From cb38c04cb54fe38f2a8b8c329b2886ddcfae96ad Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Mar 2022 20:07:59 -0400 Subject: [PATCH 001/937] Remove 500M restriction on file uploads. Use 10G instead. --- roles/moodle/templates/moodle-nginx.conf.j2 | 2 +- .../nextcloud/templates/nextcloud-nginx.conf.j2 | 2 +- roles/nginx/templates/server.conf.j2 | 6 +++--- roles/www_options/tasks/main.yml | 16 ++++++++-------- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 135096c5b..f6077f50c 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -29,7 +29,7 @@ location ~ ^/moodle(.*)\.php(.*)$ { # Uncomment to override /etc/php//fpm/php.ini -- FYI Stage 4's # roles/www_options/tasks/main.yml FORCES these same settings and more # (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True' - #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; + #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=10000M\n post_max_size=10000M\n max_input_vars=5000"; } location ~ ^/moodle { diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 index a1d1a53b3..ab726c69d 100644 --- a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 +++ b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 @@ -59,7 +59,7 @@ location ^~ {{ nextcloud_url }} { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10000M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..5cb5cffd7 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -8,13 +8,13 @@ server { index index.php index.html index.htm; # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. - # So IIAB sets this to 500M, roughly aligning with similar settings... - # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: + # So IIAB sets this to 10000M, roughly aligning with similar settings... + # 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in: # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 # 2. 'client_max_body_size 512M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 - client_max_body_size 500M; + client_max_body_size 10000M; # let individual services drop location blocks in conf.d include {{ nginx_conf_dir }}/*; diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b2c1afbc5..03c1a11db 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -57,7 +57,7 @@ # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -71,7 +71,7 @@ - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -97,28 +97,28 @@ # regular operation it uses: .../fpm/php.ini # And in the past it used: .../apache2/php.ini - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 50a976851..2622aa833 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -323,7 +323,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index ca5870c64..a97d24d2b 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 03dfaeffd..8334247a3 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 9d547b31a..6d32bc85b 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 9b2c2a2ac..b4413c8c9 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False From 9c0e24ac5c6b4c01f23020786fcd24010a27c182 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Mar 2022 20:13:52 -0400 Subject: [PATCH 002/937] nginx/templates/server.conf.j2: Clarify nextcloud-nginx.conf.j2 --- roles/nginx/templates/server.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 5cb5cffd7..13cbefcd4 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -12,7 +12,7 @@ server { # 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in: # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 - # 2. 'client_max_body_size 512M;' is set in: + # 2. 'client_max_body_size 10000M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 client_max_body_size 10000M; From 9b6681b4d05ca0f961b9a8897a9c03229aa8bd65 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Jan 2023 01:39:44 -0500 Subject: [PATCH 003/937] Pre-release version number 'iiab_base_ver: 8.1' --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9236e0899..f452accb8 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.0 +iiab_base_ver: 8.1 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From db489402d96cb24e28bb2a616522074d903e628d Mon Sep 17 00:00:00 2001 From: root Date: Wed, 4 Jan 2023 08:47:20 -0500 Subject: [PATCH 004/937] Travis CI: git mv tests tests.unused --- {tests => tests.unused}/inventory | 0 {tests => tests.unused}/test.yml | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {tests => tests.unused}/inventory (100%) rename {tests => tests.unused}/test.yml (100%) diff --git a/tests/inventory b/tests.unused/inventory similarity index 100% rename from tests/inventory rename to tests.unused/inventory diff --git a/tests/test.yml b/tests.unused/test.yml similarity index 100% rename from tests/test.yml rename to tests.unused/test.yml From 305af9a9bbca98e188c29a42ca1633e45d90b95d Mon Sep 17 00:00:00 2001 From: root Date: Wed, 4 Jan 2023 09:04:51 -0500 Subject: [PATCH 005/937] Enable Lokole during MEDIUM/LARGE IIAB installs --- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f452accb8..122128278 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -420,8 +420,8 @@ jupyterhub_venv: /opt/iiab/jupyterhub jupyterhub_port: 8000 # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False -lokole_enabled: False +lokole_install: False # 2022-03-13: Python 3.9+ work +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' # Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 lokole_sim_type: LocalOnly diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 3f6371a41..1a301ed60 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -242,8 +242,8 @@ jupyterhub_install: True jupyterhub_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False # 2022-03-13: Needs work with Python 3.9+ -lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 +lokole_install: True # 2022-03-13: Python 3.9+ work +lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 7be767773..e8d8b1f5e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -242,8 +242,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False # 2022-03-13: Needs work with Python 3.9+ -lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 +lokole_install: True # 2022-03-13: Python 3.9+ work +lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index aa084cf88..aef176b4e 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -242,7 +242,7 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False # 2022-03-13: Needs work with Python 3.9+ +lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index b26a793b7..533c5657d 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -242,8 +242,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False -lokole_enabled: False +lokole_install: False # 2022-03-13: Python 3.9+ work +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False From 06ea7a914665e2cf25105d313c2f88ee021d56d5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Jan 2023 10:15:09 -0500 Subject: [PATCH 006/937] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index caf8b425b..8b4a07b84 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW
[github.com/iiab/iiab/wiki/IIAB-Contributors-Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide) +# SEE THE NEW
[github.com/iiab/iiab/wiki/Technical-Contributors-Guide](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) # THANKS! From a94bc0e070543fe190e70931bb27910de6e2084b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 2 Jan 2023 00:13:35 -0600 Subject: [PATCH 007/937] revert to using pip for ansible on 32bit RaspOS --- scripts/ansible | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2766aec7b..1591eb275 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -129,8 +129,8 @@ fi ### > /etc/apt/sources.list.d/iiab-ansible.list # 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) -echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ - > /etc/apt/sources.list.d/iiab-ansible.list +#echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ +# > /etc/apt/sources.list.d/iiab-ansible.list # In future we might instead consider 'add-apt-repository ppa:ansible/ansible' # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined @@ -152,7 +152,7 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg # 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) -cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg +#cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg ###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' ###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" @@ -188,8 +188,13 @@ if uname -m | grep -q 64; then echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 else - echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" - $APT_PATH/apt -y --allow-downgrades install ansible-core +# echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" +# $APT_PATH/apt -y --allow-downgrades install ansible-core + pip3 config --global set global.no-cache-dir false + echo -e "\n\n'pip3 install cryptography==37.0.4' will now run:\n" + pip3 install cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org + echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" + pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 fi # (Re)running collection installs appears safe, with --force-with-deps to force From 08ade5cd1e7b4e6429fec3fd7fc1080decd3e3ac Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 7 Jan 2023 07:42:17 -0500 Subject: [PATCH 008/937] Update matomo-nginx.conf.j2 Fix security problems noted in https://github.com/iiab/iiab/issues/3441. --- roles/matomo/templates/matomo-nginx.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 index 0a7b91609..8ec494bc0 100644 --- a/roles/matomo/templates/matomo-nginx.conf.j2 +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -10,6 +10,7 @@ location ~ ^/matomo(.*)\.php(.*)$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $2; + location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; } } location ~ ^/matomo(/)? { From ccaa118dadb03cb784562981e37bf63a5dbc0583 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 7 Jan 2023 08:27:56 -0500 Subject: [PATCH 009/937] Update matomo-nginx.conf.j2 Move file to higher precedence to handle non-php files as well. --- roles/matomo/templates/matomo-nginx.conf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 index 8ec494bc0..a5fdce030 100644 --- a/roles/matomo/templates/matomo-nginx.conf.j2 +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -1,3 +1,5 @@ +location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; } + location ~ ^/matomo(.*)\.php(.*)$ { alias /library/www/matomo$1.php$2; # /library/www/matomo proxy_set_header X-Real-IP $remote_addr; @@ -10,7 +12,6 @@ location ~ ^/matomo(.*)\.php(.*)$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $2; - location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; } } location ~ ^/matomo(/)? { From badf12ec284b052ac7d0f1b39fb079b936a0bc7f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 7 Jan 2023 16:39:35 -0500 Subject: [PATCH 010/937] Update README.md --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 64b577547..cf71d76e3 100644 --- a/README.md +++ b/README.md @@ -9,14 +9,14 @@ You can build your own tiny, affordable server (an offline digital library) for Internet-in-a-Box gives you the DIY tools to: 1. Download then drag-and-drop to arrange the [very best of the World’s Free Knowledge](https://internet-in-a-box.org/#quality-content). -2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). +2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). 3. Exchange local/indigenous knowledge with nearby communities, using our [Manage Content](https://github.com/iiab/iiab-admin-console/blob/master/roles/console/files/help/InstContent.rst#manage-content) interface and possible mesh networking. -FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support.3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* +FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* ## Installation -Install Internet-in-a-Box (IIAB) from [download.iiab.io](https://download.iiab.io/) +Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: @@ -29,7 +29,7 @@ See our [Tech Docs Wiki](https://github.com/iiab/iiab/wiki) for more about the u After you've installed the software, you should [add content](https://github.com/iiab/iiab/wiki/IIAB-Installation#add-content), which can of course take time when downloading multi-gigabyte Content Packs! -Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab.io/go/FAQ#How_do_I_customize_my_Internet-in-a-Box_home_page.3F) (typically http://box or http://box.lan) using our **drag-and-drop** Admin Console (http://box.lan/admin) — to arrange Content Packs and IIAB Apps (services) for your local community's needs. +Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab.io/go/FAQ#How_do_I_customize_my_Internet-in-a-Box_home_page%3F) (typically http://box or http://box.lan) using our **drag-and-drop** Admin Console (http://box.lan/admin) — to arrange Content Packs and IIAB Apps (services) for your local community's needs. ## Community @@ -37,12 +37,12 @@ Global community updates and videos are regularly posted to: **[@internet_in_box _Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over ["How can I help?"](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists.3F)" -FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) to install, deploy, configure and manage the various software components. +To learn more about our open community architecture for "offline" learning, check out ["What technical documentation exists?"](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists%3F) +FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use%3F) to install, deploy, configure and manage the various software components. *Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* From 0c93392146e11c2ef975e0f3a6e66acdb4b33a57 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 8 Jan 2023 10:59:45 -0500 Subject: [PATCH 011/937] scripts/ansible: Update explanatory URL --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1591eb275..26e12ac83 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -4,7 +4,7 @@ # https://stackoverflow.com/questions/9952177/whats-the-meaning-of-the-parameter-e-for-bash-shell-command-line/9952249 # PLZ SEE http://FAQ.IIAB.IO > "What is Ansible and what version should I use?" -# https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible +# https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.1] From 31bd87cd1c9f0e1654c6f57fc84ea49915480897 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 18:58:34 -0500 Subject: [PATCH 012/937] http://box/info/admin-console offline docs --- roles/nginx/templates/server.conf.j2 | 4 ++ .../templates/iiab-refresh-wiki-docs.sh | 69 +++++++++++-------- 2 files changed, 44 insertions(+), 29 deletions(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..3f69c3a74 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -7,6 +7,10 @@ server { index index.php index.html index.htm; + location /info { + autoindex on; # Directory listing for http://box/info/admin-console/ + } + # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 500M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 5cc9b3f54..833910d2c 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -15,23 +15,32 @@ INPUT=/tmp/iiab-wiki OUTPUT=/tmp/iiab-wiki.out DESTPATH={{ doc_root }}/info # /library/www/html/info DOCSPATH=$DESTPATH/docs # /library/www/html/info/docs +ADMINCONSOLEPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console +# Note 1: sed (below) shortens URLs to 'admin-console' +# Note 2: Depends on "autoindex on;" in roles/nginx/templates/server.conf.j2 rm -rf $INPUT rm -rf $OUTPUT mkdir -p $INPUT mkdir -p $OUTPUT mkdir -p $DOCSPATH +mkdir -p $ADMINCONSOLEPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT - for f in `ls $INPUT`; do FTRIMMED=${f%.md} if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html done - rsync -av $OUTPUT/ $DESTPATH +cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH +for f in `ls $ADMINCONSOLEPATH`; do + FTRIMMED=${f%.md} + pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html + rm $ADMINCONSOLEPATH/$f +done + # Download FAQ etc lynx -reload -source https://wiki.iiab.io/go/FAQ > $DESTPATH/FAQ.html lynx -reload -source https://wiki.iiab.io/go/Security > $DESTPATH/Security.html @@ -54,42 +63,44 @@ cp -p "{{ iiab_dir }}/roles/lokole/Lokole-IIAB_Users_Manual.pdf" $DOCSPATH # # MAKE LINKS REFER TO LOCAL ITEMS... # ...on main page (http://box/info) -sed -i -r "s|https://magazines-attachments.raspberrypi.org/books/full_pdfs/000/000/038/original/BeginnersGuide-4thEd-Eng_v2.pdf|docs/BeginnersGuide-4thEd-Eng_v2.pdf|g" $DESTPATH/index.html -sed -i -r "s|https://.*archive.org/15/items/other_doc/other_doc.pdf|docs/Raspberry_Pi_User_Guide_v4.pdf|g" $DESTPATH/index.html -sed -i -r "s|https://github.com/iiab/iiab/blob/master/roles/lokole/Lokole-IIAB_Users_Manual.pdf|docs/Lokole-IIAB_Users_Manual.pdf|g" $DESTPATH/index.html +sed -i "s|https://magazines-attachments.raspberrypi.org/books/full_pdfs/000/000/038/original/BeginnersGuide-4thEd-Eng_v2.pdf|docs/BeginnersGuide-4thEd-Eng_v2.pdf|g" $DESTPATH/index.html +sed -i "s|https://.*archive.org/15/items/other_doc/other_doc.pdf|docs/Raspberry_Pi_User_Guide_v4.pdf|g" $DESTPATH/index.html +sed -i "s|https://github.com/iiab/iiab/blob/master/roles/lokole/Lokole-IIAB_Users_Manual.pdf|docs/Lokole-IIAB_Users_Manual.pdf|g" $DESTPATH/index.html -# ...and within subpages +# ...and within main subpages for f in $DESTPATH/*.html; do sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.A-Za-z0-9]*)|\1.html|g" $f - sed -i -e "s|https://github.com/xsce/xsce/blob/release-6.2/\(.*\)\.md\">|\1.html\">|g" $f - sed -i -e "s|https://github.com/xsce/xsce/wiki/\(.*\)\">|\1.html\">|g" $f + sed -i "s|https://github.com/iiab/iiab-admin-console/tree/master/docs|admin-console|g" $f - sed -i -e "s|https://wiki.iiab.io/go/FAQ|FAQ.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/FAQ|FAQ.html|g" $f - sed -i -e "s|/go/IIAB/FAQ|FAQ.html|g" $f - sed -i -e "s|http://wiki.iiab.io/FAQ|FAQ.html|g" $f - sed -i -e "s|http://FAQ.IIAB.IO|FAQ.html|g" $f - sed -i -e "s|http://faq.iiab.io|FAQ.html|g" $f - sed -i -e "s|http://schoolserver.org/FAQ|FAQ.html|g" $f - sed -i -e "s|http://schoolserver.org/faq|FAQ.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|FAQ.html|g" $f + sed -i "s|https://github.com/xsce/xsce/blob/release-6.2/\(.*\)\.md\">|\1.html\">|g" $f + sed -i "s|https://github.com/xsce/xsce/wiki/\(.*\)\">|\1.html\">|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/Security|Security.html|g" $f - sed -i -e "s|/go/IIAB/Security|Security.html|g" $f - sed -i -e "s|http://wiki.iiab.io/Security|Security.html|g" $f + sed -i "s|https://wiki.iiab.io/go/FAQ|FAQ.html|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/FAQ|FAQ.html|g" $f + sed -i "s|/go/IIAB/FAQ|FAQ.html|g" $f + sed -i "s|http://wiki.iiab.io/FAQ|FAQ.html|g" $f + sed -i "s|http://FAQ.IIAB.IO|FAQ.html|g" $f + sed -i "s|http://faq.iiab.io|FAQ.html|g" $f + #sed -i "s|http://schoolserver.org/FAQ|FAQ.html|g" $f + #sed -i "s|http://schoolserver.org/faq|FAQ.html|g" $f + #sed -i "s|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|FAQ.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars.yml|local_vars.yml|g" $f - sed -i -e "s|/go/IIAB/local_vars.yml|local_vars.yml|g" $f - sed -i -e "s|http://wiki.iiab.io/local_vars.yml|local_vars.yml|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/Security|Security.html|g" $f + sed -i "s|/go/IIAB/Security|Security.html|g" $f + sed -i "s|http://wiki.iiab.io/Security|Security.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f - sed -i -e "s|/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f - sed -i -e "s|http://wiki.iiab.io/local_vars_min.yml|local_vars_min.yml|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/local_vars.yml|local_vars.yml|g" $f + sed -i "s|/go/IIAB/local_vars.yml|local_vars.yml|g" $f + sed -i "s|https://wiki.iiab.io/local_vars.yml|local_vars.yml|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f - sed -i -e "s|/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f - sed -i -e "s|http://wiki.iiab.io/local_vars_big.yml|local_vars_big.yml|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f + #sed -i "s|/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f + #sed -i "s|http://wiki.iiab.io/local_vars_min.yml|local_vars_min.yml|g" $f + + #sed -i "s|http://wiki.laptop.org/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f + #sed -i "s|/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f + #sed -i "s|http://wiki.iiab.io/local_vars_big.yml|local_vars_big.yml|g" $f done exit 0 From 65cb09c67b424d28aab56547eb6b334cbf1ecfa1 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 19:10:35 -0500 Subject: [PATCH 013/937] iiab-refresh-wiki-docs also needs to run w/o Admin Console --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 833910d2c..b297f7a6c 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -34,12 +34,14 @@ for f in `ls $INPUT`; do done rsync -av $OUTPUT/ $DESTPATH -cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH -for f in `ls $ADMINCONSOLEPATH`; do - FTRIMMED=${f%.md} - pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html - rm $ADMINCONSOLEPATH/$f -done +if [ -d /opt/iiab/iiab-admin-console/docs ]; then + cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH + for f in `ls $ADMINCONSOLEPATH`; do + FTRIMMED=${f%.md} + pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html + rm $ADMINCONSOLEPATH/$f + done +fi # Download FAQ etc lynx -reload -source https://wiki.iiab.io/go/FAQ > $DESTPATH/FAQ.html From 1b2930c52d8590dae3eb09c457e5d828fb5222e1 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 19:18:01 -0500 Subject: [PATCH 014/937] 'cp -r' was overkill: 'cp /opt/iiab/iiab-admin-console/docs/*' suffices --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index b297f7a6c..c303b89f7 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -35,7 +35,7 @@ done rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then - cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH + cp /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH for f in `ls $ADMINCONSOLEPATH`; do FTRIMMED=${f%.md} pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html From 0ac162fdc6f1b0b25f64a5391c7b3f14aa3c5324 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 19:42:19 -0500 Subject: [PATCH 015/937] 'fancyindex on;' in nginx/templates/iiab.conf.j2 instead + box/info resiliency --- roles/nginx/templates/iiab.conf.j2 | 4 ++++ roles/nginx/templates/server.conf.j2 | 4 ---- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index b66f69cfa..c45c58ae8 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -11,6 +11,10 @@ location /local_content/ { fancyindex on; # autoindex on; } +location /info { + fancyindex on; # Directory listing for http://box/info/admin-console/ +} + location /modules/ { fancyindex on; # Enable fancy indexes. fancyindex_exact_size off; # Output human-readable file sizes. diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 3f69c3a74..84413f4e7 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -7,10 +7,6 @@ server { index index.php index.html index.htm; - location /info { - autoindex on; # Directory listing for http://box/info/admin-console/ - } - # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 500M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index c303b89f7..154fbe9dc 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -17,7 +17,7 @@ DESTPATH={{ doc_root }}/info # /library/www/html/info DOCSPATH=$DESTPATH/docs # /library/www/html/info/docs ADMINCONSOLEPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console # Note 1: sed (below) shortens URLs to 'admin-console' -# Note 2: Depends on "autoindex on;" in roles/nginx/templates/server.conf.j2 +# Note 2: Depends on "fancyindex on;" in roles/nginx/templates/iiab.conf.j2 rm -rf $INPUT rm -rf $OUTPUT @@ -36,10 +36,10 @@ rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then cp /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH - for f in `ls $ADMINCONSOLEPATH`; do + for f in `ls $ADMINCONSOLEPATH/*.md`; do FTRIMMED=${f%.md} - pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html - rm $ADMINCONSOLEPATH/$f + pandoc -s $f -o $FTRIMMED.html + rm $f done fi From 0ff334eeda24702de668fc6bbdbb475e5b8c4883 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 19:52:34 -0500 Subject: [PATCH 016/937] Safer: 'cp /opt/iiab/iiab-admin-console/docs/*.md ...' --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 154fbe9dc..647e985d2 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -27,7 +27,7 @@ mkdir -p $DOCSPATH mkdir -p $ADMINCONSOLEPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT -for f in `ls $INPUT`; do +for f in `ls $INPUT`; do # Unlike below, $f does NOT include path FTRIMMED=${f%.md} if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html @@ -35,8 +35,8 @@ done rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then - cp /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH - for f in `ls $ADMINCONSOLEPATH/*.md`; do + cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINCONSOLEPATH + for f in `ls $ADMINCONSOLEPATH/*.md`; do # Unlike above, $f INCLUDES path FTRIMMED=${f%.md} pandoc -s $f -o $FTRIMMED.html rm $f From 64cd4a40a7be0d384fd433d2f93a1341dcab8d92 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 19:57:43 -0500 Subject: [PATCH 017/937] 'fancyindex_exact_size off;' human-readable for box/info --- roles/nginx/templates/iiab.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index c45c58ae8..df2fc6a94 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -13,6 +13,7 @@ location /local_content/ { location /info { fancyindex on; # Directory listing for http://box/info/admin-console/ + fancyindex_exact_size off; # Output human-readable file sizes. } location /modules/ { From d5fd98b08e18ebd067e1238dd614a5dd4411aeea Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 10 Jan 2023 23:27:21 -0500 Subject: [PATCH 018/937] Update iiab-refresh-wiki-docs.sh --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 647e985d2..134c51c71 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -27,7 +27,7 @@ mkdir -p $DOCSPATH mkdir -p $ADMINCONSOLEPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT -for f in `ls $INPUT`; do # Unlike below, $f does NOT include path +for f in `ls $INPUT`; do # Unlike further below, $f does NOT include path FTRIMMED=${f%.md} if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html @@ -36,7 +36,7 @@ rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINCONSOLEPATH - for f in `ls $ADMINCONSOLEPATH/*.md`; do # Unlike above, $f INCLUDES path + for f in $ADMINCONSOLEPATH/*.md; do # Unlike above, $f INCLUDES path FTRIMMED=${f%.md} pandoc -s $f -o $FTRIMMED.html rm $f From e34d84f712ba681b587684ea8543e9324e5e5a25 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 11 Jan 2023 09:57:04 -0500 Subject: [PATCH 019/937] Scrape RPi Image docs using ~ not : (and recurse into subdirs) --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 134c51c71..ac03b44bf 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -69,9 +69,10 @@ sed -i "s|https://magazines-attachments.raspberrypi.org/books/full_pdfs/000/000/ sed -i "s|https://.*archive.org/15/items/other_doc/other_doc.pdf|docs/Raspberry_Pi_User_Guide_v4.pdf|g" $DESTPATH/index.html sed -i "s|https://github.com/iiab/iiab/blob/master/roles/lokole/Lokole-IIAB_Users_Manual.pdf|docs/Lokole-IIAB_Users_Manual.pdf|g" $DESTPATH/index.html -# ...and within main subpages -for f in $DESTPATH/*.html; do - sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.A-Za-z0-9]*)|\1.html|g" $f +# ...and within subpages +for f in $(find $DESTPATH -name "*.html"); do # Recursive (even if not yet nec, as of 2023-01-11) +#for f in $DESTPATH/*.html; do # Non-recursive (omits subdirs) + sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.~A-Za-z0-9]*)|\1.html|g" $f sed -i "s|https://github.com/iiab/iiab-admin-console/tree/master/docs|admin-console|g" $f From 98cff07ca3a86d237cba6204bdbd540ccde49e2f Mon Sep 17 00:00:00 2001 From: root Date: Wed, 11 Jan 2023 10:26:57 -0500 Subject: [PATCH 020/937] Rename $ADMINCONSOLEPATH to $ADMINDOCSPATH --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index ac03b44bf..9ff61e654 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -15,7 +15,7 @@ INPUT=/tmp/iiab-wiki OUTPUT=/tmp/iiab-wiki.out DESTPATH={{ doc_root }}/info # /library/www/html/info DOCSPATH=$DESTPATH/docs # /library/www/html/info/docs -ADMINCONSOLEPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console +ADMINDOCSPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console # Note 1: sed (below) shortens URLs to 'admin-console' # Note 2: Depends on "fancyindex on;" in roles/nginx/templates/iiab.conf.j2 @@ -24,7 +24,7 @@ rm -rf $OUTPUT mkdir -p $INPUT mkdir -p $OUTPUT mkdir -p $DOCSPATH -mkdir -p $ADMINCONSOLEPATH +mkdir -p $ADMINDOCSPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT for f in `ls $INPUT`; do # Unlike further below, $f does NOT include path @@ -35,8 +35,8 @@ done rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then - cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINCONSOLEPATH - for f in $ADMINCONSOLEPATH/*.md; do # Unlike above, $f INCLUDES path + cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINDOCSPATH + for f in $ADMINDOCSPATH/*.md; do # Unlike above, $f INCLUDES path FTRIMMED=${f%.md} pandoc -s $f -o $FTRIMMED.html rm $f From 5f7b8cc34ff79268e8efde6c5a1150b9aa9dbfa0 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 11 Jan 2023 14:15:00 -0500 Subject: [PATCH 021/937] iiab-diagnostics: Highlight /etc/iiab/install-flags sequence --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 7361e5621..f1990d25d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -145,6 +145,7 @@ if [ -s /tmp/iiab-apps-to-be-installed ]; then cat /tmp/iiab-apps-to-be-installed >> $outfile echo >> $outfile fi +cat_cmd 'ls -ltr /etc/iiab/install-flags' 'IIAB install flags' echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile From e65b03b70ad63fcffb0f0e82a2835ec9f66d6869 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 Jan 2023 14:27:40 -0500 Subject: [PATCH 022/937] Update iiab-diagnostics.README.md per PR #3462 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index be341bb4f..a6d8a3f9e 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-245 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 0f614f1be34b0cf7ff751f8c7131850011e153b7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 12 Jan 2023 08:33:44 -0500 Subject: [PATCH 023/937] mediawiki/defaults/main.yml: Version 1.39.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 68a13ca74..21fd715e1 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 6d2725f63b03c971d97de132b937d38ca4247a4a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 13 Jan 2023 11:01:32 -0500 Subject: [PATCH 024/937] internetarchive/tasks/install.yml: Enforce Node.js <= 19.x --- roles/internetarchive/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 4ed845706..0427f816c 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 18.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 19.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('18.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 18.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('19.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 19.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" From 7b097908a9946ce3a1db76299ffc012b8e5c3d78 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 Jan 2023 21:56:46 -0500 Subject: [PATCH 025/937] Try to avoid libssl1.1, now that MongoDB can use libssl3 --- roles/mongodb/tasks/install.yml | 109 ++++++++++++++++++-------------- 1 file changed, 61 insertions(+), 48 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 54b93c71e..cb249f1bd 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -78,7 +78,8 @@ - block: - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} - shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg + #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - #args: # warn: no @@ -87,28 +88,36 @@ # Supported parameters include: removes, strip_empty_ends, _raw_params, # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." - # 2022-10-23: MongoDB only allows auto-install of Debian's x86_64, AND IN ANY - # CASE all their MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON - # ARM v8-A RPi 4, LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. - # -> CAN THIS ENTIRE STANZA BE *DELETED* -- ALWAYS USING UBUNTU REPO BELOW ? - - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }} + # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their + # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. + # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? + - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as # this was recently added to https://repo.mongodb.org/apt/debian/dists/ - repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main + #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main #filename: mongodb-org - when: is_debian and ansible_architecture == "x86_64" + when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" + #when: is_debian and ansible_architecture == "x86_64" - # 2022-10-23: RasPiOS Bullseye *MAY* FAIL when 'focal' changed to 'jammy' ? - - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} + # 2022-01-19: 64-bit RasPiOS likely not supported for now, as MongoDB 6.0's + # ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, JUST LIKE THEIR + # MongoDB 5.0 (tested 2022-06-07 ~120 lines below). + - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse + repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse + #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse #filename: mongodb-org - when: not (is_debian and ansible_architecture == "x86_64") + when: not (is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64") + #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') + #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') + #when: not (is_debian and ansible_architecture == "x86_64") # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS @@ -121,48 +130,52 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - apt_repository: - repo: deb http://security.ubuntu.com/ubuntu focal-security main - #filename: focal-security # If filename focal-security.list is preferred - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + # 2023-01-19: libssl1.1 not longer nec on Ubuntu 22.04+ (and hopefully across + # the board, on Debian 12 etc too?!) since 2022-11-15: + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 + # apt_repository: + # repo: deb http://security.ubuntu.com/ubuntu focal-security main + # #filename: focal-security # If filename focal-security.list is preferred + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 - - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - when: is_debian_12 + # - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + # apt_repository: + # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) - package: - name: libssl1.1 - state: present - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + # - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + # apt_repository: + # repo: deb http://security.debian.org/debian-security bullseye-security main + # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + # when: is_debian_12 - - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - state: absent - when: is_debian_12 + # - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) + # package: + # name: libssl1.1 + # state: present + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - state: absent - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + # - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + # apt_repository: + # repo: deb http://security.debian.org/debian-security bullseye-security main + # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + # state: absent + # when: is_debian_12 - - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - apt_repository: - repo: deb http://security.ubuntu.com/ubuntu focal-security main - state: absent - #filename: focal-security # 100% IGNORED during repo deletion - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + # - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + # apt_repository: + # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + # state: absent + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + + # - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 + # apt_repository: + # repo: deb http://security.ubuntu.com/ubuntu focal-security main + # state: absent + # #filename: focal-security # 100% IGNORED during repo deletion + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 From 8f4024a0e44a65f8a044215fb46e65e67d246456 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 Jan 2023 22:37:27 -0500 Subject: [PATCH 026/937] Clarify MongoDB CAN use libssl3 on Ubuntu 22.04+ & Debian 12 --- roles/mongodb/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index cb249f1bd..336d026f6 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -130,8 +130,9 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - # 2023-01-19: libssl1.1 not longer nec on Ubuntu 22.04+ (and hopefully across - # the board, on Debian 12 etc too?!) since 2022-11-15: + # 2023-01-19: Retrofitting libssl1.1 onto Ubuntu 22.04+ and Debian 12 is no + # longer nec (certainly on x86_64, and hopefully sufficiently across the + # board?) as MongoDB can finally use libssl3 instead, since 2022-11-15: # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 From 0b23bd3ab53ba3107d893c44909cf84d39cddb11 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 Jan 2023 22:58:03 -0500 Subject: [PATCH 027/937] mongodb/tasks/install.yml: Comments more future-proof --- roles/mongodb/tasks/install.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 336d026f6..e68c89ff2 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -1,4 +1,5 @@ # MongoDB Install Docs: +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/ # https://www.mongodb.com/docs/manual/installation/ @@ -78,6 +79,7 @@ - block: - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - @@ -90,7 +92,7 @@ # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: @@ -106,9 +108,12 @@ when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" #when: is_debian and ansible_architecture == "x86_64" - # 2022-01-19: 64-bit RasPiOS likely not supported for now, as MongoDB 6.0's - # ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, JUST LIKE THEIR - # MongoDB 5.0 (tested 2022-06-07 ~120 lines below). + # 2022-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on + # MongoDB 6.0.3 (released 2022-11-15) instructions here: + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 + # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR + # MongoDB 5.0, tested 2022-06-07 ~113 lines below). - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From b0cad086c0ea9250e7d5c8735a0359a99e8a5b06 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 Jan 2023 23:11:34 -0500 Subject: [PATCH 028/937] ASIDE: MongoDB 6.0.3+ MIGHT run on 64-bit Ubuntu on RPi --- roles/mongodb/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index e68c89ff2..2554cc3b1 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -113,7 +113,9 @@ # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR - # MongoDB 5.0, tested 2022-06-07 ~113 lines below). + # MongoDB 5.0, tested 2022-06-07 ~113 lines below). Though MongoDB 6.0.3+ on + # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: + # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From 06f8001cb7325b68b272f2f95294fb1c9f306649 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 20 Jan 2023 00:05:39 -0500 Subject: [PATCH 029/937] PR #3469's Debian 11 code path was also tested --- roles/mongodb/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 2554cc3b1..520ab6fe3 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -92,7 +92,7 @@ # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. Tested on Deb 11. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: From 68dfc9239bbd9f48b91806d6fc83f827a6c08524 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 20 Jan 2023 00:09:07 -0500 Subject: [PATCH 030/937] 2022 -> 2023: Fix PR #3469 comment typo --- roles/mongodb/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 520ab6fe3..5f1b4788c 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -108,7 +108,7 @@ when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" #when: is_debian and ansible_architecture == "x86_64" - # 2022-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on + # 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on # MongoDB 6.0.3 (released 2022-11-15) instructions here: # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 From 247e582b56ecc39cffbc7de3ac50fc73604b619d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 20 Jan 2023 00:35:35 -0500 Subject: [PATCH 031/937] #3469 clarif: IIAB overlays MongoDB 5.0.5 64-bit RPi binaries --- roles/mongodb/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 5f1b4788c..228fe040f 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -116,6 +116,7 @@ # MongoDB 5.0, tested 2022-06-07 ~113 lines below). Though MongoDB 6.0.3+ on # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ + # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~140 LINES BELOW!) - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From ded399934f3d4b705714b5d25caed83ca7c3aaaa Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 20 Jan 2023 00:42:36 -0500 Subject: [PATCH 032/937] mongodb/tasks/install.yml: Clarify line numbers --- roles/mongodb/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 228fe040f..048601b16 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -92,7 +92,7 @@ # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. Tested on Deb 11. + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: @@ -113,10 +113,10 @@ # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR - # MongoDB 5.0, tested 2022-06-07 ~113 lines below). Though MongoDB 6.0.3+ on + # MongoDB 5.0, tested 2022-06-07 ~116 lines below). Though MongoDB 6.0.3+ on # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ - # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~140 LINES BELOW!) + # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From e9c6cffef23330c9b01b5835a36ea24e0aa884bf Mon Sep 17 00:00:00 2001 From: root Date: Sat, 21 Jan 2023 12:22:05 -0500 Subject: [PATCH 033/937] Install Moodle dev pre-release IFF PHP >= 8.3 --- roles/moodle/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index ec30d7f34..4abac732f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -49,21 +49,21 @@ when: php_settings_done is undefined -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.2" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022) - when: php_version is version('8.2', '>=') + when: php_version is version('8.3', '>=') -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.2 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: "{{ moodle_version }}" # e.g. MOODLE_401_STABLE (Moodle 4.1) - when: php_version is version('8.2', '<') + when: php_version is version('8.3', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 81bb08ffb5f31d6f7e28094058c19701fd83e688 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 24 Jan 2023 12:12:59 -0500 Subject: [PATCH 034/937] kolibri/tasks/install.yml: Clarify {{ kolibri_deb_url }} is just an example --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 94a8d4949..676358473 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -40,7 +40,7 @@ - name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: - deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest + deb: "{{ kolibri_deb_url }}" # e.g. https://learningequality.org/r/kolibri-deb-latest environment: KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later From 30e0169f7a613fc8e30c79c329811ddc105957e0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 27 Jan 2023 23:54:43 -0500 Subject: [PATCH 035/937] osm-vector-maps/tasks/install.yml: Clarify {{ osm_repo_url }}/{{ maps_branch }} --- roles/osm-vector-maps/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index ab28c7cd6..03642c274 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -29,7 +29,7 @@ - name: Download {{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json to {{ iiab_etc_path }} get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json" + url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json" # e.g. https://raw.githubusercontent.com/iiab/maps/master dest: "{{ iiab_etc_path }}" # /etc/iiab timeout: "{{ download_timeout }}" From 555c7a77119beb7cbfb3ba4278c9a8b8d14d6242 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 30 Jan 2023 08:51:43 -0500 Subject: [PATCH 036/937] openvpn/defaults/main.yml: Clarify openvpn_server_real_ip etc --- roles/openvpn/defaults/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index adc23ec2b..136e01f5d 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -1,13 +1,17 @@ +# SECURITY WARNING: https://wiki.iiab.io/go/Security + # openvpn_install: True # openvpn_enabled: False -# For /etc/iiab/openvpn_handle +# Empty string on purpose since ~2016, for /etc/iiab/uuid +# SEE https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/main.yml#L5-L20 # openvpn_handle: "" # cron seems necessary on CentOS: # openvpn_cron_enabled: False # openvpn_server: xscenet.net +# openvpn_server_real_ip: 3.89.148.185 # openvpn_server_virtual_ip: 10.8.0.1 # openvpn_server_port: 1194 From 69bde5e74569817532b973b287beec50ee9caad8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 30 Jan 2023 18:25:00 -0500 Subject: [PATCH 037/937] Recommend ansible-core 2.14.