- roles/calibre-web/README.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d213dc9fa..d8f89c591 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -140,15 +140,15 @@ Back Up Everything ------------------ Please back up the entire folder ``/library/calibre-web`` before upgrading — -as it contains your Calibre-Web content **and** settings! +as it contains your Calibre-Web content **and** configuration settings! Upgrading --------- -Reinstalling Calibre-Web automatically upgrades to the latest version if your +"Reinstalling" Calibre-Web automatically installs the latest version — if your Internet-in-a-Box (IIAB) is online. -But first: back up your content **and** settings, as explained above. +But first: back up your content **and** configuration settings, as explained above. **Also move your /library/calibre-web/config/app.db AND/OR /library/calibre-web/metadata.db out of the way — if you're sure you want to From 50cded27f2f11b00871b65bf00d37e96499479bb Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 10 Aug 2023 03:32:08 -0400 Subject: [PATCH 0637/1184] scripts/ansible: python3-cryptography for 32-bit i386 e.g. i686 --- scripts/ansible | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index d8285f680..ab6aa16bb 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -213,9 +213,14 @@ python3 -m venv /usr/local/ansible # # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ -#if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM -if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! - /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 +if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! + if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 + else + # 2023-08-10: Installs cryptography 38.0.4 on Debian 12.1 when + # `dpkg --print-architecture` is i386 e.g. `uname -m` is i686 + $APT_PATH/apt -y install python3-cryptography + fi fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) From 6c648cbd9bd40d3eccec6fc775d39266864374bc Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 10 Aug 2023 03:54:18 -0400 Subject: [PATCH 0638/1184] Clarify 'apt install python3-cryptography' for i386 Ansible --- scripts/ansible | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ab6aa16bb..fc78d36b6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -217,8 +217,9 @@ if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 else - # 2023-08-10: Installs cryptography 38.0.4 on Debian 12.1 when - # `dpkg --print-architecture` is i386 e.g. `uname -m` is i686 + # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # `dpkg --print-architecture` was i386 and `uname -m` was i686: $APT_PATH/apt -y install python3-cryptography fi fi From 8a323c6799704aa49cb8387e5f4095bb2d21b869 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 10 Aug 2023 05:15:26 -0400 Subject: [PATCH 0639/1184] scripts/install_python2.sh: Bullseye apt sources for i386 Debian --- scripts/install_python2.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 50089b4e1..d186c8cbe 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -63,6 +63,16 @@ EOF cat << EOF > /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe +EOF + fi + ;; + + "i386") + # Building on scripts/ansible fix PR #3615 + if grep -q '^ID=debian$' /etc/os-release; then + cat << EOF > /etc/apt/sources.list.d/python2.list +deb http://deb.debian.org/debian bullseye main contrib non-free +deb http://deb.debian.org/debian bullseye-updates main contrib non-free EOF fi ;; From ba596cb5a3737648e829f9726e75d2af353334e3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 10 Aug 2023 22:54:02 -0400 Subject: [PATCH 0640/1184] Brute Force 'apt install ansible-core' on 32-bit legacy i386 --- scripts/ansible | 57 +++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index fc78d36b6..1673273b6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -200,37 +200,42 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -# 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask -# that virtual environments (venv) be used to safely isolate pip installs: -# https://peps.python.org/pep-0668 -echo -e "\nCreate virtual environment for Ansible" -python3 -m venv /usr/local/ansible +if [[ $(dpkg --print-architecture) == i386 ]]; then + # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 + # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! + $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 +else + # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask + # that virtual environments (venv) be used to safely isolate pip installs: + # https://peps.python.org/pep-0668 + echo -e "\nCreate virtual environment for Ansible" + python3 -m venv /usr/local/ansible -# "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: -# if ! grep -qi ubuntu /etc/os-release; then -# -# if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then -# -# 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. -# Release problems chart: https://www.piwheels.org/project/cryptography/ -if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! + # "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: + # if ! grep -qi ubuntu /etc/os-release; then + # + # if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then + # + # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. + # Release problems chart: https://www.piwheels.org/project/cryptography/ + # if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 - else - # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # `dpkg --print-architecture` was i386 and `uname -m` was i686: - $APT_PATH/apt -y install python3-cryptography + # else + # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # $APT_PATH/apt -y install python3-cryptography fi -fi -# 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) -/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core -echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" -cd /usr/local/ansible/bin -for bin in ansible*; do - ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" -done + # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) + /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core + echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" + cd /usr/local/ansible/bin + for bin in ansible*; do + ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" + done +fi # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 2c38bf505cc7d98ee1ea91402328302465d43bff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 11 Aug 2023 18:22:31 -0400 Subject: [PATCH 0641/1184] iiab-diagnostics: Change pastebin service (sprunge.us -> paste2.org) --- scripts/iiab-diagnostics | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 89ddd3311..a74dba058 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -265,10 +265,11 @@ echo -e "\e[1m" if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " #pastebinit -b dpaste.com < $outfile - pastebinit -b sprunge.us < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs + #pastebinit -b sprunge.us < $outfile + pastebinit -b paste2.org < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b sprunge.us < $outfile" + echo -e " pastebinit -b paste2.org < $outfile" fi echo -e "\e[0m" From 8ce25a7a205d3d56dda04de1870b72bea82c3388 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 11 Aug 2023 20:37:24 -0400 Subject: [PATCH 0642/1184] iiab-diagnostics: Change pastebin service (paste2.org -> dpaste.com) --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a74dba058..8eef6f39b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -264,12 +264,12 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " - #pastebinit -b dpaste.com < $outfile - #pastebinit -b sprunge.us < $outfile - pastebinit -b paste2.org < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs + #pastebinit -b sprunge.us < $outfile # Stopped working mid-2023 + #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins + pastebinit -b dpaste.com < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b paste2.org < $outfile" + echo -e " pastebinit -b dpaste.com < $outfile" fi echo -e "\e[0m" From e2948a99faaa641d85b434bb56c2a62329f13862 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 12 Aug 2023 11:22:04 -0400 Subject: [PATCH 0643/1184] iiab-diagnostics.README.md: sprunge.us -> dpaste.com for #3619 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index a6d8a3f9e..abe6b22c8 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b dpaste.com < /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From 62e5c0ccb33fa2d64600446892ff7ab6fdc5959e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 14 Aug 2023 15:40:00 -0400 Subject: [PATCH 0644/1184] scripts/ansible: Recommend ansible-core 2.15.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1673273b6..1e6f2c38a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.2] -GOOD_VER=2.15.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.3] +GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 4508a94528bd1b69429ff89d4a749d7177a05e84 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 14 Aug 2023 15:54:49 -0400 Subject: [PATCH 0645/1184] local_facts.fact: Deprecate support for EOL'd Ubuntu 22.10 --- scripts/local_facts.fact | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 885fbec8e..f4f86cb17 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -70,6 +70,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2004" | \ #"ubuntu-2104" | \ #"ubuntu-2110" | \ + #"ubuntu-2210" | \ #"linuxmint-20" | \ #"raspbian-8" | \ #"raspbian-9" | \ @@ -83,7 +84,6 @@ case $OS_VER in "debian-12" | \ "debian-13" | \ "ubuntu-2204" | \ - "ubuntu-2210" | \ "ubuntu-2304" | \ "ubuntu-2310" | \ "linuxmint-21" | \ From d3c3a63db36f05525eebde44e602f198f60b7654 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 15 Aug 2023 17:37:16 -0400 Subject: [PATCH 0646/1184] local_facts.fact: Welcome Ubuntu 24.04 testing starting in Oct/Nov --- scripts/local_facts.fact | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index f4f86cb17..aab8e81a2 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -86,6 +86,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2304" | \ "ubuntu-2310" | \ + "ubuntu-2404" | \ "linuxmint-21" | \ "raspbian-11" | \ "raspbian-12") From 14fc8a1cce285114cde44d088ad293d035acb116 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 17 Aug 2023 15:02:03 -0400 Subject: [PATCH 0647/1184] nextcloud/tasks/install.yml: Revise disk space estimate to ~591 MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 090c184fc..0d82351d5 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -108,7 +108,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 35006bff5fbfc832e8840d916da58e5272ddf2f8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 09:35:56 -0400 Subject: [PATCH 0648/1184] nextcloud/tasks/install.yml: Clarify ~162MB d/l unpacks to ~555MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0d82351d5..dafff5ad4 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -108,7 +108,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~162 MB) to {{ nextcloud_root_dir }} (~555 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 3a37ab385d60b452a62fc5fed12e99972b1d52ce Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 09:42:26 -0400 Subject: [PATCH 0649/1184] sugarizer/tasks/install.yml: Note ~748MB /opt/iiab/sugarizer-1.7.0 --- roles/sugarizer/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index e0f973037..c37b4c6de 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -34,7 +34,7 @@ # 2. DOWNLOAD+LINK /opt/iiab/sugarizer -- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~740 MB) +- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~748 MB) git: repo: https://github.com/llaske/sugarizer dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}" From d0158ec50b18268cc89f9d2f9bca55143e608ba3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 10:27:04 -0400 Subject: [PATCH 0650/1184] Force nginx_high_php_limits / 'memory_limit = 512M' if 'nextcloud_install: True' --- roles/nginx/templates/server.conf.j2 | 4 ++-- roles/www_options/tasks/php-settings.yml | 12 ++++++------ vars/default_vars.yml | 9 +++++---- vars/local_vars_large.yml | 9 +++++---- vars/local_vars_medium.yml | 9 +++++---- vars/local_vars_small.yml | 9 +++++---- vars/local_vars_unittest.yml | 9 +++++---- 7 files changed, 33 insertions(+), 28 deletions(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..53eddef18 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -10,8 +10,8 @@ server { # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 500M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: - # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 - # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 + # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L90-L91 + # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L104-L105 # 2. 'client_max_body_size 512M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 client_max_body_size 500M; diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 39a2a0bce..3cdd2b887 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -64,7 +64,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install + when: not nginx_high_php_limits and not moodle_install and not nextcloud_install - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: @@ -78,10 +78,10 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install + when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -93,9 +93,9 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install + when: nginx_high_php_limits or moodle_install or nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -107,7 +107,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install + when: nginx_high_php_limits or moodle_install or nextcloud_install # To tweak .ini files, Ansible's ini_file is normally better than lineinfile: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 509a52028..f9d208d5e 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -340,11 +340,12 @@ nmb_service: nmbd # Could move to roles/samba/defaults/main.yml # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7a98cfa37..95226d852 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 237063f15..78eaaf4f9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 83c58e62a..3ee17ff7a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 940142665..0a6ed4a72 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf From 3f1d25bb44273b06d29ac4ab5e0834dab127db8f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 10:45:33 -0400 Subject: [PATCH 0651/1184] Also run php-settings.yml if nginx_high_php_limits --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index a78b1f7f3..d41607982 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -61,7 +61,7 @@ # WordPress) so './runrole <ROLE>' and similar are fully self-sufficient! - name: "Run php-settings.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" include_tasks: php-settings.yml - when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From 34091ba16dfd17c350c5af7a9011fd635c287790 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 15:55:28 -0400 Subject: [PATCH 0652/1184] 'apt install gpg' required on Debian 12+ for apt installs of gitea, kolibri, mongodb, yarn --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index ad80ef98b..1e594131b 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 18 common packages: acpid, bzip2, cron, curl, gawk, gpg, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events @@ -11,6 +11,7 @@ #- exfat-fuse # 28kB download: 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out #- exfat-utils # 41kB download: Ditto! See also 'ntfs-3g' below - gawk # 533kB download + - gpg # 884kB download: Debian 12+ (especially!) require this for apt installs of gitea, kolibri, mongodb, yarn - htop # 109kB download: RasPiOS installs this regardless - i2c-tools # 78kB download: Low-level bus/chip/register/EEPROM tools e.g. for RTC - logrotate # 67kB download: RasPiOS installs this regardless From 25d8d6a0c8357624829d391d6dc19fcaf913fe20 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 18:50:44 -0400 Subject: [PATCH 0653/1184] nextcloud/tasks/install.yml: Mention 'nginx_high_php_limits: True' behavior #3624 --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index dafff5ad4..f512fcad7 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -93,7 +93,7 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: True' by default" include_tasks: roles/www_options/tasks/php-settings.yml when: php_settings_done is undefined From 1c74b55a7fa87f36d601f878fb51a40a1ec2dcaf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 30 Aug 2023 07:47:28 -0400 Subject: [PATCH 0654/1184] iiab-diagnostics: Include Node.js and npm versions --- scripts/iiab-diagnostics | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 8eef6f39b..75d9a2e52 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -224,6 +224,8 @@ cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' cat_cmd 'env' 'Environment variables' +cat_cmd 'node -v' 'Node.js version' +cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From 2b1a8f548aee36f174269119dc46f4d2eacf62a6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 30 Aug 2023 07:51:28 -0400 Subject: [PATCH 0655/1184] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index abe6b22c8..4a26c3076 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-248 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 1afd6f81e93f53478e1e4a569bc7a02975e207ef Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:08:36 -0400 Subject: [PATCH 0656/1184] default_vars.yml: sudo iiab-network --- vars/default_vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f9d208d5e..062a2f749 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -193,7 +193,7 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network # dnsmasq - handles DHCP and DNS dnsmasq_install: True @@ -209,7 +209,7 @@ dnsmasq_enabled: True #named_enabled: False block_DNS: False -# Enable in local_vars.yml AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable in local_vars.yml AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False # UNMAINTAINED as of October 2017: https://github.com/iiab/iiab/pull/382 @@ -250,7 +250,7 @@ openvpn_server_port: 1194 # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From c046ac72bb67388f816f10132c37b45326b7ab31 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:15:07 -0400 Subject: [PATCH 0657/1184] local_vars_unittest.yml: sudo iiab-network --- vars/local_vars_unittest.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 0a6ed4a72..9fd0605a6 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: UNITTEST - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From 251c92539e9b5b98fb720958b5142a27e6dda11b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:16:57 -0400 Subject: [PATCH 0658/1184] local_vars_small.yml: sudo iiab-network --- vars/local_vars_small.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 3ee17ff7a..be689cd52 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: SMALL - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From a609f3041afd8b47615cc3a27b589aad7c2d8c8c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:18:28 -0400 Subject: [PATCH 0659/1184] local_vars_medium.yml: sudo iiab-network --- vars/local_vars_medium.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 78eaaf4f9..829b6fb6c 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: MEDIUM-sized - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From afa0a497bebc1c0088f01d19469983ff28100db3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:20:13 -0400 Subject: [PATCH 0660/1184] local_vars_large.yml: sudo iiab-network --- vars/local_vars_large.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 95226d852..c1ce47ec6 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: LARGE - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From 7430573573111267baeb14bd2097081335f84381 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 6 Sep 2023 15:12:32 -0400 Subject: [PATCH 0661/1184] local_vars_large.yml: Set Lokole to False/False due to mkwvconf --- vars/local_vars_large.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c1ce47ec6..7b108429f 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -245,8 +245,8 @@ jupyterhub_install: True jupyterhub_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: True # 2022-03-13: Python 3.9+ work -lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 +lokole_install: False # 2023-09-06: wheel for mkwvconf still +lokole_enabled: False # missing from Ubuntu 23.10 (#3572) # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: True From b9a5a67c7499ad7dd635736ffb0e1eadebeb9d22 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 6 Sep 2023 16:38:11 -0400 Subject: [PATCH 0662/1184] nodejs/tasks/install.yml: nodesource.com requires NEW install method --- roles/nodejs/tasks/install.yml | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 830b1e002..96e1ec9df 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -95,27 +95,39 @@ # apt install ./nodejs_18.11.0-deb-1nodesource1_amd64.deb # SMARTER + CLEANER THAN: dpkg -i nodejs_18... # echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml -- name: Try 'curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list - shell: curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - +- name: Try NEW (since August 2023) approach setting up /etc/apt/keyrings/nodesource.gpg and /etc/apt/sources.list.d/nodesource.list -- per https://github.com/nodesource/distributions#installation-instructions + shell: | + mkdir -p /etc/apt/keyrings + rm -f /etc/apt/keyrings/nodesource.gpg + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main" > /etc/apt/sources.list.d/nodesource.list register: curl_nodesource ignore_errors: yes - #args: - # warn: no - # creates: /etc/apt/sources.list.d/nodesource.list -- name: Remove /etc/apt/sources.list.d/nodesource.list if install failed above +# 2023-09-06: OBSOLETE as nodesource.com no longer supports https://deb.nodesource.com/node_{{ nodejs_version }}/dists/ +# - name: Try 'curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list +# shell: curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - +# register: curl_nodesource +# ignore_errors: yes +# #args: +# # warn: no +# # creates: /etc/apt/sources.list.d/nodesource.list + +- name: Remove /etc/apt/sources.list.d/nodesource.list if above failed file: path: /etc/apt/sources.list.d/nodesource.list state: absent when: curl_nodesource.failed -- name: Install latest Node.js -- includes /usr/bin/npm if nodesource installed above - package: +- name: Install Node.js -- also includes /usr/bin/npm if nodesource.list installed above + apt: #name: nodejs={{ nodejs_version }} name: nodejs state: latest # Equivalent to 'state: present' ? + update_cache: yes -- name: Also install latest npm (OS's) if nodesource failed to install above -- i.e. if OS not yet supported by https://github.com/nodesource/distributions#deb and https://deb.nodesource.com/node_{{ nodejs_version }}/dists/ +# Also run 'npm install -g npm' later, if you truly want the LATEST! +- name: Also install latest npm (OS's) if nodesource failed to install above -- i.e. if OS not yet supported by https://github.com/nodesource/distributions package: name: npm state: latest # Equivalent to 'state: present' ? From 5193ea2a44f8700efbac230bdd792fc8b1ca28ac Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 7 Sep 2023 17:32:53 -0400 Subject: [PATCH 0663/1184] scripts/ansible: Eval piwheels / cryptography fix on 32-bit "RasPiOS 12" --- scripts/ansible | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1e6f2c38a..5f68a0dbe 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -219,14 +219,17 @@ else # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ # if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! - if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 - # else - # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # # `dpkg --print-architecture` was i386 and `uname -m` was i686: - # $APT_PATH/apt -y install python3-cryptography - fi + # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates + # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) + # on pre-release 32-bit RasPiOS 12... (#3526) + # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + # /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 + # # else + # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # # $APT_PATH/apt -y install python3-cryptography + # fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core From 5da0b600579cd422c9e82f1a49acc533c0947973 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 7 Sep 2023 22:15:56 -0400 Subject: [PATCH 0664/1184] iiab-diagnostics: pastebinit service back to sprunge.us --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 75d9a2e52..49927c881 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -265,13 +265,13 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " - #pastebinit -b sprunge.us < $outfile # Stopped working mid-2023 + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023) #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins - pastebinit -b dpaste.com < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs + #pastebinit -b dpaste.com < $outfile # Claims 1,000,000 character maximum pastebin size, but not reliable else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b dpaste.com < $outfile" + echo -e " pastebinit -b sprunge.us < $outfile" fi echo -e "\e[0m" From d585def5d338f1fca3fd6cdb24c6392bbcaedff1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 7 Sep 2023 22:17:35 -0400 Subject: [PATCH 0665/1184] iiab-diagnostics.README.md: Change dpaste.com back to sprunge.us --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 4a26c3076..1d0feab6c 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b dpaste.com < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From 8ef8752ad7fb2f819d903deab8afb954dfdc43b0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 11:37:32 -0400 Subject: [PATCH 0666/1184] scripts/ansible: Evaluate 'apt install ansible-core' on 32-bit RasPiOS --- scripts/ansible | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1e6f2c38a..af31ca78d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -200,7 +200,12 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -if [[ $(dpkg --print-architecture) == i386 ]]; then +# 2023-09-08: 'apt install ansible-core' is overweight, but @EMG70 is trying it +# on "32-bit" RasPiOS 12 too (regardless if it boot 32-bit or 64-bit kernel). +# Ugly hack sufficient across the board, on all OS's purporting to be 32-bit? +# (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) +if ! dpkg --print-architecture | grep -q 64; then +#if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 From b38b45e27ce34b1e5e849a194fc82b44517e349d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 11:55:37 -0400 Subject: [PATCH 0667/1184] scripts/ansible: Clarify 'apt install ansible-core' test on "32-bit" OS's --- scripts/ansible | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index af31ca78d..1c9ac3c4d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -201,9 +201,11 @@ $APT_PATH/apt update $APT_PATH/apt -y install python3-venv # 2023-09-08: 'apt install ansible-core' is overweight, but @EMG70 is trying it -# on "32-bit" RasPiOS 12 too (regardless if it boot 32-bit or 64-bit kernel). -# Ugly hack sufficient across the board, on all OS's purporting to be 32-bit? -# (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) +# on "32-bit" RasPiOS 12 too (regardless if it boots 32-bit or 64-bit kernel, +# i.e. whether or not booting a 32-bit kernel thanks to 'arm_64bit=0' in +# /boot/config.txt per #3516). +# IN SHORT: Ugly hack sufficient across the board, on all OS's purporting to be +# 32-bit ? (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) if ! dpkg --print-architecture | grep -q 64; then #if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 From 9c7c689a55aff29090ada36b1320dcf24987f435 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 12:43:30 -0400 Subject: [PATCH 0668/1184] iiab-summary: 'uname -n' hostname + 'uname -m' kernel arch for RasPiOS --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 2e1da90a7..75102048d 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -64,7 +64,7 @@ else echo "$(cat /etc/issue.net) $(cat /etc/debian_version)" fi echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $(dpkg --print-architecture) Arch2: $(dpkg --print-foreign-architectures)" -uname -rvp +uname -nrvm echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) if [ -f /proc/device-tree/model ]; then cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo From f363494625a83c569b8069851e0bd2534ee6b85d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 16:05:09 -0400 Subject: [PATCH 0669/1184] Force 'apt install ansible-core' on "32-bit" IFF "Debian 12+" --- scripts/ansible | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1c9ac3c4d..d0535bda7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -200,13 +200,12 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -# 2023-09-08: 'apt install ansible-core' is overweight, but @EMG70 is trying it -# on "32-bit" RasPiOS 12 too (regardless if it boots 32-bit or 64-bit kernel, -# i.e. whether or not booting a 32-bit kernel thanks to 'arm_64bit=0' in -# /boot/config.txt per #3516). -# IN SHORT: Ugly hack sufficient across the board, on all OS's purporting to be -# 32-bit ? (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) -if ! dpkg --print-architecture | grep -q 64; then +# 2023-09-08 PR #3634: 'apt install ansible-core' is overweight, but works on +# "32-bit" RasPiOS 12 (@EMG70 set 'arm_64bit=0' in /boot/config.txt per #3516 +# to force boot its 32-bit kernel; its 64-bit kernel should work too!) +# IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's +# (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). +if ! dpkg --print-architecture | grep -q 64 && ! grep -q 11 /etc/debian_version; then #if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! From 14f2f8be69184ee108a6fbb1c1a4ea346969be58 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 17:03:10 -0400 Subject: [PATCH 0670/1184] scripts/ansible: Comment out stale tips RE: ansible-base & /etc/apt --- scripts/ansible | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index d0535bda7..931eb8e80 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -89,10 +89,10 @@ echo -e "RECOMMENDED PREREQUISITES:" echo -e "(1) Verify you're online" echo -e "(2) Remove all prior versions of Ansible using..." echo -e " 'apt purge ansible-core' and/or 'pip3 uninstall ansible-core' and/or" -echo -e " 'apt purge ansible-base' and/or 'pip3 uninstall ansible-base' and/or" +#echo -e " 'apt purge ansible-base' and/or 'pip3 uninstall ansible-base' and/or" echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'" -echo -e "(3) Remove all lines containing 'ansible' from..." -echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" +#echo -e "(3) Remove all lines containing 'ansible' from..." +#echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" From eb09a04bd99c71f082c986fab794158f6f1cfc61 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 17:10:23 -0400 Subject: [PATCH 0671/1184] scripts/ansible: Mention "+packages" PPA URL --- scripts/ansible | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ansible b/scripts/ansible index 931eb8e80..da7d9ed89 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -49,6 +49,7 @@ GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://launchpad.net/~ansible # https://launchpad.net/~ansible-gha # https://launchpad.net/~ansible/+archive/ubuntu/ansible +# https://launchpad.net/~ansible/+archive/ubuntu/ansible/+packages # https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible-core/ From f527807bb83b70ed61a669d70ab0d7b1234f6f06 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 18:56:55 -0400 Subject: [PATCH 0672/1184] scripts/ansible: Document 'pipx install ansible-core' --- scripts/ansible | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index da7d9ed89..692850f7b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -215,6 +215,12 @@ else # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask # that virtual environments (venv) be used to safely isolate pip installs: # https://peps.python.org/pep-0668 + + # 2023-09-08: NEW WAY ANSIBLE RECOMMENDS? https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html + # $APT_PATH/apt -y install pipx # Typically adds 50+ packages! + # pipx install ansible-core + # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible + echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible From 42e3485023535bd11c8d107bf87b531ea8a6cc3d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 09:07:32 -0400 Subject: [PATCH 0673/1184] Verify apt package 'ansible-core' is truly available on "32-bit" --- scripts/ansible | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 692850f7b..2bb8168b9 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -206,7 +206,10 @@ $APT_PATH/apt -y install python3-venv # to force boot its 32-bit kernel; its 64-bit kernel should work too!) # IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). -if ! dpkg --print-architecture | grep -q 64 && ! grep -q 11 /etc/debian_version; then +# 2023-09-10: Even safer test than querying for Debian 12+ -- verify that apt +# package ansible-core is truly available: +if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then +#if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then #if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! From ee20455bd7edc6278190e4df8acb352fb04e5fbe Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 09:20:54 -0400 Subject: [PATCH 0674/1184] scripts/ansible: Clarify PR #3637 test for apt pkg ansible-core --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2bb8168b9..fa5b704cf 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -206,8 +206,8 @@ $APT_PATH/apt -y install python3-venv # to force boot its 32-bit kernel; its 64-bit kernel should work too!) # IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). -# 2023-09-10: Even safer test than querying for Debian 12+ -- verify that apt -# package ansible-core is truly available: +# 2023-09-10 PR #3637: Even safer test than querying for Debian 12+ -- verify +# that apt package ansible-core is truly available: if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then #if [[ $(dpkg --print-architecture) == i386 ]]; then From 05372f85081824cef0fce73461aa3a00ebca0687 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 21:03:27 -0400 Subject: [PATCH 0675/1184] scripts/ansible: Interim /etc/pip.conf for "32-bit" RasPiOS 12 --- scripts/ansible | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 10dc82a93..ead6b392e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -227,6 +227,17 @@ else echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible + # 2023-09-10: Work around #3526 "32-bit" RasPiOS 12 pre-release issue... + # 'Package issue: cryptography 41.0.3 leads to cffi 1.15.1 failure on + # "32-bit" Raspberry Pi OS [REASON: /etc/pip.conf missing on some Bookworm + # pre-releases' == https://github.com/piwheels/packages/issues/390 + if ! [ -f /etc/pip.conf ] && [ -f /etc/rpi-issue ]; then + cat > /etc/pip.conf << EOF +[global] +extra-index-url=https://www.piwheels.org/simple +EOF + fi + # "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: # if ! grep -qi ubuntu /etc/os-release; then # From 7191d52a5da570ca9d025ac1ae140c7da95cda8b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 21:32:13 -0400 Subject: [PATCH 0676/1184] Revert #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 --- scripts/ansible | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ead6b392e..1b3f41535 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -208,9 +208,10 @@ $APT_PATH/apt -y install python3-venv # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). # 2023-09-10 PR #3637: Even safer test than querying for Debian 12+ -- verify # that apt package ansible-core is truly available: -if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then +#if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then -#if [[ $(dpkg --print-architecture) == i386 ]]; then +# 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 +if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 From 1986126701954c10912ba5be2e35b58b7948a591 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 21:44:12 -0400 Subject: [PATCH 0677/1184] apt instead of pip IFF "i386" AND ansible-core apt installable --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1b3f41535..ee289b99b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -211,7 +211,7 @@ $APT_PATH/apt -y install python3-venv #if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then # 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 -if [[ $(dpkg --print-architecture) == i386 ]]; then +if [[ $(dpkg --print-architecture) == "i386" ]] && apt-cache show ansible-core > /dev/null; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 From c85c292a5e852ad7491466e829860b13b70c5bc1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 00:54:05 -0400 Subject: [PATCH 0678/1184] install_python2.sh: ports.ubuntu.com apt sources for "32-bit" RasPiOS 12 --- scripts/install_python2.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index d186c8cbe..43db6f8ef 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -38,7 +38,8 @@ ARCH=$(dpkg --print-architecture) # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` -cd /tmp +#cd /tmp + case $ARCH in "amd64") # works on U23.04 x86_64 VM @@ -58,12 +59,16 @@ EOF "armhf") # armhf compile flags differ between RasPiOS and Ubuntu - if ! [ -f /etc/rpi-issue ]; then - # these might change + if [ -f /etc/rpi-issue ] && ! grep -q 11 /etc/issue; then # RasPiOS 12+ / Bookworm+ cat << EOF > /etc/apt/sources.list.d/python2.list -deb http://ports.ubuntu.com/ jammy main universe -deb http://ports.ubuntu.com/ jammy-updates main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF +# elif ! [ -f /etc/rpi-issue ]; then # Ubuntu/Debian on armhf not supported +# cat << EOF > /etc/apt/sources.list.d/python2.list +# deb http://ports.ubuntu.com/ jammy main universe +# deb http://ports.ubuntu.com/ jammy-updates main universe +# EOF fi ;; From 821f1448b132c9ad08c88c1f3e6ed0ca1fc30bbe Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 01:51:40 -0400 Subject: [PATCH 0679/1184] CLARIF: apt-not-pip on 32-bit i386 for ansible-core --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ee289b99b..1b42305ae 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -212,8 +212,8 @@ $APT_PATH/apt -y install python3-venv #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then # 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 if [[ $(dpkg --print-architecture) == "i386" ]] && apt-cache show ansible-core > /dev/null; then - # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 - # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! + # 2023-08-10 #3613/#3615/#3617: apt-not-pip kludge for legacy 32-bit i386 + # (DEBIAN 12+ ETC) avoids #3547 rust/wheels/cryptography compiling mess! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 else # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask From 9d4ae8966be9b8e2b7638fdcd3a4d5fdf00ddcd4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 09:39:17 -0400 Subject: [PATCH 0680/1184] jupyterhub/README.md: Steer implementers away from 32-bit OS's! --- roles/jupyterhub/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index db780e595..6a48cacf5 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -1,5 +1,7 @@ ## JupyterHub programming environment with student Notebooks +### CAUTION: Internet-in-a-Box (IIAB) does not support JupyterHub on 32-bit OS's, where installation will likely fail ([#3639](https://github.com/iiab/iiab/issues/3639)). + #### Secondary schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their own blog-like "Jupyter Notebooks." * Jupyter Notebooks are widely used in the scientific community: @@ -10,7 +12,7 @@ * Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (unfortunately the login screen doesn't make that clear, but the teacher _does not_ need to be involved!) * A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks). * The teacher should set and protect JupyterHub's overall `Admin` password, just in case. As with student accounts, the login screen unfortunately doesn't make that clear — so just log in with username `Admin` — using any password that you want to become permanent. -* Individual student folders are created in `/var/lib/private/` on the Internet-in-a-Box (IIAB) server: +* Individual student folders are created in `/var/lib/private/` on your Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. * Linux administrators can read more about JupyterHub's [Local Users](https://github.com/jupyterhub/systemdspawner#local-users) and [c.SystemdSpawner.dynamic_users = True](https://github.com/jupyterhub/systemdspawner#dynamic_users) From 28cfb9cf47f6a62d05edfc733b4a193bfdf24295 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 18:25:08 -0400 Subject: [PATCH 0681/1184] Recommend ansible-core 2.15.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ee289b99b..5f44a6700 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.3] -GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.4] +GOOD_VER=2.15.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From b184897d1e715dca58a69509c38723effa3ad279 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 18:26:26 -0400 Subject: [PATCH 0682/1184] iiab-install: Set MIN_ANSIBLE_VER=2.13.12 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index bd7185f41..c6a8eb361 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.13.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 0e30549e432299f728e131cbc1bd60446933b098 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Sep 2023 12:34:13 -0400 Subject: [PATCH 0683/1184] Nextcloud 27.1.0 download & /library/www/nextcloud sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f512fcad7..ce62729c8 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -108,7 +108,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~162 MB) to {{ nextcloud_root_dir }} (~555 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~606 MB initially, sometimes ~642 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 6333c707b824e222c69bc9cb952a4b5af0afb23d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Sep 2023 18:42:29 -0400 Subject: [PATCH 0684/1184] README.md: Refine quotation marks --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 633e0b392..2fcb5085c 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ # Internet-in-a-Box (IIAB) -[Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) is a "learning hotspot" that brings the Internet's crown jewels -(Wikipedia in any language, thousands of Khan Academy videos, zoomable OpenStreetMap, electronic books, WordPress journaling, Toys from Trash electronics projects, ETC) to those without Internet. +[Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) is a “learning hotspot” that brings the Internet's crown jewels +(Wikipedia in any language, thousands of Khan Academy videos, zoomable OpenStreetMap, electronic books, WordPress journaling, “Toys from Trash” electronics projects, ETC) to those without Internet. You can build your own tiny, affordable server (an offline digital library) for your school, your medical clinic, your prison, your region and/or your very own family — accessible with any nearby smartphone, tablet or laptop. @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. @@ -37,14 +37,14 @@ Global community updates and videos are regularly posted to: **[@internet_in_box _Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over ["How can I help?"](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) <!-- To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide).--> -To learn more about our open community architecture for "offline" learning, check out ["What technical documentation exists?"](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists%3F) +To learn more about our open community architecture for “offline” learning, check out [“What technical documentation exists?”](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists%3F) FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use%3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components. -*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* +*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as “Sneakernet-of-Alexandria” distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* ## Versions From 4a700cc351789589fdf0bb91263567a676973a62 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 18 Sep 2023 09:51:50 -0400 Subject: [PATCH 0685/1184] 2-common/tasks/packages.yml: 'apt install lshw' --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 1e594131b..95b227d95 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 18 common packages: acpid, bzip2, cron, curl, gawk, gpg, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 19 common packages: acpid, bzip2, cron, curl, gawk, gpg, htop, i2c-tools, logrotate, lshw, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events @@ -15,6 +15,7 @@ - htop # 109kB download: RasPiOS installs this regardless - i2c-tools # 78kB download: Low-level bus/chip/register/EEPROM tools e.g. for RTC - logrotate # 67kB download: RasPiOS installs this regardless + - lshw # 257kB download: For 'lshw -C network' in iiab-diagnostics #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 From 97f1038ab7703ab3d33c2196a8c8230a1ff05221 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 18 Sep 2023 10:00:33 -0400 Subject: [PATCH 0686/1184] scripts/iiab-diagnostics: 'lshw -C network' --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 49927c881..adbaa73ea 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -200,6 +200,7 @@ cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' cat_cmd 'blkid' 'Mount point details' cat_file /etc/fstab +cat_cmd 'lshw -C network' 'Network hardware/interfaces' cat_cmd 'ip addr' 'Network interfaces' cat_cmd 'ifconfig' 'Network interfaces (old view)' cat_cmd 'ip route' 'Routing table' From 91fcc6ff07c3407a3320c450ba27b9f44c3b18c3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 18 Sep 2023 10:02:45 -0400 Subject: [PATCH 0687/1184] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 1d0feab6c..6f3b4fed0 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-248 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 470b64bc5acf2d9d53be0847d53caa38c6e73a6d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 18 Sep 2023 10:04:04 -0400 Subject: [PATCH 0688/1184] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 6f3b4fed0..7216e8feb 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -64,8 +64,6 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Include a description of the symptoms, and how to reproduce the problem. -4. If you don't understand Step 3, email everything to bugs@iiab.io instead. - ## Source Code Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From a8772498cbab4834677e8fbdfb4c1770b98b7c21 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 26 Sep 2023 13:02:00 -0400 Subject: [PATCH 0689/1184] install_python2.sh: apt-mark hold python3-virtualenv --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 43db6f8ef..b9d0d2bed 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -90,7 +90,7 @@ if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) nee apt -y install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs apt -y install python3-virtualenv=20.13.0+ds-2 - apt-mark hold virtualenv + apt-mark hold python3-virtualenv # 2023-09-26: 'apt-mark hold virtualenv' was definitely insufficient on Ubuntu 23.10 # 2023-05-21 PR #3587: Above 4 lines should really install a more recent # version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? else From ca19c18b80fa9975838e38f724b78e308264f609 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 27 Sep 2023 11:20:04 -0400 Subject: [PATCH 0690/1184] mediawiki/defaults/main.yml: Security release 1.40.1 ETA 2023-09-28 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 22cd060ad..ddad4f10c 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 488e2fbe0d1fdfe6f4c2b212e7e849b570cb1023 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 30 Sep 2023 19:49:04 -0400 Subject: [PATCH 0691/1184] scripts/ansible: Install cryptography==41.0.3 if dpkg arch armhf --- scripts/ansible | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 19717a95c..554720f3b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -250,14 +250,14 @@ EOF # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) - # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - # /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 - # # else - # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # # `dpkg --print-architecture` was i386 and `uname -m` was i686: - # # $APT_PATH/apt -y install python3-cryptography - # fi + if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # 2023-09-30: 41.0.4 fails for now, see #3650 + # else + # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # $APT_PATH/apt -y install python3-cryptography + fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core From efdf693621d4fc2e3e2588631da6728cabcf55fb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 30 Sep 2023 20:32:32 -0400 Subject: [PATCH 0692/1184] scripts/ansible: Also 'apt install libffi-dev python3-dev' on armhf --- scripts/ansible | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 554720f3b..8b8e95eb7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -251,7 +251,8 @@ EOF # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # 2023-09-30: 41.0.4 fails for now, see #3650 + $APT_PATH/apt -y install libffi-dev python3-dev # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 + /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # else # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where From 8f12c34b1c686d78ec0959fe4743e8c44d42ded0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 30 Sep 2023 21:31:33 -0400 Subject: [PATCH 0693/1184] munin/tasks/install.yml: Fix Ansible quotes around #3434 --- roles/munin/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 4366a19d8..f6b23e619 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -4,7 +4,7 @@ # SEE ALSO roles/network/tasks/install.yml -- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 +- name: "TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434" sysctl: name: net.ipv6.conf.all.disable_ipv6 value: 0 From 6c9e684841433cfc816440fee238d86258a4c96f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 13:46:03 -0400 Subject: [PATCH 0694/1184] scripts/ansible: pip install --prefer-binary ansible-core --- scripts/ansible | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 8b8e95eb7..b1226f0d3 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -250,18 +250,24 @@ EOF # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) - if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - $APT_PATH/apt -y install libffi-dev python3-dev # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 - /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 - # else - # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # `dpkg --print-architecture` was i386 and `uname -m` was i686: - # $APT_PATH/apt -y install python3-cryptography - fi + # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + # # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 + # $APT_PATH/apt -y install libffi-dev python3-dev + # /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 + # # else + # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # # $APT_PATH/apt -y install python3-cryptography + # fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) - /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core + # 2023-10-01 #3650: --prefer-binary or --only-binary ensure you get wheels, + # even if they're not the very latest release -- thereby avoiding compiling + # messes -- and obviating the need for these 2: (above, both commented out) + # - 'install libffi-dev python3-dev' + # - painstaking pinning of cryptography or cffi (etc) to older version numbers + /usr/local/ansible/bin/python3 -m pip install --prefer-binary --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do From d55e61c32b990c39f94a11b70802e059aafd2b18 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 13:55:33 -0400 Subject: [PATCH 0695/1184] scripts/ansible: Clean up explanation of --prefer-binary --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b1226f0d3..b3a110960 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -265,8 +265,8 @@ EOF # 2023-10-01 #3650: --prefer-binary or --only-binary ensure you get wheels, # even if they're not the very latest release -- thereby avoiding compiling # messes -- and obviating the need for these 2: (above, both commented out) - # - 'install libffi-dev python3-dev' - # - painstaking pinning of cryptography or cffi (etc) to older version numbers + # - 'apt -y install libffi-dev python3-dev' + # - painstaking pinning of cryptography or cffi (etc) to older version #s /usr/local/ansible/bin/python3 -m pip install --prefer-binary --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin From 3b70f38544f0703606852569f0ab95ea789ac222 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 18:34:19 -0400 Subject: [PATCH 0696/1184] 32-bit fixes (CWeb, JHub, Moodle) + defer IArchive --- roles/9-local-addons/tasks/main.yml | 15 ++++++++++++++- roles/calibre-web/tasks/install.yml | 3 ++- roles/jupyterhub/tasks/install.yml | 4 ++-- roles/moodle/tasks/install.yml | 10 ++++++++-- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index ac657cd5c..075752bec 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -14,10 +14,23 @@ name: captiveportal when: captiveportal_install +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) + command: dpkg --print-architecture + register: dpkg_arch + when: internetarchive_install + +- name: Explain bypassing of Internet Archive install if 32-bit OS + fail: # FORCE IT RED THIS ONCE! + msg: "BYPASSING INTERNET ARCHIVE PER https://github.com/iiab/iiab/issues/3641 -- 'dpkg --print-architecture' output for your OS: {{ dpkg_arch.stdout }}" + when: internetarchive_install and not dpkg_arch.stdout is search("64") + ignore_errors: True + - name: INTERNETARCHIVE include_role: name: internetarchive - when: internetarchive_install + when: internetarchive_install and dpkg_arch.stdout is search("64") - name: MINETEST include_role: diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 96bdda124..f1eac71ec 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -63,8 +63,9 @@ pip: requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 8d7273215..4e23f9ccc 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -53,7 +53,7 @@ virtualenv_site_packages: no virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) - extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 + extra_args: "--no-cache-dir --prefer-binary" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 # 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below) # fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) @@ -69,7 +69,7 @@ virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" - extra_args: "--no-cache-dir" + extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" template: diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 570e782b7..1406a6e38 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -71,10 +71,16 @@ when: opt_iiab_moodle.stat.exists -- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER MOODLE 4.1 LTS ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) + command: dpkg --print-architecture + register: dpkg_arch + +- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO INSTALLING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022" set_fact: moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS - when: php_version is version('8.0', '<') + when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") - name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 git: From 542198376637edaf6cbd0562a833af66273963d6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 21:40:55 -0400 Subject: [PATCH 0697/1184] transmission/README.rst: Clarify 4.0.4+ compile slowness & 4.1 soon? --- roles/transmission/README.rst | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 8df899064..4b95b3309 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -15,20 +15,23 @@ Transmission README Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form). All these incarnations feature a very simple and intuitive interface, on top on an efficient, cross-platform backend: https://transmissionbt.com -Transmission is intended to download KA Lite content to Internet-in-a-Box (IIAB) from places like https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. +Transmission is intended to download content like KA Lite to Internet-in-a-Box (IIAB), from places like https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO Caution ------- -Usage of Transmission consumes significant Internet data and system resources. -Caveat emptor! (That's Latin for "Buyer Beware") +In order to make the latest features available to you as October 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_, which painfully can take most of an hour. + +We hope that `Transmission 4.1 <https://github.com/transmission/transmission/milestone/13>`_ install options improve soon for 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_) eliminating this install-time slowness! + +Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") Using It -------- -Install Transmission by setting 'transmission_install' and 'transmission_enabled' to True in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: +Install Transmission by setting ``transmission_install: True`` and ``transmission_enabled: True`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: cd /opt/iiab/iiab ./runrole transmission From 67235691099c767c2cb018c060edd85add85433b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 22:00:37 -0400 Subject: [PATCH 0698/1184] transmission/README.rst: "2023 Caution" re: slow compile --- roles/transmission/README.rst | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 4b95b3309..f868f7f9e 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -19,14 +19,16 @@ Transmission is intended to download content like KA Lite to Internet-in-a-Box ( For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO -Caution -------- +2023 Caution +------------ -In order to make the latest features available to you as October 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_, which painfully can take most of an hour. +In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. -We hope that `Transmission 4.1 <https://github.com/transmission/transmission/milestone/13>`_ install options improve soon for 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_) eliminating this install-time slowness! +Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should install quickly starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_) eliminating this install-time slowness! -Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") +Finally, if you want to quickly install a very old version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. + +.. Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") Using It -------- From 7905e30f22a59618cdb16020668a941e75c8e6a2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 22:50:08 -0400 Subject: [PATCH 0699/1184] transmission/README.rst: "2023 Caution" grammar touch-ups --- roles/transmission/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index f868f7f9e..e8bf3f7a7 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -24,9 +24,9 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. -Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should install quickly starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_) eliminating this install-time slowness! +Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_). -Finally, if you want to quickly install a very old version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. +Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. .. Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") From aad284b3c6a3f65aa7c17458b3f70e5d5f2649c2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Oct 2023 15:27:45 -0400 Subject: [PATCH 0700/1184] transmission/README.rst: Link to Debian 12 docs --- roles/transmission/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index e8bf3f7a7..7e68d1325 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -24,7 +24,7 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. -Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_). +Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. From beb34f8eee6b4db28b6ffa2147c82aa526b977ff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Oct 2023 19:01:34 -0400 Subject: [PATCH 0701/1184] nextcloud/README.md: Quick cleanup & update --- roles/nextcloud/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 64747521b..07556d4a2 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike> -(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : +(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : - upload_max_filesize - post_max_size @@ -38,11 +38,11 @@ FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/php-settings.yml#L55-L110](../www_options/tasks/php-settings.yml#L55-L110) -(4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +(4) Verify system requirements and recommendations for the [latest version Nextcloud](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule): - https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml ## Using It From 332c968c5213acc437412637affc77a149cf13fb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Oct 2023 19:28:07 -0400 Subject: [PATCH 0702/1184] nextcloud/README.md: Clarify PHP/RAM/disk warning --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 07556d4a2..b33ca98ea 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike> -(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : +(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure: - upload_max_filesize - post_max_size From 3ef3a4cfa124c02d9419e5a5af0db993b61d67ff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 3 Oct 2023 08:47:20 -0400 Subject: [PATCH 0703/1184] nextcloud/README.md: Clarify automatic 'nginx_high_php_limits: True' --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index b33ca98ea..e74518b32 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike> -(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure: +(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP, and is effectively auto-enabled for Nextcloud ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure: - upload_max_filesize - post_max_size From 667c07048bbb1f55bb822e9cbbda1a70f8830aa9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 5 Oct 2023 14:43:30 -0400 Subject: [PATCH 0704/1184] moodle/install.yml CLARIF: Reverting to 4.1 LTS is not guaranteed --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 1406a6e38..f1a5a7cbd 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -77,7 +77,7 @@ command: dpkg --print-architecture register: dpkg_arch -- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO INSTALLING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022" +- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO TRYING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022" set_fact: moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") From 03d49be4a03ccf86dd28e817c611c4e97a94358e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 5 Oct 2023 16:52:23 -0400 Subject: [PATCH 0705/1184] iiab-expand-rootfs DOC: raspi-config nonint do_expand_rootfs --- roles/1-prep/templates/iiab-expand-rootfs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index a1fd06772..f6c75b46e 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -14,6 +14,9 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config + # 2023-10-05: Official new RPi instructions: + # sudo raspi-config nonint do_expand_rootfs + # https://www.raspberrypi.com/documentation/computers/configuration.html#expand-filesystem-nonint raspi-config --expand-rootfs # REQUIRES A REBOOT rm -f /.expand-rootfs /.resize-rootfs reboot # In future, we might warn interactive users that a reboot is coming? From 2e919694cfb43f43f2177f752d84b4e1469b6793 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Oct 2023 12:07:12 -0400 Subject: [PATCH 0706/1184] Recommend ansible-core 2.15.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b3a110960..105a737c1 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.4] -GOOD_VER=2.15.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.5] +GOOD_VER=2.15.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From eea8b086ee8d71d2e81ba2474bae1e6a4cf678e0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Oct 2023 12:12:14 -0400 Subject: [PATCH 0707/1184] iiab-install: Set MIN_ANSIBLE_VER=2.13.13 w/ #3654 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index c6a8eb361..3b7811308 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.13.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From f3d30d6187d97e514107f9f0cfc8270511d48cda Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:32:35 -0400 Subject: [PATCH 0708/1184] moodle_version: MOODLE_403_STABLE (Moodle 4.3) --- roles/moodle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 57f48e4a6..4597665b1 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -11,7 +11,7 @@ # 2023-04-25: Currently testing Moodle's master branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_402_STABLE # Moodle 4.2 +moodle_version: MOODLE_403_STABLE # Moodle 4.3 #moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From ca34259402c5dc11bdabb74a9d1878c1195e6d2f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:35:34 -0400 Subject: [PATCH 0709/1184] For now, install Moodle 4.4dev if PHP >= 8.3 --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index f1a5a7cbd..9edbafca3 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -87,7 +87,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2) + version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) when: php_version is version('8.3', '<') - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" @@ -95,7 +95,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023) + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From 1016a49edd1afa4d66c0b0220e52cc0a5b19651d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:58:29 -0400 Subject: [PATCH 0710/1184] moodle/tasks/install.yml: Note new Moodle 4.3 disk footprint(s) --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 9edbafca3..eb6ec62d5 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -82,7 +82,7 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.3 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle @@ -90,7 +90,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From de83ed694f94e9a5da25ce4d9958ae5dcd0b2fc5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 15:13:28 -0400 Subject: [PATCH 0711/1184] Links: RasPiOS Bookworm doc for Python with venv --- roles/calibre-web/tasks/install.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index f1eac71ec..d8f2c6f94 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -67,6 +67,10 @@ virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 +# 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) +# https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi +# https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments + # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 # source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) From 60763fab8e41ee126a21af250cb6639203cbaed3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 15:15:33 -0400 Subject: [PATCH 0712/1184] scripts/ansible links: RasPiOS Bookworm doc for Python with venv --- scripts/ansible | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 105a737c1..6af471008 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -225,6 +225,10 @@ else # pipx install ansible-core # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible + # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) + # https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi + # https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments + echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible From e1ccb6c3285e7e78e9cc88365d9394393ed12957 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 20:39:38 -0500 Subject: [PATCH 0713/1184] Update install.yml moving --- roles/network/tasks/install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 188713b8f..df473eae1 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -31,7 +31,6 @@ - libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - netmask # 25kB download: Handy utility -- helps determine network masks - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP From cf47363316f718e8b491459de0a346daf2d9116d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 20:46:45 -0500 Subject: [PATCH 0714/1184] Update sysd-netd-debian.yml rework for RasPiOS --- roles/network/tasks/sysd-netd-debian.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 391494382..32734a77b 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,4 +1,11 @@ # sysd-netd-debian.yml +- name: 'Install systemd-networkd, systemd-resolved, networkd-dispatcher + package: + name: + - systemd-networkd + - systemd-resolved + - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes + - name: Copy the bridge script - Creates br0 template: dest: /etc/systemd/network/IIAB-Bridge.netdev From 4c8ca30769770e04f5f3be9bc4451df93cc851af Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 20:57:55 -0500 Subject: [PATCH 0715/1184] Update sysd-netd-debian.yml --- roles/network/tasks/sysd-netd-debian.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 32734a77b..1613f9a4c 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -2,8 +2,6 @@ - name: 'Install systemd-networkd, systemd-resolved, networkd-dispatcher package: name: - - systemd-networkd - - systemd-resolved - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - name: Copy the bridge script - Creates br0 From b81d3365de75d1dfa31c38cf457c28be15a2f239 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 20:58:28 -0500 Subject: [PATCH 0716/1184] Update sysd-netd-debian.yml --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 1613f9a4c..3a815008d 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,5 +1,5 @@ # sysd-netd-debian.yml -- name: 'Install systemd-networkd, systemd-resolved, networkd-dispatcher +- name: 'Install networkd-dispatcher package: name: - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes From 7055165f7705326b0499e97ceb199de4d2685307 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 21:13:07 -0500 Subject: [PATCH 0717/1184] Update sysd-netd-debian.yml --- roles/network/tasks/sysd-netd-debian.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 3a815008d..0a734aa44 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -4,6 +4,12 @@ name: - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes +- name: 'Install networkd-resolved + package: + name: + - networkd-resolved + when: is_raspbian and os_ver is version('raspbian-12', '>=') + - name: Copy the bridge script - Creates br0 template: dest: /etc/systemd/network/IIAB-Bridge.netdev From cdd88d20c55e5c7c9d45b5d2b045c7ff60ff09a7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 21:19:02 -0500 Subject: [PATCH 0718/1184] Update sysd-netd-debian.yml 'systemd' --- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 0a734aa44..3fe944511 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -4,10 +4,10 @@ name: - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes -- name: 'Install networkd-resolved +- name: 'Install systemd-resolved for RasPiOS package: name: - - networkd-resolved + - systemd-resolved when: is_raspbian and os_ver is version('raspbian-12', '>=') - name: Copy the bridge script - Creates br0 From 6f397c63a9f8629a6b7952b80fca4b77a59d0fa1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 14 Oct 2023 15:32:50 -0400 Subject: [PATCH 0719/1184] sysd-netd-debian.yml: Install systemd-resolved (if available) --- roles/network/tasks/main.yml | 4 ++-- roles/network/tasks/sysd-netd-debian.yml | 19 ++++++++++++------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 9e2954892..7a1e6d5f5 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -75,13 +75,13 @@ - name: NetworkManager in use include_tasks: NM-debian.yml when: network_manager_active - #when: is_debuntu and network_manager_active - name: systemd-networkd in use include_tasks: sysd-netd-debian.yml when: systemd_networkd_active - #when: is_debuntu and systemd_networkd_active + #when: systemd_networkd_active and not network_manager_active # 2023-10-11: NOT the right way to solve #3657 (systemd-resolved issue on RasPiOS 12+) as this would damage Ubuntu/Mint. + # 2023-10-11: Should rpi_debian.yml go away in future, now that RasPiOS Bookworm uses NetworkManager? - name: Raspbian can use dhcpcd only with no N-M or SYS-NETD active include_tasks: rpi_debian.yml when: is_raspbian and not network_manager_active diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 3fe944511..7fb0e26c9 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,14 +1,19 @@ # sysd-netd-debian.yml -- name: 'Install networkd-dispatcher +- name: Install networkd-dispatcher package: - name: - - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes + name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes -- name: 'Install systemd-resolved for RasPiOS +# 2023-10-14 #3657, #3658, #3659: New RasPiOS 12/Bookworm issue. +# FWIW Ubuntu >= 22.10 offers 'systemd-resolved' as a distinct apt package. +# Whereas Ubuntu <= 22.04 bundled the functionality within apt package 'systemd' +# Debian 12/Bookworm (like Ubuntu >= 22.10) offers it as a distinct package: +# https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#systemd-resolved +- name: Install systemd-resolved (or intentionally show red error then continue, if apt package not available) package: - name: - - systemd-resolved - when: is_raspbian and os_ver is version('raspbian-12', '>=') + name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm + ignore_errors: yes + #shell: apt -y install systemd-resolved || true + #when: is_raspbian and os_ver is version('raspbian-12', '>=') - name: Copy the bridge script - Creates br0 template: From bbef784d8011f2c23e9097820ee012f43edd367f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 14 Oct 2023 15:45:51 -0400 Subject: [PATCH 0720/1184] sysd-netd-debian.yml: Clean comment spacing --- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 7fb0e26c9..9868d5b96 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,7 +1,7 @@ # sysd-netd-debian.yml - name: Install networkd-dispatcher package: - name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes + name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes # 2023-10-14 #3657, #3658, #3659: New RasPiOS 12/Bookworm issue. # FWIW Ubuntu >= 22.10 offers 'systemd-resolved' as a distinct apt package. @@ -10,7 +10,7 @@ # https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#systemd-resolved - name: Install systemd-resolved (or intentionally show red error then continue, if apt package not available) package: - name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm + name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm ignore_errors: yes #shell: apt -y install systemd-resolved || true #when: is_raspbian and os_ver is version('raspbian-12', '>=') From 820ad422399275b5168e509f2cfbcf4e9c8bbd6f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Oct 2023 09:29:14 -0400 Subject: [PATCH 0721/1184] calibre-web/README.rst: Remove useless "details above" --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d8f89c591..6b2884065 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -134,7 +134,7 @@ Errors and warnings can be seen if you run:: Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's **Configuration > Basic Configuration > Logfile -Configuration** (details above). +Configuration**. Back Up Everything ------------------ From 70a139b643ee25e7489c822a8f20307f3863c08f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 27 Oct 2023 14:31:21 -0400 Subject: [PATCH 0722/1184] Support Ubuntu 24.04 pre-releases --- vars/default_vars.yml | 1 + vars/ubuntu-2404.yml | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 vars/ubuntu-2404.yml diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 062a2f749..a9845e447 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -775,6 +775,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2404: False is_ubuntu_2310: False is_ubuntu_2304: False is_ubuntu_2210: False diff --git a/vars/ubuntu-2404.yml b/vars/ubuntu-2404.yml new file mode 100644 index 000000000..d5355dcd0 --- /dev/null +++ b/vars/ubuntu-2404.yml @@ -0,0 +1,5 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2404: True From 0c09a2d46de833794294b3721786c7932d15781e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 27 Oct 2023 19:31:14 -0400 Subject: [PATCH 0723/1184] Rename ubuntu-2210.yml to ubuntu-2210.yml.unused --- vars/{ubuntu-2210.yml => ubuntu-2210.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{ubuntu-2210.yml => ubuntu-2210.yml.unused} (100%) diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml.unused similarity index 100% rename from vars/ubuntu-2210.yml rename to vars/ubuntu-2210.yml.unused From 19cd6be03d5081a54ba8c46050fe8f571f7c1f82 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:31:12 -0400 Subject: [PATCH 0724/1184] calibre-web/README.rst: http://box/live/stats lists Python deps / versions --- roles/calibre-web/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 6b2884065..584f2d409 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -136,6 +136,8 @@ Log verbosity level can be within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration**. +Finally, http://box/live/stats (Calibre-Web's About page) can be a very useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the version number of each that's installed). + Back Up Everything ------------------ From 6d5c211f929b210cac25da5a32e1d73775914926 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:34:33 -0400 Subject: [PATCH 0725/1184] calibre-web/README.rst: Clean http://box/live/stats explanation --- roles/calibre-web/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 584f2d409..d63a36c5a 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -136,7 +136,9 @@ Log verbosity level can be within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration**. -Finally, http://box/live/stats (Calibre-Web's About page) can be a very useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the version number of each that's installed). +Finally, http://box/live/stats (Calibre-Web's **About** page) can be a very +useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the +version number of each that's installed). Back Up Everything ------------------ From 53a74c77a777eae7aa127edab90d7d73bc201c54 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:37:16 -0400 Subject: [PATCH 0726/1184] calibre-web/README.rst: Link to Calibre-Web wiki (deps) --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d63a36c5a..f947c4a02 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -137,8 +137,8 @@ within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration**. Finally, http://box/live/stats (Calibre-Web's **About** page) can be a very -useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the -version number of each that's installed). +useful list of ~42 `Calibre-Web dependencies <https://github.com/janeczku/calibre-web/wiki/Dependencies-in-Calibre-Web-Linux-and-Windows>`_ +(mostly Python packages, and the version number of each that's installed). Back Up Everything ------------------ From 699adb9c5a5c2a21e17eecb31dd696698f0c52a4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 4 Nov 2023 08:24:39 -0400 Subject: [PATCH 0727/1184] calibre-web/tasks/install.yml: Full clone for now (community testing) --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index d8f2c6f94..7f778a38f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes - depth: 1 + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From 8def5c98cf101b18ba39389609aacc104d430e21 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 09:44:12 -0500 Subject: [PATCH 0728/1184] Doc: pipx option to install pkg globally for multi-user access --- scripts/ansible | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 6af471008..78baa8013 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -224,6 +224,8 @@ else # $APT_PATH/apt -y install pipx # Typically adds 50+ packages! # pipx install ansible-core # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible + # Or, to install package globally for multi-user access: (pypa/pipx#754) + # PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install ansible-core # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) # https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi From 402ce97d1dc3cde5cd15868f7c272c95c1ec397d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 12:14:46 -0500 Subject: [PATCH 0729/1184] Install MySQL/MariaDB on-demand--for MediaWiki, WordPress, Matomo &/or Admin Console --- roles/0-init/tasks/validate_vars.yml | 6 +-- roles/3-base-server/README.rst | 13 +++++- roles/3-base-server/tasks/main.yml | 11 +++-- roles/9-local-addons/tasks/main.yml | 18 ++++++++ roles/matomo/tasks/install.yml | 15 +++++++ roles/mediawiki/tasks/install.yml | 15 +++++++ roles/munin/tasks/install.yml | 5 ++- roles/mysql/tasks/enable-or-disable.yml | 15 +++++++ roles/mysql/tasks/main.yml | 57 +++++++++++-------------- roles/wordpress/tasks/install.yml | 15 +++++++ vars/default_vars.yml | 11 +++-- 11 files changed, 133 insertions(+), 48 deletions(-) create mode 100644 roles/mysql/tasks/enable-or-disable.yml diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f5277d2d9..a369fca5c 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -64,7 +64,7 @@ # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -76,7 +76,7 @@ - admin_console #- nginx # MANDATORY #- apache # Unmaintained - former dependency - #- mysql # MANDATORY + - mysql # Dependency - excluded from _installed check below - squid - cups - samba @@ -155,7 +155,7 @@ that: "{{ item }}_install or {{ item }}_installed is undefined" fail_msg: "DISALLOWED: '{{ item }}_install: False' (e.g. in /etc/iiab/local_vars.yml) WHEN '{{ item }}_installed' is defined (e.g. in /etc/iiab/iiab_state.yml) -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 files especially, and other places variables are defined?" quiet: yes - when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies + when: item != 'mysql' and item != 'postgresql' and item != 'mongodb' and item != 'nodejs' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" - name: 'DISALLOW "XYZ_install: True" if deprecated' diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index e458d7be0..ed80399ba 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -1,10 +1,21 @@ +.. |ss| raw:: html + + <strike> + +.. |se| raw:: html + + </strike> + +.. |nbsp| unicode:: 0xA0 + :trim: + ==================== 3-base-server README ==================== This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including: -- `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). This IIAB role also installs apt package: +- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| (NEW of 2023-11-05, MySQL / MariaDB is instead installed on demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.) This IIAB role also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 5e2e7355d..89d0610be 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,10 +3,13 @@ - name: ...IS BEGINNING ===================================== meta: noop -- name: MYSQL + CORE PHP - include_role: - name: mysql - #when: mysql_install +# 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every +# IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, +# MediaWiki, WordPress &/or Admin Console. +# - name: MYSQL + CORE PHP +# include_role: +# name: mysql +# #when: mysql_install # 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles: # diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 075752bec..257797dbd 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -55,6 +55,24 @@ name: pbx when: pbx_install + +- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)' + set_fact: + mysql_install: True + mysql_enabled: True + when: admin_console_install + +- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)' + include_role: + name: mysql + when: admin_console_install + +- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)' + fail: + msg: "Admin Console install cannot proceed, as MySQL / MariaDB is not installed." + when: admin_console_install and mysql_installed is undefined + + - name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini set_fact: df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}" diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index d6f8060a4..1df6c32b4 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,6 +12,21 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "Matomo install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 204fc0c45..e89afdcd9 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,3 +1,18 @@ +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "MediaWiki install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index f6b23e619..3895b7bf9 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -32,7 +32,7 @@ name: "{{ munin_username}}" # Admin password: "{{ munin_password }}" # changeme -- name: If MySQL is enabled, let Munin monitor it +- name: If MySQL is installed, let Munin monitor it copy: src: "{{ item }}" dest: /etc/munin/plugins/ @@ -44,7 +44,8 @@ - /usr/share/munin/plugins/mysql_queries - /usr/share/munin/plugins/mysql_slowqueries - /usr/share/munin/plugins/mysql_threads - when: mysql_enabled + when: mysql_installed + #when: mysql_enabled # RECORD Munin AS INSTALLED diff --git a/roles/mysql/tasks/enable-or-disable.yml b/roles/mysql/tasks/enable-or-disable.yml new file mode 100644 index 000000000..ac06c0c8c --- /dev/null +++ b/roles/mysql/tasks/enable-or-disable.yml @@ -0,0 +1,15 @@ +- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled + systemd: + name: "{{ mysql_service }}" + daemon_reload: yes + state: started + enabled: yes + when: mysql_enabled + +# We had to start MySQL in order to configure it, now turn if off if not enabled +- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled + systemd: + name: "{{ mysql_service }}" + enabled: no + state: stopped + when: not mysql_enabled diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 789d406c1..d91bbce14 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -26,40 +26,33 @@ var: mysql_installed -- name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mysql_installed is undefined +- block: + - name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mysql_installed is undefined -- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled - systemd: - name: "{{ mysql_service }}" - daemon_reload: yes - state: started - enabled: yes - when: mysql_enabled + - include_tasks: enable-or-disable.yml -# We had to start MySQL in order to configure it, now turn if off if not enabled -- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled - systemd: - name: "{{ mysql_service }}" - enabled: no - state: stopped - when: not mysql_enabled + - name: Add 'mysql' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mysql + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: MySQL + - option: description + value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."' + - option: mysql_install + value: "{{ mysql_install }}" + - option: mysql_enabled + value: "{{ mysql_enabled }}" + rescue: -- name: Add 'mysql' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mysql - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: MySQL - - option: description - value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."' - - option: mysql_install - value: "{{ mysql_install }}" - - option: mysql_enabled - value: "{{ mysql_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 38fb08180..fb4aca021 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,6 +12,21 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "WordPress install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a9845e447..4557d815a 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -265,12 +265,11 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER -# 2020-09-24: MySQL / MariaDB is MANDATORY but still evolving - please see: -# https://github.com/iiab/iiab/blob/master/roles/mysql/tasks/install.yml -# https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml -# THESE 2 LEGACY VARS ARE PRESERVED BUT HAVE NO EFFECT: -mysql_install: True -mysql_enabled: True +# 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every +# IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, +# MediaWiki, WordPress &/or Admin Console. BOTH VALUES BELOW INITIALLY IGNORED: +mysql_install: False +mysql_enabled: False mysql_service: mariadb # 2020-09-24: NGINX is MANDATORY but still evolving - please see: From 58d992328455aaa1d4fa17e605af7931028f1708 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 12:53:46 -0500 Subject: [PATCH 0730/1184] roles/3-base-server/README.rst: Explain MySQL / MariaDB change --- roles/3-base-server/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index ed80399ba..4c03f3f8d 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -15,7 +15,7 @@ This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including: -- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| (NEW of 2023-11-05, MySQL / MariaDB is instead installed on demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.) This IIAB role also installs apt package: +- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** From 27cc66b87e6f351c5896d393c065e23312b56e06 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 12:58:05 -0500 Subject: [PATCH 0731/1184] 0-init/tasks/validate_vars.yml: Cleaner ordering of mysql within 45 --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index a369fca5c..3617715dd 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -76,7 +76,6 @@ - admin_console #- nginx # MANDATORY #- apache # Unmaintained - former dependency - - mysql # Dependency - excluded from _installed check below - squid - cups - samba @@ -85,6 +84,7 @@ - gitea - jupyterhub - lokole + - mysql # Dependency - excluded from _installed check below - mediawiki - mosquitto - nodejs # Dependency - excluded from _installed check below From aabfd5de9b48b561629dc250cafd7353a1b1ffb9 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 13:25:52 -0500 Subject: [PATCH 0732/1184] Move Munin install: 8-mgmt-tools -> 9-local-addons --- roles/8-mgmt-tools/tasks/main.yml | 5 ----- roles/9-local-addons/tasks/main.yml | 7 +++++++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 61ac785ad..8771b66a0 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -23,11 +23,6 @@ name: monit when: monit_install -- name: MUNIN - include_role: - name: munin - when: munin_install - - name: PHPMYADMIN include_role: name: phpmyadmin diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 257797dbd..337a74445 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -73,6 +73,13 @@ when: admin_console_install and mysql_installed is undefined +# 2023-11-05: Moved from Stage 8, as it acts on mysql_installed (that might be set just above!) +- name: MUNIN + include_role: + name: munin + when: munin_install + + - name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini set_fact: df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}" From a10384c9f1ea7ddf98ebe39b8f2576ea0cb41572 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 16:54:48 -0500 Subject: [PATCH 0733/1184] scripts/ansible: Recommend ansible-core 2.16.0 ETA 2023-11-06 --- scripts/ansible | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 78baa8013..48d337b19 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.5] -GOOD_VER=2.15.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.0] +GOOD_VER=2.16.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.15.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.16 +# https://github.com/ansible/ansible/blob/stable-2.16/changelogs/CHANGELOG-v2.16.rst # https://github.com/ansible/ansible/commits/stable-2.15 # https://github.com/ansible/ansible/blob/stable-2.15/changelogs/CHANGELOG-v2.15.rst # https://github.com/ansible/ansible/commits/stable-2.14 From 11257daf2a80029055e3b94fec997feef25b8b41 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 16:56:30 -0500 Subject: [PATCH 0734/1184] iiab-install: Set MIN_ANSIBLE_VER=2.14.11 (2.13 EOL on 2023-11-06) --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 3b7811308..bc887d659 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 9f3ca844ff9b979de97c78365256f5f946bd4bf3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 6 Nov 2023 12:12:51 -0500 Subject: [PATCH 0735/1184] roles/nextcloud: Install prereq MySQL / MariaDB --- roles/3-base-server/README.rst | 2 +- roles/3-base-server/tasks/main.yml | 2 +- roles/nextcloud/tasks/install.yml | 15 +++++++++++++++ vars/default_vars.yml | 3 ++- 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 4c03f3f8d..579977f55 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -15,7 +15,7 @@ This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including: -- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: +- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 89d0610be..96cee56a9 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -5,7 +5,7 @@ # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, WordPress &/or Admin Console. +# MediaWiki, Nextcloud, WordPress &/or Admin Console. # - name: MYSQL + CORE PHP # include_role: # name: mysql diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ce62729c8..f62a080be 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -1,3 +1,18 @@ +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "Nextcloud install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4557d815a..4f89f695a 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -267,7 +267,8 @@ pi_swap_file_size: 1024 # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, WordPress &/or Admin Console. BOTH VALUES BELOW INITIALLY IGNORED: +# MediaWiki, Nextcloud, WordPress &/or Admin Console. SO BOTH VALUES BELOW ARE +# INITIALLY IGNORED: mysql_install: False mysql_enabled: False mysql_service: mariadb From 8d97dd9addfeb9502397889f3a6da82e84227b61 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Nov 2023 12:47:44 -0500 Subject: [PATCH 0736/1184] nextcloud/tasks/install.yml: Disk space estimates for /library/www/nextcloud --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f62a080be..2eef6290f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -123,7 +123,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~606 MB initially, sometimes ~642 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~607 MB initially, sometimes ~643 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From ba9fa67aaa678581671476aba3626e8ddd2d8bd5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Nov 2023 13:47:34 -0500 Subject: [PATCH 0737/1184] nextcloud-nginx.conf.j2: Patch both 'oc[ms]-provider' to 'ocs-provider' --- roles/nextcloud/templates/nextcloud-nginx.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 index a1d1a53b3..285c6c8e2 100644 --- a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 +++ b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 @@ -85,7 +85,7 @@ location ^~ {{ nextcloud_url }} { deny all; } - location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { + location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; @@ -102,7 +102,7 @@ location ^~ {{ nextcloud_url }} { fastcgi_request_buffering off; } - location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) { + location ~ ^\/nextcloud\/(?:updater|ocs-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } From 128088ea90e93601b894b22a3ef119f708df1fcc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Nov 2023 13:52:07 -0500 Subject: [PATCH 0738/1184] Desupport EOL'd Nextcloud 25, a year after its PHP 7 was (also!) EOL'd --- roles/nextcloud/tasks/install.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 2eef6290f..09b72749f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -118,10 +118,12 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" - set_fact: - nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 - when: php_version is version('8.0', '<') +# Nextcloud 25 EOL was 2023-10-01: https://endoflife.date/nextcloud +# https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule#eol-versions +#- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" +# set_fact: +# nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 +# when: php_version is version('8.0', '<') - name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~607 MB initially, sometimes ~643 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: From afbddd16c46bcfd33b7f699191a204be67a0e8f0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 14 Nov 2023 10:07:38 -0500 Subject: [PATCH 0739/1184] gitea/defaults/main.yml: gitea_version: "1.21" --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index e2311c804..c318acfd7 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: "1.20" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. +gitea_version: "1.21" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 5b7297999b1850d2ba5f1133f32fdfeacd4e548c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 14 Nov 2023 10:12:49 -0500 Subject: [PATCH 0740/1184] gitea/tasks/install.yml: Mention Gitea 1.21 --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 957da4822..d61aa76c1 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -51,7 +51,7 @@ - name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" - dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.20 + dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.21 mode: 0775 timeout: "{{ download_timeout }}" From acf125f46d3eff3ac7550faeb3d00711d73131a6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 14 Nov 2023 11:43:32 -0500 Subject: [PATCH 0741/1184] gitea/tasks/install.yml: Doc ~134MB /library/gitea for #3671 --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index d61aa76c1..eed1559f8 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -48,7 +48,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~134 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.21 From c968abc77205649707ae6874e5db833f1ee0e081 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 15:56:45 -0500 Subject: [PATCH 0742/1184] pbx/default/main.yml: Try Asterisk 21 and FreePBX 17 --- roles/pbx/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 2cc6eece6..f7173c2b3 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,13 +26,13 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-20-current.tar.gz +asterisk_src_file: asterisk-21-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From 5e127a7cd7f2d5e415d2aa7a52b08a1715e90f5d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:00:36 -0500 Subject: [PATCH 0743/1184] default_vars.yml: 'asterisk_rpi_patch: False' safer --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4f89f695a..b7a197cb0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -692,7 +692,7 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False pbx_signaling_ports_chan_sip: 5160:5161 pbx_signaling_ports_chan_pjsip: 5060 From 409dace2e7263040e5ff7135afa3ba63b5f50f88 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:38:25 -0500 Subject: [PATCH 0744/1184] local_vars_unittest.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 9fd0605a6..59c80a0e2 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 01bec789fb9aa139f29408ac4a982c2b6b543584 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:39:22 -0500 Subject: [PATCH 0745/1184] local_vars_small.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_small.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index be689cd52..6765c20d5 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 4ca14a75fcaefc11a2afbc746dcb1a500de16529 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:40:05 -0500 Subject: [PATCH 0746/1184] local_vars_medium.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 829b6fb6c..4ed3e7e3e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 20e42b37224df77b1e243cc1468bc30571d2ccf5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:40:51 -0500 Subject: [PATCH 0747/1184] local_vars_large.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_large.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7b108429f..c679b30f9 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 356c2bd1717b54ac9b83c10cf842d7d71f501e04 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:05:03 -0500 Subject: [PATCH 0748/1184] asterisk.yml w/o 'menuselect --enable app_macro' --- roles/pbx/tasks/asterisk.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index bc7638191..f5ce31b26 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -83,8 +83,8 @@ creates: menuselect.makeopts - name: Asterisk - Do a bit of menuselect configuration - command: menuselect/menuselect --enable app_macro --enable format_mp3 menuselect.makeopts - # 2021-08-06: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed? + command: menuselect/menuselect --enable format_mp3 menuselect.makeopts + # 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed? # command: > # menuselect/menuselect --enable app_macro --enable format_mp3 # --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722 From 93b381804ef65e093e2a4378ec2339cd2214b38b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:20:23 -0500 Subject: [PATCH 0749/1184] pbx/tasks/install.yml: Install MySQL / MariaDB --- roles/pbx/tasks/install.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index ef9dea71d..5c49dfa14 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -22,6 +22,21 @@ # when: nodejs_version != "12.x" +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "PBX install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 From cf69b6438d5f8555503b5022de6b93c36683f4f7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:26:34 -0500 Subject: [PATCH 0750/1184] default_vars.yml: Clarify PBX need for MySQL --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b7a197cb0..ea4130c3c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -267,8 +267,8 @@ pi_swap_file_size: 1024 # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, Nextcloud, WordPress &/or Admin Console. SO BOTH VALUES BELOW ARE -# INITIALLY IGNORED: +# MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console. +# SO BOTH VALUES BELOW ARE INITIALLY IGNORED: mysql_install: False mysql_enabled: False mysql_service: mariadb From f2851ad9c4fa03c5945914f1551fabcb3e5570ec Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:28:27 -0500 Subject: [PATCH 0751/1184] 3-base-server: Clarify PBX need for MySQL --- roles/3-base-server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 96cee56a9..efe1c93e2 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -5,7 +5,7 @@ # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, Nextcloud, WordPress &/or Admin Console. +# MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console. # - name: MYSQL + CORE PHP # include_role: # name: mysql From 3d6450a1887b692dffe2486dadb19aab1c789aa1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:42:53 -0500 Subject: [PATCH 0752/1184] pbx/tasks/asterisk.yml: Clarify 7 (not 6) --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index f5ce31b26..1721d69d2 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -84,7 +84,7 @@ - name: Asterisk - Do a bit of menuselect configuration command: menuselect/menuselect --enable format_mp3 menuselect.makeopts - # 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed? + # 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 7 others (BELOW) aren't needed? # command: > # menuselect/menuselect --enable app_macro --enable format_mp3 # --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722 From de1f5ed44ab0ce6f1c3c442f226d660ff9006650 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:47:30 -0500 Subject: [PATCH 0753/1184] 3-base-server/README.rst: Clarify PBX needs MySQL --- roles/3-base-server/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 579977f55..1f22db3a2 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -15,7 +15,7 @@ This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including: -- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: +- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** From 022569fc612d5bc0614d0c67e0095c73f6793076 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Nov 2023 01:29:16 -0500 Subject: [PATCH 0754/1184] Revert to 'freepbx_git_branch: release/16.0' for now --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f7173c2b3..c93a9781a 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -32,7 +32,7 @@ asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From e9655ad79801f8ea50c4ddf64fee252897a4f6e6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Nov 2023 01:57:32 -0500 Subject: [PATCH 0755/1184] Revert to 'asterisk_src_file: asterisk-20-current.tar.gz' for now --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index c93a9781a..2cc6eece6 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,7 +26,7 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-21-current.tar.gz +asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From c82709eaba75d972c412fcc84de461695fdc62ba Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Nov 2023 02:24:28 -0500 Subject: [PATCH 0756/1184] README.adoc: Comment out PR #3523 & var `asterisk_rpi_patch` --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a9c8b3087..727118015 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -61,12 +61,14 @@ If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/ph nginx_high_php_limits: True ---- + +//// As of April 2023 (https://github.com/iiab/iiab/pull/3523[PR #3523]) IIAB will patch Asterisk automatically (https://github.com/asterisk/asterisk/pull/32[PR asterisk/asterisk#32]) so it can be run experimentally on Raspberry Pi, so long as you keep this default settings: + ---- asterisk_rpi_patch: True ---- + +//// Optionally, you may want to enable https://github.com/wdoekes/asterisk-chan-dongle[chan_dongle], which is a channel driver for Huawei UMTS cards (e.g. 3G USB dongles) allowing regular voice calls over GSM mobile networks. You will need to configure a dongle post-install, for it to be recognized properly: + ---- From f2fd0fda9a461d59a7072f356a410a55d1b25ce2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Nov 2023 02:33:15 -0500 Subject: [PATCH 0757/1184] pbx/defaults/main.yml: Try Asterisk 21 and FreePBX 17 --- roles/pbx/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 2cc6eece6..f7173c2b3 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,13 +26,13 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-20-current.tar.gz +asterisk_src_file: asterisk-21-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From 7b1b6eca723da732352ea4bed4d3b3f1dce190d0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 23 Nov 2023 14:52:17 -0500 Subject: [PATCH 0758/1184] README.rst: Transmission 4.1 ETA early 2024 --- roles/transmission/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 7e68d1325..944f3883f 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -24,7 +24,7 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. -Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). +Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in early 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. From a3c7955b1b6a0b3d63bceac95b94e51bd31a063a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Nov 2023 15:01:07 -0500 Subject: [PATCH 0759/1184] remoteit/README.md: Link to their pricing --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 43395bdc7..051d3b7f5 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [July 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From 13467a8b92160b3924c3522e554424d71884d92a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 29 Nov 2023 16:44:29 -0500 Subject: [PATCH 0760/1184] Calibre-Web prereqs for audio/video + set app.db log to /var/log/calibre-web.log --- roles/calibre-web/files/app.db | Bin 94208 -> 126976 bytes roles/calibre-web/tasks/enable-or-disable.yml | 18 +++++++++++++++++- roles/calibre-web/tasks/install.yml | 15 ++++++++++++--- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/files/app.db b/roles/calibre-web/files/app.db index 31a8b716a1427cd61610ed5f5c68253fe452aea8..01c0f038338a22ada9d7caaceb4b65880e84d183 100644 GIT binary patch delta 3325 zcmcgu+i%;}8Rt>#h_<6LUg9c=<CzKC*utn-q^?}yX0oH%PJET^HY)~DhvbpWh$3lT zWIKkZ%31O>4Dm96F9Wva4=CUSnD;Vt*jpd_(moZ)(}3=!0}2EK2CO?|ElR$m=w3$X z2t42UeILL3`96Hv{o%{-lfnLJf*^+R>cZ;`Ui==D9GE6<nt$lVyAbsX{}aR1zo}O* z`sqhhc;F)5U%c?5fAK5o1-<x^+Iy1g31OPY9P-IezY)S`UlG(R>Px);2NfbiFaEXA z`*QRn;ym#+LH+!VwaDk^{@nLP@2`4(M?MZeIQzHmt?o=$A@nh5V!$u<nx7neGz*Gn z4(c4R$ll$n;czq>1;32CU;h~FUmL0FqApllnlwUBEG*0x^7HiV!cX(7vnzBNsuptp zxB%XAzv2OX@b`DXXTUSAxYwNjO{qIdtP}Xhf=9$-yjXCD`jmP`J=<%p_Wu6d#c*_J z2>hjb@YW=lAO}ZkP*DW~TGobc$^sgpmu*wgDhxg1^3!0jafBr4T3M+GstgUmLT3F` z#*#16QXZfZJu|;jm?{(l-Ai1CV^gU_qQuaLI4lO4g1u#6`0`wSb{6xr@r^dJ;>)%5 zD$+{yo#lnLM@ri}p1ectB&aH)i3G<{<P!Z}zBoCZFSd`-rj1MuVxx7_K1IV^BA0AS zYY4XKST>T^bj!8^acu?LP(emz=%}`!LapM!3byC)<D<z~n*ploX*@bsyMu!}<Y?f4 zm$1QY{Y_L+utKJQJb#o<q(`C+_2VQ#37IyIl)V-x)Yhg$u#c{yts~GzN9>McYp5n- zJsg|~f-c@i5_adI#ixFtiVR0o%3DWNX>02kst#qLteZ6$xVn+=P{7`_nGGZwOj+a@ zS(m)E$<(TKMmHRbk;Df~Ed`m1QpWEX3hQ_;G6qg(y;5OR#b>WEz9LLb7Zv8dQDNYN z4Q9=*sf>KT&RF#dQ!`SGrz<{bY$WkE$&^(nF@`BIx@=?NS;mmPkC<2hsxYQq_L!Xx z4>_75=`s?^ii$K?!=XK1$6lZ;X${GaiUiAsI7qhQ0XvJP;Z=Mo<p~b3vSUJ9(Qy@Y zB7Gq1mrH=GAPr$G5=33E3X+a14d?K8DiW~Zs4B>6d_OJ|;o{T$4ERpzHDp5>+E5Uo zRCSEgbvdkKzbQ4mu4L${B5j=nv+d*wI#^B71nlvOm+dFqlj{gjz@a%_8ox$*<J*oG zfK`3twb)}&$1uJx)H0Byz*CBuoo}0HA<KGA)H}@b!mTPb1$T&3O!BUcOYY)02p>GW z3w{Ltv<SM-cSlGfLhd*JbMDF`2gpPmknw9%=};sx1^`JmsR#+i-QQ|p<VJ*ykj)i* zmy-Rfp~!`PGJ>DoInu+CWDn@^ANOMoJipvKR)^-8s#nGiJ8~S??oGURO&$EYQOSGH zg!)0IxKPR8&8nO4EA?D_J-wcpg2g-Xv?@;4t@?XKU7KHDim%+`oa)l#2bp_CQPLLe zyEDa~*-J8uQXAFyWMWI==M&ECJ(ycftSc+4D@Ji?d>lL>i0vK7m)R`ja&e9m<#>uu zuyH=s;H5Ycb7fiP_;Nzzho9ocjI{q-i@DwIG5=GG>FOmT_^t=kCP8iPH#Mr!>;~OL z&u)av@RBTx2{|L86oMR|DnkjTS)R}GQnt)x`4pc`=TMqWWD;qZ;Sz|=WRi)LoJ1Km zo62xfCMiLb5YtIEmE>6#u?V3w6j2Vcaw1uVskF#*<uuBnRGH_}D3cb`JzO@;aVfE! zcxKSg|Jik(3{lGjwL>lMH>ap~M?>d{=n&4O{?G+4S^CK-2U)hJ|HQw)z;&b<-(c5o z?=%U}Pedc3=1ipj%pvya)8SfZd*?abMgJh&M+54eH>#0hWVp}lo9UzXo4tLZkwN#< zTi_bWdH2u{N3M9g8#jj@#x94W0|Vf3+J>TvyhCqYoh%meD+PKbKQUXNuY08H^r-vg zIJi0KwdvLcHkwJr7+=GH!g7fiW9ljj#uTR27Frm_t-T8_tEzvQw}_)$jIk6MiO>}4 z3fgG3CFc0N5HKWT_)JrfEZDGOwa5(i67D|7h;CvETy@89fuZ+3;dm^wZ9KnO{)EK% zW2COBTY|NQ)H<^KnX+xb>io>oYJnd0Oph_Goo{z6MzEL8MhnAkEeS5o*=x8>YTmHO z2Csv=Z$`t>;bHJ_+jnws5WHMD;_iU#{*}X{C9XEb-Vzi!@Ce=8<4tXW#d!biIM7M) zM#Z)T7-AwzR~_$0JVI{Wyq&zQ+f5dr-9z8TnXoc5S8(T3V9>2)!9}6v0#A)tZ>%}@ zW;i-F26ktB1B0m?N5Q*NtrLXHM+`o3>>KV5<-iSBO@mwc=EOia`u5vkcPhwI96`U& Yd#TxazjQ=u=Sd*&Limu+)pB6rzoLm6iU0rr delta 748 zcmZ8f&ubG=5Z>8My4$szx1o)Tjlpf9Hj!4-ScR5KyNOF18aHihJ@isH?W07KP05dn z6`^Ymy@(h*>|dY<1tBdo7e(n^#e;_)gj_sGa}Ww8P*C5lqz4BE-uJ!ln_-68YOq@k z_jAA3Pf?UavK?Y|=xVp0x;%N{CKR9(`@@G$c0qiKJUya7AdQwNWTK^-siCm}8c|Y! z76dQd-6@cmF5_a!$WP&%p2<Q#HrD^>+3aHwDM_HsxZq{}>8$Dp$nAXum)rs9m_o;- zMHA5+?6#78<5G(f=?zMFhrXa!!o9AIGe7vByoY<we(I>Z-?)yL*UTCb{6ej&d6%v* zRWt2Et&Z<C^9j_|Q7Ce}`H*ELNrK9}wLbwhYkUkQ>)&p`0fZ`Rz)C(JY>$-mbQYJ3 zxL_w8OR36&DlaI}geu#N^>qv+Yv&OBQJL>FGAs8DJ%{BxN-8#^q=MH+LqmjjW<4cG zB4LLu<g-}5eM?Cs;@W~Ov-%Y1vBV~v3lo&hujoY3E){V+#mp*B>xJcw41ORJn>wwg z9P3;Y&W{pTPA`=UczGpnl(12fqse4KRWw_&ij53jT`uWs#dcB0xzz+8V|U-a2^Xwd z69O7Ri&}hsQI&)3k(};r(wWC$Vl!%NRu2BxHLl6Q@Q^$b3h|*q#+p5ZJ}zRf%QZ;b z=;8oF?u4^%$37Sr(@S|ag^8}W<Z&8ovS$9K`4`?ERtf~*Wx4)n3Zk5qj=<UaXAL4y zKMF&N*_#8m==N-q5;b$((_3L6N(}=y+&6uV+}#xbjx&+KfnfFLV9-Tz0%zrOutRn| HZosp@Y-_?J diff --git a/roles/calibre-web/tasks/enable-or-disable.yml b/roles/calibre-web/tasks/enable-or-disable.yml index b196176f9..c15fda0da 100644 --- a/roles/calibre-web/tasks/enable-or-disable.yml +++ b/roles/calibre-web/tasks/enable-or-disable.yml @@ -23,12 +23,28 @@ dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d when: calibreweb_enabled +- name: If enabling with Calibre-Web enhanced for large audio/video "books" too, also append onto calibre-web-nginx.conf AND symlink /library/www/html/calibre-web -> /library/calibre-web (WIP) + shell: | + if [ -f {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf ]; then + cat {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf >> {{ nginx_conf_dir }}/calibre-web-nginx.conf + ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web + fi + when: calibreweb_enabled + + - name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf file: - path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d + path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" state: absent when: not calibreweb_enabled +- name: If disabling, also remove symlink /library/www/html/calibre-web (WIP) + file: + path: "{{ doc_root }}/calibre-web" # /library/www/html + state: absent + when: not calibreweb_enabled + + - name: Restart 'nginx' systemd service systemd: name: nginx diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7f778a38f..7f6644980 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,10 +3,9 @@ register: df1 -- name: "Install packages: ffmpeg, imagemagick, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - - ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved! - imagemagick - python3-netifaces state: present @@ -57,7 +56,17 @@ dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing - version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 + version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 + +- name: If Calibre-Web is being enhanced with audio/video "books" too, install additional prereqs (CAN TAKE 3+ MINUTES, WIP) + shell: | + if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then + apt install ffmpeg pipx -y + pipx install xklb + ln -s /root/.local/bin/lb /usr/local/bin/lb + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper + chmod a+x /usr/local/bin/lb-wrapper + fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} pip: From 4714b06d119bc0e3eb4f6cddbdfcb9db465fd330 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Nov 2023 21:27:41 -0500 Subject: [PATCH 0761/1184] calibre-web/tasks/install.yml: Better xklb & yt-dlp symlinks --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7f6644980..453a7f8bd 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -63,7 +63,8 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y pipx install xklb - ln -s /root/.local/bin/lb /usr/local/bin/lb + ln -sf /root/.local/bin/lb /usr/local/bin/lb + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper chmod a+x /usr/local/bin/lb-wrapper fi From e705ad6cd454701a48aa805879bb5ceeeacb4e37 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 13:25:48 -0500 Subject: [PATCH 0762/1184] calibre-web/defaults/main.yml: Set 'calibreweb_venv_wipe: True' --- roles/calibre-web/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 250deeaf6..4512e4e53 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -17,6 +17,7 @@ calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 +calibreweb_venv_wipe: True calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" From 02471e9402efcce1658c01d2c57c1596651bacc4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 14:21:30 -0500 Subject: [PATCH 0763/1184] calibre-web/tasks/install.yml: Enact calibreweb_venv_wipe & clone as nec --- roles/calibre-web/tasks/install.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 453a7f8bd..4f6ce8f65 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -27,10 +27,16 @@ line: ' <policy domain="coder" rights="read" pattern="PDF" />' state: present -- name: Remove previous virtual environment {{ calibreweb_venv_path }} +- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" file: path: "{{ calibreweb_venv_path }}" state: absent + when: calibreweb_venv_wipe + +- name: Does {{ calibreweb_venv_path }} exist? + stat: + path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + register: calibreweb_venv - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: @@ -41,7 +47,7 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + - "{{ calibreweb_venv_path }}" # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -50,13 +56,14 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 + when: not calibreweb_venv.stat.exists - name: If Calibre-Web is being enhanced with audio/video "books" too, install additional prereqs (CAN TAKE 3+ MINUTES, WIP) shell: | From da785cb8c4f7c027f1a6a0b001ec4d183128acd7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 14:24:45 -0500 Subject: [PATCH 0764/1184] New default 'calibreweb_venv_wipe: False' for TDD! --- roles/calibre-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 4512e4e53..1ae41bef8 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -17,7 +17,7 @@ calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 -calibreweb_venv_wipe: True +calibreweb_venv_wipe: False # 2024-12-04: NEW default TDD (Test-Driven Dev!) calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" From 5feecc022ec59c4bdfd8515a935d8c7df6cc20c0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 15:06:18 -0500 Subject: [PATCH 0765/1184] calibre-web/tasks/install.yml: Auto-upgrade xklb & yt-dlp for TDD --- roles/calibre-web/tasks/install.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 4f6ce8f65..5bc947a99 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,13 +65,17 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install additional prereqs (CAN TAKE 3+ MINUTES, WIP) +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs (CAN TAKE 3+ MINUTES, WIP) shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y - pipx install xklb - ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if lb --version; then + pipx upgrade --include-injected xklb + else + pipx install xklb + ln -sf /root/.local/bin/lb /usr/local/bin/lb + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper chmod a+x /usr/local/bin/lb-wrapper fi From 47da9a9cbaaf1983a2f1e269ac6cd3396adaa456 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 15:28:58 -0500 Subject: [PATCH 0766/1184] calibre-web/defaults/main.yml: Fix typo "2023-12-04" --- roles/calibre-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 1ae41bef8..d4b2765a4 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -17,7 +17,7 @@ calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 -calibreweb_venv_wipe: False # 2024-12-04: NEW default TDD (Test-Driven Dev!) +calibreweb_venv_wipe: False # 2023-12-04: NEW default TDD (Test-Driven Dev!) calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" From a546c5132aef0f7a661a18b34e21327a6267527e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 16:54:05 -0500 Subject: [PATCH 0767/1184] Recommend ansible-core 2.16.1 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 48d337b19..0caaaef87 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.0] -GOOD_VER=2.16.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.1] +GOOD_VER=2.16.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From af9597d5b25e4f2b7322e830ffb0f856a71e8283 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 17:11:07 -0500 Subject: [PATCH 0768/1184] iiab-install: Set MIN_ANSIBLE_VER=2.14.12 (2.13 EOL on 2023-11-06) --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index bc887d659..e09527224 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 9f00b7b41b69efe80641944b2b24c0dbee393c8e Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 18:01:55 -0500 Subject: [PATCH 0769/1184] validate_vars.yml: ansible-core 2.16.1 req 'loop' not 'with_items' w/ 'assert' templating --- roles/0-init/tasks/validate_vars.yml | 42 ++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 3617715dd..383f911a3 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -158,20 +158,38 @@ when: item != 'mysql' and item != 'postgresql' and item != 'mongodb' and item != 'nodejs' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" + +- name: Set vars_deprecated_list for 4+ vars ("XYZ_install") to be checked + set_fact: + vars_deprecated_list: + - dhcpd # Deprecated + - named # Deprecated + - wondershaper # Deprecated + - dansguardian # Deprecated + #- xo_services # Unmaintained + #- activity_server # Unmaintained + #- ejabberd_xs # Unmaintained + #- idmgr # Unmaintained + #- dokuwiki # Unmaintained + #- ejabberd # Unmaintained + #- elgg # Unmaintained + - name: 'DISALLOW "XYZ_install: True" if deprecated' assert: that: "{{ item }}_install is undefined or not {{ item }}_install" fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" quiet: yes - with_items: - - dhcpd # Deprecated - - named # Deprecated - - wondershaper # Deprecated - - dansguardian # Deprecated - #- xo_services # Unmaintained - #- activity_server # Unmaintained - #- ejabberd_xs # Unmaintained - #- idmgr # Unmaintained - #- dokuwiki # Unmaintained - #- ejabberd # Unmaintained - #- elgg # Unmaintained + loop: "{{ vars_deprecated_list }}" + # 2023-12-04: ansible-core 2.16.1 suddenly no longer allows 'assert' with + # 'with_items' below (whereas 'loop' construct above works!) BACKGROUND: + # + # 'due to mitigation of security issue CVE-2023-5764 in ansible-core 2.16.1, + # conditional expressions with embedded template blocks can fail with the + # message “Conditional is marked as unsafe, and cannot be evaluated.”' + # https://docs.ansible.com/ansible-core/2.16/porting_guides/porting_guide_core_2.16.html#playbook + # + # with_items: + # - dhcpd # Deprecated + # - named # Deprecated + # - wondershaper # Deprecated + # - dansguardian # Deprecated From a6bafe833a017db2e5e0c5b50039d12104410f35 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 5 Dec 2023 16:51:13 -0500 Subject: [PATCH 0770/1184] enable-or-disable.yml: Avoid NGINX symlink /library/www/html/calibre-web --- roles/calibre-web/tasks/enable-or-disable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/enable-or-disable.yml b/roles/calibre-web/tasks/enable-or-disable.yml index c15fda0da..493703dc7 100644 --- a/roles/calibre-web/tasks/enable-or-disable.yml +++ b/roles/calibre-web/tasks/enable-or-disable.yml @@ -27,7 +27,8 @@ shell: | if [ -f {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf ]; then cat {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf >> {{ nginx_conf_dir }}/calibre-web-nginx.conf - ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web + # 2023-12-05: Not needed as a result of PR iiab/calibre-web#57 + # ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web fi when: calibreweb_enabled From c2a1ad2e4685b446a7bb9f95d9cc02112dd22e0e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Dec 2023 22:59:18 -0500 Subject: [PATCH 0771/1184] Install /usr/local/bin/lb-wrapper.greedy for Calibre-Web testing --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5bc947a99..65d4ac69d 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -76,8 +76,8 @@ ln -sf /root/.local/bin/lb /usr/local/bin/lb ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi - cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper - chmod a+x /usr/local/bin/lb-wrapper + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ + chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From 1972f4763c54d7888676a8746a5af86dd98744ce Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Dec 2023 16:01:11 -0500 Subject: [PATCH 0772/1184] Recommend ansible-core 2.16.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0caaaef87..0a268c480 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.1] -GOOD_VER=2.16.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.2] +GOOD_VER=2.16.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 9bcbee3202b5596aba94cc757f23824d9f520185 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Dec 2023 16:02:51 -0500 Subject: [PATCH 0773/1184] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.13 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index e09527224..7b8738c4d 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From a4f9cba1bb7038bfa57ce77229a9397f1ce8f633 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 15 Dec 2023 16:58:17 -0500 Subject: [PATCH 0774/1184] nextcloud/tasks/install.yml: Mention Nextcloud 28.0.0 size/space --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 09b72749f..f8d47c6f5 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -125,7 +125,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~607 MB initially, sometimes ~643 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~652 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From c4738b007ed360a9f17fab9f9de231ce3943ffc3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Dec 2023 00:29:08 -0500 Subject: [PATCH 0775/1184] nextcloud/tasks/install.yml: Clarify install & upgrade realities --- roles/nextcloud/tasks/install.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f8d47c6f5..963045f4e 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -61,12 +61,15 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. -# 2023-03-21 & 2023-06-15: Check latest required AND recommended prereqs below. -# e.g. Nextcloud 26 now works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0 +# December 2023: Check latest required AND recommended prereqs below! +# e.g. Nextcloud 26 works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0; Nextcloud 28 works with PHP 8.3 # https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/26/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html +# https://docs.nextcloud.com/server/28/admin_manual/installation/ +# 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN +# gets badly stuck if its web-based upgrade process is attempted :/ +# https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From d70b36533508632b6b166ca096a17f5002ae55f3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Dec 2023 15:31:10 -0500 Subject: [PATCH 0776/1184] transmission/tasks/install.yml: Warn about 60+ min compile --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 20dc9a5f2..ae3c8cd72 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -37,7 +37,7 @@ force: yes # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - - name: Compile, install & remove detritus (CAN TAKE 50 MINUTES OR MORE ON A RASPBERRY PI 4!) + - name: Compile, install & remove detritus (CAN TAKE 60+ MINUTES ON RASPBERRY PI 4!) shell: | cd /opt/iiab/transmission git submodule update --init --recursive From c90c85acafd3f461b47b89b7051f7acb640555c7 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 16 Dec 2023 23:51:24 -0500 Subject: [PATCH 0777/1184] Use Wayland compositor's ~/.config/wayfire.ini to show pop-ups & browser on boot --- roles/iiab-admin/tasks/pwd-warnings.yml | 36 ++++++++-------- ...-iiab.sh.j2 => iiab-pwdwarn-profile.sh.j2} | 0 ...xde-iiab.sh.j2 => iiab-pwdwarn-wayfire.j2} | 0 roles/network/tasks/install.yml | 2 +- roles/network/tasks/netwarn.yml | 29 ++++++------- .../netwarn/{netwarn => iiab-netwarn} | 10 +++-- .../netwarn/netwarn-iiab-network.desktop | 2 +- roles/www_options/tasks/main.yml | 42 +++++++++++-------- 8 files changed, 67 insertions(+), 54 deletions(-) rename roles/iiab-admin/templates/{sshpwd-profile-iiab.sh.j2 => iiab-pwdwarn-profile.sh.j2} (100%) rename roles/iiab-admin/templates/{sshpwd-lxde-iiab.sh.j2 => iiab-pwdwarn-wayfire.j2} (100%) rename roles/network/templates/netwarn/{netwarn => iiab-netwarn} (72%) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index e63c8841b..c052c270c 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -2,34 +2,36 @@ # AND roles/network/tasks/netwarn.yml FOR iiab-network -- name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default +- name: Install /etc/profile.d/iiab-pwdwarn-profile.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default template: - src: sshpwd-profile-iiab.sh.j2 - dest: /etc/profile.d/sshpwd-profile-iiab.sh + src: iiab-pwdwarn-profile.sh.j2 + dest: /etc/profile.d/iiab-pwdwarn-profile.sh mode: '0644' -- name: Is /etc/xdg/lxsession/LXDE-pi a directory? +- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: - path: /etc/xdg/lxsession/LXDE-pi - register: lx + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini + register: wayfire_ini -- name: "If so, install from template: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh" +- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-wayfire" template: - src: sshpwd-lxde-iiab.sh.j2 - dest: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh + src: iiab-pwdwarn-wayfire.j2 + dest: /usr/local/sbin/iiab-pwdwarn-wayfire mode: '0755' - when: lx.stat.isdir is defined and lx.stat.isdir # and is_raspbian + when: wayfire_ini.stat.exists -# 2019-03-07: This popup (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) does +# 2019-03-07: This pop-up (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) did # not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop # (or pprompt.desktop as Raspbian has working since 2018-11-13!) Too bad as it -# would be really nice to standardize this popup across Ubermix & all distros.. +# would be really nice to standardize pop-ups across Ubermix & all distros... # Is this a permissions/security issue presumably? Official autostart spec is: # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /etc/xdg/lxsession/LXDE-pi/autostart to trigger popups - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - line: "@/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh" - when: lx.stat.isdir is defined and lx.stat.isdir # and is_raspbian +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger pop-ups + ini_file: + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin + section: autostart + option: iiab-pwdwarn-wayfire + value: /usr/local/sbin/iiab-pwdwarn-wayfire + when: wayfire_ini.stat.exists diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-profile.sh.j2 similarity index 100% rename from roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-profile.sh.j2 diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 similarity index 100% rename from roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index df473eae1..680b95233 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -99,7 +99,7 @@ - roles/network/templates/gateway/iiab-internet-on # Invoked by 1-prep (so full path needed) - roles/network/templates/gateway/iiab-internet-off # Invoked by 1-prep (so full path needed) -- name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' +- name: 'Install /usr/local/sbin/iiab-netwarn for pop-ups on boot, if iiab-network should be run' include_tasks: roles/network/tasks/netwarn.yml # Invoked by 1-prep (so full path needed) diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index c1f687e28..2ce6aaac0 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -1,21 +1,22 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/www_options/tasks/main.yml FOR browser -# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/netwarn but for -# ssh sessions (across all OS's/distros/window managers) might also make sense? +# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/iiab-netwarn but for +# shell / ssh logins (across all OS's/distros/window managers) might also make sense? -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? +- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_pi_autostart_present + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini + register: wayfire_ini -- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/local/sbin/netwarn$' - line: '/usr/local/sbin/netwarn' - when: lxde_pi_autostart_present.stat.exists +- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/wayfire.ini + ini_file: + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin + section: autostart + option: iiab-netwarn + value: /usr/local/sbin/iiab-netwarn + when: wayfire_ini.stat.exists # mate desktop detection based on 'register: nd_dir' in enable_services @@ -39,9 +40,9 @@ # (Let's insert those here if so, and refine the 'when:' line below.) -- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn' +- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/iiab-netwarn' template: - src: roles/network/templates/netwarn/netwarn # Invoked by 1-prep (so full path needed) + src: roles/network/templates/netwarn/iiab-netwarn # Invoked by 1-prep (so full path needed) dest: /usr/local/sbin/ mode: 0755 - when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir) + when: wayfire_ini.stat.exists or (mate_dir.stat.exists and mate_dir.stat.isdir) diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/iiab-netwarn similarity index 72% rename from roles/network/templates/netwarn/netwarn rename to roles/network/templates/netwarn/iiab-netwarn index a8f7a7916..617310646 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -1,8 +1,12 @@ #!/bin/bash -# CONFUSING BUT FYI: Commands below run *strictly sequentially* when this -# script (/usr/local/sbin/netwarn) is invoked by autostart during OS boot. -# This allows return codes to be meaningful, at each successive step. +# CONFUSING BUT FYI: Steps below run *strictly sequentially* when this script +# (/usr/local/sbin/iiab-netwarn) is run on boot, triggered by either autostart: +# https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html +# ...or by Wayland compositor Wayfire's ~/.config/wayfire.ini for RasPiOS 12+: +# https://github.com/WayfireWM/wayfire/wiki/Configuration#autostart +# +# This allows return codes ($rc) to be meaningful, at each successive step. # (As of July 2022, this is tested to work well with Ubuntu Mate and "Raspberry # Pi OS with desktop" on Raspberry Pi 4!) # diff --git a/roles/network/templates/netwarn/netwarn-iiab-network.desktop b/roles/network/templates/netwarn/netwarn-iiab-network.desktop index 35547ee41..f109f88b0 100644 --- a/roles/network/templates/netwarn/netwarn-iiab-network.desktop +++ b/roles/network/templates/netwarn/netwarn-iiab-network.desktop @@ -4,7 +4,7 @@ Comment[en_US]=iiab-network Name[en_CA]=iiab-network Comment[en_CA]=iiab-network Type=Application -Exec=/usr/local/sbin/netwarn +Exec=/usr/local/sbin/iiab-netwarn Hidden=false Name=iiab-network Comment=iiab-network diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index d41607982..1d5b642e0 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,29 +31,35 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) +- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_pi_autostart_present + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini + register: wayfire_ini -- name: Does /usr/bin/chromium exist? (check for browser filename change) +- name: Does /usr/bin/chromium-browser exist? stat: - path: /usr/bin/chromium - register: chromium_present + path: /usr/bin/chromium-browser + register: chromium_browser -- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium-browser' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: lxde_pi_autostart_present.stat.exists and not chromium_present.stat.exists +# - name: Does /usr/bin/chromium exist? (check for browser filename change) +# stat: +# path: /usr/bin/chromium +# register: chromium_present -- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium --disable-restore-session-state http://box/home' - when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists +- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini + ini_file: + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin + section: autostart + option: chromium-browser + value: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: wayfire_ini.stat.exists and chromium_browser.stat.exists + +# - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart +# lineinfile: +# path: /etc/xdg/lxsession/LXDE-pi/autostart +# regexp: '^/usr/bin/chromium' +# line: '/usr/bin/chromium --disable-restore-session-state http://box/home' +# when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists # 2022-12-29: php-settings.yml is ALSO attempted (on demand) by every From 16ef96f0f5e5a6d9e83bc76a1a216f1ad569ee43 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 00:42:18 -0500 Subject: [PATCH 0778/1184] nextcloud/tasks/install.yml: Clarify 655MB /library/www/nextcloud --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 963045f4e..a25dd59c1 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -128,7 +128,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~652 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~655 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 73f0fa6ff84d6007339d88a2aa5eb4d2d6c3f6e1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 07:16:59 -0500 Subject: [PATCH 0779/1184] Update iiab-netwarn explanation for PR #3685 --- roles/network/templates/netwarn/iiab-netwarn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/netwarn/iiab-netwarn b/roles/network/templates/netwarn/iiab-netwarn index 617310646..b20d18fc6 100755 --- a/roles/network/templates/netwarn/iiab-netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -11,8 +11,8 @@ # Pi OS with desktop" on Raspberry Pi 4!) # # IN CONTRAST: return codes below are NOT MEANINGFUL when this script is -# invoked from a regularly graphical desktop session -- so make sure to test -# during an actual OS boot-up, with autostart! +# invoked manually after boot from a regular graphical desktop session -- so +# make sure to test (either kind of) "autostart" during actual OS boot-up! if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then exit From 017e55a70aa450aca780b003b54de0de10fa9d7e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 12:29:53 -0500 Subject: [PATCH 0780/1184] moodle/tasks/install.yml: Update URL for cron doc --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index eb6ec62d5..19e53b9cc 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -174,7 +174,7 @@ # 2021-11-19: Resolves Moodle error https://github.com/iiab/iiab/issues/3024 - name: Set cron job to run /opt/iiab/moodle/admin/cli/cron.php every minute (* * * * *) in /var/spool/cron/crontabs/www-data -- per https://docs.moodle.org/310/en/Cron cron: - name: https://docs.moodle.org/310/en/Cron + name: https://docs.moodle.org/en/Cron user: www-data job: "/usr/bin/php /opt/iiab/moodle/admin/cli/cron.php >/dev/null" From 1a8fd72df684e35cf6a55a6a9c080f03bbdb14c9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 12:33:35 -0500 Subject: [PATCH 0781/1184] moodle/tasks/install.yml: Link to CLI upgrade instructions --- roles/moodle/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 19e53b9cc..343a8eb29 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -6,6 +6,9 @@ # 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini # (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) +# 2023-12-17: Upgrade instructions via CLI +# https://docs.moodle.org/en/Administration_via_command_line + - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: From a7b58da07944230d55f88a3d9f4473aee073407c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 12:40:23 -0500 Subject: [PATCH 0782/1184] moodle/tasks/install.yml: Concrete CLI upgrade example --- roles/moodle/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 343a8eb29..af1c25f81 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -8,6 +8,12 @@ # 2023-12-17: Upgrade instructions via CLI # https://docs.moodle.org/en/Administration_via_command_line +# +# cd /opt/iiab/moodle +# sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable +# git pull +# sudo -u www-data /usr/bin/php admin/cli/upgrade.php +# sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" From b0f1cccd372342f5a56678ac3ed25e7fbd2d01e1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 12:56:54 -0500 Subject: [PATCH 0783/1184] moodle/tasks/install.yml: Fix CLI upgrade example --- roles/moodle/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index af1c25f81..d9d25867f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -9,9 +9,10 @@ # 2023-12-17: Upgrade instructions via CLI # https://docs.moodle.org/en/Administration_via_command_line # +# EXAMPLE: # cd /opt/iiab/moodle # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull +# git pull https://github.com/moodle/moodle MOODLE_403_STABLE # sudo -u www-data /usr/bin/php admin/cli/upgrade.php # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From f8155c23afa0cf66590205bf47d983e1d6140efa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 13:45:55 -0500 Subject: [PATCH 0784/1184] moodle/tasks/install.yml: Refine Moodle CLI upgrade tips --- roles/moodle/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index d9d25867f..4b2709c3e 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -11,8 +11,9 @@ # # EXAMPLE: # cd /opt/iiab/moodle +# cp -p config.php ~/config.php.MOODLE_BKP # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull https://github.com/moodle/moodle MOODLE_403_STABLE +# git pull # OR IF NEC: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # OR RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . # sudo -u www-data /usr/bin/php admin/cli/upgrade.php # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From b5d3a7658a7e5f1c6ef37a330fdfac59a4718222 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 15:11:01 -0500 Subject: [PATCH 0785/1184] moodle/tasks/install.yml: Clarify 'git pull' options for CLI upgrade --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4b2709c3e..f59be7a47 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -13,7 +13,7 @@ # cd /opt/iiab/moodle # cp -p config.php ~/config.php.MOODLE_BKP # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull # OR IF NEC: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # OR RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . +# git pull # Might fail due to original clone with '--depth 1' ? So this too may fail: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # IF SO, RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . # sudo -u www-data /usr/bin/php admin/cli/upgrade.php # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From 120a5701b9965e17c0533a9d424faaa7763640f7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Dec 2023 13:22:22 -0500 Subject: [PATCH 0786/1184] 1-prep/templates/iiab-expand-rootfs: Clarify partition shrinking/expanding --- roles/1-prep/templates/iiab-expand-rootfs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index f6c75b46e..89d2bd552 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -8,10 +8,16 @@ # Verifies that rootfs is the last partition. +# RELATED: +# 1. https://github.com/iiab/iiab-factory/blob/master/box/rpi/min-sd +# 2. https://github.com/iiab/iiab-factory/blob/master/box/rpi/cp-sd +# 3. https://github.com/iiab/iiab-factory/blob/master/box/rpi/xz-json-sd +# OR https://github.com/iiab/iiab-factory/blob/master/box/rpi/exp-sd + if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then echo "$0: Expanding rootfs partition" - if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS + if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS -- WARNING: their fdisk-centric approach of course FAILS with "Hybrid MBR" or GPT partition tables, as required by any drive > 2TB :/ # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config # 2023-10-05: Official new RPi instructions: @@ -35,7 +41,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then fi # Expand partition - growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? + growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk (assuming MBR). They really should transition to gdisk, as required by any drive > 2TB. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? rc=$? # Make Return Code visible, for 'bash -x' resize2fs $ROOT_PART rc=$? # Make RC visible (as above) From d46d5d12d799eadcd87bd7fb7bf2d3e57017a1a2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 20 Dec 2023 10:31:13 -0500 Subject: [PATCH 0787/1184] moodle/tasks/install.yml: Clarify CLI-based Moodle upgrade tips --- roles/moodle/tasks/install.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index f59be7a47..7a33421ae 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -11,10 +11,13 @@ # # EXAMPLE: # cd /opt/iiab/moodle -# cp -p config.php ~/config.php.MOODLE_BKP # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull # Might fail due to original clone with '--depth 1' ? So this too may fail: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # IF SO, RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . -# sudo -u www-data /usr/bin/php admin/cli/upgrade.php +# cd /opt/iiab +# mv moodle moodle.bkp +# git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 # As a regular 'git pull' will likely fail, due to original clone's '--depth 1' -- but no worries: total clone download is just ~100 MB, which expands to ~400 MB +# cp moodle.bkp/config.php moodle/ +# cd moodle +# sudo -u www-data /usr/bin/php admin/cli/upgrade.php # Or later log in to Moodle, to complete the upgrade (i.e. click "Continue" 4-5 times) # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From a7ed9f7dcd152b185944ce24d14ba1805f1820f2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:28:38 -0500 Subject: [PATCH 0788/1184] www_options/tasks/php-settings.yml: Set 2 vars to 10000M when nginx_high_php_limits or moodle_install or nextcloud_install --- roles/www_options/tasks/php-settings.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 3cdd2b887..46955cf16 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -52,7 +52,7 @@ # And in the past it used: .../apache2/php.ini -- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -66,7 +66,7 @@ - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -81,28 +81,28 @@ when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install or nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } From d4846589eaf8411788a6b3c3bf47bbabd3501713 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 21 Dec 2023 13:55:43 -0500 Subject: [PATCH 0789/1184] mediawiki/defaults/main.yml: New version 1.41.0 --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index ddad4f10c..77a233ac1 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 1 +mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 2261c6c9f0bf0efedb0a2225d76296f9ea2b771f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 05:17:45 -0500 Subject: [PATCH 0790/1184] nextcloud/tasks/install.yml: Clarify need for manual upgrade --- roles/nextcloud/tasks/install.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index a25dd59c1..0aafe7426 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -67,9 +67,12 @@ # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html # https://docs.nextcloud.com/server/28/admin_manual/installation/ + # 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN -# gets badly stuck if its web-based upgrade process is attempted :/ +# gets badly stuck (PHP timeouts, leading to FALSE instructions erroneously +# asking tou to wait) if its web-based upgrade process is attempted :/ # https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html + - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From f8748e12fb05e4edd3b26c8b38cb3fa59336398a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 08:40:02 -0500 Subject: [PATCH 0791/1184] pbx/README.adoc: Sadly PHP 7.4 still required --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 727118015..a69906f01 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,9 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of December 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) &mdash; sadly this remains true in December 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From efc3b2fa87003bf07f7e672d919dd775e069e605 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 09:49:58 -0500 Subject: [PATCH 0792/1184] nextcloud/tasks/install.yml: Typo in CLI upgrade tips --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0aafe7426..d82f040bb 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -70,7 +70,7 @@ # 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN # gets badly stuck (PHP timeouts, leading to FALSE instructions erroneously -# asking tou to wait) if its web-based upgrade process is attempted :/ +# asking you to wait) if its web-based upgrade process is attempted :/ # https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) From edc08173b3a1d7555bb4bed199df39f0bd3f2a9e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 10:01:33 -0500 Subject: [PATCH 0793/1184] iiab-admin/tasks/pwd-warnings.yml: Clarify ~/.config/wayfire.ini --- roles/iiab-admin/tasks/pwd-warnings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index c052c270c..46d091bec 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -28,7 +28,7 @@ # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger pop-ups +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger iiab-pwdwarn-wayfire (& pop-up as nec) ini_file: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin section: autostart From 4c8baa3b170a584e92a15691ce557b60b8fa9420 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 15:25:44 -0500 Subject: [PATCH 0794/1184] calibre-web/README.rst --- roles/calibre-web/README.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index f947c4a02..f9993ae65 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,6 +25,10 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! +**NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ +**then you can also add YouTube and Vimeo videos (ETC!) to your community's or +family's learning library!** + .