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 26e12ac83..48ed3ff61 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.1] -GOOD_VER=2.14.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.2] +GOOD_VER=2.14.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 611a0ac01acfb3334d83742a681955c1858d0c6b Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 7 Feb 2023 21:59:41 -0500 Subject: [PATCH 038/937] phpMyAdmin 5.2.1 --- roles/phpmyadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index ff6343c56..b898ae5bd 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.2.0 +phpmyadmin_version: 5.2.1 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" From b0f5a85e20a4e15dac4820c6125c5377b53cf326 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 8 Feb 2023 11:34:49 -0500 Subject: [PATCH 039/937] Update jupyterhub_config.py.j2 for JupyterHub 3.1.1 & /run/jupyterhub-proxy.pid --- .../templates/jupyterhub_config.py.j2 | 718 ++++++++++++------ 1 file changed, 501 insertions(+), 217 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index a3c5b077f..f8be9a849 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -1,5 +1,18 @@ +# 2023-02-08 for /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py : +# https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html +# +# 1) To generate this 1500+ line stub, I ran JupyterHub 3.1.1's: +# /opt/iiab/jupyterhub/bin/jupyterhub --generate-config +# 2) I manually inserted 9 of IIAB's 10 legacy custom lines below, from: +# grep ^c /opt/iiab/iiab/roles/jupyterhub/templates/jupyterhub_config.py.j2 +# 3) I added the following line on @jvonau's suggestion: (#3475) +# c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" + + # Configuration file for jupyterhub. +c = get_config() #noqa + #------------------------------------------------------------------------------ # Application(SingletonConfigurable) configuration #------------------------------------------------------------------------------ @@ -18,6 +31,53 @@ # Default: 30 # c.Application.log_level = 30 +## Configure additional log handlers. +# +# The default stderr logs handler is configured by the log_level, log_datefmt +# and log_format settings. +# +# This configuration can be used to configure additional handlers (e.g. to +# output the log to a file) or for finer control over the default handlers. +# +# If provided this should be a logging configuration dictionary, for more +# information see: +# https://docs.python.org/3/library/logging.config.html#logging-config- +# dictschema +# +# This dictionary is merged with the base logging configuration which defines +# the following: +# +# * A logging formatter intended for interactive use called +# ``console``. +# * A logging handler that writes to stderr called +# ``console`` which uses the formatter ``console``. +# * A logger with the name of this application set to ``DEBUG`` +# level. +# +# This example adds a new handler that writes to a file: +# +# .. code-block:: python +# +# c.Application.logging_config = { +# 'handlers': { +# 'file': { +# 'class': 'logging.FileHandler', +# 'level': 'DEBUG', +# 'filename': '', +# } +# }, +# 'loggers': { +# '': { +# 'level': 'DEBUG', +# # NOTE: if you don't list the default "console" +# # handler here then it will be disabled +# 'handlers': ['console', 'file'], +# }, +# } +# } +# Default: {} +# c.Application.logging_config = {} + ## Instead of starting the Application, dump configuration to stdout # Default: False # c.Application.show_config = False @@ -60,11 +120,13 @@ # Default: 30 # c.JupyterHub.activity_resolution = 30 -## Grant admin users permission to access single-user servers. +## DEPRECATED since version 2.0.0. # -# Users should be properly informed if this is enabled. +# The default admin role has full permissions, use custom RBAC scopes instead to +# create restricted administrator roles. +# https://jupyterhub.readthedocs.io/en/stable/rbac/index.html # Default: False -c.JupyterHub.admin_access = True +# c.JupyterHub.admin_access = False ## DEPRECATED since version 0.7.2, use Authenticator.admin_users instead. # Default: set() @@ -78,14 +140,23 @@ c.JupyterHub.admin_access = True # Default: False # c.JupyterHub.answer_yes = False +## The default amount of records returned by a paginated endpoint +# Default: 50 +# c.JupyterHub.api_page_default_limit = 50 + +## The maximum amount of records that can be returned at once +# Default: 200 +# c.JupyterHub.api_page_max_limit = 200 + ## PENDING DEPRECATION: consider using services # -# Dict of token:username to be loaded into the database. +# Dict of token:username to be loaded into the database. # -# Allows ahead-of-time generation of API tokens for use by externally managed -# services, which authenticate as JupyterHub users. +# Allows ahead-of-time generation of API tokens for use by externally managed services, +# which authenticate as JupyterHub users. # -# Consider using services for general services that talk to the JupyterHub API. +# Consider using services for general services that talk to the +# JupyterHub API. # Default: {} # c.JupyterHub.api_tokens = {} @@ -112,49 +183,53 @@ c.JupyterHub.admin_access = True # Currently installed: # - default: jupyterhub.auth.PAMAuthenticator # - dummy: jupyterhub.auth.DummyAuthenticator +# - null: jupyterhub.auth.NullAuthenticator # - pam: jupyterhub.auth.PAMAuthenticator # Default: 'jupyterhub.auth.PAMAuthenticator' +# c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator' c.JupyterHub.authenticator_class = 'firstuseauthenticator.FirstUseAuthenticator' ## The base URL of the entire application. # -# Add this to the beginning of all JupyterHub URLs. Use base_url to run -# JupyterHub within an existing website. +# Add this to the beginning of all JupyterHub URLs. +# Use base_url to run JupyterHub within an existing website. # -# .. deprecated: 0.9 -# Use JupyterHub.bind_url +# .. deprecated: 0.9 +# Use JupyterHub.bind_url # Default: '/' +# c.JupyterHub.base_url = '/' c.JupyterHub.base_url = '/jupyterhub' ## The public facing URL of the whole JupyterHub application. # -# This is the address on which the proxy will bind. Sets protocol, ip, base_url +# This is the address on which the proxy will bind. +# Sets protocol, ip, base_url # Default: 'http://:8000' # c.JupyterHub.bind_url = 'http://:8000' ## Whether to shutdown the proxy when the Hub shuts down. # -# Disable if you want to be able to teardown the Hub while leaving the proxy -# running. +# Disable if you want to be able to teardown the Hub while leaving the +# proxy running. # -# Only valid if the proxy was starting by the Hub process. +# Only valid if the proxy was starting by the Hub process. # -# If both this and cleanup_servers are False, sending SIGINT to the Hub will -# only shutdown the Hub, leaving everything else running. +# If both this and cleanup_servers are False, sending SIGINT to the Hub will +# only shutdown the Hub, leaving everything else running. # -# The Hub should be able to resume from database state. +# The Hub should be able to resume from database state. # Default: True # c.JupyterHub.cleanup_proxy = True ## Whether to shutdown single-user servers when the Hub shuts down. # -# Disable if you want to be able to teardown the Hub while leaving the single- -# user servers running. +# Disable if you want to be able to teardown the Hub while leaving the +# single-user servers running. # -# If both this and cleanup_proxy are False, sending SIGINT to the Hub will only -# shutdown the Hub, leaving everything else running. +# If both this and cleanup_proxy are False, sending SIGINT to the Hub will +# only shutdown the Hub, leaving everything else running. # -# The Hub should be able to resume from database state. +# The Hub should be able to resume from database state. # Default: True # c.JupyterHub.cleanup_servers = True @@ -184,33 +259,54 @@ c.JupyterHub.base_url = '/jupyterhub' # Default: False # c.JupyterHub.confirm_no_ssl = False -## Number of days for a login cookie to be valid. Default is two weeks. +## Number of days for a login cookie to be valid. +# Default is two weeks. # Default: 14 # c.JupyterHub.cookie_max_age_days = 14 ## The cookie secret to use to encrypt cookies. # -# Loaded from the JPY_COOKIE_SECRET env variable by default. +# Loaded from the JPY_COOKIE_SECRET env variable by default. # -# Should be exactly 256 bits (32 bytes). -# Default: b'' +# Should be exactly 256 bits (32 bytes). +# Default: traitlets.Undefined +# c.JupyterHub.cookie_secret = traitlets.Undefined c.JupyterHub.cookie_secret = b'helloiiabitsrainingb123456789012' ## File in which to store the cookie secret. # Default: 'jupyterhub_cookie_secret' # c.JupyterHub.cookie_secret_file = 'jupyterhub_cookie_secret' -## The location of jupyterhub data files (e.g. /usr/local/share/jupyterhub) -# Default: '/opt/iiab/jupyter/share/jupyterhub' -# c.JupyterHub.data_files_path = '/opt/iiab/jupyter/share/jupyterhub' +## Custom scopes to define. +# +# For use when defining custom roles, +# to grant users granular permissions +# +# All custom scopes must have a description, +# and must start with the prefix `custom:`. +# +# For example:: +# +# custom_scopes = { +# "custom:jupyter_server:read": { +# "description": "read-only access to a single-user server", +# }, +# } +# Default: {} +# c.JupyterHub.custom_scopes = {} -## Include any kwargs to pass to the database connection. See -# sqlalchemy.create_engine for details. +## The location of jupyterhub data files (e.g. /usr/local/share/jupyterhub) +# Default: '/opt/iiab/jupyterhub/share/jupyterhub' +# c.JupyterHub.data_files_path = '/opt/iiab/jupyterhub/share/jupyterhub' + +## Include any kwargs to pass to the database connection. +# See sqlalchemy.create_engine for details. # Default: {} # c.JupyterHub.db_kwargs = {} ## url for the database. e.g. `sqlite:///jupyterhub.sqlite` # Default: 'sqlite:///jupyterhub.sqlite' +# c.JupyterHub.db_url = 'sqlite:///jupyterhub.sqlite' c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## log all database transactions. This has A LOT of output @@ -221,8 +317,13 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: False # c.JupyterHub.debug_proxy = False -## If named servers are enabled, default name of server to spawn or open, e.g. by -# user-redirect. +## If named servers are enabled, default name of server to spawn or open when no +# server is specified, e.g. by user-redirect. +# +# Note: This has no effect if named servers are not enabled, and does _not_ +# change the existence or behavior of the default server named `''` (the empty +# string). This only affects which named server is launched when no server is +# specified, e.g. by links to `/hub/user-redirect/lab/tree/mynotebook.ipynb`. # Default: '' # c.JupyterHub.default_server_name = '' @@ -245,30 +346,28 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: traitlets.Undefined # c.JupyterHub.default_url = traitlets.Undefined -## Dict authority:dict(files). Specify the key, cert, and/or ca file for an -# authority. This is useful for externally managed proxies that wish to use -# internal_ssl. +## Dict authority:dict(files). Specify the key, cert, and/or +# ca file for an authority. This is useful for externally managed +# proxies that wish to use internal_ssl. # -# The files dict has this format (you must specify at least a cert):: +# The files dict has this format (you must specify at least a cert):: # -# { -# 'key': '/path/to/key.key', -# 'cert': '/path/to/cert.crt', -# 'ca': '/path/to/ca.crt' -# } +# { +# 'key': '/path/to/key.key', +# 'cert': '/path/to/cert.crt', +# 'ca': '/path/to/ca.crt' +# } # -# The authorities you can override: 'hub-ca', 'notebooks-ca', 'proxy-api-ca', -# 'proxy-client-ca', and 'services-ca'. +# The authorities you can override: 'hub-ca', 'notebooks-ca', +# 'proxy-api-ca', 'proxy-client-ca', and 'services-ca'. # -# Use with internal_ssl +# Use with internal_ssl # Default: {} # c.JupyterHub.external_ssl_authorities = {} -## Register extra tornado Handlers for jupyterhub. +## DEPRECATED. # -# Should be of the form ``("", Handler)`` -# -# The Hub prefix will be added, so `/my-page` will be served at `/hub/my-page`. +# If you need to register additional HTTP endpoints please use services instead. # Default: [] # c.JupyterHub.extra_handlers = [] @@ -282,6 +381,14 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: [] # c.JupyterHub.extra_log_handlers = [] +## Alternate header to use as the Host (e.g., X-Forwarded-Host) +# when determining whether a request is cross-origin +# +# This may be useful when JupyterHub is running behind a proxy that rewrites +# the Host header. +# Default: '' +# c.JupyterHub.forwarded_host_header = '' + ## Generate certs used for internal ssl # Default: False # c.JupyterHub.generate_certs = False @@ -303,19 +410,19 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: '' # c.JupyterHub.hub_bind_url = '' -## The ip or hostname for proxies and spawners to use for connecting to the Hub. +## The ip or hostname for proxies and spawners to use +# for connecting to the Hub. # -# Use when the bind address (`hub_ip`) is 0.0.0.0, :: or otherwise different -# from the connect address. +# Use when the bind address (`hub_ip`) is 0.0.0.0, :: or otherwise different +# from the connect address. # -# Default: when `hub_ip` is 0.0.0.0 or ::, use `socket.gethostname()`, otherwise -# use `hub_ip`. +# Default: when `hub_ip` is 0.0.0.0 or ::, use `socket.gethostname()`, +# otherwise use `hub_ip`. # -# Note: Some spawners or proxy implementations might not support hostnames. -# Check your spawner or proxy documentation to see if they have extra -# requirements. +# Note: Some spawners or proxy implementations might not support hostnames. Check your +# spawner or proxy documentation to see if they have extra requirements. # -# .. versionadded:: 0.8 +# .. versionadded:: 0.8 # Default: '' # c.JupyterHub.hub_connect_ip = '' @@ -346,39 +453,59 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## The ip address for the Hub process to *bind* to. # -# By default, the hub listens on localhost only. This address must be accessible -# from the proxy and user servers. You may need to set this to a public ip or '' -# for all interfaces if the proxy or user servers are in containers or on a -# different host. +# By default, the hub listens on localhost only. This address must be accessible from +# the proxy and user servers. You may need to set this to a public ip or '' for all +# interfaces if the proxy or user servers are in containers or on a different host. # -# See `hub_connect_ip` for cases where the bind and connect address should -# differ, or `hub_bind_url` for setting the full bind URL. +# See `hub_connect_ip` for cases where the bind and connect address should differ, +# or `hub_bind_url` for setting the full bind URL. # Default: '127.0.0.1' # c.JupyterHub.hub_ip = '127.0.0.1' ## The internal port for the Hub process. # -# This is the internal port of the hub itself. It should never be accessed -# directly. See JupyterHub.port for the public port to use when accessing -# jupyterhub. It is rare that this port should be set except in cases of port -# conflict. +# This is the internal port of the hub itself. It should never be accessed directly. +# See JupyterHub.port for the public port to use when accessing jupyterhub. +# It is rare that this port should be set except in cases of port conflict. # -# See also `hub_ip` for the ip and `hub_bind_url` for setting the full bind URL. +# See also `hub_ip` for the ip and `hub_bind_url` for setting the full +# bind URL. # Default: 8081 # c.JupyterHub.hub_port = 8081 +## The routing prefix for the Hub itself. +# +# Override to send only a subset of traffic to the Hub. Default is to use the +# Hub as the default route for all requests. +# +# This is necessary for normal jupyterhub operation, as the Hub must receive +# requests for e.g. `/user/:name` when the user's server is not running. +# +# However, some deployments using only the JupyterHub API may want to handle +# these events themselves, in which case they can register their own default +# target with the proxy and set e.g. `hub_routespec = /hub/` to serve only the +# hub's own pages, or even `/hub/api/` for api-only operation. +# +# Note: hub_routespec must include the base_url, if any. +# +# .. versionadded:: 1.4 +# Default: '/' +# c.JupyterHub.hub_routespec = '/' + ## Trigger implicit spawns after this many seconds. # -# When a user visits a URL for a server that's not running, they are shown a -# page indicating that the requested server is not running with a button to -# spawn the server. +# When a user visits a URL for a server that's not running, +# they are shown a page indicating that the requested server +# is not running with a button to spawn the server. # -# Setting this to a positive value will redirect the user after this many -# seconds, effectively clicking this button automatically for the users, -# automatically beginning the spawn process. +# Setting this to a positive value will redirect the user +# after this many seconds, effectively clicking this button +# automatically for the users, +# automatically beginning the spawn process. # -# Warning: this can result in errors and surprising behavior when sharing access -# URLs to actual servers, since the wrong server is likely to be started. +# Warning: this can result in errors and surprising behavior +# when sharing access URLs to actual servers, +# since the wrong server is likely to be started. # Default: 0 # c.JupyterHub.implicit_spawn_seconds = 0 @@ -398,29 +525,30 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: 10 # c.JupyterHub.init_spawners_timeout = 10 -## The location to store certificates automatically created by JupyterHub. +## The location to store certificates automatically created by +# JupyterHub. # -# Use with internal_ssl +# Use with internal_ssl # Default: 'internal-ssl' # c.JupyterHub.internal_certs_location = 'internal-ssl' ## Enable SSL for all internal communication # -# This enables end-to-end encryption between all JupyterHub components. -# JupyterHub will automatically create the necessary certificate authority and -# sign notebook certificates as they're created. +# This enables end-to-end encryption between all JupyterHub components. +# JupyterHub will automatically create the necessary certificate +# authority and sign notebook certificates as they're created. # Default: False # c.JupyterHub.internal_ssl = False -## The public facing ip of the whole JupyterHub application (specifically -# referred to as the proxy). +## The public facing ip of the whole JupyterHub application +# (specifically referred to as the proxy). # -# This is the address on which the proxy will listen. The default is to listen -# on all interfaces. This is the only address through which JupyterHub should be -# accessed by users. +# This is the address on which the proxy will listen. The default is to +# listen on all interfaces. This is the only address through which JupyterHub +# should be accessed by users. # -# .. deprecated: 0.9 -# Use JupyterHub.bind_url +# .. deprecated: 0.9 +# Use JupyterHub.bind_url # Default: '' # c.JupyterHub.ip = '' @@ -434,14 +562,36 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## Dict of 'group': ['usernames'] to load at startup. # -# This strictly *adds* groups and users to groups. +# This strictly *adds* groups and users to groups. # -# Loading one set of groups, then starting JupyterHub again with a different set -# will not remove users or groups from previous launches. That must be done -# through the API. +# Loading one set of groups, then starting JupyterHub again with a different +# set will not remove users or groups from previous launches. +# That must be done through the API. # Default: {} # c.JupyterHub.load_groups = {} +## List of predefined role dictionaries to load at startup. +# +# For instance:: +# +# load_roles = [ +# { +# 'name': 'teacher', +# 'description': 'Access to users' information and group membership', +# 'scopes': ['users', 'groups'], +# 'users': ['cyclops', 'gandalf'], +# 'services': [], +# 'groups': [] +# } +# ] +# +# All keys apart from 'name' are optional. +# See all the available scopes in the JupyterHub REST API documentation. +# +# Default roles are defined in roles.py. +# Default: [] +# c.JupyterHub.load_roles = [] + ## The date format used by logging formatters for %(asctime)s # See also: Application.log_datefmt # c.JupyterHub.log_datefmt = '%Y-%m-%d %H:%M:%S' @@ -454,6 +604,10 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # See also: Application.log_level # c.JupyterHub.log_level = 30 +## +# See also: Application.logging_config +# c.JupyterHub.logging_config = {} + ## Specify path to a logo image to override the Jupyter logo in the banner. # Default: '' # c.JupyterHub.logo_file = '' @@ -464,20 +618,62 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Setting this can limit the total resources a user can consume. # # If set to 0, no limit is enforced. +# +# Can be an integer or a callable/awaitable based on the handler object: +# +# :: +# +# def named_server_limit_per_user_fn(handler): +# user = handler.current_user +# if user and user.admin: +# return 0 +# return 5 +# +# c.JupyterHub.named_server_limit_per_user = named_server_limit_per_user_fn # Default: 0 # c.JupyterHub.named_server_limit_per_user = 0 -## File to write PID Useful for daemonizing JupyterHub. +## Expiry (in seconds) of OAuth access tokens. +# +# The default is to expire when the cookie storing them expires, +# according to `cookie_max_age_days` config. +# +# These are the tokens stored in cookies when you visit +# a single-user server or service. +# When they expire, you must re-authenticate with the Hub, +# even if your Hub authentication is still valid. +# If your Hub authentication is valid, +# logging in may be a transparent redirect as you refresh the page. +# +# This does not affect JupyterHub API tokens in general, +# which do not expire by default. +# Only tokens issued during the oauth flow +# accessing services and single-user servers are affected. +# +# .. versionadded:: 1.4 +# OAuth token expires_in was not previously configurable. +# .. versionchanged:: 1.4 +# Default now uses cookie_max_age_days so that oauth tokens +# which are generally stored in cookies, +# expire when the cookies storing them expire. +# Previously, it was one hour. +# Default: 0 +# c.JupyterHub.oauth_token_expires_in = 0 + +## File to write PID +# Useful for daemonizing JupyterHub. # Default: '' # c.JupyterHub.pid_file = '' +c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" ## The public facing port of the proxy. # -# This is the port on which the proxy will listen. This is the only port through -# which JupyterHub should be accessed by users. +# This is the port on which the proxy will listen. +# This is the only port through which JupyterHub +# should be accessed by users. # -# .. deprecated: 0.9 -# Use JupyterHub.bind_url +# .. deprecated: 0.9 +# Use JupyterHub.bind_url # Default: 8000 # c.JupyterHub.port = 8000 @@ -493,9 +689,9 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: '' # c.JupyterHub.proxy_auth_token = '' -## Interval (in seconds) at which to check if the proxy is running. -# Default: 30 -# c.JupyterHub.proxy_check_interval = 30 +## DEPRECATED since version 0.8: Use ConfigurableHTTPProxy.check_running_interval +# Default: 5 +# c.JupyterHub.proxy_check_interval = 5 ## The class to use for configuring the JupyterHub proxy. # @@ -517,9 +713,9 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## Recreate all certificates used within JupyterHub on restart. # -# Note: enabling this feature requires restarting all notebook servers. +# Note: enabling this feature requires restarting all notebook servers. # -# Use with internal_ssl +# Use with internal_ssl # Default: False # c.JupyterHub.recreate_internal_certs = False @@ -538,29 +734,29 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## Dict of token:servicename to be loaded into the database. # -# Allows ahead-of-time generation of API tokens for use by externally managed -# services. +# Allows ahead-of-time generation of API tokens for use by externally +# managed services. # Default: {} # c.JupyterHub.service_tokens = {} ## List of service specification dictionaries. # -# A service +# A service # -# For instance:: +# For instance:: # -# services = [ -# { -# 'name': 'cull_idle', -# 'command': ['/path/to/cull_idle_servers.py'], -# }, -# { -# 'name': 'formgrader', -# 'url': 'http://127.0.0.1:1234', -# 'api_token': 'super-secret', -# 'environment': -# } -# ] +# services = [ +# { +# 'name': 'cull_idle', +# 'command': ['/path/to/cull_idle_servers.py'], +# }, +# { +# 'name': 'formgrader', +# 'url': 'http://127.0.0.1:1234', +# 'api_token': 'super-secret', +# 'environment': +# } +# ] # Default: [] # c.JupyterHub.services = [] @@ -585,21 +781,26 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # e.g. `c.JupyterHub.spawner_class = 'localprocess'` # # Currently installed: +# - systemd: systemdspawner.SystemdSpawner +# - systemdspawner: systemdspawner.SystemdSpawner # - default: jupyterhub.spawner.LocalProcessSpawner # - localprocess: jupyterhub.spawner.LocalProcessSpawner # - simple: jupyterhub.spawner.SimpleLocalProcessSpawner # Default: 'jupyterhub.spawner.LocalProcessSpawner' +# c.JupyterHub.spawner_class = 'jupyterhub.spawner.LocalProcessSpawner' c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' +c.SystemdSpawner.dynamic_users = True +c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}' ## Path to SSL certificate file for the public facing interface of the proxy # -# When setting this, you should also set ssl_key +# When setting this, you should also set ssl_key # Default: '' # c.JupyterHub.ssl_cert = '' ## Path to SSL key file for the public facing interface of the proxy # -# When setting this, you should also set ssl_cert +# When setting this, you should also set ssl_cert # Default: '' # c.JupyterHub.ssl_key = '' @@ -618,17 +819,18 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' ## Run single-user servers on subdomains of this host. # -# This should be the full `https://hub.domain.tld[:port]`. +# This should be the full `https://hub.domain.tld[:port]`. # -# Provides additional cross-site protections for javascript served by single- -# user servers. +# Provides additional cross-site protections for javascript served by +# single-user servers. # -# Requires `.hub.domain.tld` to resolve to the same host as +# Requires `.hub.domain.tld` to resolve to the same host as # `hub.domain.tld`. # -# In general, this is most easily achieved with wildcard DNS. +# In general, this is most easily achieved with wildcard DNS. # -# When using SSL (i.e. always) this also requires a wildcard SSL certificate. +# When using SSL (i.e. always) this also requires a wildcard SSL +# certificate. # Default: '' # c.JupyterHub.subdomain_host = '' @@ -644,54 +846,69 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # Default: {} # c.JupyterHub.tornado_settings = {} -## Trust user-provided tokens (via JupyterHub.service_tokens) to have good -# entropy. +## Trust user-provided tokens (via JupyterHub.service_tokens) +# to have good entropy. # -# If you are not inserting additional tokens via configuration file, this flag -# has no effect. +# If you are not inserting additional tokens via configuration file, +# this flag has no effect. # -# In JupyterHub 0.8, internally generated tokens do not pass through additional -# hashing because the hashing is costly and does not increase the entropy of -# already-good UUIDs. +# In JupyterHub 0.8, internally generated tokens do not +# pass through additional hashing because the hashing is costly +# and does not increase the entropy of already-good UUIDs. # -# User-provided tokens, on the other hand, are not trusted to have good entropy -# by default, and are passed through many rounds of hashing to stretch the -# entropy of the key (i.e. user-provided tokens are treated as passwords instead -# of random keys). These keys are more costly to check. +# User-provided tokens, on the other hand, are not trusted to have good entropy by default, +# and are passed through many rounds of hashing to stretch the entropy of the key +# (i.e. user-provided tokens are treated as passwords instead of random keys). +# These keys are more costly to check. # -# If your inserted tokens are generated by a good-quality mechanism, e.g. -# `openssl rand -hex 32`, then you can set this flag to True to reduce the cost -# of checking authentication tokens. +# If your inserted tokens are generated by a good-quality mechanism, +# e.g. `openssl rand -hex 32`, then you can set this flag to True +# to reduce the cost of checking authentication tokens. # Default: False # c.JupyterHub.trust_user_provided_tokens = False ## Names to include in the subject alternative name. # -# These names will be used for server name verification. This is useful if -# JupyterHub is being run behind a reverse proxy or services using ssl are on -# different hosts. +# These names will be used for server name verification. This is useful +# if JupyterHub is being run behind a reverse proxy or services using ssl +# are on different hosts. # -# Use with internal_ssl +# Use with internal_ssl # Default: [] # c.JupyterHub.trusted_alt_names = [] ## Downstream proxy IP addresses to trust. # -# This sets the list of IP addresses that are trusted and skipped when -# processing the `X-Forwarded-For` header. For example, if an external proxy is -# used for TLS termination, its IP address should be added to this list to -# ensure the correct client IP addresses are recorded in the logs instead of the -# proxy server's IP address. +# This sets the list of IP addresses that are trusted and skipped when processing +# the `X-Forwarded-For` header. For example, if an external proxy is used for TLS +# termination, its IP address should be added to this list to ensure the correct +# client IP addresses are recorded in the logs instead of the proxy server's IP +# address. # Default: [] # c.JupyterHub.trusted_downstream_ips = [] ## Upgrade the database automatically on start. # -# Only safe if database is regularly backed up. Only SQLite databases will be -# backed up to a local file automatically. +# Only safe if database is regularly backed up. +# Only SQLite databases will be backed up to a local file automatically. # Default: False # c.JupyterHub.upgrade_db = False +## Return 503 rather than 424 when request comes in for a non-running server. +# +# Prior to JupyterHub 2.0, we returned a 503 when any request came in for a user +# server that was currently not running. By default, JupyterHub 2.0 will return +# a 424 - this makes operational metric dashboards more useful. +# +# JupyterLab < 3.2 expected the 503 to know if the user server is no longer +# running, and prompted the user to start their server. Set this config to true +# to retain the old behavior, so JupyterLab < 3.2 can continue to show the +# appropriate UI when the user server is stopped. +# +# This option will be removed in a future release. +# Default: False +# c.JupyterHub.use_legacy_stopped_server_status_code = False + ## Callable to affect behavior of /user-redirect/ # # Receives 4 parameters: 1. path - URL path that was provided after /user- @@ -709,13 +926,17 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' #------------------------------------------------------------------------------ ## Base class for spawning single-user notebook servers. # -# Subclass this, and override the following methods: +# Subclass this, and override the following methods: # -# - load_state - get_state - start - stop - poll +# - load_state +# - get_state +# - start +# - stop +# - poll # -# As JupyterHub supports multiple users, an instance of the Spawner subclass is -# created for each user. If there are 20 JupyterHub users, there will be 20 -# instances of the subclass. +# As JupyterHub supports multiple users, an instance of the Spawner subclass +# is created for each user. If there are 20 JupyterHub users, there will be 20 +# instances of the subclass. ## Extra arguments to be passed to the single-user server. # @@ -862,12 +1083,32 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # Default: 30 # c.Spawner.http_timeout = 30 +## The URL the single-user server should connect to the Hub. +# +# If the Hub URL set in your JupyterHub config is not reachable from spawned +# notebooks, you can set differnt URL by this config. +# +# Is None if you don't need to change the URL. +# Default: None +# c.Spawner.hub_connect_url = None + ## The IP address (or hostname) the single-user server should listen on. # +# Usually either '127.0.0.1' (default) or '0.0.0.0'. +# # The JupyterHub proxy implementation should be able to send packets to this # interface. -# Default: '' -# c.Spawner.ip = '' +# +# Subclasses which launch remotely or in containers should override the default +# to '0.0.0.0'. +# +# .. versionchanged:: 2.0 +# Default changed to '127.0.0.1', from ''. +# In most cases, this does not result in a change in behavior, +# as '' was interpreted as 'unspecified', +# which used the subprocesses' own default, itself usually '127.0.0.1'. +# Default: '127.0.0.1' +# c.Spawner.ip = '127.0.0.1' ## Minimum number of bytes a single-user notebook server is guaranteed to have # available. @@ -918,6 +1159,35 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # Default: '' # c.Spawner.notebook_dir = '' +## Allowed scopes for oauth tokens issued by this server's oauth client. +# +# This sets the maximum and default scopes +# assigned to oauth tokens issued by a single-user server's +# oauth client (i.e. tokens stored in browsers after authenticating with the server), +# defining what actions the server can take on behalf of logged-in users. +# +# Default is an empty list, meaning minimal permissions to identify users, +# no actions can be taken on their behalf. +# +# If callable, will be called with the Spawner as a single argument. +# Callables may be async. +# Default: traitlets.Undefined +# c.Spawner.oauth_client_allowed_scopes = traitlets.Undefined + +## Allowed roles for oauth tokens. +# +# Deprecated in 3.0: use oauth_client_allowed_scopes +# +# This sets the maximum and default roles +# assigned to oauth tokens issued by a single-user server's +# oauth client (i.e. tokens stored in browsers after authenticating with the server), +# defining what actions the server can take on behalf of logged-in users. +# +# Default is an empty list, meaning minimal permissions to identify users, +# no actions can be taken on their behalf. +# Default: traitlets.Undefined +# c.Spawner.oauth_roles = traitlets.Undefined + ## An HTML form for options a user can specify on launching their server. # # The surrounding `
` element and the submit button are already provided. @@ -1021,8 +1291,8 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' ## List of SSL alt names # -# May be set in config if all spawners should have the same value(s), or set at -# runtime by Spawner that know their names. +# May be set in config if all spawners should have the same value(s), +# or set at runtime by Spawner that know their names. # Default: [] # c.Spawner.ssl_alt_names = [] @@ -1046,6 +1316,9 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' ## Set of users that will have admin rights on this JupyterHub. # +# Note: As of JupyterHub 2.0, full admin rights should not be required, and more +# precise permissions can be managed via roles. +# # Admin users have extra privileges: # - Use the admin panel to see list of users logged in # - Add / remove users in some authenticators @@ -1057,6 +1330,7 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # # Defaults to an empty set, in which case no user has admin access. # Default: set() +# c.Authenticator.admin_users = set() c.Authenticator.admin_users = set(['admin']) c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" @@ -1064,7 +1338,8 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" # # Use this with supported authenticators to restrict which users can log in. # This is an additional list that further restricts users, beyond whatever -# restrictions the authenticator has in place. +# restrictions the authenticator has in place. Any user in this list is granted +# the 'user' role on hub startup. # # If empty, does not perform any additional restriction. # @@ -1073,28 +1348,43 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" # Default: set() # c.Authenticator.allowed_users = set() -## The max age (in seconds) of authentication info before forcing a refresh of -# user auth info. +## The max age (in seconds) of authentication info +# before forcing a refresh of user auth info. # -# Refreshing auth info allows, e.g. requesting/re-validating auth tokens. +# Refreshing auth info allows, e.g. requesting/re-validating auth +# tokens. # -# See :meth:`.refresh_user` for what happens when user auth info is refreshed -# (nothing by default). +# See :meth:`.refresh_user` for what happens when user auth info is refreshed +# (nothing by default). # Default: 300 # c.Authenticator.auth_refresh_age = 300 ## Automatically begin the login process # -# rather than starting with a "Login with..." link at `/hub/login` +# rather than starting with a "Login with..." link at `/hub/login` # -# To work, `.login_url()` must give a URL other than the default `/hub/login`, -# such as an oauth handler or another automatic login handler, registered with -# `.get_handlers()`. +# To work, `.login_url()` must give a URL other than the default `/hub/login`, +# such as an oauth handler or another automatic login handler, +# registered with `.get_handlers()`. # -# .. versionadded:: 0.8 +# .. versionadded:: 0.8 # Default: False # c.Authenticator.auto_login = False +## Automatically begin login process for OAuth2 authorization requests +# +# When another application is using JupyterHub as OAuth2 provider, it sends +# users to `/hub/api/oauth2/authorize`. If the user isn't logged in already, and +# auto_login is not set, the user will be dumped on the hub's home page, without +# any context on what to do next. +# +# Setting this to true will automatically redirect users to login if they aren't +# logged in *only* on the `/hub/api/oauth2/authorize` endpoint. +# +# .. versionadded:: 1.5 +# Default: False +# c.Authenticator.auto_login_oauth2_authorize = False + ## Set of usernames that are not allowed to log in. # # Use this with supported authenticators to restrict which users can not log in. @@ -1112,36 +1402,48 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" ## Delete any users from the database that do not pass validation # -# When JupyterHub starts, `.add_user` will be called on each user in the -# database to verify that all users are still valid. +# When JupyterHub starts, `.add_user` will be called +# on each user in the database to verify that all users are still valid. # -# If `delete_invalid_users` is True, any users that do not pass validation will -# be deleted from the database. Use this if users might be deleted from an -# external system, such as local user accounts. +# If `delete_invalid_users` is True, +# any users that do not pass validation will be deleted from the database. +# Use this if users might be deleted from an external system, +# such as local user accounts. # -# If False (default), invalid users remain in the Hub's database and a warning -# will be issued. This is the default to avoid data loss due to config changes. +# If False (default), invalid users remain in the Hub's database +# and a warning will be issued. +# This is the default to avoid data loss due to config changes. # Default: False # c.Authenticator.delete_invalid_users = False ## Enable persisting auth_state (if available). # -# auth_state will be encrypted and stored in the Hub's database. This can -# include things like authentication tokens, etc. to be passed to Spawners as -# environment variables. +# auth_state will be encrypted and stored in the Hub's database. +# This can include things like authentication tokens, etc. +# to be passed to Spawners as environment variables. # -# Encrypting auth_state requires the cryptography package. +# Encrypting auth_state requires the cryptography package. # -# Additionally, the JUPYTERHUB_CRYPT_KEY environment variable must contain one -# (or more, separated by ;) 32B encryption keys. These can be either base64 or -# hex-encoded. +# Additionally, the JUPYTERHUB_CRYPT_KEY environment variable must +# contain one (or more, separated by ;) 32B encryption keys. +# These can be either base64 or hex-encoded. # -# If encryption is unavailable, auth_state cannot be persisted. +# If encryption is unavailable, auth_state cannot be persisted. # -# New in JupyterHub 0.8 +# New in JupyterHub 0.8 # Default: False # c.Authenticator.enable_auth_state = False +## Let authenticator manage user groups +# +# If True, Authenticator.authenticate and/or .refresh_user +# may return a list of group names in the 'groups' field, +# which will be assigned to the user. +# +# All group-assignment APIs are disabled if this is True. +# Default: False +# c.Authenticator.manage_groups = False + ## An optional hook function that you can implement to do some bootstrapping work # during authentication. For example, loading user account details from an # external system. @@ -1176,20 +1478,20 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" ## Force refresh of auth prior to spawn. # -# This forces :meth:`.refresh_user` to be called prior to launching a server, to -# ensure that auth state is up-to-date. +# This forces :meth:`.refresh_user` to be called prior to launching +# a server, to ensure that auth state is up-to-date. # -# This can be important when e.g. auth tokens that may have expired are passed -# to the spawner via environment variables from auth_state. +# This can be important when e.g. auth tokens that may have expired +# are passed to the spawner via environment variables from auth_state. # -# If refresh_user cannot refresh the user auth data, launch will fail until the -# user logs in again. +# If refresh_user cannot refresh the user auth data, +# launch will fail until the user logs in again. # Default: False # c.Authenticator.refresh_pre_spawn = False ## Dictionary mapping authenticator usernames to JupyterHub users. # -# Primarily used to normalize OAuth user names to local users. +# Primarily used to normalize OAuth user names to local users. # Default: {} # c.Authenticator.username_map = {} @@ -1211,29 +1513,11 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" #------------------------------------------------------------------------------ ## Encapsulate encryption configuration # -# Use via the encryption_config singleton below. +# Use via the encryption_config singleton below. # Default: [] # c.CryptKeeper.keys = [] ## The number of threads to allocate for encryption -# Default: 4 -# c.CryptKeeper.n_threads = 4 - -#------------------------------------------------------------------------------ -# Pagination(Configurable) configuration -#------------------------------------------------------------------------------ -## Default number of entries per page for paginated results. -# Default: 100 -# c.Pagination.default_per_page = 100 - -## Maximum number of entries per page for paginated results. -# Default: 250 -# c.Pagination.max_per_page = 250 - -#------------------------------------------------------------------------------ -# Systemdspawner config -#------------------------------------------------------------------------------ -c.SystemdSpawner.dynamic_users = True -c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}' - +# Default: 2 +# c.CryptKeeper.n_threads = 2 From 872c77d7283d8ee2e94287d6d73e35a3504f4022 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 8 Feb 2023 12:17:19 -0500 Subject: [PATCH 040/937] jupyterhub/README.md: Clarifs & new screenshots --- roles/jupyterhub/README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 583466e04..a9588d3d9 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -9,7 +9,7 @@ * [JupyterHub changelog](https://jupyterhub.readthedocs.io/en/stable/changelog.html#changelog) * Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (unfortunately the login screen doesn't make that clear, but the teacher _does not_ need to be involved!) * A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks). - * The teacher should set and protect JupyterHub's overall `Admin` password, just in case. As with student accounts, the login screen doesn't make that clear — so just log in with username `Admin` — using any password that you want to become permanent. + * The teacher should set and protect JupyterHub's overall `Admin` password, just in case. As with student accounts, the login screen unfortunately doesn't make that clear — so just log in with username `Admin` — using any password that you want to become permanent. * Individual student folders are created in `/var/lib/private/` on the Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. @@ -26,10 +26,11 @@ In some rare circumstances, it may be necessary to restart JupyterHub's systemd sudo systemctl restart jupyterhub ``` -FYI `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated with the usual formula: +FYI `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated (and deactivated) with the usual: ``` source /opt/iiab/jupyterhub/bin/activate +(jupyterhub) root@box:~# deactivate ``` Passwords are hashed using 4096 rounds of the latest Blowfish (bcrypt's $2b$ algorithm) and stored in: @@ -48,13 +49,13 @@ NOTE: This is the only way to change the password for user 'Admin', because Cont The `Admin` user (and any users given `Admin` privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below). This logs the user out, but does not remove any of their data or home directories. The user can then set a new password in the usual way — simply by logging in. Example: -1. As a user with `Admin` privilege, click **Control Panel** in the top right of your JupyterHub: +1. As a user with `Admin` privilege, click **File > Hub Control Panel** in your JupyterHub: - ![Control panel button in notebook, top right](control-panel-button1.png) + ![image](https://user-images.githubusercontent.com/2458907/217602766-ab6a9d3c-9f92-496e-a0e8-6c18a084e960.png) -2. In the Control Panel, open the **Admin** link in the top left: +2. At the top of the Control Panel, click **Admin**: - ![Admin button in control panel, top left](admin-access-button1.png) + ![image](https://user-images.githubusercontent.com/2458907/217602473-f4f9fd40-b4c1-45e1-88c5-54c6d4b604ff.png) This opens up the JupyterHub Admin page, where you can add / delete users, start / stop peoples’ servers and see who is online. From 8d3864090e5c9cd12602e62f89591f1a65dc42c8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 8 Feb 2023 12:47:39 -0500 Subject: [PATCH 041/937] Mention /opt/iiab/jupyterhub (3.1.1) is now ~326 MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 68f909ea7..a34c1afd6 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~271 MB total, after 2 Ansible calls)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~326 MB total, after 2 Ansible calls)" pip: name: - pip From 49bad59d78efcc81d57219fe303be9d25fc3db26 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 8 Feb 2023 13:02:16 -0500 Subject: [PATCH 042/937] Cleaner explanation on top of jupyterhub_config.py.j2 --- roles/jupyterhub/templates/jupyterhub_config.py.