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg 🍒 GURU TIPS 🍒 From a120f79ed54766c1ac56d933b1f4f4db8852366d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 15:29:49 -0500 Subject: [PATCH 0795/1184] calibre-web/README.rst: Link to new IIAB's DIY Video Library --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index f9993ae65..9aa3992ab 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -26,7 +26,7 @@ Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! **NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ -**then you can also add YouTube and Vimeo videos (ETC!) to your community's or +**then you can also add YouTube and Vimeo videos (ETC) to your community's or family's learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 4ed99abf6e55746b05ab484ee4883e52e608a9d9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 17:27:42 -0500 Subject: [PATCH 0796/1184] calibre-web/README.rst: Grammar fix --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9aa3992ab..807eba1b8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -26,7 +26,7 @@ Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! **NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ -**then you can also add YouTube and Vimeo videos (ETC) to your community's or +**then you can also add YouTube and Vimeo videos (ETC) to your community or family's learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 1b4456377770ab0f9693a2787a1c52eb22841303 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 24 Dec 2023 09:05:30 -0500 Subject: [PATCH 0797/1184] calibre-web/tasks/install.yml: Disk footprints for /usr/local/calibre-web-py3 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 65d4ac69d..30e7bc288 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From 7b7e17491fa9bfa0216d83ecfc3bebeee827a6fc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 27 Dec 2023 07:47:36 -0500 Subject: [PATCH 0798/1184] transmission/README.rst: Clarify we compile 4.0.5+ --- roles/transmission/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 944f3883f..9907c63d8 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -22,7 +22,7 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t 2023 Caution ------------ -In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. +In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.5+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in early 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). From 624827ea15abda5d35412519e3705c96a2170ffb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 30 Dec 2023 19:05:09 -0500 Subject: [PATCH 0799/1184] calibre-web/tasks/install.yml: Fix yt-dlp pipx path --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 30e7bc288..75474a33c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -74,7 +74,7 @@ else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy From a06ec8c88ef28d49ac638c6e62ee5cca26b11347 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 19:25:04 -0500 Subject: [PATCH 0800/1184] transmission/README.rst: Transmission 4.x Preview (Optional) --- roles/transmission/README.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 9907c63d8..727197b56 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -19,14 +19,14 @@ Transmission is intended to download content like KA Lite to Internet-in-a-Box ( For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO -2023 Caution ------------- +Transmission 4.x Preview (Optional) +----------------------------------- -In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.5+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. +2023-12-31: To make the `latest Transmission features <https://github.com/transmission/transmission/commits/main>`_ available to you, Internet-in-a-Box can compile the very latest (above and beyond `Transmission 4.x+ official releases <https://github.com/transmission/transmission/releases>`_). Just note this can take most of an hour, and is not without risk! -Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in early 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). +If you decide you want this, set ``transmission_compile_latest: True`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing Transmission, as explained below. -Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. +NOTE: Later in 2024, fast auto-installation of `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again hopefully become mainline (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_) just as in recent years with Transmission 3.0 (originally from May, 2020). .. Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") From 16d21c9d2d2cf7114c23d3a1ac34f1d37994cd3c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 19:29:24 -0500 Subject: [PATCH 0801/1184] Change default to 'transmission_compile_latest: False' --- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 96fd188d4..ab6c3211b 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -1,7 +1,7 @@ # Transmission is a BitTorrent downloader for large Content Packs etc # transmission_install: False # transmission_enabled: False -# transmission_compile_latest: True +# transmission_compile_latest: False # transmission_username: Admin # transmission_password: changeme diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bfdd2eee3..bbfee1525 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -544,7 +544,7 @@ sugarizer_port: 8089 # Transmission is a BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False -transmission_compile_latest: True +transmission_compile_latest: False transmission_username: Admin transmission_password: changeme diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index d5e014e61..9059d9ca0 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -321,7 +321,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 21ba95409..dcf291dd1 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -321,7 +321,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 2df6b1655..88c2c2a89 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -321,7 +321,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 07367888e..5b82be988 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -321,7 +321,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: From ff3b23376b13c41eb4529a237415f183f6a30785 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 20:23:44 -0500 Subject: [PATCH 0802/1184] Desupport Bullseye (Debian 11, RasPiOS 11) & Ubuntu 23.04 --- scripts/local_facts.fact | 10 +++++----- vars/{debian-11.yml => debian-11.yml.unused} | 0 vars/default_vars.yml | 12 ++++++------ vars/{raspbian-11.yml => raspbian-11.yml.unused} | 0 vars/{ubuntu-2304.yml => ubuntu-2304.yml.unused} | 0 5 files changed, 11 insertions(+), 11 deletions(-) rename vars/{debian-11.yml => debian-11.yml.unused} (100%) rename vars/{raspbian-11.yml => raspbian-11.yml.unused} (100%) rename vars/{ubuntu-2304.yml => ubuntu-2304.yml.unused} (100%) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index aab8e81a2..24a3f044e 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -63,6 +63,7 @@ OS_VER="$OS-$VERSION_ID" #"debian-8" | \ #"debian-9" | \ #"debian-10" | \ + #"debian-11" | \ #"ubuntu-16" | \ #"ubuntu-17" | \ #"ubuntu-18" | \ @@ -71,24 +72,23 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2104" | \ #"ubuntu-2110" | \ #"ubuntu-2210" | \ + #"ubuntu-2304" | \ #"linuxmint-20" | \ #"raspbian-8" | \ #"raspbian-9" | \ #"raspbian-10" | \ + #"raspbian-11" | \ -# 2021-09-27: With Debian 12 (Bookworm) pre-releases, please manually add -# this line to its /etc/os-release before installing IIAB: VERSION_ID="12" +# 2023-12-31: With Debian 13 (Trixie) pre-releases, please manually add +# this line to its /etc/os-release before installing IIAB: VERSION_ID="13" case $OS_VER in - "debian-11" | \ "debian-12" | \ "debian-13" | \ "ubuntu-2204" | \ - "ubuntu-2304" | \ "ubuntu-2310" | \ "ubuntu-2404" | \ "linuxmint-21" | \ - "raspbian-11" | \ "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install diff --git a/vars/debian-11.yml b/vars/debian-11.yml.unused similarity index 100% rename from vars/debian-11.yml rename to vars/debian-11.yml.unused diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bbfee1525..3654e2eee 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -777,12 +777,12 @@ is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS is_ubuntu: False # Covers: Ubuntu, Linux Mint is_ubuntu_2404: False is_ubuntu_2310: False -is_ubuntu_2304: False -is_ubuntu_2210: False +#is_ubuntu_2304: False +#is_ubuntu_2210: False is_ubuntu_2204: False #is_ubuntu_2110: False #is_ubuntu_2104: False -is_ubuntu_2004: False +#is_ubuntu_2004: False #is_ubuntu_19: False #is_ubuntu_18: False #is_ubuntu_17: False @@ -790,19 +790,19 @@ is_ubuntu_2004: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_21: False -is_linuxmint_20: False +#is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) is_debian_13: False is_debian_12: False -is_debian_11: False +#is_debian_11: False #is_debian_10: False #is_debian_9: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) is_raspbian_12: False -is_raspbian_11: False +#is_raspbian_11: False #is_raspbian_10: False #is_raspbian_9: False #is_raspbian_8: False diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml.unused similarity index 100% rename from vars/raspbian-11.yml rename to vars/raspbian-11.yml.unused diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml.unused similarity index 100% rename from vars/ubuntu-2304.yml rename to vars/ubuntu-2304.yml.unused From 3dd3d868ad94bd063caccb26dbb26398cb774c9a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 21:00:11 -0500 Subject: [PATCH 0803/1184] kalite/tasks/install.yml: Tough aging vars is_debian_11, is_ubuntu_2204 --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 7df40364d..bcf667d43 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -22,7 +22,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_debian_11 or is_ubuntu_2204 # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: (is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204) # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. @@ -37,7 +37,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: not ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 From 0b53b959211c47faff96aa4e35698aa4755d5ebf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 21:19:22 -0500 Subject: [PATCH 0804/1184] matomo/tasks/install.yml: "Download and Extract (~3 min)" --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 1df6c32b4..7de697f49 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -67,7 +67,7 @@ priv: "{{ matomo_db_name }}.*:ALL" #login_unix_socket: /var/run/mysqld/mysqld.sock -- name: Download and Extract Matomo (~1 min) +- name: Download and Extract Matomo (~3 min) unarchive: src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz dest: "{{ matomo_path }}" # e.g. /library/www From fcb17974136eada8f4843d6d031e2ccdb844a330 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 21:39:27 -0500 Subject: [PATCH 0805/1184] LICENSING.md: Update date --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index 53bc9d1ef..33776a06e 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2022, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2024, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From aba3cde8e46dc605f5f73834e3f1205f939bc586 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 22:56:48 -0500 Subject: [PATCH 0806/1184] default_vars.yml: Launch 8.2 release cycle --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3654e2eee..ff422e820 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.1 +iiab_base_ver: 8.2 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From ebf35d9680a633f4ddc39962b4aedef12e5859ad Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 23:37:51 -0500 Subject: [PATCH 0807/1184] Calibre-Web w/ experimental support for video/audio/images --- roles/calibre-web/README.rst | 6 +++--- roles/calibre-web/defaults/main.yml | 2 +- roles/calibre-web/tasks/install.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 807eba1b8..a31e0b5ff 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,9 +25,9 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! -**NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ -**then you can also add YouTube and Vimeo videos (ETC) to your community or -family's learning library!** +**NEW AS OF JANUARY 2024: `IIAB's experimental new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ +**also lets you add YouTube and Vimeo videos (and local videos, e.g. from +teachers' phones) for indigenous/local/family learning libraries!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index d4b2765a4..3e99725a9 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -14,7 +14,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -calibreweb_repo_url: https://github.com/janeczku/calibre-web +calibreweb_repo_url: https://github.com/iiab/calibre-web # Or use upstream: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 calibreweb_venv_wipe: False # 2023-12-04: NEW default TDD (Test-Driven Dev!) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 75474a33c..51968b469 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -58,7 +58,7 @@ - name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: - repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web + repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing From 7887e4f8cb9ceb575b4ef16bc7698f8dd4224e42 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 23:57:58 -0500 Subject: [PATCH 0808/1184] Touch up calibre-web/README.rst --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index a31e0b5ff..42162c818 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,9 +25,9 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! -**NEW AS OF JANUARY 2024: `IIAB's experimental new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ +**NEW AS OF JANUARY 2024:** `IIAB's experimental new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ **also lets you add YouTube and Vimeo videos (and local videos, e.g. from -teachers' phones) for indigenous/local/family learning libraries!** +teachers' phones) to expand your indigenous/local/family learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 71220324f3b1e1947b82bac00e67f2dd6d2f2efa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 1 Jan 2024 13:09:15 -0500 Subject: [PATCH 0809/1184] default_vars.yml: Install/enable Calibre-Web --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ff422e820..a2d202156 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -654,8 +654,8 @@ minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }} minetest_flat_world: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) From 0cbbd09db8bd2d80e5f54621fa6d432982cc56aa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 1 Jan 2024 13:09:56 -0500 Subject: [PATCH 0810/1184] local_vars_small.yml: Install/enable Calibre-Web --- vars/local_vars_small.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 88c2c2a89..c55fb4cc7 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -393,8 +393,8 @@ minetest_install: False minetest_enabled: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) From 40c2c71f521d431d395a84cfe2ada2abaf45a2c2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Jan 2024 23:23:15 -0500 Subject: [PATCH 0811/1184] calibre-web/tasks/install.yml: lb-wrapper.greedy gone! --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 51968b469..6a960b1b0 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -76,8 +76,8 @@ ln -sf /root/.local/bin/lb /usr/local/bin/lb ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi - cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ - chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ + chmod a+x /usr/local/bin/lb-wrapper fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From cc9d791f6caa2c6b65e35ff6673035c1acb41fd0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Jan 2024 23:30:05 -0500 Subject: [PATCH 0812/1184] calibre-web/tasks/install.yml: Link to wiki explanation --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 6a960b1b0..4a68ae34f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,7 +65,7 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs (CAN TAKE 3+ MINUTES, WIP) +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y From 9570f8d117139d42d9cf40be2ac3240909c0bb97 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Jan 2024 23:38:21 -0500 Subject: [PATCH 0813/1184] calibre-web/tasks/install.yml: Clarify wiki for PR #3696 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 4a68ae34f..5f055d3e7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,7 +65,7 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- https://github.com/iiab/calibre-web/wiki +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y From 1c432530620d35df300ea41e76017b67292dee79 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jan 2024 14:20:40 -0500 Subject: [PATCH 0814/1184] iiab-diagnostics: Show Calibre-Web "version" i.e. ~50 recent commits --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index adbaa73ea..dc758a42a 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -228,6 +228,7 @@ cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' +cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From fea5f9ccba3a79f00a8e2035fbfa877ac5fec77a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jan 2024 14:31:32 -0500 Subject: [PATCH 0815/1184] iiab-diagnostics: Add 3 more "log files" for Calibre-Web --- scripts/iiab-diagnostics | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index dc758a42a..d499f541a 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,9 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'journalctl -u calibre-web | tail -50' 'Calibre-Web systemd log' +cat_tail /var/log/calibre-web.log 100 +cat_tail /var/log/xklb.log 100 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From bed26162cf2b2531ad7c19616cd79fd4329dff42 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jan 2024 14:37:00 -0500 Subject: [PATCH 0816/1184] iiab-diagnostics: Also include 'systemctl status calibre-web' --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d499f541a..f1a9881f1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,7 +229,8 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' -cat_cmd 'journalctl -u calibre-web | tail -50' 'Calibre-Web systemd log' +cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' +cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 cat_tail /var/log/xklb.log 100 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' From d932684a115671147408e0f1f6bf4c9f54f2d382 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jan 2024 18:12:15 -0500 Subject: [PATCH 0817/1184] iiab-diagnostics.README.md: Fix line number for PR #3697 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 7216e8feb..e2b0aef85 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-254 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 5a443993000371a9dea05479cfd91689f7f69c81 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 Jan 2024 12:23:57 -0500 Subject: [PATCH 0818/1184] Update pbx/README.adoc w/ latest FreePBX 17 BETA tips / warning --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a69906f01..d4f831847 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,9 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of December 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) &mdash; sadly this remains true in December 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 4ae5991cb3c36398c655469a2f4730b86d739193 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 Jan 2024 12:36:02 -0500 Subject: [PATCH 0819/1184] pbx/README.adoc: WARN re: PHP 7 danger & unsupported/old OS's --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index d4f831847..41d57eb96 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 524709f31a37574917c0c7f1139237e8b84238b9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 Jan 2024 23:55:38 -0500 Subject: [PATCH 0820/1184] iiab-diagnostics: 300 last lines of xklb.log for now --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f1a9881f1..2c11b25d2 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -232,7 +232,7 @@ cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | h cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 -cat_tail /var/log/xklb.log 100 +cat_tail /var/log/xklb.log 300 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From 595de4e7f235ecd1f2b22aa94d33e986b5c4077f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 18 Jan 2024 22:35:58 -0500 Subject: [PATCH 0821/1184] Update (almost 10!) Calibre-Web app.db defaults --- roles/calibre-web/files/app.db | Bin 126976 -> 126976 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/roles/calibre-web/files/app.db b/roles/calibre-web/files/app.db index 01c0f038338a22ada9d7caaceb4b65880e84d183..3183544da1e04b9e5cb998dcbc2ea954dbfc8e9e 100644 GIT binary patch delta 659 zcmZ{g!Hd&S5QpC+scqc0uSHPA6>G)ILc+_-%WGZ{c7rF+)#IW`HeriN8*GsUS-L?y zc(a1`DtqwaDeED4T2CH5>|N=9V7<F&svy$Exz0DgZ)OhW<%4<o#TD3|uHP<gBmL1~ zw)19Kk#HN~DQ;)!MLdZm72Uh3s*Y3fT}D{QgvLE9)R-%{W>ev7lpCQRm|hq%em5A6 zTfN;N3R{#C$~0nVhG-GmHF%d8x?m>ntadtGX6u{^L1_$2UFElqo5Z?r`JTosv+#Ld zpb28z8ez=mgn7cU{C|ALiqGmYu5&><wz<+Nd|WS*OvVqB<Y=KZstQgJ{(?W?S2)Si z2Y7NrIfnqiktONubg^x*n;>m@38@8imMILvFqqkv3PuH|be5r(P6@Y#aUGV7>XiP* zH2?gp)1|by!R`?2D1lZE1WH6HqgpvjPpi_i$FuV>TmvcJh@k;8e3kQC1NaP5eUYUR z&i5wpoUGw}B-L|N&v7qH-_>b)8Jg(Qrj*{PHRTJnqM8+FC+-hM<G_u^yZw<j96sC% z_S`s$0^J|Rv)9MqRpjqK-6(ppKkFUChJp}!I!z}p7fP;tgj2kRe;^5;Ap8xVyobgo ctgp+P>VG4v@>LiNw}RO1M^cfcyq!bi7cVWOMF0Q* delta 195 zcmZp8z~1nHeS$Qj$3z)tRu2Zfq6HgM7UXYcY50@BXoA3|4=e&e_Fw(&j0TLX1}q#5 zyc`=F|M4)jmQLr)Wt3-R+^(6+D8R_X#IW5akMSJi#>PDU?G^Qmod(<t3=B;C!3_Mh z{J|R=-T9{n?`PDKY-C^*WDw_NYV_n4WESQH0znSPl-$g`=`Z&&CUG!){GXVUQ(e35 s03)LS#Dw<@{D1i0Z)OyD%rD5pEX$ae?~t0Cn3==G%*@NV>;a<y0QB`Zr2qf` From 2ed820777d3d06d6ae5c5da971bc08f9b5a9f03a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 Jan 2024 13:45:17 -0500 Subject: [PATCH 0822/1184] iiab-diagnostics: Pipe everything thru 'cat -v' so control chars visible --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 2c11b25d2..4a56837e5 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -49,11 +49,11 @@ function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail elif [ $# -eq 1 ]; then echo >> $outfile # Redact (mask) most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/*, /etc/NetworkManager/system-connections/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') - cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' "$1" | iconv -t UTF-8//IGNORE | cat -v >> $outfile else # e.g. last 100 lines, maximum echo " ...ITS LAST $2 LINES FOLLOW..." >> $outfile echo >> $outfile - tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE | cat -v >> $outfile fi echo >> $outfile elif [ -h "$1" ]; then From bd340aa6735af1054c6e3b47b4288a19508e29a7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 20 Jan 2024 14:53:24 -0500 Subject: [PATCH 0823/1184] iiab-diagnostics: sudo git log for Calibre-Web version --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 4a56837e5..0b979fcd3 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -228,7 +228,7 @@ cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' -cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorate | head -50' 'Calibre-Web version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 From 961acf9454c77165d19303819528c96494ab1364 Mon Sep 17 00:00:00 2001 From: tim-moody <tim@timmoody.com> Date: Sun, 21 Jan 2024 10:46:33 -0500 Subject: [PATCH 0824/1184] another auto install of a pet project --- vars/local_vars_none.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 871068689..6b3876fe8 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -11,3 +11,5 @@ awstats_enabled: False matomo_install: False matomo_enabled: False captiveportal_install: False +calibreweb_install: False +calibreweb_enabled: False From 6776c1d4a56da74766fdebf6332e1f9173a421d3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 29 Jan 2024 15:57:24 -0500 Subject: [PATCH 0825/1184] Recommend ansible-core 2.16.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0a268c480..3ef87dddd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.2] -GOOD_VER=2.16.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.3] +GOOD_VER=2.16.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From a852541ad4400322b7a984957347013a1033fa6e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 9 Feb 2024 08:48:23 -0500 Subject: [PATCH 0826/1184] 1-prep/tasks/hardware.yml: Comment out "NUC6" WiFi driver --- roles/1-prep/tasks/hardware.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 89efd2453..52ef34a97 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -7,17 +7,18 @@ when: first_run and rpi_model != "none" -- name: Check if the identifier for Intel's NUC6 built-in WiFi is present - shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" - register: usb_NUC6 - ignore_errors: True - -- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 - get_url: - url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages - dest: /lib/firmware - timeout: "{{ download_timeout }}" - when: usb_NUC6.stdout|int > 0 +# 2024-02-09: Code below appears stale for Shanti's #3707 hardware +#- name: Check if the identifier for Intel's NUC6 built-in WiFi is present +# shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" +# register: usb_NUC6 +# ignore_errors: True +# +#- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 +# get_url: +# url: "{{ iiab_download_url }}/Old/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages +# dest: /lib/firmware +# timeout: "{{ download_timeout }}" +# when: usb_NUC6.stdout|int > 0 - name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5" From 3455b6b848a951c82aee4b072c197aa437424db1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 20 Feb 2024 16:48:30 -0500 Subject: [PATCH 0827/1184] kolibri/tasks/main.yml: New pre-release option (kolibri-deb-next) --- roles/kolibri/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index d1529fb60..9d0f786af 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,8 +26,10 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2022-07-30: UNCOMMENT THE FOLLOWING LINE TO TEST A PARTICULAR .deb INSTALL +# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +# 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 +# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next # 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release: # https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb # From efc9705b1ab10ab217cb6eebbbd36cb4cc2cfb13 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 16:19:27 -0500 Subject: [PATCH 0828/1184] 2 ugly hacks for FreePBX 17: ignore 'install -n' error code & bypass 'fwconsole reload' --- roles/pbx/tasks/freepbx.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 8ca2cd83f..6564a26fe 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -256,15 +256,17 @@ args: chdir: "{{ freepbx_src_dir }}" #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx + ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 of 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 - name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!) command: fwconsole ma downloadinstall framework -# ERROR IF RUN BELOW: "Unable to connect to remote asterisk" -- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 - command: fwconsole reload +# 2024-02-25: UGLY / TEMPORARY WORKAROUND #2 OF 2, to bypass... 'In DialplanHooks.class.php line 163: Undefined array key "DialplanHooks"' -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 +## ERROR IF RUN BELOW: "Unable to connect to remote asterisk" +#- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +# command: fwconsole reload # DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 # YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 From 7c24fcc69536d3c475750b2f7421c5740903cb39 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 16:21:20 -0500 Subject: [PATCH 0829/1184] freepbx.yml: Consistent uppercase, documenting 2 hack/workarounds --- roles/pbx/tasks/freepbx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 6564a26fe..d472e9610 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -256,7 +256,7 @@ args: chdir: "{{ freepbx_src_dir }}" #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx - ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 of 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 + ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 OF 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 From 98d51224040af179f372f28f12e3b08b031eaf07 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 17:23:31 -0500 Subject: [PATCH 0830/1184] 18+1 FreePBX modules appear unchanged since May 2022 --- roles/pbx/tasks/freepbx.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index d472e9610..1bba7773c 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -270,7 +270,8 @@ # DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 # YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 -- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! +# NOTHING CHANGED (?) FEB 2024: https://github.com/iiab/iiab/pull/3675#issuecomment-1963081323 +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-17.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail From 65d6f9255e1acc0f8d2b2d95bb7d44f4d5bc6c1b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 17:26:27 -0500 Subject: [PATCH 0831/1184] WARNING: FreePBX 17.0 branch is still in flux! --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f7173c2b3..f0cb38124 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -32,7 +32,7 @@ asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # STILL IN FLUX AS OF FEB 2024: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From b5f3f44e96d3a6bc79df95b4f69534ef5c9584f8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 18:03:58 -0500 Subject: [PATCH 0832/1184] pbx/README.adoc: Require PHP 8.x (desupport EOL'd PHP 7.4!) --- roles/pbx/README.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 41d57eb96..7c040d3f3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,11 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required. +//// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* +//// //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From e6bf0ef177214b42f4674a29e828a34121505a28 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 18:05:49 -0500 Subject: [PATCH 0833/1184] pbx/README.adoc: Link to PR #3675 (Asterisk 21 & FreePBX 17) --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7c040d3f3..d99f0df82 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required. +As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* From 7991d486143da462e38eb09109ebbb657ae7a5d4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:10:47 -0500 Subject: [PATCH 0834/1184] default_vars.yml: Update PBX tips --- vars/default_vars.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a2d202156..912a83de3 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -684,7 +684,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 731829f199a6f4455c8975b2f433f755a223257f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:11:25 -0500 Subject: [PATCH 0835/1184] local_vars_unittest.yml: Update PBX tips --- vars/local_vars_unittest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 5b82be988..19c47ca74 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 586364bd8921629789f4c95a4c16804deb90053b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:12:04 -0500 Subject: [PATCH 0836/1184] local_vars_small.yml: Update PBX tips --- vars/local_vars_small.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index c55fb4cc7..a366e2863 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 5320b4e89164288963cb838747d1a9ee12920ff8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:12:43 -0500 Subject: [PATCH 0837/1184] local_vars_medium.yml: Update PBX tips --- vars/local_vars_medium.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index dcf291dd1..aa142dcc9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From ddfc2b003a998a4766979aff0d62d08ef139ddad Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:13:27 -0500 Subject: [PATCH 0838/1184] local_vars_large.yml: Update PBX tips --- vars/local_vars_large.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 9059d9ca0..3903530ed 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 7a6ca9673879022cb962a8b949a5fbc88537c8e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 26 Feb 2024 09:36:24 -0500 Subject: [PATCH 0839/1184] runrole: Clarify/correct local_vars.yml warning --- runrole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runrole b/runrole index ad1387e2c..4e8657208 100755 --- a/runrole +++ b/runrole @@ -39,7 +39,7 @@ fi mkdir -p /etc/iiab # -p avoids errors, effectively like '|| true' if [ ! -f /etc/iiab/local_vars.yml ]; then - echo -e "\n\e[1mEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 + echo -e "\n\e[1mEXITING: /opt/iiab/iiab/runrole REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 From c3e7b4c10402a73d3cebfc35166e24e2975421e0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:53:58 -0500 Subject: [PATCH 0840/1184] Recommend ansible-core 2.16.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 3ef87dddd..898d57599 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.3] -GOOD_VER=2.16.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.4] +GOOD_VER=2.16.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 918758fbe9292ab50e1e966e0cff8752f72a14df Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 00:52:48 -0600 Subject: [PATCH 0841/1184] U2404 python2 --- scripts/U2404_python2.sh | 45 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 scripts/U2404_python2.sh diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh new file mode 100644 index 000000000..7721ccf01 --- /dev/null +++ b/scripts/U2404_python2.sh @@ -0,0 +1,45 @@ +!/bin/bash +export DEBIAN_FRONTEND=noninteractive + +cat << EOF > /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe +EOF + +apt update + +apt -y --allow-downgrades install python3.11=3.11.0~rc1-1~22.04 python3.11-minimal=3.11.0~rc1-1~22.04 libpython3.11-stdlib=3.11.0~rc1-1~22.04 libpython3.11-minimal=3.11.0~rc1-1~22.04 +apt-mark hold python3.11 python3.11-minimal libpython3.11-stdlib libpython3.11-minimal + +apt -y --allow-downgrades install python3-platformdirs=2.5.1-1 +apt-mark hold python3-platformdirs + +apt -y install python2 +apt -y install python2-pip-whl python2-setuptools-whl + +apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 +apt-mark hold python3-pip-whl + +apt -y --allow-downgrades install python3-virtualenv=20.13.0+ds-2 +apt-mark hold python3-virtualenv + +apt -y --allow-downgrades install virtualenv=20.13.0+ds-2 +apt-mark hold virtualenv + +virtualenv --always-copy --pip 20.3.4 --setuptools 44.1.1 --no-wheel -p python2.7 /usr/local/kalite/venv + +cd /usr/local/kalite/venv +source bin/activate +bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir +deactivate + +apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` +apt-mark unhold `apt-mark showhold` + +rm /etc/apt/sources.list.d/python2.list + +apt -y remove libmpdec3 python3-pip python3-wheel + +apt update +apt -y upgrade + From 3ae591a035a3877c7742c87e3de4a00a10d9fc8d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 00:55:09 -0600 Subject: [PATCH 0842/1184] U2404 python2 --- roles/kalite/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index bcf667d43..e2f44897b 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -48,6 +48,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" + when: ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) @@ -60,6 +61,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) + +- name: Use scripts/U2404_python2.sh to install python2 and virtualenv + command: "{{ iiab_dir }}/scripts/U2404_python2.sh" + when: (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: From 5fc495259539049c52bf61f41c0407200852ba22 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 01:28:11 -0600 Subject: [PATCH 0843/1184] U2404 python2 role --- scripts/U2404_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index 7721ccf01..9c6f6e4b1 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -1,4 +1,4 @@ -!/bin/bash +#!/bin/bash export DEBIAN_FRONTEND=noninteractive cat << EOF > /etc/apt/sources.list.d/python2.list From a737c8c05aad5eda76012a2ae422c732377315f3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 01:41:57 -0600 Subject: [PATCH 0844/1184] leave python2 packages --- scripts/U2404_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index 9c6f6e4b1..e9559cb85 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -33,7 +33,7 @@ source bin/activate bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate -apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` +#apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` apt-mark unhold `apt-mark showhold` rm /etc/apt/sources.list.d/python2.list From 66eb9862ee678d57fffcc69d21a02b6930396c84 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 01:46:43 -0600 Subject: [PATCH 0845/1184] exec bit not set in git --- roles/kalite/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index e2f44897b..c3a48ccb0 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -64,7 +64,7 @@ when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: Use scripts/U2404_python2.sh to install python2 and virtualenv - command: "{{ iiab_dir }}/scripts/U2404_python2.sh" + command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" when: (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" From f871683c2db3c1718d53bcc1b13fbc99e954bc41 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 5 Mar 2024 05:02:18 -0600 Subject: [PATCH 0846/1184] conditionals --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index c3a48ccb0..0954d0925 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -48,7 +48,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) @@ -65,7 +65,7 @@ - name: Use scripts/U2404_python2.sh to install python2 and virtualenv command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" - when: (is_ubuntu_2404 is defined and is_ubuntu_2404) + when: is_ubuntu_2404 is defined and is_ubuntu_2404 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: From 6819123fed4eec333613b999eb15c5ea70e33e46 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 5 Mar 2024 21:06:59 -0600 Subject: [PATCH 0847/1184] no compilers --- scripts/U2404_python2.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index e9559cb85..ea26a3640 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -20,6 +20,9 @@ apt -y install python2-pip-whl python2-setuptools-whl apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 apt-mark hold python3-pip-whl +apt -y --no-install-recommends install python3-pip=22.0.2+dfsg-1 +apt-mark hold python3-pip + apt -y --allow-downgrades install python3-virtualenv=20.13.0+ds-2 apt-mark hold python3-virtualenv From 73e94abe3f93240c1f1c5a8847ba71a2f7c4fd9b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 6 Mar 2024 13:26:47 -0500 Subject: [PATCH 0848/1184] Touch-ups for: scripts/install_python2_kalite-venv_u2404.sh --- roles/kalite/tasks/install.yml | 4 ++-- ...{U2404_python2.sh => install_python2_kalite-venv_u2404.sh} | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) rename scripts/{U2404_python2.sh => install_python2_kalite-venv_u2404.sh} (95%) mode change 100644 => 100755 diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 0954d0925..51350ec10 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -63,8 +63,8 @@ extra_args: "--no-cache-dir" when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) -- name: Use scripts/U2404_python2.sh to install python2 and virtualenv - command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" +- name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 + command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" when: is_ubuntu_2404 is defined and is_ubuntu_2404 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" diff --git a/scripts/U2404_python2.sh b/scripts/install_python2_kalite-venv_u2404.sh old mode 100644 new mode 100755 similarity index 95% rename from scripts/U2404_python2.sh rename to scripts/install_python2_kalite-venv_u2404.sh index ea26a3640..0841704df --- a/scripts/U2404_python2.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -33,7 +33,7 @@ virtualenv --always-copy --pip 20.3.4 --setuptools 44.1.1 --no-wheel -p python2. cd /usr/local/kalite/venv source bin/activate -bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir +bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate #apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` @@ -45,4 +45,3 @@ apt -y remove libmpdec3 python3-pip python3-wheel apt update apt -y upgrade - From f8fe9f0af9833d89fcf871634f716609b1e59aaa Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 6 Mar 2024 19:57:05 -0500 Subject: [PATCH 0849/1184] Refine scripts/install_python2_kalite-venv_u2404.sh --- scripts/install_python2_kalite-venv_u2404.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2_kalite-venv_u2404.sh b/scripts/install_python2_kalite-venv_u2404.sh index 0841704df..1371b4b05 100755 --- a/scripts/install_python2_kalite-venv_u2404.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -14,8 +14,7 @@ apt-mark hold python3.11 python3.11-minimal libpython3.11-stdlib libpython3.11-m apt -y --allow-downgrades install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs -apt -y install python2 -apt -y install python2-pip-whl python2-setuptools-whl +apt -y install python2 python2-pip-whl python2-setuptools-whl apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 apt-mark hold python3-pip-whl @@ -37,11 +36,11 @@ bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate #apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` -apt-mark unhold `apt-mark showhold` +apt-mark unhold $(apt-mark showhold) || true rm /etc/apt/sources.list.d/python2.list apt -y remove libmpdec3 python3-pip python3-wheel apt update -apt -y upgrade +apt -y upgrade # Why 'apt upgrade' here? From f67660d30b58760352d5cfba5312b039e075547b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 7 Mar 2024 00:44:42 -0500 Subject: [PATCH 0850/1184] Tighten kalite/tasks/install.yml; Introduce is_linuxmint_22 --- roles/kalite/tasks/install.yml | 15 +++++---------- scripts/local_facts.fact | 1 + vars/debian-12.yml | 15 --------------- vars/default_vars.yml | 1 + vars/linuxmint-22.yml | 7 +++++++ vars/raspbian-12.yml | 15 --------------- 6 files changed, 14 insertions(+), 40 deletions(-) create mode 100644 vars/linuxmint-22.yml diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 51350ec10..0ebf1b38b 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -22,9 +22,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: (is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204) # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... - #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. + when: is_ubuntu_2204 is defined and is_ubuntu_2204 # Also covers is_linuxmint_21 #- name: Install Ubuntu keyrings on Debian # get_url: @@ -37,8 +35,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... - #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 + when: not (is_ubuntu_2204 is defined and is_ubuntu_2204) and not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_21 and is_linuxmint_22 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: @@ -48,9 +45,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) - # long form of (is_debian_11+ or is_ubuntu_20+) + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 - name: Use pip to install ka-lite-static to {{ kalite_venv }} pip: @@ -61,11 +56,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 - name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" - when: is_ubuntu_2404 is defined and is_ubuntu_2404 + when: is_ubuntu_2404 is defined and is_ubuntu_2404 # Also covers is_linuxmint_22 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 24a3f044e..b1e53b885 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -89,6 +89,7 @@ case $OS_VER in "ubuntu-2310" | \ "ubuntu-2404" | \ "linuxmint-21" | \ + "linuxmint-22" | \ "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 3b51e4478..d06a61285 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -3,18 +3,3 @@ is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_12: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: openssh-server -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 912a83de3..55af7c382 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -788,6 +788,7 @@ is_ubuntu_2204: False #is_ubuntu_16: False is_linuxmint: False # Subset of is_ubuntu +is_linuxmint_22: False is_linuxmint_21: False #is_linuxmint_20: False diff --git a/vars/linuxmint-22.yml b/vars/linuxmint-22.yml new file mode 100644 index 000000000..53af5a21c --- /dev/null +++ b/vars/linuxmint-22.yml @@ -0,0 +1,7 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2404: True +is_linuxmint: True +is_linuxmint_22: True diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml index 9fa4b1e75..53858b6af 100644 --- a/vars/raspbian-12.yml +++ b/vars/raspbian-12.yml @@ -5,18 +5,3 @@ is_debian: True # Opposite of is_ubuntu for now is_debian_12: True is_raspbian: True is_raspbian_12: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: ssh -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" From a98d02248e7efa52ad64f7e6f7a98529e22ba4d6 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 7 Mar 2024 02:03:29 -0500 Subject: [PATCH 0851/1184] kalite/tasks/install.yml: Cleaner OS conditions --- roles/kalite/tasks/install.yml | 48 +++++++--------------------------- 1 file changed, 10 insertions(+), 38 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 0ebf1b38b..d2c2da478 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -15,29 +15,20 @@ # ignore_errors: yes # when: is_raspbian -- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2)' +- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2) -- if Ubuntu 22.04 / Mint 21' package: name: - python2 - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_ubuntu_2204 is defined and is_ubuntu_2204 # Also covers is_linuxmint_21 + when: is_ubuntu_2204 # Also covers is_linuxmint_21 -#- name: Install Ubuntu keyrings on Debian -# get_url: -# url: -# dest: /etc/apt/keyrings/ -# mode: 0644 -# timeout: "{{ download_timeout }}" -# when: is_debian_12 - -# use key retrieval from mongodb -- name: Use scripts/install_python2.sh to install python2 and virtualenv +- name: Run scripts/install_python2.sh to install python2 and virtualenv -- if Debian 12 or RasPiOS 12 command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_ubuntu_2204 is defined and is_ubuntu_2204) and not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_21 and is_linuxmint_22 + when: is_debian_12 # Also covers is_raspbian_12 -- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12 pip: name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv @@ -45,9 +36,9 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 + when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 -- name: Use pip to install ka-lite-static to {{ kalite_venv }} +- name: Use pip to install ka-lite-static to {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12 pip: name: ka-lite-static version: "{{ kalite_version }}" @@ -56,11 +47,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 + when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 -- name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 +- name: Run scripts/install_python2_kalite-venv_u2404.sh -- if Ubuntu 24.04+ or Mint 22 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" - when: is_ubuntu_2404 is defined and is_ubuntu_2404 # Also covers is_linuxmint_22 + when: is_ubuntu and not is_linuxmint and os_ver is version('ubuntu-2404', '>=') or is_linuxmint_22 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: @@ -71,30 +62,11 @@ - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755' } - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644' } -# Useless stanza, for 2 reasons: (1) http://box/kalite was never made to work -# (2) /etc/apache2/sites-available does not exist on many IIAB's w/o Apache -# - name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)" -# template: -# src: kalite.conf -# dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu -# when: apache_installed is defined - - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 replace: path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' replace: 'a-zA-Z0-9\-' - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? - -# - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 -# replace: -# path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" -# regexp: 'a-zA-Z0-9' -# replace: 'a-zA-Z0-9\-' -# when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 -# # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Create dir {{ kalite_root }} file: From 1070a3e7299ac1ce70c2488a460751301786e021 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 7 Mar 2024 03:09:21 -0500 Subject: [PATCH 0852/1184] install_python2_kalite-venv_u2404.sh: 'apt install python3-venv' (again) --- scripts/install_python2_kalite-venv_u2404.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/install_python2_kalite-venv_u2404.sh b/scripts/install_python2_kalite-venv_u2404.sh index 1371b4b05..cc40edcc2 100755 --- a/scripts/install_python2_kalite-venv_u2404.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -44,3 +44,8 @@ apt -y remove libmpdec3 python3-pip python3-wheel apt update apt -y upgrade # Why 'apt upgrade' here? + +# python3-venv is needed for other venv's like roles/jupyterhub, e.g. #3716. +# So we restore python3-venv originally installed by scripts/ansible -- this +# is nec b/c python3-pip-whl downgrade to 22.0.2 (line ~19 above) removes it: +apt -y install python3-venv From 4fb55f87c6570c302adb513830748eb54dcd389b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 7 Mar 2024 04:04:05 -0500 Subject: [PATCH 0853/1184] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.14 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 7b8738c4d..c0dbdd854 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.14 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From b5e60c9875e3d6c7c031dac2a362bdd496d274ca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Mar 2024 13:24:08 -0400 Subject: [PATCH 0854/1184] Interim stub to force Kolibri 0.16.0 for now, awaiting upstream #11892 --- roles/kolibri/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 9d0f786af..844d0b4ae 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,9 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL +# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting #11892 below... +kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb +# 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next From ea47f27b9dd01827051c62fb7dac57b75a5ded3d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Mar 2024 13:31:28 -0400 Subject: [PATCH 0855/1184] kolibri/defaults/main.yml: Clarify 0.16.0 install hack/stub --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 844d0b4ae..fbb5b8409 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,7 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting #11892 below... +# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting upstream redirects etc, e.g. #11892 below... kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb # 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest From 9ce709e6e3b2d00431f4fbe35d93ed8e4ae24aad Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 25 Mar 2024 15:47:52 -0400 Subject: [PATCH 0856/1184] Recommend ansible-core 2.16.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 898d57599..76af1ae59 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.4] -GOOD_VER=2.16.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.5] +GOOD_VER=2.16.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 133cc0682b1150dc536b8a062a8901c78272fc1a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 25 Mar 2024 15:49:14 -0400 Subject: [PATCH 0857/1184] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.15 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index c0dbdd854..dfca60227 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.14 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.15 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 837b4ccaff4282542b4b31f75a8e2e2a65e0a5a8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 28 Mar 2024 19:07:51 -0400 Subject: [PATCH 0858/1184] MediaWiki 1.41.1 (security and maintenance release) --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 77a233ac1..077d1a967 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 812b549d3348a3d2b221197e61a4a99e87a60626 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 8 Apr 2024 11:48:53 -0400 Subject: [PATCH 0859/1184] Restore apt install of Kolibri 0.16.1+, thx to upstream changes --- roles/kolibri/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index fbb5b8409..02086f33a 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,9 +26,9 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting upstream redirects etc, e.g. #11892 below... -kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb -# 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL +# 2024-04-08: Kolibri 0.16.1 restores install via apt +# https://github.com/learningequality/kolibri/issues/11892#issuecomment-2043073998 +# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next From 824469e2805b02f0bfee4230deaf35eb6e83f762 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 8 Apr 2024 11:54:59 -0400 Subject: [PATCH 0860/1184] kolibri/defaults/main.yml: Clarify apt for Kolibri 0.16.1+ --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 02086f33a..80eb0c352 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,7 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-04-08: Kolibri 0.16.1 restores install via apt +# 2024-04-08: Kolibri 0.16.1+ restores install via apt # https://github.com/learningequality/kolibri/issues/11892#issuecomment-2043073998 # 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest From d6c48123437949d0fed48e7d1bafde8e760e45b4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Apr 2024 16:04:04 -0400 Subject: [PATCH 0861/1184] Sugarizer 1.8.0 (upgrade from 1.7.0!) --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 925e087b6..ad5e48843 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -9,8 +9,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -sugarizer_dir_version: sugarizer-1.7.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0 -sugarizer_git_version: v1.7.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0 +sugarizer_dir_version: sugarizer-1.8.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0, sugarizer-1.7.0 +sugarizer_git_version: v1.8.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0, v1.7.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 From 8079ca9a4b7cb26387c7e7c7f0384778ea97f793 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Apr 2024 22:13:32 -0400 Subject: [PATCH 0862/1184] Recommend ansible-core 2.16.6 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 76af1ae59..0df85beb5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.5] -GOOD_VER=2.16.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.6] +GOOD_VER=2.16.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From e279be79dff1a3d293e5ba38a7d3ab30c40196b8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Apr 2024 22:17:51 -0400 Subject: [PATCH 0863/1184] iiab-install: MIN_ANSIBLE_VER=2.14.16 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index dfca60227..ebf301117 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.15 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.16 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 81be4dda9aff533c5413797bdd9c5a074ccf72b9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 24 Apr 2024 10:34:32 -0400 Subject: [PATCH 0864/1184] New Moodle 4.4 instead of 4.3 --- roles/moodle/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 4597665b1..b6c607027 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -11,8 +11,8 @@ # 2023-04-25: Currently testing Moodle's master branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_403_STABLE # Moodle 4.3 -#moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 +moodle_version: MOODLE_404_STABLE # Moodle 4.4 +#moodle_version: master # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From e6d5b6aa0732af27e04263880f850a0ed0950100 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 30 Apr 2024 18:22:34 -0400 Subject: [PATCH 0865/1184] Safer /usr/local/bin/yt-dlp symlink creation --- roles/calibre-web/tasks/install.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5f055d3e7..9ecf1c0ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -74,7 +74,13 @@ else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if [ -f /root/.local/share/pipx/venvs/xklb/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/xklb/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + else + echo "ERROR: yt-dlp NOT FOUND" + fi fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper From a771260ce94f8691bd5c3cb6e711d8aa05f1d890 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 30 Apr 2024 21:02:25 -0400 Subject: [PATCH 0866/1184] Bypass KA Lite install during initial install of IIAB, on recent OS's --- roles/7-edu-apps/tasks/main.yml | 2 +- roles/kalite/tasks/install.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index c5f15e117..570c4b3d1 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -6,7 +6,7 @@ - name: KALITE include_role: name: kalite - when: kalite_install + when: kalite_install and (is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12) # Also covers is_linuxmint_21 and is_raspbian_12 - name: KOLIBRI include_role: diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index d2c2da478..5738c7301 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -49,6 +49,9 @@ extra_args: "--no-cache-dir" when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 +# 2024-04-30: Sadly no longer works with Ubuntu 24.04 LTS final release (#3731). +# So roles/kalite is OS-restricted during initial install, SEE: roles/7-edu-apps/tasks/main.yml +# CLARIF: If install_python2_kalite-venv_u2404.sh proves no longer useful, it will deprecated in coming months. - name: Run scripts/install_python2_kalite-venv_u2404.sh -- if Ubuntu 24.04+ or Mint 22 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" when: is_ubuntu and not is_linuxmint and os_ver is version('ubuntu-2404', '>=') or is_linuxmint_22 From 4ea8690dd38a8184701592ce8d1a1ec8f36b4a77 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 1 May 2024 10:31:09 -0400 Subject: [PATCH 0867/1184] Welcome Ubuntu 24.10 (Oracular Oriole) pre-releases --- scripts/local_facts.fact | 1 + vars/default_vars.yml | 1 + vars/ubuntu-2410.yml | 5 +++++ 3 files changed, 7 insertions(+) create mode 100644 vars/ubuntu-2410.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index b1e53b885..e6c6ca0f5 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -88,6 +88,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2310" | \ "ubuntu-2404" | \ + "ubuntu-2410" | \ "linuxmint-21" | \ "linuxmint-22" | \ "raspbian-12") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 55af7c382..754cba561 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -774,6 +774,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2410: False is_ubuntu_2404: False is_ubuntu_2310: False #is_ubuntu_2304: False diff --git a/vars/ubuntu-2410.yml b/vars/ubuntu-2410.yml new file mode 100644 index 000000000..6120c89a9 --- /dev/null +++ b/vars/ubuntu-2410.yml @@ -0,0 +1,5 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2410: True From ebb0e079af196a1a52d700393ae72e713569fcc1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 1 May 2024 15:52:06 -0400 Subject: [PATCH 0868/1184] 'echo Admin:changeme | chpasswd' for CUPS w/ ansible-core 2.17+ --- roles/cups/tasks/install.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index e4e2e04ed..5663528f0 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -58,15 +58,30 @@ AuthType Default Require user @SYSTEM -- name: "CUPS web administration: Create Linux username 'Admin' with password 'changeme' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)" +- name: "CUPS web administration: Create Linux username 'Admin' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)" user: name: Admin append: yes # Don't clobber other groups, that other IIAB Apps might need. groups: lpadmin - password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords + #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords create_home: no shell: /usr/sbin/nologin # Debian/Ubuntu norm -- instead of /sbin/nologin, /bin/false +# 2024-05-01: Above password-setting approach no longer works w/ Ansible 2.17 RC1 (#3727). +# Ansible STOPS with this error... +# +# "[DEPRECATION WARNING]: Encryption using the Python crypt module is deprecated. The Python crypt module is +# deprecated and will be removed from Python 3.13. Install the passlib library for continued encryption +# functionality. This feature will be removed in version 2.17. Deprecation warnings can be disabled by +# setting deprecation_warnings=False in ansible.cfg." +# +# ...so we instead use Linux's "chpasswd" command (below!) + +- name: Use chpasswd to set Linux username 'Admin' password to 'changeme' + command: chpasswd + args: + stdin: Admin:changeme + # - name: Add user '{{ iiab_admin_user }}' to Linux group 'lpadmin' -- for CUPS web administration (or modify default 'SystemGroup lpadmin' in /etc/cups/cups-files.conf -- in coordination with ~14 -> ~15 '@SYSTEM' lines in /etc/cups/cupsd.conf) # #command: "gpasswd -a {{ iiab_admin_user | quote }} lpadmin" # #command: "gpasswd -d {{ iiab_admin_user | quote }} lpadmin" From ff696899f3d1802f3ff8d458c881ad9092638886 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 1 May 2024 22:52:44 -0400 Subject: [PATCH 0869/1184] CUPS: Update Ansible password hashing link (#3735) --- roles/cups/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 5663528f0..55209a50b 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -63,7 +63,7 @@ name: Admin append: yes # Don't clobber other groups, that other IIAB Apps might need. groups: lpadmin - #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords + #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#hashing-and-encrypting-strings-and-passwords create_home: no shell: /usr/sbin/nologin # Debian/Ubuntu norm -- instead of /sbin/nologin, /bin/false From 673fff90e2e2eb92fadc1f97009eeb8795124f69 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 1 May 2024 23:29:00 -0400 Subject: [PATCH 0870/1184] Nextcloud 29: Update disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index d82f040bb..c43da3943 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~655 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~199 MB) to {{ nextcloud_root_dir }} (~689 MB initially, sometimes ~726 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From d4c97f45b093470385cecc25a4b96917152ebf08 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 3 May 2024 08:50:27 -0400 Subject: [PATCH 0871/1184] Node.js 22.x --- roles/internetarchive/tasks/install.yml | 6 +++--- vars/default_vars.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index b6df58f01..2821a9ffd 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 20.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 22.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('20.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 20.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('22.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 22.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 754cba561..3b233ca6c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -444,7 +444,7 @@ mosquitto_port: 1883 # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -nodejs_version: 20.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20 +nodejs_version: 22.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20, 20.x til 2024-05-03 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 9129644dff136f0aaddf71e831e1cee60eb02275 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 16 May 2024 17:23:47 -0400 Subject: [PATCH 0872/1184] Avoid initial install of Kolibri on Ubuntu 24.04+ (for now!) --- roles/7-edu-apps/tasks/main.yml | 2 +- scripts/ansible | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 570c4b3d1..56d21fd28 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install + when: kolibri_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also covers is_linuxmint_22. This is TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases. - name: KIWIX include_role: diff --git a/scripts/ansible b/scripts/ansible index 0df85beb5..1b8983975 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -305,7 +305,6 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " /usr/local/ansible/bin/pip3 show ansible-core" -echo -e " pip3 show ansible-core" echo -e ' apt -a list "ansible*"' echo -e " ansible-galaxy collection list\n" echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" From 2788f1062413f836e58e268826c09d72de236997 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 16 May 2024 18:01:17 -0400 Subject: [PATCH 0873/1184] Safer avoidance of Kolibri, if Python 3.12+ (for now!) --- roles/7-edu-apps/tasks/main.yml | 2 +- test.yml | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 56d21fd28..e4ac330bc 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also covers is_linuxmint_22. This is TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases. + when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases at the moment. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: diff --git a/test.yml b/test.yml index 8eb2e9be0..7afdab202 100644 --- a/test.yml +++ b/test.yml @@ -19,12 +19,17 @@ #- include_role: # name: 0-init - - debug: - msg: "{{ 'changeme' | password_hash('sha512') }}" + # 2024-05-16: ansible-core 2.17 RC2 still hasn't fixed this, as they migrate from Python's crypt library to passlib: + # https://github.com/iiab/iiab/blob/485a619bfa082716ec848b5b34893dd3046175a8/roles/cups/tasks/install.yml#L70-L78 + #- debug: + # msg: "{{ 'changeme' | password_hash('sha512') }}" # msg: "{{ 'changeme' | password_hash('yescrypt') }}" # crypt.crypt STILL doesn't support 'yescrypt' algorithm ? #- pause: + - debug: + var: "'3.12.3' is version('3.12', '<')" + - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini descriptions for azuracast, captiveportal, mosquitto, munin, nodejs, osm-vector-maps, sshd debug: msg: '"''"' # OR: '''' FAILS: '"\'"' From 583fa9a898b5f3bb0a7b29fdd64ecb64c1430aff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 16 May 2024 18:19:42 -0400 Subject: [PATCH 0874/1184] Clarify Kolibri avoidance w/ Python 3.12+ during initial iiab-install --- roles/7-edu-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index e4ac330bc..dc1f7e49b 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases at the moment. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). + when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: From daafd615217997bcee90e56c37234c68ac49710d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 May 2024 14:51:21 -0400 Subject: [PATCH 0875/1184] Recommend ansible-core 2.17.0 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1b8983975..02fc9e23f 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.6] -GOOD_VER=2.16.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.0] +GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 6b80af6832561007e6df3888a283dbf6d12b2a81 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 May 2024 14:53:10 -0400 Subject: [PATCH 0876/1184] 2.14 EOL, MIN_ANSIBLE_VER=2.15.12 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index ebf301117..59c22129f 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.16 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.15.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From ec4a884c4c10e20190ff0580eaef86d5c42ee3ef Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 May 2024 15:17:55 -0400 Subject: [PATCH 0877/1184] ansible-core 2.17 docs for PR #3743 --- scripts/ansible | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 02fc9e23f..1cf6953a5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -34,6 +34,8 @@ GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.17 +# https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst # https://github.com/ansible/ansible/commits/stable-2.16 # https://github.com/ansible/ansible/blob/stable-2.16/changelogs/CHANGELOG-v2.16.rst # https://github.com/ansible/ansible/commits/stable-2.15 From ed9c8929464e081b5a8dc4a61ac88457c68987d9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 27 May 2024 10:19:50 -0400 Subject: [PATCH 0878/1184] gitea/defaults/main.yml: gitea_version: "1.22" --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index c318acfd7..0032f1d3d 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: "1.21" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. +gitea_version: "1.22" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 9dc634f7de00cb7ec393e622fe1e5f19028a4ac3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 May 2024 00:27:54 -0400 Subject: [PATCH 0879/1184] calibre-web/tasks/install.yml: Refine venv tips --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 9ecf1c0ed..c3cbf6e94 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -99,8 +99,9 @@ # https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments # VIRTUALENV EXAMPLE COMMANDS: +# python3 -m venv /usr/local/calibre-web-py3 (create venv) # cd /usr/local/calibre-web-py3 -# source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) +# . bin/activate (or 'source bin/activate' -- this prepends '/usr/local/calibre-web-py3/bin' to yr PATH) # python3 -m pip list ('pip list' sufficient *IF* path set above!) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt From ddca185401acf3dd29e483dfb53dbb14141afb04 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 4 Jun 2024 10:20:02 -0400 Subject: [PATCH 0880/1184] iiab-diagnostics: try dpaste.com instead of sprunge.us --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 0b979fcd3..f0d47a52b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -272,12 +272,12 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023) + pastebinit -b dpaste.com < $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. + #pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins - #pastebinit -b dpaste.com < $outfile # Claims 1,000,000 character maximum pastebin size, but not reliable else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b sprunge.us < $outfile" + echo -e " pastebinit -b dpaste.com < $outfile" fi echo -e "\e[0m" From 17463eb8107baa37562f91e5111487d88e22d988 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 4 Jun 2024 10:21:20 -0400 Subject: [PATCH 0881/1184] iiab-diagnostics.README.md: sprunge.us -> dpaste.com --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index e2b0aef85..a2295b830 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b dpaste.com /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From b6ab7bf733a305a64c698330fda7de45bdef82f9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 5 Jun 2024 09:18:32 -0400 Subject: [PATCH 0882/1184] iiab-summary: Strip RPi model null char for dpaste.com --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 75102048d..7551aad08 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -67,7 +67,7 @@ echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $ uname -nrvm echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) if [ -f /proc/device-tree/model ]; then - cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo + cat /proc/device-tree/model | tr -d '\000' ; echo # dpaste.com pastebin doesn't allow null chars! MORE RPi DETAIL: tail -4 /proc/cpuinfo fi if [ -f /sys/class/thermal/thermal_zone0/temp ]; then echo "Temperature(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp From 14d605c643a44592b258e4ffffc3ffd75a9bb9cd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 5 Jun 2024 09:24:29 -0400 Subject: [PATCH 0883/1184] iiab-diagnostics: Make all odd chars visible (pastebins can be picky!) --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f0d47a52b..c8bb1f302 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -132,7 +132,7 @@ echo "This is: $outfile" >> $outfile echo >> $outfile echo -e "\n\n\n0. HW + SW Quick Summary" >> $outfile echo >> $outfile -/opt/iiab/iiab/scripts/iiab-summary >> $outfile +/opt/iiab/iiab/scripts/iiab-summary | iconv -t UTF-8//IGNORE | cat -v >> $outfile # Make odd chars visible, just in case (e.g. dpaste.com pastebin disallows null chars) if [ -f /etc/rpi-issue ]; then echo "stage2 = Raspberry Pi OS Lite" >> $outfile echo "stage4 = Raspberry Pi OS with desktop" >> $outfile From 27be239d9d0e5dc22c2e3de632a21fb6472ab0e0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 5 Jun 2024 12:09:57 -0400 Subject: [PATCH 0884/1184] iiab-diagnostics: Tweak pastebinit syntax for PR #3749 --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index c8bb1f302..a94b04f0c 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -272,9 +272,9 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b dpaste.com < $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. - #pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) - #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins + pastebinit -b dpaste.com $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. + #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) + #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins else echo -e "If you later decide to publish it, run:" echo From ddd09567e21e0ef820553f545d7caff2bfd88b6c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 13 Jun 2024 14:27:22 -0400 Subject: [PATCH 0885/1184] Kolibri on Python 3.12 OS's, during initial IIAB install --- roles/7-edu-apps/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index dc1f7e49b..69d1b0788 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,8 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). + when: kolibri_install + #when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: From 7020423b6e479197a598ea5c88b3ea94a2091a2b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jun 2024 09:14:23 -0400 Subject: [PATCH 0886/1184] calibre-web/README.rst: Document xklb-metadata.db (for videos) --- roles/calibre-web/README.