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index f8be9a849..32daeb53b 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -1,11 +1,11 @@ -# 2023-02-08 for /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py : +# 2023-02-08 /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py update: # https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html # -# 1) To generate this 1500+ line stub, I ran JupyterHub 3.1.1's: +# 1) To generate this 1500+ line stub, I first ran JupyterHub 3.1.1's: # /opt/iiab/jupyterhub/bin/jupyterhub --generate-config -# 2) I manually inserted 9 of IIAB's 10 legacy custom lines below, from: +# 2) Then I manually inserted 9 of IIAB's 10 legacy custom lines below, from: # grep ^c /opt/iiab/iiab/roles/jupyterhub/templates/jupyterhub_config.py.j2 -# 3) I added the following line on @jvonau's suggestion: (#3475) +# 3) Finally I added the following line on @jvonau's suggestion: (#3475) # c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" From 34effae3685f962772662066d7b9902cb75a586d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 8 Feb 2023 19:26:41 -0500 Subject: [PATCH 043/937] jupyterhub/README.md: Explain logging, via journalctl --- roles/jupyterhub/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index a9588d3d9..6cb72b2fd 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -71,6 +71,20 @@ The `Admin` user (and any users given `Admin` privilege) can reset user password _WARNING: If on login users see "500 : Internal Server Error", you may need to remove ALL files of the form_ `/run/jupyter-johndoe-singleuser` +### Logging + +To see JupyterHub's (typically very long!) log, run: + +``` +journalctl -u jupyterhub.service +``` + +Sometimes other logs might also be available, e.g.: + +``` +journalctl -u jupyter-admin-singleuser.service +``` + ### PAWS/Jupyter Notebooks for Python Beginners While PAWS is a little bit off topic, if you have an interest in Wikipedia, please do see this 23m 42s video ["Intro to PAWS/Jupyter notebooks for Python beginners"](https://www.youtube.com/watch?v=AUZkioRI-aA&list=PLeoTcBlDanyNQXBqI1rVXUqUTSSiuSIXN&index=8) by Chico Venancio, from 2021-06-01. From 7c046c100b4c8f18a27e32df9069fc0ce96b813f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 8 Feb 2023 19:31:20 -0500 Subject: [PATCH 044/937] jupyterhub/README.md: Tighter journalctl logging tips --- roles/jupyterhub/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 6cb72b2fd..45d39ac5c 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -76,13 +76,13 @@ _WARNING: If on login users see "500 : Internal Server Error", you may need to r To see JupyterHub's (typically very long!) log, run: ``` -journalctl -u jupyterhub.service +journalctl -u jupyterhub ``` Sometimes other logs might also be available, e.g.: ``` -journalctl -u jupyter-admin-singleuser.service +journalctl -u jupyter-admin-singleuser ``` ### PAWS/Jupyter Notebooks for Python Beginners From ec9b0b5cba743d3aab4e4da718bc1071c57f6baa Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 8 Feb 2023 21:08:01 -0500 Subject: [PATCH 045/937] jupyterhub/README.md: Clarify "Hub Control Panel" --- roles/jupyterhub/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 45d39ac5c..2ec6a0730 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -43,9 +43,9 @@ Passwords are hashed using 4096 rounds of the latest Blowfish (bcrypt's $2b$ alg Users can change their password by logging in, and then visiting URL: http://box.lan/jupyterhub/auth/change-password -NOTE: This is the only way to change the password for user 'Admin', because Control Panel > Admin (below) does not permit deletion of this account. +NOTE: This is the only way to change the password for user `Admin`, because **File > Hub Control Panel > Admin** (below) does not permit deletion of this account. -### Control Panel > Admin page, to manage other accounts +### Hub Control Panel > Admin page, to manage other accounts The `Admin` user (and any users given `Admin` privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below). This logs the user out, but does not remove any of their data or home directories. The user can then set a new password in the usual way — simply by logging in. Example: From bb85ab918f1b7b607688294a141540882021a86b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 8 Feb 2023 21:18:16 -0500 Subject: [PATCH 046/937] jupyterhub/README.md: File > Hub Control Panel > Admin --- roles/jupyterhub/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 2ec6a0730..a055a55f1 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -45,7 +45,7 @@ Users can change their password by logging in, and then visiting URL: http://box NOTE: This is the only way to change the password for user `Admin`, because **File > Hub Control Panel > Admin** (below) does not permit deletion of this account. -### Hub Control Panel > Admin page, to manage other accounts +### File > Hub Control Panel > Admin, to manage accounts The `Admin` user (and any users given `Admin` privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below). This logs the user out, but does not remove any of their data or home directories. The user can then set a new password in the usual way — simply by logging in. Example: From 5bced2429faaa7101dcf99d766fc99a0b8333d0c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 Feb 2023 21:57:19 -0500 Subject: [PATCH 047/937] jupyterhub_config.py.j2: Remove unused "c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}'" --- roles/jupyterhub/templates/jupyterhub_config.py.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index 32daeb53b..6ff377a7e 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -790,7 +790,6 @@ c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" # c.JupyterHub.spawner_class = 'jupyterhub.spawner.LocalProcessSpawner' c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' c.SystemdSpawner.dynamic_users = True -c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}' ## Path to SSL certificate file for the public facing interface of the proxy # From 9dd6fb252464217365e730eded145684001430c4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 Feb 2023 22:21:45 -0500 Subject: [PATCH 048/937] jupyterhub/README.md: Link to jupyterhub/systemdspawner docs --- roles/jupyterhub/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index a055a55f1..db780e595 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -13,6 +13,7 @@ * Individual student folders are created in `/var/lib/private/` on the Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. + * Linux administrators can read more about JupyterHub's [Local Users](https://github.com/jupyterhub/systemdspawner#local-users) and [c.SystemdSpawner.dynamic_users = True](https://github.com/jupyterhub/systemdspawner#dynamic_users) ### Settings From f8efc93d0a2b1ac7cdcdb05d56d6a4b20c7fefd4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 10 Feb 2023 10:01:32 -0500 Subject: [PATCH 049/937] Clarify jupyterhub_config.py.j2 for #3476: "8 of IIAB's 10 legacy custom lines" --- roles/jupyterhub/templates/jupyterhub_config.py.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index 6ff377a7e..5abc7deb5 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -1,9 +1,9 @@ -# 2023-02-08 /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py update: +# 2023-02-10 /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py update: # https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html # # 1) To generate this 1500+ line stub, I first ran JupyterHub 3.1.1's: # /opt/iiab/jupyterhub/bin/jupyterhub --generate-config -# 2) Then I manually inserted 9 of IIAB's 10 legacy custom lines below, from: +# 2) Then I manually inserted 8 of IIAB's 10 legacy custom lines below, from: # grep ^c /opt/iiab/iiab/roles/jupyterhub/templates/jupyterhub_config.py.j2 # 3) Finally I added the following line on @jvonau's suggestion: (#3475) # c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" From b2e0d45f2de6b0ec7b8439c181ad9dc97b1eb769 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Feb 2023 16:30:31 -0500 Subject: [PATCH 050/937] sugarizer-server-1.5.0 --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index f43f85374..264dbfba0 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -13,7 +13,7 @@ sugarizer_dir_version: sugarizer-1.6.0 # WAS: sugarizer-1.0, sugarizer-master sugarizer_git_version: v1.6.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases -sugarizer_server_dir_version: sugarizer-server-1.4.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0 -sugarizer_server_git_version: v1.4.0 # WAS: v1.0.1, master, dev, f27bf6acd56aba6d99116ef471ca713b0f0dfed3, v1.1.0, v1.1.1, v1.2.0, v1.3.0 +sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 +sugarizer_server_git_version: v1.5.0 # WAS: v1.0.1, master, dev, f27bf6acd56aba6d99116ef471ca713b0f0dfed3, v1.1.0, v1.1.1, v1.2.0, v1.3.0, v1.4.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer-server/commits/dev # AND https://github.com/llaske/sugarizer-server/releases From 64b02509cdff6ec46a4dcb5ce393c9d77aa3e08d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Feb 2023 19:04:43 -0500 Subject: [PATCH 051/937] Update size(s) of /opt/iiab/sugarizer-server 1.5.0 --- roles/sugarizer/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 948c128b7..5e9cf3826 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -61,7 +61,7 @@ # CLARIF: during repeat runs of "./runrole sugarizer", this git sync shows # "changed" (whereas above git sync shows "ok"). Reason: "npm install" # (below) modifies /opt/iiab/sugarizer-server/node_modules -- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~9 MB initially, ~195+ MB later) +- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~16 MB initially, ~227+ MB later) git: repo: https://github.com/llaske/sugarizer-server dest: "{{ iiab_base }}/{{ sugarizer_server_dir_version }}" From 9468d1f83a524afa0ed3c59f7195a587c18f2dca Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 Feb 2023 16:06:31 -0500 Subject: [PATCH 052/937] mediawiki/defaults/main.yml: Version 1.39.2 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 21fd715e1..8043db2fc 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 1 +mediawiki_minor_version: 2 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 7fc222d4953499f5731947665085ef3c7ef8b315 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 24 Feb 2023 16:30:47 -0500 Subject: [PATCH 053/937] Revert jammy to focal for MongoDB 5.0.5 collateral on arm64/aarch64 --- roles/gitea/defaults/main.yml | 2 +- roles/mongodb/defaults/main.yml | 13 ++++++++++++- roles/mongodb/tasks/install.yml | 33 ++++++++++++++++++--------------- 3 files changed, 31 insertions(+), 17 deletions(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 2a620f8cc..938b87252 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -17,7 +17,7 @@ iset_suffixes: armv6l: arm-6 armv7l: arm-6 # "arm-7" used to work, but no longer since 2019-04-20's Gitea 1.8.0: https://github.com/iiab/iiab/issues/1673 https://github.com/iiab/iiab/pull/1713 -- 2019-07-31: ARM7 support will return at some point, according to: https://github.com/go-gitea/gitea/pull/7037#issuecomment-516735216 (what about ARM8 support for RPi 4?) -gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown') }}" +gitea_iset_suffix: "{{ iset_suffixes[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" gitea_integrity_url: "{{ gitea_download_url }}.asc" diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 0cace8905..a5e2455d3 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,7 +20,18 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 6.0 # 2022-10-23: 4.4 fails on Debian 12 x86_64: +mongodb_arch_dict: + armv6l: unsupported # WAS: 3.0 + armv7l: unsupported # WAS: 3.0 + aarch64: 5.0 + i386: unsupported + x86_64: 6.0 + +mongodb_version: "{{ mongodb_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) + +#mongodb_arm64_version: 5.0 # 2023-02-24: MongoDB 6.0.4 fails to install on +# # 64-bit RasPiOS 11, as it doesn't offer libssl3. +#mongodb_amd64_version: 6.0 # 2022-10-23: 4.4 fails on Debian 12 x86_64: # "No package matching 'mongodb-org' is available". 5.0+ fail on "pre-2011" # CPU's w/o AVX, and on RPi due to MongoDB compiling these for v8.2-A (RPi 4 is # ARM v8-A). SO IIAB ALWAYS OVERLAYS andyfelong.com's 5.0.5 IF 5.0+ SPECIFIED. diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 048601b16..82fab2e9a 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -16,6 +16,9 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) +# 2023-02-24: ALL 54 LINES BELOW (e.g. for 32-bit RasPiOS) MAY NEED TO BE +# REMOVED SOON, due to Sugarizer Server 1.5.0's new MongoDB 3.2+ REQUIREMENT: +# https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170 - block: - name: Create dir /tmp/mongodb-3.0.1x (aarch32) file: @@ -71,18 +74,18 @@ # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") -# 32-bit OS's are handled above: this should handle aarch32 including 32-bit +# 32-bit OS's [WERE] handled above: this should handle aarch32 including 32-bit # Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and # 22.04+ 32-bit might fail untested, and 32-bit Intel might puke as this was # orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel # installers for a while now.) 64-bit OS's proceed below. - block: - - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} + - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg - #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg + #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | apt-key add - + #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_version }}.asc | apt-key add - #args: # warn: no # Ansible 2.14 ERROR: @@ -94,15 +97,15 @@ # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 + - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if x86_64 Debian < 12 apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as # this was recently added to https://repo.mongodb.org/apt/debian/dists/ - repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main - #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main + #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main #filename: mongodb-org when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" @@ -117,10 +120,10 @@ # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} + - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_version }} apt_repository: - repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse - #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse + repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse #filename: mongodb-org when: not (is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64") #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') @@ -250,16 +253,16 @@ # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future command: apt-mark hold mongodb-org mongodb-org-server - when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') - - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin unarchive: remote_src: yes src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" dest: /usr/bin - when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') # end block when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" From 57326cebcefbd9ae783369fea0b2fd4df2541868 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Feb 2023 03:42:23 -0500 Subject: [PATCH 054/937] Set WiFi firmware in /lib/firmware/cypress --- roles/firmware/tasks/download.yml | 37 +++++++++++----- roles/firmware/tasks/install.yml | 46 ++++++++++++-------- roles/firmware/templates/iiab-check-firmware | 22 +++++----- vars/default_vars.yml | 6 ++- vars/local_vars_large.yml | 6 ++- vars/local_vars_medium.yml | 6 ++- vars/local_vars_small.yml | 6 ++- 7 files changed, 79 insertions(+), 50 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 949ad3583..ffbd7c6fa 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -1,23 +1,36 @@ -- name: Back up 4 OS-provided WiFi firmware files (or symlinks) to /lib/firmware/brcm/*.orig - copy: - src: /lib/firmware/brcm/{{ item }} - dest: /lib/firmware/brcm/{{ item }}.orig +# 2023-02-24: MONITOR FIRMWARE UPDATES in 3 places especially: +# +# 1. apt changelog firmware-brcm80211 +# https://github.com/RPi-Distro/firmware-nonfree +# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages +# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_* +# 2. apt changelog linux-firmware-raspi +# https://packages.ubuntu.com/search?keywords=linux-firmware-raspi +# 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml + +#- name: Back up 4 OS-provided WiFi firmware files (incl symlink contents) to /lib/firmware/cypress/*.orig +- name: Back up 4 OS-provided WiFi firmware files (or preserve symlinks) to /lib/firmware/cypress/*.orig + # copy: + # src: /lib/firmware/cypress/{{ item }} + # dest: /lib/firmware/cypress/{{ item }}.orig + # local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... + command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig with_items: - - brcmfmac43430-sdio.bin - - brcmfmac43430-sdio.clm_blob - - brcmfmac43455-sdio.bin - - brcmfmac43455-sdio.clm_blob - ignore_errors: yes + - cyfmac43430-sdio.bin + - cyfmac43430-sdio.clm_blob + - cyfmac43455-sdio.bin + - cyfmac43455-sdio.clm_blob + #ignore_errors: yes - name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: url: "{{ iiab_download_url }}/{{ item }}" - dest: /lib/firmware/brcm/ + dest: /lib/firmware/cypress/ timeout: "{{ download_timeout }}" with_items: - - brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin + - brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- SAME AS RASPIOS & UBUNTU'S https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 - - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- SAME AS RASPIOS & UBUNTU'S https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index c0fcfa532..2db1d0bbd 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -4,61 +4,69 @@ # Set 2 symlinks for RPi 3 B+ and 4 (43455) +# COMPARE: update-alternatives --display cyfmac43455-sdio.bin +# https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml#L3-L6 -- name: Populate rpi3bplus_rpi4_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/brcm) +- name: Populate rpi3bplus_rpi4_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/cypress) set_fact: rpi3bplus_rpi4_wifi_firmwares: # Dictionary keys (left side) are always strings, e.g. "19" os: - - brcmfmac43455-sdio.bin.orig - - brcmfmac43455-sdio.clm_blob.orig + - cyfmac43455-sdio.bin.orig # 2023-02-25: 7.45.241 from 2021-11-01 on Ubuntu 22.04.2 too (cyfmac43455-sdio-standard.bin) + - cyfmac43455-sdio.clm_blob.orig # On Ubuntu 22.04.2 too (brcmfmac43455-sdio.clm_blob_2021-11-17_rpi) + ub: + - cyfmac43455-sdio.bin.distrib # 2023-02-25: STALE 7.45.234 from 2021-04-15; on Ubuntu 22.04.2 NOT RasPiOS + - cyfmac43455-sdio.clm_blob.distrib # 4.7K instead of 2.7K w/ above "os" 19: - - brcmfmac43455-sdio.bin_2021-11-30_minimal - - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi + - brcmfmac43455-sdio.bin_2021-11-30_minimal # On Ubuntu 22.04.2 too (cyfmac43455-sdio-minimal.bin) + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # On Ubuntu 22.04.2 too (cyfmac43455-sdio.clm_blob) 24: - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal - - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # On Ubuntu 22.04.2 too (cyfmac43455-sdio.clm_blob) 32: - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 - - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi + - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi # 14K instead of 2.7K w/ above "os" -- name: Symlink /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43455-sdio.bin.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") file: src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }}" - path: /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab + path: /lib/firmware/cypress/cyfmac43455-sdio.bin.iiab state: link force: yes -- name: Symlink /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43455-sdio.clm_blob.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") file: src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }}" - path: /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab + path: /lib/firmware/cypress/cyfmac43455-sdio.clm_blob.iiab state: link force: yes # Set 2 symlinks for RPi Zero W and 3 (43430) -- name: Populate rpizerow_rpi3_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/brcm) +- name: Populate rpizerow_rpi3_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/cypress) set_fact: rpizerow_rpi3_wifi_firmwares: os: - - brcmfmac43430-sdio.bin.orig - - brcmfmac43430-sdio.clm_blob.orig + - cyfmac43430-sdio.bin.orig # 2023-02-25: 7.45.98 from 2021-07-19 on Ubuntu 22.04.2 too + - cyfmac43430-sdio.clm_blob.orig # On Ubuntu 22.04.2 too + ub: + - cyfmac43430-sdio.bin.distrib # 2023-02-25: STALE 7.45.98.118 from 2021-03-30; on Ubuntu 22.04.2 NOT RasPiOS + - cyfmac43430-sdio.clm_blob.distrib # Identical to above 4.7K cyfmac43430-sdio.clm_blob 30: - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 - - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 + - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 # 14K instead of 4.7K w/ above "os" & "ub" -- name: Symlink /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43430-sdio.bin.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") file: src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }}" - path: /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab + path: /lib/firmware/cypress/cyfmac43430-sdio.bin.iiab state: link force: yes -- name: Symlink /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43430-sdio.clm_blob.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") file: src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }}" - path: /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab + path: /lib/firmware/cypress/cyfmac43430-sdio.clm_blob.iiab state: link force: yes diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index b26810440..e47982069 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -14,29 +14,29 @@ iiab_var_value() { } link_fw() { - if [[ $(readlink /lib/firmware/brcm/$1) != $1.iiab ]] ; then - echo - mv /lib/firmware/brcm/$1 /lib/firmware/brcm/$1.$(date +%F-%T) - ln -s $1.iiab /lib/firmware/brcm/$1 - echo -e "\e[1mSymlinked /lib/firmware/brcm/$1 -> $1.iiab\e[0m" - touch /tmp/.fw_modified + if [[ $(readlink /lib/firmware/cypress/$1) != $1.iiab ]] ; then + echo + mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) + ln -s $1.iiab /lib/firmware/cypress/$1 + echo -e "\e[1mSymlinked /lib/firmware/cypress/$1 -> $1.iiab\e[0m" + touch /tmp/.fw_modified fi } if [[ $(iiab_var_value rpi3bplus_rpi4_wifi_firmware) != "os" ]] ; then - link_fw brcmfmac43455-sdio.bin - link_fw brcmfmac43455-sdio.clm_blob + link_fw cyfmac43455-sdio.bin + link_fw cyfmac43455-sdio.clm_blob fi if [[ $(iiab_var_value rpizerow_rpi3_wifi_firmware) != "os" ]] ; then - link_fw brcmfmac43430-sdio.bin - link_fw brcmfmac43430-sdio.clm_blob + link_fw cyfmac43430-sdio.bin + link_fw cyfmac43430-sdio.clm_blob fi if [ -f /tmp/.fw_modified ]; then bash /etc/profile.d/iiab-firmware-warn.sh else - echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/brcm appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" + echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/cypress appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" echo echo -e "\e[100;1m(No reboot appears necessary!)\e[0m" echo diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 122128278..274771ae1 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -131,9 +131,10 @@ hostapd_enabled: True # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -143,7 +144,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1a301ed60..2ea331221 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index e8d8b1f5e..a290fd426 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index aef176b4e..fed0751eb 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi From 4831fd6d7e77ff84eb61c28d609554ce9a4c7d87 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Feb 2023 13:55:41 -0500 Subject: [PATCH 055/937] CLARIF: full backup of symlinks + later "doubly timestamped" symlink contents --- roles/firmware/tasks/download.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index ffbd7c6fa..0285fda80 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -9,18 +9,18 @@ # 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml #- name: Back up 4 OS-provided WiFi firmware files (incl symlink contents) to /lib/firmware/cypress/*.orig -- name: Back up 4 OS-provided WiFi firmware files (or preserve symlinks) to /lib/firmware/cypress/*.orig +- name: Back up 4 OS-provided WiFi firmware files (or replicate symlinks) to /lib/firmware/cypress/*.orig -- NOTE that "doubly timestamped" copies (incl any symlinks' contents!) are ALSO made by iiab-check-firmware -- as firmware install completes # copy: # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig - # local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig + # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... + command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, but so far unnec) with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob - cyfmac43455-sdio.bin - cyfmac43455-sdio.clm_blob - #ignore_errors: yes + #ignore_errors: yes # 2023-02-25: Let's INTENTIONALLY surface any errors, e.g. if any future RasPiOS or Ubuntu-on-Rpi lack some of the above 4 files/links? - name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: From d09046b5015262f0c3ff483b61e4dffca3d25997 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Feb 2023 15:41:08 -0500 Subject: [PATCH 056/937] roles/firmware for WiFi hotspot: Update in-line docs --- roles/firmware/tasks/download.yml | 11 +++++---- roles/firmware/tasks/install.yml | 2 +- roles/firmware/tasks/main.yml | 24 +++++++++++-------- roles/firmware/templates/iiab-check-firmware | 8 +++---- .../templates/gateway/iiab-gen-iptables | 4 ++-- roles/openvpn/templates/iiab-support | 4 ++-- 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 0285fda80..5ef80332d 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -1,9 +1,12 @@ -# 2023-02-24: MONITOR FIRMWARE UPDATES in 3 places especially: +# 2023-02-25: MONITOR FIRMWARE UPDATES in 3 places especially... # # 1. apt changelog firmware-brcm80211 -# https://github.com/RPi-Distro/firmware-nonfree -# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages -# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_* +# https://github.com/RPi-Distro/firmware-nonfree -> debian/config/brcm80211 (brcm, cypress) +# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages (1.1MB text file, look inside for summary of latest firmware-brcm80211) +# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/ -> firmware-brcm80211_* e.g.: +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 +# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20221012-1~bpo11+1+rpt1_all.deb from 2022-11-17 # 2. apt changelog linux-firmware-raspi # https://packages.ubuntu.com/search?keywords=linux-firmware-raspi # 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 2db1d0bbd..6ce042cee 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -81,7 +81,7 @@ - { src: 'iiab-check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } - { src: 'iiab-firmware-warn.sh', dest: '/etc/profile.d/', mode: '0644' } -- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) +- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) -- creating our 2-or-4 key simlink chains e.g. /lib/firmware/cypress/X.{bin|blob} -> /lib/firmware/cypress/X.{bin|blob}.iiab -> CHOSEN-FIRMWARE-FILE-OR-LINK systemd: name: iiab-check-firmware.service daemon_reload: yes diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index 3e33890ba..dfd094acb 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -3,18 +3,22 @@ # client devices that can access your Raspberry Pi's internal WiFi hotspot. # If IIAB's already installed, you should then run 'cd /opt/iiab/iiab' and -# then 'sudo ./runrole firmware' (do run iiab-check-firmware for more tips!) - -# BACKGROUND AS OF 2022-01-10: -# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 -# https://github.com/iiab/iiab/issues/2853#issuecomment-957836892 -# https://github.com/iiab/iiab/pull/3103 -# https://github.com/RPi-Distro/firmware-nonfree/tree/bullseye/debian/config/brcm80211 (brcm, cypress) -# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 -# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 +# then 'sudo ./runrole firmware' (DO RUN iiab-check-firmware FOR MORE TIPS!) +# 2018-2023 Background & Progress: +# +# Raspberry Pi 3 used to support 32 WiFi connections but is now limited to [4-10] +# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# Opinions about Pi 4B/3B+ WiFi features [practical AP firmware for schools!] +# https://github.com/iiab/iiab/issues/2853#issuecomment-957836892 +# RPi WiFi hotspot firmware reliability fix, incl new/better choices for 3B+ & 4 +# https://github.com/iiab/iiab/pull/3103 +# Set WiFi firmware in /lib/firmware/cypress due to RasPiOS & Ubuntu changes +# https://github.com/iiab/iiab/pull/3482 # RISK: What USB 3.0 stick/drive patterns degrade a Raspberry Pi's 2.4GHz WiFi? -# https://github.com/iiab/iiab/issues/2638 +# https://github.com/iiab/iiab/issues/2638 + +# ► SEE "MONITOR FIRMWARE UPDATES in 3 places especially" in tasks/download.yml ◄ - name: Install firmware (for RPi internal WiFi) include_tasks: install.yml diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index e47982069..9da0135af 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -1,10 +1,10 @@ #!/bin/bash -# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml +# 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 -# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN iiab_var_value() { @@ -16,7 +16,7 @@ iiab_var_value() { link_fw() { if [[ $(readlink /lib/firmware/cypress/$1) != $1.iiab ]] ; then echo - mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) + mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) # i.e. "doubly timestamping" to preserve BOTH last-modif & moving date ln -s $1.iiab /lib/firmware/cypress/$1 echo -e "\e[1mSymlinked /lib/firmware/cypress/$1 -> $1.iiab\e[0m" touch /tmp/.fw_modified @@ -36,7 +36,7 @@ fi if [ -f /tmp/.fw_modified ]; then bash /etc/profile.d/iiab-firmware-warn.sh else - echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/cypress appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" + echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/cypress appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#3482\e[0m" echo echo -e "\e[100;1m(No reboot appears necessary!)\e[0m" echo diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index b11cd4fca..0a8b6a80e 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -34,11 +34,11 @@ IPTABLES=/usr/sbin/iptables IPTABLES_DATA=/etc/sysconfig/iptables {% endif %} -# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml +# 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 -# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 4ba4d70a3..1d88a66b4 100755 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -10,11 +10,11 @@ DEBUG=false # Using /usr/bin/true or /usr/bin/false PLAYBOOK="install-support.yml" INVENTORY="ansible_hosts" -# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml +# 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 -# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # PARSE local_vars.yml JUST AS Ansible & /etc/openvpn/scripts/announcer DO: From ae5daf58300e2cfdff24a3bfe22c12f4a6b2c4b4 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Feb 2023 15:52:54 -0500 Subject: [PATCH 057/937] vars/local_vars_unittest.yml: Update WiFi firmware options --- vars/local_vars_unittest.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 533c5657d..721f7e457 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi From c591ed16c32e34f6b2cc5521caf0894cede12625 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Feb 2023 19:17:27 -0500 Subject: [PATCH 058/937] Refine PR #3481: MongoDB for aarch64 Ubuntu 22+ or Debian 12+ --- roles/mongodb/tasks/install.yml | 69 +++++++++++++++++++++++++++++---- 1 file changed, 62 insertions(+), 7 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 82fab2e9a..3f9bd1854 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -16,9 +16,9 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) -# 2023-02-24: ALL 54 LINES BELOW (e.g. for 32-bit RasPiOS) MAY NEED TO BE -# REMOVED SOON, due to Sugarizer Server 1.5.0's new MongoDB 3.2+ REQUIREMENT: -# https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170 +- debug: + msg: '9-STANZA BLOCK BELOW, RUNS *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") -- WILL LIKELY BE REMOVED SOON IN 2023, as MongoDB 3.0.1 is insufficient for Sugarizer Server 1.5.0''s new MongoDB 3.2+ REQUIREMENT: https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170' + - block: - name: Create dir /tmp/mongodb-3.0.1x (aarch32) file: @@ -72,7 +72,10 @@ - /var/log/mongodb # end block - when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") + when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + +- debug: + msg: 9-STANZA BLOCK ABOVE, RAN *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") # 32-bit OS's [WERE] handled above: this should handle aarch32 including 32-bit # Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and @@ -80,6 +83,10 @@ # orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel # installers for a while now.) 64-bit OS's proceed below. + +- debug: + msg: 15-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + - block: - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 @@ -130,6 +137,7 @@ #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') #when: not (is_debian and ansible_architecture == "x86_64") + # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix @@ -141,11 +149,52 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - # 2023-01-19: Retrofitting libssl1.1 onto Ubuntu 22.04+ and Debian 12 is no - # longer nec (certainly on x86_64, and hopefully sufficiently across the - # board?) as MongoDB can finally use libssl3 instead, since 2022-11-15: + # 2023-02-25: RETROFITTING libssl1.1 STILL NEC on Ubuntu 22.04+ and Debian 12+ + # *IF* MongoDB < 6.0 (e.g. RPi, where MongoDB 6.0 is a complete non-starter!) + # + # Whereas libssl1.1 is thankfully NO LONGER NEC on x86_64, where MongoDB can + # finally use libssl3 instead, since 2022-11-15: # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + - debug: + msg: 5-STANZA BLOCK FOLLOWS, TO FORCE INSTALL libssl1.1 -- runs *IF* mandated mongodb_version ({{ mongodb_version }}) < 6.0 (i.e. for aarch64/arm64) on Ubuntu 22.04+ or Debian 12+ -- whereas Linux Mint should never need libssl1.1 + + - block: + + - name: Install OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + when: is_ubuntu + + - name: Install OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + when: is_debian + + - name: Force install libssl1.1 + package: + name: libssl1.1 + state: present + + - name: Remove OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + state: absent + when: is_debian + + - name: Remove OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + state: absent + when: is_ubuntu + + when: mongodb_version is version('6.0', '<') and (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_debian_12 and os_ver is version('debian-12', '>=')) + + - debug: + msg: 5-STANZA BLOCK ABOVE, RAN *IF* FORCED INSTALL OF libssl1.1 WAS NEEDED + # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 # apt_repository: # repo: deb http://security.ubuntu.com/ubuntu focal-security main @@ -189,6 +238,7 @@ # #filename: focal-security # 100% IGNORED during repo deletion # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 # apt_repository: @@ -212,6 +262,7 @@ # filename: mongodb-org # when: is_ubuntu and not is_linuxmint + - name: "Install packages: mongodb-org, mongodb-org-server" package: name: @@ -232,6 +283,7 @@ regexp: '^\s*port:' line: " port: {{ mongodb_port }}" # 27017 + # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 # ...as ARM v8-A < ARM v8.2-A ...also reveals: @@ -267,6 +319,9 @@ # end block when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" +- debug: + msg: 15-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + # 2. CONFIGURE MongoDB FOR IIAB From 314631bb3e7e1950adb6f418b211c324bea980bd Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Feb 2023 21:16:17 -0500 Subject: [PATCH 059/937] roles/firmware: Tighten up in-line explanations --- roles/firmware/tasks/download.yml | 10 +++++----- roles/firmware/tasks/install.yml | 2 +- roles/firmware/templates/iiab-check-firmware | 16 +++++++++++++++- roles/firmware/templates/iiab-firmware-warn.sh | 2 +- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 5ef80332d..5e4027623 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -2,22 +2,22 @@ # # 1. apt changelog firmware-brcm80211 # https://github.com/RPi-Distro/firmware-nonfree -> debian/config/brcm80211 (brcm, cypress) -# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages (1.1MB text file, look inside for summary of latest firmware-brcm80211) -# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/ -> firmware-brcm80211_* e.g.: +# https://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages (1.1MB text file, look inside for summary of latest firmware-brcm80211) +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/ -> firmware-brcm80211_* e.g.: # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 -# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20221012-1~bpo11+1+rpt1_all.deb from 2022-11-17 +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20221012-1~bpo11+1+rpt1_all.deb from 2022-11-17 # 2. apt changelog linux-firmware-raspi # https://packages.ubuntu.com/search?keywords=linux-firmware-raspi # 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml #- name: Back up 4 OS-provided WiFi firmware files (incl symlink contents) to /lib/firmware/cypress/*.orig -- name: Back up 4 OS-provided WiFi firmware files (or replicate symlinks) to /lib/firmware/cypress/*.orig -- NOTE that "doubly timestamped" copies (incl any symlinks' contents!) are ALSO made by iiab-check-firmware -- as firmware install completes +- name: Back up 4 OS-provided WiFi firmware files (replicate any symlinks) to /lib/firmware/cypress/*.orig -- /usr/bin/iiab-check-firmware will later do similar (e.g. as firmware install completes) -- moving 2-or-4 of these to .YYYY-MM-DD-HH:MM:SS ("doubly timestamping" to preserve BOTH last-modif & moving date) # copy: # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, but so far unnec) + command: cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 6ce042cee..4f323ca72 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -81,7 +81,7 @@ - { src: 'iiab-check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } - { src: 'iiab-firmware-warn.sh', dest: '/etc/profile.d/', mode: '0644' } -- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) -- creating our 2-or-4 key simlink chains e.g. /lib/firmware/cypress/X.{bin|blob} -> /lib/firmware/cypress/X.{bin|blob}.iiab -> CHOSEN-FIRMWARE-FILE-OR-LINK +- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) -- finalizing 2-or-4 symlink chains e.g. /lib/firmware/cypress/X.{bin|blob} -> /lib/firmware/cypress/X.{bin|blob}.iiab -> CHOSEN-FIRMWARE-FILE-OR-LINK systemd: name: iiab-check-firmware.service daemon_reload: yes diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index 9da0135af..a7a36a626 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -1,5 +1,19 @@ #!/bin/bash +# The 1st time /usr/bin/iiab-check-firmware runs (at the end of +# firmware/tasks/install.yml) 2-4 lynchpin top links are put in place, +# finalizing symlink chains like: +# +# /lib/firmware/cypress/X.{bin|blob} -> +# /lib/firmware/cypress/X.{bin|blob}.iiab -> +# CHOSEN-FIRMWARE-FILE-OR-LINK +# +# Also backing up top-of-chain originals (file or link!) by moving these to: +# +# /lib/firmware/cypress/.YYYY-MM-DD-HH:MM:SS +# +# NOTE these are "doubly timestamped" to preserve BOTH last-modif & moving date. + # 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 @@ -16,7 +30,7 @@ iiab_var_value() { link_fw() { if [[ $(readlink /lib/firmware/cypress/$1) != $1.iiab ]] ; then echo - mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) # i.e. "doubly timestamping" to preserve BOTH last-modif & moving date + mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) ln -s $1.iiab /lib/firmware/cypress/$1 echo -e "\e[1mSymlinked /lib/firmware/cypress/$1 -> $1.iiab\e[0m" touch /tmp/.fw_modified diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index dd2c34dba..f9507496b 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -1,7 +1,7 @@ #!