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 42162c818..9e5d3dee8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -108,6 +108,10 @@ Whereas your e-book metadata is stored in a Calibre-style database:: /library/calibre-web/metadata.db +Videos' metadata is stored in database:: + + /library/calibre-web/xklb-metadata.db + See also:: /library/calibre-web/metadata_db_prefs_backup.json From cc130d7e0fe27a2ae5b5fe4a55b6b541bbc796fe Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jun 2024 07:45:54 -0400 Subject: [PATCH 0887/1184] iiab-diagnostics: xklb & yt-dlp version visibility --- scripts/iiab-diagnostics | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a94b04f0c..6fe38407d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,8 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'sudo lb --version' 'xklb version' +cat_cmd 'sudo yt-dlp --version' 'yt-dlp version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 From 2f83e7f266eb893fbc0efc217f90cbd85255b053 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jun 2024 07:47:43 -0400 Subject: [PATCH 0888/1184] iiab-diagnostics.README.md: Fix line number --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index a2295b830..fa6c560e5 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-254 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-256 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From da3a69a885b4b1b8ecd977e37e3d3d0db29278b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Jun 2024 14:48:43 -0400 Subject: [PATCH 0889/1184] Recommend ansible-core 2.17.1 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1cf6953a5..46ef74659 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.0] -GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.1] +GOOD_VER=2.17.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 2f4151ec2eac33950402e82841fdcebe7ffce0e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 11:55:31 -0400 Subject: [PATCH 0890/1184] Temp hard-coding of Kolibri 0.17 Alpha 0, if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f0a06d292..0da1d724a 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -121,6 +121,12 @@ # codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) # when: is_debian or is_linuxmint_20 + +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' + set_fact: + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and Debian 13 (which still uses Python 3.11 for now!?) PLEASE SEE: learningequality/kolibri#11316 + - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: name: kolibri From 641b31d80007c7a64bd8d05bf8aebcb9375e8502 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 12:56:33 -0400 Subject: [PATCH 0891/1184] Nextcloud 29.0.3: Update disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index c43da3943..529988437 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~199 MB) to {{ nextcloud_root_dir }} (~689 MB initially, sometimes ~726 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~197 MB) to {{ nextcloud_root_dir }} (~692 MB initially, sometimes ~730 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From f274f36050870a3d6db2ce45fbb631d7dafd026d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 13:10:01 -0400 Subject: [PATCH 0892/1184] Clarify doc explanation of PR #3751 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 0da1d724a..5f242b475 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,7 +125,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and Debian 13 (which still uses Python 3.11 for now!?) PLEASE SEE: learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From 2a5046cd84b82b734724e324cf001c2844cc4874 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 14:30:49 -0400 Subject: [PATCH 0893/1184] Update IIAB Calibre-Web disk footprint estimates --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index c3cbf6e94..6af37dcc7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From 199424d4705be1c50c614850f1d63389e4953310 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 14:34:33 -0400 Subject: [PATCH 0894/1184] Support experimental install on RasPiOS 13 --- scripts/local_facts.fact | 3 ++- vars/default_vars.yml | 1 + vars/raspbian-13.yml | 7 +++++++ 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 vars/raspbian-13.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index e6c6ca0f5..a24a1a2da 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -91,7 +91,8 @@ case $OS_VER in "ubuntu-2410" | \ "linuxmint-21" | \ "linuxmint-22" | \ - "raspbian-12") + "raspbian-12" | \ + "raspbian-13") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install ;; diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3b233ca6c..c0e6e9f13 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -802,6 +802,7 @@ is_debian_12: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) +is_raspbian_13: False is_raspbian_12: False #is_raspbian_11: False #is_raspbian_10: False diff --git a/vars/raspbian-13.yml b/vars/raspbian-13.yml new file mode 100644 index 000000000..74c906488 --- /dev/null +++ b/vars/raspbian-13.yml @@ -0,0 +1,7 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_13: True +is_raspbian: True +is_raspbian_13: True From 355ebbc65e6a4378c4ec29de608159e8fafcdad9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 18:25:23 -0400 Subject: [PATCH 0895/1184] Tighten up adding of Kolibri PPA --- roles/kolibri/tasks/install.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 5f242b475..7798e81f0 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -76,17 +76,20 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 -- name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) +# 2024-06-24: Strongly consider PPA "kolibri-proposed" in future... +# https://github.com/learningequality/kolibri/issues/11892 +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html +- name: Add signed Kolibri PPA 'jammy' apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 +# #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 -- name: Add signed Kolibri PPA 'focal' (if other/older OS's) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" - when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) - #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) +# - name: Add signed Kolibri PPA 'focal' (if other/older OS's) +# apt_repository: +# repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" +# when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) +# #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) # apt_repository: From d75d6a0cb28aa857e65ed2d6df4ca6f6f8051605 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 18:47:28 -0400 Subject: [PATCH 0896/1184] Fix date in comment re: kolibri-proposed --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 7798e81f0..0eb9f6e84 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -76,7 +76,7 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 -# 2024-06-24: Strongly consider PPA "kolibri-proposed" in future... +# 2024-06-25: Strongly consider PPA "kolibri-proposed" in future... # https://github.com/learningequality/kolibri/issues/11892 # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html - name: Add signed Kolibri PPA 'jammy' From a4a68604e1791830ed6b649722b264712c71ca78 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 27 Jun 2024 12:01:11 -0400 Subject: [PATCH 0897/1184] New MediaWiki 1.42.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 077d1a967..1787b2807 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero +mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" From 9d31afdc9f1f3785b4cfba69472fc4bcfe482fc7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 3 Jul 2024 23:18:07 -0400 Subject: [PATCH 0898/1184] Install Kolibri 0.17b0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 0eb9f6e84..129756d9b 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta0/kolibri_0.17.0b0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From c6b0164cbe97934a1b333bea5b605f084e7bf6fd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 9 Jul 2024 18:43:30 -0400 Subject: [PATCH 0899/1184] transmission/README.rst: Ubuntu timeout / crashing issue #3756 --- roles/transmission/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 727197b56..a851fe591 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -86,6 +86,8 @@ Known Issues * Random Ports: Currently it is not possible to use random ports in the range 49152-65535, as it's difficult to open multiple ports in IIAB's `iptables-based firewall <https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables>`_. +* transmission-daemon (4.0.6 or 4.1-dev) install onto Ubuntu 24.04 or 24.10, but (1) its systemd service times out (fails to start) (2) rebooting kinda helps, but service then crashes on 1st visit to http://box:9091 `#3756 <https://github.com/iiab/iiab/issues/3756>`_ + Troubleshooting --------------- From c1eea9d1a16b50df04c8eb8cdc69c88f35d31760 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Jul 2024 09:38:03 -0400 Subject: [PATCH 0900/1184] callbre-web/README.rst: Update issues reporting URL --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9e5d3dee8..da7045ee1 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -228,5 +228,5 @@ Known Issues * |ss| Upload of not supported file formats gives no feedback to the user: `janeczku/calibre-web#828 <https://github.com/janeczku/calibre-web/issues/828>`_ |se| |nbsp| Fixed by `361a124 <https://github.com/janeczku/calibre-web/commit/361a1243d732116e6f520fabbaae017068b86037>`_ on 2019-02-27. -* *Please assist us in reporting serious issues here:* - https://github.com/janeczku/calibre-web/issues +* *Please report serious issues here:* + https://github.com/iiab/calibre-web/issues From 924f5802778ff3309e86637affbe5540bbd0713c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jul 2024 12:54:38 -0400 Subject: [PATCH 0901/1184] Clarify current Moodle is 4.4 (or 4.5dev !) --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 7a33421ae..a313ae75c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -101,7 +101,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) + version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" @@ -109,7 +109,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023) + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From afb7ed18fde6c3f6df3d57d1acde75856f69f016 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jul 2024 13:12:49 -0400 Subject: [PATCH 0902/1184] Update Moodle 4.5dev disk footprint estimates --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a313ae75c..44ba40349 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -104,7 +104,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From 2250f507fd306f7372a09c14adbb2a84d5cad44c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jul 2024 19:18:26 -0400 Subject: [PATCH 0903/1184] Kolibri 0.17.0 Beta 1 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 129756d9b..ba7d16651 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta0/kolibri_0.17.0b0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta1/kolibri_0.17.0b1-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 7c7f145b1716db6a950b6ff9105a90549103aa58 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 12 Jul 2024 19:44:36 -0400 Subject: [PATCH 0904/1184] Kolibri 0.17.0 Beta 2 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index ba7d16651..209fb3586 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta1/kolibri_0.17.0b1-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta2/kolibri_0.17.0b2-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 3b41fbca62d8605886435c7aa8c3786cd34a7f03 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Jul 2024 16:12:49 -0400 Subject: [PATCH 0905/1184] Recommend ansible-core 2.17.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 46ef74659..93755a5f6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.1] -GOOD_VER=2.17.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.2] +GOOD_VER=2.17.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 89c3d7873934f534aafdc30d50dc9a45963daf8a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 16 Jul 2024 00:33:24 -0400 Subject: [PATCH 0906/1184] Kolibri 0.17.0 Beta 3 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 209fb3586..f02dfde2e 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta2/kolibri_0.17.0b2-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta3/kolibri_0.17.0b3-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From fadee4caea0bcc009a47d060f34b66a66ad1f6fa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 17 Jul 2024 08:57:54 -0400 Subject: [PATCH 0907/1184] remote.it free/personal/non-commercial plan reconfirmed for 2024 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 051d3b7f5..910f55409 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [2024](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From e3d9a9a36e492107a9ebcc25138da2d4dc97dfe8 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 17 Jul 2024 22:26:11 -0400 Subject: [PATCH 0908/1184] Basic iiab-update command; also upgrades IIAB Calibre-Web --- roles/0-init/tasks/main.yml | 10 +++- scripts/ansible | 8 +-- scripts/iiab-update | 111 ++++++++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+), 5 deletions(-) create mode 100755 scripts/iiab-update diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 4c02c6ca5..8d423b8c6 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -34,15 +34,23 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ +- name: Copy iiab-update & iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ mode: '0755' with_items: + - iiab-update - iiab-summary - iiab-diagnostics +- name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update + file: + src: /usr/bin/iiab-update + path: /usr/bin/iiab-upgrade + state: link + force: yes + - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: state: directory diff --git a/scripts/ansible b/scripts/ansible index 93755a5f6..51cb3b689 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -99,8 +99,8 @@ echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'" #echo -e "(3) Remove all lines containing 'ansible' from..." #echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" -echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" -echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" +#echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" +#echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ") @@ -308,5 +308,5 @@ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " /usr/local/ansible/bin/pip3 show ansible-core" echo -e ' apt -a list "ansible*"' -echo -e " ansible-galaxy collection list\n" -echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" +echo -e " ansible-galaxy collection list\n\n" +#echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" diff --git a/scripts/iiab-update b/scripts/iiab-update new file mode 100755 index 000000000..8c498ff1e --- /dev/null +++ b/scripts/iiab-update @@ -0,0 +1,111 @@ +#!/bin/bash + +# Basic updating/upgrading of IIAB's core software (2 main repos) from GitHub. + +# With a focus on upgrading IIAB Calibre-Web, if that's installed: +# https://github.com/iiab/calibre-web/wiki + +if [[ $(id -un) != "root" ]]; then + echo -e "\nPlease run: sudo iiab-update\n" + exit 1 +fi + +if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" +else + echo -e "\n\n\e[44;1mBasic upgrade of IIAB core software (2 main repos) & Calibre-Web:\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y +fi + +cd /opt/iiab/iiab +if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 +fi +echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" +git pull https://github.com/iiab/iiab --no-rebase --no-edit +if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise Ansible (roles/0-init) does it below! + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin +fi + +if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" +else + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible +fi + +if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + echo + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + systemctl restart calibre-web + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + ./runrole --reinstall calibre-web + fi +fi + +# 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the +# time over 20 tests for me -- leading to 3+ different kinds of errors right +# after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the +# most common error -- once the error was "command not found" -- and another +# time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! +# +# Any chance this get_oer2go_catalog error ~15 lines up...might be related ? +# +# ... +# Finished writing to /etc/iiab/kiwix_catalog.json +# SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' +# php_parser = re.compile('\<\?php echo .+? \?>') +# Skipping module not needed by Internet in a Box 12 en-PhET +# ... +# [ ~15 lines ] +# ... +# (Restarting CMDSRV +# ... +# [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + +if [ -d /opt/admin ]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi +fi + +echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" From 4f98de9331eaa9c058cde34cfb628fb2f97163a9 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 17 Jul 2024 23:17:37 -0400 Subject: [PATCH 0909/1184] Untracked files in venv /usr/local/calibre-web-py3 should NOT block upgrade --- roles/0-init/tasks/main.yml | 2 +- scripts/iiab-update | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8d423b8c6..d6859c120 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -49,7 +49,7 @@ src: /usr/bin/iiab-update path: /usr/bin/iiab-upgrade state: link - force: yes + #force: yes - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: diff --git a/scripts/iiab-update b/scripts/iiab-update index 8c498ff1e..0c75dcc34 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -56,7 +56,7 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then yt-dlp --version echo cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi From 869ff84453c77e029c271fc2af8b6057c7feab09 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 00:25:50 -0400 Subject: [PATCH 0910/1184] iiab-update: Tiny code cleanup (Calibre-Web section) --- scripts/iiab-update | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 0c75dcc34..78b3cf859 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -54,13 +54,12 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then pipx install xklb echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo cd /usr/local/calibre-web-py3 if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi - echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/calibre-web --no-rebase --no-edit cd /opt/iiab/iiab if [[ $1 == "-f" || $1 == "--fast" ]]; then From 7d004495d3b79dc53be64e22874a8dea2bbeb9e6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 01:15:10 -0400 Subject: [PATCH 0911/1184] iiab-update: Document yt-dlp "nightly" option --- scripts/iiab-update | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-update b/scripts/iiab-update index 78b3cf859..eafe6897e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -52,6 +52,8 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then pipx uninstall xklb echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version cd /usr/local/calibre-web-py3 From af4715df6aa8717eac3f1e61c6bf413ee75de673 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 01:32:16 -0400 Subject: [PATCH 0912/1184] Explain 'cp iiab-update iiab-summary iiab-diagnostics /usr/bin' --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index eafe6897e..4c785c702 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -31,7 +31,7 @@ if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != " fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit -if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise Ansible (roles/0-init) does it below! +if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole and ./install do it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" cp iiab-update iiab-summary iiab-diagnostics /usr/bin From 49f59830c8d575a2dcc466dac208c69022ac002e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 02:09:33 -0400 Subject: [PATCH 0913/1184] Strengthen yt-dlp upgrading + document "nightly" version --- roles/calibre-web/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 6af37dcc7..2fc8d4f74 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -70,7 +70,7 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx upgrade --include-injected xklb + pipx reinstall xklb else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb @@ -82,6 +82,8 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper fi From c6815a55f757785400da1f4483bb52a2f24e5046 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 02:19:52 -0400 Subject: [PATCH 0914/1184] calibre-web/tasks/install.yml: Links to NEW iiab-update approach --- roles/calibre-web/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 2fc8d4f74..369bc09c1 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,3 +1,8 @@ +# To upgrade IIAB Calibre-Web: +# https://github.com/iiab/calibre-web/wiki#upgrading +# https://github.com/iiab/iiab/blob/master/scripts/iiab-update + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 From 4150ce342efff605c641981b0f54db5d3eac5711 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 03:09:13 -0400 Subject: [PATCH 0915/1184] calibre-web/README.rst: Revise "Upgrading" section --- roles/calibre-web/README.rst | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index da7045ee1..ef9423d1d 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -157,26 +157,31 @@ as it contains your Calibre-Web content **and** configuration settings! Upgrading --------- -"Reinstalling" Calibre-Web automatically installs the latest version — if your -Internet-in-a-Box (IIAB) is online. +Please see our `new/automated upgrade technique (iiab-update) <https://github.com/iiab/calibre-web/wiki#upgrading>`_ +introduced in July 2024. -But first: back up your content **and** configuration settings, as explained above. +But first: back up your content **and** configuration settings, as outlined +above! -**Also move your /library/calibre-web/config/app.db AND/OR -/library/calibre-web/metadata.db out of the way — if you're sure you want to -fully reset your Calibre-Web settings (to install defaults) AND/OR remove all -e-book metadata! Then run, as root**:: +**Conversely if you're sure you want to fully reset your Calibre-Web settings, +and remove all existing e-book/video/media metadata — then move your +/library/calibre-web/config/app.db, /library/calibre-web/metadata.db and +/library/calibre-web/xklb-metadata.db out of the way.** + +RECAP: In general, "reinstalling" Calibre-Web automatically installs the latest +version — if your Internet-in-a-Box (IIAB) is online. Strongly consider the +new ``iiab-update`` technique described above. But if you must use the +older/manual technique, you would need to run, as root:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web -Or, if you just want to upgrade Calibre-Web code alone, prior to proceeding -manually:: +Or, if you want to try upgrading Calibre-Web code alone:: cd /usr/local/calibre-web-py3 git pull -This older way is *no longer recommended*:: +Finally, this much older way is *no longer recommended*:: cd /opt/iiab/iiab ./iiab-install --reinstall # OR: ./iiab-configure From 514f0ea71457e4921f007771d6e7756648decdcd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 03:21:01 -0400 Subject: [PATCH 0916/1184] calibre-web/README.rst: Refine "Upgrading" grammar --- roles/calibre-web/README.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index ef9423d1d..a29896573 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -168,15 +168,15 @@ and remove all existing e-book/video/media metadata — then move your /library/calibre-web/config/app.db, /library/calibre-web/metadata.db and /library/calibre-web/xklb-metadata.db out of the way.** -RECAP: In general, "reinstalling" Calibre-Web automatically installs the latest -version — if your Internet-in-a-Box (IIAB) is online. Strongly consider the -new ``iiab-update`` technique described above. But if you must use the -older/manual technique, you would need to run, as root:: +RECAP: Either way, "reinstalling" Calibre-Web automatically installs the latest +version — so long as your Internet-in-a-Box (IIAB) is online. Most people +should stick with the new ``iiab-update`` technique above. However if you must +use the older/manual approach, you would need to run, as root:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web -Or, if you want to try upgrading Calibre-Web code alone:: +Or, if there's a need to try updating Calibre-Web's code alone:: cd /usr/local/calibre-web-py3 git pull From 3d6a11635278543680636e767f078e0acb61c7d2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 05:19:38 -0400 Subject: [PATCH 0917/1184] scripts/iiab-update: Clarify summary/purpose for PR #3768 --- scripts/iiab-update | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4c785c702..b5813075e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -1,8 +1,8 @@ #!/bin/bash -# Basic updating/upgrading of IIAB's core software (2 main repos) from GitHub. +# Upgrade IIAB core software (apt updates, Ansible, Admin Console, etc). -# With a focus on upgrading IIAB Calibre-Web, if that's installed: +# Also with a focus on upgrading IIAB Calibre-Web, if that's installed: # https://github.com/iiab/calibre-web/wiki if [[ $(id -un) != "root" ]]; then @@ -14,7 +14,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mBasic upgrade of IIAB core software (2 main repos) & Calibre-Web:\e[0m\n" + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" echo -e "\e[4mNow running: apt update\e[0m\n" apt update From 1e1998cb14568b60e3f2deceeebefafb06527a11 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 13:37:24 -0400 Subject: [PATCH 0918/1184] Preload all of iiab-update (bash script) into RAM for safety --- scripts/iiab-update | 192 +++++++++++++++++++++++--------------------- 1 file changed, 101 insertions(+), 91 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index b5813075e..36190e270 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -5,108 +5,118 @@ # Also with a focus on upgrading IIAB Calibre-Web, if that's installed: # https://github.com/iiab/calibre-web/wiki -if [[ $(id -un) != "root" ]]; then - echo -e "\nPlease run: sudo iiab-update\n" - exit 1 -fi +# 2024-07-18 fixes underway, thanks to: +# https://stackoverflow.com/questions/21096478/overwrite-executing-bash-script-files +# https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run +# https://stackoverflow.com/questions/2336977/can-a-shell-script-indicate-that-its-lines-be-loaded-into-memory-initially -if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" - echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" -else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" - echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" - echo -e "\e[4mNow running: apt update\e[0m\n" - apt update - echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" - apt dist-upgrade -y - echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" - apt autoremove -y -fi - -cd /opt/iiab/iiab -if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 -fi -echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" -git pull https://github.com/iiab/iiab --no-rebase --no-edit -if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole and ./install do it below! (as Ansible runs roles/0-init) - cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin -fi - -if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" -else - echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" - scripts/ansible -fi - -if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" +{ + if [[ $(id -un) != "root" ]]; then + echo -e "\nPlease run: sudo iiab-update\n" exit 1 fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" - systemctl restart calibre-web + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" - ./runrole --reinstall calibre-web + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y fi -fi -# 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the -# time over 20 tests for me -- leading to 3+ different kinds of errors right -# after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the -# most common error -- once the error was "command not found" -- and another -# time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! -# -# Any chance this get_oer2go_catalog error ~15 lines up...might be related ? -# -# ... -# Finished writing to /etc/iiab/kiwix_catalog.json -# SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' -# php_parser = re.compile('\<\?php echo .+? \?>') -# Skipping module not needed by Internet in a Box 12 en-PhET -# ... -# [ ~15 lines ] -# ... -# (Restarting CMDSRV -# ... -# [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + cd /opt/iiab/iiab + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab --no-rebase --no-edit + if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin + fi -if [ -d /opt/admin ]; then if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" else - cd /opt/iiab/iiab-admin-console - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible + fi + + if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install + systemctl stop calibre-web + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + systemctl restart calibre-web + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + ./runrole --reinstall calibre-web + fi fi -fi -echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + # 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the + # time over 20 tests for me -- leading to 3+ different kinds of errors right + # after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the + # most common error -- once the error was "command not found" -- and another + # time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! + # + # Any chance this get_oer2go_catalog error ~15 lines up...might be related ? + # + # ... + # Finished writing to /etc/iiab/kiwix_catalog.json + # SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' + # php_parser = re.compile('\<\?php echo .+? \?>') + # Skipping module not needed by Internet in a Box 12 en-PhET + # ... + # [ ~15 lines ] + # ... + # (Restarting CMDSRV + # ... + # [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + + if [ -d /opt/admin ]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi + fi + + echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + + exit # https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run +} From 280cea8b9d53a6825d7076a36c3664c1f29b7836 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:16:39 -0400 Subject: [PATCH 0919/1184] untabify iiab-update + 'systemctl stop calibre-web' output --- scripts/iiab-update | 115 ++++++++++++++++++++++---------------------- 1 file changed, 58 insertions(+), 57 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 36190e270..8f8ba2f94 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -12,72 +12,73 @@ { if [[ $(id -un) != "root" ]]; then - echo -e "\nPlease run: sudo iiab-update\n" - exit 1 + echo -e "\nPlease run: sudo iiab-update\n" + exit 1 fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" - echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" - echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" - echo -e "\e[4mNow running: apt update\e[0m\n" - apt update - echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" - apt dist-upgrade -y - echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" - apt autoremove -y + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y fi cd /opt/iiab/iiab if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) - cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" else - echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" - scripts/ansible + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - systemctl stop calibre-web - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: systemctl stop calibre-web\e[0m\n" + systemctl stop calibre-web + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" systemctl restart calibre-web - else - echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" ./runrole --reinstall calibre-web - fi + fi fi # 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the @@ -101,19 +102,19 @@ # [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] if [ -d /opt/admin ]; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" - else - cd /opt/iiab/iiab-admin-console - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install - fi + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi fi echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" From 291c049919185852724ef4584bdf2c059152e18e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:24:22 -0400 Subject: [PATCH 0920/1184] iiab-update: Try "bash -e" (exit on error) and "cp -u" (--update) --- scripts/iiab-update | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 8f8ba2f94..48a4f90ac 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/bash -e +# "-e" tries to exit right away on error. # Upgrade IIAB core software (apt updates, Ansible, Admin Console, etc). @@ -40,7 +41,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin + cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then From 732ddf80111ed6f47883fcc9a7798f8b55c14088 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:28:07 -0400 Subject: [PATCH 0921/1184] iiab-update: Clarify "cp -u" in live output too --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 48a4f90ac..eca416d60 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -40,7 +40,7 @@ git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin fi From cdd94f84d9f24224a70facd2c2bbad952a9e2604 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 16:28:14 -0400 Subject: [PATCH 0922/1184] iiab-update: Permit /opt/iiab/iiab untracked files like adm-run-roles-tmp.yml --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index eca416d60..f51532503 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -32,7 +32,7 @@ fi cd /opt/iiab/iiab - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit detritus, e.g. untracked files like adm-run-roles-tmp.yml echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi From af3660045ffc581bcac4f3bbfb5bfa70790e94a1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 19 Jul 2024 01:19:00 -0400 Subject: [PATCH 0923/1184] iiab-update: Skip Admin Console ./install if already up-to-date --- scripts/iiab-update | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index f51532503..49cfdc939 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -111,10 +111,16 @@ echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi + GITHASH1=$(git rev-parse HEAD) echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install + GITHASH2=$(git rev-parse HEAD) + if [[ $GITHASH1 != $GITHASH2 ]]; then + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + else + echo -e "\n\e[33mSkipping Admin Console './install' — as it appears up-to-date!\e[0m" + fi fi fi From b1b9d49327d6429de7760e1559b9579c2456ddc3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 19 Jul 2024 04:34:16 -0400 Subject: [PATCH 0924/1184] Clean up RasPiOS Python/apt/pip doc links --- roles/calibre-web/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 369bc09c1..8b526d03e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -102,8 +102,9 @@ extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) -# https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi -# https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments +# https://www.raspberrypi.com/documentation/computers/os.html#use-python-on-a-raspberry-pi +# https://www.raspberrypi.com/documentation/computers/os.html#install-python-packages-using-apt +# https://www.raspberrypi.com/documentation/computers/os.html#install-python-libraries-using-pip # VIRTUALENV EXAMPLE COMMANDS: # python3 -m venv /usr/local/calibre-web-py3 (create venv) From 33ed99c030847daf4e32fce88aa3c4b82f3c6891 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 19 Jul 2024 06:26:19 -0400 Subject: [PATCH 0925/1184] iiab-update -f: Install CWeb requirements.txt + sharpen warning --- scripts/iiab-update | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 49cfdc939..91e0af9e1 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -21,7 +21,7 @@ echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\n\e[44;1mUpgrading IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" echo -e "\e[4mNow running: apt update\e[0m\n" apt update @@ -45,16 +45,13 @@ fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n\n" else echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" scripts/ansible fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" pipx uninstall xklb echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" @@ -72,11 +69,13 @@ systemctl stop calibre-web echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + echo -e "\n\e[4mNow running: bin/pip install -r requirements.txt --prefer-binary\e[0m\n" + bin/pip install -r requirements.txt --prefer-binary > /dev/null + echo -e "\e[4mNow running: systemctl restart calibre-web\e[0m\n" systemctl restart calibre-web else + cd /opt/iiab/iiab echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" ./runrole --reinstall calibre-web fi @@ -124,7 +123,12 @@ fi fi - echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\n\e[44;1m'iiab-update -f' COMPLETE!\e[0m\n" + echo -e "\e[44;1mIf Calibre-Web fails, please try 'iiab-update' WITHOUT '-f'\e[0m\n\n" # \e[7m == reverse video (e.g. black on white) + else + echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + fi exit # https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run } From 06a36706eb27dd4888464e4127a882ec35f14774 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 Jul 2024 11:52:53 -0400 Subject: [PATCH 0926/1184] iiab-update: Tighten up Calibre-Web upgrader (WIP: Ansible equiv soon) --- scripts/iiab-update | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 91e0af9e1..ec7a5d31e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -52,24 +52,25 @@ fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - echo -e "\n\e[4mNow running: systemctl stop calibre-web\e[0m\n" - systemctl stop calibre-web - echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\e[4mNow running: systemctl stop calibre-web\e[0m\n" + systemctl stop calibre-web + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit echo -e "\n\e[4mNow running: bin/pip install -r requirements.txt --prefer-binary\e[0m\n" bin/pip install -r requirements.txt --prefer-binary > /dev/null echo -e "\e[4mNow running: systemctl restart calibre-web\e[0m\n" From 37c6a7ef2950a659dbebcee2f7a09f895548631f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 Jul 2024 13:43:35 -0400 Subject: [PATCH 0927/1184] Clarify yt-dlp "nightly" for better/experimental YouTube scraping --- scripts/iiab-update | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index ec7a5d31e..76095753f 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -59,13 +59,16 @@ pipx install xklb echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # + # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases + # https://pypi.org/project/yt-dlp/#history cd /usr/local/calibre-web-py3 if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 + echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 fi echo -e "\e[4mNow running: systemctl stop calibre-web\e[0m\n" systemctl stop calibre-web From 06dbdb178a6f2a171f609a23f9ecc159f7db525c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 01:51:06 -0400 Subject: [PATCH 0928/1184] Allow Calibre-Web upgrades via Ansible too, much like 'iiab-update -f' --- roles/calibre-web/tasks/install.yml | 33 +++++++++++++++++++---------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 8b526d03e..bdcca21f5 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,6 +1,9 @@ -# To upgrade IIAB Calibre-Web: +# Or try 'iiab-update -f' for a more rapid upgrade of IIAB Calibre-Web: +# +# https://wiki.iiab.io/go/FAQ#Can_I_upgrade_IIAB_software%3F # https://github.com/iiab/calibre-web/wiki#upgrading # https://github.com/iiab/iiab/blob/master/scripts/iiab-update +# https://github.com/iiab/iiab/tree/master/roles/calibre-web#upgrading - name: Record (initial) disk space used @@ -8,6 +11,13 @@ register: df1 +- name: Stop 'calibre-web' systemd service for safety (RED ERROR CAN BE IGNORED!) + systemd: + name: calibre-web + state: stopped + ignore_errors: True # Shows red errors, and continue... + #failed_when: False # Hides red errors, and continue... + - name: "Install packages: imagemagick, python3-netifaces" package: name: @@ -38,10 +48,10 @@ state: absent when: calibreweb_venv_wipe -- name: Does {{ calibreweb_venv_path }} exist? - stat: - path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 - register: calibreweb_venv +# - name: Does {{ calibreweb_venv_path }} exist? +# stat: +# path: "{{ calibreweb_venv_path }}" +# register: calibreweb_venv - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: @@ -52,7 +62,7 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" + - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -61,14 +71,15 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" +#- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ MB later)" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" - force: yes - #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing - version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 - when: not calibreweb_venv.stat.exists + force: yes # "any modified files in the working repository will be discarded" + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing + version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 + #when: not calibreweb_venv.stat.exists - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | From 663a35f5ced6b8bcbe0a416c53015b4b22418d63 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 02:31:21 -0400 Subject: [PATCH 0929/1184] Sharpen /usr/local/calibre-web-py3 disk usage estimates --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index bdcca21f5..d6320fb76 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -72,7 +72,7 @@ # https://github.com/janeczku/calibre-web/pull/1459 #- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" -- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ MB later)" +- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later)" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From ddfbbe7bf0e42eb5c2eda9c9cb68bf6190f26f85 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 02:46:48 -0400 Subject: [PATCH 0930/1184] calibre-web/tasks/install.yml: Clarify yt-dlp "nightly" option --- roles/calibre-web/tasks/install.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index d6320fb76..816fa5ac7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -98,8 +98,11 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release:: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # + # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases + # https://pypi.org/project/yt-dlp/#history cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper fi From 220bea18dcd597fb33501cdabe4d09bb8799bbe2 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 03:24:26 -0400 Subject: [PATCH 0931/1184] Explain yt-dlp 'nightly' releases, in Ansible output --- roles/calibre-web/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 816fa5ac7..34a89f211 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -81,6 +81,11 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 #when: not calibreweb_venv.stat.exists +- debug: + msg: + - "NEED BETTER/EXPERIMENTAL YouTube SCRAPING? RUN THE NEXT LINE -- for the latest yt-dlp 'nightly' release:" + - sudo pipx inject --pip-args='--upgrade --pre' -f xklb yt-dlp[default] + - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then @@ -98,7 +103,7 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi - # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release:: + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases From 46c1003f2c2c10a9487cc8974fe1ab402d701b87 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 21:36:39 -0400 Subject: [PATCH 0932/1184] KA Lite dying: Time for Kolibri to become mainline --- vars/default_vars.yml | 8 ++++---- vars/local_vars_medical.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_none.yml | 4 ++-- vars/local_vars_small.yml | 8 ++++---- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c0e6e9f13..13291b20d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -476,14 +476,14 @@ wordpress_enabled: False # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False kalite_server_port: 8008 kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org -kolibri_install: False -kolibri_enabled: False +kolibri_install: True +kolibri_enabled: True kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri kolibri_user: kolibri # WARNING: https://github.com/learningequality/kolibri-installer-debian/issues/115 diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index f97113d63..66798cb05 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -1,7 +1,7 @@ # Default overrides kiwix_incl_apk: True -kalite_install: False -kalite_enabled: False +kolibri_install: False +kolibri_enabled: False captiveportal_install: True captiveportal_enabled: True mediawiki_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index aa142dcc9..40b960608 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -284,8 +284,8 @@ wordpress_enabled: True # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 6b3876fe8..a13c825ac 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -1,8 +1,8 @@ # turn off defaults remoteit_install: False openvpn_install: False -kalite_install: False -kalite_enabled: False +kolibri_install: False +kolibri_enabled: False kiwix_install: False kiwix_enabled: False osm_vector_maps_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index a366e2863..288395d69 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -284,12 +284,12 @@ wordpress_enabled: False # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org -kolibri_install: False -kolibri_enabled: False +kolibri_install: True +kolibri_enabled: True kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From 4cb61cf8b8c3f985d22cbeab8452f342a5f66596 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 22 Jul 2024 22:18:55 -0400 Subject: [PATCH 0933/1184] 'git pull' if upgrading Calibre-Web, bypassing Ansible --- roles/calibre-web/tasks/install.yml | 38 ++++++++++++++++------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 34a89f211..a6e8d4f56 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -42,17 +42,6 @@ line: ' <policy domain="coder" rights="read" pattern="PDF" />' state: present -- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" - file: - path: "{{ calibreweb_venv_path }}" - state: absent - when: calibreweb_venv_wipe - -# - name: Does {{ calibreweb_venv_path }} exist? -# stat: -# path: "{{ calibreweb_venv_path }}" -# register: calibreweb_venv - - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: state: directory @@ -62,7 +51,6 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -71,15 +59,31 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -#- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" -- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later)" +- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" + file: + path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + state: absent + when: calibreweb_venv_wipe + +- name: Does {{ calibreweb_venv_path }} exist? + stat: + path: "{{ calibreweb_venv_path }}" + register: calibreweb_venv + +- name: git clone Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later) -- if {{ calibreweb_venv_path }} doesns't exist git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" - force: yes # "any modified files in the working repository will be discarded" - #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing + #force: True # CLAIM: "If true, any modified files in the working repository will be discarded" -- REALITY: even if `force: no`, Ansible destructively reclones (also removing all test branch commits etc!) -- unless a git credential is provided to Ansible? + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 - #when: not calibreweb_venv.stat.exists + when: not calibreweb_venv.stat.exists + +- name: cd {{ calibreweb_venv_path }} ; git pull {{ calibreweb_repo_url }} {{ calibreweb_version }} --no-rebase --no-edit -- if {{ calibreweb_venv_path }} exists + command: git pull "{{ calibreweb_repo_url }}" "{{ calibreweb_version }}" --no-rebase --no-edit + args: + chdir: "{{ calibreweb_venv_path }}" + when: calibreweb_venv.stat.exists - debug: msg: From 078d896ef7cd5278ca730e4a28c400f18161f9ee Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 28 Jul 2024 14:34:51 -0400 Subject: [PATCH 0934/1184] pbx/README.adoc: Link to official FreePBX 17 install script --- roles/pbx/README.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index d99f0df82..9553cb8db 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -357,4 +357,8 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c * Ron Raikes' routine to install FreePBX from GitHub: https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +In 2024, see also the official: + +* FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install + Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 1116cbfb362a953358099f413160e2e3d73691d0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 28 Jul 2024 14:48:01 -0400 Subject: [PATCH 0935/1184] pbx/README.adoc: 2 more official FreePBX 17 install links --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 9553cb8db..2bbd70671 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -360,5 +360,7 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c In 2024, see also the official: * FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install +* FreePBX 17 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230326391/FreePBX+17+Installation +* Step By Step Debian 12 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/295403538/Step+By+Step+Debian+12+Installation Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 8f1a72e049cade6ffb55c7280af8170b823316dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 28 Jul 2024 15:03:00 -0400 Subject: [PATCH 0936/1184] pbx/README.adoc: Update FreePBX 17 pre-release news + link --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 2bbd70671..5d48feddf 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of July 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 pre-releases]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* @@ -359,7 +359,7 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c In 2024, see also the official: -* FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install +* https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install * FreePBX 17 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230326391/FreePBX+17+Installation * Step By Step Debian 12 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/295403538/Step+By+Step+Debian+12+Installation From 1ddbf01dfff87ce39973705aa1cee41d79f2ea93 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 30 Jul 2024 19:42:47 -0400 Subject: [PATCH 0937/1184] Kolibri 0.17 RC0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f02dfde2e..b0ea215bb 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta3/kolibri_0.17.0b3-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc0/kolibri_0.17.0rc0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From f20493cdc4dc8bad2edc1a218e827c3400b9a9f7 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 1 Aug 2024 11:10:37 -0400 Subject: [PATCH 0938/1184] Bypass initial install of Transmission on 24.04 & 24.10 & Mint 22 --- roles/8-mgmt-tools/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 8771b66a0..4d83e4422 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -6,7 +6,7 @@ - name: TRANSMISSION include_role: name: transmission - when: transmission_install + when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) - name: AWSTATS include_role: From cd7baf4b4f3e9a71f7737cc7bb2fc3dd0b593ea4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 1 Aug 2024 14:19:53 -0400 Subject: [PATCH 0939/1184] Kolibri 0.17 RC2 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index b0ea215bb..ede1a64b6 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc0/kolibri_0.17.0rc0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc2/kolibri_0.17.0rc2-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From a0e789a11126b33b34066081dfdb83c248208e28 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 4 Aug 2024 09:20:47 -0400 Subject: [PATCH 0940/1184] pbx/README.adoc: FreePBX 17 links --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 5d48feddf..f19260023 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of July 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 pre-releases]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of August 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* From 01f87f5e38196a863bb431d5ce6045cb26011736 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 5 Aug 2024 18:44:18 -0400 Subject: [PATCH 0941/1184] Kolibri 0.17 RC3 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index ede1a64b6..405beb896 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc2/kolibri_0.17.0rc2-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 0ab99a456ebef69c971d10154770365165704230 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 5 Aug 2024 18:51:04 -0400 Subject: [PATCH 0942/1184] kolibri/tasks/install.yml: Clarify 4 OS's now using Python 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 405beb896..86281875a 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -128,7 +128,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From fd3ff958b16407deb6ae507be0dcc48a91206d88 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 6 Aug 2024 19:29:48 -0400 Subject: [PATCH 0943/1184] Kolibri 0.17.0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 86281875a..e09616739 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,9 +125,9 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 6e51ecbdd6a29415fe9b5b3a601a87e8a9799899 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 6 Aug 2024 19:37:56 -0400 Subject: [PATCH 0944/1184] Kolibri 0.17.x: Clean/Clarify Python 3.12+ OS's / context --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index e09616739..217d68d73 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,10 +125,10 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From cac1c873f40ce9d89e1a344c980646ac6c577311 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 7 Aug 2024 01:03:29 -0400 Subject: [PATCH 0945/1184] scripts/iiab-root-login: Set + Enable sftp password, for FileZilla uploads --- roles/0-init/tasks/main.yml | 3 +- scripts/iiab-item-size.py | 0 scripts/iiab-network | 0 scripts/iiab-root-login | 60 +++++++++++++++++++++++++++++++++++++ scripts/iiab-size.py | 0 scripts/iiab-update | 2 +- 6 files changed, 63 insertions(+), 2 deletions(-) mode change 100644 => 100755 scripts/iiab-item-size.py mode change 100644 => 100755 scripts/iiab-network create mode 100755 scripts/iiab-root-login mode change 100644 => 100755 scripts/iiab-size.py diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index d6859c120..8eb1668eb 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -34,7 +34,7 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy iiab-update & iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ +- name: Copy iiab-update & iiab-summary & iiab-diagnostics & iiab-root-login from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ @@ -43,6 +43,7 @@ - iiab-update - iiab-summary - iiab-diagnostics + - iiab-root-login - name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update file: diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-network b/scripts/iiab-network old mode 100644 new mode 100755 diff --git a/scripts/iiab-root-login b/scripts/iiab-root-login new file mode 100755 index 000000000..2d968e857 --- /dev/null +++ b/scripts/iiab-root-login @@ -0,0 +1,60 @@ +#!/bin/bash -e +# "-e" tries to exit right away on error. + +# Enable (and set!) root login password for ssh and sftp. +# To help everyday IIAB implementers upload content with FileZilla: +# https://wiki.iiab.io/go/FAQ#How_do_I_add_my_own_content%3F + +# AT YOUR OWN RISK. If this absolutely must be run non-interactively, use: +# sudo iiab-root-login <PASSWORD> + +if [ ! -f /etc/ssh/sshd_config ]; then + echo -e '\n\e[41;1mERROR: /etc/ssh/sshd_config is missing (is openssh-server installed?)\e[0m\n' + exit 1 +fi + +if ! systemctl is-active ssh > /dev/null; then + echo -e "\n\e[41;1mERROR: ssh service is not active (run 'systemctl status ssh' ?)\e[0m\n" + exit 1 +fi + +if [ $# -eq 0 ]; then + echo -e '\n\e[1;33mPICK A STRONG PASSWORD TO PROTECT YOUR IIAB!\e[0m' + echo -en '\nWhat ssh and sftp password do you want for user "root" ? ' + read ans < /dev/tty +else + ans=$1 + echo +fi + +if [[ $ans == "" ]]; then + echo -e '\n\e[41;1mEXITING: User "root" cannot have an empty password.\e[0m\n' + exit 1 +else + echo root:"$ans" | chpasswd + echo -e 'Password changed, for user "root".\n' +fi + +# Comment out problematic line(s) in file(s) like... +# /etc/ssh/sshd_config.d/60-cloudimg-settings.conf +# ...that appear in Multipass VMs, etc: +sed -i 's/^PermitRootLogin[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true +sed -i 's/^PasswordAuthentication[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true + +if grep -q '^PermitRootLogin[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PermitRootLogin[[:blank:]].*/PermitRootLogin yes/' /etc/ssh/sshd_config +else + echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config +fi + +if grep -q '^PasswordAuthentication[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PasswordAuthentication[[:blank:]].*/PasswordAuthentication yes/' /etc/ssh/sshd_config +else + echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config +fi + +if systemctl reload ssh; then + echo -e '\e[44;1mUser "root" can now upload to IIAB using FileZilla!\e[0m\n' +else + echo -e '\e[41;1mERROR: Unable to reload ssh service.\e[0m\n' +fi diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-update b/scripts/iiab-update index 76095753f..689f715e0 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -41,7 +41,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin + cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then From 24def618bc41bcbff0acd55a112f4a034ce3f0b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Aug 2024 03:34:02 -0400 Subject: [PATCH 0946/1184] roles/iiab-admin/README.rst: Update 2 links --- roles/iiab-admin/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index 5017e4186..c7c4ec5fc 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -58,14 +58,14 @@ Remote Support Tools The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN <https://en.wikipedia.org/wiki/OpenVPN>`_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. -Similarly, `access.yml <tasks/access.yml>`_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: +Similarly, `tasks/main.yml <tasks/main.yml>`_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: * `lynx <https://en.wikipedia.org/wiki/Lynx_(web_browser)>`_ * `screen <https://linuxize.com/post/how-to-use-linux-screen/>`_ *More great tools to help you jumpstart community action at a distance:* -* http://FAQ.IIAB.IO > "How can I remotely manage my Internet-in-a-Box?" +* `FAQ.IIAB.IO <https://wiki.iiab.io/go/FAQ>`_ > "How can I remotely manage my Internet-in-a-Box?" Admin Console ------------- From 49b574409a052a77c7629ca12fe928f54db58e4d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Aug 2024 04:04:43 -0400 Subject: [PATCH 0947/1184] scripts/iiab-update: Touch up for PR #3784 --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 689f715e0..4e2fe7aff 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -40,7 +40,7 @@ git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi From 0d0772aac9eef7f8f990d5528fc9269a87f8a47c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Aug 2024 23:34:30 -0400 Subject: [PATCH 0948/1184] Revert to installing Kolibri (i.e. 0.17.0+) via PPA, by default --- roles/kolibri/tasks/install.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 217d68d73..d95f36044 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,10 +125,13 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' - set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 +# 2024-08-07: Hack no longer needed! As Kolibri 0.17.0 now installs via "kolibri" PPA (https://launchpad.net/~learningequality/+archive/ubuntu/kolibri). +# Hopefully "kolibri-proposed" PPA will install 0.18 pre-releases soon, on Python 3.13 too! https://github.com/learningequality/kolibri/issues/11892 + +# - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +# set_fact: +# kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb +# when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From ee3781d38a66e353f45ff36ebda5f5815705f297 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Aug 2024 20:53:13 -0400 Subject: [PATCH 0949/1184] README.md: Fix link to FAQ app list / descriptions --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2fcb5085c..b3416aca2 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ You can build your own tiny, affordable server (an offline digital library) for Internet-in-a-Box gives you the DIY tools to: 1. Download then drag-and-drop to arrange the [very best of the World’s Free Knowledge](https://internet-in-a-box.org/#quality-content). -2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). +2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_%28IIAB_apps%29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). 3. Exchange local/indigenous knowledge with nearby communities, using our [Manage Content](https://github.com/iiab/iiab-admin-console/blob/master/roles/console/files/help/InstContent.rst#manage-content) interface and possible mesh networking. FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* From 608d05e24082463c7a27c671bea7ba7846d76d30 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 10 Aug 2024 21:41:15 -0400 Subject: [PATCH 0950/1184] iiab-diagnostics: Try paste.centos.org instead of dpaste.com --- scripts/iiab-diagnostics | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 6fe38407d..a872b88bb 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -273,13 +273,15 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b dpaste.com $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. - #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) - #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? + #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days! + #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) + #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) + #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b dpaste.com < $outfile" + echo -e " pastebinit -b paste.centos.org $outfile" fi echo -e "\e[0m" From 2c5398dfb29333e72563ee37234fa3b2e34c0b3f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 10 Aug 2024 21:48:10 -0400 Subject: [PATCH 0951/1184] iiab-diagnostics: Clarify termbin.com rudimentary/reliable option --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a872b88bb..198ad864e 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -275,7 +275,7 @@ echo -e "\e[1m" if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? - #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days! + #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days (rudimentary but reliable option if nec in future?!) #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins From e1eb26ba687503f1655e4665d21c20e4250b2d1c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 13 Aug 2024 00:15:30 -0400 Subject: [PATCH 0952/1184] Recommend ansible-core 2.17.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 51cb3b689..975acda62 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.2] -GOOD_VER=2.17.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.3] +GOOD_VER=2.17.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 86fa7bd49c9594f36b407eb5501ef0213326fd79 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 15 Aug 2024 10:00:56 -0400 Subject: [PATCH 0953/1184] test.yml: Tips to try ad hoc Ansible commands --- test.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/test.yml b/test.yml index 7afdab202..067b7cddd 100644 --- a/test.yml +++ b/test.yml @@ -1,6 +1,13 @@ # TEST ANSIBLE COMMANDS/MODULES IN SECONDS -- BY RUNNING: # ansible-playbook -i ansible_hosts test.yml --connection=local +# TEST A SINGLE ANSIBLE COMMAND/MODULE: +# ansible localhost -m ansible.builtin.setup | grep -e "ansible_machine\b" -e ansible_architecture +# ansible localhost -m ansible.builtin.shell -a 'echo $TERM' +# ansible localhost -m ansible.builtin.copy -a "src=/etc/hosts dest=/tmp/hosts" +# ansible localhost -m ansible.builtin.systemd -a "name=nginx state=restarted" +# https://docs.ansible.com/ansible/latest/command_guide/intro_adhoc.html + - hosts: all become: yes # Optional privilege escalation @@ -19,7 +26,9 @@ #- include_role: # name: 0-init - # 2024-05-16: ansible-core 2.17 RC2 still hasn't fixed this, as they migrate from Python's crypt library to passlib: + # 2024-08-15: Still not working with ansible-core 2.17.3 -- instead of + # migrating from Python's crypt library to passlib, Ansible is deprecating: + # https://github.com/ansible/ansible/issues/81949 # https://github.com/iiab/iiab/blob/485a619bfa082716ec848b5b34893dd3046175a8/roles/cups/tasks/install.yml#L70-L78 #- debug: # msg: "{{ 'changeme' | password_hash('sha512') }}" From 3bb74ec09a6048b0551c666c4232abbd5ae7982c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 22 Aug 2024 21:32:24 -0400 Subject: [PATCH 0954/1184] Moodle dev branch renamed from 'master' to 'main' --- roles/moodle/defaults/main.yml | 4 ++-- roles/moodle/tasks/install.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index b6c607027..1e05a1a76 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2023-04-25: Currently testing Moodle's master branch is mandatory if your +# April 2024: Currently testing Moodle's main branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: moodle_version: MOODLE_404_STABLE # Moodle 4.4 -#moodle_version: master # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 +#moodle_version: main # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 44ba40349..840eeb4d9 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -104,12 +104,12 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From bea4aea7a0994e3fb97e84972aa9027f399f8b12 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:45:33 -0400 Subject: [PATCH 0955/1184] Recommend ansible-core 2.17.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 975acda62..701b46107 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.3] -GOOD_VER=2.17.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.4] +GOOD_VER=2.17.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From c7000f330be9c736b9c84dda489e4da899877d2c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 15 Sep 2024 02:05:42 -0400 Subject: [PATCH 0956/1184] Introduce roles/tailscale w/ /usr/bin/iiab-vpn etc --- .../openvpn/defaults/main.yml | 0 .../openvpn/tasks/enable-or-disable.yml | 0 .../openvpn/tasks/install.yml | 0 .../openvpn/tasks/main.yml | 0 .../openvpn/templates/15-openvpn.unused | 0 .../openvpn/templates/announce | 0 .../openvpn/templates/announcer | 0 .../openvpn/templates/ca.crt | 0 .../openvpn/templates/client1.crt | 0 .../openvpn/templates/client1.key | 0 .../openvpn/templates/iiab-remote-off | 0 .../openvpn/templates/iiab-remote-on.j2 | 0 .../openvpn/templates/iiab-support | 0 .../openvpn/templates/iiab-support.older | 0 .../templates/openvpn_handle.j2.unused | 0 .../openvpn/templates/silence | 0 .../openvpn/templates/xscenet.conf.j2 | 0 roles/0-init/tasks/validate_vars.yml | 3 +- roles/1-prep/tasks/main.yml | 10 +- roles/4-server-options/tasks/main.yml | 5 - roles/iiab-admin/README.rst | 4 +- roles/iiab-admin/tasks/sudo-prereqs.yml | 2 +- roles/sshd/defaults/main.yml | 2 +- roles/tailscale/tasks/install.yml | 113 ++++++++++++++++++ roles/tailscale/tasks/main.yml | 47 ++++++++ roles/tailscale/templates/iiab-vpn | 54 +++++++++ roles/tailscale/templates/iiab-vpn-off | 7 ++ scripts/iiab-summary | 9 +- vars/default_vars.yml | 20 +--- vars/local_vars_large.yml | 13 +- vars/local_vars_medical.yml | 1 - vars/local_vars_medium.yml | 13 +- vars/local_vars_none.yml | 2 +- vars/local_vars_small.yml | 13 +- vars/local_vars_unittest.yml | 13 +- 35 files changed, 265 insertions(+), 66 deletions(-) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/defaults/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/enable-or-disable.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/install.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/15-openvpn.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/announce (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/announcer (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/ca.crt (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/client1.crt (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/client1.key (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-remote-off (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-remote-on.j2 (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-support (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-support.older (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/openvpn_handle.j2.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/silence (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/xscenet.conf.j2 (100%) create mode 100644 roles/tailscale/tasks/install.yml create mode 100644 roles/tailscale/tasks/main.yml create mode 100755 roles/tailscale/templates/iiab-vpn create mode 100755 roles/tailscale/templates/iiab-vpn-off diff --git a/roles/openvpn/defaults/main.yml b/roles/0-DEPRECATED-ROLES/openvpn/defaults/main.yml similarity index 100% rename from roles/openvpn/defaults/main.yml rename to roles/0-DEPRECATED-ROLES/openvpn/defaults/main.yml diff --git a/roles/openvpn/tasks/enable-or-disable.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/enable-or-disable.yml similarity index 100% rename from roles/openvpn/tasks/enable-or-disable.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/enable-or-disable.yml diff --git a/roles/openvpn/tasks/install.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/install.yml similarity index 100% rename from roles/openvpn/tasks/install.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/install.yml diff --git a/roles/openvpn/tasks/main.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/main.yml similarity index 100% rename from roles/openvpn/tasks/main.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/main.yml diff --git a/roles/openvpn/templates/15-openvpn.unused b/roles/0-DEPRECATED-ROLES/openvpn/templates/15-openvpn.unused similarity index 100% rename from roles/openvpn/templates/15-openvpn.unused rename to roles/0-DEPRECATED-ROLES/openvpn/templates/15-openvpn.unused diff --git a/roles/openvpn/templates/announce b/roles/0-DEPRECATED-ROLES/openvpn/templates/announce similarity index 100% rename from roles/openvpn/templates/announce rename to roles/0-DEPRECATED-ROLES/openvpn/templates/announce diff --git a/roles/openvpn/templates/announcer b/roles/0-DEPRECATED-ROLES/openvpn/templates/announcer similarity index 100% rename from roles/openvpn/templates/announcer rename to roles/0-DEPRECATED-ROLES/openvpn/templates/announcer diff --git a/roles/openvpn/templates/ca.crt b/roles/0-DEPRECATED-ROLES/openvpn/templates/ca.crt similarity index 100% rename from roles/openvpn/templates/ca.crt rename to roles/0-DEPRECATED-ROLES/openvpn/templates/ca.crt diff --git a/roles/openvpn/templates/client1.crt b/roles/0-DEPRECATED-ROLES/openvpn/templates/client1.crt similarity index 100% rename from roles/openvpn/templates/client1.crt rename to roles/0-DEPRECATED-ROLES/openvpn/templates/client1.crt diff --git a/roles/openvpn/templates/client1.key b/roles/0-DEPRECATED-ROLES/openvpn/templates/client1.key similarity index 100% rename from roles/openvpn/templates/client1.key rename to roles/0-DEPRECATED-ROLES/openvpn/templates/client1.key diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-off similarity index 100% rename from roles/openvpn/templates/iiab-remote-off rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-off diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-on.j2 similarity index 100% rename from roles/openvpn/templates/iiab-remote-on.j2 rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-on.j2 diff --git a/roles/openvpn/templates/iiab-support b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support similarity index 100% rename from roles/openvpn/templates/iiab-support rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support diff --git a/roles/openvpn/templates/iiab-support.older b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support.older similarity index 100% rename from roles/openvpn/templates/iiab-support.older rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support.older diff --git a/roles/openvpn/templates/openvpn_handle.j2.unused b/roles/0-DEPRECATED-ROLES/openvpn/templates/openvpn_handle.j2.unused similarity index 100% rename from roles/openvpn/templates/openvpn_handle.j2.unused rename to roles/0-DEPRECATED-ROLES/openvpn/templates/openvpn_handle.j2.unused diff --git a/roles/openvpn/templates/silence b/roles/0-DEPRECATED-ROLES/openvpn/templates/silence similarity index 100% rename from roles/openvpn/templates/silence rename to roles/0-DEPRECATED-ROLES/openvpn/templates/silence diff --git a/roles/openvpn/templates/xscenet.conf.j2 b/roles/0-DEPRECATED-ROLES/openvpn/templates/xscenet.conf.j2 similarity index 100% rename from roles/openvpn/templates/xscenet.conf.j2 rename to roles/0-DEPRECATED-ROLES/openvpn/templates/xscenet.conf.j2 diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 383f911a3..dee75addd 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -71,7 +71,8 @@ - dnsmasq - bluetooth - sshd - - openvpn + #- openvpn # Deprecated + - tailscale - remoteit - admin_console #- nginx # MANDATORY diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 929dd04da..16cf5976e 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,22 +3,22 @@ - name: ...IS BEGINNING ============================================ meta: noop -- name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml +- name: SSHD include_role: name: sshd when: sshd_install -- name: OPENVPN +- name: TAILSCALE (VPN) include_role: - name: openvpn - when: openvpn_install + name: tailscale + when: tailscale_install - name: REMOTE.IT include_role: name: remoteit when: remoteit_install -- name: IIAB-ADMIN -- includes roles/iiab-admin/tasks/access.yml +- name: IIAB-ADMIN -- includes {lynx, screen, sudo-prereqs.yml, admin-user.yml, pwd-warnings.yml} include_role: name: iiab-admin #when: iiab_admin_install # Flag might be created in future? diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 9bed4e5e8..583cb763d 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -19,11 +19,6 @@ #when: pylibs_installed is undefined #when: pylibs_install # Flag might be created in future? -- name: SSHD -- also run by roles/1-prep/tasks/main.yml as required by OpenVPN - include_role: - name: sshd - when: sshd_install - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index c7c4ec5fc..2dbadaa62 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -36,7 +36,7 @@ Security #. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml <https://github.com/iiab/iiab-admin-console/blob/master/vars/default_vars.yml>`_) #. ``sudo`` * Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md -* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security +* If your IIAB includes Tailscale (VPN), ``/root/.ssh/authorized_keys`` should be installed by `roles/tailscale/tasks/install.yml <../tailscale/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security * Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d <templates/sshpwd-profile-iiab.sh>`_ (and `/etc/xdg/lxsession/LXDE-pi <templates/sshpwd-lxde-iiab.sh>`_ when it exists, i.e. on Raspberry Pi OS with desktop). Example @@ -56,7 +56,7 @@ Historical Notes Remote Support Tools -------------------- -The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN <https://en.wikipedia.org/wiki/OpenVPN>`_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. +The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `Tailscale (VPN) <https://en.wikipedia.org/wiki/Tailscale>`_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. Similarly, `tasks/main.yml <tasks/main.yml>`_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: diff --git a/roles/iiab-admin/tasks/sudo-prereqs.yml b/roles/iiab-admin/tasks/sudo-prereqs.yml index 1b608fef1..9370666b2 100644 --- a/roles/iiab-admin/tasks/sudo-prereqs.yml +++ b/roles/iiab-admin/tasks/sudo-prereqs.yml @@ -1,6 +1,6 @@ - name: 'Install package: sudo' package: - name: sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) + name: sudo # (1) Should be installed prior to installing IIAB, (2) Can be installed by 1-prep's roles/tailscale/tasks/install.yml, (3) Can be installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) - name: Temporarily make file /etc/sudoers editable (0640) file: diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml index 5c9c5dc17..83a3cf36a 100644 --- a/roles/sshd/defaults/main.yml +++ b/roles/sshd/defaults/main.yml @@ -1,4 +1,4 @@ -# sshd_install: True # Required by OpenVPN +# sshd_install: True # sshd_enabled: True # sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml diff --git a/roles/tailscale/tasks/install.yml b/roles/tailscale/tasks/install.yml new file mode 100644 index 000000000..0e3bee8c1 --- /dev/null +++ b/roles/tailscale/tasks/install.yml @@ -0,0 +1,113 @@ +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 + register: df1 + + +- name: "Set up apt source (jammy) in /etc/apt/sources.list.d/tailscale.list and its key /usr/share/keyrings/tailscale-archive-keyring.gpg, to install Tailscale" + shell: | + curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg > /usr/share/keyrings/tailscale-archive-keyring.gpg + curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list > /etc/apt/sources.list.d/tailscale.list + +- name: "Install packages: jq, sudo, tailscale" + package: + name: + #- ncat # Newer versions of NMap do not include NCat, WAS needed to announce openvpn_handle (if Debian > 9 or Ubuntu > 18) + #- nmap + - jq # JSON parser used by /usr/bin/iiab-support == /usr/bin/iiab-vpn + - sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by 1-prep here, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) + - tailscale + update_cache: yes + +- name: Set up tab completion for 'tailscale' at the command-line + shell: tailscale completion bash > /etc/bash_completion.d/tailscale + +- name: "Install ssh public keys for remote support (only runs if 'tailscale_install: True')" + lineinfile: + line: "{{ item.pubkey }}" + regexp: "{{ item.regexp }}" + path: /root/.ssh/authorized_keys + with_items: + - regexp: "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" # Tim Moody + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhlQIh8ZPx4awdM0O6QNcPbx3qIZ39FHjF2YJ2SX3z7iLnYiz03Ek6Bux9P4HvaVAqlApiz2I68Vq8TfU2s/+LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=" + - regexp: "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxAmjU7VojyK+0Pjp2p8CCGTNBtE565A/L8IVbAT8MIucRE9LN1g5LjGnOHUShFJpwuTR1JLX2r9EDRMsf9MmyTgUAnuyP005giWVHXLPtjyjTzbsJ1DEtXRytulmF+GlCOaqPWNde6EOmReqPHbmjIQpRZ/Sc8hziS4jVSQuBA9EhaBmZ62CPqK33mPJvnpwMtdd6nHXAcXsZhStd3NhVDm27+B3sHI6mr2w7ExdBXE5DKiZL2po8n2y4hJYZreJopbjcQmv4oWdDWvPu5I92xDgYCsqcE7zSrv1um+tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal" + - regexp: "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApHPly+EA1M4bispl3AulTLjyYCjcJzh6s779K3epDkqh600a+fHsdIiddWCAfIonRq+9MJyOiaNQ+WYLOuajI1IiFZWFt45xDAiyCUnyuT+ytAX+IA3TgTwgTZPfzDOzI8rDRV9Sgl+LZLfPno7T3qxcGx2l51bRk+koRK+Txpph//M3jGvsFmTKhjvfxgEIUmMH9SkASxEdyqASr0+/+uLR92MnT+8CT1pOYYoJyZp9Lta5eGqJvbEmd3Dn7MXqD3vXE57o4rBJ0bR3q5LK59WVNxNQbulJ9z5V7aTJ4AbBFQWxm0fH0gBx+heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank" + +# CLARIF: plus signs (+) in public keys cause duplicate key additions (above) +# and failure during removal (below) as "+" has a special meaning as +# interpreted in a Python regexp, as implemented by Ansible's lineinfile module: +# https://docs.python.org/2/library/re.html + +# WORKAROUND: the tail end of each public key (after the last plus sign) is +# being used (instead of the full key) as an abbreviated regexp for now. +# A backslash in front of each plus sign (+) would also work. + +# - name: Remove those ssh public keys, if not tailscale_enabled +# lineinfile: +# regexp: "{{ item }}" +# path: /root/.ssh/authorized_keys +# state: absent +# with_items: +# - "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" +# - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" +# - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" +# when: not tailscale_enabled + +- name: Install /usr/bin/iiab-vpn & /usr/bin/iiab-vpn-off (BACKS UP FILES IF CHANGED) + template: + src: "{{ item }}" + dest: /usr/bin/ + mode: '0755' + backup: yes + with_items: + - iiab-vpn + - iiab-vpn-off + +- name: Symlink /usr/bin/iiab-vpn-on -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-vpn-on + state: link + +- name: Symlink /usr/bin/iiab-support -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-support + state: link + +- name: Symlink /usr/bin/iiab-support-on -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-support-on + state: link + +- name: Symlink /usr/bin/iiab-support-off -> /usr/bin/iiab-vpn-off + file: + src: /usr/bin/iiab-vpn-off + path: /usr/bin/iiab-support-off + state: link + + +# RECORD Tailscale AS INSTALLED + +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 + register: df2 + +- name: Add 'tailscale_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: tailscale + option: tailscale_disk_usage + value: "{{ df2.stdout|int - df1.stdout|int }}" + +- name: "Set 'tailscale_installed: True'" + set_fact: + tailscale_installed: True + +- name: "Add 'tailscale_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^tailscale_installed' + line: 'tailscale_installed: True' diff --git a/roles/tailscale/tasks/main.yml b/roles/tailscale/tasks/main.yml new file mode 100644 index 000000000..fc8af13e5 --- /dev/null +++ b/roles/tailscale/tasks/main.yml @@ -0,0 +1,47 @@ +# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" + + +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 + +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "tailscale_install is sameas true" (boolean not string etc) + assert: + that: tailscale_install is sameas true + fail_msg: "PLEASE SET 'tailscale_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "tailscale_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: tailscale_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'tailscale_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install Tailscale if 'tailscale_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: tailscale_installed is undefined + + +#- include_tasks: enable-or-disable.yml + + +- name: Add 'tailscale' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: tailscale + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Tailscale (VPN) + - option: description + value: '"Tailscale enables live/remote support by connecting machines anywhere on the Internet, using a software-defined mesh virtual private network (VPN), and optional web-based management service."' + - option: tailscale_install + value: "{{ tailscale_install }}" + - option: tailscale_enabled + value: "{{ tailscale_enabled }}" diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn new file mode 100755 index 000000000..05ae623f3 --- /dev/null +++ b/roles/tailscale/templates/iiab-vpn @@ -0,0 +1,54 @@ +#!/bin/bash + +# USEFUL DOC: https://tailscale.com/kb/1080/cli#status + +VPN_URL=https://iiab.net +VPN_KEY="$1" + +# if tailscale status > /dev/null; then # MANY IMPERFECT TESTS OF TAILNET CONNECTIVITY: tailscale0 CAN lose its IP address, as shown by 'ip a' and 'hostname -I' (testing 'systemctl is-active tailscaled' is likely no better!) Unclear if 'tailscale status --json | jq -r .Self.Online' is much better? Maybe explore 'tailscale debug --help' and 'tailscale debug prefs' for a cleaner/authoritative verdict? Or use + display string output of 'systemctl show tailscaled --property=StatusText' e.g. 'StatusText=Connected; iiab; 100.64.0.4' ? (OR JUST DON'T WORRY ABOUT IT, AS THE ~3 'tailscale up' COMMANDS BELOW ARE MORE PROACTIVE... AND APPEAR FAST + SAFE!) +# echo -e "\n\e[1;33mAlready connected to VPN!?\e[0m" +# else +# [NEST ~20 LINES OF IF STATEMENTS FURTHER BELOW?] + +# Check that current profile key still exists in /var/lib/tailscale/tailscaled.state ? (As 'tailscale logout' wipes it!) In the end, these are 3 lousy tests... +# if [ -f /var/lib/tailscale/tailscaled.state ] && [[ $(grep -c $(jq -r '."_current-profile"' /var/lib/tailscale/tailscaled.state) /var/lib/tailscale/tailscaled.state) > 1 ]]; then +# if ! [[ $(tailscale status | tr '[:upper:]' '[:lower:]') =~ "logged out" ]]; then +# if [[ $(tailscale status --json | jq -r .CurrentTailnet.Name) = "iiab.community" ]]; then + +# UX Optimization: {iiab-vpn, iiab-support} can be run WITHOUT key *IF* .BackendState is "Stopped" or "Running" *AND* .ControlURL is $VPN_URL (avoid their default, https://controlplane.tailscale.com !) +if [[ $(tailscale status --json | jq -r .BackendState) != "NeedsLogin" && $(tailscale debug prefs | jq -r .ControlURL) = $VPN_URL ]]; then + if ! tailscale up --login-server "$VPN_URL" --timeout 8s; then # (Re-)passing $VPN_URL is overkill on this line, but can't hurt! + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN\e[0m\n" + exit 1 + fi +elif [ -z $VPN_KEY ]; then + echo -e "\n\e[1;33mVPN key required!\e[0m\n\nEmail holt@unleashkids.org to explain your need?\n" + exit 1 +else + if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" + # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... + # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) + # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) + if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" + exit 1 + fi + fi +fi + +# jq 1.7 (2023-09-05) on new OS's also allows new syntax... jq -r .Node.Tags.[] +# Can also work: tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[]) +echo -e "\n\e[44;1mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\e[0m\n" +echo -e " hostname -I" +echo -e " tailscale ip" +echo -e " tailscale status" +echo -e " tailscale whois $(tailscale ip -1)" +echo -e " tailscale whois --json $(tailscale ip -1) | jq" +echo -e " tailscale ping [IP or HOSTNAME]" +echo -e " tailscale status --json | jq" +echo -e " systemctl status tailscaled\n" +echo -e "\e[4mTo disconnect from VPN:\e[0m\n" +echo -e " tailscale down\n" +echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" +echo -e " tailscale logout\n" diff --git a/roles/tailscale/templates/iiab-vpn-off b/roles/tailscale/templates/iiab-vpn-off new file mode 100755 index 000000000..75ea5c0f3 --- /dev/null +++ b/roles/tailscale/templates/iiab-vpn-off @@ -0,0 +1,7 @@ +#!/bin/bash + +tailscale down + +echo -e "\n\e[44;1mDisconnecting from VPN...\e[0m\n" +echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" # Expires machine node key, from /var/lib/tailscale/tailscaled.state +echo -e " tailscale logout\n" # ...as seen by 'tailscale status --json' (related: 'tailscale debug prefs') diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 7551aad08..80b6e521f 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -79,8 +79,13 @@ echo /opt/iiab/iiab/scripts/iiab-apps-to-be-installed > /dev/null echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(cat /tmp/iiab-apps-to-be-installed | wc -l)" echo +#grep "^openvpn_handle:" /etc/iiab/local_vars.yml +#grep "^tailscale_installed:" /etc/iiab/iiab_state.yml +if [[ $(command -v /usr/bin/tailscale) ]]; then + #echo "VPN: $(tailscale ip) $(tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[])" + echo "VPN: $(tailscale ip) $(tailscale status --json | jq -r .Self.Tags[])" +fi echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net -grep "^openvpn_enabled:" /etc/iiab/local_vars.yml -grep "^openvpn_handle:" /etc/iiab/local_vars.yml +echo $(echo $(hostname -A) $(hostname -a) | xargs -n1 | sort | uniq) hostname -I echo diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 13291b20d..68a520970 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -219,8 +219,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml @@ -232,17 +232,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -openvpn_handle: "" # Empty string on purpose since ~2016, for /etc/iiab/uuid -# SEE https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/main.yml#L5-L20 -# cron seemed necessary on CentOS: -openvpn_cron_enabled: False -# General OpenVPN settings -openvpn_server: xscenet.net -openvpn_server_real_ip: 3.89.148.185 -openvpn_server_virtual_ip: 10.8.0.1 -openvpn_server_port: 1194 +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo, @@ -289,8 +281,6 @@ nginx_log_dir: /var/log/nginx # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 3903530ed..7f0d398fe 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: LARGE - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 66798cb05..5df26eb52 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -12,7 +12,6 @@ munin_install: True munin_enabled: True vnstat_install: True vnstat_enabled: True -openvpn_handle: "MEDICAL - Put Your Name Here" usb_lib_umask0000_for_kolibri: False apache_allow_sudo: True # By default diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 40b960608..08afaab93 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: MEDIUM-sized - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index a13c825ac..1e5c03ead 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -1,6 +1,6 @@ # turn off defaults remoteit_install: False -openvpn_install: False +tailscale_install: False kolibri_install: False kolibri_enabled: False kiwix_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 288395d69..70206e9ec 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: SMALL - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 19c47ca74..026187075 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: True -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: UNITTEST - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) From f07832105d8a9af85086eeee0117256cc292950a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 15 Sep 2024 05:17:38 -0400 Subject: [PATCH 0957/1184] Add openvpn to unmaintained-roles.txt, per PR #3798 --- unmaintained-roles.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/unmaintained-roles.txt b/unmaintained-roles.txt index c30178fbc..3573e6f75 100644 --- a/unmaintained-roles.txt +++ b/unmaintained-roles.txt @@ -13,6 +13,7 @@ httpd-enable idmgr moodle-1.9 nodogsplash +openvpn osm owncloud pathagar From c88f1418adfb4540e526751c93e4d5445aa75ea5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 15 Sep 2024 05:48:08 -0400 Subject: [PATCH 0958/1184] nextcloud/README.md: Mention NEW Nextcloud 30 --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index e74518b32..c0eb0f9b3 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -42,7 +42,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre - https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- https://docs.nextcloud.com/server/30/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml ## Using It From 35bdd1181b5b16414f792d9658a3257d4fd24446 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Sep 2024 08:22:46 -0400 Subject: [PATCH 0959/1184] iiab-vpn doc for #3798: tailscale ping --verbose [IP or HOSTNAME] --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 05ae623f3..2bdc964af 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -45,7 +45,7 @@ echo -e " tailscale ip" echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" echo -e " tailscale whois --json $(tailscale ip -1) | jq" -echo -e " tailscale ping [IP or HOSTNAME]" +echo -e " tailscale ping --verbose [IP or HOSTNAME]" echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" From d3d0b9767c29fc3108dc6510993a20532bd9be0e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Sep 2024 09:39:44 -0400 Subject: [PATCH 0960/1184] iiab-vpn: Tailscale tips for Android, Mac/iOS, Windows --- roles/tailscale/templates/iiab-vpn | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 2bdc964af..2b02a7119 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -1,6 +1,10 @@ #!/bin/bash -# USEFUL DOC: https://tailscale.com/kb/1080/cli#status +# USEFUL DOCS: +# https://tailscale.com/kb/1080/cli#status +# https://headscale.net/android-client/ +# https://headscale.net/apple-client/ +# https://headscale.net/windows-client/ VPN_URL=https://iiab.net VPN_KEY="$1" From 5414eb3c384553728767e6b1b417ae2b2fc74ed3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Sep 2024 11:34:32 -0400 Subject: [PATCH 0961/1184] iiab-vpn tip: Show IPs tagged with usernames --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 2b02a7119..ad15f57c8 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -50,7 +50,7 @@ echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" echo -e " tailscale whois --json $(tailscale ip -1) | jq" echo -e " tailscale ping --verbose [IP or HOSTNAME]" -echo -e " tailscale status --json | jq" +echo -e " tailscale status --json | grep -B3 tag:" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" echo -e " tailscale down\n" From 71f6d0371b05edba0a0a72d2bed0576947e3e01e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Sep 2024 15:08:55 -0400 Subject: [PATCH 0962/1184] iiab-vpn shows status of each IP (+ better tips!) --- roles/tailscale/templates/iiab-vpn | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index ad15f57c8..41596b959 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -32,8 +32,8 @@ else if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... - # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) - # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) + # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) + # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" exit 1 @@ -48,11 +48,15 @@ echo -e " hostname -I" echo -e " tailscale ip" echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" -echo -e " tailscale whois --json $(tailscale ip -1) | jq" +echo -e " tailscale whois --json $(tailscale ip -1) | jq .Node.Endpoints,.Node.Hostinfo" echo -e " tailscale ping --verbose [IP or HOSTNAME]" -echo -e " tailscale status --json | grep -B3 tag:" +echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" echo -e " tailscale down\n" echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" + +# More useful output than 'tailscale status' +echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t From e98cd76ec00c1983aaabde49d5cc35fc4a07177e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Sep 2024 15:17:59 -0400 Subject: [PATCH 0963/1184] iiab-vpn: Trailing newline forgotten in PR #3800 --- roles/tailscale/templates/iiab-vpn | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 41596b959..a7ea67298 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -60,3 +60,4 @@ echo -e " tailscale logout\n" # More useful output than 'tailscale status' echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +echo From 086087b65bf1b28b3f0443b468b1a70416057893 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Sep 2024 19:51:15 -0400 Subject: [PATCH 0964/1184] iiab-vpn PR #3800 doc: Table of IPs/usernames/etc --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index a7ea67298..81cbe332c 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -57,7 +57,7 @@ echo -e " tailscale down\n" echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" -# More useful output than 'tailscale status' +# More useful table of IPs/usernames/etc than 'tailscale status' echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t echo From d72e60c87d62c1807732b9b88e0a22e956f3d8b3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 22 Sep 2024 19:19:35 -0400 Subject: [PATCH 0965/1184] Doc fixes for Tailscale PRs #3798 & #3800 --- roles/1-prep/README.adoc | 2 +- roles/2-common/tasks/packages.yml | 1 - roles/firmware/templates/iiab-check-firmware | 2 +- roles/network/templates/gateway/iiab-gen-iptables | 2 +- roles/nginx/README.md | 2 +- 5 files changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index 9d0154d73..997ec812b 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -6,7 +6,7 @@ https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible[stage] hardware, low-level OS quirks, and basic security: * SSHD -* OpenVPN if/as needed later for remote support +* Tailscale if/as needed later for remote support * https://github.com/iiab/iiab/tree/master/roles/iiab-admin#iiab-admin-readme[iiab-admin] username and group, to log into Admin Console * dnsmasq (install now, configure later!) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 95b227d95..681d8b83f 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -29,7 +29,6 @@ - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download - #- sudo # 991kB download: RasPiOS installs this regardless -- (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml - tar # 799kB download: RasPiOS installs this regardless - unzip # 151kB download: RasPiOS installs this regardless #- usbmount # 18kB download: Moved to roles/usb_lib/tasks/install.yml diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index a7a36a626..b2f7a1cce 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -19,7 +19,7 @@ # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 -# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN +# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN iiab_var_value() { v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 0a8b6a80e..77717a748 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -39,7 +39,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 -# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN +# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and # (2) Chops up Ansible vars containing multiple words w/o surrounding quotes. diff --git a/roles/nginx/README.md b/roles/nginx/README.md index dd2311a15..2c5f65590 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -52,11 +52,11 @@ * kalite (menu goes directly to ports 8006-8008) * minetest * mosquitto - * openvpn * pbx [FreePBX is usable with _both_ NGINX and Apache as of 2021-08-18, thanks to PR [#2954](https://github.com/iiab/iiab/pull/2954)] * phpmyadmin [*, requires Apache for now, as in Section iii.] * samba [*, [PR #2923](https://github.com/iiab/iiab/pull/2923)] * sshd + * tailscale * transmission * vnstat From 95986ae681c8324f8ea3f8f436311aa726dd9620 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 22 Sep 2024 23:20:07 -0400 Subject: [PATCH 0966/1184] Refine iiab-vpn status table of Tailscale IPs/usernames/etc --- roles/tailscale/templates/iiab-vpn | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 81cbe332c..0157b02c4 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -58,6 +58,11 @@ echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' -echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +#echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +#tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " " + (.Online|tostring) + " " + .OS' | sort -V | column -t | \ + while read line; do + echo "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); + done echo From 13fcd0f9c57517df1964d8bfbb28b6bb94ca131a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 23 Sep 2024 03:52:37 -0400 Subject: [PATCH 0967/1184] Tighten & brighten iiab-vpn status table --- roles/tailscale/templates/iiab-vpn | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 0157b02c4..4df98d273 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -60,9 +60,11 @@ echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' #echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t -echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " " + (.Online|tostring) + " " + .OS' | sort -V | column -t | \ - while read line; do - echo "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); +#echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' +echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ + while read l; do + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From c81e3629ff213350b3dae4a41a16b6def80e55b6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 28 Sep 2024 11:11:22 -0400 Subject: [PATCH 0968/1184] `nodocs: True` in local_vars_unittest.yml --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 026187075..cbcf0d958 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -222,7 +222,7 @@ nginx_high_php_limits: False apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) -nodocs: False +nodocs: True # 5-XO-SERVICES From 278ec39f2c718236da05526289d106ecc1a665e1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 29 Sep 2024 11:33:05 -0400 Subject: [PATCH 0969/1184] Internet access test..more relevant..for IIAB docs --- roles/www_options/tasks/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 1d5b642e0..b26256239 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -94,10 +94,12 @@ # 2022-06-30: internet_available var removed -- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' +- name: 'Test for Internet access, using: https://wiki.iiab.io' get_url: - url: "{{ iiab_download_url }}/heart-beat.txt" - dest: /tmp/heart-beat.txt + #url: "{{ iiab_download_url }}/heart-beat.txt" + url: https://wiki.iiab.io + #dest: /tmp/heart-beat.txt + dest: /tmp/internet_access_test.html #timeout: "{{ download_timeout }}" # @jvonau recommends: 100sec is too much (keep 10sec default) ignore_errors: True @@ -105,9 +107,9 @@ #poll: 2 register: internet_access_test -- name: Remove downloaded Internet test file /tmp/heart-beat.txt +- name: Remove downloaded Internet test file /tmp/internet_access_test.html file: - path: /tmp/heart-beat.txt + path: /tmp/internet_access_test.html state: absent - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml) From 90d6af32a782532c62aa15d07309d9d9596b27be Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Sep 2024 09:45:55 -0400 Subject: [PATCH 0970/1184] Mention Calibre-Web's official upstream install instructions --- roles/calibre-web/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a6e8d4f56..1d738a8df 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -18,6 +18,9 @@ ignore_errors: True # Shows red errors, and continue... #failed_when: False # Hides red errors, and continue... +# Official upstream instructions: +# apt install python3-pip python3-venv +# https://github.com/janeczku/calibre-web/wiki/Manual-installation - name: "Install packages: imagemagick, python3-netifaces" package: name: From 08f2f2191ccb6675f564a1679bbdb45d5b5aaa88 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Sep 2024 16:39:47 -0400 Subject: [PATCH 0971/1184] Cleaner columns in iiab-vpn output, when tag &/or relay missing --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 4df98d273..c79b1dccb 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -62,7 +62,7 @@ echo -e " tailscale logout\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t #echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ +tailscale status --json | jq -r '.Self,.Peer[] | (if .Tags[] == "" then "-" else .Tags[] end) + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); From d941a8ffbec9f44d6fa897f72ccfe72287afc39b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Sep 2024 21:52:11 -0400 Subject: [PATCH 0972/1184] MediaWiki 1.42.3 (security & maintenance release) --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 1787b2807..4a7abf5de 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 1 +mediawiki_minor_version: 3 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 526dc22fb86a5678469adc7e83d13d3b0da2618f Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Tue, 1 Oct 2024 16:39:22 -0400 Subject: [PATCH 0973/1184] Make calibre-web role install cryptography --- roles/calibre-web/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1d738a8df..dae058820 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -24,6 +24,7 @@ - name: "Install packages: imagemagick, python3-netifaces" package: name: + - python3-cryptography - imagemagick - python3-netifaces state: present From 1f75537309cce53f5eeeef0801431c5c56685843 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 1 Oct 2024 17:59:46 -0400 Subject: [PATCH 0974/1184] calibre-web/tasks/install.yml: Explain python3-cryptography --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index dae058820..3ed72cc9b 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,11 +21,11 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install packages: imagemagick, python3-cryptography, python3-netifaces" package: name: - - python3-cryptography - imagemagick + - python3-cryptography # Required on Raspberry Pi OS - python3-netifaces state: present From 23e92b585322c67696a5fef67179212c096f5b04 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 1 Oct 2024 18:52:20 -0400 Subject: [PATCH 0975/1184] calibre-web/tasks/install.yml: Mention iiab/calibre-web#260 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 3ed72cc9b..5e1f66933 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -25,7 +25,7 @@ package: name: - imagemagick - - python3-cryptography # Required on Raspberry Pi OS + - python3-cryptography # Required on Raspberry Pi OS (see iiab/calibre-web#260) - python3-netifaces state: present From c7b566418bc4d541ccabd16f99317ed17a6fbf3a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 1 Oct 2024 19:58:33 -0400 Subject: [PATCH 0976/1184] scripts/iiab-update: Also update /usr/bin/iiab-vpn --- scripts/iiab-update | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4e2fe7aff..63f4a8a68 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -38,9 +38,14 @@ fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit + echo + if grep -q 'tailscale_installed: True' /etc/iiab/iiab_state.yml; then + echo -e "\e[4mNow running: cp -u roles/tailscale/templates/iiab-vpn /usr/bin\e[0m\n" + cp -u roles/tailscale/templates/iiab-vpn /usr/bin + fi if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" + echo -e "\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi From e7eb246a1d50369c02432099431767166de15b25 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 2 Oct 2024 13:24:45 -0400 Subject: [PATCH 0977/1184] local_vars_unittest.yml: SKIP roles/network, for FASTER UNIT TESTING --- vars/local_vars_unittest.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index cbcf0d958..fe44a58ab 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -12,6 +12,12 @@ # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. +# We SKIP roles/network, for FASTER UNIT TESTING! (so IF an internal hotspot +# is later desired, change these two lines to 'True', then run 'iiab-network') +network_install: False +network_enabled: False + + # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 100 From 297afc3b728eb35b016b3415e2ee1b805e2d977a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 2 Oct 2024 16:49:25 -0400 Subject: [PATCH 0978/1184] RIP apt package 'wireless-tools' (or Debian 13+ might keep it?) --- roles/network/tasks/install.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 680b95233..f7c1a5b9a 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -18,7 +18,7 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 12 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml @@ -32,10 +32,18 @@ - netmask # 25kB download: Handy utility -- helps determine network masks - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP state: present +# 2024-10-02: Legacy apt package 'wireless-tools' no longer offered by Ubuntu +# 24.10+ (#3805) but FYI: https://en.wikipedia.org/wiki/Wireless_tools_for_Linux +- name: "Install legacy apt package wireless-tools, if OS still supports it -- or intentionally show (HARMLESS!) red error -- helping to monitor Linux's evolution" + package: + name: wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions + state: present + ignore_errors: True # Intentionally show red error, and continue. + #failed_when: False # Hides red errors (stronger than 'ignore_errors: yes') + # 2021-08-17: Debian ignores this, according to 2013 post: # https://serverfault.com/questions/511099/debian-ignores-etc-network-if-pre-up-d-iptables # - name: Install /etc/network/if-pre-up.d/iptables from template (0755) From ccf87c8b90e79b82d40cabe2d91406a229806d64 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 2 Oct 2024 21:07:50 -0400 Subject: [PATCH 0979/1184] iiab-diagnostics: Note https://temp.sh for pastebin-like large file xfer --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 198ad864e..47a1ae015 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -273,7 +273,7 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs. ASIDE: Quirky pastebin-like https://temp.sh can sometimes work (like a file transfer service) for larger files. pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days (rudimentary but reliable option if nec in future?!) #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) From 8e09f02bed723179ea67c6ac3f5d3aa39ec09ee8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 7 Oct 2024 15:47:00 -0400 Subject: [PATCH 0980/1184] Recommend ansible-core 2.17.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 701b46107..b7c13abc7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.4] -GOOD_VER=2.17.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.5] +GOOD_VER=2.17.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From ab8c071374cb104e1afb6a7f2cea486964d037c9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 9 Oct 2024 00:25:05 -0400 Subject: [PATCH 0981/1184] moodle/tasks/install.yml: Install 4.6dev if PHP >= 8.4 --- roles/moodle/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 840eeb4d9..9fd5aee8b 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -96,21 +96,21 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.3 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.4 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) - when: php_version is version('8.3', '<') + when: php_version is version('8.4', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.4" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) - when: php_version is version('8.3', '>=') + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 4.6dev in Oct 2024) + when: php_version is version('8.4', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 49d7160116b1b95cfdcabdeeb357c84559041ccc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 9 Oct 2024 00:27:55 -0400 Subject: [PATCH 0982/1184] moodle/defaults/main.yml: Install 4.5 LTS by default, or... --- roles/moodle/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 1e05a1a76..7f668865d 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# April 2024: Currently testing Moodle's main branch is mandatory if your -# OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your -# OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_404_STABLE # Moodle 4.4 -#moodle_version: main # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 +# October 2024: Currently testing Moodle's main branch is mandatory if your +# OS PHP >= 8.4, see moodle/tasks/install.yml for detail! OR, *IF* your +# OS PHP < 8.4, then {{ moodle_version }} will be attempted: +moodle_version: MOODLE_405_STABLE # Moodle 4.5 +#moodle_version: main # e.g. to try Moodle's "weekly" 4.6dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From 4be68d3ac1a6e0ed73a9b887f5cfcd3e4b38ee04 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 9 Oct 2024 00:51:57 -0400 Subject: [PATCH 0983/1184] moodle/tasks/install.yml: Revise disk footprint estimates --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 9fd5aee8b..5f42508bc 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -96,7 +96,7 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.4 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} < 8.4 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle @@ -104,7 +104,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.4', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.4" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} >= 8.4" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From d07ae98898c08068311d37c2709308d89fdf6f6e Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 11 Oct 2024 01:29:45 -0400 Subject: [PATCH 0984/1184] Ubuntu 25.04 pre-release testing; Discourage 3 old OS's --- scripts/local_facts.fact | 7 ++++--- vars/default_vars.yml | 3 ++- vars/{linuxmint-21.yml => linuxmint-21.yml.unused} | 0 vars/{ubuntu-2310.yml => ubuntu-2310.yml.unused} | 0 vars/ubuntu-2504.yml | 5 +++++ 5 files changed, 11 insertions(+), 4 deletions(-) rename vars/{linuxmint-21.yml => linuxmint-21.yml.unused} (100%) rename vars/{ubuntu-2310.yml => ubuntu-2310.yml.unused} (100%) create mode 100644 vars/ubuntu-2504.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index a24a1a2da..e9f1fdb19 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -72,8 +72,11 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2104" | \ #"ubuntu-2110" | \ #"ubuntu-2210" | \ + #"ubuntu-2204" | \ #"ubuntu-2304" | \ + #"ubuntu-2310" | \ #"linuxmint-20" | \ + #"linuxmint-21" | \ #"raspbian-8" | \ #"raspbian-9" | \ #"raspbian-10" | \ @@ -85,11 +88,9 @@ OS_VER="$OS-$VERSION_ID" case $OS_VER in "debian-12" | \ "debian-13" | \ - "ubuntu-2204" | \ - "ubuntu-2310" | \ "ubuntu-2404" | \ "ubuntu-2410" | \ - "linuxmint-21" | \ + "ubuntu-2504" | \ "linuxmint-22" | \ "raspbian-12" | \ "raspbian-13") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 68a520970..caa6fd774 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -764,6 +764,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2504: False is_ubuntu_2410: False is_ubuntu_2404: False is_ubuntu_2310: False @@ -780,7 +781,7 @@ is_ubuntu_2204: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_22: False -is_linuxmint_21: False +#is_linuxmint_21: False #is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml.unused similarity index 100% rename from vars/linuxmint-21.yml rename to vars/linuxmint-21.yml.unused diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml.unused similarity index 100% rename from vars/ubuntu-2310.yml rename to vars/ubuntu-2310.yml.unused diff --git a/vars/ubuntu-2504.yml b/vars/ubuntu-2504.yml new file mode 100644 index 000000000..a548ba9a1 --- /dev/null +++ b/vars/ubuntu-2504.yml @@ -0,0 +1,5 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2504: True From aedc893bd1a5af349b9ac44f7dfdcd497915fbee Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 11 Oct 2024 14:49:58 -0400 Subject: [PATCH 0985/1184] iiab-summary: Clean output, when tailscale has no IP --- scripts/iiab-summary | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 80b6e521f..73bcc9693 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -81,7 +81,8 @@ echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /l echo #grep "^openvpn_handle:" /etc/iiab/local_vars.yml #grep "^tailscale_installed:" /etc/iiab/iiab_state.yml -if [[ $(command -v /usr/bin/tailscale) ]]; then +#if [[ $(command -v /usr/bin/tailscale) ]]; then +if tailscale ip &> /dev/null; then #echo "VPN: $(tailscale ip) $(tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[])" echo "VPN: $(tailscale ip) $(tailscale status --json | jq -r .Self.Tags[])" fi From 194ac9b469c49fd234dcf1778862196f9bf4b61f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 12 Oct 2024 21:48:14 -0400 Subject: [PATCH 0986/1184] README.md: Mention 50+ FAQ.IIAB.IO questions + answers --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b3416aca2..2cabf030c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 50+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 75f9f613583a1b9d63181b06f1762471310d2179 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 15 Oct 2024 21:35:47 -0400 Subject: [PATCH 0987/1184] moodle/defaults/main.yml: 4.6dev -> 5.0dev for #3826 --- roles/moodle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 7f668865d..a687dc4b4 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -12,7 +12,7 @@ # OS PHP >= 8.4, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.4, then {{ moodle_version }} will be attempted: moodle_version: MOODLE_405_STABLE # Moodle 4.5 -#moodle_version: main # e.g. to try Moodle's "weekly" 4.6dev pre-release *EVEN IF* OS PHP < 8.4 +#moodle_version: main # e.g. to try Moodle's "weekly" 5.0dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From ec348fcc022934baa8010e08c3f6209616300eff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 15 Oct 2024 21:36:33 -0400 Subject: [PATCH 0988/1184] moodle/defaults/install.yml: 4.6dev -> 5.0dev for #3826 --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 5f42508bc..00cf13066 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -109,7 +109,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 4.6dev in Oct 2024) + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 5.0dev in Oct 2024) when: php_version is version('8.4', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From f00f225e280f17cf8719654bf5aa21ef1016e2c6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 17 Oct 2024 15:22:57 -0400 Subject: [PATCH 0989/1184] iiab-vpn: Fix PR #3813 output, when Tailscale tag is missing --- roles/tailscale/templates/iiab-vpn | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index c79b1dccb..bb9a32dc0 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -62,7 +62,8 @@ echo -e " tailscale logout\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t #echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | (if .Tags[] == "" then "-" else .Tags[] end) + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ +# (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null +tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); From 018b0d21b8d6d18744d7ab231f255cb18f9c0b20 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 18 Oct 2024 00:07:22 -0400 Subject: [PATCH 0990/1184] PR #3834: Tighten iiab-vpn output of online/offline --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index bb9a32dc0..438f627c1 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -65,7 +65,7 @@ echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + line=$(echo "$l" | sed 's/ XXXtrueXXX / ✅/ ; s/ XXXfalseXXX / ❌ /') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 759ebb48dd516a0c87415f22974bb0d7aec6a1d7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 18 Oct 2024 08:24:47 -0400 Subject: [PATCH 0991/1184] iiab-vpn: Revert 018b0d2, as online/offline colors failed on some terminals --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 438f627c1..bb9a32dc0 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -65,7 +65,7 @@ echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX / ✅/ ; s/ XXXfalseXXX / ❌ /') + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 965d4944124501bfb74622f0f2ce5dd5272a0084 Mon Sep 17 00:00:00 2001 From: tim-moody <tim@timmoody.com> Date: Wed, 23 Oct 2024 09:25:13 -0400 Subject: [PATCH 0992/1184] only support versioned zims if have YYYY-MM ending --- roles/pylibs/templates/iiab_lib.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/roles/pylibs/templates/iiab_lib.py b/roles/pylibs/templates/iiab_lib.py index ef9da7e82..13044c0c2 100644 --- a/roles/pylibs/templates/iiab_lib.py +++ b/roles/pylibs/templates/iiab_lib.py @@ -6,6 +6,7 @@ import os import json import subprocess import shlex +import re import xml.etree.ElementTree as ET import iiab.iiab_const as CONST @@ -46,11 +47,17 @@ def get_zim_list(path): if filename in CONST.old_zim_map: # handle old names that don't parse perma_ref = CONST.old_zim_map[filename] else: - ulpos = filename.rfind("_") - # but old gutenberg and some other names are not canonical - if filename.rfind("-") < 0: # non-canonical name - ulpos = filename[:ulpos].rfind("_") - perma_ref = filename[:ulpos] + # handle various zim name patterns: + # 1. canonical zim ending in _YYYY-MM + # as of 10/16/2024 it looks like all Kiwix zims fit this pattern + # 2. otherwise assume no versioning and perma_ref = filename + + match = re.search("_[0-5][0-9][0-5][0-9]-[0-5][0-9]$", filename) + if match: + perma_ref = filename[: match.span()[0]] + else: + perma_ref = filename + zim_info['file_name'] = filename zim_versions[perma_ref] = zim_info # if there are multiples, last should win return files_processed, zim_versions From ef868120a1ead3fb1276e6869b4db2f11004b7c6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 27 Oct 2024 10:19:18 -0600 Subject: [PATCH 0993/1184] Revert PR #3815: python3-cryptography no longer needed --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5e1f66933..a863f541e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,11 +21,11 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-cryptography, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - imagemagick - - python3-cryptography # Required on Raspberry Pi OS (see iiab/calibre-web#260) + #- python3-cryptography # Was needed on Raspberry Pi OS (SEE iiab/calibre-web#260, janeczku/calibre-web#3183) - python3-netifaces state: present From 0616e1c097f4c40abc40e36e6336500a60886366 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 28 Oct 2024 14:33:41 -0400 Subject: [PATCH 0994/1184] Fix tailscale tab completion (mkdir -p /etc/bash_completion.d) --- roles/tailscale/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/tasks/install.yml b/roles/tailscale/tasks/install.yml index 0e3bee8c1..97e939a84 100644 --- a/roles/tailscale/tasks/install.yml +++ b/roles/tailscale/tasks/install.yml @@ -19,7 +19,7 @@ update_cache: yes - name: Set up tab completion for 'tailscale' at the command-line - shell: tailscale completion bash > /etc/bash_completion.d/tailscale + shell: mkdir -p /etc/bash_completion.d && tailscale completion bash > /etc/bash_completion.d/tailscale - name: "Install ssh public keys for remote support (only runs if 'tailscale_install: True')" lineinfile: From 129f2842868c9c608b131a5d10d5a60e049b98e8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:42:08 -0500 Subject: [PATCH 0995/1184] 2.15 EOL November 2024, MIN_ANSIBLE_VER=2.16.13 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 59c22129f..17de8d2cb 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.15.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.16.13 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 8ff3c7c221fd62162248198f18527855e86fa83c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Nov 2024 19:27:32 -0500 Subject: [PATCH 0996/1184] 10min-iiab-test-install.yml: Tmp GHA hack using ubuntu-24.04 --- .github/workflows/10min-iiab-test-install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 2e567f984..24dfc6c79 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." @@ -27,7 +27,7 @@ jobs: # GITHUB_CONTEXT: ${{ toJSON(github) }} # run: echo "$GITHUB_CONTEXT" - name: Check out repository code - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v4 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | From abe18950243e4db4d613855828e11b62650a6dcb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Nov 2024 19:31:06 -0500 Subject: [PATCH 0997/1184] Recommend ansible-core 2.18.0 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b7c13abc7..c110e9a12 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.5] -GOOD_VER=2.17.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.0] +GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 6f7855f3d94b1b829f66283ea973b413d155f7cd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:42:09 -0500 Subject: [PATCH 0998/1184] default_vars.yml: Mention that Lokole in UNMAINTAINED --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index caa6fd774..bcb038a53 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -412,7 +412,7 @@ jupyterhub_enabled: False jupyterhub_venv: /opt/iiab/jupyterhub jupyterhub_port: 8000 -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' From 1234d1163072e198c1754bb8bd276eb9b364ec25 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:42:28 -0500 Subject: [PATCH 0999/1184] local_vars_unittest.yml: Mention that Lokole in UNMAINTAINED --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index fe44a58ab..bd59f5bce 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -247,7 +247,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From 7b63f0b30e9f5b8c194a1b16af42314813acc3fd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:42:49 -0500 Subject: [PATCH 1000/1184] local_vars_small.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_small.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 70206e9ec..55c50ee23 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -241,7 +241,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From aae672963201a3712e054fd157361e1c999342db Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:43:08 -0500 Subject: [PATCH 1001/1184] local_vars_medium.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 08afaab93..7707afba2 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -241,7 +241,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From a646a45aea81c2656093d20d6283a9c53814b1d6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:43:23 -0500 Subject: [PATCH 1002/1184] local_vars_large.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_large.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7f0d398fe..617ca9d93 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -241,7 +241,7 @@ gitea_enabled: True jupyterhub_install: True jupyterhub_enabled: True -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2023-09-06: wheel for mkwvconf still lokole_enabled: False # missing from Ubuntu 23.10 (#3572) From 13557b11729bf34bdd987f4ee607341e3a0fd1b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Nov 2024 18:17:35 -0500 Subject: [PATCH 1003/1184] Defer install of Transmission on Ubuntu 25.04 too --- roles/8-mgmt-tools/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 4d83e4422..c6d497f15 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -6,7 +6,7 @@ - name: TRANSMISSION include_role: name: transmission - when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) + when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410 or is_ubuntu_2504) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) - name: AWSTATS include_role: From 750c15ade10f2e61f07a8617b49b9fad384b310c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Nov 2024 11:38:15 -0500 Subject: [PATCH 1004/1184] Update CONTRIBUTING.md link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8b4a07b84..36a45b7aa 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Technical-Contributors-Guide](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) +# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Contributors-Guide](https://github.com/iiab/iiab/wiki/Contributors-Guide) # THANKS! From 123a0cc5f130add3a9907118d279eddfc460f7ea Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Nov 2024 11:39:41 -0500 Subject: [PATCH 1005/1184] Update README.md link to RENAMED Contributors Guide --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2cabf030c..dd92224ff 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** -_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From defa139a34de2f46f2a29489b6e7cb3840dddedf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Nov 2024 17:00:50 -0500 Subject: [PATCH 1006/1184] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 36a45b7aa..4ddde9b53 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Contributors-Guide](https://github.com/iiab/iiab/wiki/Contributors-Guide) +# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Contributors-Guide-(EN)](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN)) # THANKS! From 537c6a84c26a7cf797418cfccea790627061a968 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Nov 2024 17:04:54 -0500 Subject: [PATCH 1007/1184] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dd92224ff..fbfd30d35 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** -_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide) of all kinds!_ +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN)) ([versión en español](https://github.com/iiab/iiab/wiki/Gu%C3%ADa-para-Contribuidores-(ES))) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From 676f3eebeff5d690d27067501f4869c274744659 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Dec 2024 12:58:02 -0500 Subject: [PATCH 1008/1184] Recommend ansible-core 2.18.1 --- scripts/ansible | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index c110e9a12..968819464 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.0] -GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.1] +GOOD_VER=2.18.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.18 +# https://github.com/ansible/ansible/blob/stable-2.18/changelogs/CHANGELOG-v2.18.rst # https://github.com/ansible/ansible/commits/stable-2.17 # https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst # https://github.com/ansible/ansible/commits/stable-2.16 From c16d76ac2907d78c414263b474442e94b57723c5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Dec 2024 12:59:26 -0500 Subject: [PATCH 1009/1184] MIN_ANSIBLE_VER=2.16.14 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 17de8d2cb..45e637c2a 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.16.13 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.16.14 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 0e6836181465c09b9af8362209b380bc24ff2d21 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 8 Dec 2024 12:08:42 -0600 Subject: [PATCH 1010/1184] drop netifaces workaround - replaced with netifaces-plus --- roles/calibre-web/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a863f541e..70d85a666 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -26,7 +26,7 @@ name: - imagemagick #- python3-cryptography # Was needed on Raspberry Pi OS (SEE iiab/calibre-web#260, janeczku/calibre-web#3183) - - python3-netifaces + #- python3-netifaces state: present # https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 @@ -125,7 +125,8 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 #virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + #virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) From 01304ab1331c1da7eb68d57f2315685cba8fa903 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Dec 2024 13:14:53 -0500 Subject: [PATCH 1011/1184] Nextcloud 30.0.4 disk footprint estimates --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 529988437..d0588aac9 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~197 MB) to {{ nextcloud_root_dir }} (~692 MB initially, sometimes ~730 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~180 MB) to {{ nextcloud_root_dir }} (~687 MB initially, sometimes ~721 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From adfc1cc6962e2d91ab8ecc943fadb6d3dd72b394 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Dec 2024 13:44:56 -0500 Subject: [PATCH 1012/1184] RasPiOS compositor change (wayfire to labwc) so Chrome browser autostart needs work --- roles/www_options/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b26256239..ca1d7af16 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,6 +31,7 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network +# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so check for dir /home/{{ iiab_admin_user }}/.config/labwc/ instead? - name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini @@ -46,6 +47,7 @@ # path: /usr/bin/chromium # register: chromium_present +# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so try putting the line in NON-ini file /home/{{ iiab_admin_user }}/.config/labwc/autostart -- according to: https://forums.raspberrypi.com/viewtopic.php?t=379321 - name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini ini_file: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin From 7544b79285d48df48b48318afb98d778ff4c1c8a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 12 Dec 2024 22:19:27 +0100 Subject: [PATCH 1013/1184] Enact Chrome browser autostart w/ compositor labwc (no longer wayfire) for RasPiOS --- roles/www_options/tasks/main.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index ca1d7af16..f55d43cb1 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,11 +31,11 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network -# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so check for dir /home/{{ iiab_admin_user }}/.config/labwc/ instead? -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +# 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir - name: Does /usr/bin/chromium-browser exist? stat: @@ -47,14 +47,14 @@ # path: /usr/bin/chromium # register: chromium_present -# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so try putting the line in NON-ini file /home/{{ iiab_admin_user }}/.config/labwc/autostart -- according to: https://forums.raspberrypi.com/viewtopic.php?t=379321 +# 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 - name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: chromium-browser - value: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: wayfire_ini.stat.exists and chromium_browser.stat.exists + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + regexp: '^/usr/bin/chromium' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: labwc_dir.stat.exists and labwc_dir.stat.isdir and chromium_browser.stat.exists # - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart # lineinfile: From ae40f78d23396f63cdb0e59b1439a23a621077e1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 12 Dec 2024 22:54:44 +0100 Subject: [PATCH 1014/1184] Put iiab-netwarn & iiab-pwdwarn-labwc in ~/.config/labwc/autostart --- roles/iiab-admin/tasks/pwd-warnings.yml | 27 +++++++++---------- ...dwarn-wayfire.j2 => iiab-pwdwarn-labwc.j2} | 0 roles/network/tasks/netwarn.yml | 21 +++++++-------- roles/network/templates/netwarn/iiab-netwarn | 5 +++- 4 files changed, 27 insertions(+), 26 deletions(-) rename roles/iiab-admin/templates/{iiab-pwdwarn-wayfire.j2 => iiab-pwdwarn-labwc.j2} (100%) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index 46d091bec..200ff30ab 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -8,17 +8,17 @@ dest: /etc/profile.d/iiab-pwdwarn-profile.sh mode: '0644' -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir -- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-wayfire" +- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-labwc" template: - src: iiab-pwdwarn-wayfire.j2 - dest: /usr/local/sbin/iiab-pwdwarn-wayfire + src: iiab-pwdwarn-labwc.j2 + dest: /usr/local/sbin/iiab-pwdwarn-labwc mode: '0755' - when: wayfire_ini.stat.exists + when: labwc_dir.stat.exists and labwc_dir.stat.isdir # 2019-03-07: This pop-up (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) did # not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop @@ -28,10 +28,9 @@ # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger iiab-pwdwarn-wayfire (& pop-up as nec) - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: iiab-pwdwarn-wayfire - value: /usr/local/sbin/iiab-pwdwarn-wayfire - when: wayfire_ini.stat.exists +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/labwc/autostart to trigger iiab-pwdwarn-labwc (& pop-up as nec) + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + line: /usr/local/sbin/iiab-pwdwarn-labwc + when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-labwc.j2 similarity index 100% rename from roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-labwc.j2 diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 2ce6aaac0..67b717358 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -5,18 +5,17 @@ # shell / ssh logins (across all OS's/distros/window managers) might also make sense? -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir -- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/wayfire.ini - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: iiab-netwarn - value: /usr/local/sbin/iiab-netwarn - when: wayfire_ini.stat.exists +- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/labwc/autostart + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + line: /usr/local/sbin/iiab-netwarn + when: labwc_dir.stat.exists and labwc_dir.stat.isdir # mate desktop detection based on 'register: nd_dir' in enable_services @@ -45,4 +44,4 @@ src: roles/network/templates/netwarn/iiab-netwarn # Invoked by 1-prep (so full path needed) dest: /usr/local/sbin/ mode: 0755 - when: wayfire_ini.stat.exists or (mate_dir.stat.exists and mate_dir.stat.isdir) + when: (labwc_dir.stat.exists and labwc_dir.stat.isdir) or (mate_dir.stat.exists and mate_dir.stat.isdir) diff --git a/roles/network/templates/netwarn/iiab-netwarn b/roles/network/templates/netwarn/iiab-netwarn index b20d18fc6..87865e0f1 100755 --- a/roles/network/templates/netwarn/iiab-netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -3,7 +3,10 @@ # CONFUSING BUT FYI: Steps below run *strictly sequentially* when this script # (/usr/local/sbin/iiab-netwarn) is run on boot, triggered by either autostart: # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html -# ...or by Wayland compositor Wayfire's ~/.config/wayfire.ini for RasPiOS 12+: +# ...or by Wayland compositor's ~/.config/labwc/autostart in new RasPiOS 12+: +# https://forums.raspberrypi.com/viewtopic.php?t=379321 +# (Prior to Dec 2024, RasPiOS compositor Wayfire did the same...) +# https://github.com/iiab/iiab/pull/3685 # https://github.com/WayfireWM/wayfire/wiki/Configuration#autostart # # This allows return codes ($rc) to be meaningful, at each successive step. From 36a5cd458f9863d68f190e9c5fde014447963859 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 12 Dec 2024 23:51:09 +0100 Subject: [PATCH 1015/1184] Parallelize 3 autostart cmds in ~/.config/labwc/autostart --- roles/iiab-admin/tasks/pwd-warnings.yml | 2 +- roles/network/tasks/netwarn.yml | 4 ++-- roles/www_options/tasks/main.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index 200ff30ab..600a935bb 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -32,5 +32,5 @@ lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes - line: /usr/local/sbin/iiab-pwdwarn-labwc + line: '/usr/local/sbin/iiab-pwdwarn-labwc &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 67b717358..78aae19be 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -10,11 +10,11 @@ path: /home/{{ iiab_admin_user }}/.config/labwc/ register: labwc_dir -- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/labwc/autostart +- name: If so, add '/usr/local/sbin/iiab-netwarn &' to /home/{{ iiab_admin_user }}/.config/labwc/autostart lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes - line: /usr/local/sbin/iiab-netwarn + line: '/usr/local/sbin/iiab-netwarn &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index f55d43cb1..8b2907823 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -48,12 +48,12 @@ # register: chromium_present # 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 -- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini +- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home &' to /home/{{ iiab_admin_user }}/.config/labwc/autostart lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir and chromium_browser.stat.exists # - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart From e2d646ee182a604a1f083bfabfe065d83144afe4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:48:37 -0500 Subject: [PATCH 1016/1184] calibre-web/tasks/install.yml: Rename xklb to library for pipx --- roles/calibre-web/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a863f541e..62cae7c56 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -92,27 +92,27 @@ - debug: msg: - "NEED BETTER/EXPERIMENTAL YouTube SCRAPING? RUN THE NEXT LINE -- for the latest yt-dlp 'nightly' release:" - - sudo pipx inject --pip-args='--upgrade --pre' -f xklb yt-dlp[default] + - sudo pipx inject --pip-args='--upgrade --pre' -f library yt-dlp[default] - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx reinstall xklb + pipx reinstall library else - pipx install xklb + pipx install library ln -sf /root/.local/bin/lb /usr/local/bin/lb - if [ -f /root/.local/share/pipx/venvs/xklb/bin/yt-dlp ]; then - ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp - elif [ -f /root/.local/pipx/venvs/xklb/bin/yt-dlp ]; then - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp else echo "ERROR: yt-dlp NOT FOUND" fi fi # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases # https://pypi.org/project/yt-dlp/#history From 9dfaccef74c780029462f641128508d726e95244 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:50:35 -0500 Subject: [PATCH 1017/1184] scripts/iiab-update: Rename xklb to library for pipx --- scripts/iiab-update | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 63f4a8a68..dcf7d04f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -58,15 +58,15 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library + echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default]\e[0m\n' # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases # https://pypi.org/project/yt-dlp/#history From ad57789c65a730ebbfbbedfbb4f290c9b0378ee6 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Sun, 15 Dec 2024 21:00:30 -0500 Subject: [PATCH 1018/1184] Check if older version of 'library' (xklb) is installed --- scripts/iiab-update | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/iiab-update b/scripts/iiab-update index dcf7d04f3..4e5d82547 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -58,6 +58,11 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\e[4mChecking if an older version of 'library' (formerly 'xklb') exists...\e[0m" + if pipx list | grep -q 'xklb'; then + echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" + pipx uninstall xklb + fi echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" pipx uninstall library echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" From 577a8f171f5378ef276e9e82757f8f2872ac6189 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Sun, 15 Dec 2024 21:20:52 -0500 Subject: [PATCH 1019/1184] Ensure script continues even if 'library' is not installed --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4e5d82547..2e3f9e4f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -64,7 +64,7 @@ pipx uninstall xklb fi echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library + pipx uninstall library || true echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 59470cd13464ecd8d0e428f64e0eec7f53ce8559 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Sun, 15 Dec 2024 21:42:07 -0500 Subject: [PATCH 1020/1184] Update install.yml to check if older xklb is present --- roles/calibre-web/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62cae7c56..67b53766c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -99,7 +99,12 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx reinstall library + if pipx list | grep -q 'xklb'; then + pipx uninstall xklb + pipx install library + else + pipx reinstall library + fi else pipx install library ln -sf /root/.local/bin/lb /usr/local/bin/lb From 58c5e8e71f9b367168fbc1502675b5fdf0a3a060 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Sun, 15 Dec 2024 22:00:40 -0500 Subject: [PATCH 1021/1184] Enhance library existence check --- scripts/iiab-update | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 2e3f9e4f3..6a6eeee34 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -63,8 +63,12 @@ echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" pipx uninstall xklb fi - echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library || true + if pipx list | grep -q 'library'; then + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library + else + echo -e "\e[4m'library' not found. Skipping uninstall.\e[0m\n" + fi echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 7f37ccd8dbac10e1ee377e63636eebbe87d3328c Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Mon, 16 Dec 2024 07:25:06 -0500 Subject: [PATCH 1022/1184] Remove grep step --- scripts/iiab-update | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 6a6eeee34..2e3f9e4f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -63,12 +63,8 @@ echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" pipx uninstall xklb fi - if pipx list | grep -q 'library'; then - echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library - else - echo -e "\e[4m'library' not found. Skipping uninstall.\e[0m\n" - fi + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library || true echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 943dcccf7d1ddca7e542d0f7e340f6fc1cf574b8 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Mon, 16 Dec 2024 07:31:07 -0500 Subject: [PATCH 1023/1184] Make yt-dlp symlink failsafe --- roles/calibre-web/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 67b53766c..b678763ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -107,14 +107,14 @@ fi else pipx install library - ln -sf /root/.local/bin/lb /usr/local/bin/lb - if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then - ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp - elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then - ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp - else - echo "ERROR: yt-dlp NOT FOUND" - fi + fi + ln -sf /root/.local/bin/lb /usr/local/bin/lb + if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + else + echo "ERROR: yt-dlp NOT FOUND" fi # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] From 325d27a32ba97e0478228b9ab04e05870834f1d6 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:37:47 -0500 Subject: [PATCH 1024/1184] Asterisk 22 (instead of 21, tested on Debian 13) --- roles/pbx/README.adoc | 2 +- roles/pbx/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f19260023..99791114e 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of August 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of December 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-22-0-0-now-available/[Asterisk 22] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f0cb38124..647ad700d 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,7 +26,7 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-21-current.tar.gz +asterisk_src_file: asterisk-22-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From 8b5ea641d4f447f48d9f852c78605233801c4319 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Dec 2024 21:30:00 -0500 Subject: [PATCH 1025/1184] Bypass /etc/ImageMagick-6/policy.xml PDF surgery w/ ImageMagick 7+ --- roles/calibre-web/tasks/install.