/bin/bash if [ -f /tmp/.fw_modified ]; then - echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" + echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#3482: PLEASE REBOOT!\e[0m" echo echo -e "If you want this warning to stop, reboot to remove /tmp/.fw_modified\n" fi From 665f403565faf330f4c62be72ac347e84b26f9cf Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Feb 2023 20:20:04 -0500 Subject: [PATCH 060/937] pbx/README.adoc: Louder PHP 7.4 requirement WARNING! --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index bef5c3924..19022571e 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11, or Raspberry Pi OS 11 "Bullseye"]. +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 1165dc715f3dc83165750b8ed60b6c15c819b831 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Feb 2023 20:39:58 -0500 Subject: [PATCH 061/937] pbx/README.adoc: Will FreePBX 17 arrive by ~2024 to solve the PHP 8 dilemma? --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 19022571e..babfde19c 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 7d9e1fc62a8eaf38150c4682e2f5feaa447a6dac Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 28 Feb 2023 09:46:17 -0500 Subject: [PATCH 062/937] Recommend ansible-core 2.14.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 48ed3ff61..8c085a038 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.2] -GOOD_VER=2.14.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.3] +GOOD_VER=2.14.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From ba8ea3c72c99056fcaef1de989b88f277e020eeb Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 1 Mar 2023 14:07:31 -0500 Subject: [PATCH 063/937] README.md: Fix RPi images link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cf71d76e3..a16a4437d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.i Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). -- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. +- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. Our [HOW-TO videos](https://www.youtube.com/channel/UC0cBGCxr_WPBPa3IqPVEe3g) can be very helpful and the [Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) wiki page has more intricate details e.g. if you're trying to install Internet-in-a-Box (IIAB) onto a [another Linux](https://github.com/iiab/iiab/wiki/IIAB-Platforms) that has not yet been tried. From 2786eedcb7396be77e19a897d8712a19d7cd4709 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Mar 2023 21:29:03 -0500 Subject: [PATCH 064/937] MongoDB: Use jammy repo on amd64 (unless Debian 11) --- roles/mongodb/tasks/install.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 3f9bd1854..8286c6aa3 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -85,7 +85,7 @@ - debug: - msg: 15-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + msg: 16-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" - block: - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} @@ -116,7 +116,11 @@ #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main #filename: mongodb-org when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" - #when: is_debian and ansible_architecture == "x86_64" + + - name: Install mongodb-org's Ubuntu jammy source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if other x86_64 OS + apt_repository: + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_version }} multiverse + when: not (is_debian and os_ver is version('debian-12', '<')) and ansible_architecture == "x86_64" # 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on # MongoDB 6.0.3 (released 2022-11-15) instructions here: @@ -127,12 +131,13 @@ # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_version }} + - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=arm64 ] for MongoDB version {{ mongodb_version }} apt_repository: - repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + repo: deb [ arch=arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse #filename: mongodb-org - when: not (is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64") + when: not ansible_architecture == "x86_64" #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') #when: not (is_debian and ansible_architecture == "x86_64") @@ -320,7 +325,7 @@ when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" - debug: - msg: 15-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + msg: 16-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) # 2. CONFIGURE MongoDB FOR IIAB From 12d7397ff746b89088ff0bac04fa0756ac80fb2a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 8 Mar 2023 00:27:22 -0500 Subject: [PATCH 065/937] iiab-diagnostics: Report /lib/firmware/cypress/* not brcm --- scripts/iiab-diagnostics | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f1990d25d..89ddd3311 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -110,10 +110,10 @@ function cat_cmd() { # $1 = command + params, $2 = explanation if [[ $path_cmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else - bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! - #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. + bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/cypress/*43455*' etc! + #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/cypress/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. #eval $1 >> $outfile # Should be identical to below, i.e. insufficient -- "eval" combine ARGs into a single string. - #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT globbing like 'ls -l /lib/firmware/brcm/*43455*' FAILS to output lines w/ filenames that contain spaces (ugly IFS issues!) + #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT globbing like 'ls -l /lib/firmware/cypress/*43455*' FAILS to output lines w/ filenames that contain spaces (ugly IFS issues!) fi echo >> $outfile } @@ -221,8 +221,8 @@ cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' -cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' -cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' cat_cmd 'env' 'Environment variables' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' From bdd08b9b6ddf8ae4d60ea23cdc5e95b05e48efe8 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 15 Mar 2023 17:05:46 -0400 Subject: [PATCH 066/937] Add Haitian Creole as Kolibri's 32nd languages --- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 2ea331221..f146713fc 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -289,7 +289,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a290fd426..bdf2b5bf0 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -289,7 +289,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index fed0751eb..1e662400a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -289,7 +289,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 721f7e457..61bc68071 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -289,7 +289,7 @@ kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: False From 4750badc4eb62273d2ffdf270b06fa73a5bab38c Mon Sep 17 00:00:00 2001 From: root Date: Thu, 16 Mar 2023 21:28:42 -0400 Subject: [PATCH 067/937] Force 'pip install ansible-core' on Python 3.11+ --- scripts/ansible | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 8c085a038..47488d836 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -186,15 +186,15 @@ if uname -m | grep -q 64; then # https://github.com/iiab/iiab/pull/3022 pip3 config --global set global.no-cache-dir false echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 + pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 else # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" # $APT_PATH/apt -y --allow-downgrades install ansible-core pip3 config --global set global.no-cache-dir false echo -e "\n\n'pip3 install cryptography==37.0.4' will now run:\n" - pip3 install cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org + pip3 install --break-system-packages cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 + pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 fi # (Re)running collection installs appears safe, with --force-with-deps to force From 7ce3881f5c58800759ba009b13813de0b902b7ed Mon Sep 17 00:00:00 2001 From: root Date: Fri, 17 Mar 2023 00:42:37 -0400 Subject: [PATCH 068/937] Fix PR #3491 to install ansible-core on all OS's as Python 3.11+ proliferates --- scripts/ansible | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 47488d836..b52cbe743 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -179,24 +179,22 @@ $APT_PATH/apt -y install python3-pip #$APT_PATH/apt -y --allow-downgrades install ansible-core -if uname -m | grep -q 64; then - # 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip - # cache system-wide before installing: - # https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 - # https://github.com/iiab/iiab/pull/3022 - pip3 config --global set global.no-cache-dir false - echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 -else -# echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" -# $APT_PATH/apt -y --allow-downgrades install ansible-core - pip3 config --global set global.no-cache-dir false - echo -e "\n\n'pip3 install cryptography==37.0.4' will now run:\n" - pip3 install --break-system-packages cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org - echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +# 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip +# cache system-wide before installing: +# https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 +# https://github.com/iiab/iiab/pull/3022 +pip3 config --global set global.no-cache-dir false + +if ! uname -m | grep -q 64; then + # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" + # $APT_PATH/apt -y --allow-downgrades install ansible-core + echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" + pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" fi +echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new: https://github.com/pypa/pip/pull/11780 + # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support # explicit upgrading of collections (--upgrade / -U flag) in version "2.11" From 62543814da6047d0c5097d2584aaa93b935347d9 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 17 Mar 2023 00:53:57 -0400 Subject: [PATCH 069/937] scripts/ansible FYI: pip's --break-system-packages is new (Feb 2023) --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index b52cbe743..5caf055df 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -193,7 +193,7 @@ if ! uname -m | grep -q 64; then fi echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 -pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new: https://github.com/pypa/pip/pull/11780 +pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 38e99031d73bdabcd4f657999595e0a919315472 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 17 Mar 2023 06:10:08 -0500 Subject: [PATCH 070/937] virtual env for ansible --- scripts/ansible | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 5caf055df..e308dac6a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -160,10 +160,10 @@ fi ###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' ###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) -echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" +#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" #echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" -$APT_PATH/apt update -$APT_PATH/apt -y install python3-pip +#$APT_PATH/apt update +#$APT_PATH/apt -y install python3-pip # 2021-07-29: # 'python3-packaging' dropped for now @@ -185,15 +185,28 @@ $APT_PATH/apt -y install python3-pip # https://github.com/iiab/iiab/pull/3022 pip3 config --global set global.no-cache-dir false -if ! uname -m | grep -q 64; then +#if ! uname -m | grep -q 64; then # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" # $APT_PATH/apt -y --allow-downgrades install ansible-core - echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" - pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" -fi +# echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" +# pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" +#fi -echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 -pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 +#echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +#pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 + +echo -e "\napt update; apt install python3-venv" +$APT_PATH/apt update +$APT_PATH/apt -y install python3-venv + +echo -e "Create virtual envinronment for ansible" +python3 -m venv /usr/local/ansible +/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core +echo -e "Place ansible on path using symlinks" +cd /usr/local/ansible/bin +for bin in $(ls ansible*); do + ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin +done # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 007df549ab8144c6fbd2b7ba2ec75800b8b23b86 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 17 Mar 2023 17:41:04 -0500 Subject: [PATCH 071/937] Update scripts/ansible Co-authored-by: A Holt --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index e308dac6a..0b88f97f1 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -199,7 +199,7 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -echo -e "Create virtual envinronment for ansible" +echo -e "Create virtual environment for ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "Place ansible on path using symlinks" From d90227e066ff6c0d34c7fc96f9989ddefca6e8b3 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 17 Mar 2023 22:53:22 -0400 Subject: [PATCH 072/937] venv WIP: scripts/ansible & kalite/tasks/install.yml --- roles/kalite/tasks/install.yml | 2 +- scripts/ansible | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 6f359395d..5fb192475 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -15,7 +15,7 @@ name: - python2 - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - - virtualenv # For Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} + - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. diff --git a/scripts/ansible b/scripts/ansible index 0b88f97f1..d3dda04af 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -160,7 +160,7 @@ fi ###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' ###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) -#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" +#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" #echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" #$APT_PATH/apt update #$APT_PATH/apt -y install python3-pip @@ -183,7 +183,7 @@ fi # cache system-wide before installing: # https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 # https://github.com/iiab/iiab/pull/3022 -pip3 config --global set global.no-cache-dir false +#pip3 config --global set global.no-cache-dir false #if ! uname -m | grep -q 64; then # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" @@ -199,10 +199,10 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -echo -e "Create virtual environment for ansible" +echo -e "Create virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core -echo -e "Place ansible on path using symlinks" +echo -e "Create symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in $(ls ansible*); do ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin From e589bbce0f62d013553cae158cf73442a417de85 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 17 Mar 2023 22:59:02 -0400 Subject: [PATCH 073/937] venv WIP: calibre-web/tasks/install.yml packages? --- roles/calibre-web/tasks/install.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 65a88168c..0b5e70c6d 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,6 +3,8 @@ name: - imagemagick - python3-venv + - python3-dev + - build-essential state: present - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails From cfb446479dd7183375c79efbddedef30c9ce7f46 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 17 Mar 2023 23:36:31 -0400 Subject: [PATCH 074/937] venv cleanups: lokole, calibre-web, pip stub for Admin Console --- roles/9-local-addons/tasks/main.yml | 5 +++++ roles/calibre-web/tasks/install.yml | 4 ++-- roles/lokole/tasks/install.yml | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index e8ab5d14b..0a2f800d5 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,6 +42,11 @@ name: pbx when: pbx_install +- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' -- SEE PR #3494 -- REMOVE THIS CODE LATER" + package: + name: python3-pip + state: present + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 0b5e70c6d..1bbb6623b 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,9 +1,9 @@ -- name: "Install packages: imagemagick, python3-venv" +- name: "Install packages: imagemagick, python3-venv, build-essential" package: name: - imagemagick - python3-venv - - python3-dev + #- python3-dev - build-essential state: present diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index a1ea1d357..82d8593ca 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,11 +2,11 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Install 14 packages for Lokole +- name: Install 13 packages for Lokole apt: name: #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact - - python3-pip + #- python3-pip - python3-venv - python3-dev - python3-bcrypt # 2019-10-14: Should work across modern Linux OS's From aad12eb928adf81f0f22d51551ad3e083a586d8a Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Mar 2023 00:27:22 -0400 Subject: [PATCH 075/937] scripts/ansible: Cleaner on-screen output --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index d3dda04af..73fb028e1 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -199,10 +199,10 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -echo -e "Create virtual environment for Ansible" +echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core -echo -e "Create symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" +echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in $(ls ansible*); do ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin From 7db4dc546eee203484e8311ad5c9aa12dfd78025 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Mar 2023 12:25:02 -0400 Subject: [PATCH 076/937] Revert #3422 block of JupyterHub & Caliber-Web on 32-bit HW [should've blocked 32-bit OS's] --- roles/6-generic-apps/tasks/main.yml | 2 +- roles/9-local-addons/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 648991a4f..f43e878f3 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -29,7 +29,7 @@ - name: JUPYTERHUB include_role: name: jupyterhub - when: jupyterhub_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) + when: jupyterhub_install # UNMAINTAINED - name: LOKOLE diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 0a2f800d5..bf983a322 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -27,7 +27,7 @@ - name: CALIBRE-WEB include_role: name: calibre-web - when: calibreweb_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) + when: calibreweb_install # KEEP NEAR THE VERY END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE From 9c28f88cb234a701ea11589582f9070710254b7a Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Mar 2023 12:42:25 -0400 Subject: [PATCH 077/937] 9-local-addons: Install python3-pip 'when: admin_console_install' --- roles/9-local-addons/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index bf983a322..548fac45f 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -46,6 +46,7 @@ package: name: python3-pip state: present + when: admin_console_install - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: From 95d83000335e579f74de691d3e3b121f23308fb7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 18 Mar 2023 19:57:17 -0400 Subject: [PATCH 078/937] 9-local-addons: Stub install python3-jinja2 for Admin Console --- roles/9-local-addons/tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 548fac45f..1b41b0dc7 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,9 +42,11 @@ name: pbx when: pbx_install -- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' -- SEE PR #3494 -- REMOVE THIS CODE LATER" +- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' SEE PR #3494 -- INSTALL python3-jinja2 FOR ADMIN CONSOLE 'js-menu : Post process the downloaded menu defs' SEE PR #3496 -- REMOVE THIS CODE LATER" package: - name: python3-pip + name: + - python3-pip + - python3-jinja2 state: present when: admin_console_install From ec855c2ff945f09aa51cc5ba955f2911f804cc5a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 18 Mar 2023 20:14:03 -0400 Subject: [PATCH 079/937] Document "/usr/local/ansible/bin/pip3 show ansible-core" --- scripts/ansible | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ansible b/scripts/ansible index 73fb028e1..b077bdde7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -229,6 +229,7 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" +echo -e " /usr/local/ansible/bin/pip3 show ansible-core" echo -e " pip3 show ansible-core" echo -e ' apt -a list "ansible*"' echo -e " ansible-galaxy collection list\n" From cf07e3812137ad5ea1b365ed4ee13fbcf33fc60a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 18 Mar 2023 21:33:04 -0400 Subject: [PATCH 080/937] calibre-web/tasks/install.yml: apt pkg 'build-essential' context --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1bbb6623b..0bae3428c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -4,7 +4,7 @@ - imagemagick - python3-venv #- python3-dev - - build-essential + - build-essential # 2023-03-18: Needed (e.g. on Ubuntu 22.04) now that scripts/ansible no longer installs python3-pip state: present - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails From c195613cfeaff7f41e4f4db1027f9a8ca031f9b0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Mar 2023 09:34:27 -0400 Subject: [PATCH 081/937] Update pbx/README.adoc --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index babfde19c..f184df6f3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/wiki/IIAB-8.1-Release-Notes#known-issues[WARNING]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 06ea1ef2bd749bc64e3d8a46e49592571a0027e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Mar 2023 18:17:29 -0400 Subject: [PATCH 082/937] Tighten up 9-local-addons thx to iiab/iiab-admin-console#526 --- roles/9-local-addons/tasks/main.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 1b41b0dc7..f9ea8e20f 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,14 +42,6 @@ name: pbx when: pbx_install -- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' SEE PR #3494 -- INSTALL python3-jinja2 FOR ADMIN CONSOLE 'js-menu : Post process the downloaded menu defs' SEE PR #3496 -- REMOVE THIS CODE LATER" - package: - name: - - python3-pip - - python3-jinja2 - state: present - when: admin_console_install - - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" From abdb67d32a2628ffd7f25ff063b8f3d738fe9ee4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 19 Mar 2023 22:18:48 -0500 Subject: [PATCH 083/937] calibre-web - compiler and header files only when needed --- roles/calibre-web/tasks/install.yml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 0bae3428c..03356fa51 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,10 +3,17 @@ name: - imagemagick - python3-venv - #- python3-dev - - build-essential # 2023-03-18: Needed (e.g. on Ubuntu 22.04) now that scripts/ansible no longer installs python3-pip state: present +# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 +- name: "Install packages: python3-dev, gcc to compile 'netifaces'" + package: + name: + - python3-dev # header files + - gcc # compiler + state: present + when: python_version is version('3.10', '>=') + - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -44,7 +51,7 @@ # ignore_errors: True ## # Implementing this with Ansible command module for now. -- name: Download Calibre-Web dependencies (using pip) into python3 virtual environment {{ calibreweb_venv_path }} +- name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} pip: requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 @@ -95,6 +102,14 @@ backup: yes when: not appdb.stat.exists +# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 +#- name: "Uninstall packages: python3-dev, gcc used to compile 'netifaces'" +# package: +# name: +# - python3-dev # header files +# - gcc # compiler +# state: absent +# when: python_version is version('3.10', '>=') # RECORD Calibre-Web AS INSTALLED From 5bd483c28bc39cab1cfcb289f8fa1cbf4b5aac89 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Mar 2023 08:17:38 -0400 Subject: [PATCH 084/937] gitea/defaults/main.yml: 'gitea_version: 1.19' --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 938b87252..fff7e0b28 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.18 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. +gitea_version: 1.19 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. iset_suffixes: i386: 386 x86_64: amd64 From 7ae63f6a58064979af79304e5c54241b96412ca8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Mar 2023 10:23:46 -0400 Subject: [PATCH 085/937] calibre-web/tasks/install.yml: PR #3498 doc/readability --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 03356fa51..476a426be 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "Install packages: imagemagick, python3-venv, build-essential" +- name: "Install packages: imagemagick, python3-venv" package: name: - imagemagick @@ -111,6 +111,7 @@ # state: absent # when: python_version is version('3.10', '>=') + # RECORD Calibre-Web AS INSTALLED - name: "Set 'calibreweb_installed: True'" From 1b48a2666a38df779707832fda965ee15a13233b Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 Mar 2023 10:57:19 -0400 Subject: [PATCH 086/937] nextcloud/tasks/install.yml: Clarify Nextcloud 26 prereqs (PHP 8.2 now works!) --- roles/nextcloud/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 8fc25cd08..0ce3cd5a3 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -41,7 +41,9 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. -# 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: +# 2023-03-21: Check the latest required AND recommended prereqs below. +# e.g. Nextcloud 26 now allows installation on PHP 8.2: +# https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/25/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation From a61e1b05905007c49626ad6258910da7bc9fc43c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 20 Mar 2023 13:08:59 -0500 Subject: [PATCH 087/937] use --system-site-packages and install package to omit building 'netifaces' wheel --- roles/calibre-web/tasks/install.yml | 30 +++++++++++------------------ 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 476a426be..36c5da0c5 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,19 +1,19 @@ -- name: "Install packages: imagemagick, python3-venv" +- name: "Install packages: imagemagick, python3-venv, python3-netifaces" package: name: - imagemagick - python3-venv + - python3-netifaces state: present # https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 -- name: "Install packages: python3-dev, gcc to compile 'netifaces'" - package: - name: - - python3-dev # header files - - gcc # compiler - state: present - when: python_version is version('3.10', '>=') - +#- name: "Install packages: python3-dev, gcc to compile 'netifaces'" +# package: +# name: +# - python3-dev # header files +# - gcc # compiler +# state: present +# when: python_version is version('3.10', '>=') - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -56,7 +56,8 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv_site_packages: no - virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} + virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} --system-site-packages + # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 # source bin/activate @@ -102,15 +103,6 @@ backup: yes when: not appdb.stat.exists -# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 -#- name: "Uninstall packages: python3-dev, gcc used to compile 'netifaces'" -# package: -# name: -# - python3-dev # header files -# - gcc # compiler -# state: absent -# when: python_version is version('3.10', '>=') - # RECORD Calibre-Web AS INSTALLED From 7365b41680c7b1b7d8620019b3d5d1deb2c1e5bd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 Mar 2023 08:40:29 -0400 Subject: [PATCH 088/937] scripts/ansible: Document new OS's PEP 668 guideline --- scripts/ansible | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index b077bdde7..2eb4cd11d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -199,6 +199,9 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv +# 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask +# that virtual environments (venv) be used to safely isolate pip installs: +# https://peps.python.org/pep-0668 echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core From 8fb14e2cf3c08aaf5e81498c66ee3bef09eae1f3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 Mar 2023 16:54:30 -0400 Subject: [PATCH 089/937] 2-common/tasks/packages.yml: Fix {i2c-tools, python3-pip, python3-venv} docs for #3496 --- roles/2-common/tasks/packages.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 0b33dd637..b694a4194 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -12,7 +12,7 @@ #- exfat-utils # 41kB download: Ditto! See also 'ntfs-3g' below - gawk # 533kB download - htop # 109kB download: RasPiOS installs this regardless - - i2c-tools # 78kB download: RasPiOS installs this regardless -- Low-level bus/chip/register/EEPROM tools e.g. for RTC + - i2c-tools # 78kB download: Low-level bus/chip/register/EEPROM tools e.g. for RTC - logrotate # 67kB download: RasPiOS installs this regardless #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles @@ -22,8 +22,8 @@ #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics - #- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc - #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RasPiOS 10 did not. + #- python3-pip # 337kB download: 2023-03-22: Used to be installed by /opt/iiab/iiab/scripts/ansible -- which would auto-install 'python3-setuptools' and 'python3' etc + #- python3-venv # 1188kB download: 2023-03-22: Already installed by /opt/iiab/iiab/scripts/ansible -- used by roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 no longer auto-installs 'python3-venv' when you install 'python3' - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download From 96323fd1aa74767710389b1a863cadb1b84842b5 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 23 Mar 2023 20:58:42 -0400 Subject: [PATCH 090/937] 2 vars kolibri/defaults -> default_vars; cleaner /etc/passwd homedir --- roles/kolibri/defaults/main.yml | 18 ++++++++++-------- roles/kolibri/tasks/install.yml | 1 + vars/default_vars.yml | 4 +++- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 43f412f79..53b2eaf60 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -3,11 +3,21 @@ # kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +# Kolibri folder to store its data and configuration files. +# kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri + +# kolibri_user: kolibri # Whereas a vanilla install of Kolibri auto-identifies +# and saves a 'desktop-like' user like {iiab-admin, pi} to /etc/kolibri/username +# (generally the user with lowest UID >= 1000) to allow access to USB devices: +# https://kolibri.readthedocs.io/en/latest/install.html#changing-the-owner-of-kolibri-system-service +# https://github.com/learningequality/kolibri-installer-debian/issues/115 + # kolibri_http_port: 8009 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! + # 2019-09-27: Pinning to a particular version is unfortunately NOT supported # with our new apt approach (.deb installer) at this time. # 2019-06-21: Uncomment this pinning line if you want a particular version of @@ -30,19 +40,11 @@ # Corresponding to: # https://launchpad.net/~learningequality/+archive/ubuntu/kolibri -# Kolibri folder to store its data and configuration files. -kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri - kolibri_url_without_slash: /kolibri kolibri_url: "{{ kolibri_url_without_slash }}/" # /kolibri/ kolibri_exec_path: /usr/bin/kolibri -kolibri_user: kolibri # Whereas a vanilla install of Kolibri auto-identifies -# and saves a 'desktop' user like {iiab-admin, pi} to /etc/kolibri/username, -# towards guaranteeing access to USB devices, per: -# https://kolibri.readthedocs.io/en/latest/install.html#changing-the-owner-of-kolibri-system-service - # To populate /library/kolibri with essential/minimum files and dirs. This # provisions Kolibri with facility name, admin acnt / password, preset type, # and language. You can set this to 'False' when reinstalling Kolibri: diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 676358473..d3f5958f7 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -14,6 +14,7 @@ shell: /bin/false system: yes create_home: no + home: "{{ kolibri_home }}" - name: Create directory {{ kolibri_home }} for Kolibri content, configuration, sqlite3 databases ({{ kolibri_user }}:{{ apache_user }}, by default 0755) file: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 274771ae1..f7b02b4b8 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -483,7 +483,9 @@ kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri +kolibri_user: kolibri # WARNING: https://github.com/learningequality/kolibri-installer-debian/issues/115 kolibri_http_port: 8009 # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From 2e5339fee922cc39547277e2020a4c2602a04107 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Mar 2023 21:14:17 -0400 Subject: [PATCH 091/937] Fix doc link "Changing the owner of Kolibri system service" --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 53b2eaf60..d1529fb60 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -9,7 +9,7 @@ # kolibri_user: kolibri # Whereas a vanilla install of Kolibri auto-identifies # and saves a 'desktop-like' user like {iiab-admin, pi} to /etc/kolibri/username # (generally the user with lowest UID >= 1000) to allow access to USB devices: -# https://kolibri.readthedocs.io/en/latest/install.html#changing-the-owner-of-kolibri-system-service +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#changing-the-owner-of-kolibri-system-service # https://github.com/learningequality/kolibri-installer-debian/issues/115 # kolibri_http_port: 8009 From d8fdb75e7c95f605a09e6b7f8beb02eecb6a3084 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 24 Mar 2023 15:51:21 -0400 Subject: [PATCH 092/937] pbx/defaults/main.yml: Try asterisk-20-current.tar.gz --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 1ef7b8125..9d478d0d9 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -22,7 +22,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-19-current.tar.gz +asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From c44c20def3863d8dd2b38d7ec321738885bca64c Mon Sep 17 00:00:00 2001 From: root Date: Fri, 24 Mar 2023 19:02:42 -0400 Subject: [PATCH 093/937] Doc updates for Asterisk 20 & remaining PHP 7.4 OS's --- roles/pbx/README.adoc | 2 +- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f184df6f3..ed2ef9819 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. *PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/wiki/IIAB-8.1-Release-Notes#known-issues[WARNING]).* diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f7b02b4b8..ec4c3f2d4 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -682,7 +682,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index f146713fc..474854821 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index bdf2b5bf0..73e01e154 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 1e662400a..42adebfea 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 61bc68071..ba081c3db 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From aa66c7e11f674abcf71215f6ede31822e022a92b Mon Sep 17 00:00:00 2001 From: root Date: Fri, 24 Mar 2023 19:49:54 -0400 Subject: [PATCH 094/937] TEMPORARY PATCH: Installs older Nextcloud 25 on PHP 7.4 OS's --- roles/nextcloud/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0ce3cd5a3..ce23c1c4c 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -98,6 +98,11 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud +- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP <= 7.4 -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" + set_fact: + nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 + when: php_version is version('7.4', '<=') + - name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" From d2da3f97fad77100c675f1c386207169c0c9a3f0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 25 Mar 2023 07:28:29 -0400 Subject: [PATCH 095/937] pbx/README.adoc: Link to Asterisk Security Advisories --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index ed2ef9819..1edb85822 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -289,6 +289,8 @@ Please also check the "Known Issues" at the bottom of https://github.com/iiab/ii _If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ +. Please see Asterisk's Security Advisories: https://www.asterisk.org/downloads/security-advisories/ + . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + If not, the link:tasks/freepbx.yml#L175-L187[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` From 61a9427e7d9c9d579ef752a3279e5a68e3b5908c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Mar 2023 15:57:45 -0400 Subject: [PATCH 096/937] Clarify /library/kolibri owner recommendation --- roles/kolibri/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index d3f5958f7..a6b5e5b3d 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -158,6 +158,9 @@ become_user: "{{ kolibri_user }}" when: kolibri_provision +# 2023-03-25: Likely overkill (let's strongly consider removing this stanza?) +# Certainly, setting owner (recursively) is advised when moving /library/kolibri : +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#changing-the-owner-of-kolibri-system-service - name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? file: path: "{{ kolibri_home }}" # /library/kolibri From 031e85a62e7fb98fc2d329193896234b61c41a41 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 27 Mar 2023 14:18:50 -0400 Subject: [PATCH 097/937] Recommend ansible-core 2.14.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2eb4cd11d..7c5bbca8c 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.3] -GOOD_VER=2.14.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.4] +GOOD_VER=2.14.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 2a92ef46d0ee9ea28af61cdb658c73ee7bec2549 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 27 Mar 2023 17:38:12 -0400 Subject: [PATCH 098/937] kolibri/tasks/install.yml: Tighten up code & in-line docs --- roles/kolibri/tasks/install.yml | 196 ++++++++++++++++++-------------- 1 file changed, 113 insertions(+), 83 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index a6b5e5b3d..85b63478e 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -4,12 +4,31 @@ # https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/offline.yml # https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/online.yml +# Install Kolibri » Debian/Ubuntu +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html + +# Advanced management +# https://kolibri.readthedocs.io/en/latest/manage/advanced.html + +# Working with Kolibri from the command line +# https://kolibri.readthedocs.io/en/latest/manage/command_line.html + +# Customize Kolibri settings with the [ /library/kolibri/options.ini ] file +# https://kolibri.readthedocs.io/en/latest/manage/options_ini.html + +# Test Kolibri server performance +# https://kolibri.readthedocs.io/en/latest/manage/performance.html + +# Provisioning many servers +# https://kolibri.readthedocs.io/en/latest/install/provision.html + + - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" groups: - "{{ apache_user }}" - - disk + - disk # 2023-03-27: IS THIS REALLY NECESSARY? state: present shell: /bin/false system: yes @@ -39,83 +58,86 @@ dest: /etc/kolibri/daemon.conf -- name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html claims: +# "When you use the PPA installation method, upgrades to newer versions +# will be automatic, provided there is internet access available." +# +# IN REALITY: apt upgrading Kolibri is messy, as up-to-5 debconf screens prompt +# PPL WHO DON'T KNOW with the wrong default username, instead of 'kolibri' :/ +# https://github.com/learningequality/kolibri-installer-debian/pull/117 + +# 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 +- name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg + shell: | + gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + +- name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 + +- name: Add signed Kolibri PPA 'focal' (if other/older OS's) + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" + when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) + #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) + +# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) +# apt_repository: +# repo: ppa:learningequality/kolibri +# when: is_ubuntu and not is_linuxmint + +# 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on +# Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) +# BUT equivalent Ansible command (STANZA ABOVE) failed with error... +# "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file." +# ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!) + +# 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks +# about the warning below, arising no matter if codename is 'focal' or 'jammy' +# with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version': +# +# /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release +# warnings.warn( + +# 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also +# want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg + +# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) +# apt_repository: +# repo: ppa:learningequality/kolibri +# codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? +# when: is_linuxmint_21 + +# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) +# apt_repository: +# repo: ppa:learningequality/kolibri +# codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) +# when: is_debian or is_linuxmint_20 + +- name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) + apt: + name: kolibri + when: kolibri_deb_url is undefined + # environment: + # KOLIBRI_HOME: "{{ kolibri_home }}" # 2023-03-27: These don't do a thing + # KOLIBRI_USER: "{{ kolibri_user }}" # for now. + +- name: apt install {{ kolibri_deb_url }} (if kolibri_deb_url IS defined) apt: deb: "{{ kolibri_deb_url }}" # e.g. https://learningequality.org/r/kolibri-deb-latest - environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but - KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later when: kolibri_deb_url is defined + # environment: + # KOLIBRI_HOME: "{{ kolibri_home }}" # 2023-03-27: These don't do a thing + # KOLIBRI_USER: "{{ kolibri_user }}" # for now. -- block: # ELSE... - - # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html says: - # "When you use the PPA installation method, upgrades to newer versions - # will be automatic, provided there is internet access available." - # - # IN REALITY: apt upgrading Kolibri is risky, as 3 pink/blue screens prompt - # PPL WHO DON'T KNOW TO TYPE IN things like Linux username 'kolibri' :/ #3356 - - # 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 - - name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg - shell: | - gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 - gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 - - - name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 - - - name: Add signed Kolibri PPA 'focal' (if other/older OS's) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" - when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) - #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) - - # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) - # apt_repository: - # repo: ppa:learningequality/kolibri - # when: is_ubuntu and not is_linuxmint - - # 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on - # Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) - # BUT equivalent Ansible command (STANZA ABOVE) failed with error... - # "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file." - # ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!) - - # 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks - # about the warning below, arising no matter if codename is 'focal' or 'jammy' - # with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version': - # - # /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release - # warnings.warn( - - # 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also - # want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg - - # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) - # apt_repository: - # repo: ppa:learningequality/kolibri - # codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? - # when: is_linuxmint_21 - - # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) - # apt_repository: - # repo: ppa:learningequality/kolibri - # codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) - # when: is_debian or is_linuxmint_20 - - - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri - apt: - name: kolibri - environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but - KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later - - when: kolibri_deb_url is undefined +- name: Run 'rm -rf /root/.kolibri' to remove "unavoidable" pollution created above + file: + state: absent + path: /root/.kolibri - name: 'Install from template: /etc/systemd/system/kolibri.service' template: @@ -124,8 +146,8 @@ - name: Stop 'kolibri' systemd service, for Kolibri provisioning (after daemon_reload) systemd: - name: kolibri daemon_reload: yes + name: kolibri state: stopped @@ -146,9 +168,13 @@ # become_user: "{{ kolibri_user }}" # when: kolibri_provision +# Run "kolibri manage help provisiondevice" to see CLI options, e.g.: +# --facility_settings FACILITY_SETTINGS +# JSON file containing facility settings +# --device_settings DEVICE_SETTINGS +# JSON file containing device settings - name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language' shell: > - export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" @@ -157,18 +183,22 @@ become: yes become_user: "{{ kolibri_user }}" when: kolibri_provision + environment: + KOLIBRI_HOME: "{{ kolibri_home }}" # 2023-03-27: Required! + #KOLIBRI_USER: "{{ kolibri_user }}" # 2023-03-27: Not nec due to /etc/kolibri/username ? + # 2023-03-25: Likely overkill (let's strongly consider removing this stanza?) # Certainly, setting owner (recursively) is advised when moving /library/kolibri : # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#changing-the-owner-of-kolibri-system-service -- name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? - file: - path: "{{ kolibri_home }}" # /library/kolibri - owner: "{{ kolibri_user }}" # kolibri - group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) - recurse: yes - when: kolibri_provision - +# 2023-03-27: Commented out on a provisional basis (Spring Cleaning) +# - name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? +# file: +# path: "{{ kolibri_home }}" # /library/kolibri +# owner: "{{ kolibri_user }}" # kolibri +# group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) +# recurse: yes +# when: kolibri_provision # 2019-10-07: Moved to roles/httpd/tasks/main.yml # 2019-09-29: roles/kiwix/tasks/kiwix_install.yml installs 4 Apache modules From 190ac34bd99014dad4762534fd4c7a4bc81ff542 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 28 Mar 2023 01:23:29 -0400 Subject: [PATCH 099/937] Mention group disk "Mostly equivalent to root access" --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 85b63478e..e27a66510 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -28,7 +28,7 @@ name: "{{ kolibri_user }}" groups: - "{{ apache_user }}" - - disk # 2023-03-27: IS THIS REALLY NECESSARY? + - disk # 2023-03-27: IS THIS REALLY NECESSARY? Unclear. "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups state: present shell: /bin/false system: yes From f878107fec98f6e5f009ed7282b288e64befa1f0 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Mar 2023 15:56:14 -0400 Subject: [PATCH 100/937] Toughen doc URLs with %3F (instead of .3F) --- roles/4-server-options/README.rst | 4 ++-- roles/cups/README.md | 2 +- roles/kolibri/README.rst | 2 +- roles/matomo/README.adoc | 2 +- roles/nextcloud/README.md | 2 +- roles/nodered/README.rst | 2 +- roles/osm-vector-maps/README.md | 4 ++-- roles/pbx/README.adoc | 8 ++++---- roles/pbx/README.rst.unused | 6 +++--- roles/phpmyadmin/README.md | 2 +- roles/remoteit/README.md | 4 ++-- roles/samba/README.rst | 2 +- roles/usb_lib/README.rst | 2 +- 13 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index 6355f85e7..11458d97e 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -2,7 +2,7 @@ 4-server-options README ======================= -Whereas 3-base-server installs critical packages needed by all, this 4th `stage `_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml `_ +Whereas 3-base-server installs critical packages needed by all, this 4th `stage `_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml `_ This includes more networking fundamentals, that may further be configured later on. @@ -11,7 +11,7 @@ Specifically, these might be installed: - Python libraries - SSH daemon - Bluetooth for Raspberry Pi -- Instant-sharing of `USB stick content `_ +- Instant-sharing of `USB stick content `_ - CUPS Printing - Samba for Windows filesystems - `www_options `_ diff --git a/roles/cups/README.md b/roles/cups/README.md index 6cf926c88..cd727be5f 100644 --- a/roles/cups/README.md +++ b/roles/cups/README.md @@ -8,7 +8,7 @@ This can be useful if a printer is attached to your IIAB — so student/teac ## Using it -Make sure your IIAB was installed with these 2 lines in [/etc/iiab/local_vars.yml](http://faq.iiab.io/#What_is_local_vars.yml_and_how_do_I_customize_it.3F) : +Make sure your IIAB was installed with these 2 lines in [/etc/iiab/local_vars.yml](http://faq.iiab.io/#What_is_local_vars.yml_and_how_do_I_customize_it%3F) : ``` cups_install: True diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 803ad433e..ff3777519 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -24,7 +24,7 @@ Please look in `/opt/iiab/iiab/roles/kolibri/defaults/main.yml `_) the installation will set up the following defaults:: +When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml `_) the installation will set up the following defaults:: kolibri_facility: Kolibri-in-a-Box kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 7bef1f07e..88a558407 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -4,7 +4,7 @@ https://matomo.org/[Matomo] is a web analytics alternative to Google Analytics, == Install it -Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] +Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] One way to do that is by changing these 2 lines: diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 28aed5472..2e346a16f 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -14,7 +14,7 @@ The Nextcloud suite is divided into three main categories: ## Install It -(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F) prior to installing Internet-in-a-Box: +(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it%3F) prior to installing Internet-in-a-Box: nextcloud_install: True nextcloud_enabled: True diff --git a/roles/nodered/README.rst b/roles/nodered/README.rst index aa3dc3236..769905f7f 100644 --- a/roles/nodered/README.rst +++ b/roles/nodered/README.rst @@ -9,7 +9,7 @@ Node-RED is a flow-based development tool for visual programming developed origi Using It -------- -Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: +Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: nodered_install: True nodered_enabled: True diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index b87a11dd1..030c411b8 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -18,8 +18,8 @@ 3. Multiple Hi-Res Satellite Photo Regions can be downloaded/installed (one "square" region at a time, thankfully duplicate disk space is avoided when such "squares" overlap!) 4. Some variables have newer meanings: - 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) means install the map program and 7 basic levels of zoom (48MB for OSM + 25 MB for satellite photos). - 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) is once again standardized, solving #2484 install delays. + 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) means install the map program and 7 basic levels of zoom (48MB for OSM + 25 MB for satellite photos). + 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) is once again standardized, solving #2484 install delays. 3. `osm_vector_maps_installed` in `/etc/iiab/iiab_state.yml` means a functioning world map with 7 levels of zoom (z0-z6) has been installed — i.e. a preview of IIAB's mapping system that helps you select Maps Pack(s) and Hi-Res Satellite Photo Region(s) to download and install on your IIAB. (SEE 1. ABOVE) 5. **Drag-and-Drop Map Overlays** — try this by dragging and dropping any relevant GeoJSON file onto the IIAB Maps (http://box/maps) in your browser! For example try this GeoJSON file, to explore the shape of gerrymandered US Congressional districts: https://eric.clst.org/assets/wiki/uploads/Stuff/gz_2010_us_500_11_20m.json diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 1edb85822..360dc3499 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -34,7 +34,7 @@ https://en.wikipedia.org/wiki/FreePBX[FreePBX] is a web-based open source GUI (g Edit /etc/iiab/local_vars.yml to customize your Internet-in-a-Box? [Y/n] ---- + -Accept the challenge! Make sure your IIAB configuration file (https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]) contains: +Accept the challenge! Make sure your IIAB configuration file (https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml]) contains: + ---- pbx_install: True @@ -43,7 +43,7 @@ pbx_enabled: True + FreePBX can be used with either or both web servers, NGINX on port 80 (as is new) and/or Apache on port 83 (as is traditional). + -If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB: +If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] prior to installing IIAB: + ---- pbx_use_apache: False @@ -307,9 +307,9 @@ Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on //// == Raspberry Pi Known Issues -As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. +As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. -It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support.3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] +It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] //// diff --git a/roles/pbx/README.rst.unused b/roles/pbx/README.rst.unused index 19371b11e..867b7e876 100644 --- a/roles/pbx/README.rst.unused +++ b/roles/pbx/README.rst.unused @@ -33,7 +33,7 @@ FreePBX is a web-based open source GUI (graphical user interface) that controls Using It -------- -Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: +Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: pbx_install: True pbx_enabled: True @@ -159,9 +159,9 @@ Some useful asterisk commands and information Raspberry Pi Known Issues ------------------------- -|ss| As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a `BIG-sized `_ install of IIAB 6.7 on RPi 3 or RPi 3 B+. +|ss| As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a `BIG-sized `_ install of IIAB 6.7 on RPi 3 or RPi 3 B+. -It is possible that FreePBX restarts much more reliably when run on a MIN-sized install of IIAB? Please `contact us `_ if you can assist here in any way: `#1493 `_ |se| +It is possible that FreePBX restarts much more reliably when run on a MIN-sized install of IIAB? Please `contact us `_ if you can assist here in any way: `#1493 `_ |se| Raspberry Pi Zero W Warning --------------------------- diff --git a/roles/phpmyadmin/README.md b/roles/phpmyadmin/README.md index a742f8c9d..379812957 100644 --- a/roles/phpmyadmin/README.md +++ b/roles/phpmyadmin/README.md @@ -8,7 +8,7 @@ 2. phpMyAdmin, because it is a browser-based HTML PHP application, is limited in what it can do, and what it can access — until the "root" user creates users and access privileges, as mentioned above. (HTML servers always run with very low privileges) #### Installing phpMyAdmin -1. First, a user will need to set `phpmyadmin_install: True` and `phpmyadmin_enabled: True` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) +1. First, a user will need to set `phpmyadmin_install: True` and `phpmyadmin_enabled: True` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) 2. Then install IIAB. Or if IIAB is already installed, run: ``` cd /opt/iiab/iiab diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 5a7cf8bbb..8a58110fb 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -43,7 +43,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 2. If your IIAB software is already installed, run `sudo iiab-remoteit` then skip to Step 5. below. -3. If your IIAB software isn't yet installed, set `remoteit_install` and `remoteit_enabled` to `True` in its [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) +3. If your IIAB software isn't yet installed, set `remoteit_install` and `remoteit_enabled` to `True` in its [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) Install [IIAB software](https://download.iiab.io/) e.g. by running `sudo iiab` then follow any on-screen instructions — until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. --> @@ -98,7 +98,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 1. Copy your remote.it account _license key_ from their Desktop Application (https://remote.it/download/) or from their Web Portal (https://remote.it) — as shown in this [screenshot](https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account#3.-user-receives-the-device-and-registers-his-account). - Paste it into your IIAB's [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) as in this example: + Paste it into your IIAB's [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) as in this example: ``` remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 diff --git a/roles/samba/README.rst b/roles/samba/README.rst index ff9296f4c..197448760 100644 --- a/roles/samba/README.rst +++ b/roles/samba/README.rst @@ -3,7 +3,7 @@ Samba README Do you want your Internet-in-a-Box (IIAB) to act as a file server for your classroom or school? -If `Samba `_ is installed and enabled as part of your IIAB's `/etc/iiab/local_vars.yml `_, your IIAB server can advertise a shared "public" folder, available to Windows PC's and laptops on your network. +If `Samba `_ is installed and enabled as part of your IIAB's `/etc/iiab/local_vars.yml `_, your IIAB server can advertise a shared "public" folder, available to Windows PC's and laptops on your network. Default Permissions ------------------- diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 439fa9c86..c27dc0e53 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) `_ documentation: From b7ca3dcc2b46a2fca8003e951a36bc81c584a788 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Mar 2023 16:22:20 -0400 Subject: [PATCH 101/937] New Sugarizer 1.7.0 --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 264dbfba0..925e087b6 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -9,8 +9,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -sugarizer_dir_version: sugarizer-1.6.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0 -sugarizer_git_version: v1.6.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0 +sugarizer_dir_version: sugarizer-1.7.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0 +sugarizer_git_version: v1.7.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 From 0f9c6f29f31405822fb22d4be9924eea479d52dd Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Mar 2023 16:19:27 -0400 Subject: [PATCH 102/937] Remove KOLIBRI_USER (kolibri) secondary group 'disk' --- roles/kolibri/tasks/install.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index e27a66510..df74817e4 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -26,9 +26,8 @@ - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" - groups: - - "{{ apache_user }}" - - disk # 2023-03-27: IS THIS REALLY NECESSARY? Unclear. "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups + groups: "{{ apache_user }}" # 2023-03-29: Not really necessary (Kolibri is demonstrated to work without group 'www-data'). But it likely doesn't hurt. + #- disk # 2023-03-29: Tested to be unnec with USB sticks (with 64-bit RasPiOS). FWIW group 'disk' is "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups state: present shell: /bin/false system: yes From 85a8dd5c8fe2b2c5ea5e9346b006ba3cd3bec3da Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Mar 2023 16:59:06 -0400 Subject: [PATCH 103/937] mediawiki/defaults/main.yml: Version 1.39.3 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 8043db2fc..16943b39a 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 2 +mediawiki_minor_version: 3 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From faa4145d657593a69bae1c45480b7b6e2f1f90e8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Mar 2023 17:53:29 -0500 Subject: [PATCH 104/937] mongodb - lockout RasPiOS-32bit --- roles/mongodb/tasks/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 748493c68..4403bed93 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -34,19 +34,19 @@ var: is_debian - debug: var: is_raspbian - -# # might be able to lift this once we know using bionic would work -# - name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64 -# fail: # FORCE IT RED THIS ONCE! -# msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) -# when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian -# ignore_errors: yes - -# ELSE... - +- debug: + var: dpkg_arch +- debug: + var: mongodb_version - block: + - name: EXIT 'mongodb' ROLE & CONTINUE, when 32bit RasPiOS is in use or 'unsupported' + fail: # FORCE IT RED THIS ONCE! + msg: ATTEMPTED MongoDB INSTALLATION WITH 32bit RasPiOS, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) + when: (mongodb_version == "unsupported") or (dpkg_arch == "armhf") + +# ELSE... - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: mongodb_installed is undefined From dcad86f6d17d86f88b92a80f5a7ffea3373546c4 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 31 Mar 2023 09:39:53 -0400 Subject: [PATCH 105/937] Block install of MongoDB on 32-bit RasPiOS --- roles/mongodb/tasks/install.yml | 552 ++++++++++++++++---------------- roles/mongodb/tasks/main.yml | 15 +- test.yml | 10 + 3 files changed, 295 insertions(+), 282 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 8286c6aa3..eb5d8b345 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -16,66 +16,66 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) -- debug: - msg: '9-STANZA BLOCK BELOW, RUNS *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") -- WILL LIKELY BE REMOVED SOON IN 2023, as MongoDB 3.0.1 is insufficient for Sugarizer Server 1.5.0''s new MongoDB 3.2+ REQUIREMENT: https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170' +# - debug: +# msg: '9-STANZA BLOCK BELOW, RUNS *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") -- WILL LIKELY BE REMOVED SOON IN 2023, as MongoDB 3.0.1 is insufficient for Sugarizer Server 1.5.0''s new MongoDB 3.2+ REQUIREMENT: https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170' -- block: - - name: Create dir /tmp/mongodb-3.0.1x (aarch32) - file: - path: /tmp/mongodb-3.0.1x - state: directory +# - block: +# - name: Create dir /tmp/mongodb-3.0.1x (aarch32) +# file: +# path: /tmp/mongodb-3.0.1x +# state: directory - - name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) - unarchive: - remote_src: yes - src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages - dest: /tmp/mongodb-3.0.1x +# - name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) +# unarchive: +# remote_src: yes +# src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages +# dest: /tmp/mongodb-3.0.1x - - name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32) - shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin +# - name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32) +# shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin - - name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) - unarchive: - remote_src: yes - src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" - dest: /tmp/mongodb-3.0.1x +# - name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) +# unarchive: +# remote_src: yes +# src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" +# dest: /tmp/mongodb-3.0.1x - - name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (aarch32) - shell: mv /tmp/mongodb-3.0.1x/tools/* /usr/bin +# - name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (aarch32) +# shell: mv /tmp/mongodb-3.0.1x/tools/* /usr/bin - - name: Create Linux group mongodb (aarch32) - group: - name: mongodb - state: present +# - name: Create Linux group mongodb (aarch32) +# group: +# name: mongodb +# state: present - - name: Create Linux user mongodb (aarch32) - user: - name: mongodb - group: mongodb # primary group - groups: mongodb - home: /var/lib/mongodb - shell: /usr/sbin/nologin +# - name: Create Linux user mongodb (aarch32) +# user: +# name: mongodb +# group: mongodb # primary group +# groups: mongodb +# home: /var/lib/mongodb +# shell: /usr/sbin/nologin - - name: Install {{ mongodb_conf }} from template (aarch32) - template: - src: mongod.conf.j2 - dest: "{{ mongodb_conf }}" # /etc/mongod.conf +# - name: Install {{ mongodb_conf }} from template (aarch32) +# template: +# src: mongod.conf.j2 +# dest: "{{ mongodb_conf }}" # /etc/mongod.conf - - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)' - file: - state: directory - path: "{{ item }}" - owner: mongodb - group: mongodb - with_items: - - /var/lib/mongodb - - /var/log/mongodb +# - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)' +# file: +# state: directory +# path: "{{ item }}" +# owner: mongodb +# group: mongodb +# with_items: +# - /var/lib/mongodb +# - /var/log/mongodb - # end block - when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) +# # end block +# when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) -- debug: - msg: 9-STANZA BLOCK ABOVE, RAN *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") +# - debug: +# msg: 9-STANZA BLOCK ABOVE, RAN *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") # 32-bit OS's [WERE] handled above: this should handle aarch32 including 32-bit # Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and @@ -84,248 +84,248 @@ # installers for a while now.) 64-bit OS's proceed below. +# - debug: +# msg: 16-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + +# - block: +- name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg + #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | apt-key add - + #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_version }}.asc | apt-key add - + #args: + # warn: no + # Ansible 2.14 ERROR: + # "Unsupported parameters for (ansible.legacy.command) module: warn. + # Supported parameters include: removes, strip_empty_ends, _raw_params, + # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." + +# 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their +# MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, +# LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. +# -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? +- name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if x86_64 Debian < 12 + apt_repository: + # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ + # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye + # 11 and Bookworm 12 (testing branch) revert to buster for now: + # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as + # this was recently added to https://repo.mongodb.org/apt/debian/dists/ + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main + #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main + #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main + #filename: mongodb-org + when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" + +- name: Install mongodb-org's Ubuntu jammy source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if other x86_64 OS + apt_repository: + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_version }} multiverse + when: not (is_debian and os_ver is version('debian-12', '<')) and ansible_architecture == "x86_64" + +# 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on +# MongoDB 6.0.3 (released 2022-11-15) instructions here: +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 +# WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 +# IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR +# MongoDB 5.0, tested 2022-06-07 ~116 lines below). Though MongoDB 6.0.3+ on +# 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: +# https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ +# So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) +- name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=arm64 ] for MongoDB version {{ mongodb_version }} + apt_repository: + repo: deb [ arch=arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #filename: mongodb-org + when: not ansible_architecture == "x86_64" + #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') + #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') + #when: not (is_debian and ansible_architecture == "x86_64") + + +# 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; +# as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS +# BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix +# may be backported to 6.0, according to 2022-09-29 "official" gossip here...) +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 +# https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 +# echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list +# sudo apt-get update +# sudo apt-get install libssl1.1 +# rm /etc/apt/sources.list.d/focal-security.list + +# 2023-02-25: RETROFITTING libssl1.1 STILL NEC on Ubuntu 22.04+ and Debian 12+ +# *IF* MongoDB < 6.0 (e.g. RPi, where MongoDB 6.0 is a complete non-starter!) +# +# Whereas libssl1.1 is thankfully NO LONGER NEC on x86_64, where MongoDB can +# finally use libssl3 instead, since 2022-11-15: +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + - debug: - msg: 16-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + msg: 5-STANZA BLOCK FOLLOWS, TO FORCE INSTALL libssl1.1 -- runs *IF* mandated mongodb_version ({{ mongodb_version }}) < 6.0 (i.e. for aarch64/arm64) on Ubuntu 22.04+ or Debian 12+ -- whereas Linux Mint should never need libssl1.1 - block: - - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg - #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | apt-key add - - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_version }}.asc | apt-key add - - #args: - # warn: no - # Ansible 2.14 ERROR: - # "Unsupported parameters for (ansible.legacy.command) module: warn. - # Supported parameters include: removes, strip_empty_ends, _raw_params, - # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." - # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their - # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. - # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if x86_64 Debian < 12 + - name: Install OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu apt_repository: - # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ - # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye - # 11 and Bookworm 12 (testing branch) revert to buster for now: - # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as - # this was recently added to https://repo.mongodb.org/apt/debian/dists/ - repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main - #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main - #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main - #filename: mongodb-org - when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + when: is_ubuntu - - name: Install mongodb-org's Ubuntu jammy source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if other x86_64 OS + - name: Install OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian apt_repository: - repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_version }} multiverse - when: not (is_debian and os_ver is version('debian-12', '<')) and ansible_architecture == "x86_64" + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + when: is_debian - # 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on - # MongoDB 6.0.3 (released 2022-11-15) instructions here: - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 - # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR - # MongoDB 5.0, tested 2022-06-07 ~116 lines below). Though MongoDB 6.0.3+ on - # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: - # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ - # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=arm64 ] for MongoDB version {{ mongodb_version }} - apt_repository: - repo: deb [ arch=arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse - #repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse - #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse - #filename: mongodb-org - when: not ansible_architecture == "x86_64" - #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') - #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') - #when: not (is_debian and ansible_architecture == "x86_64") - - - # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; - # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS - # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix - # may be backported to 6.0, according to 2022-09-29 "official" gossip here...) - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 - # https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 - # echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list - # sudo apt-get update - # sudo apt-get install libssl1.1 - # rm /etc/apt/sources.list.d/focal-security.list - - # 2023-02-25: RETROFITTING libssl1.1 STILL NEC on Ubuntu 22.04+ and Debian 12+ - # *IF* MongoDB < 6.0 (e.g. RPi, where MongoDB 6.0 is a complete non-starter!) - # - # Whereas libssl1.1 is thankfully NO LONGER NEC on x86_64, where MongoDB can - # finally use libssl3 instead, since 2022-11-15: - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - - - debug: - msg: 5-STANZA BLOCK FOLLOWS, TO FORCE INSTALL libssl1.1 -- runs *IF* mandated mongodb_version ({{ mongodb_version }}) < 6.0 (i.e. for aarch64/arm64) on Ubuntu 22.04+ or Debian 12+ -- whereas Linux Mint should never need libssl1.1 - - - block: - - - name: Install OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - when: is_ubuntu - - - name: Install OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - when: is_debian - - - name: Force install libssl1.1 - package: - name: libssl1.1 - state: present - - - name: Remove OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - state: absent - when: is_debian - - - name: Remove OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - state: absent - when: is_ubuntu - - when: mongodb_version is version('6.0', '<') and (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_debian_12 and os_ver is version('debian-12', '>=')) - - - debug: - msg: 5-STANZA BLOCK ABOVE, RAN *IF* FORCED INSTALL OF libssl1.1 WAS NEEDED - - # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - # apt_repository: - # repo: deb http://security.ubuntu.com/ubuntu focal-security main - # #filename: focal-security # If filename focal-security.list is preferred - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 - - # - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - # apt_repository: - # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - - # - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - # apt_repository: - # repo: deb http://security.debian.org/debian-security bullseye-security main - # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - # when: is_debian_12 - - # - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) - # package: - # name: libssl1.1 - # state: present - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - - # - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - # apt_repository: - # repo: deb http://security.debian.org/debian-security bullseye-security main - # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - # state: absent - # when: is_debian_12 - - # - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - # apt_repository: - # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - # state: absent - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - - # - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - # apt_repository: - # repo: deb http://security.ubuntu.com/ubuntu focal-security main - # state: absent - # #filename: focal-security # 100% IGNORED during repo deletion - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 - - - # # Debian 10 aarch64 might work below but is blocked in main.yml - # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 - # apt_repository: - # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # filename: mongodb-org - # when: is_raspbian and ansible_architecture == "aarch64" - - # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only - # apt_repository: - # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # filename: mongodb-org - # when: is_linuxmint - - # - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only - # apt_repository: - # # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only - # # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} - # # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: - # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse - # filename: mongodb-org - # when: is_ubuntu and not is_linuxmint - - - - name: "Install packages: mongodb-org, mongodb-org-server" + - name: Force install libssl1.1 package: - name: - - mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?) - - mongodb-org-server + name: libssl1.1 state: present - - name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand - lineinfile: - path: "{{ mongodb_conf }}" # /etc/mongod.conf - regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 - line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb + - name: Remove OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + state: absent + when: is_debian - # GRATUITOUS (port 27017 is already the default) - - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand - lineinfile: - path: "{{ mongodb_conf }}" - regexp: '^\s*port:' - line: " port: {{ mongodb_port }}" # 27017 + - name: Remove OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + state: absent + when: is_ubuntu - - # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... - # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 - # ...as ARM v8-A < ARM v8.2-A ...also reveals: - # - # (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. - # For AMD x86_64, MongoDB 5.x requires Bulldozer or later. - # Roughly speaking, this means post-2011 CPUs with AVX instructions: - # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 - # (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from - # /var/lib/mongodb to /library/dbdata/mongodb - # (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID - # file (it may be zero bytes, but never goes away) as confirmed with - # MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now - # 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock - # (4) mongodb.service needed a more graceful way to shut down than - # 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). - # (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12 - # lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: - # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz - # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future - command: apt-mark hold mongodb-org mongodb-org-server - when: rpi_model != "none" and mongodb_version is version('5.0', '>=') - - - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin - unarchive: - remote_src: yes - src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" - dest: /usr/bin - when: rpi_model != "none" and mongodb_version is version('5.0', '>=') - - # end block - when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + when: mongodb_version is version('6.0', '<') and (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_debian and os_ver is version('debian-12', '>=')) - debug: - msg: 16-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + msg: 5-STANZA BLOCK ABOVE, RAN *IF* FORCED INSTALL OF libssl1.1 WAS NEEDED + +# - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 +# apt_repository: +# repo: deb http://security.ubuntu.com/ubuntu focal-security main +# #filename: focal-security # If filename focal-security.list is preferred +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + +# - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 +# apt_repository: +# repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + +# - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 +# apt_repository: +# repo: deb http://security.debian.org/debian-security bullseye-security main +# #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent +# when: is_debian_12 + +# - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) +# package: +# name: libssl1.1 +# state: present +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + +# - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 +# apt_repository: +# repo: deb http://security.debian.org/debian-security bullseye-security main +# #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent +# state: absent +# when: is_debian_12 + +# - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 +# apt_repository: +# repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main +# state: absent +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + +# - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 +# apt_repository: +# repo: deb http://security.ubuntu.com/ubuntu focal-security main +# state: absent +# #filename: focal-security # 100% IGNORED during repo deletion +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + + +# # Debian 10 aarch64 might work below but is blocked in main.yml +# - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 +# apt_repository: +# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse +# filename: mongodb-org +# when: is_raspbian and ansible_architecture == "aarch64" + +# - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only +# apt_repository: +# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse +# filename: mongodb-org +# when: is_linuxmint + +# - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only +# apt_repository: +# # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only +# # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} +# # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: +# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse +# #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse +# filename: mongodb-org +# when: is_ubuntu and not is_linuxmint + + +- name: "Install packages: mongodb-org, mongodb-org-server" + package: + name: + - mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?) + - mongodb-org-server + state: present + +- name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + lineinfile: + path: "{{ mongodb_conf }}" # /etc/mongod.conf + regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 + line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb + +# GRATUITOUS (port 27017 is already the default) +- name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + lineinfile: + path: "{{ mongodb_conf }}" + regexp: '^\s*port:' + line: " port: {{ mongodb_port }}" # 27017 + + +# 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... +# https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 +# ...as ARM v8-A < ARM v8.2-A ...also reveals: +# +# (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. +# For AMD x86_64, MongoDB 5.x requires Bulldozer or later. +# Roughly speaking, this means post-2011 CPUs with AVX instructions: +# https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 +# (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from +# /var/lib/mongodb to /library/dbdata/mongodb +# (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID +# file (it may be zero bytes, but never goes away) as confirmed with +# MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now +# 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock +# (4) mongodb.service needed a more graceful way to shut down than +# 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). +# (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12 +# lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: +# https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz +# https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ + +- name: If hardware is Raspberry Pi and mongodb_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + command: apt-mark hold mongodb-org mongodb-org-server + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') + +- name: If hardware is Raspberry Pi and mongodb_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + unarchive: + remote_src: yes + src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" + dest: /usr/bin + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') + +# # end block +# when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + +# - debug: +# msg: 16-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) # 2. CONFIGURE MongoDB FOR IIAB diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 4403bed93..c755780d3 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -34,19 +34,22 @@ var: is_debian - debug: var: is_raspbian -- debug: - var: dpkg_arch - debug: var: mongodb_version +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) + command: dpkg --print-architecture + register: dpkg_arch +- debug: + msg: "'dpkg --print-architecture' output: {{ dpkg_arch.stdout }}" + - block: - - name: EXIT 'mongodb' ROLE & CONTINUE, when 32bit RasPiOS is in use or 'unsupported' + - name: EXIT 'mongodb' ROLE, if 'dpkg --print-architecture' shows "armhf" or mongodb_version == "unsupported" or ansible_machine not found fail: # FORCE IT RED THIS ONCE! - msg: ATTEMPTED MongoDB INSTALLATION WITH 32bit RasPiOS, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) - when: (mongodb_version == "unsupported") or (dpkg_arch == "armhf") + msg: MongoDB 3.2+ (as needed by Sugarizer Server 1.5.0) is NO LONGER SUPPORTED on 32-bit Raspberry Pi OS. + when: dpkg_arch.stdout == "armhf" or mongodb_version == "unsupported" or mongodb_version == "unknown" -# ELSE... - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: mongodb_installed is undefined diff --git a/test.yml b/test.yml index ab0aeac9c..bfda3f92a 100644 --- a/test.yml +++ b/test.yml @@ -91,5 +91,15 @@ - debug: var: ansible_machine + - command: dpkg --print-architecture + register: cmd + - debug: + msg: "'dpkg --print-architecture' output: {{ cmd.stdout }}" + + - command: dpkg --print-foreign-architectures + register: cmd + - debug: + msg: "'dpkg --print-foreign-architectures' output: {{ cmd.stdout }}" + # TEST ANSIBLE COMMANDS/MODULES HERE! From cc504e34161f954331f499082ec6f5950dfc7e27 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Mar 2023 17:52:17 -0500 Subject: [PATCH 106/937] record dpkg --print-architecture --- roles/0-init/tasks/create_iiab_ini.yml | 2 ++ roles/0-init/tasks/main.