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62cae7c56..3bad3f9ae 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -38,6 +38,13 @@ # state: present # when: python_version is version('3.10', '>=') +- name: Does /etc/ImageMagick-6/policy.xml exist? + stat: + path: /etc/ImageMagick-6/policy.xml + register: imagemagick6_policy_xml + +# 2024-12-16: Debian 13 uses /etc/ImageMagick-7/policy.xml instead, which doesn't need this lineinfile surgery: +# https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -45,8 +52,9 @@ backrefs: yes line: ' <policy domain="coder" rights="read" pattern="PDF" />' state: present + when: imagemagick6_policy_xml.stat.exists -- name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" +- name: "Create 2 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_config }} (each set to {{ calibreweb_user }}:{{ apache_user }}, default to 0755)" file: state: directory path: "{{ item }}" From b8a868e231043dd217b162b2b1c3c1aa91bcfa94 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Dec 2024 22:25:36 -0500 Subject: [PATCH 1026/1184] Fix Ansible comment RE: python3-netifaces (PR #3852) --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 229cd3d34..d293afe23 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,7 +21,7 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install package: imagemagick" package: name: - imagemagick From f722cd783e00e282fcdf938ac87034eb407beb7e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 17 Dec 2024 00:04:20 -0500 Subject: [PATCH 1027/1184] rpi_debian.yml: rfkill unblock wifi --- roles/network/tasks/rpi_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index fc02dccd7..df9ddb7c3 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -55,7 +55,7 @@ # This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill - shell: rfkill unblock 0 + shell: rfkill unblock wifi ignore_errors: True - name: Copy the bridge script for RPi From 6a6d153034e90d05d817d5424873cf8035318b68 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 18 Dec 2024 08:47:43 -0600 Subject: [PATCH 1028/1184] deal with unblocking wifi while NM is active on newer RaspiOS --- roles/network/tasks/main.yml | 5 +++++ roles/network/tasks/rpi_debian.yml | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 7a1e6d5f5..30e1942d3 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -68,6 +68,11 @@ #### End services #### Start network layout + - name: Unblock WiFi on RaspiOS + shell: raspi-config nonint do_wifi_country {{ host_country_code }} + ignore_errors: True + when: is_raspbian + #- name: Redhat networking # include_tasks: ifcfg_mods.yml # when: is_redhat diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index df9ddb7c3..d2a15da5b 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -53,11 +53,6 @@ line: country={{ host_country_code }} when: country_code.stdout is defined and country_code.stdout | length == 0 -# This should go away, should only be unblocked by raspi-config -- name: Enable the WiFi with rfkill - shell: rfkill unblock wifi - ignore_errors: True - - name: Copy the bridge script for RPi template: dest: /etc/network/interfaces.d/iiab From 4a3e9517dcac8d3ee3b3a363d6635343cceeddd1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 18 Dec 2024 19:55:14 -0500 Subject: [PATCH 1029/1184] Clarify 'raspi-config nonint do_wifi_country XX' --- roles/network/tasks/main.yml | 8 +++++--- roles/network/tasks/rpi_debian.yml | 6 ++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 30e1942d3..1f493067b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -68,10 +68,12 @@ #### End services #### Start network layout - - name: Unblock WiFi on RaspiOS - shell: raspi-config nonint do_wifi_country {{ host_country_code }} - ignore_errors: True + + # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml isn't enough, especially with NM (NetworkManager) + - name: Run 'raspi-config nonint do_wifi_country {{ host_country_code }}' (using var host_country_code) to unblock WiFi, if RasPiOS + command: raspi-config nonint do_wifi_country {{ host_country_code }} when: is_raspbian + #ignore_errors: True #- name: Redhat networking # include_tasks: ifcfg_mods.yml diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index d2a15da5b..e85c673dd 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -53,6 +53,12 @@ line: country={{ host_country_code }} when: country_code.stdout is defined and country_code.stdout | length == 0 +# 2024-12-18: SEE 'raspi-config nonint do_wifi_country {{ host_country_code }}' in roles/network/tasks/main.yml +# # This should go away, should only be unblocked by raspi-config +# - name: Enable the WiFi with rfkill +# shell: rfkill unblock wifi +# ignore_errors: True + - name: Copy the bridge script for RPi template: dest: /etc/network/interfaces.d/iiab From 1c9a784d2a1a61303c4e0d1c0f60d93797ef6255 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Dec 2024 22:59:25 -0500 Subject: [PATCH 1030/1184] WiFi unblock via "rpi_debian.yml wasn't enough, especially with NM" --- roles/network/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 1f493067b..7e2f1eabb 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -69,7 +69,7 @@ #### Start network layout - # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml isn't enough, especially with NM (NetworkManager) + # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml wasn't enough, especially with NM (NetworkManager) - name: Run 'raspi-config nonint do_wifi_country {{ host_country_code }}' (using var host_country_code) to unblock WiFi, if RasPiOS command: raspi-config nonint do_wifi_country {{ host_country_code }} when: is_raspbian From 3c32db26bdb0d34697afc8ef09be5479466b9115 Mon Sep 17 00:00:00 2001 From: tim-moody <tim@timmoody.com> Date: Thu, 19 Dec 2024 14:28:03 -0500 Subject: [PATCH 1031/1184] rename apache_allow_sudo and make True default --- roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml | 2 +- roles/www_options/tasks/main.yml | 6 +++--- roles/www_options/tasks/php-settings.yml | 2 +- vars/default_vars.yml | 6 +++--- vars/local_vars_large.yml | 6 +++--- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 6 +++--- vars/local_vars_small.yml | 6 +++--- vars/local_vars_unittest.yml | 6 +++--- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml index f728ffca8..e39bea703 100644 --- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml +++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml @@ -8,7 +8,7 @@ # apache_interface: 127.0.0.1 # Make this False to disable http://box/common/services/power_off.php button: -# apache_allow_sudo: True +# allow_www_data_sudo: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 8b2907823..2319c58f5 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -77,7 +77,7 @@ # COMPARE nginx_high_php_limits further above. -# 2020-03-08: DOES THE FLAG BELOW (apache_allow_sudo) PRESUMABLY WORK +# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_sudo) PRESUMABLY WORK # WITH NGINX TOO ? (The single-click poweroff button on IIAB's home # page certainly does still work with NGINX.) @@ -86,13 +86,13 @@ src: 020_apache_poweroff.j2 dest: /etc/sudoers.d/020_apache_poweroff mode: '0440' - when: apache_allow_sudo + when: allow_www_data_sudo - name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff file: path: /etc/sudoers.d/020_apache_poweroff state: absent - when: not apache_allow_sudo + when: not allow_www_data_sudo # 2022-06-30: internet_available var removed diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 46955cf16..184c07b21 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -207,4 +207,4 @@ # name: php{{ php_version }}-fpm # state: restarted -# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_sudo conditionals below. diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bcb038a53..1e84fd3e0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -274,7 +274,7 @@ nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # roles/www_base runs here (mandatory) @@ -340,8 +340,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True apache_service: apache2 apache_user: www-data # Admin Console uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 617ca9d93..ac2e78128 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 5df26eb52..45d6db53f 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -13,7 +13,7 @@ munin_enabled: True vnstat_install: True vnstat_enabled: True usb_lib_umask0000_for_kolibri: False -apache_allow_sudo: True +allow_www_data_sudo: True # By default # kiwix # awstats diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 7707afba2..c12fcb04f 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 55c50ee23..88253e035 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index bd59f5bce..39d8cf05c 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -178,7 +178,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -224,8 +224,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: True From 6b9608505079d5d78baefbaec14b4b6dfe1582d6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 19 Dec 2024 23:26:00 -0500 Subject: [PATCH 1032/1184] iiab-vpn: Update 3 Headscale doc URLs (Android, Apple, Windows) --- roles/tailscale/templates/iiab-vpn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index bb9a32dc0..14508809e 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -2,9 +2,9 @@ # USEFUL DOCS: # https://tailscale.com/kb/1080/cli#status -# https://headscale.net/android-client/ -# https://headscale.net/apple-client/ -# https://headscale.net/windows-client/ +# https://headscale.net/stable/usage/connect/android/ +# https://headscale.net/stable/usage/connect/apple/ +# https://headscale.net/stable/usage/connect/windows/ VPN_URL=https://iiab.net VPN_KEY="$1" From 079c7f5fa27983c2e0af8e2181b825023497e635 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 21 Dec 2024 10:11:53 -0500 Subject: [PATCH 1033/1184] New MediaWiki 1.42.4 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 4a7abf5de..ce95ff076 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 3 +mediawiki_minor_version: 4 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From afa8ae0eeba6a876ebdb14ff1f4c84f5826e2690 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:44:30 -0500 Subject: [PATCH 1034/1184] roles/usb_lib/README.rst: Fix 2 URLs --- roles/usb_lib/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index c27dc0e53..22fd711d2 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -2,7 +2,7 @@ usb_lib README ============== -**PLEASE SEE "Can teachers display their own content?" WITHIN http://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** +**PLEASE SEE "Can teachers display their own content?" WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** This role implements functionality similar to LibraryBox, to mount "teacher content" from USB drives. @@ -22,7 +22,7 @@ USB drives must be formatted with one of the filesystems listed under "FILESYSTE IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). -Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/releases>`_ documentation: +Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) * https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) From 1950a5ba6d97f4b129490170c3359e0bcf7d8a86 Mon Sep 17 00:00:00 2001 From: Avni Khatri/Fein <avni321@gmail.com> Date: Sat, 28 Dec 2024 15:59:56 -0500 Subject: [PATCH 1035/1184] Update iiab-vpn to fix ANSI color codes on OSX and change text color on blue bg. - Update iiab-vpn to fix ANSI color codes on OSX by using \033 instead of \e - Change text color to light gray when using blue bg --- roles/tailscale/templates/iiab-vpn | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 14508809e..77e8c13be 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -10,7 +10,7 @@ VPN_URL=https://iiab.net VPN_KEY="$1" # if tailscale status > /dev/null; then # MANY IMPERFECT TESTS OF TAILNET CONNECTIVITY: tailscale0 CAN lose its IP address, as shown by 'ip a' and 'hostname -I' (testing 'systemctl is-active tailscaled' is likely no better!) Unclear if 'tailscale status --json | jq -r .Self.Online' is much better? Maybe explore 'tailscale debug --help' and 'tailscale debug prefs' for a cleaner/authoritative verdict? Or use + display string output of 'systemctl show tailscaled --property=StatusText' e.g. 'StatusText=Connected; iiab; 100.64.0.4' ? (OR JUST DON'T WORRY ABOUT IT, AS THE ~3 'tailscale up' COMMANDS BELOW ARE MORE PROACTIVE... AND APPEAR FAST + SAFE!) -# echo -e "\n\e[1;33mAlready connected to VPN!?\e[0m" +# echo -e "\n\033[1;33mAlready connected to VPN!?\033[0m" # else # [NEST ~20 LINES OF IF STATEMENTS FURTHER BELOW?] @@ -22,20 +22,20 @@ VPN_KEY="$1" # UX Optimization: {iiab-vpn, iiab-support} can be run WITHOUT key *IF* .BackendState is "Stopped" or "Running" *AND* .ControlURL is $VPN_URL (avoid their default, https://controlplane.tailscale.com !) if [[ $(tailscale status --json | jq -r .BackendState) != "NeedsLogin" && $(tailscale debug prefs | jq -r .ControlURL) = $VPN_URL ]]; then if ! tailscale up --login-server "$VPN_URL" --timeout 8s; then # (Re-)passing $VPN_URL is overkill on this line, but can't hurt! - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN\033[0m\n" exit 1 fi elif [ -z $VPN_KEY ]; then - echo -e "\n\e[1;33mVPN key required!\e[0m\n\nEmail holt@unleashkids.org to explain your need?\n" + echo -e "\n\033[1;33mVPN key required!\033[0m\n\nEmail holt@unleashkids.org to explain your need?\n" exit 1 else if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\033[0m\n" # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\033[0m\n" exit 1 fi fi @@ -43,7 +43,7 @@ fi # jq 1.7 (2023-09-05) on new OS's also allows new syntax... jq -r .Node.Tags.[] # Can also work: tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[]) -echo -e "\n\e[44;1mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\e[0m\n" +echo -e "\n\033[44;37mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\033[0m\n" echo -e " hostname -I" echo -e " tailscale ip" echo -e " tailscale status" @@ -52,20 +52,20 @@ echo -e " tailscale whois --json $(tailscale ip -1) | jq .Node.Endpoints,.Nod echo -e " tailscale ping --verbose [IP or HOSTNAME]" echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" -echo -e "\e[4mTo disconnect from VPN:\e[0m\n" +echo -e "\033[4mTo disconnect from VPN:\033[0m\n" echo -e " tailscale down\n" -echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" +echo -e "\033[4mTo permanently log out of VPN:\033[0m\n" echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' -#echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +#echo -e "\033[44;37mVPN peers: (rightmost column = online/offline)\033[0m\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t -#echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' -echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' +#echo -e '\033[44;37mVPN peers: ("true" in 6th column means online)\033[0m\n' +echo -e '\033[44;37mVPN peers: (6th column = online/offline)\033[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\033[0;32m ✅\\033[0m/ ; s/ XXXfalseXXX /\\033[0;31m ❌ \\033[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 3ebf210c991b35ccc612c43c17df5b4457d862f2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 31 Dec 2024 21:56:16 -0500 Subject: [PATCH 1036/1184] New MediaWiki 1.43.0 LTS --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index ce95ff076..5c37610af 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 4 +mediawiki_major_version: "1.43" # "1.40" quotes nec if trailing zero +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 59956f2a913e9912432536c2b8b94e7916ffe968 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 31 Dec 2024 22:20:48 -0500 Subject: [PATCH 1037/1184] default_vars.yml: Launch 8.3 Release Cycle --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1e84fd3e0..4e61819a2 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.2 +iiab_base_ver: 8.3 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From 8d0f45bd4d674e7583f39fbe29317d6bc2ee4020 Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Sun, 5 Jan 2025 16:35:38 -0500 Subject: [PATCH 1038/1184] Initial commit(x3) of Upload2USB stick app: 3 *.php files + UK logo --- roles/usb_lib/files/upload2usb/index.php | 50 +++++++++++++ roles/usb_lib/files/upload2usb/uk-swing.png | Bin 0 -> 4880 bytes .../usb_lib/files/upload2usb/upload-file.php | 70 ++++++++++++++++++ roles/usb_lib/files/upload2usb/upload2usb.php | 68 +++++++++++++++++ 4 files changed, 188 insertions(+) create mode 100644 roles/usb_lib/files/upload2usb/index.php create mode 100644 roles/usb_lib/files/upload2usb/uk-swing.png create mode 100644 roles/usb_lib/files/upload2usb/upload-file.php create mode 100644 roles/usb_lib/files/upload2usb/upload2usb.php diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload2usb/index.php new file mode 100644 index 000000000..ad4156876 --- /dev/null +++ b/roles/usb_lib/files/upload2usb/index.php @@ -0,0 +1,50 @@ +<?php +/* +* index.php +* Upload2USB App Index Page +*/ + +include("upload2usb.php"); + +//Check if folder for today exists, and get file count if it does + +$file_count = getFileCount(getTargetFolderPath(0)); + +?> + +<!DOCTYPE html> +<html> + + <head> + <title>IIAB Homework Submission App</title> + <meta http-equiv="content-type" content="text/html; charset=UTF-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> + <link rel="stylesheet" href="/common/css/fa.all.min.css"/> + <link rel="stylesheet" href="/common/css/font-faces.css"/> + <script src="/common/js/jquery.min.js"></script> + <script src="/common/js/bootstrap4.min.js"></script> + </head> + <body class="text-center" style="background-color:#f5f5f5;"> + <div id="container" class="container"> + <div class="row"> + <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> + + <form action="submit-hw.php" id="hw_submission_form" method="post" enctype="multipart/form-data"> + <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> + <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Homework Submission</h1> + + <label for="submit_hw" style="font-weight:bold;padding-bottom:10px;">Submit your homework here!</label> + <input type="file" name="hw_submission" id="hw_submission"><br/><br/> + <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> + </form> + <br/> + <?php echo $file_count ?> homework files have been submitted today! + + </div> + </div> + </div> + +</body> +</html> diff --git a/roles/usb_lib/files/upload2usb/uk-swing.png b/roles/usb_lib/files/upload2usb/uk-swing.png new file mode 100644 index 0000000000000000000000000000000000000000..c5470365e784b58dde5eb8e9f2a1975621b700fc GIT binary patch literal 4880 zcma)A2UJtb77azv(4>hEDWQl6LJA550#fBsLJ2`ak(wa+kYW-bQ~^<n4G}3y3mv74 zh)7qYC{mRsMG+|)z(QB~L4ErEfA5!M-8*My_St8jGk0d)bz`k9P56M~KmY*1XZpJl ziq)c7m;O#J*4>JHW{%acQBfuafYPTD+npdB#?%Xm1SqlWod6CtApplVg!KooK>_S6 zTZ(nTqVWLEZ{q-fHLC^aV@V!3khM37MxuI?$RI=8BOs)^C!V<72LL#-*naV3vH$c% zXL0<r^|yJ<FEcg(08Tm{jiF(X7FwPpf~xyAw<?`L-Ua{=bS;)iz|q`6bb>FDszuk4 z{f5wD+1tZlS<p8K%|}NTgR}-2k|;Qkx++8!BC87ofj|ff)=LXzbnJ&atEVIDO{0;u zz~F#@0M!6BRTAYS7z&5O!4Mc222)`nRH%VOnmb*ENR|6e@&}I*j_OIllWBMo5wy+g z?m_aS>B!1%2m1N@p_4%V8Hh;zkrgXHFx{ODhN?oq|G^1~{O@iA!ryvQX(-&U%>FhY z6&*;%fl)Xr$&ccRW5MPAP67?@^&fb)XTB@{R@m?PB3P@VWk|uf(?}FFiR7#MUmpzw z_}}5bD!0vqL~0q~D0qJy_85gk_*P=FJB5ndR<0xahxDIo@<YP6+_msTD$Skfi8D3Q zWihGZ@mMX0nkEDa)i?~%fI-wXp-{L!)Iie^0yi)^rlASf)I@;);`&PuiyZNN8cXu@ zBjAX%AI#WoX4wD7{3q96%-^c;uc`i9MYkva8WesQVhn-6)L=%MhES-n8r(=<&FBck z2x?#e)qv?6{p9`S`lq1Z%WL}AD*d2^{V&=-x&DRLih@6hC%XIojq3khs_)AFhT>0Q zwjVw%7KF77?%Uf>7m5J?W$XtY0p8x5f7+|x4}x!_tdl?&$STwyr;0A{*3HBv)^XWn zYNU^*voX{7Xy{haw&6qa5pFHf@|`c$VhYj593?TayBjRl3#GHN3+y8H_z3E>Qqeb6 zUNP3}4poO8KJI<%nXD{9a2GpUtf243LLHCSqj3~8yA7woPSev{)AfF<)66%_(a^{C zGif(c?@?!-rf+&JytubW2sy(o&@evpvCGF_9_doyVO(KDOyv6w_F5^vn{BQs*SqTZ zQx0x^Ut+7n+u+rOWji!l0@$iOH^?xIKDUEsj|4w6psKTBuD_rlF**5YZ%+?omyCa2 zZm#pnh)<c_(5{EC`)+8EzOoaNIeZwBK&Gzt$W_r9*ZLqo!(`PH&lzd5i9M37Z&0pv zp_?n>w@^*brr*3d9x-UfM7g@URuD$3&6LMFoUM9a+svz0W^!<c%M`b0w-ba%Lw4}( z*P~jr`gyipS{@b3$ZZcdI1+FWxI@Qn_NBkCPnbwL!q`d28gt@AXoO_CNP2SeU`r{} z=+U~t0S&jNa9hV}-*urH_olZg5rY2es7`|`=b-||h$x4i243DroN2~7XDU(R@xU%s zavnFo1bvrNy+#j(eQTF(;Tt$@wx>bS{a~wY#I8dx?zK22Tow&cj=Rp`5}g1VH4t{x z;p~P<^$biuPHx;cLe9Rn?;u*($ibEuXO|r#UF>|1lC$*S9G~|24YHg3GelO&5;Pb2 zsh%y&$8(nId}TxlU0ue?9Sjq`XR^g9#YL-h<w@hJu~ejKlaYA*T%)rZ{G2um_My_O z+x=RDL4~$8Ulp6swQ*B(^L>@rjs%@p4|?&^u8a@IBZiXpHK`n4ibdyRTrf^f!RgJL zQJu0%i9T<3_;x{Ey7r9c_?dr<+v<Jgqs_3%Id;dR<#PG-{lNWuKU0%boD>G<qs*#- zttZpMVLbI|2R|zhmY#5$n%=v#@-h`WrBM)su#69tJIgPv`<doQ;zQAG3r!dw-Nz>R zHsze5PQv$mi>HLLADcYn(7XaWjPgElVoZ~3Hnm;fmmbQhBV$^9Ek;pQBAH!7OjOh_ z=65W<sW?r*j4hL07H1j@k7`x)TgFabsBWJ&UY2BsO=#kZ%Vo?``M#V*#DF`Hi*ial zZ?frUP?!tLJ3DVQx&x6`R*MfH)y<bU1tx6#FJ_TTgd4a8q&^9<@o>i5pbnTz4|nkU zGMz`N#Qku`0d@Px@E+be*Jht<^_K2HTsbwuqKy0O>E;Zb;IQcWh8tJI0&J)J<_C)Q zY*;bgM!(V$5I<Zfb}FKI0IcVrW8)#v>F^r(<S@*0G9jsjYf#v-uf6i*(Po#eM;*%i z_2YUDsKVo;C1H(Qh9BA@VzX4Ukqd(gZn`y_9c>(|?53BAXG^T3Y|w>C&icIRD@;JQ z&=k!AiM$4zm*7R=dfL?r^&0MC@@`-%q?=F53CyUyqxA5pxiHfN#`ZR4rl(6*(<Ls< z#K~JQq6MVGxKwdN%EqZuxrpbY_A}|7?_QNK#{59P#i3%Xm1%<HeP0@O=G{)R@z!yP zI9`&F3CG*hGg?H<IK6q~fY)C>NR9C5j?#nLJUGqiy>Rx8Gm)sVFwr>S%-Fn+%0CD> z-+~TOQr7e>RX}D_M+qR;%du(6v(3eyQ^+n`U%xmxzQ1|9HY|o$P0^)_G||vMJf3et zR*z1Vvo$*XQ6^XDf@$a5y`u$>`rox-afUib3;F@~x?{Ss_vMn`pA<hcll7#ai2GIf zYj{fj^Qt3rl6uPG>)CkU^<3wp1kpH#bQ89|8t!EM<iSweF>ax_p5u$Yis-n#*u-nN z-*!h<f?IOLU265P)|O_VNB)o1*5ER-^XO+jZ;Zz8FYlQI`mSipOmW5)KNY-i`i`hH zs@urakztwOTZrv;yV5?qiWpW(w6TI7OWLFf<LZw(`cA&^a*PE!TD6!;KX}}@h54<+ zom+#)8%I!^A8Bx`V9HfRGi<Wirz+EnIvg3*PEu^2@~OhrKKuv%u^*Sdfy3t5U6R4y z@9^u5+lq@;yQIOkIJ%q+J2f=Z>tBl89Go-*1WL(;9|JxME?;4eW}Xwe53>Y|6h>ba zXs1bVEz;}^7j#*oo_$0d+R+>ppS~N0A>9NpC&CK?6`kO(zXHDK%}>aYa;+C$1uku= z^^CTxN)IGAPn{_)F7_*ahabQRaZREKoMqZ|3oEs4s}B_d_Al~Q-ClZcD29LL^!wDU z5v767zP0j~77D)VbK+}k)_|cA1#c&4?5S{e)$3K&V+6%lClngS5f^|wJm<3l6IM#~ zAibx>l~*dP+cHm3lJuA4=qK2aT7l$g8~zmm6+L@k*{Z=Qmur#-(P!im=i2NlVMJ^; z3EDj4U8@^O&M6U&G9i)kYGZo?B)`z?Bm^+_134*N!+m;vp_w$bYkHqz5MAMV!NR9A z4#cU$9Y`3abkW5q#YwXs`|QMMEVl!GhLP47xp|2%5K%}8>9@&eztG+%dErR!j((vh zU7G%ecQ!t_jV!s9W(|oc7BG#e1%*0-9Tf&8XBd-nlVP~lHizUJR8jTMeD7Z}<~-dl z_S!D*y~?gAM_<dN-qw<y=8GQuoj#j|x|#EJFEFE;HrIE?#QOb~Ux_t;0=w_TgrLlP zD1uAyt#wnnqFeR*=}z!$@BufUoSgS(yMt5mGWD+_1K9(mcGut?HW>raBUN}c6&qK* z`we{Qryl(lEVu&W9Ei9Y^YBGTYDmv$sokyPwr+Hu$)QKlJF}Li8jE~<tad!*jN}%> z`G_~|i=gSkT)MbhKTxO4N<~LXobFn1Hb(Rc`^^jzuXJmQ#81qt$94~g)8S(gwf{Kz zi8&gue2#A)|9wf!7um7Iw55Trla0bH^8Gc}g@NgDnVW^WAIM5&k|q5IhP-(VLhySx zj#e<s2m^Epxs+~djf1TP_<@!v;_Pz??3rfeak5M~m$b$j@yQ*7BfFuGi*_!>bRNJs zwnhYt*$)FHj|bIfT)EPFnWtmbq2ocyEelkWGi=K%H8s^<#j$D@H`jEr*S=BDqi33T z34Tq2V_N;{*aom%YmK<xI!fB@V$iWLc3<q3RM-;<uve*J2Vwba_Gk)6ZKa0Sj6ZWE zv<XB>e}xQkrHR!MWy>xkr#|@lLB}3&L$2qpaYk&_Shvz4*}Hc68y*`XoWR@~k(<n> zt2g)xta!tSw|TX`?rj!DoMHw()T}A(Bgr*Js(%Q)+d4EMe>CRBNM3|UvOz1GNr>FA zjviv+T;h;GPv}@zNemHspevMieviuhx=d@C&HVlW(cD-+DebxY{SrDdx7^=8FIjvU zU(kZ?Etoo(-Z{Uqdwq~2IKn<PI`XYp8zgoHKJEIVE|5B@pG$VVw5qr3Lf2&pFKfk1 z`tjKK`3DzKT-P~=hJ&P;gO5dFQTQgQag%k?9Aa|EimIpGQ}!^kz+>Kr^d2{yKT(D` zHPr7Ib?;(WTO4XDGPEvA7}K2Op|ItI^{Gm4cI^cA`wPftTTO)bbI>2?r4CCaZfPQT zpu+Z^3i)hS2iH7=6s;Jy`J<xbql(<~#@V|aAjRf8ZC5R-=L)pFX8Bz!d5;SWm4B35 z#4hP)N*IT7Er^rB0PTqNraVOw3^9Q<4nvNquLpmc?G+t;UqQIVBOmaRYpo<|F`2fd z8eh)6M?Z~gNxCv9H_EY-(#+46*Zy815X2ZdmzI`xC&c_3pFwXy&j82hJ&uiKg@j7q z`Ny0QNlTD8)~o2gY9XYS&%)w(eej;6z5YhNOo@_95R$N7;8oL=NL3lH{VjAy2glua zIX+sy3vpwcN&*>T(x`2hB>n1xmV?p>qx&2?a0;mnA&Dd5y8eFehAOJ9GIhJ|9h?&z zynplN&Az5Q!Hazy=dXvn;H)f%*5=U@Vs3bOwq+PV&h{hBmrkE6Q8KCPco=-B{)rPG z?Y7KUkviS@9;M{$q778xU6AX}C%mEEIOgJAU1Meax@8ro>UUEe=4&sP%wkLg^%V%C z8Y$hU<*K-Q-?f)POtpr2&a{(wQbllkMB<a`*q<%WYe~o7Sk}Eq=o4N-%*nsr)r|!W zYnLVH_MZCO6mPO}XZ$S0W&$K{%n+*0&wpcAIVtnfL$<dzq>H~MGdcJJTynoit!N8I zU`i#W%&wQ~_v;4B-P|dkB%(}nwev(*fYBC$D<6}uc%=9P6%`fNI786Wm`$0jtB*9Q zp69#i$k=y-?kWI>GWdq>RmU%rA_q)A7VN$_1A}@#yJ=TZTIEH_DbJx)h=2mJqt9OO z(>M@1utN|kKaD*`^j;H_SY7IG1J7#n&+>Z1YL9M)WBNSmuIgE9Bv~@5){<{^c6R0q zZ%V}Oil1<9RT`KpoiH}dfBu>q4?ZdO`AW34@W@1|#9R4y^qQ8JrGEPDmOHg~aM^QM zVjUiFX69L$4_D?_XWBM@GCu5zvVVL3bB}INSAVVF+ggkZR6EsZcJD3~^CHM0wx`6% z_o^d{92v`fCy54JCS9fzANCYcip-0yBrH6k*uKeXpD>ZtN?J0pWB9IH4K>uRm{mMS zx2z=D_efn&vGi2V!9Kq{pEPI`+oq(ozcp206%ZE^xp7F9(=HpH(Pv|?*lE_$-F-U# zGryZoXZ^{p>qpEF1_$1Xtk>vp79A%CJh~%wnyheF;!99jT}@3*pTpfP+jJ4}HR%}G Wk%K$rjbygJ8krhf8kHKjMg9{3Sx(si literal 0 HcmV?d00001 diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php new file mode 100644 index 000000000..e2053864e --- /dev/null +++ b/roles/usb_lib/files/upload2usb/upload-file.php @@ -0,0 +1,70 @@ +<?php +/* +* upload-file.php +* Upload2USB App - Process Submission +*/ + +include("upload2usb.php"); + +//get folder path where homework will be stored +$target_folder_path = getTargetFolderPath(1); +$target_file = $target_folder_path . "/" . basename($_FILES["hw_submission"]["name"]); +$upload_ok = 1; +$upload_msg = ""; + +if(!isset($_POST["submit"]) || empty(basename($_FILES["hw_submission"]["name"]))) { + $upload_msg = "No file submitted."; + $upload_ok = 0; +} elseif (file_exists($target_file)) { + $upload_msg = "This file already exists."; + $upload_ok = 0; +} + +// Check if $upload_ok is set to 0 by an error +if ($upload_ok == 0) { + $upload_msg = "&#x274C; Your file was not uploaded. " . $upload_msg; + +// if everything is ok, try to upload file +} else { + if (move_uploaded_file($_FILES["hw_submission"]["tmp_name"], $target_file)) { + $upload_msg = "&#x1F60A; &#x2705; Your homework file ". htmlspecialchars( basename( $_FILES["hw_submission"]["name"])). " was successfully uploaded!"; + } else { + $upload_msg = "&#x274C; There was an error uploading your file. " . $upload_msg; + } +} + +$file_count = getFileCount($target_folder_path) + +?> + +<!DOCTYPE html> +<html> + + <head> + <title>IIAB Homework Submission App</title> + <meta http-equiv="content-type" content="text/html; charset=UTF-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> + <link rel="stylesheet" href="/common/css/fa.all.min.css"/> + <link rel="stylesheet" href="/common/css/font-faces.css"/> + <script src="/common/js/jquery.min.js"></script> + <script src="/common/js/bootstrap4.min.js"></script> + </head> + <body class="text-center" style="background-color:#f5f5f5;"> + <div id="container" class="container"> + <div class="row"> + <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> + + <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> + <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Homework Submission</h1> + <?php echo $upload_msg ?> <br/> + <?php echo $file_count ?> homework files have been submitted today! + + </div> + </div> + </div> + +</body> +</html> + diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php new file mode 100644 index 000000000..20b98e162 --- /dev/null +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -0,0 +1,68 @@ +<?php +/* +* upload2usb.php +* Upload2USB App Helper Functions +*/ + + +//return the first removable USB drive location +function getTargetUSBDriveLocation () { + // Get the first removal USB drive using + // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 + // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 + + $removable_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + + if (empty($removable_usb_path)) { + return "/library/www/html/local_content/"; + } else { + + return $removable_usb_path . "/"; + } + +} + +//returns folder path where homework will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist +function getTargetFolderPath ($create_folder_p) { + $parent_dir = getTargetUSBDriveLocation(); + + +error_log("PARENTDIR: " . $parent_dir); + + $today_folder_name = "UPLOADS." . date("Y-m-d"); + $target_folder_path = $parent_dir . $today_folder_name; + + if (!file_exists($target_folder_path) && $create_folder_p) { + mkdir($target_folder_path, 0777); + + } + + return $target_folder_path; + +} + +//return number of files within a specified folder +function getFileCount ($folder_path) { + return count(glob($folder_path . "/*")); +} + +//*** TODO *** check file content to see if it's unique or not +function isFileContentUnique ($file) { + + +} + + +//*** TODO **** check if file exists based on file name and return unique name if does +function getUniqueFileName ($filename) { + +} + + +// Check file size - we are not going to check file size for now. +// elseif ($_FILES["hw_submission"]["size"] > 5000000) { +// $upload_msg = "Your file is too large."; +// $upload_ok = 0; +// } + +?> From 8d167ab98192454479c481d738d8b621412dcff9 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Mon, 6 Jan 2025 01:12:24 +0100 Subject: [PATCH 1039/1184] roles/usb_lib/tasks/install.yml: Add yaml to copy upload2usb app files to local_content folder --- roles/usb_lib/tasks/install.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e0699a652..c26746a61 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,6 +76,18 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } +# 2025-01-05: Copy upload2usb app files (#3875) to local_content +- name: 'Copy upload2usb app files from files/upload2usb/' + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: "0755" + with_fileglob: + - upload2usb/* + + # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 From 2706381a382c8e7326adcf1ab41769f350b0b380 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Mon, 6 Jan 2025 04:46:28 +0100 Subject: [PATCH 1040/1184] usb_lib/tasks/install.yml: Fixing yaml so upload2usb directory is created before files are copied --- roles/usb_lib/tasks/install.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index c26746a61..e05eeefc0 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,14 +76,19 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -# 2025-01-05: Copy upload2usb app files (#3875) to local_content -- name: 'Copy upload2usb app files from files/upload2usb/' +- name: '2025-01-05: Add upload2usb directory to local_content' + file: + state: directory + path: "{{ doc_root }}/local_content/upload2usb" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: 0755 + + +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload2usb/ to local_content' copy: src: "{{ item }}" dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - mode: "0755" with_fileglob: - upload2usb/* From 99ff433a90f8d49d559d57a1540221766bb350a0 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Mon, 6 Jan 2025 04:48:19 +0100 Subject: [PATCH 1041/1184] usb_lib/files/upload2usb/*: renaming app to Upload To USB instead of HW Submission, other minor cleanup/styling --- roles/usb_lib/files/upload2usb/index.php | 14 +++++++------- roles/usb_lib/files/upload2usb/upload-file.php | 16 ++++++++-------- roles/usb_lib/files/upload2usb/upload2usb.php | 16 +++------------- 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload2usb/index.php index ad4156876..8151458b4 100644 --- a/roles/usb_lib/files/upload2usb/index.php +++ b/roles/usb_lib/files/upload2usb/index.php @@ -16,7 +16,7 @@ $file_count = getFileCount(getTargetFolderPath(0)); <html> <head> - <title>IIAB Homework Submission App</title> + <title>IIAB Upload to USB App</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> @@ -31,16 +31,16 @@ $file_count = getFileCount(getTargetFolderPath(0)); <div class="row"> <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <form action="submit-hw.php" id="hw_submission_form" method="post" enctype="multipart/form-data"> - <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> - <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Homework Submission</h1> + <form action="upload-file.php" id="upload2usb_form" method="post" enctype="multipart/form-data"> + <img class="mb-4" src="uk-swing.png" alt="" width="75"> + <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> - <label for="submit_hw" style="font-weight:bold;padding-bottom:10px;">Submit your homework here!</label> - <input type="file" name="hw_submission" id="hw_submission"><br/><br/> + <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label> + <input type="file" name="uploaded_file" id="uploaded_file"><br/><br/> <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> </form> <br/> - <?php echo $file_count ?> homework files have been submitted today! + <?php echo $file_count ?> files have been uploaded today! </div> </div> diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php index e2053864e..ef23713ab 100644 --- a/roles/usb_lib/files/upload2usb/upload-file.php +++ b/roles/usb_lib/files/upload2usb/upload-file.php @@ -6,13 +6,13 @@ include("upload2usb.php"); -//get folder path where homework will be stored +//get folder path where file will be stored $target_folder_path = getTargetFolderPath(1); -$target_file = $target_folder_path . "/" . basename($_FILES["hw_submission"]["name"]); +$target_file = $target_folder_path . "/" . basename($_FILES["uploaded_file"]["name"]); $upload_ok = 1; $upload_msg = ""; -if(!isset($_POST["submit"]) || empty(basename($_FILES["hw_submission"]["name"]))) { +if(!isset($_POST["submit"]) || empty(basename($_FILES["uploaded_file"]["name"]))) { $upload_msg = "No file submitted."; $upload_ok = 0; } elseif (file_exists($target_file)) { @@ -26,8 +26,8 @@ if ($upload_ok == 0) { // if everything is ok, try to upload file } else { - if (move_uploaded_file($_FILES["hw_submission"]["tmp_name"], $target_file)) { - $upload_msg = "&#x1F60A; &#x2705; Your homework file ". htmlspecialchars( basename( $_FILES["hw_submission"]["name"])). " was successfully uploaded!"; + if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { + $upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( basename( $_FILES["uploaded_file"]["name"])). "</span> was successfully uploaded!"; } else { $upload_msg = "&#x274C; There was an error uploading your file. " . $upload_msg; } @@ -41,7 +41,7 @@ $file_count = getFileCount($target_folder_path) <html> <head> - <title>IIAB Homework Submission App</title> + <title>IIAB Upload to USB App</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> @@ -57,9 +57,9 @@ $file_count = getFileCount($target_folder_path) <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> - <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Homework Submission</h1> + <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> <?php echo $upload_msg ?> <br/> - <?php echo $file_count ?> homework files have been submitted today! + <?php echo $file_count ?> files have been submitted today! </div> </div> diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 20b98e162..15a94290d 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -16,19 +16,14 @@ function getTargetUSBDriveLocation () { if (empty($removable_usb_path)) { return "/library/www/html/local_content/"; } else { - return $removable_usb_path . "/"; } - } -//returns folder path where homework will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist +//returns folder path where file will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist function getTargetFolderPath ($create_folder_p) { $parent_dir = getTargetUSBDriveLocation(); - - -error_log("PARENTDIR: " . $parent_dir); - +// error_log("PARENTDIR: " . $parent_dir); $today_folder_name = "UPLOADS." . date("Y-m-d"); $target_folder_path = $parent_dir . $today_folder_name; @@ -36,9 +31,7 @@ error_log("PARENTDIR: " . $parent_dir); mkdir($target_folder_path, 0777); } - return $target_folder_path; - } //return number of files within a specified folder @@ -48,19 +41,16 @@ function getFileCount ($folder_path) { //*** TODO *** check file content to see if it's unique or not function isFileContentUnique ($file) { - - } //*** TODO **** check if file exists based on file name and return unique name if does function getUniqueFileName ($filename) { - } // Check file size - we are not going to check file size for now. -// elseif ($_FILES["hw_submission"]["size"] > 5000000) { +// elseif ($_FILES["uploaded_file"]["size"] > 5000000) { // $upload_msg = "Your file is too large."; // $upload_ok = 0; // } From 8fb56561893419e08e592f954a69f4444d3c118e Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:43:52 -0500 Subject: [PATCH 1042/1184] usb_lib/templates/content_dir.conf.unused: rename unused file --- .../templates/{content_dir.conf => content_dir.conf.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/usb_lib/templates/{content_dir.conf => content_dir.conf.unused} (100%) diff --git a/roles/usb_lib/templates/content_dir.conf b/roles/usb_lib/templates/content_dir.conf.unused similarity index 100% rename from roles/usb_lib/templates/content_dir.conf rename to roles/usb_lib/templates/content_dir.conf.unused From 1da4d45509868e5fe0fc5c6bf0ed71bf1fd9b8a1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Jan 2025 00:29:57 -0500 Subject: [PATCH 1043/1184] Update LICENSING.md --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index 33776a06e..77c1ed0b9 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2024, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2025, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From 956257f6cb57a7382b2bcfc2c92ebba41238a454 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:45:00 +0100 Subject: [PATCH 1044/1184] usb_lib/upload/*.php, usb_lib/tasks/install.yml: Moving app from upload2usb/ to upload/; Fixing UK image on upload-file page; Minor formatting changes --- .../usb_lib/files/{upload2usb => upload}/index.php | 2 +- .../files/{upload2usb => upload}/uk-swing.png | Bin .../files/{upload2usb => upload}/upload-file.php | 2 +- .../files/{upload2usb => upload}/upload2usb.php | 1 + roles/usb_lib/tasks/install.yml | 10 +++++----- 5 files changed, 8 insertions(+), 7 deletions(-) rename roles/usb_lib/files/{upload2usb => upload}/index.php (96%) rename roles/usb_lib/files/{upload2usb => upload}/uk-swing.png (100%) rename roles/usb_lib/files/{upload2usb => upload}/upload-file.php (96%) rename roles/usb_lib/files/{upload2usb => upload}/upload2usb.php (96%) diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload/index.php similarity index 96% rename from roles/usb_lib/files/upload2usb/index.php rename to roles/usb_lib/files/upload/index.php index 8151458b4..0287e44f2 100644 --- a/roles/usb_lib/files/upload2usb/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -35,7 +35,7 @@ $file_count = getFileCount(getTargetFolderPath(0)); <img class="mb-4" src="uk-swing.png" alt="" width="75"> <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> - <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label> + <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label><br/> <input type="file" name="uploaded_file" id="uploaded_file"><br/><br/> <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> </form> diff --git a/roles/usb_lib/files/upload2usb/uk-swing.png b/roles/usb_lib/files/upload/uk-swing.png similarity index 100% rename from roles/usb_lib/files/upload2usb/uk-swing.png rename to roles/usb_lib/files/upload/uk-swing.png diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload/upload-file.php similarity index 96% rename from roles/usb_lib/files/upload2usb/upload-file.php rename to roles/usb_lib/files/upload/upload-file.php index ef23713ab..684372823 100644 --- a/roles/usb_lib/files/upload2usb/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -56,7 +56,7 @@ $file_count = getFileCount($target_folder_path) <div class="row"> <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> + <img class="mb-4" src="uk-swing.png" alt="" width="75"> <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> <?php echo $upload_msg ?> <br/> <?php echo $file_count ?> files have been submitted today! diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php similarity index 96% rename from roles/usb_lib/files/upload2usb/upload2usb.php rename to roles/usb_lib/files/upload/upload2usb.php index 15a94290d..bd13d1f6b 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -16,6 +16,7 @@ function getTargetUSBDriveLocation () { if (empty($removable_usb_path)) { return "/library/www/html/local_content/"; } else { +// error_log ("REMOVABLE USB PATH: " . $removable_usb_path); return $removable_usb_path . "/"; } } diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e05eeefc0..de16e83a7 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,21 +76,21 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb directory to local_content' +- name: '2025-01-05: Add upload2usb app directory to local_content' file: state: directory - path: "{{ doc_root }}/local_content/upload2usb" + path: "{{ doc_root }}/local_content/upload" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload2usb/ to local_content' +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html + dest: "{{ doc_root }}/local_content/upload" # /library/www/html with_fileglob: - - upload2usb/* + - upload/* # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ From 30f940a5f4c8f13e94fbcef8591747035273a014 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 12 Jan 2025 12:04:47 +0100 Subject: [PATCH 1045/1184] error.php, header.php, footer.php - Add custom exception handling, header, footer; index.php, upload-file.php, upload-2-usb.php - Require exactly 1 USB stick to be inserted, allow same file name but different content (using incremental numbering), reject duplicate content, restrict file types --- roles/usb_lib/files/upload/error.php | 16 +++++ roles/usb_lib/files/upload/footer.php | 14 +++++ roles/usb_lib/files/upload/header.php | 32 ++++++++++ roles/usb_lib/files/upload/index.php | 34 ++--------- roles/usb_lib/files/upload/upload-file.php | 56 +++++++----------- roles/usb_lib/files/upload/upload2usb.php | 68 ++++++++++++++++++---- 6 files changed, 142 insertions(+), 78 deletions(-) create mode 100644 roles/usb_lib/files/upload/error.php create mode 100644 roles/usb_lib/files/upload/footer.php create mode 100644 roles/usb_lib/files/upload/header.php diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php new file mode 100644 index 000000000..75d4f5a2d --- /dev/null +++ b/roles/usb_lib/files/upload/error.php @@ -0,0 +1,16 @@ +<?php +/* +* error.php +* Upload2USB App error +*/ + +?> + +AN ERROR occurred! Please make sure <span style="color:red; font-weight:bold"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. <!-- Also make sure the <span style="color:red; font-weight:bold;">usb_lib_umask0000_for_kolibri</span> parameter in your IIAB configuration file is set to True. --> Reach out to TK for help if you have any questions or continue having trouble with the setup. +<br/><br/> + +Share the below error message with IIAB developers at TK for debugging: +<pre><?php if (isset($exception)) {echo (string)$exception;} ?></pre> + + + diff --git a/roles/usb_lib/files/upload/footer.php b/roles/usb_lib/files/upload/footer.php new file mode 100644 index 000000000..2e1fef0f7 --- /dev/null +++ b/roles/usb_lib/files/upload/footer.php @@ -0,0 +1,14 @@ +<?php +/* +* footer.php +* Upload2USB App Footer for all User Facing Pages +*/ + +?> + + </div> + </div> + </div> + +</body> +</html> diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload/header.php new file mode 100644 index 000000000..78592e86d --- /dev/null +++ b/roles/usb_lib/files/upload/header.php @@ -0,0 +1,32 @@ +<?php +/* +* header.php +* Upload2USB App Header for all User Facing Pages +*/ + + +include("upload2usb.php"); + +?> + +<!DOCTYPE html> +<html> + + <head> + <title><?php echo $title ?></title> + <meta http-equiv="content-type" content="text/html; charset=UTF-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> + <link rel="stylesheet" href="/common/css/fa.all.min.css"/> + <link rel="stylesheet" href="/common/css/font-faces.css"/> + <script src="/common/js/jquery.min.js"></script> + <script src="/common/js/bootstrap4.min.js"></script> + </head> + <body class="text-center" style="background-color:#f5f5f5;"> + <div id="container" class="container"> + <div class="row"> + <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> + + <img class="mb-4" src="uk-swing.png" alt="" width="75"> + <h1 class="h3 mb-3 font-weight-normal"><?php echo $title ?></h1> diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index 0287e44f2..670d8499e 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -4,47 +4,21 @@ * Upload2USB App Index Page */ -include("upload2usb.php"); +$title = "IIAB Upload to USB"; +include("header.php"); //Check if folder for today exists, and get file count if it does - $file_count = getFileCount(getTargetFolderPath(0)); ?> -<!DOCTYPE html> -<html> - - <head> - <title>IIAB Upload to USB App</title> - <meta http-equiv="content-type" content="text/html; charset=UTF-8"> - <meta name="viewport" content="width=device-width, initial-scale=1"> - - <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> - <link rel="stylesheet" href="/common/css/fa.all.min.css"/> - <link rel="stylesheet" href="/common/css/font-faces.css"/> - <script src="/common/js/jquery.min.js"></script> - <script src="/common/js/bootstrap4.min.js"></script> - </head> - <body class="text-center" style="background-color:#f5f5f5;"> - <div id="container" class="container"> - <div class="row"> - <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <form action="upload-file.php" id="upload2usb_form" method="post" enctype="multipart/form-data"> - <img class="mb-4" src="uk-swing.png" alt="" width="75"> - <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> - <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label><br/> <input type="file" name="uploaded_file" id="uploaded_file"><br/><br/> <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> </form> <br/> - <?php echo $file_count ?> files have been uploaded today! + <?php echo $file_count ?> files have been uploaded today! - </div> - </div> - </div> -</body> -</html> +<?php include ("footer.php"); ?> \ No newline at end of file diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 684372823..d86f9aa60 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -4,20 +4,29 @@ * Upload2USB App - Process Submission */ -include("upload2usb.php"); +$title = "IIAB Upload to USB App Results"; +include("header.php"); //get folder path where file will be stored $target_folder_path = getTargetFolderPath(1); -$target_file = $target_folder_path . "/" . basename($_FILES["uploaded_file"]["name"]); +$uploaded_filename = basename($_FILES["uploaded_file"]["name"]); +$target_file = $target_folder_path . "/" . $uploaded_filename; $upload_ok = 1; $upload_msg = ""; -if(!isset($_POST["submit"]) || empty(basename($_FILES["uploaded_file"]["name"]))) { - $upload_msg = "No file submitted."; +if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_name'])) { + $upload_msg = "No file submitted!"; + $upload_ok = 0; +} elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; + $upload_ok = 0; +} elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "This file already exists!"; $upload_ok = 0; } elseif (file_exists($target_file)) { - $upload_msg = "This file already exists."; - $upload_ok = 0; + // rename file so name is unique + $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); + $target_file = $target_folder_path . "/" . $new_filename; } // Check if $upload_ok is set to 0 by an error @@ -27,44 +36,19 @@ if ($upload_ok == 0) { // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { - $upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( basename( $_FILES["uploaded_file"]["name"])). "</span> was successfully uploaded!"; + $upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( $uploaded_filename ). "</span> was successfully uploaded!"; } else { - $upload_msg = "&#x274C; There was an error uploading your file. " . $upload_msg; + $upload_msg = "&#x274C; There was an error uploading your file. " . $_FILES["upload_file"]["error"] . $upload_msg; } } -$file_count = getFileCount($target_folder_path) +$file_count = getFileCount($target_folder_path); ?> -<!DOCTYPE html> -<html> - - <head> - <title>IIAB Upload to USB App</title> - <meta http-equiv="content-type" content="text/html; charset=UTF-8"> - <meta name="viewport" content="width=device-width, initial-scale=1"> - - <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> - <link rel="stylesheet" href="/common/css/fa.all.min.css"/> - <link rel="stylesheet" href="/common/css/font-faces.css"/> - <script src="/common/js/jquery.min.js"></script> - <script src="/common/js/bootstrap4.min.js"></script> - </head> - <body class="text-center" style="background-color:#f5f5f5;"> - <div id="container" class="container"> - <div class="row"> - <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - - <img class="mb-4" src="uk-swing.png" alt="" width="75"> - <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> <?php echo $upload_msg ?> <br/> <?php echo $file_count ?> files have been submitted today! - </div> - </div> - </div> - -</body> -</html> +<?php include ("footer.php"); ?> + diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index bd13d1f6b..3de51297d 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -4,6 +4,12 @@ * Upload2USB App Helper Functions */ +set_exception_handler(function (Throwable $exception) { + error_log('UPLOAD2USB ERROR: ' . (string)$exception); + + include ("error.php"); +}); + //return the first removable USB drive location function getTargetUSBDriveLocation () { @@ -11,26 +17,32 @@ function getTargetUSBDriveLocation () { // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 - $removable_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + # error if 1<>usb sticks are installed + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); + if ($rmv_usb_path_count == 0) { + throw new RuntimeException('0 USB sticks found <br/><br/>'); + } elseif ($rmv_usb_path_count > 1) { + throw new RuntimeException('More than 1 USB sticks installed <br/><br/>'); + } - if (empty($removable_usb_path)) { - return "/library/www/html/local_content/"; + $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + + if (empty($rmv_usb_path)) { + throw new RuntimeException('Not able to find USB stick <br/><br/>'); } else { -// error_log ("REMOVABLE USB PATH: " . $removable_usb_path); - return $removable_usb_path . "/"; + return $rmv_usb_path . "/"; } } //returns folder path where file will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist function getTargetFolderPath ($create_folder_p) { $parent_dir = getTargetUSBDriveLocation(); -// error_log("PARENTDIR: " . $parent_dir); + $today_folder_name = "UPLOADS." . date("Y-m-d"); $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777); - + mkdir($target_folder_path, 0777); } return $target_folder_path; } @@ -40,15 +52,45 @@ function getFileCount ($folder_path) { return count(glob($folder_path . "/*")); } -//*** TODO *** check file content to see if it's unique or not -function isFileContentUnique ($file) { +//check if file mimetype is acceptable for upload +function isFileMimeTypeAcceptable ($file) { + $mimetype = strtolower(mime_content_type($file)); + $invalid_mimetypes_str = array ("compress", "octet", "xml", "zip"); + foreach ($invalid_mimetypes_str as $invalid_mt_str) { + if (str_contains($mimetype, $invalid_mt_str)) { + return false; + } + } + return true; } +//check file content to see if it's unique or not +function isFileContentUnique ($target_folder_path, $file) { + $file_to_upload_md5 = md5_file($file); + $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); + foreach ($usb_dir as $dir_file) { + $dir_file = $target_folder_path . "/" . $dir_file; -//*** TODO **** check if file exists based on file name and return unique name if does -function getUniqueFileName ($filename) { + if (!is_dir($dir_file)) { + $dir_file_md5 = md5_file($dir_file); + if ($file_to_upload_md5 == $dir_file_md5) { + return false; + } + } + } + return true; } +//return unique filename +function getUniqueFileName ($target_folder_path, $filename) { + $new_filename = $filename; + $counter = 1; + while (file_exists($target_folder_path . "/" . $new_filename)) { + $counter++; + $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); + } + return $new_filename; +} // Check file size - we are not going to check file size for now. // elseif ($_FILES["uploaded_file"]["size"] > 5000000) { @@ -56,4 +98,6 @@ function getUniqueFileName ($filename) { // $upload_ok = 0; // } + + ?> From 312ddce9ecbeda749e70e9e66cc2cc5ab33363e9 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 12 Jan 2025 12:07:37 +0100 Subject: [PATCH 1046/1184] Adding PR number to beginning of upload2usb block --- roles/usb_lib/tasks/install.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index de16e83a7..670c2f61a 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,7 +76,7 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app directory to local_content' +- name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' file: state: directory path: "{{ doc_root }}/local_content/upload" @@ -84,7 +84,6 @@ group: "{{ apache_user }}" mode: 0755 - - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" @@ -92,7 +91,6 @@ with_fileglob: - upload/* - # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 From 917c6840d69e43d16155cb0035cd91e4fcdc69a2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 8 Jan 2025 19:26:27 -0600 Subject: [PATCH 1047/1184] better visual feedback when running --- roles/network/tasks/hostapd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 4d64bf843..afc3d701c 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -3,7 +3,7 @@ hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap -- name: Disable the Access Point 'hostapd' service +- name: Disable the Access Point 'hostapd' service hostapd_enabled False systemd: name: hostapd enabled: no @@ -15,7 +15,7 @@ ignore_errors: True when: wifi_up_down and can_be_ap and has_wifi_gateway is defined -- name: Set Wifi Region country code for hostapd when present +- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 From 9391d37f40944de7a61efffa68c76b51b246e19f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 9 Jan 2025 16:43:01 -0600 Subject: [PATCH 1048/1184] move country code detection --- roles/network/tasks/detected_network.yml | 13 +++++++++++++ roles/network/tasks/hostapd.yml | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 0fe997598..34c5ade8d 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -239,6 +239,17 @@ iiab_lan_iface: "{{ iiab_wireless_lan_iface }}" when: iiab_wireless_lan_iface is defined and nobridge is defined +- name: Detect WiFi country code in use + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -295,6 +306,8 @@ value: "{{ iiab_wan_iface }}" - option: can_be_ap value: "{{ can_be_ap }}" + - option: host_country_code_found + value: "{{ host_country_code }}" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index afc3d701c..ac5df14d9 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,17 +9,6 @@ enabled: no when: not hostapd_enabled -- name: Detect WiFi country code in use - shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" - register: REG_DOM - ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - -- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present - set_fact: - host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel From fa8cc5637e044f4cf46ebf96c0db51e96cbf356b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 12 Jan 2025 10:26:51 -0600 Subject: [PATCH 1049/1184] move channel detection also --- roles/network/tasks/detected_network.yml | 16 ++++++++++++++++ roles/network/tasks/hostapd.yml | 16 ---------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 34c5ade8d..aaaf06a7e 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -250,6 +250,11 @@ host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 +- name: Detect current Wifi channel + shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 + register: current_client_channel + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -309,6 +314,17 @@ - option: host_country_code_found value: "{{ host_country_code }}" +- name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: client_wifi_channel_found + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined + # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired - name: I'm not guessing declare gateway please diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index ac5df14d9..67e04f798 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,11 +9,6 @@ enabled: no when: not hostapd_enabled -- name: Detect current Wifi channel - shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 - register: current_client_channel - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: host_channel: "{{ current_client_channel.stdout }}" @@ -120,14 +115,3 @@ value: "{{ host_country_code }}" - option: host_channel value: "{{ host_channel }}" - -- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} - ini_file: - dest: "{{ iiab_ini_file }}" - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined From a9c916e2199988c63faf2c4d51449d627d0dc108 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 8 Jan 2025 19:26:32 -0600 Subject: [PATCH 1050/1184] dont start hostapd when no_net_restart is True --- roles/network/tasks/restart.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index ec1dda7b6..9220e2d92 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -28,12 +28,12 @@ state: restarted when: wifi_up_down and can_be_ap and ansible_ap0 is undefined -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd state: restarted daemon_reload: yes - when: hostapd_enabled and (wifi_up_down or not no_net_restart) + when: hostapd_enabled and not no_net_restart # 2022-07-22: @jvonau suggests commenting this out as: "we really don't touch # any of the config files... netplan.yml renames one file if it's a container @@ -107,7 +107,7 @@ systemd: name: hostapd state: restarted - when: hostapd_enabled and wifi_slave.stdout is defined and wifi_slave.stdout == 0 + when: hostapd_enabled and not no_net_restart and wifi_slave.stdout is defined and wifi_slave.stdout == 0 #both interfaces.d and systemd-networkd should have br0 available and Appliance lacks br0 #keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address From fb008640ef031e476f8b11262e8a724b4a027880 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 8 Jan 2025 23:49:37 -0600 Subject: [PATCH 1051/1184] deal with tailscale0 --- roles/network/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 82de51aff..6b81d5a58 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -55,7 +55,7 @@ strict_networking: False iiab_demo_mode: False gui_static_wan: False wan_cidr: "" -virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" +virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e tailscale0" # Set defaults for discovery process as strings wifi1: "not found-1" From e75a8e5449e58b672fa776202411ea2755406af4 Mon Sep 17 00:00:00 2001 From: tim-moody <tim@timmoody.com> Date: Mon, 13 Jan 2025 19:43:02 -0500 Subject: [PATCH 1052/1184] set www_data poweroff false with rename --- roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml | 2 +- roles/www_options/tasks/main.yml | 16 ++++++++-------- roles/www_options/tasks/php-settings.yml | 2 +- ...ache_poweroff.j2 => 020_www_data_poweroff.j2} | 0 vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- 10 files changed, 21 insertions(+), 21 deletions(-) rename roles/www_options/templates/{020_apache_poweroff.j2 => 020_www_data_poweroff.j2} (100%) diff --git a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml index e39bea703..a28c2da61 100644 --- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml +++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml @@ -8,7 +8,7 @@ # apache_interface: 127.0.0.1 # Make this False to disable http://box/common/services/power_off.php button: -# allow_www_data_sudo: True +# allow_www_data_poweroff: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 2319c58f5..5795ea7e6 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -77,22 +77,22 @@ # COMPARE nginx_high_php_limits further above. -# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_sudo) PRESUMABLY WORK +# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_poweroff) PRESUMABLY WORK # WITH NGINX TOO ? (The single-click poweroff button on IIAB's home # page certainly does still work with NGINX.) -- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template +- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_www_data_poweroff from template template: - src: 020_apache_poweroff.j2 - dest: /etc/sudoers.d/020_apache_poweroff + src: 020_www_data_poweroff.j2 + dest: /etc/sudoers.d/020_www_data_poweroff mode: '0440' - when: allow_www_data_sudo + when: allow_www_data_poweroff -- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff +- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_www_data_poweroff file: - path: /etc/sudoers.d/020_apache_poweroff + path: /etc/sudoers.d/020_www_data_poweroff state: absent - when: not allow_www_data_sudo + when: not allow_www_data_poweroff # 2022-06-30: internet_available var removed diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 184c07b21..23c85d24b 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -207,4 +207,4 @@ # name: php{{ php_version }}-fpm # state: restarted -# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_sudo conditionals below. +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_poweroff conditionals below. diff --git a/roles/www_options/templates/020_apache_poweroff.j2 b/roles/www_options/templates/020_www_data_poweroff.j2 similarity index 100% rename from roles/www_options/templates/020_apache_poweroff.j2 rename to roles/www_options/templates/020_www_data_poweroff.j2 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4e61819a2..4494cbd72 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -274,7 +274,7 @@ nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # roles/www_base runs here (mandatory) @@ -341,7 +341,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False apache_service: apache2 apache_user: www-data # Admin Console uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index ac2e78128..920cf7ba1 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 45d6db53f..d997362a4 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -13,7 +13,7 @@ munin_enabled: True vnstat_install: True vnstat_enabled: True usb_lib_umask0000_for_kolibri: False -allow_www_data_sudo: True +allow_www_data_poweroff: False # By default # kiwix # awstats diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index c12fcb04f..a554dc34b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 88253e035..8689b3ae9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 39d8cf05c..30720a49e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -178,7 +178,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -225,7 +225,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: True From 2981a7deaa5df95dfc5064e68c84901ac2a4a1c0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 13 Jan 2025 22:19:43 -0500 Subject: [PATCH 1053/1184] hostapd.yml: "Disable the Access Point 'hostapd' service if hostapd_enabled False" --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 67e04f798..c845bd637 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -3,7 +3,7 @@ hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap -- name: Disable the Access Point 'hostapd' service hostapd_enabled False +- name: Disable the Access Point 'hostapd' service if hostapd_enabled False systemd: name: hostapd enabled: no From a16be49be576b2f059a384c895c32ae3bd02b9dd Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 15 Jan 2025 03:16:16 -0600 Subject: [PATCH 1054/1184] add recording of firmware selection and force wifi_up_down false when required --- roles/network/tasks/detected_network.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index aaaf06a7e..bd657010b 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -255,6 +255,11 @@ register: current_client_channel when: wifi_up_down and can_be_ap and has_wifi_gateway is defined +- name: Forcing wifi_up_down to False based on firmware selection "24" + set_fact: + wifi_up_down: False + when: rpi3bplus_rpi4_wifi_firmware == "24" + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -313,6 +318,10 @@ value: "{{ can_be_ap }}" - option: host_country_code_found value: "{{ host_country_code }}" + - option: firmware_option_1 + value: "{{ rpi3bplus_rpi4_wifi_firmware }}" + - option: firmware_option_2 + value: "{{ rpizerow_rpi3_wifi_firmware }}" - name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} ini_file: From 3bb41e2e07fbc0d40027e1b2e0eabd38640549d1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 15 Jan 2025 03:17:01 -0600 Subject: [PATCH 1055/1184] move firmware replacement --- roles/network/tasks/main.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 7e2f1eabb..221ea61b6 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,8 +1,3 @@ -- name: Select RPi firmware mode - include_role: - name: firmware - when: rpi_model != "none" - - name: detected_network include_tasks: detected_network.yml @@ -108,6 +103,10 @@ # end block when: network_installed is defined and network_enabled +- name: Select RPi firmware mode + include_role: + name: firmware + when: rpi_model != "none" - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: From d52fe013cd07b8bef45d070237c535ec72861f37 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 16 Jan 2025 07:07:51 -0600 Subject: [PATCH 1056/1184] don't restart wpa_supplicant when network_manager_active is set --- roles/network/tasks/restart.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 9220e2d92..5902f5d50 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -12,7 +12,7 @@ state: restarted with_items: - wpa_supplicant - when: wifi_up_down and hostapd_enabled + when: wifi_up_down and hostapd_enabled and not network_manager_active - name: Enable & Restart networkd-dispatcher.service systemd: From ca22622c7d30b4981f4ebfe679bbd6d8d1aac777 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 16 Jan 2025 09:51:32 -0500 Subject: [PATCH 1057/1184] detected_network.yml: Record WiFi firmware vars (43430 & 43455) --- roles/network/tasks/detected_network.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index bd657010b..ba104f5d6 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -318,10 +318,10 @@ value: "{{ can_be_ap }}" - option: host_country_code_found value: "{{ host_country_code }}" - - option: firmware_option_1 - value: "{{ rpi3bplus_rpi4_wifi_firmware }}" - - option: firmware_option_2 - value: "{{ rpizerow_rpi3_wifi_firmware }}" + - option: wifi_firmware_43430 + value: "{{ rpizerow_rpi3_wifi_firmware }}" + - option: wifi_firmware_43455 + value: "{{ rpi3bplus_rpi4_wifi_firmware }}" - name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} ini_file: From a5e90f65111f11d2976a861bcf43e44499460643 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 16 Jan 2025 09:54:44 -0500 Subject: [PATCH 1058/1184] network/tasks/main.yml: Blank line --- roles/network/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 221ea61b6..bb05482f5 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -108,6 +108,7 @@ name: firmware when: rpi_model != "none" + - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" From f8b743dafc003cecb57043eea42295ddf12649d3 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Fri, 17 Jan 2025 09:34:15 +0100 Subject: [PATCH 1059/1184] error.php, index.php, upload-file.php, upload2usb.php: Updating error message to refer to FAQs, titles to be more succinct, adding exception when directory can't be created. --- roles/usb_lib/files/upload/error.php | 4 ++-- roles/usb_lib/files/upload/index.php | 2 +- roles/usb_lib/files/upload/upload-file.php | 2 +- roles/usb_lib/files/upload/upload2usb.php | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index 75d4f5a2d..c5210d229 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -6,10 +6,10 @@ ?> -AN ERROR occurred! Please make sure <span style="color:red; font-weight:bold"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. <!-- Also make sure the <span style="color:red; font-weight:bold;">usb_lib_umask0000_for_kolibri</span> parameter in your IIAB configuration file is set to True. --> Reach out to TK for help if you have any questions or continue having trouble with the setup. +ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQs for additional support: <a href="https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content%3F">FAQ #4 - Can teachers display their own content?</a>, <a href="https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F">FAQ #49 - What are the best places for community support?.</a> + <br/><br/> -Share the below error message with IIAB developers at TK for debugging: <pre><?php if (isset($exception)) {echo (string)$exception;} ?></pre> diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index 670d8499e..e77b079ff 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -4,7 +4,7 @@ * Upload2USB App Index Page */ -$title = "IIAB Upload to USB"; +$title = "Upload to USB"; include("header.php"); //Check if folder for today exists, and get file count if it does diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index d86f9aa60..0d132d1d3 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -4,7 +4,7 @@ * Upload2USB App - Process Submission */ -$title = "IIAB Upload to USB App Results"; +$title = "Upload to USB Results"; include("header.php"); //get folder path where file will be stored diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index 3de51297d..31623ea6f 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -20,15 +20,15 @@ function getTargetUSBDriveLocation () { # error if 1<>usb sticks are installed $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); if ($rmv_usb_path_count == 0) { - throw new RuntimeException('0 USB sticks found <br/><br/>'); + throw new RuntimeException('0 USB sticks found. <br/><br/>'); } elseif ($rmv_usb_path_count > 1) { - throw new RuntimeException('More than 1 USB sticks installed <br/><br/>'); + throw new RuntimeException('More than 1 USB sticks installed. <br/><br/>'); } $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); if (empty($rmv_usb_path)) { - throw new RuntimeException('Not able to find USB stick <br/><br/>'); + throw new RuntimeException('Not able to find USB stick. <br/><br/>'); } else { return $rmv_usb_path . "/"; } @@ -42,7 +42,7 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777); + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_umask0000_for_kolibri' is set to 'True'. <br/><br/>"); } return $target_folder_path; } From ebbe9c066e8bb5e45cea30cca956c0eb82efaf96 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 17 Jan 2025 10:16:37 -0500 Subject: [PATCH 1060/1184] iiab-diagnostics: wpa_supplicant, NetworkManager, dmesg | grep Firmware --- scripts/iiab-diagnostics | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 47a1ae015..248cbb70d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -219,11 +219,14 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' +cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' +cat_cmd 'journalctl -b | grep NetworkManager' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' -cat_cmd 'lspci -nn' 'Devices on PCI buses' +cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' From 59f1d1b090e11e8c9c0bdecc31fcd7de551d56ff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 17 Jan 2025 10:23:36 -0500 Subject: [PATCH 1061/1184] iiab-diagnostics: rpi-eeprom-update to show bootloader version --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 248cbb70d..d1e6e0b2b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -195,6 +195,7 @@ echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' +cat_cmd 'rpi-eeprom-update' 'RPi Bootloader EEPROM' cat_cmd 'df -h' 'Disk usage' cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' From 720e328ab6c35167b7cbbd02b528a75fd9ef61c6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 17 Jan 2025 10:55:43 -0500 Subject: [PATCH 1062/1184] iiab-diagnostics: Cap NetworkManager logging at 100 lines for now --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d1e6e0b2b..51063f9f7 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -221,7 +221,7 @@ cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' -cat_cmd 'journalctl -b | grep NetworkManager' 'NetworkManager log since boot' +cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' From d09842245b16b2baa8d64e02c5aaabb8d2693e78 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 17 Jan 2025 13:09:48 -0500 Subject: [PATCH 1063/1184] iiab-diagnostics: Clarify RPi WiFi firmware / HW models --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 51063f9f7..273bdd495 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -224,8 +224,8 @@ cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' -cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' -cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' +cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'WiFi firmware for: RPi 3 B+, 4, 5 & 500' cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' From 271da50114dfc80f983d513cb3597c4e12f683ea Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Fri, 17 Jan 2025 23:03:01 +0100 Subject: [PATCH 1064/1184] upload-file.php: Allow upload of redundant files --- roles/usb_lib/files/upload/upload-file.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 0d132d1d3..0b92ee4e5 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -20,15 +20,17 @@ if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_n } elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; $upload_ok = 0; -} elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { - $upload_msg = "This file already exists!"; - $upload_ok = 0; } elseif (file_exists($target_file)) { // rename file so name is unique $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); $target_file = $target_folder_path . "/" . $new_filename; } +#elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { +# $upload_msg = "This file already exists!"; +# $upload_ok = 0; +#} + // Check if $upload_ok is set to 0 by an error if ($upload_ok == 0) { $upload_msg = "&#x274C; Your file was not uploaded. " . $upload_msg; From a81856db5d3f056c781478cacd09e6157627c6bc Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 00:09:09 -0500 Subject: [PATCH 1065/1184] iiab-diagnostics: Cleaner output if COMMAND NOT FOUND --- scripts/iiab-diagnostics | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 273bdd495..eae728eac 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -101,10 +101,18 @@ function cat_cmd() { # $1 = command + params, $2 = explanation spc_params=$(echo "$1" | sed 's/^\s*\S\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim #spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) - if [[ $2 == "" ]]; then - echo "COMMAND: $path_cmd$spc_params" >> $outfile + if [[ $path_cmd == "" ]]; then + if [[ $2 == "" ]]; then + echo "COMMAND: $1" >> $outfile + else + echo "COMMAND: $1 # $2" >> $outfile + fi else - echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile + if [[ $2 == "" ]]; then + echo "COMMAND: $path_cmd$spc_params" >> $outfile + else + echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile + fi fi echo >> $outfile if [[ $path_cmd == "" ]]; then From 803197e8179774ebf67a21b3680af29fccf4862e Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 00:23:47 -0500 Subject: [PATCH 1066/1184] iiab-diagnostics.README.md: Update key line numbers --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index fa6c560e5..8e60124a3 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-256 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-268 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From d6b7114afc168989202e18f02d6a16c2b3ebd2c5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 01:35:36 -0500 Subject: [PATCH 1067/1184] CI: Revert ARM tests to run on Ubuntu 22.04 for now --- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- ...aspios.yml => 30min-iiab-test-install-raspios-on-zero2w.yml} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{30min-iiab-test-install-raspios.yml => 30min-iiab-test-install-raspios-on-zero2w.yml} (99%) diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index 9940b2781..403b1e7a7 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: matrix: arch: [debian12] diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml similarity index 99% rename from .github/workflows/30min-iiab-test-install-raspios.yml rename to .github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index ea89758ed..9a51536ab 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: matrix: arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] From 66fd7fad394c5fee13e4572647fb029823179bc8 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 01:46:50 -0500 Subject: [PATCH 1068/1184] Cleaner 30min-iiab-test-install-raspios-on-zero2w.yml --- .../30min-iiab-test-install-raspios-on-zero2w.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index 9a51536ab..63105bd68 100644 --- a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install raspios' +name: '"30 min" IIAB test install raspios on zero2w' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html @@ -65,13 +65,13 @@ jobs: uname -a # uname -srm whoami # Typically 'root' instead of 'runner' pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} - sudo apt-get update -y --allow-releaseinfo-change - sudo apt-get install --no-install-recommends -y git + apt-get update -y --allow-releaseinfo-change + apt-get install --no-install-recommends -y git ls /opt/iiab/iiab - sudo mkdir /etc/iiab - sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml - sudo /opt/iiab/iiab/scripts/ansible - sudo ./iiab-install + mkdir /etc/iiab + cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + /opt/iiab/iiab/scripts/ansible + ./iiab-install cd /opt/iiab/iiab iiab-summary cat /etc/iiab/iiab_state.yml From 6f63de16223a3bcae3003972c664f120de103221 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 02:42:28 -0500 Subject: [PATCH 1069/1184] Clarify & tighten up all 3 GHA workflow names (titles) --- .github/workflows/10min-iiab-test-install.yml | 2 +- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- .github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 24dfc6c79..d2b8bd056 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -1,4 +1,4 @@ -name: '"10 min" IIAB test install' +name: '"10 min" IIAB on Ubuntu 24.04 on x86-64' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index 403b1e7a7..a8703346e 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install deb12 on rpi3' +name: '"30 min" IIAB on Debian 12 on RPi 3' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html diff --git a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index 63105bd68..9b521fee6 100644 --- a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install raspios on zero2w' +name: '"30 min" IIAB on RasPiOS on Zero 2 W' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html From f60a61ea4bfa1f83ef74d6fdd43e1303f1763303 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 18 Jan 2025 14:04:33 -0600 Subject: [PATCH 1070/1184] replace is_raspbian with dhcpcd_result == enabled --- roles/network/templates/hostapd/iiab-hotspot-off | 4 ++-- roles/network/templates/hostapd/iiab-hotspot-on | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 25a5053be..fb45603a6 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -14,7 +14,7 @@ echo " IIAB hotspot access point Disabled" #exit 0 {% else %} echo " IIAB hotspot access point Disabled" -{% if is_raspbian %} +{% if dhcpcd_result == "enabled" %} # hotspot-off before ap0_updown sed -i "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf #systemctl disable dnsmasq @@ -37,7 +37,7 @@ fi echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" #exit 0 {% endif %} -#is_raspbian +#if dhcpcd_result == "enabled" {% endif %} #wifi_up_down {% endif %} diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 03ca2d4ae..35ccc7adf 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -16,7 +16,7 @@ systemctl enable hostapd systemctl enable iiab-wifi-test.service #exit 0 {% else %} -{% if is_raspbian %} +{% if dhcpcd_result == "enabled" %} # just do what we have always done in hotspot-on cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf @@ -44,7 +44,7 @@ fi systemctl enable hostapd #exit 0 {% endif %} -#is_raspbian +#if dhcpcd_result == "enabled" {% endif %} #wifi_up_down {% endif %} From 9426e6ac98802ebbfdd8a2c74d964a9a6f0b5293 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 19 Jan 2025 08:21:27 +0100 Subject: [PATCH 1071/1184] upload-file.php: throw error when user uploads a file that has the same content and name as an already uploaded file on the same day. --- roles/usb_lib/files/upload/upload-file.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 0b92ee4e5..510a308ab 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -21,15 +21,16 @@ if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_n $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; $upload_ok = 0; } elseif (file_exists($target_file)) { - // rename file so name is unique - $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); - $target_file = $target_folder_path . "/" . $new_filename; -} -#elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { -# $upload_msg = "This file already exists!"; -# $upload_ok = 0; -#} + if (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "This file already exists!"; + $upload_ok = 0; + } else { + // rename file so name is unique + $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); + $target_file = $target_folder_path . "/" . $new_filename; + } +} // Check if $upload_ok is set to 0 by an error if ($upload_ok == 0) { From e4bdc4ddabc50ef89bfafe6c112c367076b5956f Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 19 Jan 2025 09:04:01 +0100 Subject: [PATCH 1072/1184] install.yml: add comment that usb_lib_umask0000_for_kolibri must be set to true in order to write to USB sticks. --- roles/usb_lib/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 670c2f61a..94d9b5e9a 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,6 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) +# usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 0994a5786d87b96f56cfdd4461725caa1a29108d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 20 Jan 2025 08:27:49 -0600 Subject: [PATCH 1073/1184] detect Firmware rejected country setting --- roles/network/defaults/main.yml | 1 + roles/network/tasks/detected_network.yml | 26 +++++++++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 6b81d5a58..100b1f6ff 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -71,6 +71,7 @@ iiab_lan_iface: none discovered_lan_iface: none discovered_wired_iface: none discovered_wireless_iface: none +host_country_code_found: unset # Red Hat #iiab_wired_lan_iface: "none" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index ba104f5d6..f75ad3f06 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -243,12 +243,16 @@ shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set host_country_code_found + set_fact: + host_country_code_found: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 and wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 @@ -260,6 +264,11 @@ wifi_up_down: False when: rpi3bplus_rpi4_wifi_firmware == "24" +- name: Detect "Firmware rejected country setting" in dmesg + shell: dmesg | grep ieee80211 | grep "Firmware rejected country setting" + register: FW_rejected_country + ignore_errors: True + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -317,7 +326,7 @@ - option: can_be_ap value: "{{ can_be_ap }}" - option: host_country_code_found - value: "{{ host_country_code }}" + value: "{{ host_country_code_found }}" - option: wifi_firmware_43430 value: "{{ rpizerow_rpi3_wifi_firmware }}" - option: wifi_firmware_43455 @@ -334,6 +343,17 @@ value: "{{ current_client_channel.stdout }}" when: current_client_channel.stdout is defined +- name: Add 'detected_network' variable 'FW_rejected_country' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: FW_rejected_country + value: "{{ host_country_code_found }}" + when: FW_rejected_country.stdout is defined + # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired - name: I'm not guessing declare gateway please From f15a50610ee446ed966eeb95c65f5678d5eaf9a2 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Wed, 22 Jan 2025 05:18:41 +0100 Subject: [PATCH 1074/1184] install.yml: Adding instructions on how to unmount and mount drive manually if writing to the USB stick still doesn't work. --- roles/usb_lib/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 94d9b5e9a..181bd8819 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -8,6 +8,7 @@ # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) # usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 0caa16491df4df543e94813bad138e48ed65aac6 Mon Sep 17 00:00:00 2001 From: Avni Khatri/Fein <avni321@gmail.com> Date: Tue, 21 Jan 2025 23:27:45 -0500 Subject: [PATCH 1075/1184] install.yml: adding e.g. to make clear that variable doesn't have to be in local_vars.yml" roles/usb_lib/tasks/install.yml Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 94d9b5e9a..f5172b190 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,7 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_umask0000_for_kolibri (e.g. in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From f79a43e305675ae2178266921573f72be0d98f98 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Wed, 22 Jan 2025 10:16:21 +0100 Subject: [PATCH 1076/1184] install.yml: merging comments related to usb_lib_umask0000_for_kolibri --- roles/usb_lib/tasks/install.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index afc36e4f8..e435719dc 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,8 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) - -# usb_lib_umask0000_for_kolibri (e.g. in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_umask0000_for_kolibri (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks # If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). From 335d8ad4c1551db1725b0532b815f387e3899177 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Wed, 22 Jan 2025 10:22:38 +0100 Subject: [PATCH 1077/1184] nginx/templates/iiab.conf.j2, usb_lib/files/upload/button.html: Adding button to upload2usb app on every usb/ directory listing page. --- roles/nginx/templates/iiab.conf.j2 | 2 ++ roles/usb_lib/files/upload/button.html | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 roles/usb_lib/files/upload/button.html diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index df2fc6a94..e25a2b08c 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,10 +5,12 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; + add_before_body /usb/upload/button.html; } location /local_content/ { fancyindex on; # autoindex on; + add_before_body /usb/upload/button.html; } location /info { diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html new file mode 100644 index 000000000..276baa839 --- /dev/null +++ b/roles/usb_lib/files/upload/button.html @@ -0,0 +1,19 @@ +<style> +.button { + background-color: #343a40; + border: none; + border-radius:.25rem; + color: white; + padding: .5rem .75rem; + text-align: center; + text-decoration: none; + display: inline-block; + font-size: 1rem; + font-weight:bold; + float:right; +} +.button:hover { + color: #ddd; +} +</style> +<a class="button" href="/local_content/upload/">Upload to USB</a> From 01baaa661a7e274c451198ab80b3bacdb3bb1411 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Jan 2025 16:53:44 -0500 Subject: [PATCH 1078/1184] iiab-diagnostics: Refine 3+ 'sudo dmesg | grep ...' cmds --- scripts/iiab-diagnostics | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index eae728eac..6f93f0359 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -201,6 +201,7 @@ cat_dir /etc/netplan # Redacts most passwords above echo -e "\n 4. Output of Commands:\n" echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' +cat_cmd 'sudo dmesg | grep -i "command line:"' 'Kernel boot parameters' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' cat_cmd 'rpi-eeprom-update' 'RPi Bootloader EEPROM' @@ -230,11 +231,11 @@ cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' -#cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' +#cat_cmd 'sudo dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +cat_cmd 'sudo dmesg | grep Firmware:' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'WiFi firmware for: RPi 3 B+, 4, 5 & 500' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'sudo dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' From 765e1cd4b1060d787e7b580e2368e3701eac9c98 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Jan 2025 17:42:56 -0500 Subject: [PATCH 1079/1184] iiab-diagnostics: Use sudo with journalctl (in all 6 cases_ --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 6f93f0359..ca1ee4d67 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,8 +229,8 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' -cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' -cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' +cat_cmd 'sudo journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' +cat_cmd 'sudo journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'sudo dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'sudo dmesg | grep Firmware:' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' @@ -245,10 +245,10 @@ cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorat cat_cmd 'sudo lb --version' 'xklb version' cat_cmd 'sudo yt-dlp --version' 'yt-dlp version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' -cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' +cat_cmd 'sudo journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 cat_tail /var/log/xklb.log 300 -cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' +cat_cmd 'sudo journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" From 89a06d6e5e5706a81faf5345acc7cb8bef785a84 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:26:43 -0500 Subject: [PATCH 1080/1184] Update iiab-diagnostics.README.md for PR #3909 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 8e60124a3..f766e922e 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-268 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-269 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From ad175fb3caf50a66935afbcef7616ea18affff56 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Thu, 23 Jan 2025 06:19:13 +0100 Subject: [PATCH 1081/1184] index.php, upload-file.php: change 'submit' to 'upload' in user-facing text --- roles/usb_lib/files/upload/index.php | 2 +- roles/usb_lib/files/upload/upload-file.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index e77b079ff..6eab98dbf 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -15,7 +15,7 @@ $file_count = getFileCount(getTargetFolderPath(0)); <form action="upload-file.php" id="upload2usb_form" method="post" enctype="multipart/form-data"> <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label><br/> <input type="file" name="uploaded_file" id="uploaded_file"><br/><br/> - <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> + <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Upload</button> </form> <br/> <?php echo $file_count ?> files have been uploaded today! diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 510a308ab..a3c6e9674 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -15,10 +15,10 @@ $upload_ok = 1; $upload_msg = ""; if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_name'])) { - $upload_msg = "No file submitted!"; + $upload_msg = "No file uploaded!"; $upload_ok = 0; } elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { - $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; + $upload_msg = "You cannot upload zips, executables, xml, or binary files!"; $upload_ok = 0; } elseif (file_exists($target_file)) { @@ -50,7 +50,7 @@ $file_count = getFileCount($target_folder_path); ?> <?php echo $upload_msg ?> <br/> - <?php echo $file_count ?> files have been submitted today! + <?php echo $file_count ?> files have been uploaded today! <?php include ("footer.php"); ?> From 91533f5fb3eb4a4e2eda0d807cfacbb6cec8b7a1 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Thu, 23 Jan 2025 06:19:25 +0100 Subject: [PATCH 1082/1184] iiab.conf.j2: modify config to route /usb/upload/*.php to the upload2usb app! --- roles/nginx/templates/iiab.conf.j2 | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index e25a2b08c..e3fdee774 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,7 +5,20 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /usb/upload/button.html; +} + +location ~ ^/usb/upload/(.*)\.php$ { + alias /library/www/html/local_content/upload/$1.php; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + include fastcgi_params; } location /local_content/ { From 68dafdbc399bd493bee8cd5b2c6a55cb707e9846 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Thu, 23 Jan 2025 06:27:32 +0100 Subject: [PATCH 1083/1184] button.html: change button href to point to /usb/upload instead of /local_content/upload --- roles/usb_lib/files/upload/button.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html index 276baa839..658f74fb2 100644 --- a/roles/usb_lib/files/upload/button.html +++ b/roles/usb_lib/files/upload/button.html @@ -16,4 +16,4 @@ color: #ddd; } </style> -<a class="button" href="/local_content/upload/">Upload to USB</a> +<a class="button" href="/usb/upload/">Upload to USB</a> From 6dfda009e424dbdcb4531433c2d752364cd2edf7 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Thu, 23 Jan 2025 06:51:43 +0100 Subject: [PATCH 1084/1184] upload2usb.php: allow all word files, be more specific about xml mimetypes; log error message if user uploads invalid mimetype --- roles/usb_lib/files/upload/upload2usb.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index 31623ea6f..f2b3aa883 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -55,9 +55,10 @@ function getFileCount ($folder_path) { //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "octet", "xml", "zip"); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml", "zip"); foreach ($invalid_mimetypes_str as $invalid_mt_str) { if (str_contains($mimetype, $invalid_mt_str)) { + error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); return false; } } From 0cc63d8895dd6b07dcee71a61db2c3dbd8304151 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 23 Jan 2025 02:38:56 -0600 Subject: [PATCH 1085/1184] detect cmdline country code passed --- roles/network/tasks/detected_network.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index f75ad3f06..5e95182d3 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -269,6 +269,11 @@ register: FW_rejected_country ignore_errors: True +- name: Detect country code passed from cmdline + shell: dmesg | awk -F cfg80211.ieee80211_regdom= '{print $2}' + register: cmdline_country_code + ignore_errors: True + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -351,7 +356,7 @@ value: "{{ item.value | string }}" with_items: - option: FW_rejected_country - value: "{{ host_country_code_found }}" + value: "{{ cmdline_country_code }}" when: FW_rejected_country.stdout is defined # well if there ever was a point to tell the user things are FUBAR this is it. From eb21c8654aa4a24d6be41e9dab43f35609c5ba03 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 23 Jan 2025 06:45:38 -0600 Subject: [PATCH 1086/1184] UNSET --- roles/network/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 100b1f6ff..593f14922 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -71,7 +71,8 @@ iiab_lan_iface: none discovered_lan_iface: none discovered_wired_iface: none discovered_wireless_iface: none -host_country_code_found: unset +# use the same case as what `iw reg get` would return with 00 present +host_country_code_found: UNSET # Red Hat #iiab_wired_lan_iface: "none" From 999127339102c443a6d2ed9a7612f5ea2a552b73 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 23 Jan 2025 12:36:55 -0600 Subject: [PATCH 1087/1184] grep & stdout --- roles/network/tasks/detected_network.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 5e95182d3..e4ec63bd8 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -269,8 +269,8 @@ register: FW_rejected_country ignore_errors: True -- name: Detect country code passed from cmdline - shell: dmesg | awk -F cfg80211.ieee80211_regdom= '{print $2}' +- name: Detect country code passed from cmdline in dmesg + shell: dmesg | grep ieee80211 | awk -F cfg80211.ieee80211_regdom= '{print $2}' register: cmdline_country_code ignore_errors: True @@ -356,7 +356,7 @@ value: "{{ item.value | string }}" with_items: - option: FW_rejected_country - value: "{{ cmdline_country_code }}" + value: "{{ cmdline_country_code.stdout }}" when: FW_rejected_country.stdout is defined # well if there ever was a point to tell the user things are FUBAR this is it. From dcc9862527f92153ba90affaabdfdc436eb7722f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 23 Jan 2025 15:36:19 -0600 Subject: [PATCH 1088/1184] use systemd-udev-trigger.service --- roles/usb_lib/templates/usbmount@.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 34d75d9f3..52da18ba5 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -1,7 +1,7 @@ [Unit] BindTo=%i.device After=%i.device -After=rc-local.service +After=systemd-udev-trigger.service [Service] #Type=oneshot From e319b394e87177ccf440d62077c9baab2fee735f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 24 Jan 2025 08:14:42 -0600 Subject: [PATCH 1089/1184] Update roles/network/tasks/detected_network.yml future proof Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index e4ec63bd8..a5fc5eaf0 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -270,7 +270,7 @@ ignore_errors: True - name: Detect country code passed from cmdline in dmesg - shell: dmesg | grep ieee80211 | awk -F cfg80211.ieee80211_regdom= '{print $2}' + shell: dmesg | grep -m1 'cfg80211\.ieee80211_regdom=' | awk -F 'cfg80211\.ieee80211_regdom=' '{print $2}' register: cmdline_country_code ignore_errors: True From eecf6f83064c3eda3c5574711720b2d28fd6a4d9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 24 Jan 2025 10:06:30 -0500 Subject: [PATCH 1090/1184] Wifi Country Code might in the middle of dmesg line (not on the right) --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index a5fc5eaf0..1663f8c39 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -270,7 +270,7 @@ ignore_errors: True - name: Detect country code passed from cmdline in dmesg - shell: dmesg | grep -m1 'cfg80211\.ieee80211_regdom=' | awk -F 'cfg80211\.ieee80211_regdom=' '{print $2}' + shell: dmesg | grep -om1 'cfg80211\.ieee80211_regdom=\S*' | cut -d= -f2 register: cmdline_country_code ignore_errors: True From 3b9edfdfc0282cb2218bdcb3a3147302991b50a7 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sat, 25 Jan 2025 07:13:09 +0100 Subject: [PATCH 1091/1184] multiple files in vars/ and usb_lib/: rename usb_lib_umask0000_for_kolibri to usb_lib_writable_sticks so it is more generally applicable --- roles/usb_lib/README.rst | 2 +- roles/usb_lib/defaults/main.yml | 4 ++-- roles/usb_lib/files/upload/upload2usb.php | 2 +- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/tasks/main.yml | 14 +++++++------- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 2 +- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 22fd711d2..54d9714ca 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L76>`_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri and other app exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index 2a4b19308..c53591f8f 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -5,8 +5,8 @@ # iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -# usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# usb_lib_writable_sticks: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index f2b3aa883..cfd87775f 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -42,7 +42,7 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_umask0000_for_kolibri' is set to 'True'. <br/><br/>"); + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_writable_sticks' is set to 'True'. <br/><br/>"); } return $target_folder_path; } diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..4e40a99eb 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,7 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_umask0000_for_kolibri (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks # If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 7836f2d3a..52d192da8 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -32,28 +32,28 @@ # If setup.yml becomes the norm in future, put the 2-3 stanzas below in there: -- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri exports work" +- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"' path: /etc/usbmount/usbmount.conf - when: usb_lib_umask0000_for_kolibri + when: usb_lib_writable_sticks # Setting 'umask=0000' for all filesystems: (much the same thing as above, as # the mount command does not use this umask setting for filesystems like ext4) -#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work" +#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" # lineinfile: # regexp: '^MOUNTOPTIONS=.*' # line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"' # path: /etc/usbmount/usbmount.conf -# when: usb_lib_umask0000_for_kolibri +# when: usb_lib_writable_sticks - name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole path: /etc/usbmount/usbmount.conf - when: not usb_lib_umask0000_for_kolibri + when: not usb_lib_writable_sticks - name: Enable/Disable/Restart NGINX @@ -88,5 +88,5 @@ value: "{{ usb_lib_install }}" - option: usb_lib_enabled value: "{{ usb_lib_enabled }}" - - option: usb_lib_umask0000_for_kolibri - value: "{{ usb_lib_umask0000_for_kolibri }}" + - option: usb_lib_writable_sticks + value: "{{ usb_lib_writable_sticks }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4494cbd72..11ed238a7 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -310,8 +310,8 @@ usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True systemd_location: /lib/systemd/system # 2-common iiab-startup also uses # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 920cf7ba1..91b744051 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: True diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index d997362a4..445c9bb2f 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -12,7 +12,7 @@ munin_install: True munin_enabled: True vnstat_install: True vnstat_enabled: True -usb_lib_umask0000_for_kolibri: False +usb_lib_writable_sticks: False allow_www_data_poweroff: False # By default # kiwix diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a554dc34b..f55dd8ce8 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8689b3ae9..5cfa34bec 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 30720a49e..89accf217 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -202,7 +202,7 @@ bluetooth_term_enabled: False iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False From 286890b0d097e84ab404e8f40dc25432f3009d6d Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sat, 25 Jan 2025 08:14:44 +0100 Subject: [PATCH 1092/1184] error.php: updating FAQ reference to refer to new upload2usb-specific FAQ. --- roles/usb_lib/files/upload/error.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index c5210d229..2e51003e0 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -5,8 +5,7 @@ */ ?> - -ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQs for additional support: <a href="https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content%3F">FAQ #4 - Can teachers display their own content?</a>, <a href="https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F">FAQ #49 - What are the best places for community support?.</a> +ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, <a href="https://wiki.iiab.io/go/FAQ#Can_students_upload_their_own_work%3F" style="font-style:italic;">Can students upload their own work?,</a> for additional support. <br/><br/> From 44e2772ccc4eec963ed610f0b94cde422a990b71 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 09:44:02 -0500 Subject: [PATCH 1093/1184] Update README to clarify Kolibri exports --- roles/usb_lib/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 54d9714ca..bb8b82e4e 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L76>`_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri and other app exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: From 7c2f0c9c6ef42ef2ffe44f230d8245555d7de979 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sat, 25 Jan 2025 21:30:36 +0100 Subject: [PATCH 1094/1184] usb_lib/*, vars/*: prevent Cheating (Copying) of homeworks, when teacher creates 'PUBLIC' folder on their USB stick --- roles/usb_lib/files/upload/error.php | 2 +- roles/usb_lib/tasks/install.yml | 6 +- roles/usb_lib/tasks/main.yml | 11 +-- roles/usb_lib/tasks/nginx.yml | 32 +++++---- roles/usb_lib/templates/iiab-clean-usb.sh | 4 +- ...l-off => iiab-usb_lib-show-all-off.unused} | 0 ...all-on => iiab-usb_lib-show-all-on.unused} | 0 .../usb_lib/templates/mount.d/70-usb-library | 72 ------------------- .../templates/mount.d/70-usb-library.j2 | 45 ++++++++++++ .../70-usb-library | 4 +- vars/default_vars.yml | 3 +- vars/local_vars_large.yml | 3 +- vars/local_vars_medium.yml | 3 +- vars/local_vars_small.yml | 3 +- vars/local_vars_unittest.yml | 3 +- 15 files changed, 85 insertions(+), 106 deletions(-) rename roles/usb_lib/templates/{iiab-usb_lib-show-all-off => iiab-usb_lib-show-all-off.unused} (100%) rename roles/usb_lib/templates/{iiab-usb_lib-show-all-on => iiab-usb_lib-show-all-on.unused} (100%) delete mode 100644 roles/usb_lib/templates/mount.d/70-usb-library create mode 100644 roles/usb_lib/templates/mount.d/70-usb-library.j2 rename roles/usb_lib/templates/{umount.d => umount.d.unused}/70-usb-library (75%) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index 2e51003e0..46dd0e667 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -5,7 +5,7 @@ */ ?> -ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, <a href="https://wiki.iiab.io/go/FAQ#Can_students_upload_their_own_work%3F" style="font-style:italic;">Can students upload their own work?,</a> for additional support. +ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, "<a href="https://wiki.iiab.io/go/FAQ#Can_students_upload_their_own_work%3F" style="font-weight:bold;">Can students upload their own work?</a>", for additional support. <br/><br/> diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..f4c5d671e 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -75,8 +75,6 @@ with_items: - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - - { src: 'iiab-usb_lib-show-all-on', dest: '/usr/bin/', mode: '0755' } - - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } - name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' @@ -90,7 +88,7 @@ - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload" # /library/www/html + dest: "{{ doc_root }}/local_content/upload/" # /library/www/html with_fileglob: - upload/* diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 7836f2d3a..af9d22790 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,11 +66,12 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -- name: Put variable in iiab.env that enables display of content at root of USB - lineinfile: - path: "{{ iiab_env_file }}" - regexp: "^IIAB_USB_LIB_SHOW_ALL.*" - line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +#- name: Put variable in iiab.env that enables display of content at root of USB +# lineinfile: +# path: "{{ iiab_env_file }}" +# regexp: "^IIAB_USB_LIB_SHOW_ALL.*" +# line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} diff --git a/roles/usb_lib/tasks/nginx.yml b/roles/usb_lib/tasks/nginx.yml index 7e572142a..1e6be6d21 100644 --- a/roles/usb_lib/tasks/nginx.yml +++ b/roles/usb_lib/tasks/nginx.yml @@ -1,20 +1,21 @@ - name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled template: - src: mount.d/70-usb-library - dest: /etc/usbmount/mount.d/ + src: mount.d/70-usb-library.j2 + dest: /etc/usbmount/mount.d/70-usb-library owner: root group: root mode: '0751' when: usb_lib_enabled -- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled - template: - src: umount.d/70-usb-library - dest: /etc/usbmount/umount.d - owner: root - group: root - mode: '0751' - when: usb_lib_enabled +# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh +# - name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled +# template: +# src: umount.d/70-usb-library +# dest: /etc/usbmount/umount.d +# owner: root +# group: root +# mode: '0751' +# when: usb_lib_enabled - name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled file: @@ -22,11 +23,12 @@ state: absent when: not usb_lib_enabled -- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled - file: - path: /etc/usbmount/umount.d/70-usb-library - state: absent - when: not usb_lib_enabled +# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh +# - name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled +# file: +# path: /etc/usbmount/umount.d/70-usb-library +# state: absent +# when: not usb_lib_enabled - name: Restart 'nginx' systemd service systemd: diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index a1876551c..56d63292d 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -5,10 +5,10 @@ DEVICE=`echo $@ | sed -s 's|-|/|'` MNT_POINT=`findmnt -n /$DEVICE | awk '{print $1}'` CONTENT_LINK_USB=`basename $MNT_POINT | awk '{print toupper($0)}'` CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usbmount" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK - logger -p user.notice -t "usbmount" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed." fi diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-off b/roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused similarity index 100% rename from roles/usb_lib/templates/iiab-usb_lib-show-all-off rename to roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-on b/roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused similarity index 100% rename from roles/usb_lib/templates/iiab-usb_lib-show-all-on rename to roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused diff --git a/roles/usb_lib/templates/mount.d/70-usb-library b/roles/usb_lib/templates/mount.d/70-usb-library deleted file mode 100644 index 5b9cfefe8..000000000 --- a/roles/usb_lib/templates/mount.d/70-usb-library +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -# Create symlink in DocumentRoot/content to autmounted usb drive -# -# based on a similar script in the xs-rsync package -# by Martin Langhoff <martin@laptop.org> -# -# and the adaptation for xs-activity-server by Douglas Bagnall -# <douglas@paradise.net.nz> -# -# by Tim Moody tim@timmoody.com - -source {{ iiab_env_file }} -case $IIAB_USB_LIB_SHOW_ALL in -'True'|'true'|'TRUE') - logger -p user.notice -t "70-usb-library" -- "Display entire USB drive is True. Checking for rootfs or /library on $UM_MOUNTPOINT." - # regularize the variable - IIAB_USB_LIB_SHOW_ALL=True - ;; -*) - logger -p user.notice -t "70-usb-library" -- "Looking for /share, /Share, /Piratebox/Share, /USB, or /usb on $UM_MOUNTPOINT." - ;; -esac - -VERBOSE=yes - -SHARE_DIR="" -# Only show content if in these directories - -if [ -d $UM_MOUNTPOINT/share ]; then - SHARE_DIR="$UM_MOUNTPOINT/share" -fi -if [ -d $UM_MOUNTPOINT/Share ]; then - SHARE_DIR="$UM_MOUNTPOINT/Share" -fi -if [ -d $UM_MOUNTPOINT/Piratebox/Share ]; then - SHARE_DIR="$UM_MOUNTPOINT/Piratebox/Share" -fi -if [ -d $UM_MOUNTPOINT/USB ]; then - SHARE_DIR="$UM_MOUNTPOINT/USB" -fi -if [ -d $UM_MOUNTPOINT/usb ]; then - SHARE_DIR="$UM_MOUNTPOINT/usb" -fi - -if [ "$IIAB_USB_LIB_SHOW_ALL" == "True" ]; then - UM_DEV=`findmnt $UM_MOUNTPOINT | grep / | awk '{print $2}'` - LIB_DEV=`findmnt /library | grep / | awk '{print $2}' |awk -F '[' '{print $1}'` - ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` - if [ "$UM_DEV" == "$LIB_DEV" ]; then - logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing /library" - #echo "lib on dev" - elif [ "$UM_DEV" == "$ROOT_DEV" ]; then - logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing rootfs" - #echo "rootfs on dev" - else - SHARE_DIR="$UM_MOUNTPOINT" - fi -fi - -if [ ! -z "$SHARE_DIR" ]; then - logger -p user.notice -t "70-usb-library" -- "Found Share Directory $SHARE_DIR." -else - logger -p user.notice -t "70-usb-library" -- "did not find /share, /Share, /Piratebox/Share, /USB, or /usb on USB" -fi - - -if [ "$SHARE_DIR" != "" ];then - CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` - CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" - logger -p user.notice -t "70-usb-library" -- "Creating link to $CONTENT_LINK." - ln -s $SHARE_DIR $CONTENT_LINK -fi diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 new file mode 100644 index 000000000..d124e79c0 --- /dev/null +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -0,0 +1,45 @@ +#!/bin/bash +# Create symlink in DocumentRoot/content to automounted usb drive +# +# based on a similar script in the xs-rsync package +# by Martin Langhoff <martin@laptop.org> +# +# and the adaptation for xs-activity-server by Douglas Bagnall +# <douglas@paradise.net.nz> +# +# by Tim Moody tim@timmoody.com + +VERBOSE=yes + +# UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +SHARE_DIR=$UM_MOUNTPOINT +if [ -d $UM_MOUNTPOINT/PUBLIC ]; then + SHARE_DIR="$UM_MOUNTPOINT/PUBLIC" + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" +else + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" +fi + +LIB_DEV=`findmnt /library | grep / | awk '{print $2}' | awk -F '[' '{print $1}'` +ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` +BOOT_DEV=`findmnt /boot | grep / | awk '{print $2}'` +BOOTFW_DEV=`findmnt /boot/firmware | grep / | awk '{print $2}'` +if [ "$UM_DEVICE" == "$LIB_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" + exit +elif [ "$UM_DEVICE" == "$ROOT_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" + exit +elif [ "$UM_DEVICE" == "$BOOT_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" + exit +elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" + exit +fi + +CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` +CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" +ln -s $SHARE_DIR $CONTENT_LINK + diff --git a/roles/usb_lib/templates/umount.d/70-usb-library b/roles/usb_lib/templates/umount.d.unused/70-usb-library similarity index 75% rename from roles/usb_lib/templates/umount.d/70-usb-library rename to roles/usb_lib/templates/umount.d.unused/70-usb-library index 5af914c01..d8e095008 100644 --- a/roles/usb_lib/templates/umount.d/70-usb-library +++ b/roles/usb_lib/templates/umount.d.unused/70-usb-library @@ -12,7 +12,7 @@ CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "70-usb-library" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Attempting to remove link $CONTENT_LINK." if [ -L $CONTENT_LINK ]; then {% if is_debuntu %} @@ -20,5 +20,5 @@ if [ -L $CONTENT_LINK ]; then {% else %} /usr/bin/rm -f $CONTENT_LINK {% endif %} - logger -p user.notice -t "70-usb-library" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (70-usb-library)" -- "$CONTENT_LINK removed." fi diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4494cbd72..c42a4ca99 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -308,7 +308,8 @@ bluetooth_term_enabled: False usb_lib_install: True usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 920cf7ba1..c84b30736 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a554dc34b..ff46f8a9b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8689b3ae9..1190ec377 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 30720a49e..744148cc0 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -199,7 +199,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True From fe633b2cd72d55b0266c19e37cb3253033185fe7 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Jan 2025 15:36:05 -0500 Subject: [PATCH 1095/1184] Upload2USB initial doc cleanup --- roles/usb_lib/README.rst | 32 +++++++++++++++----------------- roles/usb_lib/defaults/main.yml | 4 ++-- roles/usb_lib/tasks/main.yml | 4 ++-- vars/default_vars.yml | 6 ++---- vars/local_vars_large.yml | 6 ++---- vars/local_vars_medium.yml | 6 ++---- vars/local_vars_small.yml | 6 ++---- vars/local_vars_unittest.yml | 6 ++---- 8 files changed, 29 insertions(+), 41 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index bb8b82e4e..33d93e2dc 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -2,30 +2,28 @@ usb_lib README ============== -**PLEASE SEE "Can teachers display their own content?" WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** +**PLEASE SEE** `"Can teachers display their own content?" <https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content?>`_ **AND** `"Can students upload their own work?" <https://wiki.iiab.io/go/FAQ#Can_students_upload_their_own_work?>`_ **WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION!** -This role implements functionality similar to LibraryBox, to mount "teacher content" from USB drives. +This role (1) implements functionality similar to LibraryBox, to mount "teacher content" from USB sticks / drives for students, and (2) allows students to upload their work to the teacher's USB stick / drive: -Users should have nearly immediate access to this "teacher content" (on all inserted USB drives) by browsing to http://box/usb +#. Students should have nearly immediate access to "teacher content" (on all inserted USB sticks) by browsing to http://box/usb. +#. Students can also click the "Upload to USB" button on top of this same page (http://box/usb), to upload their work to the teacher's USB stick. (FYI student uploads appear in folders like ``UPLOADS.YYYY-MM-DD`` within the root of the teacher's USB stick). -Automount is handled by usbmount, and scripts in this role look in the root of the mounted drive for... +As of January 2025, automount is handled by usbmount: (`devmon included with udevil <https://ignorantguru.github.io/udevil/>`_ might be considered in future) -* /usb -* /USB -* /share -* /Share -* /Piratebox/Share +* A script in this role (/etc/usbmount/mount.d/70-usb-library) looks in the root of the mounted USB stick for folder /PUBLIC and if found, creates a symlink of the form /library/www/html/local_content/USBn pointing to /media/usbn/PUBLIC — where n is generally one of {0, 1, 2, 3, 4, 5, 6, 7}. *RESULT: Only documents within /PUBLIC are browsable by students.* This option is very useful to **prevent students from copying uploaded homework!** +* If however folder /PUBLIC is not found, the symlink is created to the root of the mounted USB stick. *RESULT: EVERYTHING on the USB stick is browsable by students — just like with a traditional community bulletin board.* This option is very useful when students are uploading artwork, photo essays, personal audio recordings and **science projects that are intended to be shared!** -...and if found, creates a symlink of the form /library/www/html/local_content/USBn pointing to /media/usbn — where n is generally one of {0, 1, 2, 3, 4, 5, 6, 7}. +Technical Details: -USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L76>`_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 100 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L100>`_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). +* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` -Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: +* Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: -* https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) -* https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) -* https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) + * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) + * https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) + * https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -Legacy warning: There is also a patch for problems with automount on Fedora 21+. Please note that as of 4.1.8-200.fc22.x86_64 not all USB drives will mount, even with this patch. +* Dev Notes at the top of: https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index c53591f8f..427a26ea7 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -4,8 +4,8 @@ # Show entire contents of USB sticks/drives (at http://box/usb) # iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) # usb_lib_writable_sticks: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 52d192da8..ab6f0f19e 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -32,7 +32,7 @@ # If setup.yml becomes the norm in future, put the 2-3 stanzas below in there: -- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" +- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf -- for Kolibri exports AND student uploads to teacher's USB stick (using http://box/usb)" lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"' @@ -41,7 +41,7 @@ # Setting 'umask=0000' for all filesystems: (much the same thing as above, as # the mount command does not use this umask setting for filesystems like ext4) -#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" +#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work" # lineinfile: # regexp: '^MOUNTOPTIONS=.*' # line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"' diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 11ed238a7..a45384e1e 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -307,10 +307,8 @@ bluetooth_term_enabled: False # USB_LIB usb_lib_install: True usb_lib_enabled: True -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True systemd_location: /lib/systemd/system # 2-common iiab-startup also uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 91b744051..7228bb506 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f55dd8ce8..153401d26 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 5cfa34bec..b17fcc9ae 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 89accf217..840d0d9b8 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -198,10 +198,8 @@ bluetooth_install: False bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) From d15493b399553f519a55beed5d11848e8907af83 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Jan 2025 15:47:56 -0500 Subject: [PATCH 1096/1184] Begin to remove iiab_usb_lib_show_all and IIAB_USB_LIB_SHOW_ALL --- roles/usb_lib/defaults/main.yml | 3 --- roles/usb_lib/tasks/main.yml | 6 ------ 2 files changed, 9 deletions(-) diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index 427a26ea7..f7cbf10b6 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -1,9 +1,6 @@ # usb_lib_install: True # usb_lib_enabled: True -# Show entire contents of USB sticks/drives (at http://box/usb) -# iiab_usb_lib_show_all: True - # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for # Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) # usb_lib_writable_sticks: True diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index ab6f0f19e..023b714a7 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,12 +66,6 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -- name: Put variable in iiab.env that enables display of content at root of USB - lineinfile: - path: "{{ iiab_env_file }}" - regexp: "^IIAB_USB_LIB_SHOW_ALL.*" - line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} ini_file: From 6562a4a12d4067858b962802aaad696af5fd8e41 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 16:02:01 -0500 Subject: [PATCH 1097/1184] 70-usb-library.j2: remove blank at EOF Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index d124e79c0..7e52c0329 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -42,4 +42,3 @@ CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" ln -s $SHARE_DIR $CONTENT_LINK - From 13f5227824fd15bd4ed95e08f1d48b7a9de495e4 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sat, 25 Jan 2025 22:39:00 +0100 Subject: [PATCH 1098/1184] vars/local_vars*, vars/default_vars.yml, roles/usb_lib/tasks/main.yml: reverting comment of iiab_usb_lib_show_all --- roles/usb_lib/tasks/main.yml | 11 +++++------ vars/default_vars.yml | 3 +-- vars/local_vars_large.yml | 3 +-- vars/local_vars_medium.yml | 3 +-- vars/local_vars_small.yml | 3 +-- vars/local_vars_unittest.yml | 3 +-- 6 files changed, 10 insertions(+), 16 deletions(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index af9d22790..7836f2d3a 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,12 +66,11 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -#- name: Put variable in iiab.env that enables display of content at root of USB -# lineinfile: -# path: "{{ iiab_env_file }}" -# regexp: "^IIAB_USB_LIB_SHOW_ALL.*" -# line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" +- name: Put variable in iiab.env that enables display of content at root of USB + lineinfile: + path: "{{ iiab_env_file }}" + regexp: "^IIAB_USB_LIB_SHOW_ALL.*" + line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c42a4ca99..4494cbd72 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -308,8 +308,7 @@ bluetooth_term_enabled: False usb_lib_install: True usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c84b30736..920cf7ba1 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index ff46f8a9b..a554dc34b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 1190ec377..8689b3ae9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 744148cc0..30720a49e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -199,8 +199,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True From f9538a48340fe97ee373dd30418eeec2cdc132b5 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:04:46 -0500 Subject: [PATCH 1099/1184] mount.d/70-usb-library.j2: move lib/root/boot check above check for PUBLIC dir Co-authored-by: A Holt <holta@users.noreply.github.com> --- .../templates/mount.d/70-usb-library.j2 | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 7e52c0329..f0d41f22d 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -12,18 +12,11 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts -SHARE_DIR=$UM_MOUNTPOINT -if [ -d $UM_MOUNTPOINT/PUBLIC ]; then - SHARE_DIR="$UM_MOUNTPOINT/PUBLIC" - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" -else - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" -fi -LIB_DEV=`findmnt /library | grep / | awk '{print $2}' | awk -F '[' '{print $1}'` -ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` -BOOT_DEV=`findmnt /boot | grep / | awk '{print $2}'` -BOOTFW_DEV=`findmnt /boot/firmware | grep / | awk '{print $2}'` +LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) +ROOT_DEV=$(findmnt -no source /) +BOOT_DEV=$(findmnt -no source /boot) +BOOTFW_DEV=$(findmnt -no source /boot/firmware) if [ "$UM_DEVICE" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit @@ -38,6 +31,14 @@ elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then exit fi +if [ -d $UM_MOUNTPOINT/PUBLIC ]; then + SHARE_DIR=$UM_MOUNTPOINT/PUBLIC + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" +else + SHARE_DIR=$UM_MOUNTPOINT + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" +fi + CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" From 18c5fe711d147fff379d5823e03698117e4838d4 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:30:14 -0500 Subject: [PATCH 1100/1184] Update roles/usb_lib/templates/mount.d/70-usb-library.j2 Add thanks and reference to PR #3254 Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index f0d41f22d..6e167656c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,6 +13,8 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# 2022-06-16 better security thanks to @tim-moody and @jvonau: +# https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) From 64756b6772d64ae7465ad292b2cde93f068a647e Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:35:43 -0500 Subject: [PATCH 1101/1184] Update roles/usb_lib/templates/mount.d/70-usb-library.j2 Add thanks and reference to PR #3254 Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 6e167656c..2d77abceb 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,6 +13,8 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# 2022-06-16 better security thanks to @tim-moody and @jvonau: +# https://github.com/iiab/iiab/pull/3254 # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) From 2462bba6f5ad2745bb56deb4d69487d5df3dceb2 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:45:11 -0500 Subject: [PATCH 1102/1184] 70-usb-library.j2: Fix symlink from/to in comment Thank you! Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 2d77abceb..1c05f001c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -45,5 +45,5 @@ fi CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" ln -s $SHARE_DIR $CONTENT_LINK From 427dc57ed0b9563b52ae8d4c1b14649d769fe8bc Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:45:54 -0500 Subject: [PATCH 1103/1184] 70-usb-library.j2: revert duplicate comment Revert duplicate comment Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 1c05f001c..850693a1c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,8 +13,6 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts -# 2022-06-16 better security thanks to @tim-moody and @jvonau: -# https://github.com/iiab/iiab/pull/3254 # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) From d0a00da60127fddb52aaa6715e9d6df09dcde8e8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 25 Jan 2025 20:08:37 -0500 Subject: [PATCH 1104/1184] usb_lib/README.rst: Clarify usbmount supported filesystems line --- roles/usb_lib/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 33d93e2dc..e51db625a 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -16,7 +16,7 @@ As of January 2025, automount is handled by usbmount: (`devmon included with ude Technical Details: -* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 100 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L100>`_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L103>`_ * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` From 2401ff3d60aa2ee14c9c6f7deceb8dd287072c78 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 20:49:12 -0500 Subject: [PATCH 1105/1184] 70-usb-library.j2: Add additional logging of lib/root/boot mount points Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 850693a1c..7f63f3ea5 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -19,6 +19,12 @@ LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) BOOTFW_DEV=$(findmnt -no source /boot/firmware) +# Verbose logging to illuminate occasional boot bugginess: +logger -t "usb_lib (70-usb-library)" "UM_DEVICE is: $UM_DEVICE" +logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV" +logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" +logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" +logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEVICE" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit From cd160da6799c7bc425e2088d94285c75b8e98246 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 20:52:04 -0500 Subject: [PATCH 1106/1184] 70-usb-library.j2: syntax change to CONTENT_LINK_USB var Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 7f63f3ea5..3f29c7f45 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -47,7 +47,7 @@ else logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" fi -CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` +CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" ln -s $SHARE_DIR $CONTENT_LINK From 425cbf494cf79c59c9518e341dc5cd86f3c19f59 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 25 Jan 2025 20:54:32 -0500 Subject: [PATCH 1107/1184] iiab-clean-usb.sh: $() instead of `` for command substitution --- roles/usb_lib/templates/iiab-clean-usb.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index 56d63292d..dcdf987d3 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -1,9 +1,9 @@ #!/bin/bash # Remove symlink in /library/content to automounted usb drive # -DEVICE=`echo $@ | sed -s 's|-|/|'` -MNT_POINT=`findmnt -n /$DEVICE | awk '{print $1}'` -CONTENT_LINK_USB=`basename $MNT_POINT | awk '{print toupper($0)}'` +DEVICE=$(echo $@ | sed -s 's|-|/|') +MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') +CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." From 27e286b8aeff45f9b564e9e72fa236bd47e4ab00 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 20:55:13 -0500 Subject: [PATCH 1108/1184] 70-usb-library.j2: comm Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 3f29c7f45..8b54568c6 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -9,7 +9,8 @@ # # by Tim Moody tim@timmoody.com -VERBOSE=yes +# Better to set this in /etc/usbmount/usbmount.conf +# VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts From 920235d54ccbb5219898bc2bbf47712d5131c36e Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 26 Jan 2025 04:41:10 +0100 Subject: [PATCH 1109/1184] 70-usb-library.j2: use findmnt instead of UM_DEVICE from usbmount to find device given the missing leading /; adding comment about public folder --- .../usb_lib/templates/mount.d/70-usb-library.j2 | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 8b54568c6..164d66598 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -12,7 +12,8 @@ # Better to set this in /etc/usbmount/usbmount.conf # VERBOSE=yes -# UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# UM_MOUNTPOINT is documented at: https://github.com/rbrito/usbmount#hook-scripts +UM_DEV=$(findmnt -no source $UM_MOUNTPOINT) # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 @@ -20,26 +21,29 @@ LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) BOOTFW_DEV=$(findmnt -no source /boot/firmware) + # Verbose logging to illuminate occasional boot bugginess: -logger -t "usb_lib (70-usb-library)" "UM_DEVICE is: $UM_DEVICE" +logger -t "usb_lib (70-usb-library)" "UM_DEV is: $UM_DEV" logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV" logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" -if [ "$UM_DEVICE" == "$LIB_DEV" ]; then + +if [ "$UM_DEV" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit -elif [ "$UM_DEVICE" == "$ROOT_DEV" ]; then +elif [ "$UM_DEV" == "$ROOT_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" exit -elif [ "$UM_DEVICE" == "$BOOT_DEV" ]; then +elif [ "$UM_DEV" == "$BOOT_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" exit -elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then +elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" exit fi +# 2025-01-25: check for existence of PUBLIC folder on USB stick to determine if all stick content is public or private if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" From 5663a84d276c26ea1b8644133b9f9e0bd3bc69cb Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 23:57:27 -0500 Subject: [PATCH 1110/1184] 70-usb-library.j2: update comment explaining PUBLIC folder better (from @holta) Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 164d66598..803313f7e 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -43,7 +43,9 @@ elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then exit fi -# 2025-01-25: check for existence of PUBLIC folder on USB stick to determine if all stick content is public or private +# 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable. +# Teachers can set their stick for 1 of 2 two "personalities" — students can either upload "confidential homework" or +# "public artwork" — as summarized here: https://github.com/iiab/iiab/blob/master/roles/usb_lib/README.rst if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" From d4e66748f34f2932588ad14e31857658c47f01c0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Jan 2025 00:42:32 -0500 Subject: [PATCH 1111/1184] usb_lib/install.yml: Clarify usb_lib_writable_sticks and umask=0000 --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 4e40a99eb..2fb9bd2a6 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,8 +7,8 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks -# If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). +# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. +# If you are still not able to write to a mounted USB stick, try unmounting the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). - name: Record (initial) disk space used From cea4cac7f23f9a2edb673f46b5f78c8ffd7a1e3d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Jan 2025 09:28:48 -0500 Subject: [PATCH 1112/1184] Clarify reset of FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, if usb_lib_writable_sticks False --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 023b714a7..fdd7a2751 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -48,7 +48,7 @@ # path: /etc/usbmount/usbmount.conf # when: usb_lib_writable_sticks -- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used' +- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. Kolibri exports AND student uploads to teacher's USB stick are not needed' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole From 7812edfed0ce091cdf1ac99eeed73707fb29df90 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Jan 2025 09:32:49 -0500 Subject: [PATCH 1113/1184] Fix 2 typos (explanation of when: not usb_lib_writable_sticks) --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index fdd7a2751..4def69c4f 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -48,7 +48,7 @@ # path: /etc/usbmount/usbmount.conf # when: usb_lib_writable_sticks -- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. Kolibri exports AND student uploads to teacher's USB stick are not needed' +- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. if Kolibri exports AND student uploads to teacher USB stick are not needed' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole From 1795276b20694af9eb69d784570c775890add10c Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 26 Jan 2025 16:36:43 +0100 Subject: [PATCH 1114/1184] upload/upload-file.php: fix var name bug and add better error handling --- roles/usb_lib/files/upload/upload-file.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index a3c6e9674..8c81c731d 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -41,7 +41,8 @@ if ($upload_ok == 0) { if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { $upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( $uploaded_filename ). "</span> was successfully uploaded!"; } else { - $upload_msg = "&#x274C; There was an error uploading your file. " . $_FILES["upload_file"]["error"] . $upload_msg; + $upload_ok = 0; + throw new RuntimeException('There was an error uploading your file. <br/><br/>'); } } From fb07b9e3e531915bc6f84c47092d63e7e2fd14a4 Mon Sep 17 00:00:00 2001 From: root <albert@einstein.edu> Date: Sun, 26 Jan 2025 21:18:30 -0500 Subject: [PATCH 1115/1184] nginx/templates/iiab.conf.j2, usb_lib/files/upload/header.php, usb_lib/tasks/install.yml: move app out of local_content and into /library/www/html/ --- roles/nginx/templates/iiab.conf.j2 | 8 ++++---- roles/usb_lib/files/upload/button.html | 2 +- roles/usb_lib/tasks/install.yml | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index e3fdee774..20773967f 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,11 +5,11 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /upload2usb/button.html; } -location ~ ^/usb/upload/(.*)\.php$ { - alias /library/www/html/local_content/upload/$1.php; +location ~ ^/upload2usb/(.*)\.php$ { + alias /library/www/html/upload2usb/$1.php; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; @@ -23,7 +23,7 @@ location ~ ^/usb/upload/(.*)\.php$ { location /local_content/ { fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /upload2usb/button.html; } location /info { diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html index 658f74fb2..52cc493ce 100644 --- a/roles/usb_lib/files/upload/button.html +++ b/roles/usb_lib/files/upload/button.html @@ -16,4 +16,4 @@ color: #ddd; } </style> -<a class="button" href="/usb/upload/">Upload to USB</a> +<a class="button" href="/upload2usb/">Upload to USB</a> diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..98606005f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -79,18 +79,18 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' +- name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' file: state: directory - path: "{{ doc_root }}/local_content/upload" + path: "{{ doc_root }}/upload2usb" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to upload2usb' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload" # /library/www/html + dest: "{{ doc_root }}/upload2usb" # /library/www/html with_fileglob: - upload/* From 48f4fc56f8bb2913746c00c861716ea81bd2bd1e Mon Sep 17 00:00:00 2001 From: root <albert@einstein.edu> Date: Sun, 26 Jan 2025 21:20:12 -0500 Subject: [PATCH 1116/1184] usb_lib/files/upload/header.php: link swing image back to upload2usb main page --- roles/usb_lib/files/upload/header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload/header.php index 78592e86d..fc8218800 100644 --- a/roles/usb_lib/files/upload/header.php +++ b/roles/usb_lib/files/upload/header.php @@ -28,5 +28,5 @@ include("upload2usb.php"); <div class="row"> <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <img class="mb-4" src="uk-swing.png" alt="" width="75"> + <a href="/upload2usb/"><img class="mb-4" src="uk-swing.png" alt="" width="75"></a> <h1 class="h3 mb-3 font-weight-normal"><?php echo $title ?></h1> From c49c7b0d8d6f8b4c86161f1497894852e4df89e8 Mon Sep 17 00:00:00 2001 From: root <albert@einstein.edu> Date: Sun, 26 Jan 2025 21:26:16 -0500 Subject: [PATCH 1117/1184] usb_lib/files/upload/upload2usb.php: allow zip files given some MacOS files, e.g., Pages files, have a mimetype of application/aip --- roles/usb_lib/files/upload/upload2usb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index f2b3aa883..b1ce329fc 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -55,7 +55,7 @@ function getFileCount ($folder_path) { //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml", "zip"); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); foreach ($invalid_mimetypes_str as $invalid_mt_str) { if (str_contains($mimetype, $invalid_mt_str)) { error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); From 765d7854c3d9ab0c26f7d5c585065c834b28a2ac Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 27 Jan 2025 15:45:34 -0500 Subject: [PATCH 1118/1184] Recommend ansible-core 2.18.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 968819464..c5ab3e074 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.1] -GOOD_VER=2.18.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.2] +GOOD_VER=2.18.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 00d45099eada43798be62125ec497f05ded1f000 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 28 Jan 2025 11:23:29 -0600 Subject: [PATCH 1119/1184] 1520 --- roles/network/tasks/NM-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 9cb2cf1db..a0af7adcc 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -78,7 +78,7 @@ - name: Reload systemd systemd: daemon_reload: yes - when: not iiab_lan_iface == "br0" + when: not no_net_restart or not iiab_lan_iface == "br0" - name: Restart the NetworkManager service systemd: From 16b745d7341451482488bc19ae7be95ba93979fd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 00:42:08 -0500 Subject: [PATCH 1120/1184] iiab-diagnostics: 3 commands to record locale info --- scripts/iiab-diagnostics | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ca1ee4d67..51a7d6797 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -162,17 +162,20 @@ for f in "$@"; do done if [ $# -eq 0 ]; then - echo -e " 2. Regular Files:\n" + echo -e " 2. Regular Files etc:\n" else - echo -e "\n 2. Regular Files:\n" + echo -e "\n 2. Regular Files etc:\n" fi -echo -e "\n\n\n2. REGULAR FILES\n" >> $outfile +echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /dev/sda # Device "file" test #cat_file /nonsense # Non-existence test #cat_file /opt/iiab/iiab # Directory test #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image +cat_file /etc/default/locale +cat_cmd 'localectl' 'Locale settings' +cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini cat_file /etc/iiab/local_vars.yml # Redacts most passwords above From 18efafc23e19aaedc6b273bc878749c12e772c76 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 00:53:18 -0500 Subject: [PATCH 1121/1184] iiab-diagnostics.README.md: Update lines numbers --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index f766e922e..d11c13720 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-269 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-272 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 957cf6976ae773a907c5849f150c74b14831dd3f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 01:20:22 -0500 Subject: [PATCH 1122/1184] PHP defaults TOO LOW, so run www_options/tasks/php-settings.yml every time --- roles/www_options/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 5795ea7e6..f157abb26 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -69,7 +69,8 @@ # WordPress) so './runrole <ROLE>' and similar are fully self-sufficient! - name: "Run php-settings.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" include_tasks: php-settings.yml - when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + # 2025-01-29: PHP's own defaults (presumably from the 1990s?) were Way Too Low -- for usb-lib's upload2usb, and in general -- so let's run php-settings.yml every time! + # when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From 668d57cb977fada20e6535aa07e111c80faa27dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 02:26:49 -0500 Subject: [PATCH 1123/1184] php-settings.yml; Fix typo in TZ explanation (PR #3927, GHA) --- roles/www_options/tasks/php-settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 23c85d24b..de8326d67 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -21,7 +21,7 @@ # # This takes care of essentially everything (e.g. output "America/New_York") # by checking (1) symlink /etc/localtime then (2) text file /etc/timezone if -# nec, then (3) if neither exist, "UTC" is declated (correctly!) Potential +# nec, then (3) if neither exist, "UTC" is declared (correctly!) Potential # drawback: timedatectl is not easily usable within chroot environments. - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) From 4da759a84b9913a04186c97c4e30c73cbf4784a8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 03:43:03 -0500 Subject: [PATCH 1124/1184] php-settings.yml: Note lack of systemd on chroot GHA runners for RPi --- roles/www_options/tasks/php-settings.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index de8326d67..adedee11b 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -24,6 +24,12 @@ # nec, then (3) if neither exist, "UTC" is declared (correctly!) Potential # drawback: timedatectl is not easily usable within chroot environments. +# 2025-01-29: Current GitHub Actions chroot environments for RPi (using guyot/arm-runner-action@v2) surface this error, after PR #3927 mainlined php-settings.yml... +# "System has not been booted with systemd as init system (PID 1). Can't operate.\nFailed to connect to bus: Host is down" +# ...which might be mitigated in 2 ways: +# 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true +# 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' + - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) command: timedatectl show -p Timezone --value register: tz_cli From 519daacc2af19bf3848c9f7926fec241400bbe85 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 11:05:07 -0500 Subject: [PATCH 1125/1184] iiab-network: Run Ansible with --extra-vars "{\"skip_role_on_error\":false}" --- iiab-network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-network b/iiab-network index 5dc831b8e..c888c27bf 100755 --- a/iiab-network +++ b/iiab-network @@ -42,7 +42,7 @@ fi echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log" Start=`date` ansible -m setup -i ansible_hosts localhost --connection=local | grep python -ansible-playbook -i ansible_hosts iiab-network.yml --connection=local +ansible-playbook -i ansible_hosts iiab-network.yml --extra-vars "{\"skip_role_on_error\":false}" --connection=local End=`date` From 4e7541fc1ea055487faac67336bcc04a05af79b6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 14:00:56 -0500 Subject: [PATCH 1126/1184] usb_lib/README.rst: Punctuation cleanup & link to PR #3916 WIP --- roles/usb_lib/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index e51db625a..da2564f36 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -18,7 +18,7 @@ Technical Details: * USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L103>`_ -* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` +* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` * Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: @@ -27,3 +27,5 @@ Technical Details: * https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) * Dev Notes at the top of: https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml + + * January 2025 work to improve automount reliability during boot: `PR #3916 <https://github.com/iiab/iiab/pull/3916>`_ From 6c5b4c35ecf7cf2601004f49aabf158de591c705 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 12:24:44 -0600 Subject: [PATCH 1127/1184] delay hostapd to allow ap0 to stabilize --- roles/network/tasks/restart.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 5902f5d50..d5de9e27d 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -28,6 +28,10 @@ state: restarted when: wifi_up_down and can_be_ap and ansible_ap0 is undefined +- name: Waiting {{ hostapd_wait }} seconds for network to stabilize for ap0 + shell: sleep {{ hostapd_wait }} + when: ansible_ap0 is undefined + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd From 57fa6bb08f6ba6a392351556a8c91eae9a8d64da Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 14:53:50 -0600 Subject: [PATCH 1128/1184] Files from usbmount_0.0.22_all.deb --- roles/usb_lib/files/usbmount/copyright | 17 ++ roles/usb_lib/files/usbmount/usbmount | 210 +++++++++++++++++++++ roles/usb_lib/files/usbmount/usbmount.conf | 53 ++++++ roles/usb_lib/tasks/install.yml | 15 +- roles/usb_lib/templates/usbmount.rules.j2 | 6 +- 5 files changed, 295 insertions(+), 6 deletions(-) create mode 100644 roles/usb_lib/files/usbmount/copyright create mode 100644 roles/usb_lib/files/usbmount/usbmount create mode 100644 roles/usb_lib/files/usbmount/usbmount.conf diff --git a/roles/usb_lib/files/usbmount/copyright b/roles/usb_lib/files/usbmount/copyright new file mode 100644 index 000000000..75fae2dde --- /dev/null +++ b/roles/usb_lib/files/usbmount/copyright @@ -0,0 +1,17 @@ +Format: http://dep.debian.net/deps/dep5/ +Upstream-Name: usbmount +Upstream-Contact: Martin Dickopp <martin@zero-based.org>, Rogério Brito <rbrito@ime.usp.br> +Source: git://git.debian.org/usbmount/usbmount.git + +Files: * +Copyright: 2004-2007, Martin Dickopp <martin@zero-based.org> + 2008-2011, Rogério Brito <rbrito@ime.usp.br> +License: BSD-2 + This package is free software; the copyright holder gives unlimited + permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY, to the extent permitted by law; without + even the implied warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount new file mode 100644 index 000000000..75f249ab6 --- /dev/null +++ b/roles/usb_lib/files/usbmount/usbmount @@ -0,0 +1,210 @@ +#!/bin/sh +# This script mounts USB mass storage devices when they are plugged in +# and unmounts them when they are removed. +# Copyright © 2004, 2005 Martin Dickopp +# Copyright © 2008, 2009, 2010 Rogério Theodoro de Brito +# +# This file is free software; the copyright holder gives unlimited +# permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. +# +set -e +exec > /dev/null 2>&1 + +###################################################################### +# Auxiliary functions + +# Log a string via the syslog facility. +log() +{ + if [ $1 != debug ] || expr "$VERBOSE" : "[yY]" > /dev/null; then + logger -p user.