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 239ce570d..b4cc742ec 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -43,3 +43,5 @@ value: "{{ rpi_model }}" - option: devicetree_model value: "{{ devicetree_model }}" + - option: dpkg_arch + value: "{{ dpkg_arch }}" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 4c02c6ca5..d4283dcf7 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -15,6 +15,7 @@ os_ver: "{{ ansible_local.local_facts.os_ver }}" python_version: "{{ ansible_local.local_facts.python_version }}" php_version: "{{ ansible_local.local_facts.php_version }}" + dpkg_arch: "{{ ansible_local.local_facts.dpkg_arch }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. From 4eca25a1f7907fd10dc5196e07ea2d325ef9658b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 31 Mar 2023 15:55:27 -0500 Subject: [PATCH 107/937] drop local_facts --- roles/0-init/tasks/create_iiab_ini.yml | 6 +++++- roles/0-init/tasks/main.yml | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index b4cc742ec..5e5920545 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -4,6 +4,10 @@ path: "{{ iiab_ini_file }}" state: touch +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) + command: dpkg --print-architecture + register: dpkg_arch + - name: Add 'location' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" @@ -44,4 +48,4 @@ - option: devicetree_model value: "{{ devicetree_model }}" - option: dpkg_arch - value: "{{ dpkg_arch }}" + value: "{{ dpkg_arch.stdout }}" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index d4283dcf7..4c02c6ca5 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -15,7 +15,6 @@ os_ver: "{{ ansible_local.local_facts.os_ver }}" python_version: "{{ ansible_local.local_facts.python_version }}" php_version: "{{ ansible_local.local_facts.php_version }}" - dpkg_arch: "{{ ansible_local.local_facts.dpkg_arch }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. From 902e377c6810aef43bf0c5128a1a5e6292780efa Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Mar 2023 22:57:36 -0400 Subject: [PATCH 108/937] create_iiab_ini.yml: dpkg_foreign_arch, clarifs, typos --- roles/0-init/tasks/create_iiab_ini.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 5e5920545..e9b07e9a3 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -4,14 +4,18 @@ path: "{{ iiab_ini_file }}" state: touch -- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) command: dpkg --print-architecture register: dpkg_arch +- name: Run command 'dpkg --print-foreign-architectures' (secondary OS arch, if available) + command: dpkg --print-foreign-architectures + register: dpkg_foreign_arch + - name: Add 'location' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: location + section: initial-location option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: @@ -23,7 +27,7 @@ - name: Add 'version' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: version + section: initial-version option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: @@ -31,6 +35,10 @@ value: "{{ ansible_distribution }}" - option: arch value: "{{ ansible_architecture }}" + - option: dpkg_arch + value: "{{ dpkg_arch.stdout }}" + - option: dpkg_foreign_arch + value: "{{ dpkg_foreign_arch.stdout }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" - option: iiab_remote_url @@ -47,5 +55,3 @@ value: "{{ rpi_model }}" - option: devicetree_model value: "{{ devicetree_model }}" - - option: dpkg_arch - value: "{{ dpkg_arch.stdout }}" From f46c7d15551f58509600530be2a9c08bf2ec5dd2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Mar 2023 22:59:42 -0400 Subject: [PATCH 109/937] mongodb/tasks/main.yml: Fix 'ansible_architecture' typo --- roles/mongodb/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index c755780d3..aab67fc0f 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -37,7 +37,7 @@ - debug: var: mongodb_version -- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) command: dpkg --print-architecture register: dpkg_arch - debug: From c69d6ef96c24fc3d1606c560339731cce49eedde Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Mar 2023 23:30:51 -0400 Subject: [PATCH 110/937] create_iiab_ini.yml: Try {{ os_ver }} alongside redundant/failsafe {{ ansible_facts['distribution'] }} --- roles/0-init/tasks/create_iiab_ini.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index e9b07e9a3..f6cf612f7 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -31,8 +31,10 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: + - option: os_ver + value: "{{ os_ver }}" - option: distribution - value: "{{ ansible_distribution }}" + value: "{{ ansible_facts['distribution'] }}" - option: arch value: "{{ ansible_architecture }}" - option: dpkg_arch From 4a32ba0375126e509d0200af850c6899183f827e Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Mar 2023 23:39:21 -0400 Subject: [PATCH 111/937] create_iiab_ini.yml: Raise rpi_model & devicetree_model --- roles/0-init/tasks/create_iiab_ini.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index f6cf612f7..980a7fc1b 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -41,6 +41,10 @@ value: "{{ dpkg_arch.stdout }}" - option: dpkg_foreign_arch value: "{{ dpkg_foreign_arch.stdout }}" + - option: rpi_model + value: "{{ rpi_model }}" + - option: devicetree_model + value: "{{ devicetree_model }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" - option: iiab_remote_url @@ -53,7 +57,3 @@ value: "{{ ansible_local.local_facts.iiab_recent_tag }}" - option: install_date value: "{{ ansible_date_time.iso8601 }}" - - option: rpi_model - value: "{{ rpi_model }}" - - option: devicetree_model - value: "{{ devicetree_model }}" From e0251f0ce96f83ba084e89a3a2c0af78b6cb6b97 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 1 Apr 2023 16:28:17 -0400 Subject: [PATCH 112/937] Modernize Yarn install w/ signed apt/PPA key --- roles/yarn/tasks/install.yml | 49 ++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index 48628d688..e7f759a96 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,30 +1,41 @@ -- name: "Yarn | GPG" - apt_key: - url: https://dl.yarnpkg.com/debian/pubkey.gpg - state: present +- name: Yarn | Download apt key to /usr/share/keyrings/yarn.gpg + shell: curl https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn.gpg -- name: "Yarn | Ensure Debian sources list file exists" - file: - path: /etc/apt/sources.list.d/yarn.list - owner: root - mode: '0644' - state: touch +- name: Yarn | Add signed Yarn PPA to /etc/apt/sources.list.d/dl_yarnpkg_com_debian.list + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main" + #filename: yarn # If legacy filename yarn.list is preferred -- name: "Yarn | Ensure Debian package is in sources list" - lineinfile: - dest: /etc/apt/sources.list.d/yarn.list - regexp: 'deb https://dl.yarnpkg.com/debian/ stable main' - line: 'deb https://dl.yarnpkg.com/debian/ stable main' - state: present +# 2023-04-01 above avoids DEPRECATED apt-key command & associated problems: +# https://github.com/iiab/iiab/wiki/IIAB-Platforms#etcapttrustedgpg-legacy-keyring-warnings -- name: "Yarn | Update APT cache" +# - name: "Yarn | GPG" +# apt_key: +# url: https://dl.yarnpkg.com/debian/pubkey.gpg +# state: present + +# - name: "Yarn | Ensure Debian sources list file exists" +# file: +# path: /etc/apt/sources.list.d/yarn.list +# owner: root +# mode: '0644' +# state: touch + +# - name: "Yarn | Ensure Debian package is in sources list" +# lineinfile: +# dest: /etc/apt/sources.list.d/yarn.list +# regexp: 'deb https://dl.yarnpkg.com/debian/ stable main' +# line: 'deb https://dl.yarnpkg.com/debian/ stable main' +# state: present + +- name: Yarn | Update APT cache apt: update_cache: yes -- name: "Yarn | Install" +- name: Yarn | Install package: name: yarn - state: latest + #state: latest # No need to mention it, with apt # RECORD Yarn AS INSTALLED From 31a1664483bba99ff6250ef19c2afbf698248599 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 01:04:00 -0500 Subject: [PATCH 113/937] pbx - php7.4 only --- roles/pbx/defaults/main.yml | 2 ++ roles/pbx/tasks/main.yml | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 9d478d0d9..6be11c3c0 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -21,6 +21,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +# Allows testing on newer php versions when present in local_vars.yml +# pbx_php74_override asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 81a9dcebd..496e69ecc 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -21,6 +21,11 @@ - block: + - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" + fail: # FORCE IT RED THIS ONCE! + msg: FreePBX 16 requirs PHP 7.4 and is not available. + when: not (php_version == "7.4") and pbx_php74_override is undefined + - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: pbx_installed is undefined From 8833570a8ecf6a35b7382848c60c59bbf806cfaf Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 01:13:50 -0500 Subject: [PATCH 114/937] syntax --- roles/pbx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 496e69ecc..0e41ea2e6 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -24,7 +24,7 @@ - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" fail: # FORCE IT RED THIS ONCE! msg: FreePBX 16 requirs PHP 7.4 and is not available. - when: not (php_version == "7.4") and pbx_php74_override is undefined + when: php_version is version('8.0', '>') and pbx_php74_override is undefined - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml From 3d951f7249798872f6fd226774029277f7a8e394 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 01:27:00 -0500 Subject: [PATCH 115/937] patch for 64-bit arm installs --- roles/pbx/files/install_prereq.diff | 26 ++++++++++++++++++++++++++ roles/pbx/tasks/asterisk.yml | 6 ++++++ 2 files changed, 32 insertions(+) create mode 100644 roles/pbx/files/install_prereq.diff diff --git a/roles/pbx/files/install_prereq.diff b/roles/pbx/files/install_prereq.diff new file mode 100644 index 000000000..8a870826c --- /dev/null +++ b/roles/pbx/files/install_prereq.diff @@ -0,0 +1,26 @@ +--- install_prereq.orig 2023-04-01 01:41:56.859545082 -0500 ++++ install_prereq 2023-04-01 01:44:28.744269701 -0500 +@@ -25,7 +25,7 @@ + # Asterisk: for addons: + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libspeex-dev libspeexdsp-dev libogg-dev libvorbis-dev libasound2-dev portaudio19-dev libcurl4-openssl-dev xmlstarlet bison flex" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libpq-dev unixodbc-dev libneon27-dev libgmime-2.6-dev libgmime-3.0-dev liblua5.2-dev liburiparser-dev libxslt1-dev libssl-dev" +-PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmysqlclient-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" ++PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmariadb-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libsnmp-dev libiksemel-dev libcorosync-common-dev libcpg-dev libcfg-dev libnewt-dev libpopt-dev libical-dev libspandsp-dev" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libresample1-dev libc-client2007e-dev binutils-dev libsrtp0-dev libsrtp2-dev libgsm1-dev doxygen graphviz zlib1g-dev libldap2-dev" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libcodec2-dev libfftw3-dev libsndfile1-dev libunbound-dev" +@@ -193,8 +193,13 @@ + tocheck="${tocheck} ^${pack}$ ~P^${pack}$" + done + pkgs=$(aptitude -F '%c %p' search ${tocheck} 2>/dev/null | awk '/^p/{print $2}') ++ arch=$(uname -m) + if [ ${#pkgs} -ne 0 ]; then +- echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" ++ if [ "$arch" = "X86_64" ]; then ++ echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" ++ elif [ "$arch" = "aarch64" ]; then ++ echo $pkgs | sed -r -e "s/ ?[^ :]+:armhf//g" ++ fi + fi + } + diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 7c52248bf..f1fc7e9d5 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -55,6 +55,12 @@ # name: aptitude # state: latest +# https://github.com/iiab/iiab/issues/3489 +- name: Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 + ansible.posix.patch: + src: install_prereq.diff + dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" + - name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install args: From 6f63e73d75d0ada34b1c7a58b7f3ad183910e5f2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 02:28:46 -0500 Subject: [PATCH 116/937] drop part of patch for 'libmysqlclient-dev' hunk was failing not sure why but aptitude did the right thing anyway --- roles/pbx/files/install_prereq.diff | 9 --------- 1 file changed, 9 deletions(-) diff --git a/roles/pbx/files/install_prereq.diff b/roles/pbx/files/install_prereq.diff index 8a870826c..4c57bc10b 100644 --- a/roles/pbx/files/install_prereq.diff +++ b/roles/pbx/files/install_prereq.diff @@ -1,14 +1,5 @@ --- install_prereq.orig 2023-04-01 01:41:56.859545082 -0500 +++ install_prereq 2023-04-01 01:44:28.744269701 -0500 -@@ -25,7 +25,7 @@ - # Asterisk: for addons: - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libspeex-dev libspeexdsp-dev libogg-dev libvorbis-dev libasound2-dev portaudio19-dev libcurl4-openssl-dev xmlstarlet bison flex" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libpq-dev unixodbc-dev libneon27-dev libgmime-2.6-dev libgmime-3.0-dev liblua5.2-dev liburiparser-dev libxslt1-dev libssl-dev" --PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmysqlclient-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" -+PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmariadb-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libsnmp-dev libiksemel-dev libcorosync-common-dev libcpg-dev libcfg-dev libnewt-dev libpopt-dev libical-dev libspandsp-dev" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libresample1-dev libc-client2007e-dev binutils-dev libsrtp0-dev libsrtp2-dev libgsm1-dev doxygen graphviz zlib1g-dev libldap2-dev" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libcodec2-dev libfftw3-dev libsndfile1-dev libunbound-dev" @@ -193,8 +193,13 @@ tocheck="${tocheck} ^${pack}$ ~P^${pack}$" done From 11817a05a4a0de794dc4be7da3aafe1bd6d9b305 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 02:33:07 -0500 Subject: [PATCH 117/937] True --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 6be11c3c0..cbf40897d 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -22,7 +22,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # Allows testing on newer php versions when present in local_vars.yml -# pbx_php74_override +# pbx_php74_override: True asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab From e0a734477633ef9e35d01ea68394a033cfa59706 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 02:40:30 -0500 Subject: [PATCH 118/937] Update roles/pbx/tasks/main.yml Co-authored-by: A Holt --- roles/pbx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 0e41ea2e6..05b9e8c04 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -23,7 +23,7 @@ - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" fail: # FORCE IT RED THIS ONCE! - msg: FreePBX 16 requirs PHP 7.4 and is not available. + msg: FreePBX 16 requires PHP 7.4 and is not available. when: php_version is version('8.0', '>') and pbx_php74_override is undefined - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml From 32c81bbb70106b301b0f84e7b332ca439c1dec80 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 04:31:44 -0500 Subject: [PATCH 119/937] Stop asterisk before installing freepbx --- roles/pbx/tasks/freepbx.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index df541cd96..ee7b4eccf 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -11,11 +11,15 @@ # 2021-08-12: Let's try to track the "official" init.d / update-rc.d # instructions ('update-rc.d -f asterisk remove') but using systemd instead, # to be more future-proof? +# 2023-04-02 The above is not true, the service is running from the asterisk install causing +# './start_asterisk start' to do nothing as the service is alredy running resulting in the +# need to use 'ignore' for 'killall -9 safe_asterisk' or './start_asterisk stop' +# Lets get rid of the red warning. - name: "FreePBX - Disable 'asterisk' systemd service, giving FreePBX full control during boot - similar to officially recommended 'update-rc.d -f asterisk remove' at: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9" systemd: daemon_reload: yes name: asterisk - #state: stopped + state: stopped enabled: no From 848a947f9ca4f94121bea53f4cb027b1e2b0e915 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 04:38:57 -0500 Subject: [PATCH 120/937] Fix warning during install --- roles/pbx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 2abc11405..fca7a7edd 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -36,7 +36,7 @@ - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables ignore_errors: yes # iptables installed in 2-common, but iiab-gen-tables may not be set up until roles/network runs later - + when: iiab_stage|int == 9 From e3c6d28fc4938210a5ed38828e0139d007efb89c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 06:09:09 -0500 Subject: [PATCH 121/937] add prefix --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index f1fc7e9d5..b2e659fb0 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -56,7 +56,7 @@ # state: latest # https://github.com/iiab/iiab/issues/3489 -- name: Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 +- name: Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" From 09df64c05f90a48637f546f953d628a2fac6d0fe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 06:17:21 -0500 Subject: [PATCH 122/937] clearer logic and remove ignore_errors --- roles/pbx/tasks/enable-or-disable.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index fca7a7edd..aa4794e3a 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -9,7 +9,7 @@ file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: not (pbx_use_apache and pbx_enabled) + when: pbx_use_apache and not pbx_enabled - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -30,12 +30,11 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: not (pbx_use_apache and pbx_enabled) + when: pbx_use_apache and not pbx_enabled ignore_errors: yes # In case Apache not installed - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables - ignore_errors: yes # iptables installed in 2-common, but iiab-gen-tables may not be set up until roles/network runs later when: iiab_stage|int == 9 @@ -84,7 +83,7 @@ path: "{{ nginx_conf_dir }}/freepbx-nginx.conf" state: absent - when: not (pbx_use_nginx and pbx_enabled) + when: pbx_use_nginx and not pbx_enabled - name: "ENACT ABOVE 3-4 SETTINGS FOR NGINX - 'pbx_use_nginx: False' might arise later, so best ALWAYS run these 2..." From 4da7a3fb58ee0cc4604741f4b8631a7d7b0140d3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 06:30:06 -0500 Subject: [PATCH 123/937] cover network_enabled: False --- roles/pbx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index aa4794e3a..18f424e8f 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -35,7 +35,7 @@ - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables - when: iiab_stage|int == 9 + when: iiab_stage|int == 9 and network_enabled From 4736bc38733074722b1b3dba4955802661de3995 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 07:10:13 -0500 Subject: [PATCH 124/937] improve comment --- roles/pbx/tasks/enable-or-disable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 18f424e8f..4b362059e 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -36,7 +36,8 @@ - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables when: iiab_stage|int == 9 and network_enabled - +# iptables installed in 1-prep via roles/network/tasks/install.yml, but iiab-gen-tables may not be set up until +# roles/network runs later and can be omitted altogether - block: From 07b310f5d5e5fb6cde2bab5f361266558a5cf549 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 08:19:20 -0500 Subject: [PATCH 125/937] record apache installation --- roles/pbx/tasks/apache.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index 5462a5ca5..60b15c571 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -39,3 +39,13 @@ dest: /etc/{{ apache_service }}/sites-available/freepbx.conf # apache2 owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" + +- name: "Set 'pbx_apache_installed: True'" + set_fact: + pbx_apache_installed: True + +- name: "Add 'pbx_apache_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^pbx_apache_installed' + line: 'pbx_apache_installed: True' From 912fe4c610ffefd7daaf96337c7c42507d2c2558 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 08:24:45 -0500 Subject: [PATCH 126/937] use pbx_apache_installed in place of pbx_use_apache pbx_use_apache is an install time option once installed the service needs to be accounted for --- roles/pbx/tasks/enable-or-disable.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 4b362059e..d3073e655 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -3,13 +3,13 @@ - name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled # http://box:83/freepbx command: a2ensite freepbx.conf - when: pbx_use_apache and pbx_enabled + when: pbx_apache_installed is defined and pbx_enabled - name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled) file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: pbx_use_apache and not pbx_enabled + when: pbx_apache_installed and not pbx_enabled - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -21,8 +21,7 @@ name: "{{ apache_service }}" # apache2 state: restarted enabled: yes - when: pbx_use_apache and pbx_enabled - ignore_errors: yes # In case Apache not installed + when: pbx_apache_installed and pbx_enabled - name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) systemd: @@ -30,8 +29,7 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: pbx_use_apache and not pbx_enabled - ignore_errors: yes # In case Apache not installed + when: pbx_apache_installed and not pbx_enabled - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables From 1fee1c6dd67e808c2c7e22fa5765afb095c2dc47 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 08:31:09 -0500 Subject: [PATCH 127/937] use pbx_apache_installed in place of pbx_use_apache2 --- roles/pbx/tasks/enable-or-disable.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index d3073e655..2b08d36d4 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -9,7 +9,7 @@ file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: pbx_apache_installed and not pbx_enabled + when: pbx_apache_installed is defined and not pbx_enabled - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -21,7 +21,7 @@ name: "{{ apache_service }}" # apache2 state: restarted enabled: yes - when: pbx_apache_installed and pbx_enabled + when: pbx_apache_installed is defined and pbx_enabled - name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) systemd: @@ -29,7 +29,7 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: pbx_apache_installed and not pbx_enabled + when: pbx_apache_installed is defined and not pbx_enabled - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables From 094d66e3814f8d96a8b67ed7ba287569eb6f5f92 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 08:47:07 -0500 Subject: [PATCH 128/937] record pbx_use_nginx pbx_use_apache --- roles/pbx/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 05b9e8c04..92074d0e0 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -48,6 +48,10 @@ value: PBX - option: description value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' + - option: pbx_use_apache + value: "{{ pbx_use_apache }}" + - option: pbx_use_nginx + value: "{{ pbx_use_nginx }}" - option: pbx_install value: "{{ pbx_install }}" - option: pbx_enabled From f2b1d2293fd87a44113db44e1dc65f12058227cb Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 09:53:28 -0500 Subject: [PATCH 129/937] allow in the field twiddling of pbx_use_apache post-install --- roles/pbx/tasks/apache.yml | 6 +++--- roles/pbx/tasks/freepbx.yml | 5 ----- roles/pbx/tasks/main.yml | 3 +++ 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index 60b15c571..ce83871c9 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -42,10 +42,10 @@ - name: "Set 'pbx_apache_installed: True'" set_fact: - pbx_apache_installed: True + apache_installed: True - name: "Add 'pbx_apache_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - regexp: '^pbx_apache_installed' - line: 'pbx_apache_installed: True' + regexp: '^apache_installed' + line: 'apache_installed: True' diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index ee7b4eccf..6582edc81 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -70,11 +70,6 @@ include_tasks: roles/www_options/tasks/php-settings.yml when: php_settings_done is undefined -- name: FreePBX - Install and configure Apache - if pbx_use_apache - include_tasks: apache.yml - when: pbx_use_apache - - # - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} # get_url: # url: "{{ freepbx_url }}/{{ freepbx_src_file }}" diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 92074d0e0..a76f201cd 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -18,6 +18,9 @@ fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes +- name: FreePBX - Install and configure Apache - if pbx_use_apache + include_tasks: apache.yml + when: pbx_use_apache and apache_installed is undefined - block: From 4cf1d94e0292e049bc6df0e43976696f6855c8d0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 10:02:50 -0500 Subject: [PATCH 130/937] allow in the field twiddling of pbx_use_apache post-install2 --- roles/pbx/tasks/enable-or-disable.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 2b08d36d4..bc41ef919 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -3,13 +3,13 @@ - name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled # http://box:83/freepbx command: a2ensite freepbx.conf - when: pbx_apache_installed is defined and pbx_enabled + when: apache_installed is defined and pbx_use_apache and pbx_enabled - name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled) file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: pbx_apache_installed is defined and not pbx_enabled + when: apache_installed is defined and (not pbx_enabled or not pbx_use_apache) - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -21,7 +21,7 @@ name: "{{ apache_service }}" # apache2 state: restarted enabled: yes - when: pbx_apache_installed is defined and pbx_enabled + when: apache_installed is defined and pbx_use_apache and pbx_enabled - name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) systemd: @@ -29,7 +29,7 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: pbx_apache_installed is defined and not pbx_enabled + when: apache_installed is defined and (not pbx_use_apache or not pbx_enabled) - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables From 1eb093f064d04131b7cbd187954bb5747be44211 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 10:11:20 -0500 Subject: [PATCH 131/937] apache_installed --- roles/pbx/tasks/apache.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index ce83871c9..1e4e33c6b 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -40,11 +40,11 @@ owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" -- name: "Set 'pbx_apache_installed: True'" +- name: "Set 'apache_installed: True'" set_fact: apache_installed: True -- name: "Add 'pbx_apache_installed: True' to {{ iiab_state_file }}" +- name: "Add 'apache_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml regexp: '^apache_installed' From 5bbf96fff60d68a9237db8258ba5be213004a3be Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 10:30:40 -0500 Subject: [PATCH 132/937] Should be the last nit --- roles/pbx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index bc41ef919..2a253e5ef 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -82,7 +82,7 @@ path: "{{ nginx_conf_dir }}/freepbx-nginx.conf" state: absent - when: pbx_use_nginx and not pbx_enabled + when: not (pbx_use_nginx and pbx_enabled) - name: "ENACT ABOVE 3-4 SETTINGS FOR NGINX - 'pbx_use_nginx: False' might arise later, so best ALWAYS run these 2..." From cb1ae8d4f44d8cf69efb55f6242fdf16c8212187 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Apr 2023 11:05:04 -0500 Subject: [PATCH 133/937] Should be in the 'block' --- roles/pbx/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index a76f201cd..544ddc733 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -18,10 +18,6 @@ fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes -- name: FreePBX - Install and configure Apache - if pbx_use_apache - include_tasks: apache.yml - when: pbx_use_apache and apache_installed is undefined - - block: - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" @@ -33,6 +29,10 @@ include_tasks: install.yml when: pbx_installed is undefined + - name: FreePBX - Install and configure Apache - if pbx_use_apache + include_tasks: apache.yml + when: pbx_use_apache and apache_installed is undefined + - name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle include_tasks: chan_dongle.yml when: asterisk_chan_dongle From 3c360d21fadd42de4cf18b02924d13d1fa3e669f Mon Sep 17 00:00:00 2001 From: root Date: Sun, 2 Apr 2023 23:25:37 -0400 Subject: [PATCH 134/937] EXPERIMENTAL: asterisk_patch for RPi + prelim path to PHP 8 --- roles/pbx/defaults/main.yml | 6 ++++-- roles/pbx/tasks/apache.yml | 1 + roles/pbx/tasks/asterisk.yml | 1 + roles/pbx/tasks/enable-or-disable.yml | 17 +++++++++-------- roles/pbx/tasks/freepbx.yml | 16 ++++++++++------ roles/pbx/tasks/main.yml | 14 ++++++-------- vars/local_vars_large.yml | 2 ++ vars/local_vars_medium.yml | 2 ++ vars/local_vars_small.yml | 2 ++ vars/local_vars_unittest.yml | 2 ++ 10 files changed, 39 insertions(+), 24 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index cbf40897d..e1eae4df0 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -21,8 +21,10 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# Allows testing on newer php versions when present in local_vars.yml -# pbx_php74_override: True + +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True + asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index 1e4e33c6b..dd05b7dc9 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -40,6 +40,7 @@ owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" + - name: "Set 'apache_installed: True'" set_fact: apache_installed: True diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index b2e659fb0..ff7fb3ec4 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -60,6 +60,7 @@ ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" + when: asterisk_patch is defined and asterisk_patch - name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 2a253e5ef..6b1639a37 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -1,21 +1,21 @@ - name: JUST 1 SETTING TO TURN ON/OFF FOR APACHE - whereas NGINX below has 4... meta: noop -- name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled # http://box:83/freepbx +- name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if apache_installed is defined and pbx_use_apache and pbx_enabled # http://box:83/freepbx command: a2ensite freepbx.conf when: apache_installed is defined and pbx_use_apache and pbx_enabled -- name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled) +- name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (apache_installed is defined and pbx_use_apache and pbx_enabled) file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: apache_installed is defined and (not pbx_enabled or not pbx_use_apache) + when: not (apache_installed is defined and pbx_use_apache and pbx_enabled) - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." meta: noop -- name: EITHER - Restart & Enable '{{ apache_service }}' systemd service - if pbx_use_apache and pbx_enabled +- name: EITHER - Restart & Enable '{{ apache_service }}' systemd service - if apache_installed is defined and pbx_use_apache and pbx_enabled systemd: daemon_reload: yes name: "{{ apache_service }}" # apache2 @@ -23,19 +23,20 @@ enabled: yes when: apache_installed is defined and pbx_use_apache and pbx_enabled -- name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) +- name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (apache_installed is defined and pbx_use_apache and pbx_enabled) systemd: daemon_reload: yes name: "{{ apache_service }}" state: stopped enabled: no - when: apache_installed is defined and (not pbx_use_apache or not pbx_enabled) + when: not (apache_installed is defined and pbx_use_apache and pbx_enabled) + ignore_errors: yes # If Apache not installed, HIGHLIGHT IN RED FOR IMPLEMENTER/OPERATOR - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables when: iiab_stage|int == 9 and network_enabled -# iptables installed in 1-prep via roles/network/tasks/install.yml, but iiab-gen-tables may not be set up until -# roles/network runs later and can be omitted altogether +# iptables installed in 1-prep via roles/network/tasks/install.yml, but +# iiab-gen-tables may not be set up, until/if roles/network runs later. - block: diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 6582edc81..d8632aa5b 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -11,15 +11,14 @@ # 2021-08-12: Let's try to track the "official" init.d / update-rc.d # instructions ('update-rc.d -f asterisk remove') but using systemd instead, # to be more future-proof? -# 2023-04-02 The above is not true, the service is running from the asterisk install causing -# './start_asterisk start' to do nothing as the service is alredy running resulting in the -# need to use 'ignore' for 'killall -9 safe_asterisk' or './start_asterisk stop' -# Lets get rid of the red warning. +# 2023-04-02: Disagreement remains the same as 2 years ago: +# @jvonau wants to stop service asterisk (from the asterisk install). +# @holta prefers we track Asterisk/FreePBX community's mainline/consensus. - name: "FreePBX - Disable 'asterisk' systemd service, giving FreePBX full control during boot - similar to officially recommended 'update-rc.d -f asterisk remove' at: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9" systemd: daemon_reload: yes name: asterisk - state: stopped + #state: stopped enabled: no @@ -66,10 +65,15 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" +- name: "FreePBX - Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/php-settings.yml when: php_settings_done is undefined +- name: FreePBX - Install and configure Apache - if pbx_use_apache + include_tasks: apache.yml + when: pbx_use_apache and apache_installed is undefined + + # - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} # get_url: # url: "{{ freepbx_url }}/{{ freepbx_src_file }}" diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 544ddc733..a9b580129 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -18,21 +18,19 @@ fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes + - block: - - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" - fail: # FORCE IT RED THIS ONCE! - msg: FreePBX 16 requires PHP 7.4 and is not available. - when: php_version is version('8.0', '>') and pbx_php74_override is undefined + - name: If PHP >= 8 is detected, loudly warn that FreePBX does not support PHP 8+ (as of April 2023) + fail: # FORCE IT RED, allowing adventurous/testing people to proceed at their own risk! + msg: 'FreePBX DOES NOT SUPPORT PHP 8+ AS OF APRIL 2023. YOU ARE PROCEEDING ENTIRELY AT YOUR OWN RISK.' + when: php_version is version('8.0', '>=') + ignore_errors: yes - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: pbx_installed is undefined - - name: FreePBX - Install and configure Apache - if pbx_use_apache - include_tasks: apache.yml - when: pbx_use_apache and apache_installed is undefined - - name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle include_tasks: chan_dongle.yml when: asterisk_chan_dongle diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 474854821..1a5c1d632 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 73e01e154..f57f6879d 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 42adebfea..7185c8a44 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index ba081c3db..f884e1021 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False From 5c1b99f24060ea132b9208aeb7b8ac375455d0d6 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 2 Apr 2023 23:37:45 -0400 Subject: [PATCH 135/937] Global search/replace: RaspiOS -> RasPiOS --- scripts/ansible | 8 ++++---- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 7c5bbca8c..377203480 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -25,9 +25,9 @@ GOOD_VER=2.14.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED) ###if grep -q buster /etc/os-release /etc/debian_version; then -### CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros +### CODENAME=bionic # Debian 10, RasPiOS 10 & Buster-like distros ###else -### CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) +### CODENAME=focal # Debian 11+, RasPiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) ###fi # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): @@ -109,7 +109,7 @@ echo -e "(Internet-in-a-Box requests ansible-core $GOOD_VER or higher)\n" # Code above designed to work on all Linux distributions, to preserve options, # in support of any volunteer(s) wanting to port IIAB to a new Linux/distro. -if [ ! -f /etc/debian_version ]; then # e.g. RaspiOS, Ubuntu, Mint & Debian +if [ ! -f /etc/debian_version ]; then # e.g. RasPiOS, Ubuntu, Mint & Debian echo -e "\nEXITING: /etc/debian_version FILE NOT FOUND. Linux OS support info here:" echo -e " https://github.com/iiab/iiab/wiki/IIAB-Platforms\n" exit 1 @@ -140,7 +140,7 @@ fi # 2020-08-20: TEMP WORKAROUND (REVERT TO ANSIBLE 2.9.6) MITIGATING # iiab/iiab#2481 (Ansible 2.9.12 and 2.10.0's 666-TO-600 file permissions -# problem). This workaround installs 2.9.6-1ppa~disco onto RaspiOS, from +# problem). This workaround installs 2.9.6-1ppa~disco onto RasPiOS, from # https://launchpad.net/~ansible/+archive/ubuntu/ansible #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu disco main" \ # > /etc/apt/sources.list.d/iiab-ansible.list diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ec4c3f2d4..b1a48d637 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -170,7 +170,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -682,7 +682,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1a5c1d632..57d96c086 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f57f6879d..0418d39f5 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 7185c8a44..464819e62 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index f884e1021..de25ac024 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 298866de633c85e26c3a55560c2077b5bec2c171 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 2 Apr 2023 23:54:10 -0400 Subject: [PATCH 136/937] asterisk.yml: Clarify 'asterisk_patch: True' for RPi #3489 --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index ff7fb3ec4..28c72b855 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -56,7 +56,7 @@ # state: latest # https://github.com/iiab/iiab/issues/3489 -- name: Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 +- name: "Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for Raspberry Pi (#3489) if 'asterisk_patch: True'" ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" From 545d66dbe2e820c3881379c7467696324b5dda85 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 3 Apr 2023 00:25:48 -0400 Subject: [PATCH 137/937] pbx/files/install_prereq.diff: X86_64 -> x86_64 ; clean asterisk.yml --- roles/pbx/files/install_prereq.diff | 2 +- roles/pbx/tasks/asterisk.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/pbx/files/install_prereq.diff b/roles/pbx/files/install_prereq.diff index 4c57bc10b..0428b339a 100644 --- a/roles/pbx/files/install_prereq.diff +++ b/roles/pbx/files/install_prereq.diff @@ -7,7 +7,7 @@ + arch=$(uname -m) if [ ${#pkgs} -ne 0 ]; then - echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" -+ if [ "$arch" = "X86_64" ]; then ++ if [ "$arch" = "x86_64" ]; then + echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" + elif [ "$arch" = "aarch64" ]; then + echo $pkgs | sed -r -e "s/ ?[^ :]+:armhf//g" diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 28c72b855..5c1b6747a 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -40,8 +40,6 @@ unarchive: src: "{{ downloads_dir }}/{{ asterisk_src_file }}" dest: "{{ asterisk_src_dir }}" - # owner: root - # group: root extra_opts: [--strip-components=1] creates: "{{ asterisk_src_dir }}/Makefile" From 3636d67a2c5f5dc8aa5f431c3f51fe61482618e4 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 3 Apr 2023 01:02:39 -0400 Subject: [PATCH 138/937] pbx/tasks/main.yml: Traditional ordering for iiab.ini --- roles/pbx/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index a9b580129..669f05277 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -49,14 +49,14 @@ value: PBX - option: description value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' - - option: pbx_use_apache - value: "{{ pbx_use_apache }}" - - option: pbx_use_nginx - value: "{{ pbx_use_nginx }}" - option: pbx_install value: "{{ pbx_install }}" - option: pbx_enabled value: "{{ pbx_enabled }}" + - option: pbx_use_apache + value: "{{ pbx_use_apache }}" + - option: pbx_use_nginx + value: "{{ pbx_use_nginx }}" rescue: From 177cf0a5afedee267fbef8d84b6a877de251c8be Mon Sep 17 00:00:00 2001 From: root Date: Mon, 3 Apr 2023 10:34:46 -0400 Subject: [PATCH 139/937] New default 'asterisk_rpi_patch: True' + documentation --- roles/pbx/README.adoc | 16 +++++++++++----- roles/pbx/defaults/main.yml | 8 ++++---- roles/pbx/tasks/asterisk.yml | 4 ++-- vars/default_vars.yml | 6 ++++-- vars/local_vars_large.yml | 8 ++++---- vars/local_vars_medium.yml | 8 ++++---- vars/local_vars_small.yml | 8 ++++---- vars/local_vars_unittest.yml | 8 ++++---- 8 files changed, 37 insertions(+), 29 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 360dc3499..a2c0d4561 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/wiki/IIAB-8.1-Release-Notes#known-issues[WARNING]).* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. @@ -41,15 +41,15 @@ pbx_install: True pbx_enabled: True ---- + -FreePBX can be used with either or both web servers, NGINX on port 80 (as is new) and/or Apache on port 83 (as is traditional). +FreePBX can be used with either or both web servers — NGINX on port 80 (http://box/freepbx) and/or using the old approach with Apache on port 83 (http://box:83/freepbx). + -If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] prior to installing IIAB: +If you still want the older Apache approach, set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] prior to installing IIAB: + ---- -pbx_use_apache: False +pbx_use_apache: True ---- + -Or, if you want to use FreePBX with Apache alone (http://box:83/freepbx), optionally set this line in your /etc/iiab/local_vars.yml: +If you want to disable to new NGINX approach, set this line in your /etc/iiab/local_vars.yml: + ---- pbx_use_nginx: False @@ -61,6 +61,12 @@ If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/ph nginx_high_php_limits: True ---- + +As of April 2023 (https://github.com/iiab/iiab/pull/3523[PR #3523]) IIAB will patch Asterisk automatically (https://github.com/asterisk/asterisk/pull/32[PR asterisk/asterisk#32]) so it can be run experimentally on Raspberry Pi, so long as you keep this default settings: ++ +---- +asterisk_rpi_patch: True +---- ++ Optionally, you may want to enable https://github.com/wdoekes/asterisk-chan-dongle[chan_dongle], which is a channel driver for Huawei UMTS cards (e.g. 3G USB dongles) allowing regular voice calls over GSM mobile networks. You will need to configure a dongle post-install, for it to be recognized properly: + ---- diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index e1eae4df0..2cc6eece6 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -8,9 +8,12 @@ # pbx_install: False # pbx_enabled: False -# pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +# pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also # pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +# asterisk_rpi_patch: True + # asterisk_chan_dongle: False # pbx_signaling_ports_chan_sip: 5160:5161 @@ -22,9 +25,6 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True - asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 5c1b6747a..6214c0d06 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -54,11 +54,11 @@ # state: latest # https://github.com/iiab/iiab/issues/3489 -- name: "Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for Raspberry Pi (#3489) if 'asterisk_patch: True'" +- name: "Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for Raspberry Pi (#3489) if 'asterisk_rpi_patch: True'" ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" - when: asterisk_patch is defined and asterisk_patch + when: asterisk_rpi_patch - name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b1a48d637..8df87c531 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -682,13 +682,15 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False pbx_signaling_ports_chan_sip: 5160:5161 pbx_signaling_ports_chan_pjsip: 5060 diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 57d96c086..84b5ea43c 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 0418d39f5..546c9b248 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 464819e62..f29d97bd0 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index de25ac024..ce408c528 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False From 573516463dc2aa91012b81cce131f991eba63034 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 3 Apr 2023 10:52:58 -0400 Subject: [PATCH 140/937] vars files: Squeeze PBX tips back into 80-char width --- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 8df87c531..b1ad7fcdf 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -682,7 +682,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 84b5ea43c..1c1e8b7d3 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 546c9b248..8a8ae98d6 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index f29d97bd0..de02105a9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index ce408c528..e5e086fd6 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 7f0365c2f290d1e09793d2d01d670ccc57685a12 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 4 Apr 2023 07:47:42 -0500 Subject: [PATCH 141/937] asterisk_installed --- roles/pbx/tasks/asterisk.yml | 10 ++++++++++ roles/pbx/tasks/install.yml | 1 + 2 files changed, 11 insertions(+) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 6214c0d06..b4c1d8ea0 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -186,3 +186,13 @@ path: /etc/asterisk/asterisk.conf regexp: 'rungroup =' line: 'rungroup = asterisk' + +- name: "Set 'asterisk_installed: True'" + set_fact: + asterisk_installed: True + +- name: "Add 'asterisk_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^asterisk_installed' + line: 'asterisk_installed: True' diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index 474ddb58d..7af2c144e 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -36,6 +36,7 @@ - name: Install Asterisk include_tasks: asterisk.yml + when: asterisk_installed is undefined - name: Install FreePBX include_tasks: freepbx.yml From 1173ec0db0ff34dac32e4a85ca29456cb9521f6e Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Apr 2023 11:16:26 -0400 Subject: [PATCH 142/937] pbx/tasks/asterisk.yml: #3524 touch-up for iiab_state.yml --- roles/pbx/tasks/asterisk.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index b4c1d8ea0..bc7638191 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -187,6 +187,7 @@ regexp: 'rungroup =' line: 'rungroup = asterisk' + - name: "Set 'asterisk_installed: True'" set_fact: asterisk_installed: True From 413f7404963f679e5fbea0bd49070407d4cdda93 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 4 Apr 2023 16:22:25 -0500 Subject: [PATCH 143/937] RasPiOS-12 --- scripts/local_facts.fact | 3 ++- vars/raspbian-12.yml | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 vars/raspbian-12.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index e68aa93d5..ac2b73511 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -85,7 +85,8 @@ case $OS_VER in "ubuntu-2210" | \ "ubuntu-2304" | \ "linuxmint-21" | \ - "raspbian-11") + "raspbian-11" | \ + "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install ;; diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml new file mode 100644 index 000000000..e6fd2f9d5 --- /dev/null +++ b/vars/raspbian-12.yml @@ -0,0 +1,22 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_12: True +is_raspbian: True +is_raspbian_12: True + +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: ssh +# sshd_service: ssh +# systemd_location: /lib/systemd/system +# php_version: "7.4" +# postgresql_version: 13 +# python_version: "3.9" From a6b8a5bfc828149fb983153f6e12632f2880fd15 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Apr 2023 18:11:39 -0400 Subject: [PATCH 144/937] default_vars.yml: 'is_raspbian_12: False' for PR #3525 --- vars/default_vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b1ad7fcdf..2e91080d9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -796,6 +796,7 @@ is_debian_11: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) +is_raspbian_12: False is_raspbian_11: False #is_raspbian_10: False #is_raspbian_9: False From 9f87beb9c9b5283aaa225d14dbc4d27818c3c6ad Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 5 Apr 2023 13:02:43 -0500 Subject: [PATCH 145/937] workaround python2 being unavailable --- roles/kalite/tasks/install.yml | 6 +++++- scripts/install_python2.sh | 25 +++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100755 scripts/install_python2.sh diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 5fb192475..6eb69859c 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,9 +17,13 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) + when: not (is_debian_12 or is_ubuntu_2304) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. +- name: Use scripts/install_python2.sh to install python2 and virtualenv + command: "{{ iiab_dir }}/scripts/install_python2.sh" + when: is_debian_12 or is_ubuntu_2304 + - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: name: setuptools==44 diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh new file mode 100755 index 000000000..c21ec2ae8 --- /dev/null +++ b/scripts/install_python2.sh @@ -0,0 +1,25 @@ +#!/bin/bash +ARCH=$(dpkg --print-architecture) +cd /tmp +case $ARCH in + "arm64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + apt install ./python2.7-minimal_2.7.18-8_arm64.deb + ;; + "amd64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_amd64.deb + apt install ./libpython2.7-minimal_2.7.18-8_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_amd64.deb + apt install ./python2.7-minimal_2.7.18-8_amd64.deb + ;; + "armhf") + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + ;; +esac +rm *.deb +apt -y install virtualenv From 9880ed1d7651a80c1e8a2ea270bf29cae54ba1cb Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 5 Apr 2023 21:00:39 -0500 Subject: [PATCH 146/937] .so files2 --- scripts/install_python2.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index c21ec2ae8..4ee8cd338 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -5,20 +5,26 @@ case $ARCH in "arm64") wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + apt install ./python2.7-stdlib_2.7.18-8_arm64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb apt install ./python2.7-minimal_2.7.18-8_arm64.deb ;; "amd64") wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_amd64.deb apt install ./libpython2.7-minimal_2.7.18-8_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_amd64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_amd64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_amd64.deb apt install ./python2.7-minimal_2.7.18-8_amd64.deb ;; "armhf") wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb + apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb - apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb ;; esac rm *.deb From 847751aed3068fb82887ec5e49899c2217756b87 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 6 Apr 2023 07:14:48 -0500 Subject: [PATCH 147/937] support Ubuntu 23.10 --- roles/kalite/tasks/install.yml | 4 ++-- scripts/local_facts.fact | 1 + vars/default_vars.yml | 1 + vars/ubuntu-2310.yml | 21 +++++++++++++++++++++ 4 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 vars/ubuntu-2310.yml diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 6eb69859c..6d0c8765e 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,12 +17,12 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: not (is_debian_12 or is_ubuntu_2304) + when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: is_debian_12 or is_ubuntu_2304 + when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index ac2b73511..27fa281fb 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -84,6 +84,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ + "ubuntu-2310" | \ "linuxmint-21" | \ "raspbian-11" | \ "raspbian-12") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 2e91080d9..4786cbe94 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -773,6 +773,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2310: False is_ubuntu_2304: False is_ubuntu_2210: False is_ubuntu_2204: False diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml new file mode 100644 index 000000000..445ae061b --- /dev/null +++ b/vars/ubuntu-2310.yml @@ -0,0 +1,21 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2310: True + +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system +# php_version: "8.1" +# postgresql_version: 14 +# python_version: "3.10" + From af7a646002e52c5f0439a34268a725ff3391bf6b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 6 Apr 2023 16:17:44 -0500 Subject: [PATCH 148/937] amd64 --- scripts/install_python2.sh | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 4ee8cd338..bb7b67339 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -1,5 +1,11 @@ #!/bin/bash +# https://packages.debian.org/bullseye/libpython2.7-stdlib ARCH=$(dpkg --print-architecture) + +apt -y install virtualenv +apt -y install mime-support #transitional package +#apt -y install libffi8 + cd /tmp case $ARCH in "arm64") @@ -11,12 +17,23 @@ case $ARCH in apt install ./python2.7-minimal_2.7.18-8_arm64.deb ;; "amd64") - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_amd64.deb - apt install ./libpython2.7-minimal_2.7.18-8_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_amd64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_amd64.deb - apt install ./python2.7-minimal_2.7.18-8_amd64.deb + wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb + apt install ./libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/libf/libffi7/libffi7_3.3-5ubuntu1_amd64.deb + apt install ./libffi7_3.3-5ubuntu1_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + + wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb ;; "armhf") wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb @@ -28,4 +45,3 @@ case $ARCH in ;; esac rm *.deb -apt -y install virtualenv From cd6d04108afd493493a655549dae7e0d33035545 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 6 Apr 2023 16:56:37 -0500 Subject: [PATCH 149/937] arm64 --- scripts/install_python2.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index bb7b67339..28a5bb000 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -9,12 +9,23 @@ apt -y install mime-support #transitional package cd /tmp case $ARCH in "arm64") + wget http://ftp.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4_arm64.deb + apt install ./libssl1.1_1.1.1n-0+deb11u4_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb + apt install ./libffi7_3.3-6_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb apt install ./python2.7-stdlib_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb apt install ./python2.7-minimal_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + apt install ./python2.7_2.7.18-8_arm64.deb ;; "amd64") wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb From 33f00a08535f905595a01d56dcfb865b7319c476 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 6 Apr 2023 17:15:33 -0500 Subject: [PATCH 150/937] armhf --- scripts/install_python2.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 28a5bb000..a8246da92 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -47,12 +47,24 @@ case $ARCH in apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb ;; "armhf") + wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb + apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb + + wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb + apt install ./libffi7_3.3-6_armhf.deb + + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb + + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./python2.7_2.7.18-13.2_armhf.deb ;; esac rm *.deb From 5eac4ea24a9f5e91d66a00250a5f28fa3a1b2096 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 8 Apr 2023 02:49:06 -0500 Subject: [PATCH 151/937] typo and layout --- scripts/install_python2.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index a8246da92..e057d1c6a 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -19,7 +19,7 @@ case $ARCH in apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./python2.7-stdlib_2.7.18-8_arm64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb apt install ./python2.7-minimal_2.7.18-8_arm64.deb @@ -27,6 +27,7 @@ case $ARCH in wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb apt install ./python2.7_2.7.18-8_arm64.deb ;; + "amd64") wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb apt install ./libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb @@ -46,6 +47,7 @@ case $ARCH in wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb ;; + "armhf") wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb @@ -53,7 +55,6 @@ case $ARCH in wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb apt install ./libffi7_3.3-6_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb From d960b43f98f0031418b4591d491126f561b32c03 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 8 Apr 2023 13:22:58 -0400 Subject: [PATCH 152/937] vars/ubuntu-2310.yml: Tweak PR #3527 --- vars/ubuntu-2310.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml index 445ae061b..843810075 100644 --- a/vars/ubuntu-2310.yml +++ b/vars/ubuntu-2310.yml @@ -18,4 +18,3 @@ is_ubuntu_2310: True # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" - From 2722e1ac14f07cac3f864ecf6cb4103e059da699 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 9 Apr 2023 14:50:56 -0500 Subject: [PATCH 153/937] libssl1.1 use raspi repo --- scripts/install_python2.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index e057d1c6a..3ef5797a6 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -9,8 +9,8 @@ apt -y install mime-support #transitional package cd /tmp case $ARCH in "arm64") - wget http://ftp.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4_arm64.deb - apt install ./libssl1.1_1.1.1n-0+deb11u4_arm64.deb + wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb + apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb apt install ./libffi7_3.3-6_arm64.deb From be1708a6df221781713e567b65c78d581517263e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 9 Apr 2023 17:28:08 -0500 Subject: [PATCH 154/937] kalite - dup'd line typo --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index e057d1c6a..454af64d2 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -64,7 +64,7 @@ case $ARCH in wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb apt install ./python2.7_2.7.18-13.2_armhf.deb ;; esac From 9323fd897a069dc21d27264fd2b87b784ff37db9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 9 Apr 2023 21:38:21 -0500 Subject: [PATCH 155/937] no path --- roles/www_options/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index fba3379ac..6342bcdd0 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -13,9 +13,9 @@ mode: '0755' # Used to be run by httpd/tasks/install.yml -- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" - include_tasks: roles/httpd/tasks/homepage.yml - when: apache_installed is defined +#- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" +# include_tasks: roles/httpd/tasks/homepage.yml +# when: apache_installed is defined # Used to be run by nginx/tasks/install.yml - name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install From 0ae7073e00ce9521df5fa0426391b77f1a43878f Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 15:14:02 +0100 Subject: [PATCH 156/937] Update README.adoc --- roles/pbx/README.adoc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a2c0d4561..0a0c11ef1 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -156,6 +156,22 @@ image::files/linphone_setup.jpg[width='33%'] image::files/linphone_connected.jpg[width='33%'] * _If you've created more than one extension, make a call to another extension!_ If you've not yet made more than one extension, try calling an arbitrary extension, or try calling your own extension (your own phone number). ++ +Due to Linphone's inability for phones to ring when the screen is locked ,you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: + +* Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot +* Go to Account Settings * +* Add new account * +* Select *SIP ACCOUNT* + +** *Account name* is your name,eg John Doe* +** *Sip Server* is your IIAB server's IP address +** *SIP User ID* is your extension number eg 301 +** *SIP Authentification ID* is your extension number eg 301 +** *Password* is the same as above *Secret* +** *Confirm by clicking tick synbol ✓ on top right* + +* If the connection is successful, you will see a green circle next to your name [John Doe]. ** You should see activity in the *FreePBX Statistics* applet at http://box/freebx (or http://box:83/freebx) > *Dashboard* ** Connection details may also be seen in the Asterisk logs at: `/var/logs/asterisk/full` From aeacbc551fea586d1c9c4b88d07c40b75e3ac8ba Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 16:33:27 +0100 Subject: [PATCH 157/937] Add files via upload --- roles/pbx/files/Wave_phone_connected.png | Bin 0 -> 29085 bytes roles/pbx/files/wave_sip settings.png | Bin 0 -> 30774 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/pbx/files/Wave_phone_connected.png create mode 100644 roles/pbx/files/wave_sip settings.png diff --git a/roles/pbx/files/Wave_phone_connected.png b/roles/pbx/files/Wave_phone_connected.png new file mode 100644 index 0000000000000000000000000000000000000000..d9310b44a852130e3fc65c0de0a65c43cdd96e90 GIT binary patch literal 29085 zcmd?Rc{H2v|Nj{Tu_i=qC4$ygwJR$2wXK$}wDzcKi`uGUi=EghEwxtF@@~~$TT^Q+ zrD$nU)K2VT7ZK+6{>+*Ao%w!e=A8NCH|Na!5l*hdojcck=enM+=kxJOwAl?KHfDZi z5D3I}#aRCq2t)%19z+NOFp~M9z83gJ<8{kO7gX9Oumn5-JLz240f8zKS&r=Kf#*!_ z#`nEIAnx<051K2t&XGVM4}~lGI(INOYhM}PS{r;m37Ygj&Ydyk$RX+L_)0M^>v4g> zx*YUe2Kp7|gu^@924*m>rLT{X?|=A<2ZL$B|K#cEGBYh{)YpHl-OcT9@Ua%_OiA*p zO0gnQ*lhb`s+{^)-|S{9d-eVO__X%#i>g0WPGdc?O)i5)raT5W1z;)ZtQEf73x7)P zSGg>FfAdZvhVET#Gzxx`YdH1pm-U8BHM@W^nT9@5(6>C>m<>i6-O3W=DR;6?N;b93SZQ>X}V1lYZ` zMhar+$B(K1eW0G0GxY1%95Ar;)T%MSS4%X-lep~=7GYD9Vcwma_R4gblX5{_EaqdI zXJDj5L1%uVT3XrTYtF5n`wzxSMjaA0N(u_vzrw+ecS}BfvbI<6m*{K9zCY{oK1*%e z!B=Cezr{+(gCrlPy0?wJd$o@~O~!J0xKw&=ImtP{zawz?T+`J>^uW;20&otMQl2`2 zfq^Gj7o$AjB%)KJD?71wa%KzW=P|Cc?uW2;s=TT=rT!(|vt?SoGx1uIH23hrez7*Bt-;{W~-< zv94luW;Ud{dXImRMHX+DsIixRL27tE*EILSm*d|Fo5(FHa!JIsQIJwF79hf#D!%8C zxuv;3?zJ~?O?Eeykw~V57UlSLzrJX>u%wz}E9BdWbz!uXR43X6FN-xEkBpD2 zzx}yT5@nKo`M1_Kw#|1H=ip+RrTSB*evWe^s9wWRC}wS7R*fV7$zb6hJ*b9@LubP0 zprcu#OZKf`StCi%j9TT{FGjzyYaZB*1)Wgi3*u}~4u>@{FQL?z&flPB9p!%)XHyxI zBJpZzlToGv^CgGBiZthWJUn=pyNziMz~)vS5o~-4gqjgF3x&E7)TGOANbQmN^8N0M z@j4I9hTC=v?x^yc`G$W!58JGS>e~wk2|fSoJxs3unQuhVTUuPKcFGMLLSUw7a=l(A zGzm9sG*SZcVw_c@qV%!m*50rDdB!(@YyA28r9Xs5QiN>XJar_*p25+f=zPV^MaC5 z|BbI-MS?R+Vyu!n%vFkkyYN?n`nsz627cS6*4n4)N{YBI;!dh}dhW>)@x^LIXM--g zkmh)q#`bqb>+>f&MOuGq8+R{KzB_5omI`XkcP=&^@0N{87G7YANw1x@%Pi!xfuB~fKdAodBtJ%vJqIM0g)y*d4FitS+kGfR#;-yt4F!^b3BEd?u z@ioBJ8ST{ElP_aLLQC^>9tTtR#`>}QUnYI;Yi=bcVl-2iVr`G!xqkkA@5Rw(=a>$o z;KPl;4ga-Ht>X&nyljw1$b3#Jv}IP!y=?G?dT--qyjz`}@Q2ibaYb%hq4!OlQ|;BW zA8n~0_9YXtv4=|&rin*u$_MB* zC~);Hc^D5b-rlPd3XEx4p-i4MLidn|s4zKdwq_hM3o{d)qZOFBqZh^Q{ZspnOx+Z% zR+P$i_C`SG@!@dO-l*xJ5xIh9-TVO&+YcthlfT!_D%N-mYm!2sb$$vWZjIyx8&I(J zYSo5jY4Nx_0mt!zJfB8UHW8NKCEK|G>(7V8<@fg8;ScEW8Bi=KtT8bpXx%H<%aI|D zwA!DoK3v*#>}TrJDd>Z7gnim?I-yQH&YHwh)~IsR=jnGaiRHAdL7{F`P4H_GK5 zIu4G%Ozg^JDmo>kowW0aH{djm4`%mlPj+pO-F-(=&-|RCQ52f@v%0p`1YC&KHlgEk zt;}RmqfyI=E$%N1qs{@N?O!#IHxntvoL#xj0ij10OJvW^<_~>o>I_n9LS2b>{Tj#R z%Rg+-CxqP1mi1vRSq`Xoc>8jjCQfFLZ=Bc6CScQG|ND{_=JQCWVn1rOwHaxmHTLYw z8j6j0fSL-X8yB^gv`@2su}PEag^_0sA31|-ydGpAkbWjuH31Z`;Xmn>7~!A7Q)6TU z)jBGN#;ke?b?XTgu)l8?o)W+7TV~X8^Q?_$YR&Udx z&Tyxb*v^2Ql_eCRN(6AbBLdf=__>9}P6o2xbb@tb z<&TK!zLc+xluC4Jrqlb5NtZymWwnX6_DntCKTdZzPQrh57|$GeoF8vxLV8Ln)jT2h z``f&4SHHaUJ|*DfjZ;odw$H>L;B8*oubenqP#Lq25_%+lG!M>YKi*1fdR_rP_6|;$ zYqz_6BiF9F-(xP>XcXA;R~RU3Zb4&=kDF5k$EF%KXFJDEsFNpT+kHAzQa^UDib{7I z$8hO@x)C^8GF^N%&ofN>!DmgZJa_p0PKFh05?ZtEi&nTIg>y~>o zC%zVW_8F;qgoWRX{Y)&=83Np%xtX8dhH<79*K@=iA!^FX?T%>E-6WZ`hS|T@Tq&sv zcv$oU*U196A$gT#CvoSiQ&y|2-FDS1z9S#o=+Gm%4$VT4}_LxD5bO^w`C!P;pw>GKco^EjjE1`0XmDuAO+t}4d zH1@}5<0I3pyn2-zyAz5cv~Sf|{f-#sNjEId8UFp(`8mElNmAyvAKv!x9(y6bG|vw= zjtqJh?gNi4yJmKIa=R?{ryHX*Tlu=tB=~3Tn+Kw-JM{u1d|~IE&+YU8uTatijU3kf zVCqmJ(9`}xgd!6kZfTUBx~$@zE_>-5nn9rpxp1VR-WN4=8bH|$(|V5D_;(;S0< z-A?vtqWpca+0H}BQbK^XO%}p2@VrVTfpu}+Z(K_%P2_l%a}zAOn>Dpxdn1_Sr{6?4 zg~}ntFap8sA(qDZ)7Rzsk*JdC@`f8l??fSGwo{)Jrl#npzA1byX!@~^>7TAgAMD)c zc2c|1PDmPvDAt zWfvDkez&JLq{C*5CuKoni#JvExF zHNm|7-JL!+=-Ah`)-ESH9fW|$2+hx+o>}5pMLPjivMkDyJ+=I?Y_DA&aoM|LTlc-$ zQ~dbQV^9?S}zjA-??h>^HS%wnc*Rxh0i%*3|u;Lg*)0_*;%|3=|Qu!mi$V$cr{ zQDl%mMA6C5ghz2YOWL#GdVo)tV$Y>k!9YF?tv-h z*B5v#{&+OEC8Dl$hLx{!7j*OadR)(uUAjsPDHvXm_q%Q zYEDs?X=hTF>X2!=ZhdHH44=oX;axo9n~0TPeAL%3LU!mU`X7vz(f+iZK{ZJe14}{{ zi+nQ#3Obp1+GMYJ5j3Vg(x|_~2V-p>GzyH|wo#eT>d9Q8v*LMCsc`3<*e2pGx)s(K zV!j7QgsR*(DuL2o=P*dj+|CHlRfkFA%&FVo>LE2}UeV#n+2*T8IRtKD1p6!L{i))S zk9QM}W~b-I)MkXkj!>bx$2XmH-U(;_vN7OcLqn)(< zO5>m7eREWP!*`hJ7)BV~UW*@rg&*Qxg6d>=hvAMPKe)rGaSHa=!YfC-$}}|g;5tj% zsT$qd;f%E3H@Oe#S$KB#y=QJ3{E7Yz&r_)rE4>&MLkMRkU0Q(#F6trZB4IH6K$Rz(EfyX&v)C$s#AmXwslNcF#bk~;IS&x+b(=dW^K@I?o#Nh1Vi}o=j46* zL$0wM_@M>^C1)SssaFna&4FQ49>3(hBz(ScZ?|ms>-k0%XxvMfM0hK%?%IwMID!Nx zyb}4LHf>!l*=iar(YBQ_k6=$*^e424Jvu|gk;7eI3b{3jFTm-P+`5S<$0!IZ2dxM5 z4-lGz4!vyW6P_*1HZQv8F~U4AmMdYD5L2WEP7@K3*nCKfm&y&L3w6AyqirU>l7tX5%-6_WTA^@x zk+(-mO7W(1n&?+aj4gQ_u|KK_ncn`qBjQ*qs7qgoB@Yv@@!(5G&`I5 z-X{L6h2ZJC!ZeK*uOCWAUQ4&$3OsyM^f#U3Jt$;qF^z-5^gUgztsNJAI{07&z zA4Ce=zYN+J2AL!NaAt}K(xIvtX#)+A>S%ul=jrpp3K-)8VOJIoxFI&qud4UbcClme zW0ZdIK;UMq?G9rYFUkBHuj(0X5Y95j!^mEe%LY8rBbMnh6LaI3fGXGowM5~58DUKV zF{*QV_su4PPWFTLZw51R+T1{)P~sxn!ct(dR*JA7G)gXC>D&bKZMoKHPHqn2*n@MN zT*5GFa3h<825lLSDXpo%M(FX`+bJN17!3HG8x4x}-CfU%RA?D3O$=4n=B zN1k9#WS9eoFDYHZa5Xnk*W4OSC&iT{$cz?)IwmtYRzk#Rk&z2xvSj%}WekdD!0V#0 zu1<-42i5D2v{;=1Ic$cP=4-UpcM<8^0=PqttEpsu83AYE@b!luI9^3F%lGHg)+67R z5_lJML>Q#IIU`fbvjFR17r!atF1Z=`TE>6=?AxMTY4vE)EZaK*D-`H$X)b*vs3!qXUYCYcL zjN$2We;F}qCV%+8(~XFSIlui_)e{jL0E2hOcJ^!Pc9Bi@J1+E!aOqYNbNmle8QpCcVguUr)!uAO`-1RXdmIvlY8Xw_IsNE=IMy9g zufXo{NRvdxe)ivw6~zPvv|Y*V5VQF4@PV!$LoKO$Q!1U|=e`AtJu;5o+=bbVri_n9 zw{Efjr|EsTj!CPR_K)<}CYclJuG80;7@p(d>z#HJW|Kd(lHjzdZecKZFt0}wMDnuV z&STqKIOQ{iSL)N}i;YdXK)Z7vMY&U9?1gL+wj~U+k18rn9wby~w_C|FH}BpFk7*g{ zSb2L3!^e9G-Q3DO6+(4goD7gT%ytXv9JX>N*CqUZHgs*v4Fj5Bu^qPd{C2((nm#tO z8L*u>`FuDb;v#<(L;m+P8^0$fdfef^>1VVj<7N4AG;unWIXIP8P^1q#sgHxZ@l3lI zD5R$XeyCQr{NX~NdxxGKh#+>rz&Vy@n(N-ml*5j^YISYOLmMI8^^!d~#?$?x^Xq`$ zCVaFb59#P(z8Z41qK2rO<<0TQ+&XB;~W->m||BW3)Dgpx`JFCC6vh3)qYTyMVN zc+&OU{)Jz?`?n7zc%hM!&=|yiH%oj^gbF7zXrNtVtJDvhs%=oY-4 zoGBn`)y#E14X|vT5zkkD0=g6?PtBhb=j_x*+`;u#MOXKiT?EB6+1BUiJ=J;pPp zUSJ(qx6XgBGXAUh;DKXH0M(*@lZ){x)T+p6BqLN(SNI1 z{>#xqX`-1XCCeaKoiWOC+tIjI(TWE56Pl*1*cB0tT)eJ4nu$pCba&0_d6O2lW=!;m zA+L@xQgfGbk@z8#wQ7K058p8ZHydM3OjZgFzw3HFZ-yQW#$`~K~O z1>Wag<^4^!#=hN5PA9NoJY>rHh`UF4$;|Y&BZ1s)m+b*d=4-1^n?G8fbH-5fmTONn zG>r~|8C}e|OoG=tZj+oz(#wTi{ zxL_jiCx674g@x7YA}ut+#s5AbX0J|_AzZ*=69L=38l0B+zv}&_rzbmUPhyP>j~CWd zsR)2v*9+>1gmH?navFwdzW^7BCaJlVGqP5Lw?{Fv@oUwCH?|#u1HuZ5ElkW5p2-DZ z$}k|V#AE?8Ojj?ip;L%+%P+9`0+oZG784;(_gdO!rs9EUl3DP95J8{?-a57EjuQ>V z#Wy@mRlcO`*P!M_#56mGKHmHxB6guA5jPuFt5YsR%T5o2Be-e4(>MkK&Y7#vgm=+r zpK6Mp#>)39m%-~Q-g(mdB(QzC@J3PXxMytVU|ty=?IMRyW>+wVs!9)jPY13L0kfV!;rnxx|}{ayIxk zI8oYkG%VM9F+z`$utRI0Zz8t}vAH1tE3}wvqieY>vZ%Ug_U2YzDMpPTE?hhWxDJcU zu_J(I{`o|h@)>~82gy%x` z$Oq@cWM6!Hj`*>^Ip;MMV%GznV=fnq@ex{FqtHh)sl*rv6bglt2-c&3I~SPC+d{Zn zpunrr`KBt{vs==J1{F(sXk{>{#r^af9sPG5KU4}1+d(T6+c?)>jZ+hzU_`g#6PH+p zIif>5TH%9Yh4%*wcRQ@-vBI1vk|+A5zgTLD9Wh*r&0HR_(2XbtCXW!zV>fmF>E!2O z>y>w*u1JCK-QGcA{t>qkm73ODbZD-nd%yQDB_N?J7E)(zdI7bj&U1M$8h%X^C%D}Scv+O^fFFEm z`*IitCu|%lH=-?65H!%lq}Qz?PqP|!o@VIQI)3{GrO&5vP%C@7;nbjR6yvj4LAR!Y zH|_kw+~wH*1n&R+>kN`ERmh%>G(~NO1K#lDitQW?mmDj<4pZB?i^+2wLWSHAZiF#} zhUE&5jht6nQh@|Pz=LnT?oW(GMBRNdAZLVM$Z$r1o)ez-{?%HK<(yq|XPxh8Z=20y zmo}6)aJb6t2>$4o9$MbW@xs8?DLYvi)~GZ+#y6yOQ1gl=^NBjz6EGVOMn&b5)p$JO z@)N6uaM=WvGW##{a&ML4C`NE7y+z#Ge46bZvwKd2X_qEVtJ?4nv!(&sxd?~LUZ;7% z4%jVn#f#)>RxEWpALL8A&NeJ^wW97C|GiT30%Xq7?(9ZH<<^vMok2>&B)^T6a|VV@HWz_3{tSQZ(ceY1ss?AmF&jL(iT2HGC#y`^QI`7kI#h zdeVY~U>1?Y^6LZoe$Bh{E@*8u?RM_?OONsK{@pb?&9H*5L?aqe==g{6&oQ%VY6<2v ze;7Rk2;>o2`X{23+Bq-o4l}pf(Fa~Ko=iCI)ud`1dOw+T(rV(KBbwI;0-C9g=FME( z>`m>2%{OPY#>%;pFF9RqXvMyd#&3BQyz1{ydzL1ml}k)1idUL13frj*wGeLt;uXbm_wFM6D^SYE#qkHPGB6ODEu<^5JE@2d($&^8HVi4)pVRzn zeF0%Bn54PYR~GM|im*L%*prrX+e)ZwtbohoF~wQM{RQPMBU;L-zB0{9Y1|;q5D3^(53*pUL+G zV;)0}Cs#R$UP*hUU)C#=^9}v#>tuM+mFdYXXWj5W!+1HQf~f6irf zSsqZ`Cj;;CypMP4QJf0Q#qTTbG4Zr+Bj575trM-@4)`;L@l=bh2~v{-N3(c7cCw6C zd{IsObR$FQpIV{)=xfhp@sG0`IRnofUI|z@Ee?Wt`nUElx;J5AVL!O=BDv-8Da*;j zdqH*=CU*MN24L4+P7{z30mVmsr0SchQXS&i*>c>39$^_N3qjGqsSw8148upd7%CL5?{03Tlfc!1lpL#VPKV6wrRo%pTvxBs}aJN5Xs6n zb942N7IkMZ-Z<)r3|<38M=SWOj~^3d@q0R!x(pnnuW4f3WeLF|tltHF#(z!@&343Z zmp2G#k(%i=-U{lr`Z9RGdp=-_4)#|D{I1~U2bM045!B7Zpq*AuuQ0Q`=l8Uo&c9}- zZ|#a+G_r>ngvd9ZP&f9OBmEd!Mk@CIL}~5_i~k&Lb7x9xaX!!!kVD1!Pq#)KH(~_D#Nmj1tB2OzB z(187P{x{uP(Q#jWT!Kc-TA#w2S3X=Q+d864jiL;ijmu8ZVrSV@4y*EnInc|7Qx)G* z#3{bZ3Bys3Ia)<^FDbk<^XXQ5v1;+b2&`YJl|6MgpPiP{Wa#e#2uWdw#Q4E6W3az`OS3CFt`lRog)=NsG(zG&@qtK zRwVi+i4vkY!YjjoB;NNJd|g~$sz1zM_zvneo*kUB^2hLwj*^o74V6i>*M>mwh~zJ2 z=#yrzLe_$o(THK0$3d&iXf59WNjzt3kV0?!i}dqz6O@e;l0Woq6q`IrUPB~OB~PDj z&K8$$cMu1t=@$PHzm-oK#VXTu4$mKgi<;j%g3mJx$p_1;ju$3kck&T1iJ4`Y+= zlM@MNx+!u?2ze5JX|&kZM9d`1?#pUJtdW#nc=|p0<&LoYfHBwF?D!xw{-aEC5A2Kx zWt04O13TQK=PnEmE5?@41S;^&7eQ5fJXJVIboug$nkPFW)Pa+j;xKzw2m$i7 zC~Gi`i8a@-^|lTSR#wpSx&dZif)eWfyi}OkFg^Rkj2nd-QURR)P;ktn<8H6kur>#D zLl;*BF)|&QqhBr#-NLq=oha803-d&`8gn7or+gI(^zVcZGnN+xBt43Ue^K8gzysxU z%s|u>4C$V1t5Wn^f{u92y&@L3*jS@hp0Q8JOZbFN7(r8B(fO zT<|DKkA3qqH@DCIG&}xwiN3Brzcyf<9XkFI8TX#|Jh2(LbwqO?5cE_J7xM$9+7D@) zN%C{zxd8(jh@m^^iLOPI!-7fXC5OnrnT1f6iK9oBI~^(y+Fo0Znoe%AtBYv_1g9f2 zN(MoA20SB}y)3-0>!!*=afP9N{Xb9}AkRD1uKmi&D)k;hLF1cPw*JVQA(fSeglz$N zba-z5=97mgsnYfpG(Ua1Cm>daZeQ{zK3e}uQy45=8DZH|)#8wUqvD1ru-Vsqez?TR zlLDgSrb0HrXLU_x#_nt9cCgoT+qI4CJz%lw>oRs)xcrQu%eH=!Y=l^fc-uB}11NDO ziC%Y+rmPA=!WuNtj@%3$zEbs=XR(CUd0)3c4o}@ZU z5OuR z8XR)^FFk{1;JKtq&w!$AA5UTXiEmwrPOXcqH#rPCa=@}~WP7f|QqM}_LVp7O zF{Zl<^?FG}H`J)h%RYoxPUB&ovSH%m$9Org3JP9$J2mZ+1Ha+d$)?|wwU^gqHYuM< z!XRZAeS6r2&6hlp2KT=VXgCiTYbg4vvZ#!9 zai5d97P>WMAN42yTMy_LJ#=Y&yKmQ<6U7e>8mE$Lm_Ec<~@E4auZ_YkI zS7TVL+N$1JVU#gwl-6>>0l~ceS9IhtK&8yHb=N)uB|F|}5sePqO4vQOHQ$KQox4^v zZ2``3O0{oEdvbp8VjokPkR5dT{*T5e!54M1hl;)PnSzC56_CVU`L3BfxdSxRBLUm8 zag#S-Tlw?d-L#ltldbO~&|$KWDYN{U+^mwaeT< z#&~nXc7N^YW0St3U21PuPq@`vy-Awi7*ZjkiX{yI2ThPu?Ua zPC+%^u3Eb1d!C(i9x_|YlJFkYCUG298_Q0(G#~FJ*I#61J<`uH9CoB=+W8_UO{ndl zswp{o7Fpw!-#jJV-F+6tk|94)cg|K`5X|{U5ePffno-R~L+V(mnP0NEa;96$?SMKDL?E@3^ zbn$abSa|o%iuCZGUlDPMTiY?=M_;yv{j$OKfq5eGEk9^-h0U3U`=t9VWaKMzF|V7gfFc zk4|Nif}VBuKb*r0h_;Wu(7D=5rGot#R}x`)+Lbc(yITa(3Y>+LuF_YwOC!w=E+qZ{ zn|xD!^;T5*9te}KJbh8bPeAq_JFG3t;tNinT|dTa^FtsZT8?wG^v(=_iqL-ZqFN_Q z1`QBCZeP-g1fg3s(uSq?oA{(}CNQ+vJ1F0cvr$E$SIy4{5g3 zgl`kn?G8h_V8@)W?w79Nk(fI0^dpV%Cmc^W*zw%q^Ws|M=(UEGQq4dSyzqXk*&CBL zq({d6zi@a69skHF0Xa^C7oOSdpp_QM2lxb5R=SJ@mzqD15Z~*#z*n(7mJ>6#`B;yp z!k~NY_lL9(I-=Y{9`$7`dAKp5utR^G>X96*Sr+vKfr(SUX{_a1v$L?)-hKD;&o&It zy3WNml|;jgc;ukAl_6>HvcUU98?k+?8zgxJGvSh`dg zoX|?^ipX<>hvcEL5zKkK^h4KR+}0@jh!R%7Rf zUZDLey9pCV(sM{(@6PNGA;fZPs2xpT6|$#+*@kX%FNyJXG00g6*UQsLqKCGcj20G( z@uY|*sJ0r$@lMa@XPE>_K%J$t)G1k2Yh9CwB?LSv3HU4ns{m<@*_pq@Cph7Tc){-L!dF^e6E~LAH}?5$?84*+@J9Qm)_o9Y}P-fdJbWenYk^UUsuj9 zQ~ki_n!iel?>|&;%vs=X)Lr<9-V$Xas+OKkxWJj{D>4WqD^zq2lX30<%RW%@-B?{+ ze(Fq6D#M7ZMr2E8g=#M2S|7(gYq?)#iKEC?F=~!wy?w!T|dZ6g&|IOL?pETV10YKme zAB>KE%KPWfGC#io;4~4AE!zHSJjz}QI(-+@%ppBrPKUd&@>dd~{l)(?m;<0Rt=hu> z1D?YP*MTwX2%`rE2M25KGWi`fgjic1=SbEze%g}wD%KQqd_P0ROh&`v{-HKjP@>o2 zE|GRM4FL~t36CMX{}Lq|Y_l|yot-`O`}cfq1whxY5f8$X5$cI6suRC|yJlNwQZEQV~Q&rz|>`PGzJibZf1Skzz$Rl0f-fTf4i_ zS#hM+>7m2x0yrXaI|9$w6A}`zvy4AC+k#u=R2u=F`s1fhyUwWV4KgaMro-ZLa$7U1 zlw>z6_|gpT>hk(^Xgy+qxU#(L@^i+3N_=2xnL<;$Uo@=<+b3Gs`0P3{r?0 zv8{WYcj_ir*|$aR+VXU~7LAin=xkKnwwQs_%?eDR&@XNKoswpWxj~Jm>t1zaB*T~8 zAl`dx=8qcTLk&&4hC?suF_hYa>M`LV%8@0U_pp~A+q0div^-X*&=0a)tDQtT_%?cfKLYZ{^Q|XAkE^{MPj`!wf#bA? zEW&CO;B{S`a(o|6CI>Nes6YKB;SYF2;}W3A?n97o-!Ull4BK>J{1opb-_|j z4ZnSPQdQsOo*SCvhyOD1hdWEytN^!$C9yK~cj283ucfWgJl4;X)2K7CvNdDRzV^01 z1lmbRejXci?5fSDtq!J%wVfKirAP7$?+jv(RG03ZZw8VAAUd;?1|pFYr`!XA__+3; zN$+9nf4TMClU_HhgZgTDm^EfP;u-1GjbH)EP)|urbz+v+xEZ^~ju~Z@sOb#k`~L{; ze#sxlaAfd^;q53v*dX=wx>>7K_REV%^}P{?PmPTe*xiq|^&a;4Q-+>Uw|KL08v~E zAgsMP8$d+k^u=LEP=*^qKfy1eqX`t-wWwUsZ3H2+8VLphRN&TtYj>W8s(%O5m7cu( zy8m_K^Mx|}K>P;KD^Ps)8pz>f$u#JxY|~MtAZ9A$+4GW5Q+*EZAh(6rmd`eKai<(k zj*4MS9r7Fi9hdoQXaTIXhSrcX$z^ZMO-p??P7wtiQj}oK0nr-SU|3`u58hD$n}D=p z5umZvB^vlNB;D+_Cpy$9xb8vt*vqIK(ww@-6PXYCR%km`OPEO#tr~Kbk;I z_6Hqr?~&S|V+?0q>;P33(1diCCV-Jy!eY~bX1S-`G`Y$^To88VjBGP)V={T!yy+=G z`);fPtr3*~dY-Z#nJA<+VdR1j0U^LFIk$^$d@c)^zo2=ZPs6Xe>@Mj(Gm4vacQHTl zML$Dg=n^4I%?psA>|SLMr~`RxK1Vi(&F=DUa$*2sSRYn;x}Wz%jRZU`GbMlh`0?Xk z#XkVm_o?8sV?hqn@RT)@oo4IrDOkOOVK>Q7U#{rejF1gzk@>Q!kg4DpvxeX9)AY_; z#c}pWDQE%{vi`>G1oSSB7&=Tx8gB&7`|w4uLgkB45M6GEcbaV`NBC}ZO#AzyjVSvP zz0<&M4_E^JvLWQQHh{QRvq51?5$#~b%QeQ!vckoyZg@nQJel~)S_r~Ha*0{~31400iC@|so^IbMZ%5Qa5w3Sg*}?Ur|c-8QYSC7{J@IDDtb;ZC8( z^DN~w;Mvn2prCF2hKvk;p3+mpbNDLBqO|ewDUWgZnLK`lhd7~=aiS)XtoVBddn%z~ z>7A9`Fl}c8eyRjFPkjq_(&d954TR(nBcdJIz{r(roUdT8%)5ubsMQ!R6E{0btY@s z1TX&@q$$*e{H^ntJ(@6?t%D901@8Un)ZolrB9W)T3HjijE$Z-yKTGO za&MA8T#Ov{ zWQ9geJ_g}Itlaj^UU@D7A46L@4w+b*#&eaSTj@=9jkaxxt)6=HI5xw+4GjrKo7?Q` zZA$T5qBfhXpxEYs2v+hQ%ha?So4y>tL#l*xCnhNLXQ>Si--Mkj)P{@Ule+&A`iH5E z?T%8fq;egI!V8q(ptjzSX<>v$nKV`U^h zf8yjW(>Nhx@PvGA+xGsOYc1aM-C~fHvuDcQfd3Z1lprmwQuzD@#N#)LX0eS`KBber zlXK_7dfKC02lOX^;(cr7T3=^{%}ZOOro5IqO|1@1a{F$8C%*cb$B8P>u>bvA8V6VW z=NM;g$d{0Ts906RaL7pCN>7DqS{OA8$f$u;T|dg{tSF={&Z}i{2X`fh;c)Y%vj|Yq zAKwr+t!gD}ihkct^lBNH-Snb(5*;%8jXO7iaIYFhkayzjHcqpJkG0fYGKG6jS!5;d zAQL*(P9+c~qpGscYTc^7TJrAXJ=uG&Z4*!%M^&qrP7Z5yvU(Cjj(7gl4?G9rO{q$2t!Wp3AC3_<`9t^*5y^?!mnH3!l3Om>pezQo7JpX$YT zC$8*G9#frnkMwN-(Tn`0Wb}W4yZ=>>A^$SpX6fm3K}na=%NypUsQH%xH$cw-9a=FT z#0?!;z#J2|lf_I`%=9kyI(fq!rxa~&gCren`m)Gsz+W1*qdCF6kBPY};p8I^#*{8vQFa~v)o**v7=>E)cNPt$E z(RdhuHvL<=o)epnAZaP{^ii!S;Er=8no*n{xXOPz@T_RMdk4a-tZ(BZr2x%a*8 zAzJXM`Tk_1)QB|I?V07S+}Y66ip10l(?fC6+~!Nf7(tk3W?&a0RX%uW&Wypf9p7pj zPXJ_*uT=&tOZ$J11~Gn)$(WgVaX?g$C8aiC==>Cn&sO)G|%Yq|92 zAskA+Qp~LTAm9|I{gI{ryDf=nQrm?u*hw45*s7b9Q_dMYWr3q_`2eXi;2)sXjpsav zYSl-Yfh$FxGx*LLz+ys!Eik$e@cwy12hh4YH4KI&fA}Ef-|s&$yH7J7g;D1C!D42E z{|9L2s_Ue$la&vFB`fDnN2tQ3P5#>lgltRDiUpz6dGvxg#S67sqhn zS!C+oZs5qNQQCL(=N+!<@S283iwXd%R4xj620%*h8I?=nX>=cP{t~z;@?ET@97l?> z=UmLJYb3O{NHD!M0B9rkn>Mt8_I2R(7^D@BlTwuB8MDEN>+1}Juy$y`7z&><3I&uC z86msTwYxy?UTcpYNe;b&G!Y<9=$}8gDy~xx`4O>i0IR^I#hGzB@FqqD;N0RyfRc_G z&<3HF^7PTgC!pD*+K`)I+*@n4(?+?(#!inyhj20>Q+Q4+ zG}uWedtK1K%>Nqr*C=2Ix&A7?xqfllBOBQFZP?$@alV2=;}k?Mhocl5}W}=D~x};l_mu&o{Jo#TX=xp(28*^GdTvXfnKly*76na@~ZH zBz*}`(x*x-@N#H+xn|q*$S3_kL)cP9i0G>LARCGcPcJf^4P-EggcP5uIc<|V24USK z(v9OIqShD4G{;TD!rQpB`=`w;i?^k9Lo~M*MH?qVn?uIjn*Nr>N($Jp?iTii!wgD_ zd2D#|^fqrPwR0Tbl|#zgKkw5xWltDHpFVb3%pH>J6%G)076o$|J%n-NxzOxzbCn@g zi$rA2I?!ACODJ3*-?2fT)qY(Ecf&9U57!UFv=J0E7t$R99)v6gj|X$WL&HSR1qaV! z?zsi7SOzjj;*z!G1K+%M7t)XSMD39DWW-V#;kkXA_mh&zPh9^y1k&q4FLs-;l5cq8bmk; zo{zauM%opa5ul69^ghGwxTy15D)V!DA1gm*;=C+4hD z(rfkNk7G{4k>|#Bn9T;j?7?X9F-=GFvNu>c<+Z_}!Ix*B)wR&M(V;jCWgtw>(15da z>GzOG3_MHg*tC<9!EC2btd%OcP4Me33!*ynAWJ09<%y(8rZ0et) zoJydk`~>68cHNqJFd)L78sZHda)#XNQ!&8(=}H#0e&3Z?S*0p)Td`1URa6Ydp|6@> zf=U^`#u+}W2-H@0sdce8wX}rBc)4P$)hsMW?4ty&vOMQ}?cVw#)GQS3H(yJ31GUPS zmbHlW9LE?<&9GE(+jMuz;5_7mG|5nwe zK?pYsK3T|o>0I`uX0i<_$RLng(W?yXU&fjxj#3`q<~?!HD8wIP+=BYH=`Dbp+Y#_4R1C^EH4I3WdC(E8*G0S_6o49z$> zqq!Cj!ds<&ZJ)_Rg6HdnyD}RC4#BepIFy&Wt5v`FJl*^NbL+~PGqHfLp{w?vhNJ&s zPbv>hCxqrn#GniQW6Wp_$u&h!t(ahog#Y~>g-w--#bH1@R3U8=imIlX$9&2 z&v&2x^OEIHyOM-Y=VCa0%S8XCbojsX@}DLz2>^MjfL;Cn_^^fY!!FqA^gEmQ{_80I zzjZ18LzVqc@*e-k8?NNEz&dT~Q-1V2>90>3V2ajtn4sUCvTn{d{(m$b7 z_o`{xru8*>#=8~G{#I6|5*gXPqP{wQu$i#bEVE3l+CX`)esbE_JU*nn$o@T~qDtl4 zDd3Zi^W45~X*)SAWb@DeQr2035*bF z>2M%1L|VE=g945c1{=A-=w>vG<~_de$M^eoe&=@<=RWs+{jZw|BKQF^QDjJr4gN}0 zdR(LBA2{Xvb#26=i)d3mTt}XK3>i~)Tzg+qR;EzJLpHrx%ohYM+zFHhu@f}>h>1P9BfIDjXBlWUEQ;QsH< z+JseCc!7~ej*$WMq@=D4g{T5fy)o7E!-rEn&*(>*0aBE-ovk0Rod^WtVlRF#*U`bj zRh6{5D%AYM@kQ_5FjbCmjH1bgM{8c~?}^Fb1ux;!Km!khz}DcHVTvW_y~SAQz%Mx} z?LC%~+`#97Ht7mS0oKEDGKTSpvzf5h=m_4j zR9N>-*1(tm!F+VehNjWCq_KeTKFNDnR)&}1h01U;Hh*1#b*+@g=dqcvmXrxK5$UL_ z(;fkMkX(`k^ie>g8V!8AU%`)N!%2W(rB(px-EQtZdp#Wthq;%&4t>qD>uSBgr4#Kg z%@;I-iz&>RLWr2X7j4;39GeHqrnPc5!d-ry3KmJb@!iEfI2+hYPpJU`YPY1mdp=R% zewaHjHa_kkX+KZ{JPC=^5^N5C)>Cf;QFB&=bNY7w9kW6kfp&Wve+aB1X<6UM=dgz3 zARTB!f`LH%At1-`Z317O?a6qp4gXtr{CF7p5@kfwJ`L$Fof=I*mF7M4Vd@bm%KS2! z_}&D;p0sXWQfDzGO$hK^zTLF@o7DtQgo68fOdv0aFB}=O79yo;y^K{&;-qW$bAw#z zBekTMX+y1sG@02>wGmI;=6{rxp^U2SCORYUl2!|{U_70IHl4wXyXINBdJ#7bg;uK`*LHw&(GjK*v5p|MvW|XCu?k23SrW&FDdqkR`nNrtW>cU&c)HCW?&ehFD!eC_mYI>WaI7@ zj2o6~9TaO3J@pF?JZs+CXv7KY;WDpB_F-*xwc?G(zQsB|;rCQh7w7c!EL@2Ogj!^e zg}8@Tv4aqKsve5$>>YaKO8f%T93$b_e~d4O-BbPcTI=cNUTnC=^K+Z`>Mh)aTwAsv zpTh?GbJl$KS8WH+H}#KInCFjQoA;7|hrEuy&qI~^@X!<^3yUo%TG}+uRf2mGXi^iG z5|}W#`>pF~$ya>|wPXa%Y!iUy`CTbAe=~J?`@5(LlHwo_y4v=?qn3^FN{CqD-u!~< z#ZJ$`-*ag)d0zt7bwu#t8vU)R&v!>7VZ*{j<^7N<$m)1SiV3MBr62V}JH==uA{2$= zGazA$Vq|zCyUZlhHo8st$A>=XSG)Bomhk6oY2k8WrEK3rIo@)ad0==OeoL{A;ppol z>N~t2HY7a!M+YJohxZ_|DR@1_j*N@}swi^fpc_c3Cm2&jw$RAsd9}n`Iv&^f{Cp+j z)e<+4waI(-Xc7^=RcqUa_|hL}CP670jdXwQto~lDB|krZI_k5BKIk}vZEmu`p$k*BNu<8`UmWsaS94+GXSzut3w2Ownkym;8Vj}6{D*ir0Bbiu9yx0L1 z+Bl^&Z8ciz_q|@a_Elyd8|ByUY$~bJ?#1Xk_c~%UWb^31UTXj*RoZ^X*mtd3wEp-su>oq zc6^jO>Ew~&UWI`TM@o6VY-Y*#1kqtrn#LNfSNA$wG&Hx>znkaICLLVwjS;VU!{{{! z^2&9-eeW-(P@YqQLEQ>_iLKi~Zi{W_ju$AkIC{tVSak5%y-)HuyE{K+vt;xXJ7n*p zG|Yt+Wfpv~)lxP-^%^>r>2>%sgO#vcRX~~!Z*%%DMRe;xO?^N+!|Kv!qVMofJD>1| z$8KCE$Bq!jgsJ=y#bh#4Xk6S_GD?(oYCNCmEpY0sLQ8>v)W+tgC6j#_leS;D2CX{P zhuxrA_MY*4qVOonq!5%Dw--&%Zc*cqV4<(%`EpV#7AMppr@hr65@|m)F|xYO(J zd{=_jayIsQ(;17JeGaFoY75Iy`_W2a#I4ma!zn>7+odGbjFIGjR;1w8rwxLV1~ph5Y6pme{4zl$zrbam^r+ZEZeJkzT)AX`d9Nso;bSw2=sRlR1Ob? zzEti^L`7Z1bam`t;bo6e(gm%fqt-ME@Qptj%LEjYeuZqTaeOE5&EH>QwB8~n(v#jg z`48PY9h}Y|S68(+9^sSL(p*c5AD#%ySt1NDfo*xREZ#>oCE8#U@U;z<8!d0bfq#nn zLuN21^({>0ij$uNt7QnYF*CiBGvqK-lr?(2CpI&I; z2~)Qpy}#WlsJ!77y5)s&Iy>rWITO#DH&&Pb*)C}ykEHhb(zJ}XtGNmt#!k+Wg12`z zAT+%or*W}zy15(T6|)`TO@=oMPk%F6Y&`1p`1KP3xbHBb%c0(7hN?Mnc^7I~xdFqE zDU+*)mMvm*W_h^Q!sEGB78tInDvNx$^!k-Qs#mP5f{n-9Y@9tf#YYs7T2uuHZ87bV zM$RrQN@GfHi>8VT$oHqjDQVQyNEAu8V@cpyQQhSh_B~aggTGANLk0sO8sP(e=IJ$V@5?&C1eiin3Sy8 z4HlBLe&$oi_9(vmCJ+`p=|&s=8cx`Y;N_9>xl*=#9M5FH-pSYe#ohKTQ?4^;j4vw1 z`6?a0$lX*D#hyr6f8QkW~*R%unaqeWZ6jNk#WMvd#<4ns7c9c4S z8mlNEk$9GkNA8!ReuYYsm~!mLd7>1ccIgv;?5Z`GJSQI3VX6b$ytB^<(ezF_dcBQEtw4U<5pzM$%(44mhr~p%@iNI79-hV_Ipj3M z&X9zdqC0?crc(pynEsGAepdyQkeW95kbxp3Ha4v5m(r@7zF9ru4hxP-fy?|>m$=U4 zqR-y)@xfwmg$VOO$9dP&LZ&XkyIwzY-u+O==cD6M;*O<;}ve|)IUXlW!)#I?U#C8;S{+ZUWUHU=NiuV)Z?-zj}Q`UP7 zR{w5YKFHZh2^Ig8a{=%Y5OxJ&su!%-FxhGm&57V0ooxjmo3HWJI-3zg=@Jbw8vg1i zrZQ?E_U~G-r8{`J=&>~;hs0)6nI=d3;L*D)%!-G^`van;HG?r!E}wl95ht!ssBVK; z)cr$v@Hac6LMQ9>1Gc<$H!(Fy_PP_}1tQ5={wF|G!~6w@vbVo<*`FqB|)rGKjq#iD|>K&p-2V$t#38W`R>wa&hNG7x~UU!zXOYb5ED36!H6D z%)$kzWWSGHSG9@R05ZST#bu4X)VIp=Nb>p?5zDVOiR+(}!(leYy#d26kTh$wl)xpG zfWX1ebti4;9}g9v;~V$Yucz zyh@kbWULR5rjMTS=J(VC(FJ7vY~kT5%TAzYRaiK25bR}$-tA1g z`Asi^(tx5D^I56P-H+qWajhT+K#1ya`fWcW6W{*fvru^V#N28|aIY>yfXukkk2A#XQocI@AO_G^Zj#KU3UWBFDxC^^zy0-AlcFMYCnc75;M zgl!c52}mSsU&E6JN=kFO zBs>@oH2-7Rp}nCjVq|GTmu}g1e0rPBf?!4S`goa7z{yXy?%aJ}hhR6J%nPEyCOafR zK~8C;4+M~+l}gl<*_87L$*jmCxox?)k{&}jVn=D&%1-rZXwdZrHEm=;5W~<8pz?Zz zlVAOl8+Gad{@$TK*b_|Ew^diBqkd9s~Z3kv&Ea!Tee1VS@r2?N<5_^ z-a!8J;`Pzm?-|}6rU+MG@j8>&{UPUZt!IO;uRI;CD6$Bpi6^gH;ZBS*tu5~6&23eSGNbf zWxVq@k`Nb~r{euafuwOnz9{4cwt1X25t?zl{e&<#SM(GEIficGA7rVHU5NgivJP`^o9AF$JjxoM<-C6f%ex{K?^|%o!y<} zokIDjH$xRtDxNhCn(7Yfr21Hw(3J|QC##y(O0;y3Sfe|=4NCmC4IG>4qwicjIEepO zR)NiyU-+78=1M0sk0pLPjv5Y5mG&VzzCa4(3Kz2BM3M4Pb+ALY*f$4BwQFSM2a*hW z`E)hnUUu}BtRD+h2Y~#e zFXjJ<{A1hS!&9V3?70o^8Z0{G%6TvW7e!i!TPO`IJ$dUO)UiOi-K+%EWT2OYtpFVh4J>;!h=5=NiNS89>Ie+*n1wmm8_kE;*~w>K!v(V7-R?*U!S` zs|SUT{5|!sHkKf|XvSX)#tN$^KeXddZPZS2HeE0D z$Gnn9^uUW?S32x7g@;}8=m-WJhk}=L#sU+EwSUrbXB}7FR6u%Md$gV>8teNEtI~WA zbPvS*z)Z_R1h_r+vR-58VoqSVrxxc$g?$-bcsKCPQ$mGqCh&o#{a#6JeBSC;Mus`U z^DaBLzN~nB6k@UdRl`1OIh1-e#y=lwIz2MAKICe4kx|H&pH2|q1mp8ch& z3e|A*{InaWS8a0g@z;|SoK)PC%aP;nl-uB~9P-Y{sg`dMTqPI2}qF*fqykdgS)?m~`f{EV*z zb;0a+NkkvqU;K9P?oP?kRi+%{l9<8cw~{Jy%p)xQN2TaaCV`WPe#0*BtK#jnw^Sdi zo?KC5PHms@uN(;0P=`NT`z-KDyh@Ox?M9xn)w|#?n>(=mQ3m~l-RdJ9|L`Sz8=fi6n_WcGoJ;Dgs%;R;ESGjH ztwu{ZfWNBEJC60E>MjnR7oQM#P<>uF(okMYTaH#;C7&>)V%@2dZxm9U#66oQQ#aD+ z>UnbBXkc_SWS-XkVc1yJUY9XRef_;Nc@MY}raIq5b!Ol2&%J)c{HJF}$(6^)ioWZJ zDk!#Z@{2@BC9RBVl*G_4Z@r-%u`1WNB08_AqHA6B?9t_I9{h;DK(Y9fhjYU*sHf~k zTvcJj9|y4T7fVUF|@?ml;9PWE##CeLoqo76IQf@m>TVBtg63z7T+A>H$I zED)@S&g8EFD$2J8{*0kO@tc^BZhp`GrAd(mW+*W?z)Qs;d{(5IB#naQ z6~*(>@t9!~oP>0>6w=pA1$+dcXHZkeI^A-8q8(%Qbs=5*UH1}L*@4ubI#m9`D^!2= z=3(Awzy2oM10(&tN9#J)!xK765Z`qJ4y1mg#jde2Aq|^c{DJk2@gZRJfvoDd(bC2@ zg|LTjzB$Z`@pM`qOXOF07icc!FfEg1)qGs()pLeSmYk-unvu&@-R;?FMh*upM<=+8 zl;ch;lZz)|fp9*I#9@))FfCe%#EJQq{OYpSXw1)Qgp89R3yA zR%>U6&Tu=mKMxV3?*<{giP8A9;&Z;C(o)iBYV+r?JL5_DN~;ant~5r26TD|x5t!Dr zN3jT^jcJkhVTLqf@n3qUzHU6xg?h7rMHRN*n<3V!hu50c5^qSqwP8#h<$Vc;yxh0w zMU4u$gxKT1r0%{zYS}XisO1aad~2XEVDTgc(PSe^1Nan;T#{~<0);_QYmH<2WcZy2ipXr?Ezul?PrL#bNBE>XF;2P(%;o=i-z_ljR}{{-VL)%ypxz;li{>?;FA%apyVPi7+L_>SRx}0=w3E7d3j}Vy z*sU?}r>{mYEDjgU*RFC37dcM}_Yfd@MALutRoRGxte0h{C z^+@%coZrDzeu>Jo?W`(i!)eWOX!$@7`1_A56(0|7Jg{4h&YfjnP$K$ZYjcGS2Wp>f z_WK*9o)M-m?10qy!SDZiuYPw*zWM6*&iusF2j7pY1M*dh_e#bd2r;Q>g5UBMfRDrt zOH5wT_4Z{b_G)Fy4ah8y^Jj^PA+JLAuG$zKNVv2CZ1D`PrQ1fA@MNiKLMLu)LPs1AWvxM4=-Ch9S3-a; zl3G)BNXz@9AGmi6>8TbSs!U~*9V<-{5G_1lTP+PjqG;RvxAKa?o9*MHHT`0q-7@XJTjKsg zC1ck!J`jCi!>=^>KD3gBPm`kpUStYAUJTn8qWb6L{&}*;P~2+pzVaqRTYBT(fa00Y zprJgPZu+f5mo}M8lz9HZqR_5l<^KHcqQ!kx9fT*0Ph87-s=eG4_cP=6=`R*-($P@d zgl^Ot3Hh8BcB$RBk;f}xlmDk`hz@L5r)T!gBZ=EoZt3P}&y)vgXN^;FzEud;%b`DB zgBEFm`=*0i>PMV2r25J-YJQgaTUUVa|8(HPLL3Jg?Y0iwQVRLh$)tIs* zuFM;j4{j_Rc>g+0D)7Z;Ts$Zxe_^7=$c%9jy9@Uo9AUUSz{AK)IX(ET7hpmcW+jaE zQ{{fC$Fi@|c00KBOOMryo4NhIuf)15k@=VKSG*VFwfMyl{})cbR1cY#Qs6+`(d<$J z)aO(55Z;g*!F(`(~~u13!s&wQfTyP8D@R{>a)$m+cJ)r zwkmE2P_a8-o;&jhnURmcoY~AUpJQx z$D!s3auVkLFB}A|4++aMv65KlTiKe+3XMx=O-k)`i zJ8b{IlSN=IzP`2Ab_tCWqn{f z8O*nf_5dP(OQp|a!3TkWdrf4Vyzw$LNmG~Nqj1)ARtfgX7y8rJp9$Nk#%(Nw^G|dO z*pKgNy>w2+L8qISv=nE{c3|BHm~je^b?DI%%i*3t`o{5sS;k&Bd((EpgbW|_a)+xA zx)P;LqOJqkX(%`R6!EqW%e)|`Y@8h1X-q2hm6?xQPIK&)WCn~y9d7saAD*&tR^hmO zdekwd&f3^_*#$yE#{RqL#4e58pN+AB&RrwOC08VRe)fB>Q_dX7L4k=Qh9NlYyT`+O zQuHtSZw%DQ8k+iq($IE!AH{($Qe|(T(O$XBvaAvJY5gbNx*Bfm!0&a2qaT$Y$yn)X zG>q^atgWu

dAfvtK*69Dr2?%03N3Y~LdaRL-yR@bQ2TmR!uPV4Tgqv?R}df}^=a5#Gpi3M~l`QaCK&V8pP=bvuLMwi>6n75Dd;m7E(~XnnRJ*qKt;G*(RW zl}5-lO!U?GG2t0A0|Cke`}XSZN+87(@alF21OKk=mAof64xc`+<{K$0lLQwZhDp_G zI_Xf@I~M5va7HOEKdE)A6_z^->(XGQK7c?cfc&C}^tc|JZc*`-n7D{J^52#RB zYSz~>)07FTJhc($%l_ry8nEKEH4bl?rKeGMQ;+Q+yi^c%af`^r5Kms+#}7Q&n-NVoV-EngC7K)leLs(%oa&4U9}1UGU7TgDo>F|&m0MRU--QxYB;GPe&PA zQzH)5zEn}`cF}#F4BGYE{wM}Rijx-s^F#CP&RF*$S$VxQg2wdbr=XXw-!$Lq3_bil z8-11Fr z4Et%bZsB?bTUM6U2mN&W6y@C-u$X-$7*&rh^LIvpk?gUOS!VA7z1_1p{PsLx=wQ); zBHbjj<0Ea@!Mp)!v>+c}f*vLtG*UeXBfM_Fn@k4(BMg5|Qz6BTW8)P32Xo`Mn}Q(K zKy#8j-*;8kr6hK`F(iEOD$7^L_4ods8WEa(KBl-MX+9sz=AF`;IYP8uwb8EZY!1P+ z$-`NvJct|C$w?l=nFC$oy&4ljTv?#IND42r%;jbj%VLgca)L{N1I3y~%L7s4je~D7 zUmtZgc1e$!&!f>%Igqx($0YTDgy=XSu1Fr{7rtUea2cL$*IJ?JshojV$+5eNdvQ<3Nv1;H>BmUP#iT^d4uo$(jef zeKW`tCwE7SEruZ`b6T`)nSIPnDOP@LXhrXM4(Vewz69#Z+1&8RuyHaVYIezFW}b~( zSmb5^Ta>oHj)i&*$9XV6n8UcOb;wYu`C@qgen9JAPThRcMtALoqH$VDao&)^ zT}4I$0|FuAsG~ACG-U&g^aJq38gk!i3U4kKm9lUIH;uoHF-LlfmGENJR7bk5IqC}=6l~CLZnb* zUs5~Ib25@edw=`%Y8ibGaHEBsP3-%VXwSdax0frc`}aaSjxs52W0rNNCJM@3Mapiv zaJMO~_1F3>b&d0ro_0&dt~UrAcLnSV9p->)s88LZrA#SSEjBb*2fAdk5)cvwm)y(p zOvecbsR-?bo)+qX{gT8T7=Q5Ann2)VoFyryCmtv85X6wi89>4h$Hz(=e_(6V(#q!O6!5IZ?uTIXX zZoAf16u9VP!;(QD5HnqtjZ@bFdlY*1Es&SZwaU^TsODIZWfU7wfBIzAsw z-j5Mv@^M#Qqc`}`e3na>gW2ou`{L5oAji4vj;^dX6vH^`cJEV3jNF86Q=oX6BQy=! zzQ>2;39)!t8%k^pEC_k>&aP@&;}*@;7%!EER-N^2p}OX#9*&GDZ`QTuaJYX{y7do} zm_l@=3zYC_R9Be3@xBxiE%VyC@oaaM)>doLW@f7zlL6qmN98@QZT!HlVxu>CY;PG% zk1BrIS=C8vl`05I`aMBBNanqBHrI%$-?6iF^6>j@LmC~%L;E93OCdj!@}Hhna!vo) zzo5NiP|VvqkR13uMSvt*;Fz97|0;~QTM>XwI<)wzKn3Ky<+{7;_-UafW}b)DLM)F+PWTUZZDIBZmr)xd&LoG+V#o4 z#9~{Rjwb8uzRT7BezOdd@R$(fkwWE*DmfwPuBm{~W^Qa{l5!DIb}=p3a> zN~I3U>UiBtYBm6tmi?XD6Z$(3l&s{h3VoRBop>xLHu~E4xc3-qBl1sVC&yATWIQ1x zk0L~zMOQt&7{_mM5)+Omu+l2c14uvR{;J9{o}B*}o0K96PK zm%tun@mnSKi=%9%#0#C#t2rLk96Z?y+jv{hbhCxW6Uq>OJSDod-tPb2eas_nbsjwC z|A=#kI&cxM&Cblnzy8tF{30VuHgU>zp7w%~!<>)|9)v* zh3KhXto_7w^pm>e$B!4Ln1%j>eXsn?_0txKa#`SvC49=7QHdWuZvrV{)D(;`@pom^ z=~0)mGmwF3sYftlzCx8g0J7K9CE2!B(T@Yui3t4OS^`__egj-|Gk4#?3W zrZZby_s8z|09~U5a@B6nV*#6opw3{}>{|#tk^*?Wa8fK=8)QbFLWzONYU#l! zlxxMa)`H?jUH^8O)h+m>+|uyteJq3!;g3%ATOOcz@K-rdtaQGrPnHk*#C?N8V+0tT zL#a8vzx}o9*ZhqM|J^iJlKj_T3S?`6oHFf})89pdK$Q7E)AY&3Bowf`if_}YDOvH7 zb@^|Y8Zd%R7ZYA6TsHVCLsentxuoWGdIEg<{M2bIP2 literal 0 HcmV?d00001 diff --git a/roles/pbx/files/wave_sip settings.png b/roles/pbx/files/wave_sip settings.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a75e4b3edd423de1d36a5801781297337f26fe GIT binary patch literal 30774 zcmb5WbySmq|36AeBO`>-DWOP6*XWWGQ9*h%l9L);LmEVokWxVqr9nE!U`R?x=TN#v zH@}C^_ndpr_xnBf-gE!(ag!nA*|Ycim5X_*r$Ir=NQ#4lL!qUq`V0pLmjnj~5097- z_?KA?DH-4|T+e43$~a|%%cgK=Bz3V_3vz_ zj*XAoYY}tMDQjtK$Ehk4S3Z4WVrqJyS~)uM*?R`p8D(ND$6w$9Z<2XA5ItXOTpuAo zWU8FNZMFaF@YRrWcycns#Ka`f$<0kqS68<+Z{g`>*7EP^>5pKh((>|?1!iYQ$353$ zH1?DQTeT;946{H{Uao*Q$4mY!a|>FrOpr~|uMV-L!L0|VPlMx_dSpH1qw6_yF$e6J zxHq6Y<}bPME61jrgU-rtTrL_{xX0B`HR3keROKBkp9Z?Qx|T-WHxsxN)I(pcsvu&{ zdwxD5YHi_@Ir54i`0(MwSy!Q6&PV^Foe#Zzy@pOs#g@%gRU;FZg8cm0?fv~X`d(^k zk$LD~x?@;;5W<0D>Cc}(!H*ul`)SWw`}I$msY$(Cw!Vp`|0};&Rr1>t35S&f;>7e9 z4*eO){>NME>jjGq*ELR~&+6Rf0+&91z5jK46-2oTV@WD+_?6@t6ig$ykNha7oNbhC zf&CSBF{mv6{l||3b@ZmbsXTv~?3n1zjkZur>f5_4AN>#4hAs3%J)p7(o2G`YU?W-= zeq`0a&o8;vd8d`>$LFspKIR!-D_s`wkBEl^?eOL7b8}*hEQ7?iFCv3R%LOk#Ffr0o zbmCJ}Bnv-Q#b{Y=k%d{YsWKDeL8*v8ErOyaR{~Lp1MMed-K)@P%vqOEaB_D%!!j1y zY;fwiI;b14RjJXq^3nOS@a2maelj6fo0dhgyUnAW^l=oDu?L!5{kifpcaY(y*L;qN z2eSK}$l%3uSnKIu&`H+$LBHrwflZ=x_pazg=oR8~E)=z;uo#LzlI7kyWg&?tx$&ht z^5FZA??Fw*IxGE|DXrK9_kxz=>4!nr2YLE8Cm}cKt!D%7g(nLk3*{O?E>5+Z&y?bb zlVkn0atM%~+ljyVllKtD;lXEpmW31OmfS)46EjH&H7HWdb4BOmF^_)k))GGH)^^>3 zUJ8%y{sMP)q-x4AzhPm4-@!_QRE1D*RDd`PqnZ?9LpxdWs(Pd(vw9@;m!TPyB%;V; z{}*r3jCEDLcTtHTCu4CU8t*T7JHkaWT>p|`rM`T=Xme+)ozG`y<(=F@C9%yFX*^BZ$M(o zHpOK%$9GUbH1j?r;CRZRy5(eEcE+QVqFPsSPE2;chfB0i)jl#U$A6=E>ZPgc2iMvu z`^;jS<8f1WyO+^Z$20DE=3c{UnRa5LOTSu=f0o%~@Y5ke&i``u(`aFSel4E4TLSm*4Io^*&y%v1ezoy$;o{ywg1)a=EiVFSN zyzd>+==(&6|=}qAh}XzVm)l^lhhV^KWcikU=}$tFL9A z+r~ON&4VFFKP-xTq4$YLH{0F!es43G}dY~ zFSp%8`uZdH`%|WJe5QZVI0lvVo1Jdu2JB$TtvvG86M9R&dUNrJZb_a9R0qHE*(|MV z94>F%_@2pM;NStgUcYo$Z@ zlh{RvIya4ky7Ag@0+C2Y$1W?7YjE# zf&&USXG1m1iL#B_Z5@P61rrtlk6vl#^@B!V|0qo>`R7~L^L*U=apQw*hjmZM7;!Re zRd+(?0P^SKd-^JG$(@I$Absa$jiuh3Id3 z!1H)Vd8CxXqFc*n&U>O}r*X6J=Y+*fU%2?HTV)qrBsSx1_hC}VWv6*ppHQ3J)mD+h zL0NyML+<)g7n){+JZ=Kt6#qzYgZd~|rq^9`rAw=NAI#qqj?f2ANL%xT7KCYnmgA8HEkv!gy35gwl`jl9vE8X`zkz=9#;{EXQW4j{t1P?3w zV08K>%zR&k;hiAL^JLEVM9IKe{E``qjSSGeA{AL|HRR0?HmLiCFVwsjKEZ?p(S7~| zp`ycGn`^3@&}F2n4howQxni-=MjC6Wn!g*ryyqs*$5alk7v<&l|2v7x%1S9= z`%7}ML>aQytM#^aA^5`Uf~Br$LgYBJ(&=<>$xRMUT~mwdYcMkRe!(bWt;#6o_)bV) z4y)>a^wVfGwaWWCl_MIc1?FlZ0*r_)i2l%uq@)AY#ItdI@v`2{SJ_zuf2%k}vH0wH(y0}xBF~q8oht-GAM5>S zn6l5hzZn<6Gbp<&=UZ1VmBdLY{TF2P8-O8VEyo+q^ZvURAs2=Di88&S>Qb!hd+_KT z;>;#Y>_fR7g==h5?l1Y1$LjZ)3a&$6!b+WKa7_+HwUbOQp{hLBGDKsX^ zKVr#~BG|AktilEDj$CFiJgFd|lRKaDotfJd(PzMFCdwZh*C{d1-{O$%oq`m-{kJT# z@;8?Uqre+?OJB1hDLN$C7*96--h0ZsRrbON*NV6^t3-zP?rqp^CP+O}0y;T_R2)bx zHoUwvo*ZINuvcg_i38!|9)(bk>&m{dcUmy?=RXaH_Mxp6|!O5$QYi#6n2g?Gm~aUwG8w}J)r#Y!SiJjQ0sedqpcLdWDc=xeRQ zm-XjLaC=K&1J|%Q1vxo1Nnd-B-*Kj2&oymi6bUSdP{0pf(M4x!3qTsUMDQhCVVp|l zsQbQB{tLpsiiaGNcg!hX(G#(%X>PUam!&d@1@}q1 zAU^ubU`0}-Oozy#)GG9$0dMp}4B;_MV1uq=00Nvf9RahVn*NOpwJvvLMUwbBc?Fe4 zEhcb;3JV+j@>|0J0c!Y`Nu&IiGa2;14qyBvfiJI7eFJgQd*9wn-4ltcb>%>uf;QX$ z24mo>LY#cdasKB)yGS*hh$Ha#m*VvZKjCE>x4`H4j5Cm!du)9;g9nj9Hndb12epyL z!;g+OO z;@SEb*HdbcWm}BUa>c+%Z(xocTVPju5cWl(rqsgeLGk{I%{4p>9@|#Jg{orTu!osb zJ}HIN)zBttm_K_-$zWJQPwzlXVbPKctfQY1U7s<3`X zdCdD*BgcWw*#-C8gaEbyov55$sXEIN>1n03>QRyp3;LU042s|baBzgOm1RF3YlQ-} zSO`)|GV!9pm6HZWQYp|eDYAv}XXNR0-*`PXijiURQG#!XIU~D$WNX)9wREbVPT|>< z%yD9;wO4%yy>pO0o#)f7WMp2VryI378?eaGN3nXZIOy-j((Go|#HokGk<-&aG1;Ny zk(f7vxuj5zab*E*;exldP7J~_8DyyM_ zWwjxU{!d7)bhNW`iRDs`t;t!4A=Q|G+7k!b!L^d%_$;z{K1-01Jy~ z@kwPSl2^`I5W703VQdsXcTdE|nd0w-XS)Y-k8nfgR9n83*}NO;Yuas$4U8Hj zRt=5N07Y8`VA#A<%hC8j<5@fYN!Iq<;!=kF{$3~LiJv6rfPh&#zW^J25m#Z5S(=$m zA-H*n3<|p$RzRl!EM}DVZGxb~fzCl8<$C&#JhLd6l2vY! zSEyyZFsmv~s6ooqch0-|U`SzMmAC@=Ixi`L#3wT*OPaW>X-6h6K7A^qw1U*rw1#%& zc(LwY$xr}QTc$&3jNeqQkz{$01;TieZ35%#q9GM6et{}t;`wmgDCV9!RD?t|a;eAn z^s`r|Tl!6Hl7@hOHPes%Das3;b{KZxfeps_nHYcT1XyU4{W#x3ow{7!?P8RwyaJ;`s zskuLRXqJ)L!Hv?sT{5{x=ddb*5;EE8ovIf@U|1yTtw0n0&VyQwCsPqU_Q&C#0~<|@ za6Z;O0nAhdWKi!Y(Kp%TONy| z5fq%2vR9K7>gIh0mGHu@^K7tt?;cH9p2%oNXvjk){1Qd*uY6k%a*n&-zG^Zubrq*1 zn!GbJroV+_Q&`5KIJV?m*3iAo%dG6#FM@{43GD4O?KTp_t|%lX+avE>d=|Xfi&8ig z7Rx5aS^Bns>OwY%)sKa^y!{ob$-DZvm=X`=opIFaFqG?7$MV_mT3nP>^e2Pi*%g41 zG>7C*vi0Ypv?H2qGxaGFD0W5`yWuy*4ZrEDPz_9Wl3(V;nOx?`8XxpGyJi9~n;|{Z zFT0|D$2Icb=#EH!9Yd>raIaXXm!Dh1Kf2wIE;U$n$Tr*P518w$QllEmMp7)nFHon7 zX~%F^#8WEe*f{KrxlqT?2bHXGI-7$Tjbq51(5faW59oh>leKW!J?FO}aNzmazI`^! z-oqmA)tb8J-Gd>#8Gs0%Of|z+!|E&VtYlqn(dD`Bz7{=@qEp}B7x*o&I27%^JWv)957_irODO{1LdL=b1nI?UtJa z5atH%Ye`}@%iHGBe0=0(cHh^7WCn}e;oS@l+=g3Y&N1ut<_Qj~v#8}?!aagQjM#;Rx?${It4}&TP3<=1|^7A1gB*NbOjIxO$ z$1hD~(Vd*kW3Js}m~0U4_`~w&;E6@>1Q#nZN)ZOZdS*wuB0{C*M1phmK!wG{!$~k# z%#ut2@3`1F3hhnByG068q${IG*7C{Rrv?ksY<|3W-<`m;S}I*lYZDFXMSsLAR0Lqo zYp*f#h(sIPx8$F)b>8&q{3BocJuTXNVqn7V;W?|mb72&4i@nC zZ4bq@5F&}-dz$2U`u&IVr5W<~J`JmlEgL!