$1 -t "usbmount[$$]" -- "$2" + fi +} + + +# Test if the first parameter is in the list given by the second +# parameter. +in_list() +{ + for v in $2; do + [ "$1" != "$v" ] || return 0 + done + return 1 +} + + +###################################################################### +# Main program + +# Default values for configuration variables. +ENABLED=1 +MOUNTPOINTS= +FILESYSTEMS= +MOUNTOPTIONS= +FS_MOUNTOPTIONS= +VERBOSE=no + +if [ -r /etc/usbmount/usbmount.conf ]; then + . /etc/usbmount/usbmount.conf + log debug "loaded usbmount configurations" +fi + +if [ "${ENABLED:-1}" -eq 0 ]; then + log info "usbmount is disabled, see /etc/usbmount/usbmount.conf" + exit 0 +fi + +if [ ! -x /sbin/blkid ]; then + log err "cannot execute /sbin/blkid" + exit 1 +fi + +# Per Policy 9.3.2, directories under /var/run have to be created +# after every reboot. +if [ ! -e /var/run/usbmount ]; then + mkdir -p /var/run/usbmount + log debug "creating /var/run/usbmount directory" +fi + +umask 022 + + +if [ "$1" = add ]; then + + # Acquire lock. + log debug "trying to acquire lock /var/run/usbmount/.mount.lock" + lockfile-create --retry 3 /var/run/usbmount/.mount || \ + { log err "cannot acquire lock /var/run/usbmount/.mount.lock"; exit 1; } + trap '( lockfile-remove /var/run/usbmount/.mount )' 0 + log debug "acquired lock /var/run/usbmount/.mount.lock" + + # Grab device information from device and "divide it" + # FIXME: improvement: implement mounting by label (notice that labels + # can contain spaces, which makes things a little bit less comfortable). + DEVINFO=$(/sbin/blkid -p $DEVNAME) + FSTYPE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]TYPE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + UUID=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]UUID="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + + if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then + log info "$DEVNAME does not contain a filesystem or disklabel" + exit 1 + fi + + # Try to use specifications in /etc/fstab first. + if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then + log info "executing command: mount $DEVNAME" + mount $DEVNAME || log err "mount by DEVNAME with $DEVNAME wasn't successful; return code $?" + + elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then + log info "executing command: mount -U $UUID" + mount -U $UUID || log err "mount by UUID with $UUID wasn't successful; return code $?" + + else + log debug "$DEVNAME contains filesystem type $FSTYPE" + + fstype=$FSTYPE + # Test if the filesystem type is in the list of filesystem + # types to mount. + if in_list "$fstype" "$FILESYSTEMS"; then + # Search an available mountpoint. + for v in $MOUNTPOINTS; do + if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then + mountpoint="$v" + log debug "mountpoint $mountpoint is available for $DEVNAME" + break + fi + done + if [ -n "$mountpoint" ]; then + # Determine mount options. + options= + for v in $FS_MOUNTOPTIONS; do + if expr "$v" : "-fstype=$fstype,."; then + options="$(echo "$v" | sed 's/^[^,]*,//')" + break + fi + done + if [ -n "$MOUNTOPTIONS" ]; then + options="$MOUNTOPTIONS${options:+,$options}" + fi + + # Mount the filesystem. + log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" + mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" + + # Determine vendor and model. + vendor= + if [ -r "/sys$DEVPATH/device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/device/vendor\"`" + elif [ -r "/sys$DEVPATH/../device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" + elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" + elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" + fi + vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + + model= + if [ -r "/sys$DEVPATH/device/model" ]; then + model="`cat \"/sys$DEVPATH/device/model\"`" + elif [ -r "/sys$DEVPATH/../device/model" ]; then + model="`cat \"/sys$DEVPATH/../device/model\"`" + elif [ -r "/sys$DEVPATH/device/../product" ]; then + model="`cat \"/sys$DEVPATH/device/../product\"`" + elif [ -r "/sys$DEVPATH/../device/../product" ]; then + model="`cat \"/sys$DEVPATH/../device/../product\"`" + fi + model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + export UM_MOUNTOPTIONS="$options" + export UM_VENDOR="$vendor" + export UM_MODEL="$model" + log info "executing command: run-parts /etc/usbmount/mount.d" + run-parts /etc/usbmount/mount.d || : + else + # No suitable mount point found. + log warning "no mountpoint found for $DEVNAME" + exit 1 + fi + fi + fi +elif [ "$1" = remove ]; then + + # A block or partition device has been removed. + # Test if it is mounted. + while read device mountpoint fstype remainder; do + if [ "$DEVNAME" = "$device" ]; then + # If the mountpoint and filesystem type are maintained by + # this script, unmount the filesystem. + if in_list "$mountpoint" "$MOUNTPOINTS" && + in_list "$fstype" "$FILESYSTEMS"; then + log info "executing command: umount -l $mountpoint" + umount -l "$mountpoint" + + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + log info "executing command: run-parts /etc/usbmount/umount.d" + run-parts /etc/usbmount/umount.d || : + fi + break + fi + done < /proc/mounts +else + log err "unexpected: action '$1'" + exit 1 +fi + +log debug "usbmount execution finished" diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf new file mode 100644 index 000000000..97f7ccc20 --- /dev/null +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -0,0 +1,53 @@ +# Configuration file for the usbmount package, which mounts removable +# storage devices when they are plugged in and unmounts them when they +# are removed. + +# Change to zero to disable usbmount +ENABLED=1 + +# Mountpoints: These directories are eligible as mointpoints for +# removable storage devices. A newly plugged in device is mounted on +# the first directory in this list that exists and on which nothing is +# mounted yet. +MOUNTPOINTS="/media/usb0 /media/usb1 /media/usb2 /media/usb3 + /media/usb4 /media/usb5 /media/usb6 /media/usb7" + +# Filesystem types: removable storage devices are only mounted if they +# contain a filesystem type which is in this list. +FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus" + +############################################################################# +# WARNING! # +# # +# The "sync" option may not be a good choice to use with flash drives, as # +# it forces a greater amount of writing operating on the drive. This makes # +# the writing speed considerably lower and also leads to a faster wear out # +# of the disk. # +# # +# If you omit it, don't forget to use the command "sync" to synchronize the # +# data on your disk before removing the drive or you may experience data # +# loss. # +# # +# It is highly recommended that you use the pumount command (as a regular # +# user) before unplugging the device. It makes calling the "sync" command # +# and mounting with the sync option unnecessary---this is similar to other # +# operating system's "safely disconnect the device" option. # +############################################################################# +# Mount options: Options passed to the mount command with the -o flag. +# See the warning above regarding removing "sync" from the options. +MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime" + +# Filesystem type specific mount options: This variable contains a space +# separated list of strings, each which the form "-fstype=TYPE,OPTIONS". +# +# If a filesystem with a type listed here is mounted, the corresponding +# options are appended to those specificed in the MOUNTOPTIONS variable. +# +# For example, "-fstype=vfat,gid=floppy,dmask=0007,fmask=0117" would add +# the options "gid=floppy,dmask=0007,fmask=0117" when a vfat filesystem +# is mounted. +FS_MOUNTOPTIONS="" + +# If set to "yes", more information will be logged via the syslog +# facility. +VERBOSE=no diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index ba8b3a164..d8a13e945 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,18 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' +- name: Setup directories for usbmount + file: + path: "{{ item }}" + # owner: root + # group: root + # mode: '0755' + state: directory + with_items: + - /etc/usbmount/mount.d + - /etc/usbmount/umount.d + +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -82,7 +93,7 @@ state: directory path: "{{ doc_root }}/upload2usb" owner: "{{ apache_user }}" - group: "{{ apache_user }}" + group: "{{ apache_user }}" mode: 0755 - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ into {{ doc_root }}/upload2usb/' diff --git a/roles/usb_lib/templates/usbmount.rules.j2 b/roles/usb_lib/templates/usbmount.rules.j2 index 564186c5a..939a31041 100644 --- a/roles/usb_lib/templates/usbmount.rules.j2 +++ b/roles/usb_lib/templates/usbmount.rules.j2 @@ -1,5 +1,3 @@ -KERNEL=="sd*", DRIVERS=="sbp2", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="ub*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="remove", PROGRAM="/usr/share/usbmount/usbmount remove" +ACTION=="add", SUBSYSTEMS=="usb", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem" PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" +ACTION=="remove", SUBSYSTEMS=="usb", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem" PROGRAM="/bin/systemd-escape -p /usr/share/usbmount/usbmount remove" From 229a913ba4f370cc78bbbefa1abb4f61b8f8df79 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 15:29:35 -0600 Subject: [PATCH 1129/1184] filesystems supported --- roles/usb_lib/files/usbmount/usbmount.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf index 97f7ccc20..c92ced73d 100644 --- a/roles/usb_lib/files/usbmount/usbmount.conf +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -14,7 +14,7 @@ MOUNTPOINTS="/media/usb0 /media/usb1 /media/usb2 /media/usb3 # Filesystem types: removable storage devices are only mounted if they # contain a filesystem type which is in this list. -FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus" +FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs" ############################################################################# # WARNING! # From 36485a109d167465f7f38b996d94749d8a661de0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 15:30:36 -0600 Subject: [PATCH 1130/1184] turn on debug --- roles/usb_lib/files/usbmount/usbmount.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf index c92ced73d..7bd194873 100644 --- a/roles/usb_lib/files/usbmount/usbmount.conf +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -50,4 +50,4 @@ FS_MOUNTOPTIONS="" # If set to "yes", more information will be logged via the syslog # facility. -VERBOSE=no +VERBOSE=yes From a5af8c89d4370a83891de10a647a128ea6a941a6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 15:36:56 -0600 Subject: [PATCH 1131/1184] move mkdir and copyright --- roles/usb_lib/files/usbmount/usbmount | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 75f249ab6..e144c46d3 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -3,6 +3,7 @@ # and unmounts them when they are removed. # Copyright © 2004, 2005 Martin Dickopp # Copyright © 2008, 2009, 2010 Rogério Theodoro de Brito +# Copyright © 2025, Jerry Vonau # # This file is free software; the copyright holder gives unlimited # permission to copy and/or distribute it, with or without @@ -12,7 +13,7 @@ # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# +# Add web link to copyright notice help in iiab on github set -e exec > /dev/null 2>&1 @@ -65,18 +66,19 @@ if [ ! -x /sbin/blkid ]; then exit 1 fi -# Per Policy 9.3.2, directories under /var/run have to be created -# after every reboot. -if [ ! -e /var/run/usbmount ]; then - mkdir -p /var/run/usbmount - log debug "creating /var/run/usbmount directory" -fi - -umask 022 - - if [ "$1" = add ]; then + # Per Policy 9.3.2, directories under /var/run have to be created + # after every reboot. + if [ ! -e /var/run/usbmount ]; then + mkdir -p /var/run/usbmount + log debug "creating /var/run/usbmount directory" + else + log debug "/var/run/usbmount exists" + fi + + umask 022 + # Acquire lock. log debug "trying to acquire lock /var/run/usbmount/.mount.lock" lockfile-create --retry 3 /var/run/usbmount/.mount || \ From f58ef267681da61f52eb3df0263802cc2934fa9b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 15:39:08 -0600 Subject: [PATCH 1132/1184] just exit to quite down systemd logging of umount failed on stuff we don't care about --- roles/usb_lib/files/usbmount/usbmount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index e144c46d3..cd4d50ae6 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,7 +96,7 @@ if [ "$1" = add ]; then if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then log info "$DEVNAME does not contain a filesystem or disklabel" - exit 1 + exit fi # Try to use specifications in /etc/fstab first. From 60ca24d63a820d4e36b7b16853e3c451d7e5a93e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 16:37:22 -0600 Subject: [PATCH 1133/1184] replace deb with local files --- roles/usb_lib/tasks/install.yml | 36 +++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index d8a13e945..02e55b36b 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -47,10 +47,10 @@ when: udev_unit.stat.exists is defined and udev_unit.stat.exists # http://raspbian.raspberrypi.org/raspbian/pool/main/u/usbmount/usbmount_0.0.22_all.deb -- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS, Debian, Ubuntu} - apt: - deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" - # when: is_debian +#- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS, Debian, Ubuntu} +# apt: +# deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" +# # when: is_debian # check status of usbmount on mintlinux - should be ok Ubuntu variant # - name: Install usbmount from OS repo for Ubuntu variants @@ -73,11 +73,21 @@ # owner: root # group: root # mode: '0755' + mode: 0644 state: directory with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d +- name: '2025-01-25: Copy files from files/usbmount to filesystem' + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } + - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } + - name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" @@ -106,16 +116,16 @@ # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 -- name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf - lineinfile: - regexp: '^FILESYSTEMS=.*' - line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' - path: /etc/usbmount/usbmount.conf +#- name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf +# lineinfile: +# regexp: '^FILESYSTEMS=.*' +# line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' +# path: /etc/usbmount/usbmount.conf -- name: Remove /etc/usbmount/mount.d/00_create_model_symlink - file: - path: /etc/usbmount/mount.d/00_create_model_symlink - state: absent +#- name: Remove /etc/usbmount/mount.d/00_create_model_symlink +# file: +# path: /etc/usbmount/mount.d/00_create_model_symlink +# state: absent # RECORD 'USB_LIB' AS INSTALLED From 257dc008ec6502f5c355e484f24c54d277093bfd Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 16:56:21 -0600 Subject: [PATCH 1134/1184] bump number of lock tries --- roles/usb_lib/files/usbmount/usbmount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index cd4d50ae6..b1abf49cb 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -81,7 +81,7 @@ if [ "$1" = add ]; then # Acquire lock. log debug "trying to acquire lock /var/run/usbmount/.mount.lock" - lockfile-create --retry 3 /var/run/usbmount/.mount || \ + lockfile-create --retry 6 /var/run/usbmount/.mount || \ { log err "cannot acquire lock /var/run/usbmount/.mount.lock"; exit 1; } trap '( lockfile-remove /var/run/usbmount/.mount )' 0 log debug "acquired lock /var/run/usbmount/.mount.lock" From 640ab00d26d73d3e825098713ddfe402d8edbdcd Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 17:05:03 -0600 Subject: [PATCH 1135/1184] update iiab-clean-usb.sh --- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/templates/usbmount@.service.j2 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 02e55b36b..daf0fcc96 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -96,7 +96,7 @@ with_items: - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } + - { src: 'iiab-clean-usb.sh', dest: '/usr/local/sbin/', mode: '0755' } - name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' file: diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 52da18ba5..0671ce296 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -7,8 +7,8 @@ After=systemd-udev-trigger.service #Type=oneshot TimeoutStartSec=0 Environment=DEVNAME=%I -ExecStart=/usr/share/usbmount/usbmount add -ExecStop=/usr/sbin/iiab-clean-usb.sh %I +ExecStart=/usr/local/sbin/usbmount add +ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes From 34b4a8a7ad74a26a5cfca397a0ed94dcd325bd7f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 17:17:04 -0600 Subject: [PATCH 1136/1184] ConditionPathExists=/var/run --- roles/usb_lib/templates/usbmount@.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 0671ce296..dca318ac7 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -2,6 +2,7 @@ BindTo=%i.device After=%i.device After=systemd-udev-trigger.service +ConditionPathExists=/var/run [Service] #Type=oneshot From e6051088fcebfff891c2b1bab7c5be8620759406 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 26 Jan 2025 08:34:46 -0600 Subject: [PATCH 1137/1184] RuntimeDirectory=usbmount --- roles/usb_lib/templates/usbmount@.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index dca318ac7..2dc0177c0 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -12,4 +12,5 @@ ExecStart=/usr/local/sbin/usbmount add ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes +RuntimeDirectory=usbmount From 76d5b5fc1780322bf6db0aba217e59de795f99e5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 06:00:07 -0500 Subject: [PATCH 1138/1184] usb_lib: Minor whitespace typos --- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/templates/usbmount@.service.j2 | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index daf0fcc96..6c7660748 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -59,7 +59,7 @@ # state: present # when: is_ubuntu -- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) +- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory path: "{{ doc_root }}/local_content" diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 2dc0177c0..6cf1f990b 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -13,4 +13,3 @@ ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes RuntimeDirectory=usbmount - From 190d66409f0265c81548584e9b52c28a5f6d1c48 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 29 Jan 2025 08:59:24 -0600 Subject: [PATCH 1139/1184] Update roles/usb_lib/templates/iiab-clean-usb.sh to restore previous search-ability Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/iiab-clean-usb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index dcdf987d3..2223c15a5 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -5,7 +5,7 @@ DEVICE=$(echo $@ | sed -s 's|-|/|') MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK, as auto-created earlier by usbmount." if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK From daa3deb034c661000025321efcd07eb01983a67f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 29 Jan 2025 08:59:49 -0600 Subject: [PATCH 1140/1184] Update roles/usb_lib/templates/iiab-clean-usb.sh to restore previous search-ability Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/iiab-clean-usb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index 2223c15a5..c04c8c5f7 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -9,6 +9,6 @@ logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK - logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed, as auto-created earlier by usbmount." fi From eca12605b91148c8c0f109b39ee8833e083eb8ce Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 03:19:31 -0600 Subject: [PATCH 1141/1184] forgot the dependencies --- roles/usb_lib/tasks/install.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 6c7660748..a4f608698 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -52,12 +52,12 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -# check status of usbmount on mintlinux - should be ok Ubuntu variant -# - name: Install usbmount from OS repo for Ubuntu variants -# package: -# name: usbmount -# state: present -# when: is_ubuntu +- name: Install lockfile-progs util-linux for usbmount from OS repo + package: + name: + - lockfile-progs + - util-linux + state: present - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: From 0dec3fe8108f52832b9398e329119920a3ba5a96 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 09:52:41 -0600 Subject: [PATCH 1142/1184] indent --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index a4f608698..ac444d05f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -55,8 +55,8 @@ - name: Install lockfile-progs util-linux for usbmount from OS repo package: name: - - lockfile-progs - - util-linux + - lockfile-progs + - util-linux state: present - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} From 78924e84bab6118d2333995b403058adb9b9209a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 11:59:15 -0600 Subject: [PATCH 1143/1184] create /media/usb0-7 --- roles/usb_lib/tasks/install.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index ac444d05f..bd4d4ab7f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: Setup directories for usbmount +- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, and /media/usb0-7 file: path: "{{ item }}" # owner: root @@ -78,6 +78,14 @@ with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d + - /media/usb0 + - /media/usb1 + - /media/usb2 + - /media/usb3 + - /media/usb4 + - /media/usb5 + - /media/usb6 + - /media/usb7 - name: '2025-01-25: Copy files from files/usbmount to filesystem' copy: From 97eeae48455c6950b01bccb35859990306c02eac Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 14:07:51 -0600 Subject: [PATCH 1144/1184] wording --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index bd4d4ab7f..2993865fd 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, and /media/usb0-7 +- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, /media/usb0-7 file: path: "{{ item }}" # owner: root @@ -96,7 +96,7 @@ - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 80bdfc677e6845aa6f86b1e0adbcbf4642da2186 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 14:13:26 -0600 Subject: [PATCH 1145/1184] Update roles/usb_lib/tasks/install.yml missed during rebase Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 2993865fd..77abac259 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -96,7 +96,7 @@ - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/local/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 6b4b94dae2081ffab88339479d3a147faf83071e Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 31 Jan 2025 01:41:23 -0500 Subject: [PATCH 1146/1184] usb_lib / usbmount: Refine, lint, clarify --- .../files/{upload => upload2usb}/button.html | 0 .../files/{upload => upload2usb}/error.php | 0 .../files/{upload => upload2usb}/footer.php | 0 .../files/{upload => upload2usb}/header.php | 0 .../files/{upload => upload2usb}/index.php | 0 .../files/{upload => upload2usb}/uk-swing.png | Bin .../{upload => upload2usb}/upload-file.php | 0 .../{upload => upload2usb}/upload2usb.php | 0 roles/usb_lib/tasks/install.yml | 23 ++++++++---------- roles/usb_lib/templates/iiab-clean-usb.sh | 16 ++++++------ .../templates/mount.d/70-usb-library.j2 | 16 ++++++------ 11 files changed, 26 insertions(+), 29 deletions(-) rename roles/usb_lib/files/{upload => upload2usb}/button.html (100%) rename roles/usb_lib/files/{upload => upload2usb}/error.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/footer.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/header.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/index.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/uk-swing.png (100%) rename roles/usb_lib/files/{upload => upload2usb}/upload-file.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/upload2usb.php (100%) diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload2usb/button.html similarity index 100% rename from roles/usb_lib/files/upload/button.html rename to roles/usb_lib/files/upload2usb/button.html diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload2usb/error.php similarity index 100% rename from roles/usb_lib/files/upload/error.php rename to roles/usb_lib/files/upload2usb/error.php diff --git a/roles/usb_lib/files/upload/footer.php b/roles/usb_lib/files/upload2usb/footer.php similarity index 100% rename from roles/usb_lib/files/upload/footer.php rename to roles/usb_lib/files/upload2usb/footer.php diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload2usb/header.php similarity index 100% rename from roles/usb_lib/files/upload/header.php rename to roles/usb_lib/files/upload2usb/header.php diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload2usb/index.php similarity index 100% rename from roles/usb_lib/files/upload/index.php rename to roles/usb_lib/files/upload2usb/index.php diff --git a/roles/usb_lib/files/upload/uk-swing.png b/roles/usb_lib/files/upload2usb/uk-swing.png similarity index 100% rename from roles/usb_lib/files/upload/uk-swing.png rename to roles/usb_lib/files/upload2usb/uk-swing.png diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php similarity index 100% rename from roles/usb_lib/files/upload/upload-file.php rename to roles/usb_lib/files/upload2usb/upload-file.php diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php similarity index 100% rename from roles/usb_lib/files/upload/upload2usb.php rename to roles/usb_lib/files/upload2usb/upload2usb.php diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 77abac259..107ae9a4c 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -52,7 +52,7 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -- name: Install lockfile-progs util-linux for usbmount from OS repo +- name: Install lockfile-progs and util-linux for usbmount from OS repo package: name: - lockfile-progs @@ -62,19 +62,16 @@ - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory - path: "{{ doc_root }}/local_content" - owner: "{{ apache_user }}" + path: "{{ doc_root }}/local_content" # /library/www/html + owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 - name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, /media/usb0-7 file: - path: "{{ item }}" - # owner: root - # group: root - # mode: '0755' - mode: 0644 state: directory + path: "{{ item }}" + mode: 0755 with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d @@ -87,7 +84,7 @@ - /media/usb6 - /media/usb7 -- name: '2025-01-25: Copy files from files/usbmount to filesystem' +- name: Copy files from files/usbmount to filesystem copy: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -106,7 +103,7 @@ - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - { src: 'iiab-clean-usb.sh', dest: '/usr/local/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' +- name: Add dir {{ doc_root }}/upload2usb (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory path: "{{ doc_root }}/upload2usb" @@ -114,12 +111,12 @@ group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ into {{ doc_root }}/upload2usb/' +- name: Copy files from files/upload2usb/ into {{ doc_root }}/upload2usb/ copy: src: "{{ item }}" - dest: "{{ doc_root }}/upload2usb/" # /library/www/html + dest: "{{ doc_root }}/upload2usb/" with_fileglob: - - upload/* + - upload2usb/* # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index c04c8c5f7..360d737f4 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -1,14 +1,14 @@ #!/bin/bash -# Remove symlink in /library/content to automounted usb drive -# -DEVICE=$(echo $@ | sed -s 's|-|/|') -MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') +# Remove symlink in /library/www/html/local_content to automounted USB drive + +DEVICE="/$(echo $1 | sed 's|-|/|')" +MNT_POINT=$(findmnt -no target $DEVICE) CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK, as auto-created earlier by usbmount." + +logger -t "usb_lib (iiab-clean-usb.sh)" "Attempting to remove symlink $CONTENT_LINK, as auto-created earlier by usbmount." if [ -L $CONTENT_LINK ]; then - /bin/rm $CONTENT_LINK - logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed, as auto-created earlier by usbmount." + /usr/bin/rm $CONTENT_LINK + logger -t "usb_lib (iiab-clean-usb.sh)" "Symlink $CONTENT_LINK removed, as auto-created earlier by usbmount." fi - diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 803313f7e..62d15b27a 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -30,16 +30,16 @@ logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEV" == "$LIB_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /library" exit elif [ "$UM_DEV" == "$ROOT_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" exit elif [ "$UM_DEV" == "$BOOT_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" exit elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" exit fi @@ -48,13 +48,13 @@ fi # "public artwork" — as summarized here: https://github.com/iiab/iiab/blob/master/roles/usb_lib/README.rst if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" + logger -t "usb_lib (70-usb-library)" "Found /PUBLIC on $UM_MOUNTPOINT" else SHARE_DIR=$UM_MOUNTPOINT - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" + logger -t "usb_lib (70-usb-library)" "Did not find /PUBLIC on $UM_MOUNTPOINT" fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" -ln -s $SHARE_DIR $CONTENT_LINK +logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" +ln -sf $SHARE_DIR $CONTENT_LINK From 3077a39cd607c9d4b034aa6802c2ebbd7bd3ecb6 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 31 Jan 2025 03:45:23 -0500 Subject: [PATCH 1147/1184] Invert rejected country red error; Clarify 3 channel/country vars for iiab.ini --- roles/network/tasks/detected_network.yml | 34 +++++++++++++----------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 1663f8c39..c72028d53 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -264,8 +264,8 @@ wifi_up_down: False when: rpi3bplus_rpi4_wifi_firmware == "24" -- name: Detect "Firmware rejected country setting" in dmesg - shell: dmesg | grep ieee80211 | grep "Firmware rejected country setting" +- name: Detect "Firmware rejected country setting" in dmesg (invert return code, for intentional red error) + shell: '! dmesg | grep ieee80211 | grep "Firmware rejected country setting"' register: FW_rejected_country ignore_errors: True @@ -337,27 +337,29 @@ - option: wifi_firmware_43455 value: "{{ rpi3bplus_rpi4_wifi_firmware }}" -- name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} +- name: Add 'detected_network' variable 'current_client_channel_found' stdout value ({{ current_client_channel.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: detected_network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel_found - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined + option: client_wifi_channel_found + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined and current_client_channel.stdout != "" -- name: Add 'detected_network' variable 'FW_rejected_country' value if defined, to {{ iiab_ini_file }} +- name: Add 'detected_network' variable 'FW_rejected_country' stdout value ({{ FW_rejected_country.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: detected_network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: FW_rejected_country - value: "{{ cmdline_country_code.stdout }}" - when: FW_rejected_country.stdout is defined + option: FW_rejected_country + value: "{{ FW_rejected_country.stdout }}" + when: FW_rejected_country.stdout is defined and FW_rejected_country.stdout != "" + +- name: Add 'detected_network' variable 'cmdline_country_code' stdout value ({{ cmdline_country_code.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: cmdline_country_code + value: "{{ cmdline_country_code.stdout }}" + when: cmdline_country_code.stdout is defined and cmdline_country_code.stdout != "" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired From b6b2f3a0d771a0e84bf931f2aec6341985b30caa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Jan 2025 04:24:07 -0500 Subject: [PATCH 1148/1184] usbmount copyright URL clarifs for PR #3929 --- roles/usb_lib/files/usbmount/usbmount | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index b1abf49cb..7541b5335 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -13,7 +13,8 @@ # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# Add web link to copyright notice help in iiab on github +# https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/copyright +# https://github.com/rbrito/usbmount/blob/master/debian/copyright set -e exec > /dev/null 2>&1 From c975dd21fce3227e7d54413eecb91b198caa178d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Feb 2025 00:35:54 -0500 Subject: [PATCH 1149/1184] php-settings.yml: TZ hack that avoids systemd, for GHA --- roles/www_options/tasks/php-settings.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index adedee11b..4693db885 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -30,8 +30,10 @@ # 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true # 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' -- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) - command: timedatectl show -p Timezone --value +#- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) +# command: timedatectl show -p Timezone --value +- name: Extract Time Zone from symlink /etc/localtime, or declare UTC + shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || echo UTC register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From f22ba85c49f9cfa7b890db9a362e1ad21511d481 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Feb 2025 00:54:47 -0500 Subject: [PATCH 1150/1184] php-settings.yml: More complete shell hack, equiv to timedatectl --- roles/www_options/tasks/php-settings.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 4693db885..7109ccfeb 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -30,10 +30,10 @@ # 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true # 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' -#- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) -# command: timedatectl show -p Timezone --value -- name: Extract Time Zone from symlink /etc/localtime, or declare UTC - shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || echo UTC +- name: Extract Time Zone from symlink /etc/localtime, text file /etc/timezone, or if all else fails declare Etc/UTC + # command: timedatectl show -p Timezone --value + # 2025-02-01: "guyot/arm-runner-action@v2" GHA workflows don't seem to work with "use_systemd_nspawn: true", so hack in the equivalent of timedatectl... + shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || cat /etc/timezone || echo Etc/UTC register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From fb787e0649cd1817d0e4bef0e2025e6353a91906 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Feb 2025 01:24:47 -0500 Subject: [PATCH 1151/1184] Update USB_LIB description for iiab.ini --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 4def69c4f..4d2710874 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -77,7 +77,7 @@ - option: name value: USB_LIB - option: description - value: '"USB_LIB automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"' + value: '"USB_LIB automounts Teacher Content on USB sticks to /library/www/html/local_content, so students can browse the USB AND upload their work to the USB, all at http://box/usb"' - option: usb_lib_install value: "{{ usb_lib_install }}" - option: usb_lib_enabled From 8eed5e3face334dca474063043b07fbd63915f8c Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Sun, 2 Feb 2025 20:44:02 +0000 Subject: [PATCH 1152/1184] usb_lib/README.rst, usb_lib/tasks/install.yml: Add docs on how to disable Desktop auto-mount functionality on RPi Desktop; other minor doc cleanup --- roles/usb_lib/README.rst | 3 +++ roles/usb_lib/tasks/install.yml | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index da2564f36..aa5409d90 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,6 +20,9 @@ Technical Details: * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` +* If you are using a Desktop install of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the auto-mount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the auto-mount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". + + * Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 107ae9a4c..35f533652 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,9 +7,10 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. -# If you are still not able to write to a mounted USB stick, try unmounting the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). - +# The variable, usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml), must be set to true +# in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. +# If you are still not able to write to a mounted USB stick, try unmounting the drive +# (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 38a860d3c5734b361f2a898e74809fcd84b7a3e4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 2 Feb 2025 16:12:11 -0500 Subject: [PATCH 1153/1184] Update usb_lib/README.rst --- roles/usb_lib/README.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index aa5409d90..e874e9525 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -16,13 +16,12 @@ As of January 2025, automount is handled by usbmount: (`devmon included with ude Technical Details: -* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L103>`_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 17 of: `/opt/iiab/iiab/roles/usb_lib/files/usbmount/usbmount.conf <https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/usbmount.conf#L17>`_ + +* If you are using a Graphical Desktop version of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the automount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` -* If you are using a Desktop install of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the auto-mount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the auto-mount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". - - * Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) From 3596963d5cfdf547f8c777e161d320eaf7ef90b7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 2 Feb 2025 16:22:38 -0500 Subject: [PATCH 1154/1184] Further update usb_lib/README.rst --- roles/usb_lib/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index e874e9525..b7536387c 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -18,7 +18,9 @@ Technical Details: * USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 17 of: `/opt/iiab/iiab/roles/usb_lib/files/usbmount/usbmount.conf <https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/usbmount.conf#L17>`_ -* If you are using a Graphical Desktop version of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the automount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". +* If your IIAB was built on a Graphical Desktop OS (instead of a headless OS, like Raspberry Pi OS Lite), USB sticks will problematically be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. + + * EXAMPLE: To disable Desktop automount within "Raspberry Pi OS with desktop", go to File Manager (pcmanfm) → Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` From c2c36b178edc71d103b34e1f991c9cf75af7f667 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 6 Feb 2025 08:07:00 -0600 Subject: [PATCH 1155/1184] iiab-check-firmware: Mention 'sudo iiab-network' --- roles/firmware/templates/iiab-check-firmware | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index b2f7a1cce..f10cd752b 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -60,7 +60,7 @@ else echo -e " cd /opt/iiab/iiab" echo -e " sudo iiab-hotspot-off # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo ./runrole --reinstall firmware" - echo -e " sudo ./iiab-network # SOMETIMES NECESSARY" + echo -e " sudo iiab-network # SOMETIMES NECESSARY" echo -e " sudo iiab-hotspot-on # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo reboot\n" #echo From 2398313918991a755c25c4d8789aacf48bfa3aae Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 11 Feb 2025 03:13:51 -0500 Subject: [PATCH 1156/1184] 70-usb-library.j2: Forcibly delete e.g. stale /library/www/html/local_content/USB0 --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 62d15b27a..441cebb74 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -57,4 +57,7 @@ fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" -ln -sf $SHARE_DIR $CONTENT_LINK +# 'rm -rf' even stronger than 'ln -nsf' and 'ln -Tsf' +# https://serverfault.com/questions/147787/how-to-update-a-symbolic-link-target-ln-f-s-not-working/522483#522483 +rm -rf $CONTENT_LINK +ln -s $SHARE_DIR $CONTENT_LINK From 94ca58aa0cad87225ee39bf55bdc3de298521700 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 11 Feb 2025 03:45:52 -0500 Subject: [PATCH 1157/1184] 70-usb-library.j2: Cleaner logging & error handling (e.g. exit code 1) --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 441cebb74..89dfea840 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -31,16 +31,16 @@ logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEV" == "$LIB_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /library" - exit + exit 1 elif [ "$UM_DEV" == "$ROOT_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" - exit + exit 1 elif [ "$UM_DEV" == "$BOOT_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" - exit + exit 1 elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" - exit + exit 1 fi # 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable. @@ -55,9 +55,13 @@ else fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') +if [ -z "$CONTENT_LINK_USB" ]; then + logger -t "usb_lib (70-usb-library)" "ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" might be dangerous!)" + exit 1 +fi CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" # 'rm -rf' even stronger than 'ln -nsf' and 'ln -Tsf' # https://serverfault.com/questions/147787/how-to-update-a-symbolic-link-target-ln-f-s-not-working/522483#522483 +logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" rm -rf $CONTENT_LINK ln -s $SHARE_DIR $CONTENT_LINK From 1ec743a65428cd307b0fb951e5525b5d2a805cee Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 11 Feb 2025 10:42:05 -0500 Subject: [PATCH 1158/1184] 70-usb-library.j2: Fix logger string quotation marks --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 89dfea840..8263bde1f 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -56,7 +56,7 @@ fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') if [ -z "$CONTENT_LINK_USB" ]; then - logger -t "usb_lib (70-usb-library)" "ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" might be dangerous!)" + logger -t "usb_lib (70-usb-library)" 'ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" would be dangerous!)' exit 1 fi CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" From 9bc2006ba3ea40dead77090d40808dc680474447 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Feb 2025 16:25:06 -0600 Subject: [PATCH 1159/1184] exclude usb based device that host usbbooted filesytems --- roles/usb_lib/files/usbmount/usbmount | 39 ++++++++++++++++++++------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 7541b5335..284069a19 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,22 +96,41 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log info "$DEVNAME does not contain a filesystem or disklabel" + log info "/$DEVNAME does not contain a filesystem or disklabel" exit fi - # Try to use specifications in /etc/fstab first. + log debug "DEVNAME /$DEVNAME" + BOOTFW_DEV=$(/usr/bin/findmnt -no source /boot/firmware) + log debug "BOOTFW_DEV $BOOTFW_DEV" + if [ $BOOTFW_DEV = /$DEVNAME ]; then + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + exit + fi + ROOT_DEV=$(/usr/bin/findmnt -no source /) + log debug "ROOT_DEV $ROOT_DEV" + if [ $ROOT_DEV = /$DEVNAME ]; then + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + exit + fi + BOOT_DEV=$(/usr/bin/findmnt -no source /boot) + log debug "BOOT_DEV $BOOT_DEV" + if [ $BOOT_DEV = /$DEVNAME ]; then + log debug "skipping BOOTFS_DEV $BOOT_DEV mount as /boot" + exit + fi + + # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then - log info "executing command: mount $DEVNAME" - mount $DEVNAME || log err "mount by DEVNAME with $DEVNAME wasn't successful; return code $?" - + log debug "skipping /$DEVNAME exit" + exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then - log info "executing command: mount -U $UUID" - mount -U $UUID || log err "mount by UUID with $UUID wasn't successful; return code $?" - + log debug "skipping $UUID" + exit else - log debug "$DEVNAME contains filesystem type $FSTYPE" - + log debug "/$DEVNAME contains filesystem type $FSTYPE" fstype=$FSTYPE # Test if the filesystem type is in the list of filesystem # types to mount. From fda19ad7f95a25acb8d369e39a4c1ed742422a7b Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Wed, 12 Feb 2025 02:18:16 -0500 Subject: [PATCH 1160/1184] upload2usb/header.php: update swing logo to point to /usb/ instead of /upload2usb/ --- roles/usb_lib/files/upload2usb/header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload2usb/header.php b/roles/usb_lib/files/upload2usb/header.php index fc8218800..ef75c2c01 100644 --- a/roles/usb_lib/files/upload2usb/header.php +++ b/roles/usb_lib/files/upload2usb/header.php @@ -28,5 +28,5 @@ include("upload2usb.php"); <div class="row"> <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <a href="/upload2usb/"><img class="mb-4" src="uk-swing.png" alt="" width="75"></a> + <a href="/usb/"><img class="mb-4" src="uk-swing.png" alt="" width="75"></a> <h1 class="h3 mb-3 font-weight-normal"><?php echo $title ?></h1> From 759126414edeb21a6cd0445f1d5d3237db1efffe Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 10:26:21 -0600 Subject: [PATCH 1161/1184] #set -e, lockfile-remove, typo, missing debug line --- roles/usb_lib/files/usbmount/usbmount | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 284069a19..3a4e26c29 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -15,7 +15,7 @@ # PARTICULAR PURPOSE. # https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/copyright # https://github.com/rbrito/usbmount/blob/master/debian/copyright -set -e +#set -e exec > /dev/null 2>&1 ###################################################################### @@ -106,6 +106,7 @@ if [ "$1" = add ]; then if [ $BOOTFW_DEV = /$DEVNAME ]; then log debug "/$DEVNAME contains filesystem type $FSTYPE" log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + lockfile-remove /var/run/usbmount/.mount exit fi ROOT_DEV=$(/usr/bin/findmnt -no source /) @@ -113,12 +114,15 @@ if [ "$1" = add ]; then if [ $ROOT_DEV = /$DEVNAME ]; then log debug "/$DEVNAME contains filesystem type $FSTYPE" log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + lockfile-remove /var/run/usbmount/.mount exit fi BOOT_DEV=$(/usr/bin/findmnt -no source /boot) log debug "BOOT_DEV $BOOT_DEV" if [ $BOOT_DEV = /$DEVNAME ]; then - log debug "skipping BOOTFS_DEV $BOOT_DEV mount as /boot" + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" + lockfile-remove /var/run/usbmount/.mount exit fi From 9a95a046c4bd16c88ea29b092e49917d120cc95e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 10:36:22 -0600 Subject: [PATCH 1162/1184] lockfile-remove for fstab check --- roles/usb_lib/files/usbmount/usbmount | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 3a4e26c29..939a76c45 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -129,9 +129,11 @@ if [ "$1" = add ]; then # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then log debug "skipping /$DEVNAME exit" + lockfile-remove /var/run/usbmount/.mount exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then log debug "skipping $UUID" + lockfile-remove /var/run/usbmount/.mount exit else log debug "/$DEVNAME contains filesystem type $FSTYPE" From 52da42c14638e2ab2816a6af958e0f7bf981cb31 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 11:19:54 -0600 Subject: [PATCH 1163/1184] touchups and ordering --- roles/usb_lib/files/usbmount/usbmount | 36 ++++++++++++--------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 939a76c45..08b9e81c3 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,34 +96,30 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log info "/$DEVNAME does not contain a filesystem or disklabel" + log debug "/$DEVNAME does not contain a filesystem or disklabel" exit fi - log debug "DEVNAME /$DEVNAME" + log debug "/$DEVNAME contains filesystem type $FSTYPE" BOOTFW_DEV=$(/usr/bin/findmnt -no source /boot/firmware) log debug "BOOTFW_DEV $BOOTFW_DEV" - if [ $BOOTFW_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" - lockfile-remove /var/run/usbmount/.mount - exit - fi ROOT_DEV=$(/usr/bin/findmnt -no source /) log debug "ROOT_DEV $ROOT_DEV" - if [ $ROOT_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" - lockfile-remove /var/run/usbmount/.mount - exit - fi BOOT_DEV=$(/usr/bin/findmnt -no source /boot) log debug "BOOT_DEV $BOOT_DEV" - if [ $BOOT_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" - lockfile-remove /var/run/usbmount/.mount - exit + + if [ $BOOTFW_DEV = /$DEVNAME ]; then + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + lockfile-remove /var/run/usbmount/.mount + exit + elif [ $ROOT_DEV = /$DEVNAME ]; then + log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + lockfile-remove /var/run/usbmount/.mount + exit + elif [ $BOOT_DEV = /$DEVNAME ]; then + log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" + lockfile-remove /var/run/usbmount/.mount + exit fi # Try to use specifications in /etc/fstab to skip. @@ -145,7 +141,7 @@ if [ "$1" = add ]; then for v in $MOUNTPOINTS; do if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then mountpoint="$v" - log debug "mountpoint $mountpoint is available for $DEVNAME" + log debug "mountpoint $mountpoint is available for /$DEVNAME" break fi done From bd8c131ef667fd7e9c8eec674ad051872862c328 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 11:45:04 -0600 Subject: [PATCH 1164/1184] clearer dependencies --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 35f533652..660df7eb2 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -53,7 +53,7 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -- name: Install lockfile-progs and util-linux for usbmount from OS repo +- name: Install lockfile-progs and util-linux (findmnt blkid) for usbmount from OS repo package: name: - lockfile-progs From ebceb4a6ac970c00a22a2a4255e927695f158f52 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 13:28:05 -0600 Subject: [PATCH 1165/1184] upload2usb.php add 'grep media' to device filter --- roles/usb_lib/files/upload2usb/upload2usb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 38b5e0c86..643a46ed4 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -18,7 +18,7 @@ function getTargetUSBDriveLocation () { // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 # error if 1<>usb sticks are installed - $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | grep media | wc -l'); if ($rmv_usb_path_count == 0) { throw new RuntimeException('0 USB sticks found. <br/><br/>'); } elseif ($rmv_usb_path_count > 1) { From a96b46c22320876021ec336efb991f3c91576304 Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Thu, 13 Feb 2025 15:50:02 -0500 Subject: [PATCH 1166/1184] upload2usb/upload2usb.php: using existence of /media to determine if a USB stick is mounted or not for both count and upload location; changing tabs to spaces for the whole file --- roles/usb_lib/files/upload2usb/upload2usb.php | 91 +++++++++---------- 1 file changed, 44 insertions(+), 47 deletions(-) diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 643a46ed4..555a40f5a 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -10,27 +10,25 @@ set_exception_handler(function (Throwable $exception) { include ("error.php"); }); - //return the first removable USB drive location function getTargetUSBDriveLocation () { - // Get the first removal USB drive using - // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 - // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 + // Get the count of storage mounted at /media, and error if there is <>1 otherwise return upload path - # error if 1<>usb sticks are installed - $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | grep media | wc -l'); - if ($rmv_usb_path_count == 0) { - throw new RuntimeException('0 USB sticks found. <br/><br/>'); - } elseif ($rmv_usb_path_count > 1) { - throw new RuntimeException('More than 1 USB sticks installed. <br/><br/>'); - } + # error if 1<>usb sticks are installed + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs | cut -d " " -f 4 | grep "^MOUNTPOINT=\"/media" | wc -l'); - $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + if ($rmv_usb_path_count == 0) { + throw new RuntimeException('0 USB sticks found. <br/><br/>'); + } elseif ($rmv_usb_path_count > 1) { + throw new RuntimeException('More than 1 USB sticks installed. <br/><br/>'); + } + + $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs | cut -d " " -f 4 | grep "^MOUNTPOINT=\"/media" | cut -d "=" -f 2'))); if (empty($rmv_usb_path)) { - throw new RuntimeException('Not able to find USB stick. <br/><br/>'); + throw new RuntimeException('Not able to find USB stick. <br/><br/>'); } else { - return $rmv_usb_path . "/"; + return $rmv_usb_path . "/"; } } @@ -42,55 +40,55 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_writable_sticks' is set to 'True'. <br/><br/>"); - } - return $target_folder_path; + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_writable_sticks' is set to 'True'. <br/><br/>"); + } + return $target_folder_path; } //return number of files within a specified folder function getFileCount ($folder_path) { - return count(glob($folder_path . "/*")); + return count(glob($folder_path . "/*")); } //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { - $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); - foreach ($invalid_mimetypes_str as $invalid_mt_str) { - if (str_contains($mimetype, $invalid_mt_str)) { - error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); - return false; - } - } - return true; + $mimetype = strtolower(mime_content_type($file)); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); + foreach ($invalid_mimetypes_str as $invalid_mt_str) { + if (str_contains($mimetype, $invalid_mt_str)) { + error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); + return false; + } + } + return true; } //check file content to see if it's unique or not function isFileContentUnique ($target_folder_path, $file) { - $file_to_upload_md5 = md5_file($file); - $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); - foreach ($usb_dir as $dir_file) { - $dir_file = $target_folder_path . "/" . $dir_file; + $file_to_upload_md5 = md5_file($file); + $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); + foreach ($usb_dir as $dir_file) { + $dir_file = $target_folder_path . "/" . $dir_file; - if (!is_dir($dir_file)) { - $dir_file_md5 = md5_file($dir_file); - if ($file_to_upload_md5 == $dir_file_md5) { - return false; - } - } - } - return true; + if (!is_dir($dir_file)) { + $dir_file_md5 = md5_file($dir_file); + if ($file_to_upload_md5 == $dir_file_md5) { + return false; + } + } + } + return true; } //return unique filename function getUniqueFileName ($target_folder_path, $filename) { - $new_filename = $filename; - $counter = 1; - while (file_exists($target_folder_path . "/" . $new_filename)) { - $counter++; - $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); - } - return $new_filename; + $new_filename = $filename; + $counter = 1; + while (file_exists($target_folder_path . "/" . $new_filename)) { + $counter++; + $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); + } + return $new_filename; } // Check file size - we are not going to check file size for now. @@ -100,5 +98,4 @@ function getUniqueFileName ($target_folder_path, $filename) { // } - ?> From fe6516b2e953682b59a2c7bb0940b0ebff8bc44a Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Fri, 14 Feb 2025 15:56:09 -0500 Subject: [PATCH 1167/1184] Add lockfile removal before exit in usbmount script per Jerry's recommendation. Add lockfile removal before exit in usbmount script per Jerry's recommendation. Also adjusted spacing! Read up on file locking a bit: - https://www.baeldung.com/linux/file-locking - https://linux.die.net/man/1/lockfile-create --- roles/usb_lib/files/usbmount/usbmount | 175 +++++++++++++------------- 1 file changed, 88 insertions(+), 87 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 08b9e81c3..8104564e7 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,8 +96,9 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log debug "/$DEVNAME does not contain a filesystem or disklabel" - exit + log debug "/$DEVNAME does not contain a filesystem or disklabel" + lockfile-remove /var/run/usbmount/.mount + exit fi log debug "/$DEVNAME contains filesystem type $FSTYPE" @@ -109,7 +110,7 @@ if [ "$1" = add ]; then log debug "BOOT_DEV $BOOT_DEV" if [ $BOOTFW_DEV = /$DEVNAME ]; then - log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" lockfile-remove /var/run/usbmount/.mount exit elif [ $ROOT_DEV = /$DEVNAME ]; then @@ -124,107 +125,107 @@ if [ "$1" = add ]; then # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then - log debug "skipping /$DEVNAME exit" - lockfile-remove /var/run/usbmount/.mount - exit + log debug "skipping /$DEVNAME exit" + lockfile-remove /var/run/usbmount/.mount + exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then - log debug "skipping $UUID" - lockfile-remove /var/run/usbmount/.mount + log debug "skipping $UUID" + lockfile-remove /var/run/usbmount/.mount exit else - log debug "/$DEVNAME contains filesystem type $FSTYPE" - fstype=$FSTYPE - # Test if the filesystem type is in the list of filesystem - # types to mount. - if in_list "$fstype" "$FILESYSTEMS"; then - # Search an available mountpoint. - for v in $MOUNTPOINTS; do - if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then - mountpoint="$v" - log debug "mountpoint $mountpoint is available for /$DEVNAME" - break - fi - done - if [ -n "$mountpoint" ]; then - # Determine mount options. - options= - for v in $FS_MOUNTOPTIONS; do - if expr "$v" : "-fstype=$fstype,."; then - options="$(echo "$v" | sed 's/^[^,]*,//')" - break - fi - done - if [ -n "$MOUNTOPTIONS" ]; then - options="$MOUNTOPTIONS${options:+,$options}" - fi + log debug "/$DEVNAME contains filesystem type $FSTYPE" + fstype=$FSTYPE + # Test if the filesystem type is in the list of filesystem + # types to mount. + if in_list "$fstype" "$FILESYSTEMS"; then + # Search an available mountpoint. + for v in $MOUNTPOINTS; do + if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then + mountpoint="$v" + log debug "mountpoint $mountpoint is available for /$DEVNAME" + break + fi + done + if [ -n "$mountpoint" ]; then + # Determine mount options. + options= + for v in $FS_MOUNTOPTIONS; do + if expr "$v" : "-fstype=$fstype,."; then + options="$(echo "$v" | sed 's/^[^,]*,//')" + break + fi + done + if [ -n "$MOUNTOPTIONS" ]; then + options="$MOUNTOPTIONS${options:+,$options}" + fi - # Mount the filesystem. - log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" - mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" + # Mount the filesystem. + log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" + mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" - # Determine vendor and model. - vendor= - if [ -r "/sys$DEVPATH/device/vendor" ]; then - vendor="`cat \"/sys$DEVPATH/device/vendor\"`" - elif [ -r "/sys$DEVPATH/../device/vendor" ]; then - vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" - elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then - vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" - elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then - vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" - fi - vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + # Determine vendor and model. + vendor= + if [ -r "/sys$DEVPATH/device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/device/vendor\"`" + elif [ -r "/sys$DEVPATH/../device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" + elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" + elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" + fi + vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" - model= - if [ -r "/sys$DEVPATH/device/model" ]; then - model="`cat \"/sys$DEVPATH/device/model\"`" - elif [ -r "/sys$DEVPATH/../device/model" ]; then - model="`cat \"/sys$DEVPATH/../device/model\"`" - elif [ -r "/sys$DEVPATH/device/../product" ]; then - model="`cat \"/sys$DEVPATH/device/../product\"`" - elif [ -r "/sys$DEVPATH/../device/../product" ]; then - model="`cat \"/sys$DEVPATH/../device/../product\"`" - fi - model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + model= + if [ -r "/sys$DEVPATH/device/model" ]; then + model="`cat \"/sys$DEVPATH/device/model\"`" + elif [ -r "/sys$DEVPATH/../device/model" ]; then + model="`cat \"/sys$DEVPATH/../device/model\"`" + elif [ -r "/sys$DEVPATH/device/../product" ]; then + model="`cat \"/sys$DEVPATH/device/../product\"`" + elif [ -r "/sys$DEVPATH/../device/../product" ]; then + model="`cat \"/sys$DEVPATH/../device/../product\"`" + fi + model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" - # Run hook scripts; ignore errors. - export UM_DEVICE="$DEVNAME" - export UM_MOUNTPOINT="$mountpoint" - export UM_FILESYSTEM="$fstype" - export UM_MOUNTOPTIONS="$options" - export UM_VENDOR="$vendor" - export UM_MODEL="$model" - log info "executing command: run-parts /etc/usbmount/mount.d" - run-parts /etc/usbmount/mount.d || : - else - # No suitable mount point found. - log warning "no mountpoint found for $DEVNAME" - exit 1 - fi + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + export UM_MOUNTOPTIONS="$options" + export UM_VENDOR="$vendor" + export UM_MODEL="$model" + log info "executing command: run-parts /etc/usbmount/mount.d" + run-parts /etc/usbmount/mount.d || : + else + # No suitable mount point found. + log warning "no mountpoint found for $DEVNAME" + exit 1 + fi fi - fi +fi elif [ "$1" = remove ]; then # A block or partition device has been removed. # Test if it is mounted. while read device mountpoint fstype remainder; do - if [ "$DEVNAME" = "$device" ]; then + if [ "$DEVNAME" = "$device" ]; then # If the mountpoint and filesystem type are maintained by # this script, unmount the filesystem. if in_list "$mountpoint" "$MOUNTPOINTS" && - in_list "$fstype" "$FILESYSTEMS"; then - log info "executing command: umount -l $mountpoint" - umount -l "$mountpoint" + in_list "$fstype" "$FILESYSTEMS"; then + log info "executing command: umount -l $mountpoint" + umount -l "$mountpoint" - # Run hook scripts; ignore errors. - export UM_DEVICE="$DEVNAME" - export UM_MOUNTPOINT="$mountpoint" - export UM_FILESYSTEM="$fstype" - log info "executing command: run-parts /etc/usbmount/umount.d" - run-parts /etc/usbmount/umount.d || : - fi - break - fi + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + log info "executing command: run-parts /etc/usbmount/umount.d" + run-parts /etc/usbmount/umount.d || : + fi + break + fi done < /proc/mounts else log err "unexpected: action '$1'" From f52b3908218f38e2b4b62d05e7ececb74c133eda Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Sat, 15 Feb 2025 18:36:28 +0000 Subject: [PATCH 1168/1184] usb_lib/tasks/main.yml: updating USB_LIB description to be more clear about the two-way information/data exchange between teachers and students --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 4d2710874..0c4e3c1c4 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -77,7 +77,7 @@ - option: name value: USB_LIB - option: description - value: '"USB_LIB automounts Teacher Content on USB sticks to /library/www/html/local_content, so students can browse the USB AND upload their work to the USB, all at http://box/usb"' + value: '"USB_LIB (1) automounts teacher content on USB sticks to /library/www/html/local_content, so students can browse the USB; AND (2) allows students to upload their work to USB sticks / drives, all from http://box/usb"' - option: usb_lib_install value: "{{ usb_lib_install }}" - option: usb_lib_enabled From e80b912eeab2c0173f16e6f85229ccc73b4990af Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Feb 2025 15:12:20 -0500 Subject: [PATCH 1169/1184] usb_lib/tasks/main.yml: Tiny comment update RE: iiab.conf.j2 --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 0c4e3c1c4..ee4bd18ea 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -1,7 +1,7 @@ # TO DO: (2020-02-13) # - Look at analogous NGINX logic for http://box/usb in # nginx/templates/iiab.conf.j2 and make that visually meaningful for teachers: -# https://github.com/iiab/iiab/blob/master/roles/nginx/templates/iiab.conf.j2#L5-L8 +# https://github.com/iiab/iiab/blob/master/roles/nginx/templates/iiab.conf.j2#L5-L9 # "How do i fail a task in Ansible if the variable contains a boolean value? From 66a35ee9508925ac11bf3aa0b47ebb2a3811d165 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Feb 2025 02:42:17 -0600 Subject: [PATCH 1170/1184] jupyterhub drop --system-site-packages --- roles/jupyterhub/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 4e23f9ccc..d4d9d99e8 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -51,7 +51,8 @@ - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 + #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --prefer-binary" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 @@ -68,7 +69,8 @@ - ipywidgets virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 + #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" From 2ef96ad0ff6601d80d16c3da494d690e5fc2517f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Feb 2025 02:49:09 -0600 Subject: [PATCH 1171/1184] jupyterhub drop python3-psutil --- roles/jupyterhub/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d4d9d99e8..d55fdf696 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -17,11 +17,11 @@ shell: df -B1 --output=used / | tail -1 register: df1 - -- name: "Install package: python3-psutil" - package: - name: python3-psutil - state: present +# 2025-02-16 +#- name: "Install package: python3-psutil" +# package: +# name: python3-psutil +# state: present - name: Remove previous virtual environment {{ jupyterhub_venv }} file: From bbdd45365d1c457f709e30bbac47f397b3f809a1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Feb 2025 12:36:27 -0600 Subject: [PATCH 1172/1184] update ansible.cfg for use with python3.13 --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index 4030a931e..deb5328ed 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -5,4 +5,4 @@ # Disallowed by Ansible 2.11+ -- see https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.7.html#using-a-loop-on-a-package-module-via-squash-actions #squash_actions = apk, apt, dnf, homebrew, openbsd_pkg, pacman, pkgng, yum, zypper, package [defaults] -interpreter_python=/usr/bin/python3 +interpreter_python=/usr/local/ansible/bin/python3 From f16bd2a6b5674027f9262a100a639cccc2aed5d9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 16 Feb 2025 15:02:50 -0500 Subject: [PATCH 1173/1184] jupyterhub/tasks/install.yml touchup: Comment out `virtualenv_site_packages: no` as tested on PR #3948 --- roles/jupyterhub/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d55fdf696..b6f6c4c83 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -50,7 +50,7 @@ - wheel - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) @@ -68,7 +68,7 @@ - jupyterhub-systemdspawner - ipywidgets virtualenv: "{{ jupyterhub_venv }}" - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 From d1dd071c814f560e5bee73784a2b45e7c893372f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 16 Feb 2025 22:02:54 -0500 Subject: [PATCH 1174/1184] jupyterhub/tasks/install.yml: Mention disk footprint is ~316 MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index b6f6c4c83..57a503014 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -43,7 +43,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~326 MB total, after 2 Ansible calls)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~316 MB total, after 2 Ansible calls)" pip: name: - pip From 957a89d67ca182ce0c2660b0ce14d8aa32527a1d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 17 Feb 2025 01:59:15 -0500 Subject: [PATCH 1175/1184] pip install {pymysql,psycopg,passlib} to Ansible venv, on demand --- roles/munin/tasks/install.yml | 10 ++++++++-- roles/mysql/tasks/install.yml | 10 ++++++++-- roles/postgresql/tasks/install.yml | 10 ++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 3895b7bf9..89fe254cf 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -9,7 +9,7 @@ name: net.ipv6.conf.all.disable_ipv6 value: 0 -- name: "Install 5 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra, python3-passlib" +- name: "Install 4 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra" package: name: #- libapache2-mod-fcgid @@ -17,9 +17,15 @@ - munin - munin-node - munin-plugins-extra - - python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below + #- python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below state: present +- name: pip install 'passlib' into venv /usr/local/ansible -- for Ansible module 'htpasswd' in Ansible collection community.general -- used just below + pip: + name: passlib + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + # SEE ALSO roles/network/tasks/install.yml - name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 sysctl: diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 87bcd9c1a..5bcfbb9bd 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -3,16 +3,22 @@ register: df1 -- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql, python3-pymysql' +- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql' package: name: - mariadb-server - mariadb-client #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx.yml, wordpress/tasks/install.yml - - python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} + #- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} state: present +- name: pip install 'pymysql' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} + pip: + name: pymysql + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + # 2020-07-11: 10 PHP package installs moved to roles/www_base/tasks/main.yml # php{{ php_version }}-sqlite3 install moved to roles/osm-vector-maps/tasks/install.yml diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index f07cf943d..04c6c41d2 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -3,14 +3,20 @@ register: df1 -- name: 'Install packages: postgresql, postgresql-client, python3-psycopg2' +- name: 'Install packages: postgresql, postgresql-client' package: name: - postgresql - postgresql-client - - python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml + #- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present +- name: pip install 'psycopg' into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml + pip: + name: psycopg + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + - name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s) shell: pg_config --version | sed 's/^[^0-9]*//; s/[^0-9].*//' register: pg_config_version From 36e43227752d9d013a6f2a04f36dee2fe9d27ff3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Feb 2025 03:56:40 -0500 Subject: [PATCH 1176/1184] mysql/tasks/install.yml: Respect original typography 'PyMySQL' --- roles/mysql/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 5bcfbb9bd..1b8a04388 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -13,9 +13,9 @@ #- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} state: present -- name: pip install 'pymysql' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} +- name: pip install 'PyMySQL' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} pip: - name: pymysql + name: PyMySQL virtualenv: /usr/local/ansible extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 From 96324233d8b33afcf03ef93b219d755472113f29 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Feb 2025 04:21:44 -0500 Subject: [PATCH 1177/1184] Clarify PR #3950: 'pip install psycopg' is NEW "Psycopg 3" for PostgreSQL --- roles/postgresql/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 04c6c41d2..ce14600c5 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -11,7 +11,7 @@ #- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present -- name: pip install 'psycopg' into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml +- name: pip install 'psycopg' (NEW Psycopg 3) into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml pip: name: psycopg virtualenv: /usr/local/ansible From 1308fb86708c00b4f7ac49c24e8cd1f515dfc4dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 19 Feb 2025 15:21:00 -0500 Subject: [PATCH 1178/1184] Update Nextcloud 30.0.6 disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index d0588aac9..2fae98551 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~180 MB) to {{ nextcloud_root_dir }} (~687 MB initially, sometimes ~721 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~183 MB) to {{ nextcloud_root_dir }} (~707 MB initially, sometimes ~741 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 6d5fcdbcc288c68da89821441253393f869ed0aa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 24 Feb 2025 18:25:07 -0600 Subject: [PATCH 1179/1184] Recommend ansible-core 2.18.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index c5ab3e074..22c8cbacd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.2] -GOOD_VER=2.18.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.3] +GOOD_VER=2.18.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 89b1487dc2849dd70fd01e7bf68067a4c777e5e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 27 Feb 2025 15:40:39 -0500 Subject: [PATCH 1180/1184] Update Nextcloud 31.0.0 disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 2fae98551..37429ea0e 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~183 MB) to {{ nextcloud_root_dir }} (~707 MB initially, sometimes ~741 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~216 MB) to {{ nextcloud_root_dir }} (~844 MB initially, sometimes ~878 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 2461a8fde39fcf4d399f40c6ef342d34d0ceb6c4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Mar 2025 11:41:34 -0500 Subject: [PATCH 1181/1184] iiab-diagnostics: Also record /etc/locale.conf --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 51a7d6797..383f714e9 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -173,7 +173,8 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image -cat_file /etc/default/locale +cat_file /etc/default/locale 'e.g. on Debian 12' +cat_file /etc/locale.conf 'e.g. on Debian 13' cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env From ac12c6db0b2da14247bde6d2859a4ca6347b73d0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Mar 2025 11:42:37 -0500 Subject: [PATCH 1182/1184] iiab-diagnostics.README.md: Update line number --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index d11c13720..7c064b757 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-272 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-273 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From cb42942699f2b4cfe6485ea5a0bbc8c853abd412 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Mar 2025 11:46:21 -0500 Subject: [PATCH 1183/1184] iiab-diagnostics: Clarify that Ubuntu too uses /etc/locale.conf --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 383f714e9..ae7376648 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -174,7 +174,7 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image cat_file /etc/default/locale 'e.g. on Debian 12' -cat_file /etc/locale.conf 'e.g. on Debian 13' +cat_file /etc/locale.conf 'e.g. on Debian 13+ and Ubuntu' cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env From 96ddd6620d8601c54d0d729c7d07c9725b2442d0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Mar 2025 11:51:09 -0500 Subject: [PATCH 1184/1184] iiab-diagnostics: Fix comments --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ae7376648..193ba4fc7 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -173,13 +173,13 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image -cat_file /etc/default/locale 'e.g. on Debian 12' -cat_file /etc/locale.conf 'e.g. on Debian 13+ and Ubuntu' +cat_file /etc/default/locale # e.g. on Debian 12 +cat_file /etc/locale.conf # e.g. on Debian 13+ and Ubuntu cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini -cat_file /etc/iiab/local_vars.yml # Redacts most passwords above +cat_file /etc/iiab/local_vars.yml # Redacts most passwords above cat_file /etc/iiab/iiab_state.yml cat_file /etc/resolv.conf cat_file /etc/network/interfaces