}ZlOPSK~S+aNv20a8)h6#lkS~xWuhaO zU~usFU5Hpk0o9E4v^KjO+4GmQTXFSp_IB?ndlC`u9N^OC3|o4|)|-$-=JNCCW!W3h zcgClh@w3;bXoce)0(~V-@EtW{>NumSrMFD}^x+7bX5d$Ua_J>6wOhiL_aS&Mf~`O( zXk8o9C4&X!A~{$wwtpEWc7Z{WMb_m2ImkSo8iI`uUSp?n>C}t)#rB_?Ibue2!Svo_ z-)NwJ$BZ_}E`ZZOSzd=gTNO8fB})BOf>bV~nbE9Lyck9~xQG8zB>ko2M916$JSAa< zNfxO(x8i?Ei1~8&KsDLMYsuN!`D%LpYo!nME@HFm$R_I)%=2jz6Ul(qUl zKy6}Plo&CPxgxSii}v|xohAOsSRgIaN3yuM;n#&1j09Qb8grb+rq5;eXwXi<<{pgs z9&anWC3SN@%ck8AvDC$9R;EemJQ7N#9!N#GG{x4&wM|9o1o{GQCT^rLs4EsFC&la= z>cdWoWkIz|M=9p6Xluo0n_1g;3P&-GG~QI4W@EgGmA|bF@|Kx5__PD$-QuDeNnqy3YF7orY6Mb*1`}txvy;!q zT#@KA1j!7>xFF~2f9AP`AT2$4bT|NK!4ML1ktH}R?0t_^TRlkl^t{oZ?I9n}doV+y zmq+Jh;o@2nmJM1jh|UM$mqj3#=iU(|YM8{1a;qv{L1X;2gY0#K?ukqZ{e9Xvo%|d~Ss<0#g5Pz9PC1(L^9eV=Z5(y}H;?%r+~$_n zB)zOarRSfv6QX|5T`$phD!`$89E^@GuMfqSq`LjExbYaN(+YJLv<#Admuyn-nuT_E zIgkz`h!84xgj6-b$l%U&wM81IsRn(`RsJkUe{4`^6EgXPne0nq=Oy}9R0!|UBCxE5 z4$#9-8Sm1ckj;b;s|1Qi>35zvH1$5bYzk^m_nti^Rhn+AiP%Gl46gP`mrS9(Lp=n{ zl7`kjvxV?98ZiggU6E9lhcV^)Q(BQ%KEYV=P$6?FN_0bEkzw>doDI&S^z+z($T{6S z$Q&T|Tp1=#A|n4uId44}#NUvZndCYGcJ+CJwqUQCFsEKuyQYA)OEnKUnkx)Dqu>zr zaWVvvVB-=6-Cr_=h%sV0_yUdIEu%C(6EHh)m~ZjwT=)^rFxx0_wvTOIu83MDr-NG9 zM`$OkO{4AZ_$>QCy`>=^=#Mq#{({?_-kou?%#7W98%3=8PO_|u(17!5xdzn?j=Az( z1Cl|~Gzj5Ny3q}&qfTt6fHL3c(M|I_FBSA{{;dQj53qVbpSIX{y2!AP7b4TJkBJjc zc`NLIONO4jDbKq3cR+BsIWg2(k%xq4k!vg|(msvGS)hmyg41PpN)RUP3EyG26tu_W z^5()hZ?UffrA?L)6(t*Fb_g1b*ZPw`4AjTC(KO-yBhKKaxV&EzZPqZUwL9N3(sr_akz=LEf_$Q}EyLWRMx*h+B5<}Y#@@we$2WN^0=o>Q+Ub3@83OzsGySa=KUx1bdp;V5gKC3!pirh2StLb zKgGj|%-xd+7-jYhved&lzttQFj5PB6bUCT$`v#JrQdz*cf-L@{ zj9igV;!s|niY7GGE04jlP@+%bOk!L0T5T zeC!}s(@ECg6l(bU{xE6tI=S`ws62oy(I`v_^TO&|d#XReu8`CI&p9BI?RM)N#f(KQ&U~*1*hl^#{*Q1xfen&2Iaq5x@wppawTI}D4Eg761dml zH2E9qRxdzI(0#{?YBEaXaTM=suyQ*)nGFS4@QVAm8ezP+VbiZ;(48H%n(dhw!0F{3 z&DL4??pERw!WpCaTJR$R&f-00P^_N^iPX~Dl8MGAWSg+c3b#(^ef(0H9oAPshE=k2il5<{$3x&a=$r80suCDtmuQ5K# zftU7kQ~*r$Vi49_k+sE)$sbRSw&2HS>Qp>`PRBEb%fs{4(hIo88r+8+YLFKX_zziyixGU4sY1OlEHt1`nnvq0huw-JJTkqbCRc8wU0|r5W zAS#Mo4L1@?lOC65o)Xm0IN-A8!UX}Ym2dfq@(KQZlkA==J1rCQZcMUU6%i8?dud$E zwVgEYzFmOOGEacfM909@0zm3O%(GelSyq!%@QWPDy2W1ntDDZdvi(H7Nm7_-F9407 zR%U!BrzhRzBm`sSq9c@*NDQ=}AA}LHY67m!6X1PY*7PD&qf=m2cDu%K8nBh*zz(0$|$+PlPis%t|N9i zvv4hOwW@FfW3oDL`!?j3G#)BS5K6HpOT4sBoI@SsT;4EF!DgfW`Kb`0rf{JTeqG2? zuQ1=QNt~Tq4SR<$7Pg<-N#pb-!WkuncM(Ih8=;f|?R?uH`*ZsBk27Q9s|SrBvphVT z<|PM(3n%~Uv(=!zw|FW7q06joSLpm)93^YENSzK(-EfY(ik6f^j&*ZB2Xar>ZqI6w z*f;2;oQN$`x$oBxFW)5BU+gqp@e@G-n|pYEO)pz&_(bR~@FZ`ECB+T!tJG4)#xqNg z&{P0wvfqz**h`~(^9t;hE({VJp^5i>8%fbIY*y$x9utN%AjY1%ZMbts#D*iI+wP) z6D!OJ+>S}d<%E&;dqj;^Pb=yjX?G-Bu@r0ziaA&bWDAY;E9IQ8WzUjc`EJfXx?1_N z0H=>QNrvM^r|U{)2}34>m7IGY3#Bs+k`a>UT5u%^P`fpBqR+ch4_eNH|uSpAc1#|`X8e4QVJ$9k9WId zOrI*h_I3CJw9DgyBukkajISzI!HY4Y?K_I{&@!p{E8w?7%LPY(HDvDRs-G6-YV&x273sO1am@=#afcR?uFarMf{W#1R$GBg00`f~Mr z0aZ9pkQ)fMnEl^}Cyb1YVjlbmW4`+d2?^8yB2(sfa&-+*Q2}Bxq4Oz#(EKG#n?qF) z_|pH&flZ4W^Cxz&)!Kl$RdiKQK;U8-Y`M7TmBds+rndtqGb)T5vgdRhG7bjDln;L`=p1$7(iiCGMAFLQvw{uvqRwmt+J5 z?(={6K-UVS9i;RcW3mDl0Q(uDeSU}DY%y7QDPFY00qyhGLwRQ;F=< zGTMO6YmwNW+%B@O8holTE3jqrtAzREN7B4gO3t8?%(Qoz`I(ksXAHT)=T2>G+1j%@ zwf)>r3b;n@S#odmq{pDDqGX82csJ-rFJXBNYnj==C#fmX_;*+ZP00k#}iX*+p0ec~(V z*?D@~rQP@sBcUW39rh|9hj1=|4s*Vj$8_Bkl=W=Jv)8u8RlVy%oqUTG9hU1NwfrZ0ieQ}BzE?azmujYj>S^+>B@BHiOG2Q zS_zM_k`h$(Q0YO5i|ezY5c}J_K%s6{TFV}iZ0h@uvJI#5;$m!-!^Kh*+i|@nm)}1V z0n9S)iNXfsk$ulQj;Y%?#EE~7_xP`Qzg3pDy5;T!&n77#ol&JLF~vOtxJuPAG`#12 zWA~i@&W;N<{H0!)ppyABSHE356NqFs5wsVwhv=E`+tb8K6TiagvPly%(JvgDfuUJ~ zV!eJW2G3H@?lAoR{z*RDN0Yi$HUlL0d-w{ zAk&keJffI{WXP}o6Y3|{EF=3vF|jUcKzgx-b2f50p-HLw68oeY#VORQ)vjTl=_nS*B`l3Lq zMi`~NNwpgLk8OkXB)&0x&I(^A*VQ`NBIxKv-u(OXg!JCO&w%8NMdRguUr?hCPla&7at~LMmr!`)6qU>iLt)hiqVz=eIM%i7_Df&hyfL8el^~?!Z11;>Mgeb| z)r-(4Ptrp@dk7dl{n#IH53V++&5+K175hcmX0d)P==>1I#nq2G;q_+*qy^oT=WmD{v^mg{T=pA{+d=k`xjG~{t- zTI+YArv(hjf0@f7LOll1tRVse8Pc5&_f*#EcY-grSKZhqI9m!*#HddwBxm0ZN?nn+ z`FYs^u?8c0{N8Z~t$?7wkMhp7L%QccMq#SyjSdSSV9x~j{dQe6!`KhB@=2Br6ri6A z@aXX*>7aXbHoanqHSEZg==&sRd3PAhgLV!mgZJ=v)3{h?-H(TV|8{(4Nh!CdSf`Y@ zE%ut%-SKST@I%{am(VP$iU(lAsD|^O-o}XF#J3z#HULd^CL9MU)+C{)vlY_pY$ zSVy44a7A8W*{=7Zyk=qO+PZFH8mtF16_oWEDH|n81X7B>A6W5yydWNyS=y0~v9|%+ zKaCoJn9=CM^|7S>NhhWJ7Hc;U^4Ppcgq%A{x)In6h)*0kO-Aq5jOuASm;QWtq08xx zW({zewvKyrNqD_s)b@nQt^RXTDUP3Q?kM1(k0lvUX(~9y^s3z9U`19X1#)<$-uvzT z&mV4&u-U?o-36xnlEtu;gqXx>OF>wENB+*!p_3^GHute_MQ{>>y0;W8D?T0Wg_rrk z6?y7ExT<}Xfb%6S0kiY)7WR){ujst1og{ypK^d>AP50qLT4vZlC#8a%D_{-n;6XK) zRzP?23%?fHeU*(E=9HtNSMHPvMmN}|#@m3}k1~j;I5-aY9>E4aijOWk^o|5--?F}G)E(O|1Q@)nM9+RR6wdHC zEEgs|9|cQ6Ju1KbwWXV2#s7@-d<4YxkcvHW>RQHwye={K9(4Cfbpaa2KfI-I97NK~Jg=&E5@iu} zk$ms;_L&LiCV#Je*UwcZ4)scQM|!$i>0XDHS)?k#tpwu#v8#JEL`Miedc@)>-c=QK zt|I>l;&B7I!{{hyWsM7q$ZW)*7>s7c~ z=fLNm=s%wWgac1K^l9&9KOwJ7FtB3hCZFW#*eVi7lW{-@FO0!_1(aQ2TysV<-$u&A zA5`S=c=>7`(KO3N+J^RzY`|jBdWr7nhlwYObz$(3%VoBJ4r+R*&+K8I!c{;@(*OKa zHy5m9E60h#UrYNva-exA6mnJ_a2KWP57I%URx%Q%L`PlmNk*vuy$4e?3w?7sUf23> zqJ8uWnM$S^kQNN4`K1y~2E)qsCLLDtm`CGYgavXu_xfCKd8-f)2@HUr6?==tA zb?xhlk(LxM!@IyClho$6wZ#VjQ2!`Ny5#_ECKLLw-5ZNscE_+oYGsu(&G$51XW|e_ z!VegWeoquuS$h9@;gph`Ro~lkFep1usqqWYmets1m#?C&yR5UGBqR%iqc}&}(8O9m zZe=wk3@}h2)MAoiv{8YSNcV&l9;p!qpT!fE95pR|#TU=8yMW%q(e|Z*(h( ze=Pb%G zUdD$zBD=dKH6u?Ttx@tzQ<%?rUL#r-3n0QBX$r>h$8Y{>CfOKx`6I0!aM6EJTUJhn zk3Tn#?$uBu7{ndqHFJ7Z+%#5GQS-V)x~Spn)Cr9{!j7aaONZK_QkEjSukz{4Q?0g_ zGa|LpNeconfiitF0kbTR;rp?|1=1ETp}70nv)MzCS`xHhGeI{F)bG{j02B$O=?VPK5Pqf-j^*K2<5aTVEsJP{1p31<^7K{b`MCrHm9hPToTWro7_Y)k)^fz!+ z<#C#ys}^vrF{J~P1M-fJ17VEwKWN0q4s9TilKbBSD%vD@xz7Kk_KMuHj{oFWk~ME* z`2YQIrpehs^gQ-#5m#%ePpXe8umqpewbH(gb%!`vzeo))ELv#R$|~?He`{bw3-(X; zzkxkW-}AuCVq__z6wf{3)8-P z%AEnibb3vvw8t&Z_<@8+^*gz#_$9WSfJITihFjvpv8gUI)vUS271poqLS60{*o zL(SBIa^fcTknO}7)-qWE{agZ7e-J6;)sVw!+y000diuZ0)@0E1bT6_>xncg~MW$<= zzz#w z4_K`@7k;&QX3moeO=Bm2r{$f|oEqbC>LN$jgTvumIG!cp`hAz^n1+pJz5?`C>FHp? zR4K7`AXY5$Rb7T;%7JkPd9;?Jlw?h!mftD4Jk99XVDXU~0Tz^acn`vFnSqCMT3YrN zL{?;&OE5Yi@m)bT$wQaS>AXY=*z_y-0}$q{|AhcCk!T3VT^+r6M-fTfDF@4vNYFu;rWfr2YgK~8 zG@oeaP>J`DMab1rf4tnqMBDWT`Mq}hDbFGK^i0Wj@<7hy6(9gt0}`)8{w_mK0$7Bz znhqkW&(0)juX79#CHr&>e<%A#aEX9p7t5XIgTa0TR}+xp7Ny}#S_KmQ{rwf9G;uCS z1WBg1yBx(_lkboY-=*9jkS^D)DhC<@!FQp6htAfPMxtWRndbWQ&&$jhW&2!>S|FBd z$MZ7N?_nc*r4-u-ihop>H#ho^Pnf34T11RF1xF5m@yKlV74} z^bgB$ZK!S?`?+lgYYRe&%vm2G$;hu`I`Q$WW>s<_&{O7OtGeYOlD)`}Q4q8ecIu8C zN#L0Mq!bbOX4J^SuPY(fjqFRi%W|~RP_F#kDHVrmoVdO@hzPUf+k6AEq3{yV@MZ>Q zft0yBz_$mo zH=adtjPoQJ^#3-&Nzn_+(KlbWG}LE~IX`!GZ=((Q%K7xa-oKOJG+<&bR#uOR6?2=F zI$;%_3_6}i6N!oFAuxb@>o5&4zm~W#*nTUXa>vK@5r%jala(UvXX*2`{5j7hEkZo+ zTPhXG|3z66ZI-T8>I;Ec0moF(={CpzpqxXsDJHZ%d`0)q*qCjlRUX1n#`OU39a7(JZ@pfaj?If z;MX6xa6!}%1i^u%&C@XJ;tX}bk2Vc5hrZm^eCRxAIzN8^viAElx=@b-}VRaYpGzuVJE-chzfg3w_>g48^W1G-nHbV0&CIVD%#V3^HChfzBX=V^4 zP~y*kCn&{%x*2imYY**wDk7j75vE3ui*LiL(+*3lT-oIV5eF~d!I{~%K(N@z#%IEf zCs$0c_6144lZ;YAz`DRjE=8TRYa0h&)p{DE7ji2GMCdqBQR}I^VZ-<8n!A+4!tf&A zduiasgH?D1$keqSCMMJQN(#G;44XhUoV)u2jiI)C> z(hj?&Sz8~)gD@fMUcUKYy_|*m*ptk&gSJ^=KQA$6FP;+6mt}!8U{65K9BcIcciK_Q zS&o-hIr`31q$JyPZ6pYzlB$y<^8%=I0TP&Dq0a4!p?gA-=lx$B$l$S7F5pZ?y^l!| z=K&rg<*)z$X+8cAC-VRQUF~0EPNPR0X8#f6oSgpaDQP+X;320|7GO@eEu``PivO>0 z=l-o9s`>wP2((RJ{N*GkKVVwjpDisqkSSVp<;(oA@YJ}XB8bdH1$K%NpU4$=ep!`Y z+}b*yF7=YR3@$rfNl`gBJ$q0;94-r|A+ZgFw(uRw1}VeU=equVffaZQbwxTNGvBPx-;mZT2gjBq^5@#QQFy_u^yvHsnVP*G14b< zOn-cD9Cn5AqPhlVq`Uueg5=19A0?PgpyVXqayX*B{x989&#*{O_hCszc)CWaKI+~C zm35}ohlPyav)q7e0rX2DHEZ|F#C1quU zNm;|T_Mf(wrg&PTQE;Z|D9{1{#fpj1j+{+9m)qIL2hRfz zO9qSI-{e+>GJQE7&=gQc*>3w>St$beIh|FveU@B8WJ;MPleVE}N>qfDy+s__*?I$t zhs>i5xu%xRnRYQJ^zk&{qpzGHDDcN|0gQcC)gyA zS$Td0R193(j!yuz;MH}{r~t?q=y%?#gcfk@9rw>#`rh8&O+?l!J8c7eb3fS0D|E99 zK7VcKY80p*y`OG|S?@giLiWPqCGl-grEpYFb|5KPpFOW&hM;#e0{z0k08rcZt-dVI zlllb!<9O7qX*=yM&j3$3>pwD5X5RH-k(;I$N68=Eh4b;ck=rKEt;p(yB;ozfiq6#| zKLFZ0!A)5=d9v5bPCW7@B9QTMk$qvXEHcW&_{Z+qKYs+e!gnEvlD+^C7#?2%=`1}U zi&VRsv*`*5QorQz=n*Wwv%{mv%G(}-QzwO_&TTIWt!0!TKEdv`4+y}L`hCAYtBei> zA6JVxjd1S9O~qnung zW^Ectthq!c?(r#7zf@eR^Tar9|E2_iAI!vSze@}{p5nc&;|b!7A3cd6qVd(!iTE* zV#uk~H3vY#QO_Yr`h4JlZuw<>4}j!+ZQ8A1`63l_z6(&E=7!JRaS!0Jy)Pi~vB2 zbE7)jF;eDa`=Myi+jZrq20N_yOOx~$(s>8xhday49)PM=&szx?vGo%;(bQjR=X_@T z8hL^CCbGvH{0U_f3x8EtL)Rz`7rx|SF^gL+_yM@t#XvD@d);yO4RK{WQ1E%`BsuNK z<(tgF^yzD1lj8mEI4fq32PYXKHna7`do>wgf>QBEkSo93m;E`i6BJ4C*1brf|I|}W z4b-m};5N;5{orDzI4Z1_F%<6YeK6Z@31ri}0A^k!yHnpeiUsEHL}wRfy(+{d;^8@8E zt_`l2w6O8{3F5w6qi{h~T5gS1iI+EsQ#Ixa6&5NS4PG4;$BU_o$vQHK!(*-5NW!G9Cqu>5OXeOX*u&^tmi&=1OHTLU zT{DqVU>wYwFZr7W`jAmFz0(+^w|<39hR8%1_>s9kvUTnw61s1l+b$9J7K-t%iTKmajg4udJAQ9Kr7{!u zEn%)!vIvCd9wE5Xs)Rj0{WNA`)DByraI91iwO|&pjJO}4p5JjjsWH{%&2<+@XylZI zJ%>MNFtQM(eIU_RJXXTQ$TWR%$w2^q`TSV;-Q=-%!*=y}qZIiZQ9QyG6MGffk(QR~ z-wYOALMn!Nzyt`wm$$gCPy-*Oq@p&fc;;N9U~dHV<@O*LW<>Z2SEv*a$ug^%?hOy5 zVM9-9m~A<*v{4xk=Fd*jV_#(8z=ER%&_E1q?Z6vQGGw*^00uGtADGLLPzaDJ{2OmS z8{if(()-;Stxry8O=fCA%7MiHxqC?b{C^?R|G>jO4Qdid;bVoZxGOT5Rz7$SHKhrp z_pEC|Ffop@eh&*C7ht>Z#sL}dGT}aLGz`=tIi+RpMnmGMF8j1|LJy?!;FmuPeXcdm zIB8Zr1z~$6@`!LD^m5l37qwmzwdw<5FWCI<-n7 z#pWDoN%p%VO4A@h)v!Al8eg{i7Pmj``>QVaE61-QGVxUT-BMWL(_=36=~rPmNKe5& z4O|i6Tb{jq8O?=y>#o%e<4|2)OH~`p6h*K8v4xOBgoc=Dy(E?8+<;KaO{)Bo4E|e+ zz{EUhS!K8knX;mh&GD8rM1ha3A|YvsnwN&K3(*QtQ$P-}daYnTJq^H>p!X~*-Esio z3JNzPPxa%@Fzsw(byc5YAWrHLE*{dLB9?o%rw*$4PcFIGgZS<|O%;5W(OI0Rgz8(oQ%};Al!8vo+G<2toD$ii_V7r$%N<%-IM5p z3~bh^7Cu%4&Aa;Er|^g?M`uR`qWLhFCYNMMizfFTOc;B2l}6I(;Z7_GwzB)dn(PK70FBnBOer%#(%o!C4YvlFHj-Xz{deV zWH-L$R{{H2dIlJTqBMxD44cGXz;2eO972k>0cwulY;qy6{vU2mRXa$$9{c73=m5V? zwT(pAN`SqSNn&bGm}?H~!zp09uVFLy>>P6a?Cq`J-F|ez$rVca&EFmuAWzfR3aAkd zmKW0#a)Sz&OO&~gUTYwMebCGTUkqyv21-0~x~L(U5iS%u6G(ui=tDAHo3Y()USK@q z&5xykJvFs9oL_BuiJ{N*7Juv_db+b~i zJ?-msyQX6DYeVn-jZV}Uk&B;L%fK2!`sjPTk!%T+DLpL=A(2=#(hrbeI8D??y^t&D zQ;pl;xnLjZycKQyZ2Io_*&Eq-!@Z;Czn&XYpk>GRq3)&Cw`VMH7hjU#rgH`)8o|cfqYLU5gxCoKD;bv z+A=&!ZNTdRwMV_;K>$YWa=B2iiCu$o%Tm5HEbiokv55~(jW_KQV0InfY)XrQ)N%C7?nFqn|kHFCC-(ukK ztgH9$F+=CawwsB{!V%vCXFFJcwDAHuDHAHQEZUUhGCE-paTeim4a4Jl^qL1RWCD2B zD@ecA!^LKff&zr_v>-7&=99!%s(`Z8@sm?834@RUHtM&lzjV@<2V(4VJU*uRCvM!Y zP&7jLg1u`jW;9>=mJk?rcXyjD+ne!)_*THrdm~A!Hj?yj;t3ZArU64$tV!*+_`NnOU`YGS> z^x=76O7{4NN{#L!<}vvEsR!Q|4ta`XuoLZ>iOB@vDN>94ak;6pVfJ(Rkhjru#i^us z_|NVr-Qmt+*#06L;20cuE}J+|Nc9Lb5!g86SiFkShF`xie8w)i5F4)~@D^A<91l(i zMUU~dzl1N<{)2wFSVM8ZS!Mq7E=w9tKj>K|%VJ%D>-aLVXoTeBdq_4f(IM$-ym(O) zIY$B&lp=UD$T4r@K_wAYbIgxEEa~*71VL^ zr$^T^a|4h)Z}+FNvi=ctUxPlZNKoOG0^{I~+uipg56O1>PD1V1F;~=`Xg2YOi0U9x zbsq(YGA4kA;k1cDMfyUHgsNu^M{kFr6QXvJIku;ux8)=?O~a;N9tK14De~!+0C4OI4dqLZ44 zBkO)UrRio2REm&vR6+fxmxkrf+Y_W}cEoDJO8pE7@Sk44k?L{l)_u)>QDY3{!ULJ; zItzE=i!AeFZQ&JOk)8GplWmHMc81D)@uEZ{DhlBcud~Ghq&KEix+mRAVxW6K z{Xcl4y#M6r|HlmT-(UY9QrdqX&VL`y|4nB7|L(n!ppYg+|D<5EhSw(57yf=ov?wSp zs~ex9*Og^n(TRBT7F_2VX@6@d*h=>{RmihiQXI08LPCn+d|OkkF>4iBE{}&fmz?_k z>W5ClEX74N>jxk+%6ge%Y25i&PwhvVEtu^spDGi&7}!d2qgqOS3g4636I3oADsQ8=L9^jD^S2vz@ti1UCL|TnWkR} zg%*NgTd~9sZC|{}zBiGJvu<^Rkb{$T!8M+QQKGe}<+y5Tm&+8$T}kEjwO6_Hp9TPB zwq=?oPS*%s?)Sb45L#6PP-m@ncJB&meA^EZ2sP2k@$vOOW@hHu7`944RrYAom0`SQ zW8s;qw4FOO(EA}*UMZ8(+bbm+v;V#oE>6~nE8=Ch9pkN&p+iaL6}=~f0p z$l#9?jm4&rY`gKPDGsdxN$MKo*Hyzf%e|TaR}92Va~pWCx`G#3eNwHV)wF)ACjSBv z9$OX5$p5omNMb!$DDLrKq51a19tV4*xgylr4^Qxfuy25Jn|{H@`L(J&K$P3xNIf|@ z`EovUs96Q6K|SdwxZV(nYd};Z#>aJFmP53~u!RL+BX@93_4l6N$_b-8}Ki#*5YOrGB*;wfQa1N`=xYXpC>*BS;h3 zk)z=XKt^9*``<)q^46}u9=)^k(9mG=F8p~|Xzt$^BfwsIND4k2Z3$muY|~C8KFH%3 zxn6EnDay<0X@waGT|=-dInVI zdoyD!OF%dm0eBv90H2I+WD1b7)C~*_b{6x!t!%!YX<6$^%y2+vXJ^lz#Cv{5cxuyx zi+ooYj&tw|g;FYa&*2WomCU4-sPea+$JMzx+Gtl6^6QQQ! zeKDWE!RJqW`umE-O0B#Rm*=;vhl`V3Tg!DT@50W?-yPOBO=BeBzB+9M-!w9{(ivmf zYXXvprkkc7LJYz5$(r0&YE3Q8!eaHpLO?F1Ki{9@#{mLB`nugnFbwS1_#}s`!2Wrh zE=3O|-ef@AW3;wQ+!ikLg3j_-uUgts(#;cV6j;-b0L7fJFCA%$b zB@7%&taZexDso`pVuBRq-YdLv!}>8f$?4PYZ2yOAUb9|oWyb5B(fsf!wv%YkFNZt8 zg;C^NutFS}bQwI0AdJCKEfRwW$S)X@C0Hh*QRv;I$Jc)$q8Xu=Q_GJKL(2LN)+*o6 zyfic`VJ(*73zkzWM``x6k-r)1QZ6jCYf+17(e zi7CKaW&9N#{SxA0_5~trI0l$O`)#*p+iMj9*NjV`uiE&RA$*2N*QV)0Po5w9y1rdw zfj5Rt{1zTj=V`jPye}<>S>JcpO47q1AxEKAbHR!R=v#A6#F7nX#4;F}WX@{NqWip< zX1KUks?W{f^lIJZ{9d_$%U(%#SXfKWc{m>CzE^v;1Fz<7DKkpbonX|gPbkQhXew~5 z9FZe^+$wgNn2spc|8!V;Fql}}yJKOVS}cW?XGvr7qJuo0x8sfGC4uuW$q)e-p4~H) z=pjXGAVKJ0_6mT5Xe(i64@#91@5C^{&ramQv*TcJ%`m?_-^651^#d3G5AumbmC>J| zGFkq_O(0!qGvFIh^{s*k>j1wu#^e!L*j(}Z zHc%1DvyQ|0g6EARzJE@mzJ?@+7oBxtaX?4xj%UW3we6SC3{r6ilLfl?1_)h4&z=%1 zi%isBA-V7m2j(J_8RVByd>er0iwVw4sQg$6meLvWrujydo;Y*e^&4(HrIY9@u3_?9tbfkp1O+Tfcp+G zK}N6)=&&E3xFMlZRu7?4I3uyu?U5dUN~1nvD6F2n=nF5?StXMX4tp1jqGb*V!H}H% zoSmlNEnhk~_S=(fyVx>YKHf@8i9-XYw#m{CIfhTcIE~G>4*u@%_*Y?)(;v*GV?w7N z4P}JOPlkN17Jh$wemR*? z^ysJTkoh!nW}y|g`HrtBt@boutS*-{TXQ*dU9czou?AYfJ!{Wj` zR$JJ?Y%#fnf*Ve=>g2#zN5^F^P57UMS>sg=kh?BXvdhj_pomqMx{CMpIfml4)9#%0HtM-CvLD0bFu3K1XJ zQZNcz2z?s>DasxfgqMN#pl}%Kxi?s4Vm75@SVdQRR?X@~9QWzEoSu43guSnB9q#8z z?KAl)_`5L$c={WAnbP{n!iVS@gk|`JeD)g=&U1dT)GwEHc}?DF`gU1Tku#e63AIy} zVFfF`c*ul#1iR1_Jk4ph#0d3hS3WsdmaH@nhb3E(k|%*i*eYg+qWD0ui-uoRm^dzz zaa4HvN{MZS*SvAB;;4{teXk4xcI=U|Zc?RT%b)M|ZBfi^D_6_%tyF7&KAggon;lYI|Me zN4F+NerR(&rV-D@Gz-qh_KmEqH_ZcNG_?GVh;mpWyn!Z*6O$RoQd&?$mt#}i>n_1e ze=*kWFv)2chl}V@eZMoL50RH4I&NkA4#~zlPuujHik`VaY#MKAp0ZcVyMob5i|xZl zUqSQ41@)5jR4x0oOs|pjA1@c(f?dvjPK-^}?h%0jwp_mu+<=}7(jfJ2HSR* z2M?r6%I?wDvLh2(g3J z`| z)IL7k7CmQq>CiO?U^@|y_e)#8DlzZ-aXoV!bN&jA7@%(#-n~^ubfhIM#iTNJ2KUsC@o|GaJ z64-O*198RxC;fEw8<)bRX3ZZkXIk1A^uJC!Zmi-3Uu)37An8&@af9%wL>(Nyy zKwfi3I2@+Eo=!qKJ(XzOPwfUpI*hKOMvMr)JhwP<33glZbti2DY>x*CEQ2-MhK0#P z(rc=hA>_)DSAi$Fs``4oi7D@?@iv9W6ZPIOv(+RC7o=*jEoRJQSR`D?)U|}`h?k|C z7(_6i3N>jb6(tU<@7on>fEUgWQWx@XJO}Qgcwt6|ywGsh4}*IT^;*#40m+<^Sl)tK zORt8>CXS@U-XC(!?5i4SWP9$|8SLMB*ikU2T9BJLQOFa+(!)CQr{@*EJKId|=~iq; zUDa^tp|0j4w5Bwg|GJ!0`oy7KNQC#9h2*RPYTxKb?(2 z$6q&iQTf%@vwL}(A*OrCO`G5nb%h2uAcYGw6#wjEYGUeIkOlrWvV&?IF4^lif5}97 z5++BM# zdipas2<4>k`WAZ9GT=pT<~k`4R*w(;Im{fEzb|29ojNLv?LcgfcLiy>|H{0PK}uHT z(pg(=xjgU|Q3-h-63F$SVp4(2rVgu~?*^c>uEbmOUnkzj*rFo-X>-XsS4apa3I{(|S-yvE0sDIu<@1jHjl_K>^1sn3$Z`cVGPc!L*KIgy>jI?Pw)@vxBO zGIx3iEvhl3xNQH?be3x4HrwPchZglZtNyiNyjOi%(W1Zza^9b$#$tVE+mb(NaI9)3 z5`8)yPBLbE6&R7zybN|k5*PsYIpv$s2|x5lI@B6xbfp0ccKe6!W>#jZsr4J!3<#~Q zSmSK%RcyBe)xHLEJy$KzP48!UYw%K!E((Hzl)uqAY>AD8uDn6JSfKfw6nTmccOD6$ zXvl?kGC219yYmQVtqzQFJ@MZ6=Hl25az=~yT0*BOjj4f2@I=hFllEH?8}|Ftf0+$m z@VzGC5*@}oxA}VWkw(!y3EYVe}#e%m4B+YCLQpHCe)$^3{?+ShtdY$GC zmFJepl9xA_?krgwdmW!&#$O8;S1y$943?aoAm1(^cv=LCgoN)d=3P$JD+{!@-W6fT zO#Ugiw^ER{ZP5}iog+r1`C6+fcFk+(S}o!)FzU;d@0zlQ7v;?~2}S}zAXOjd7p*9P z-qE|^_@ADyWv!N|;a^LzUyR=81R-!Yqa~Rs>}ax(`6-`^4XC;>uOOPlu)5iaDGk8& z4~Bq0bIgH_MyBWQKPMvr?ipn)BH?y$5ioQpCL;dE1+IBSV4bcz|&kqdks~zGKl%X<9q}>*uv$fj@A^;B&;R ziq#x8`@4c~%)2_oPA=9mPt^q|};!k&&PI(z88Y!NelJbAXAM@?g&FCF7Xjg0(? ziz)`1EflYf98yc`=7IuvRecxko=x96QzRQX6zL~7OjJg(VRdi;bK;5OjwtWmj0C{% z>fkLd;8kR+l-)=QH!&{W7;5xNRG{7TaUa!K$KyE&kKY{VBU-!Ps~kGa>A+0Nz+f)8 zhaC(qmo`zQJmE6?a_|?`YH|~nonM?Hr?-*3E`NPSB z(xtH^Hu6qFLB{_;D8w)MW65PdeVX~ui}R)3=_x31wQ9>x^}Qm9_s8OqDNyy!RsN3k zJ@EKMLnu+~>gU(R&RNm#@uGu)B;S&&>H*XA0<)is%Kmc^%PFd(s1DHD32z9<8Qq{2 z#eNs>e-UqZ;fO7^Od$$b(~Et5YqXRhx#Z#*Lu3dEy+%rOq>VqqJ>;D=pWw%5?|TDS z4t=SdIG_MzGwY1g@5ge})Iupknc2i07atwYjE5V!ViabX&D(1mxp9JWo1 za^T)F0sp2^9j!R8*$=_;X^22tZRK584%zd=mKFcxstGcrvB}-CjHXnOM#5<=>PX-n zaYa|6tVBm!zh#66!F&`a_svQaKWCb1qFDfhkC=qd|2i?bwA)NQX!i;R5XSgc(stR(G?U6|#_?BxS#^&ti>uEx%bCmcY<@TH(K&H!{dl z7&e$t;mcjXlI_E%`1UYsQW*z4M{JG2@P4U;l&0o&k=eL?f5RI6dXW~VxUNc*WtcSReQ)>uGH6YjdNNA;ukRN{KTvuu zHVN|Ti03$N68!|TdVK=5C)NGveUys|+8W3tzfAWOohUHJIz%QG7cTyt1NXe7tWl*% z!Qy)LGjq+Ec4E5Dv|s(U(m4I;c$xKR{y3TPoG9Z&icCVG_ma%^D!EkAw=5QDnkNsU zs@Xoio>D7Ii^-bXq*!K55v@r#V?oiOq{fSoN~FsO^!PDh)tjKetx|z|POa7fNS`_I zo)V0G6jYWS~!U$1N#DNd*@v+zsY?nIG6h<|B+$#g2P${sW)UL#L3`rpk(tYOI(*r=G%+l9GiKd|^b7-vNfF+3?u& z#e9emHCdEI_t=Zhkhnj}j+w@}8L)>{@y{S1bY#cs7+zWmC|5|(Z70_WiiezstPlnL zeun&OoA7>Cd5_hFQ|J`V^xvdqnI+R+2&;*{~7P zv#aMuQlt6R#2o7%PF{H~-}^Ud7@(NT=^fL^AfYOyO)HDYFrsdlT5NB4>@fqlynmCqnOkKKof4v`sV zRU;QM5C-;2uIc<>X4CZm6_iK6t$~j{9~j&>G@W;oFB$&rxfEDrk7L2@nqg^BI%%;v z_qA%x16xR(Z?5Vnv&ipUf@%%DmsM2f&)(dOT064kl3vIHq7Vp<%&U!uL_)qkFvfsB-t+vLEywCQHMA{-PisV~BsgPJ$e!uiH z%I9d4zU`~YrnpGW8e!A+Sq|TD3nJ~gTZ1c^lvk4ay*~rl%INd*ukDAQM1r< z^G%9kk(0FzbGp^5F@j!0t-Gd?wp1~6`c@N1I|=M$Yb628 ztbh59|I|l6aIP#lF(K_YOj2{Cy`m`4UOsjbN&?T{a$2_a;FEI^_$w`tF-R#j;{7#d z@T$&hM*Hq6Do{Y7U_=KZ!1!-Q8{NkoCd*Y?%DX}v&)?x_A>kxJ9fJ7KOkSjYi*@Rg zjz%oPriwynb#F83@TSPPo}*%_aV;sopl>D zv=;>@-1WH>ttylbe{<{ePH=uuHdm}s(~X=-NyIfoqCg7HapA!Wk716+@qkSj%cWIGc7PmtW6-M0FnE+-tn@aIl1{l9b>lf{tD zNcR{Ii%MTufMyfniRu9!gNz;*E4=H6i zI*5LSf~xEX-1Mm6b)D7lM>t&*Cl_@Dqu#zVDC!huhWO6olGK05zVn#T&qySu^iks+ z42PfcMkd#IETlRyeYbX8CW8h#{&-4rqlLUOGyc8KD0&^yW-;taQ_d@NEFG9-aVz~m zqufnu%H?lxE&z6**cct36sB9c!^+*7r`JSFPb(`MEGxBCUEsPIaG7esE!r~j<0-G+ zAuBFRW5l2QTbmY`oLtyD`GePD534xOa!F&hlv(&{FTL2Srxom_E}O;)wkX-25l+-j zYw!C&yzu*$iNC7KF2a*A8vWB-|L0a&k*Ws>}ZRhq?g5@vTUf$5GbvzN@R392wLpLif+2 z>}1!I-@_QY`|h`daR$>klARSLgPn>*;ucLL!W#qT0r(&V1@-!S%6|GbiEx~A(o2}- z_@@I}&t?F8e%E^PFRgDfV@QxaWaWWNW_XF>_&a(VehIykXnI+5x7ioxzZH*Lirb~q zethLs4|?FFSAMRC2~wgD7G#$P>t_$YJ&P;!4_$WsjTGY3ht%aOMYikFvgOVTgw+)f z55R6_jTq9NP1~)>h*BQ?vC~5ZdEf90WwWJ}!~_3}^Rq!{BiKsbm3d!3j^dRdb<6R? zx`s7Qca9hfv}~p+?M?sC3;H#PvMEw*#3ka$wk+{F!)LUbg zT$qOm8pW`vnCXp;(Fr(~I0gPlo4v1pDy`9TnVbt5yJ)CkN0NlC-LWB45XQ(}-&`W( z>?zRsE?*+8EmG^Cd--G&D90vGF^ySfdrnf~JK5t4P?(>56R!Mm2(W{<0hUt1l6_|k z5dRmZBSWR&qVW2c`%ue_>Qc<}IY!_YELN%eWhHjyN}Mz$__n@Be&2|SkqtuLt4MK8 zj*S=&cR7;e@(^lXa9bK)+RagNjB=s*;Svwpx&q+p%gPc=9IK3#ym%1Y&H;ICGzyQL zWNnW(k@Azx`e|P^^D8Xn()a81ZwAc$W&K;v7d7VC3M`8XdHoK`c-tk-_Pp(R&SJf^ zwV^mu6j@rk>4+T`Tm^kw8=UG7@5dIsS-2dvm+TV3x5Hu3)XfN%PAPdc;9S(3JCOyCuIPj3RWVX; z;l>Dgk)PJxeS8s-K5Fc6ED88tGf;wAm(Kr@qUl3%Ep@@S!p`huZ9UQ;K87VL z^Pc=?bLQvI^y?iaHP@BZQOn+Q3LlTxY^QD+$<=J>iU{cNkunjqM=vvknyBf16?@`> zy8QXD1w#|d&0DQictQ}tAEO0w@{ zVYK{-w%Bp_`plHaY{aul_2~J9}nJKCS3I|Jtbe4a5E%6j}x!z5U6}-^{5#qJP8W_NZ}cpK|)z2 zafdE_pIa(N8t4sCRS&-!c5E^nEuhKtfbqVFs&Qlw3L=H@izNpy9jj(R;^Ax<_B`_eT2)oL6(+m&hUV-4`~E zatAjR5i+H3rOlAc-e>&!N^*ss@B+myY>BSjRmDLMml>;qzU}RM%*4UYVJLyg ze8!O9MU|pQy{Z#-WcsHJB9X*6Yl5(~*R(I|b!CwH8g=E7PTB)lmEY#k{IcLotiZeX zM94N>DW)+Y`NcDaB>Y-O5?i0|m)7nSmdHsltIJ&pzQmeVzIiJ;m{=Pxf}CncU?63f zbpznl4i-KwGHon6F7+#~$N5yn^ai*~adMt0h%}03)IdXmc2(M7cF@cl@uooFB+)Ye zHVqpz*d@-WiRm@1FI04uhTf;A0Y?o{q(aWSYj~`{%idm4Y;A(^40@J21bo5r7 zEtYSTQ)g@_BxQFdOMf3EyGoQ5*#ESbz4y}3TptJvEiTQ!^W=F&Yp*cDm*6ayNX)x~ zUgs*h2iIar1KfR?^Q2_G-Gj@2qdeunHKcK?)ltr(w>Ufcam;M3Wvw435{TgILL@g? z$f5Y1DxVuoDXlLg9H&?BRqnhW%%0yib^uKx)s9s!d{KEvvLxP~DP4^;Y6KbBR9EMf zD}B#)r?HL%G{!f<9U5;(dy9v1aoRvu`xErtF1A?TEqqf$ z?wO>AFMu`kLfje4R6i4C`myPwS6yk`ENK|$Fc{W%8-1yM_9!iRl|7K(COd;K0>Kg@ z(P!1_E|%IB5!|=mS3dW-b9W|^VlDpZMPHfM4q3mBf;Z-(rlwGM+&+K2;&Ez~pQ*1T3^67` z-a?9FdTpZ9EremXV2BLBT#}xHzFJJ`Upd=OP98hNaVijXX6T;I`1Vo=yf7o{?w<)& zo+KtQrDFFBJaj$Rae+U*24&K>J)sLyHRTq!{Ag>4%$uw?6`QeTY)^>X}HsRtYfuRgpH0s zp6FrcN4Twx%dlrsabtOZWMCC#7PptN9AhY$9%AQ!akySOMM}npbSqy}S%*@2550R*~Gu9QHA8Pe-W($dZbUZ$ zvSZH1DlNN@L!xpHvAbY5f>tPO?hq!tU%RHnjv(VSK!^e*0wio#s*^rHJ%QqmEYNM0 zSLkF>wmXiKVHNv23i`M<7pw5R9nAtfv3|ksi-)usxWaSg;hf;<^4Psf{q#&!uV?E& zwC^kPAJJTq)#x;J*P=qW7rtK&HVH-aNCSU-E^gFZq{ Date: Mon, 10 Apr 2023 16:54:18 +0100 Subject: [PATCH 158/937] Add files via upload --- roles/pbx/files/Wave_sip_phone_connected.png | Bin 0 -> 23473 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/pbx/files/Wave_sip_phone_connected.png diff --git a/roles/pbx/files/Wave_sip_phone_connected.png b/roles/pbx/files/Wave_sip_phone_connected.png new file mode 100644 index 0000000000000000000000000000000000000000..88d85b1cd9bff4c5fb6c967b80a15a8e5786d78d GIT binary patch literal 23473 zcmeFYWmMbI*YDZlPJklCf)yz4?(Ve3-K{tjw*n!!TPaqgg%(S2r?_kJUIv$<&mA-eSxwm&FQCb|_g3i7eQXaEBkvb4$lmp@NAPIDEm!Oo$ny1lV{#*1 zG415Nqwz2)?mZz{<}pMcZ9AIH-2@-19m9!=(5sk(m>U?7XMKMRb#`%q{JQ(8f1*>b z)?j^caS^&wX*e`_1>mUGXS)_c9vn1eWs$Ly#m_G+IB05WT1hXkW~y1Wt@pY+I%3_8 zZhJLzJ)ZP_h^-204LI9DcYTq?*f_G6 zI-qWYaVaPiz{pKU7mDZUxy{-flhXI=2v^<~pUUAHeJA|)|jZHHF zfo$yK8wR;4g51?z;C;K4NCFEaCsQABevEi{gMRInOx=S9B+H^72Q zFE*sF8%Ycl`y_o(@yhP~N~NAdrJa+!>e1~#lK4IU0f+ulvVL;qU~jqPZHl~eqN|TU zZ{B-s?EO#O302`kUQ8~#{7lo>^p}`xx6P=;b`g!QO;?14s=R0AP{fPh*-%Ge?esN3 zV}Ah{@>iP%jB)MUUpJ&=jObM~JL<{<5<34$lHt>8TTFiWI3CHoOnSxMr{aMGvSq6I zbA0|z!H7ZI0pSbycaWy^dWGO`jI;RVK1~U6S_H0&ddT!Y9CUfcTQilwiVJ-<0i&PQ z{UiNK?C8A1?plH^7W7ICQsysKPLB=`X%~r|UU5{opZgj+%-!0vxB1)l2MVK1rQK%@ zP3*TiXjACn*09@V>D`{0ml#6gaMijDK<3h5_#F@S*(b-w3v zD&%dSLsq#CX!J~}R&7R>403VXE|?_|A2iZ=xb&42=@n_qa!j+j#;c~&&HnD^B&DfD zU~pz9YLmbG99d0`;S!_DR;*UOUVC(^;;AW%(78&mrAH-QrDm=WzEm?s;V&|$DU81Z zckS42XG%tn=cy4?VG`ezgdy^L7-&pmo`;KVWeL?$4y3?Z-Fq)Ro7tJ&wnK|G=k@Ey zTr0PKV%|J8_e;rxjpaCwX9)ubMP zfKn_mH}+j9u3mLU?<3TDwbkdc^QvRAAoTVxWLzRvUC)p_Nd8si-U@?fzl=zh#6^8F z*~&7N1mCO6*4_6RNLnma^H}Te@WFsAK_fxuy2LrLHqXeVwlL4ORf|KY`s0>d5WKQ> zd}2hX|6z_k;DY3yt*X;&!vH5VW$3z~y}0{fwCg^e#(RwSa@69Hk9wCvS`MvJ@RW40 z)1Ls=0ATLpqr;>0TEWa4gzkN0VY69mScrx3YD|>9tTC!%c3D`H{V92+=^m(a4V}*u z_1-`3C1@H1hDltb-osfYav=%GKEM7r(#Vs6^(;=4{hwt8I1Avy$MdpFi>C_<-=mHz zFp{?&TR-LL;`|&BEGXdSDQO-AYjl;}TEyt7NnG#-dVxL>3fxZF?Q&HFKD@oSE=uG6 ziTcKU!wxz0OaEl&>eHF&x<#$8^vqtFK*nuHVqm~sU}o{~icZ(=5$owkLQo&-RT$Lr zU!2eUk<;S8%}Q~hoQJ_=_u8BT&C77A4MDatQ2^!gHcJG(?psNb>tFiBr8tgPf2 zgw|}pn%tWRL-yp0x>r8^(JYc11WF^a0|9})lLn!J<5HpZ6v>QqB7ydeOF+e_i;0Pe zZmSp4UQ8VK)0WphJ}!$;=*!0?aw_|KBBq6>rm(vvI>7aCSbv92QgKDaXp+RKib?CI zpB;CrM~&LS2$Jq2XNx=IwxiCw2w+eALZ71H(}8;!)r9i9lU|>i&fAaT_c6VZUp96x zYQj1mt_P(Xak-l5Oo81StvLqg&EtY9K^i0xuWR~wPn#PW=HjBPkL3&ckTfFin5R># zX{z6qH?@M9rF9+7ug2c#tLr(Jvm18>8Lh3`UT}`@h*8;=zuPMK*u6q~3`VB?L1O;9 zmUS~f43alfRvsih@*fn(5b}#c>FF!wF^cYNjaY3D&h0?{AQdY6X?fIjY%AVYHL=WB zQyzs;;U{`BQj_rfcGx-|BG7@AG(nQ`G(E9X#IR z-ny9!1r#NF|NNWoi^~np^1V#>c_dUE`Y4_qh&cBBG<7a0iIzyW`AM7s$eGr&kBFY2 zGVBhv-pF3l&WFWvVkez7u`6{Y8g$%^DKBr)?(d29^t@395B>STnEa zT#*83`%-*=vbYLh3erc!sl*T%Srk-UGfk)8yga<|LO7QX_-En+PWrS+&KbB zNqnQs*m^#re&GIe=`LUL4e>N*@sQbZ)p68Nd`10qCjCT`#5?vam0#kvt?RDMGEw4k z(WYp(bGIN!&gOC7LE1U&=_<^9G>a408?W$Y%%KMm;ST_!{oToR_jPWN7TECXK$=~` z3ByD*KF-KIT_-<@2=E04C`5TL!(gs6rK$nj$IT2XF4|vs=s{1vQ3*kx=!l>0C!eSh zFLf*bW7MN7b7IMPob;1N58#)kJA0^;chhlP5)m*=?RPLmMDwJOq1~`s+{8VMuiqy= z{4?mnfdOxZlq24KAaw7zn5T0jl)m@CI^%Q?h!5F71!AEnwZCR~7!13Q&VSyNg?#?$ z-XXglk#s|tXac2HlqBQT>rcI{md6G@CN$5&v09bI+ zAC`YOZwGsLsyaMPA#fRDIbM?%--q<_9SQQ2e;$i|vD6>-$#X~>NNc->wExdq6|`*F ze)oENx2G)qwc|9iW~?Ciba;QSBzYo9{IGd!{1!0p+O(e4v2Vvc+75RpD+v79XxSa{ z4kKf5h9%41ZNy=1kB>aX<#K;1$3za^UR~|F1Y3W+91FS};|w1Qx~mM43-Vns^NaHC z;060PFWRn&L|OoqqP$NgrGS*6H;>X!H{;c z5nws0K=Yx8N%qFR3rM$o;YMe-X2!PDuO_v?RS!SkZEbS9r!!=9t=}p{O#F64b1A4M zfc5Sc|H{_l?k0c9&&@F7;VRjEqBHcNW9gwHsBV0%PaU-FdXpm~++Kn^QDx8+qC|ID zFO!TQr91bnE7QWhD+moNAq`@e!tg#DS`{L!Qixf?c&b^@a}VSRFkabKnhM9gQ6N;O zwL<67_}29FynWLog&ei5S~0+=v?vI8=Lac8kYjcG z%F?&*DL#5Uj^*%=Q<<{niq`Ee#9kou^2FKe_OiqGpks`&)ex?m>9M z@#QHi$#y~^x)i50fT@&XZ$1kzW$>H35x45u7RAM_0D}`RE}@{cz|f}a%dZ7)lSpRg zvy1t8vI_Td!kf9-slBq>01%vP%n>imK_Uv}`^KhN)a4;LwX^&9JZ!h7WiYgU#l?ms zz4GSnE8G0h&W8#XM>(waoFzDow>u_>t}mM?{@JsKLm~;KM8?v2^p&X{1;&h~RED%E zY41d$TTmx#xY*)|25oxd)8noa@g<3=r19fL=*;t?Hz^i=@FGOGMS$|kMcsr+VA|gJ z!~$jnZa>R+Pg^UYgBJ%wy`?E{KM5c5HXN4#Q9eIYQ_7YvTg#Wml!Sefj8+I zH4887Mfj$1U%s;<{KX8KX|zWSH(WtF7R@zoIW9Cxjm2R{z`KE`X+X1506vwijv*jJu$qmsxNu>Lr#yGRb8Ge`LvEKdB zuJ&~|ScbHufkQqQ6D$O89x*X!Ge)iB=Ye_36f4hIM$A9(^t|gjN}2Kk2|&=ttFEVz zTtR33FEVy(k)kL&!b9pi+>W2P1BTV*j%2tsYP8+87%d~t6}bc7@4;8|2(t*h-08Xe88<&YHZNxj8HYnoYZs|54OM)Lb)ieu z=I(79Jh`IZ#~*Kg1syzAy@Bm~_;B>AJNX)`S!P>CL52UVxJ*&eM)|dRp&{j=gh%%0 z5shBU*cR>HBEPVwyLBKl&ZNYdM$js-oeS?ZSJ(aN)TZ|?ifqeXaeR+0D@o~>16(o= ztX>Qb8u07$Mm*lN%f_ZC+Apf=8n=@nm)`J3j;!9EDBMU#bY4$cnK8q%vN9{aShZgJ zhi{PtI97$e%T87i>EwZbej}0pckdQ#p;5J;Kz!1hjNN=fth%4O3-wns9%xh2K)hoFPBR7r4%$`?QQA>Q4j z=x$zcC2W>jA(WXn0+s9QyC)c4*Zf`Q9yGPV0dcTofhkiObsyWTc~K zg`hDjhiKA8?+O-v{^n%Z<5?sHR8vgkKPTbR)^K`cCZFHo3SC^O)AQ-moyJgTevcrJ z4yLau4~nJ@bOcaw6x2qoq!pmbNS!R4#_kE7+uIy;d;ptR-aH&YD zSjLSq?wZv&S^TTR5KX~L+@@q@H;Cc9Va#tYT{&XGcoePxSxzKx(9?4uGyiCQSLdBv zN6z_WpZ3@M(k#WApBd|wiM-^%pK#nnblIZt6z+yZK=~B3sb9NF8cew|&_~EDofrvz zoouD|0)0RyckH`IXgh5pzm_2i?D{(#BX#aNbE2X@3|Yu0aaK8X6FrtnkJAh zpwIjc?McA9(3Tj&orqnCIqCKc$@~jd~CuulosiH!+Wush#q8O|zO=DLmIutiNJaw3Ug+&^X2X zO+2ILO%$2WIr{vCkR!a=Ml;ntj~u~s3}S~f(8ge7VNKTFKi}R$zmRvI{u+0lK%Ibp z#YAbDldY@qgxgtH20eN*`m*dwwR7D_i~GWPxrRC?&%Xb&i`(x07V{y2iyaSCmz^-e zfIS~Gn4$vFy7=z;>6Qo6zFC%dXRD4Dc~VfiVPgK~;plgilA>aAB3k*Bu8XDg;K^X8 z;c!V9o77ziDd4KE)QZob`*P}xUg*<(ZIX1B$o>2Pr-0fMuC_G6XXzxkFqpK4Bza)~ z`VTQ=2Aqfmd0^hlN|0>=df#XRFn?>S*zAmkU-ya36QjQc^S(l;iBMA=nqKz%(_l@l z`Hn}uJnig@Wnar_R-9Q7=$^ls=kOb!``}M+gqoijk0D)0@8^+m?bcgur2!U_i+O@2 z3{NRx(SJ-$!J<$5pBijG*Xxc5fZYCD38IeC0}JyEMi3wf$Nd1NsB%sn3$S*lxC|G- zcYPl0ohnLXHi-fZK=lU z$t93JA6b*QF~w9a_cvnFF^Fj0%ml(uhax={Xu$@ZAK-)5H*8(N?NReLzP6p27hf_1 zqAw>BFm!L4WH|MvVUeMvVL|0U+Lv$?SaLCxbso(o| z*P~4spIlg8zLMK_#@JEG!go<}Ja50ZwVdn5>86yG8Tmfe=;OQeYfjt5!63Uq%dyGG zn-Hhw_ilWcW(z&BIV%;_-4M4M6_}NwL4lLf6hSZMOE9fS-`5Puy-J*8%EgA6}t=kpCS`_)q&^~1+q z@z*+YFB=mHS(tcqHI9cWZhDh4u+8ZE3TiQr7>5F1cmYJPtDmDG*Ff{W1A#?M9%cyO+y%~w~mr}`>0=*llHiNunSaRyK73B`}7{kp_* z`@$F?rpB3k2dcok(fOHW7d_y@N-*-k_q@mEU?XzZFhnQh3;EKrI~=ut<)>9`=I6rpg26td9^x}erCRYArcnpm58oe-G7<_1`oIRJ-4 zTF%hg&8QcX7Ao_x?DPGiz%?6po{gI=?F17Qe zx>I)}q`bij=fuUKOnJ-3yV?w)UuEvlvG!tTTw0`liFSSI!0o`d4j;CXT+yHR)}Ehg z%(%lHx$oMGE6J5oid*b)zNwQG{24SE5Nw|=TyS=ScCYv(q7VsZ9F~zl+!@X>O^qOo_iTDS3I~UD#BD+;V}Y)@oSdAEK?`ekS2djr`j?fE z11|0dx10RK7A6}<3UL{L;|B0{DmtPeoKC@+p))bxy#tc0G}>g?buQ- zSUc`kw9D+~>U$N^s5!yQ*F?*1+8C;XYj zvhdpU&JYOf3>@60m%fB1M_EXRUiShC3U$9tD~HSK8t$t59R=@-_lO3EClMN*4Qnaj zy}XSMyN*7FvPczuJ_bn556*m7?;EWo2?iX;oaTKI-0decq@4|Shkjk+cwwQJe+tpn zQHVCE_@`%Nc>D=4kr-AR-suab-kK1;wX=e&#b-r~V;hc-ozy%LYb8WlaXVkw;}T80l&kcU7(b z*E{O3FTY(P`@~0+skWJMf|PhRCCQ>2sO`L4cVXw% zMnYA7ahg@Wi|w)eRpZHmtr@c|WW7KH#=)nCQ(D za;{cXx3UR*q~s*STwlxQvr_}$fWilo!ax!9m{uD-%23G~1c z?Dzo)Lh@MjT-?0cacx>7LoEMUB>@Y@EIh|}^3;&DFS$2iVV6%47m?o-!if<}LoxDH zj?UXUv3l-2l5ph!35C{glbm8^4-INr=jx*dad)#kT-RS zX4R~kuKJG0JQzJNejK50X4vqVR$X@9nOECJp26aha>wrAj*9p^f(fTXML8M9LyAhrM=5QhlNV_ z!jPl8)r0)-^!fsT2ck1(nx^dG#k01)s2yFS+!2?$8P;Cj&bDxK$n#XX{vdtEZki4! zv6yy1WchS%gmt5nFFtFrBY?u}uKjJ_;WycMYs6%TCACND;dJe5?+Z zg_1`)0ZFB!n<-%d(i)ZaT=eJ#$|qJ)Puhm%mi}T=AGU0kZurRs{43*-HC=1-l}04Y z;@qu!#gHu#veAYGb1KkoABi?z`qyg*MCO~s0*w2*!Uqnlft%ez;NiJOj#z(^1Y*ci zk0+q@Sw{7^!i;|zE%*uM+7vZxTuD@koy1SrBZ`HxU{UY*-or3BW_f?9&h$5j1i%kj z)wKLeucAkEMNe)+?o@(SPJ+rGyuR#VImmc=Uz{!c@_1jxz^`jH_-x#_Tiu+xlHd@* zlQU8imSf6!VNlfpb;MtTyk6#LJ#!PkIoC-5KJww^0OZ!Z)gA|FC~2ifC(q+szZ{P# z(y9;E0JAH39@L5<1df$>;t&c154u&%6zitv1l)iBLR5I{ef>>J&(q?h=e;K_Or-H- z^a5gOIN*#KKd`CmYqe>L#%LZ1A*!da=&WB~U*DDcL*1C8W91gbBNFY;cmC|AJy>!* z6ZbN&h`;KE4YLQ);ExB5x~?|*4-*Hiy;uH{>|ePK^9@nY#f`l?0k0hl3RkT;-Uj_u58eq_ewxI2hR0^z2sXWMN@XVv& zi%i%|ZO~6RfNlsaPzJ3TldL1p!2JE!@DS&OF zilfEpM6Q35=Cd;MQqvdU?<=VwD#*@IXT44Rvx(YHSHs6mnqW%8Z6+PHS3%;Hv*cAx zAAE89soZ{kbiL3N^1Ix(9M)YuaTD18Z0{%7Ex~`X=6zi>@jJ(}ftfDwLKfIbOl9h_ z!V67hebq}7pQY$BMZ`gQSZ(>{g_Qy?w%kUjO|y%4XiV!9lvXkN0$}n){@}^AU`O-v z<-Kxh{G*j)aMYs3^JDowQuoVrtYTmGKeSU?niwp#Hlwc?y03Of&hK^n8%rW^{{E-0 z!~!**{_&OT;5TbR?1S2!Ur_u5fwyVE$q=5cVHTArz~-o1n6nOUbhNiW0gJ!G(#(7J z^dI#`K|$%`UxbE#X#T|_ti(rDYC8He-i=Jdw$PV?m;A( zj~2XzCEOwwnu~)HSP0rj1YH<~#3=ybvQ61|dc3pTtaM!FoYhBxKJ);{kk6s9)pyX&FR@(O*JOLD)&q?8FPg5)?w~X+|RsQ-; z%GZ`Co>O{NDL0VsrnTUY{gkz}f}|7!c+?Jm4+^hhAWf8%4{P20jSAdi+1!LFGM<$| zU&KYRV*z*Zh$-=xsC)oZHyb<=bIMnoXtZU696z}!Yb;$hLMXd|<|P)C(pQ|PUCSO< zeX<8)3N$Ah;P02gqM|J)-f%6=s?F+gz7U1yry-{nTRB+A1O^D~1LR^P;mtNlYkDf7 zL4)~L(a)hKwnLupziK(J-PJ1)jT{z~B`FskJ?Il%}Pm{V>sRt<*Ucm7Be`}Lt-O}Z5sfR_cr0ls0PDHJc!{QZ- zOE1%+F(j3XnSSr$^pWzvtfFCkdIdgW;{T!HVwwxrqX$vY)T)30!_6rw>L7rVisG}a z@}GhKYF-81o+B;j6)5}1sV@FcBj?ZmWwc^E+!|n|g8xg@_SOFbo=!8FMwP^lC_Bm?7u96@znoS(EgwF?f);` z;iys`rHNti-6&s${hZY*1U_^?o{g^~Rg}<<7k&0*>MbbfRo3;J=dsYaT1c}YtoKIK zSALO&Ott781biDBq|q<{>EgLY63TP@b`umlw60QL%RM*)*^x5}BD z_mb^<$IE$Mx020Vu4tQ^+xPO&Dqh`tPtv-y6?M`vB}-lUFY*?E;=!lCer9w^ybEkY z4X^yS&G+tgBnV=z<2LDok=BSi`H-=_U#&x%thKSnm`u^W_AN!?eh&d*%nu(C<`BdT z7If3ANa*gbd#NCqrCuJ0dcj>2Gx@O7cn2nXBt%ZSg0qUAF^Vkl{ zc%M7>A$h{N#YM|iSX)(ffhs&WG+IDdxCwM&r_E9KCYh7BGk>g-j%_Xin|r?$D6`{?%s9XQfzxERNuZ+(Q=3??*GeVubCKz6J&b9h?jTo5~8! zH&6D@YM0$KHOCJrT?Z0g`|cG*gU>TZN&VhzvL}XwJm_BrJAHH`*tXybh?eaiiT7TS zIlo@vSa5Q2Ils>83Czz%&nHX#)xW8bGyO}y#@N+)zPh2>6;?Tlq}v_)DhS&d%W?hl zL$fYaTiILPyS%P6=bX1jcul@l?94yNv;w_GzO(;2qTFJ z)7I9GAwl^~3}p}84%vqeM(|AJ3Qs0^(lZg3XY^%)o9#x){=;pwnxDc&&Os z8_~gx_Yb0_jBb)0l10?k_gNf9*2z-0s*r1a%fpg#61tBBEVCe>(A`-Jv2B?G#=)Ii7#$iw7&oFHQ4j zW3qER8hyA?SvNjlbhMoq!^_mPs1QjQ~S9vIvlkWW$RsN67Kfq zDfoo4&Bu9;>xVxE@{o%;1y$!vOW2P1<}|%$6fY{RSxh)+g6;HX$zmz4SzZ zor$*WcX^-A4-M?ZxH!se-FJcK>Dp4Fx~7DQ_p96~%m}I~cEt5FSTJBemS@EuJS5jD zLQ938h_@KMzPPvXcy~l7Ntc-MuxZA71;VIF3F!!tr3*WWw?KPu2(gq^A+-D401bTz zY&&R#?Kf{G*U9e!DNiG83>~zkAL=FVk9*;HE#A8XJBnjXA*ouY*?~i8x5SEt7ns0c zp1zaPbS<17l@-91q1NvzOGM0<+Cu*t(-yv2c@C}_($O#p&)kAIembU`sUHN$rhg1d z?B6uni>~}zL(iu8?h3_e>nbRBmVeGYt6Seh=Nmk8C2OIM$hdSDXPeydawK%P-_`fJ zQs1P@uETY$y?f_VbrU(4#0r*qQJrX(-b1tHeMhpEPN+0dZP+6wm@e6Rd%ZBDCs>X? zV>n<^ni~rRKjl-ZIoLr!De$j2*{YREQ{cjmMuCKADJuI}0{;Y7sF3>_^$gC#8{of$ zy3YzRVV|}_0O)>LSTu|$HdOJTB+e`%JDK2|-jbwL+Dp`Vtls_qBr%Hq#NQ33PhAC3 zTKh~^MYKn9-A#S3*(Y1*xDaMM`rp9bsbDTauhG~i-XjQ?y&E6G2Gm^?vq6guQ zN^=&xnfj_~j<`=Ryl0v%3^?138vY>mqwrzhp(yEt{dM|y2x?j~j`hbC(d7Ed>kmxgc^ zlNICBKED8)^ZE?QBt>#>a@vZsV`GWRwb0yovxbsUbmyOykUz;^?8A-`=t83%jcrW> ze07|7wqH0s)rUrN=mN}nd9JFkFNfsGquZgZmXoj-~egr2uhDBudm9jZ~<3QN5pV9WE7UZki%&09x z+X20T&hwz6w+NI{BK4^Hqfx%N1?y80JHH$tuxV*{-X>b;95(Wy3^P__4z^M`&8#P}e_Pve9uXyE zQ|zpL^xFwFeKWxL6bUv=sX@I{LOd(*`<7A=>P#AA7}l4DGKLQ)&59K0%yIbEvWlD5 zdIn>QBswwzjmr^Ms{KER`^-6MVc7t8g!a9m^$3af4*HjyvQrw*Eh68$gQn>7q6tH5 zL!-Pp4|osHu-Xa{P-HtpM@}Apf2i{Tg^Z*}rsc&=B7~3PH_EI5R2b zR+t9NAPwj@1D02j-^KYOX_`@EWFX@!m=^$cVz~U&TV=6wC!I3%Zrl8jSyePl^*8e- zeL&vu_M8Kib;BS0!1?AgbpV@zwYDQm0eIptF4I)uOPbl=+o|2Z2Zw%8OR?|!WH#R? zxg@@!NvV~RB zcdfl^YWfclB-hQ4#f8TzniF=l>IeG|3dcuhFYx%KzJ%vz{q?4ZI!>Z_zKNTFNT8IZ z>ZBaK&Num`>>j!M7wnfM?t z_2GBZb!K29l#O_^WnNpSzO%=(Tl_Koo~tza^sAt^KC55j>v`9sHMcs4@kZiFbAORL zl#v(8E$`N2aOW9GD*NbZdq3F9bmz2Fq>Rns|9@=Hb$;4+bB~D3{yH4YwUq-=`sZw z_$bO&`I*VEx4OQr@On}dHhue0Ti9cpj}Zj~Mf$MOW~Q0*T%zcrQ9qV1CNyk{_=f$C z$rPAM0btF?0@V>pcChvUb)Ik=V}t~D0N_wWw3J?mLjjXF)@ij6z&-Ps;+>KJ-B=hi zIF@_xZ@;$KO{uJN!Y3~l0`jqt=zBWC*2Zlz)%}($Qd3}&!|MfSalV-tECw!zd>?&^ zQ@mY>wF>Ye*_-t_#TQfbH*m$7ip#mLWNox;vMTzH*4)~!IVjks%=KKzhT@`N{&mM2 zahpfo+yj)E#U%&)Rgyn%B$|;peLnEx_ zuO^VZn%o+y+!W$BSPlZ=CI8a?Zlfxz;I9<^uwPQ_SqApGPn8v@_d(7_DXAHr@CM9# z-qB2sQmh-7mkUUNA_t;@Gq0-%sRyC6i`vOblt#(B18ZSn5#?5%01Jd-AjJ=}hmwlk zGw$C!yAIM1MikZXXnza8RiAFF=@j9BrGsYtiO!I>Y4SBu+tKL6XW1h391>U0^rbgL zuV@nesmz*()F|thP3*Vjq^VdwV6eF_;e(#^+N}NR1?Rl{lUmTpHq*LvOY9P$4lD$` znsu+kAn&%9b_gA`%^lKNT*?1MRy8ZpeT)3+@~5%DgN5~;xHV;0rz)oJqQh>M3_FT~ zooLkYx!|_w)H4A?*{1mO&jj7I@m!(kk@%q$x=`fr0FnEt4Qsna3qZExnhyPv)b&PW zuPyuEmoxE&U)(4uvRvl$Lx*k=E$*atV`POJhdRY^wGCU0D_tIg-7hzl55; z@Gd-0Eiim^Ne5OAdOR1}yVPfC@dKE=@gwV`Nh zvl=%{3kagEUg8Uzp4xI9t?MlMK3;okkK}A-eUx=*hhM1t=>J`hc{6J!2T{0NUMjVF6>1;JMHp(M-6d-_=$x?@0LI z%`^QfOqj*!E$tpKYSNQ-y?LZp6PVd?J6A){OY=;SR&q_eY#eS2(X*c=s>be%hEv=X z>yd7DOI6}h+o=V5x(xbU4o)PCzn_)gN%;7>d3Hl^5T(ExpYU50th$eU7il!i$BpTA z={K3{estUWXP;Y3vWLs1qRCfST}`Uf$k+)2 z-+8OgO1iJ2ZQ%VK_IN!c>U%>qQR~-vBJsQpH9eQo1hmf8tQ?`}A&5enKA&bBgxn;4 ztj$bd>V3<~S2!TMUBVK>%n%h#$740@B2Ai_<2~`ctOUhZ;~&;;E#Z@Z5+#cjqKWK2 z!R}=enmj*RGR}Z4byGdGy!_jWQYp%59(KTQ&JR2IA_JVd11np&CoD88s&s2uZ|{C+ z7Lv`h)XeZvXW*WEm2f)!wvjHyOhfb<6yE0XpAxGe@i}F3G$t2FA-^@MGSkP6}%aIt4&RY3F9c)JO0LWk%{>SD{S{uLI{n5 z!oSFr-@m7d-$AYQ8?8g^x!mXXW-te#2ehTBgY_-iQ9HBrI}{H1NTgi@^Y(r2}(FN zOCI15VW`2Al zzSq0A$ z+)ij{aGYki+vW~)$`x|QiRkfoFq&p zU%p>wW$cOBzSxi_1W&v`CRm`M5lZpD_b@uyRLEnS?EBTqIs3`RQYbqV`QCxWQ%}#FQ z+i~vPC18QJhw`>vaH3_JQs{!5O&{>Cd|u*pm%ln9cW)S`V)?)dG#e?V-l&l#i@9oE@L?=ma7^L(YFD@}Ze39O9AGYL>3 zMk2FJ+)iGMYl%P9dz3i@EnFT$VAmurDV8sfO>!-B{VC(jrB%%3)!ST=-qVg8%i3fJ17(~>&$PeLg4n%`}N1;KVMG+_1-RB+7k}Ox6~LmPxFAcs9hzack}|;@T?&%>U(Nh4M{xX|zpWdi^^sEL3gA z!RAdvhY#sKVmK4A0WZ6asSJVIA4g-rL<=_5Ml-zcyPzDe2d1X`F;Ra8Vc~>A%imfw zZt`9p;dU!aAd+`K11ILl+e0(d^*1`C^xPQ}?HAV0At6_tcD}2nH$qFW#kc&s#`6Y{ zhWvtsiz+yQHgum%wQ<#cJm2jqXs~lhaXX?j@fpLMe%#u2fQ|JC6SWj_(pH1x;pgF6kbw7EL8ARLL<*7z(V)nJ7JhnnQp~zh=o%=+_J;HeEr6(- z(3|_WSm+h`$#M+!N&7Q37tv3&6N-TrevWQ+PD=%6nux)X7YTG1i@iQ3cS=GG@%i%H zMZix}opqFnjtwzmxyksQ`hUe`>E?06MSK7%BuP92ZF!IvJvG6R=o<^CNUIXt%uwgb zv)f&#w|B=?U0sf6JK9%7nkC~at>fl(8+1YAqTVi#dDy`NQaItH7g`vq6Wl-;H z+yjI+^K$Hgjw|AivrAynVCdC-oy+67SnkH(UzaC6)xqXyL^i6_r_u2CJV`D?RYqQB zGF9DRHZvC$tQY8mp=?ZkoUAg;RePe##;~3MfL`IIhJNis4|%5tguE1h?H$IuNJWUn z{MU97-M~D+?hCt-|9(&RdM?0%67Z;sD^JhCQ9x~X+ThFD>t!KS52qs#_`3M=9YG&? zdV#nL9`dsn(`sMl&9|~FX;S7wB0!)=QmR`_vD)ruMY7&S;5*ElzZlz*iV>u8rcj0E zGtjp|ZP&iqZ~N9AJIbH$QrnZl-uayK_CI{x0pwr?s-V2i6@suLinX zAjQk$%qMa;U62}tx)%g5u zxy}vgc+tAtCOI~$+moje(#%{8t_TFBWTsMlOif^AYDj!N>7sK3NLchQPpKTlh>*rX z3%fr}GwIm3S<&p?sQH&!Tjy=UDiG-J#)4qcceBjL824t@2=(F$6^Y*V@4ZmrUSQ}D zNC~#+FEH&~(XTQky_~L?ivvmuSt{{&$%r|EPB^Vgxo?5)G1~0}cEo3d){IueQVO5N z)ioMx6Qd&fiQSh-$mW?5Dqn4Sdp#2=xR5qEQaxn_MA44jX#|%fejLoV9!YS_m%TWZ zRmylxqGZwI(?l5X{&otr^T-NG7Pn;dalNB&ac-XH0j6#BEryS8_`m;xb?v`J~L4h`5}XW&YQ5 z^J`>dkMF*jTk0y|Sk>l79le`wDpCix%nf|Qyq#v5wH{>fIW z3kl2oTapnWq0kvkBcdyRE;x_rrWS_w0m_|CsE3vYIl!&b_9viAWK!V^?_nSBKw`6w zdyIEw*?zoFikJe$^*WU`C04QzHIjGLM%LS@!hv~wNPJK3u{wpUX)Ru={%7;t)bfli z=?M5L<~(Svt$%7?{!1}#;#^P*Da^$#tV6P88oe0WZ7-0qpMuSm&|z}#QFo!+epWtN zIEC-c%|+GElQ%NT8;9|vT%f98Nlu^htf+wJc&O$16C%ESF6ZHRA2w!9DHa6|yWe2F zURFzpZ&C?=GZ>@rs%VdU{|vmal{3hDPb8FSYat+mkXZ@$XRv-QL7Hg!OGSm3neCdC zPJaESV4o46w@^e&o=ICoi_%&ufdwvR-cl@x))#-@x1xMr&fg(469(J3rE62rvgvs`qlp)SL? zmpaVNMYFUO7gUo#+=!H8<9@k17=?M^KM5Mz;FhvcW`PA0llbh_%W98@fh=Dn=goEL z-UW0dcXlQ0{|Ffq=Ip7#ijD0&yy{ks4`sYPPMX3?uRDFecksluN(bz9*25r`K{`Ag zh{;d^*%J|gp+Zum0CoqNMq%NR0*V5S=PeurhFiy93CYa_fk+2cdQ!7p*7@{$((0_j6!V_5MR z>5q9f-jM&Hukk#KWyiIN8^T8Za-8_#2mc(Stbj7XQ5N`#bp>k-|Lh}N%7t^8TR@yR zXRP2l# z1cl~S>&`qa4cnXbx(m26I#LL?)kj84i4{5wZ4(};(zkWVLnjjjUoPyVJPgpp%H)2xDh%+i= zJ_W~;LZO0Da7m6Aqq~s9_#VZ>u`?$ zah>RYyy05BCIOhAp#kyC1;3r)jz#R@!=#+24gWMY(gDPub<)D))=XqVJkI`o0r^ip zq_h%rNjU8^Zj3^{z7==b9 zqd+Jeolth25%_iEZb z>}Kor@OypO)a#Z{uOI6RuF3j+KX+|-APy-REh9chLd7A&S(14a63aJwH|^YW&$U}`xivg8&(o~*THpA_H|$40`cZgRP~ z78q&c30@v0=k60f2jIolKmF-XLxUn8zV)qdg$m5GB;+A^iQ5;1M&eU0Pc64AzkOvmhcf;4x4#|INZByF z_}~XW7{a3Lcz-LxIaX=J0*FFE_)M~LbAbHjk$u*=rAr4#oWA?r?}qU^4+N6;STMu~ z@%i+pKOOeRa{buHJ{BHR;8_};u;w`7P!GvFe)2&XV^LDx?E9yG`ln#oQ5U&`McgP~ zAdYc;PpOtOYijg{-tXafV_v>`t@XR`%{=TNJN5a;TelmpcP%a14{yA~es%8(D|8%e z53Js5H{JJ$RU7Bn%Jp09u1A)6Lq6EykCLs<**9>)P#yzx<6o@Wd)UcVpAsFenyXj4Iywc%DB~8yor@$%sON z5|iol3cxx~H1dcv8Owfd2~x2r%vZeP6(Q44JMFa4JH6ozZwLjCUqmN3>$BV1A-U@6hT|@)CxQ2oO8l9ap2{^ zRL)B;y);xRdP^)bCM`(^4U#8DN#hA896xxAn~Fz;+*d^L!kXeOVOS}hm7(TXV1czB@e;)^d1jg)ette>f;-&3$I zuzV;FIvgwuu7gOEpVTutHaanWZB2T(jm7Cy&8=SP_M#UJS-&sZma!#jB0Qi*kDZ)gawiu9qSuNNBXY{uLvwsPH8 zyZin}ZRt~;cF-X+?9nCbZT?|Lcn3Bkw3QQ1IK+Co%l5MK5B4@V(b`)l*vZGW+p2Z_ zAuijyI=%d+*^4eX(H?sIX`AI?EV^f@z3$@kY+H|yo!lD9cy`2fU~X!XX^=KolgVEWc%l-)-To;#5Wokj$iU#U3kM$oElTG$JY| zJs@F{`J6*R<8R}pjbR`DxW=T8NrO+ke*gR54`MdnaBbpEV_-d2M1EsKW&Y?#KN>0y z=^@SdBX39#@gzN@pS%MmYU!zBB^#?o_Dpb{7zgr=r#IjF*0ln;%C#uh~g0YXf$0uW8Yj&*`OU>|wJ{;^CSb%N^v@gvV)_qx~FHP>7d>RrrJ z>Kg0(x*9RzH$w;j)+F*|=TIdYhr_0~oUjzHII9w3&@no6%6QwtlmgzO6Q+(QIa0 zlWkpXw&saPZAx>U9XhMQjy-%H_lfMz+iwjMw)LKsC2xDAdv6(0NT?)Kj@SrT=Sfw1 zB6?yfBae$?D&P3a8|`zS`&{U$C~OLnOvV}^V)P7{&WI1z2xcf1js}YbLvMhI%+rXx zUf}hwf4zO?GoJ}V1k6o7DZu9(DD3fu3PR<@kp?Q+%U}L-`}oH{9)@tdlY@#yg?-O^ z-V++p8E2jmDidiXpXj|1M8Y6EDlAL#6t^#kc||_c2(Us}zVVH33}yI|m%JqW_>iF^ zjfsYdb%6!O5R$mFAIpV(SS6>)NtAJCD%{1^|h z#(l)0~f(VC~|ca(>NgUK2VC zo<^n|$sa_B^TJfUFgAG^mMS@f_A zNWUH2npsQF2AfgeYt!l~b`aYx66Zhf80%j1q@8~Bd~0;Eaj&-Mrt56QV-MRICm+vm z0&VN&P1fXfv)_$^y=BBFTdDX|42&Hr6g?74M1^ByHknyV93yg!3c&LhJgJBOsM;)J zj|SX2<&kB!afA{5aII*yu%F|EJ)Xqt#`v+05MV`7nW%JBRF;SWc|zRS4&!9f-^vdcm_vrRgPKb-|( zQ8wg3ZMm@=t1{x@M_!agxbZ1x@|f$zYm=8TPe~6;;)*{SdaSqjiFv^~>BfI78$^TQ z4xJrCHHNTUC#DT3f7S^f7t=}|iTSfvl)OFpIdx5~wza3%>RQ{w)2Q9tZSnr5$1M_` z`(*6nnraPRB^$kdHM&(%Dtp}gP|=4YJSSKtPQHg<4tsRMaH-@6$iqACe9-C}o9(Gp zPutPQ9BYTppJL&eHV=Sqt=_|&(Bx&;*OPxZt1zOC5jxSBR+b|Q37JHOlaaA80o$?Q z*iYe5Xi;1!DEt7K8w)%7rBbqtJu?*|R#eW5=TP|UuMLaqvK&tcKV}j|#jHPZAYD<^ zSjI*Z^MVRX1B>T!95{C{-SJK9d6LEzuFD@HP5ffH#QcoQxS#ySx|%h6R=CAYoUsU* zFX4RrkT%LOraM$3cWkqtAud+sSd|fB5>~7Wz&aup>rfOF{ML#~ETP z+HA_Sj_^`x!YjE*PxN6=|MnhhZg7EhDJqjzPy0yhm5@NpWLzu=_5o%mjcg?F%Q^V< zPzLty%+PDFjQcq^u1A0Sn%e8KjB$zEz;iOM^2N{GU{2JHA3n7VV@MA7@9$6QOJRu={SROI0Rra~nky{ePlRD-n=9?Bi zdKJ#*Ja122hh6T9h!AblEfRdt^^rroZ+aw#3dzVS;6%?uGZ>ypL?E6sQo|W~jYvE< zUbFVtzNGfLwQ(6Pu94x+VHwUFAuq;~-NmPtq46FH$6~ypHtxfvad+2A!hi#z6abhX~?WMO1Q!wcxf1zWjgw%!fZd>~UGCb>Xphci0p=JDT_o zf#84al5iFRf{1Y~jz#eaZtswg2(ceQ7{XA(8*eTdc~g%LF$nK;b?cuczmf44A6zax zJG=ah8X0k~K{j}LHP|@0&q0eNFmN`z7Xlaq;&c{5E9hW7lH*iNC{%Wg*57 z)h9r+($l_184;&}WJ>Hi{#0~MAf z@6DhB^K*CJ@e$vN!S`YKc{lsXce(L#lmo9BAfIEI@PaKdc974t6z0vFm+_8DF?wRA z#$K>?n-^WLS-U2@oQG{J6o@^i7<cWC?w=HXpUqI z;JqwVQr;^XGZxX{eWAP)6-$Jk5qQH^oKKM(9|wGfg7?x=9^|*Ik?}Ept+Q*M=84dr??Vcm5H2F*XdfNF*fV44|?M}xFt*_Mnu>Sf->-JVKKH~35KOt z@Y*4z#CvSf9LYWg(LhA{`uhf~k^C*_RCxW3{U1X|K754*f@Q)jck*8%GWOKwsVtIl zCQJbOAGd#*kVRNzW{)4y@`%<5`H!Gr6~;L%kq#C~6cUztAZ?tXBJ)9VCjSr*Dl-*Z zj1S~D0z$n;JaEeIv1h1mD2K-xDsh|}iKt?aFNjIBNTO9D#)m!vmSB;y{3og<CCB;L*w;y{DCJr=)G9d}=MCLgyS?*z!TvvB8CTao S>CycF0000 Date: Mon, 10 Apr 2023 16:55:59 +0100 Subject: [PATCH 159/937] Delete Wave_phone_connected.png --- roles/pbx/files/Wave_phone_connected.png | Bin 29085 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 roles/pbx/files/Wave_phone_connected.png diff --git a/roles/pbx/files/Wave_phone_connected.png b/roles/pbx/files/Wave_phone_connected.png deleted file mode 100644 index d9310b44a852130e3fc65c0de0a65c43cdd96e90..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29085 zcmd?Rc{H2v|Nj{Tu_i=qC4$ygwJR$2wXK$}wDzcKi`uGUi=EghEwxtF@@~~$TT^Q+ zrD$nU)K2VT7ZK+6{>+*Ao%w!e=A8NCH|Na!5l*hdojcck=enM+=kxJOwAl?KHfDZi z5D3I}#aRCq2t)%19z+NOFp~M9z83gJ<8{kO7gX9Oumn5-JLz240f8zKS&r=Kf#*!_ z#`nEIAnx<051K2t&XGVM4}~lGI(INOYhM}PS{r;m37Ygj&Ydyk$RX+L_)0M^>v4g> zx*YUe2Kp7|gu^@924*m>rLT{X?|=A<2ZL$B|K#cEGBYh{)YpHl-OcT9@Ua%_OiA*p zO0gnQ*lhb`s+{^)-|S{9d-eVO__X%#i>g0WPGdc?O)i5)raT5W1z;)ZtQEf73x7)P zSGg>FfAdZvhVET#Gzxx`YdH1pm-U8BHM@W^nT9@5(6>C>m<>i6-O3W=DR;6?N;b93SZQ>X}V1lYZ` zMhar+$B(K1eW0G0GxY1%95Ar;)T%MSS4%X-lep~=7GYD9Vcwma_R4gblX5{_EaqdI zXJDj5L1%uVT3XrTYtF5n`wzxSMjaA0N(u_vzrw+ecS}BfvbI<6m*{K9zCY{oK1*%e z!B=Cezr{+(gCrlPy0?wJd$o@~O~!J0xKw&=ImtP{zawz?T+`J>^uW;20&otMQl2`2 zfq^Gj7o$AjB%)KJD?71wa%KzW=P|Cc?uW2;s=TT=rT!(|vt?SoGx1uIH23hrez7*Bt-;{W~-< zv94luW;Ud{dXImRMHX+DsIixRL27tE*EILSm*d|Fo5(FHa!JIsQIJwF79hf#D!%8C zxuv;3?zJ~?O?Eeykw~V57UlSLzrJX>u%wz}E9BdWbz!uXR43X6FN-xEkBpD2 zzx}yT5@nKo`M1_Kw#|1H=ip+RrTSB*evWe^s9wWRC}wS7R*fV7$zb6hJ*b9@LubP0 zprcu#OZKf`StCi%j9TT{FGjzyYaZB*1)Wgi3*u}~4u>@{FQL?z&flPB9p!%)XHyxI zBJpZzlToGv^CgGBiZthWJUn=pyNziMz~)vS5o~-4gqjgF3x&E7)TGOANbQmN^8N0M z@j4I9hTC=v?x^yc`G$W!58JGS>e~wk2|fSoJxs3unQuhVTUuPKcFGMLLSUw7a=l(A zGzm9sG*SZcVw_c@qV%!m*50rDdB!(@YyA28r9Xs5QiN>XJar_*p25+f=zPV^MaC5 z|BbI-MS?R+Vyu!n%vFkkyYN?n`nsz627cS6*4n4)N{YBI;!dh}dhW>)@x^LIXM--g zkmh)q#`bqb>+>f&MOuGq8+R{KzB_5omI`XkcP=&^@0N{87G7YANw1x@%Pi!xfuB~fKdAodBtJ%vJqIM0g)y*d4FitS+kGfR#;-yt4F!^b3BEd?u z@ioBJ8ST{ElP_aLLQC^>9tTtR#`>}QUnYI;Yi=bcVl-2iVr`G!xqkkA@5Rw(=a>$o z;KPl;4ga-Ht>X&nyljw1$b3#Jv}IP!y=?G?dT--qyjz`}@Q2ibaYb%hq4!OlQ|;BW zA8n~0_9YXtv4=|&rin*u$_MB* zC~);Hc^D5b-rlPd3XEx4p-i4MLidn|s4zKdwq_hM3o{d)qZOFBqZh^Q{ZspnOx+Z% zR+P$i_C`SG@!@dO-l*xJ5xIh9-TVO&+YcthlfT!_D%N-mYm!2sb$$vWZjIyx8&I(J zYSo5jY4Nx_0mt!zJfB8UHW8NKCEK|G>(7V8<@fg8;ScEW8Bi=KtT8bpXx%H<%aI|D zwA!DoK3v*#>}TrJDd>Z7gnim?I-yQH&YHwh)~IsR=jnGaiRHAdL7{F`P4H_GK5 zIu4G%Ozg^JDmo>kowW0aH{djm4`%mlPj+pO-F-(=&-|RCQ52f@v%0p`1YC&KHlgEk zt;}RmqfyI=E$%N1qs{@N?O!#IHxntvoL#xj0ij10OJvW^<_~>o>I_n9LS2b>{Tj#R z%Rg+-CxqP1mi1vRSq`Xoc>8jjCQfFLZ=Bc6CScQG|ND{_=JQCWVn1rOwHaxmHTLYw z8j6j0fSL-X8yB^gv`@2su}PEag^_0sA31|-ydGpAkbWjuH31Z`;Xmn>7~!A7Q)6TU z)jBGN#;ke?b?XTgu)l8?o)W+7TV~X8^Q?_$YR&Udx z&Tyxb*v^2Ql_eCRN(6AbBLdf=__>9}P6o2xbb@tb z<&TK!zLc+xluC4Jrqlb5NtZymWwnX6_DntCKTdZzPQrh57|$GeoF8vxLV8Ln)jT2h z``f&4SHHaUJ|*DfjZ;odw$H>L;B8*oubenqP#Lq25_%+lG!M>YKi*1fdR_rP_6|;$ zYqz_6BiF9F-(xP>XcXA;R~RU3Zb4&=kDF5k$EF%KXFJDEsFNpT+kHAzQa^UDib{7I z$8hO@x)C^8GF^N%&ofN>!DmgZJa_p0PKFh05?ZtEi&nTIg>y~>o zC%zVW_8F;qgoWRX{Y)&=83Np%xtX8dhH<79*K@=iA!^FX?T%>E-6WZ`hS|T@Tq&sv zcv$oU*U196A$gT#CvoSiQ&y|2-FDS1z9S#o=+Gm%4$VT4}_LxD5bO^w`C!P;pw>GKco^EjjE1`0XmDuAO+t}4d zH1@}5<0I3pyn2-zyAz5cv~Sf|{f-#sNjEId8UFp(`8mElNmAyvAKv!x9(y6bG|vw= zjtqJh?gNi4yJmKIa=R?{ryHX*Tlu=tB=~3Tn+Kw-JM{u1d|~IE&+YU8uTatijU3kf zVCqmJ(9`}xgd!6kZfTUBx~$@zE_>-5nn9rpxp1VR-WN4=8bH|$(|V5D_;(;S0< z-A?vtqWpca+0H}BQbK^XO%}p2@VrVTfpu}+Z(K_%P2_l%a}zAOn>Dpxdn1_Sr{6?4 zg~}ntFap8sA(qDZ)7Rzsk*JdC@`f8l??fSGwo{)Jrl#npzA1byX!@~^>7TAgAMD)c zc2c|1PDmPvDAt zWfvDkez&JLq{C*5CuKoni#JvExF zHNm|7-JL!+=-Ah`)-ESH9fW|$2+hx+o>}5pMLPjivMkDyJ+=I?Y_DA&aoM|LTlc-$ zQ~dbQV^9?S}zjA-??h>^HS%wnc*Rxh0i%*3|u;Lg*)0_*;%|3=|Qu!mi$V$cr{ zQDl%mMA6C5ghz2YOWL#GdVo)tV$Y>k!9YF?tv-h z*B5v#{&+OEC8Dl$hLx{!7j*OadR)(uUAjsPDHvXm_q%Q zYEDs?X=hTF>X2!=ZhdHH44=oX;axo9n~0TPeAL%3LU!mU`X7vz(f+iZK{ZJe14}{{ zi+nQ#3Obp1+GMYJ5j3Vg(x|_~2V-p>GzyH|wo#eT>d9Q8v*LMCsc`3<*e2pGx)s(K zV!j7QgsR*(DuL2o=P*dj+|CHlRfkFA%&FVo>LE2}UeV#n+2*T8IRtKD1p6!L{i))S zk9QM}W~b-I)MkXkj!>bx$2XmH-U(;_vN7OcLqn)(< zO5>m7eREWP!*`hJ7)BV~UW*@rg&*Qxg6d>=hvAMPKe)rGaSHa=!YfC-$}}|g;5tj% zsT$qd;f%E3H@Oe#S$KB#y=QJ3{E7Yz&r_)rE4>&MLkMRkU0Q(#F6trZB4IH6K$Rz(EfyX&v)C$s#AmXwslNcF#bk~;IS&x+b(=dW^K@I?o#Nh1Vi}o=j46* zL$0wM_@M>^C1)SssaFna&4FQ49>3(hBz(ScZ?|ms>-k0%XxvMfM0hK%?%IwMID!Nx zyb}4LHf>!l*=iar(YBQ_k6=$*^e424Jvu|gk;7eI3b{3jFTm-P+`5S<$0!IZ2dxM5 z4-lGz4!vyW6P_*1HZQv8F~U4AmMdYD5L2WEP7@K3*nCKfm&y&L3w6AyqirU>l7tX5%-6_WTA^@x zk+(-mO7W(1n&?+aj4gQ_u|KK_ncn`qBjQ*qs7qgoB@Yv@@!(5G&`I5 z-X{L6h2ZJC!ZeK*uOCWAUQ4&$3OsyM^f#U3Jt$;qF^z-5^gUgztsNJAI{07&z zA4Ce=zYN+J2AL!NaAt}K(xIvtX#)+A>S%ul=jrpp3K-)8VOJIoxFI&qud4UbcClme zW0ZdIK;UMq?G9rYFUkBHuj(0X5Y95j!^mEe%LY8rBbMnh6LaI3fGXGowM5~58DUKV zF{*QV_su4PPWFTLZw51R+T1{)P~sxn!ct(dR*JA7G)gXC>D&bKZMoKHPHqn2*n@MN zT*5GFa3h<825lLSDXpo%M(FX`+bJN17!3HG8x4x}-CfU%RA?D3O$=4n=B zN1k9#WS9eoFDYHZa5Xnk*W4OSC&iT{$cz?)IwmtYRzk#Rk&z2xvSj%}WekdD!0V#0 zu1<-42i5D2v{;=1Ic$cP=4-UpcM<8^0=PqttEpsu83AYE@b!luI9^3F%lGHg)+67R z5_lJML>Q#IIU`fbvjFR17r!atF1Z=`TE>6=?AxMTY4vE)EZaK*D-`H$X)b*vs3!qXUYCYcL zjN$2We;F}qCV%+8(~XFSIlui_)e{jL0E2hOcJ^!Pc9Bi@J1+E!aOqYNbNmle8QpCcVguUr)!uAO`-1RXdmIvlY8Xw_IsNE=IMy9g zufXo{NRvdxe)ivw6~zPvv|Y*V5VQF4@PV!$LoKO$Q!1U|=e`AtJu;5o+=bbVri_n9 zw{Efjr|EsTj!CPR_K)<}CYclJuG80;7@p(d>z#HJW|Kd(lHjzdZecKZFt0}wMDnuV z&STqKIOQ{iSL)N}i;YdXK)Z7vMY&U9?1gL+wj~U+k18rn9wby~w_C|FH}BpFk7*g{ zSb2L3!^e9G-Q3DO6+(4goD7gT%ytXv9JX>N*CqUZHgs*v4Fj5Bu^qPd{C2((nm#tO z8L*u>`FuDb;v#<(L;m+P8^0$fdfef^>1VVj<7N4AG;unWIXIP8P^1q#sgHxZ@l3lI zD5R$XeyCQr{NX~NdxxGKh#+>rz&Vy@n(N-ml*5j^YISYOLmMI8^^!d~#?$?x^Xq`$ zCVaFb59#P(z8Z41qK2rO<<0TQ+&XB;~W->m||BW3)Dgpx`JFCC6vh3)qYTyMVN zc+&OU{)Jz?`?n7zc%hM!&=|yiH%oj^gbF7zXrNtVtJDvhs%=oY-4 zoGBn`)y#E14X|vT5zkkD0=g6?PtBhb=j_x*+`;u#MOXKiT?EB6+1BUiJ=J;pPp zUSJ(qx6XgBGXAUh;DKXH0M(*@lZ){x)T+p6BqLN(SNI1 z{>#xqX`-1XCCeaKoiWOC+tIjI(TWE56Pl*1*cB0tT)eJ4nu$pCba&0_d6O2lW=!;m zA+L@xQgfGbk@z8#wQ7K058p8ZHydM3OjZgFzw3HFZ-yQW#$`~K~O z1>Wag<^4^!#=hN5PA9NoJY>rHh`UF4$;|Y&BZ1s)m+b*d=4-1^n?G8fbH-5fmTONn zG>r~|8C}e|OoG=tZj+oz(#wTi{ zxL_jiCx674g@x7YA}ut+#s5AbX0J|_AzZ*=69L=38l0B+zv}&_rzbmUPhyP>j~CWd zsR)2v*9+>1gmH?navFwdzW^7BCaJlVGqP5Lw?{Fv@oUwCH?|#u1HuZ5ElkW5p2-DZ z$}k|V#AE?8Ojj?ip;L%+%P+9`0+oZG784;(_gdO!rs9EUl3DP95J8{?-a57EjuQ>V z#Wy@mRlcO`*P!M_#56mGKHmHxB6guA5jPuFt5YsR%T5o2Be-e4(>MkK&Y7#vgm=+r zpK6Mp#>)39m%-~Q-g(mdB(QzC@J3PXxMytVU|ty=?IMRyW>+wVs!9)jPY13L0kfV!;rnxx|}{ayIxk zI8oYkG%VM9F+z`$utRI0Zz8t}vAH1tE3}wvqieY>vZ%Ug_U2YzDMpPTE?hhWxDJcU zu_J(I{`o|h@)>~82gy%x` z$Oq@cWM6!Hj`*>^Ip;MMV%GznV=fnq@ex{FqtHh)sl*rv6bglt2-c&3I~SPC+d{Zn zpunrr`KBt{vs==J1{F(sXk{>{#r^af9sPG5KU4}1+d(T6+c?)>jZ+hzU_`g#6PH+p zIif>5TH%9Yh4%*wcRQ@-vBI1vk|+A5zgTLD9Wh*r&0HR_(2XbtCXW!zV>fmF>E!2O z>y>w*u1JCK-QGcA{t>qkm73ODbZD-nd%yQDB_N?J7E)(zdI7bj&U1M$8h%X^C%D}Scv+O^fFFEm z`*IitCu|%lH=-?65H!%lq}Qz?PqP|!o@VIQI)3{GrO&5vP%C@7;nbjR6yvj4LAR!Y zH|_kw+~wH*1n&R+>kN`ERmh%>G(~NO1K#lDitQW?mmDj<4pZB?i^+2wLWSHAZiF#} zhUE&5jht6nQh@|Pz=LnT?oW(GMBRNdAZLVM$Z$r1o)ez-{?%HK<(yq|XPxh8Z=20y zmo}6)aJb6t2>$4o9$MbW@xs8?DLYvi)~GZ+#y6yOQ1gl=^NBjz6EGVOMn&b5)p$JO z@)N6uaM=WvGW##{a&ML4C`NE7y+z#Ge46bZvwKd2X_qEVtJ?4nv!(&sxd?~LUZ;7% z4%jVn#f#)>RxEWpALL8A&NeJ^wW97C|GiT30%Xq7?(9ZH<<^vMok2>&B)^T6a|VV@HWz_3{tSQZ(ceY1ss?AmF&jL(iT2HGC#y`^QI`7kI#h zdeVY~U>1?Y^6LZoe$Bh{E@*8u?RM_?OONsK{@pb?&9H*5L?aqe==g{6&oQ%VY6<2v ze;7Rk2;>o2`X{23+Bq-o4l}pf(Fa~Ko=iCI)ud`1dOw+T(rV(KBbwI;0-C9g=FME( z>`m>2%{OPY#>%;pFF9RqXvMyd#&3BQyz1{ydzL1ml}k)1idUL13frj*wGeLt;uXbm_wFM6D^SYE#qkHPGB6ODEu<^5JE@2d($&^8HVi4)pVRzn zeF0%Bn54PYR~GM|im*L%*prrX+e)ZwtbohoF~wQM{RQPMBU;L-zB0{9Y1|;q5D3^(53*pUL+G zV;)0}Cs#R$UP*hUU)C#=^9}v#>tuM+mFdYXXWj5W!+1HQf~f6irf zSsqZ`Cj;;CypMP4QJf0Q#qTTbG4Zr+Bj575trM-@4)`;L@l=bh2~v{-N3(c7cCw6C zd{IsObR$FQpIV{)=xfhp@sG0`IRnofUI|z@Ee?Wt`nUElx;J5AVL!O=BDv-8Da*;j zdqH*=CU*MN24L4+P7{z30mVmsr0SchQXS&i*>c>39$^_N3qjGqsSw8148upd7%CL5?{03Tlfc!1lpL#VPKV6wrRo%pTvxBs}aJN5Xs6n zb942N7IkMZ-Z<)r3|<38M=SWOj~^3d@q0R!x(pnnuW4f3WeLF|tltHF#(z!@&343Z zmp2G#k(%i=-U{lr`Z9RGdp=-_4)#|D{I1~U2bM045!B7Zpq*AuuQ0Q`=l8Uo&c9}- zZ|#a+G_r>ngvd9ZP&f9OBmEd!Mk@CIL}~5_i~k&Lb7x9xaX!!!kVD1!Pq#)KH(~_D#Nmj1tB2OzB z(187P{x{uP(Q#jWT!Kc-TA#w2S3X=Q+d864jiL;ijmu8ZVrSV@4y*EnInc|7Qx)G* z#3{bZ3Bys3Ia)<^FDbk<^XXQ5v1;+b2&`YJl|6MgpPiP{Wa#e#2uWdw#Q4E6W3az`OS3CFt`lRog)=NsG(zG&@qtK zRwVi+i4vkY!YjjoB;NNJd|g~$sz1zM_zvneo*kUB^2hLwj*^o74V6i>*M>mwh~zJ2 z=#yrzLe_$o(THK0$3d&iXf59WNjzt3kV0?!i}dqz6O@e;l0Woq6q`IrUPB~OB~PDj z&K8$$cMu1t=@$PHzm-oK#VXTu4$mKgi<;j%g3mJx$p_1;ju$3kck&T1iJ4`Y+= zlM@MNx+!u?2ze5JX|&kZM9d`1?#pUJtdW#nc=|p0<&LoYfHBwF?D!xw{-aEC5A2Kx zWt04O13TQK=PnEmE5?@41S;^&7eQ5fJXJVIboug$nkPFW)Pa+j;xKzw2m$i7 zC~Gi`i8a@-^|lTSR#wpSx&dZif)eWfyi}OkFg^Rkj2nd-QURR)P;ktn<8H6kur>#D zLl;*BF)|&QqhBr#-NLq=oha803-d&`8gn7or+gI(^zVcZGnN+xBt43Ue^K8gzysxU z%s|u>4C$V1t5Wn^f{u92y&@L3*jS@hp0Q8JOZbFN7(r8B(fO zT<|DKkA3qqH@DCIG&}xwiN3Brzcyf<9XkFI8TX#|Jh2(LbwqO?5cE_J7xM$9+7D@) zN%C{zxd8(jh@m^^iLOPI!-7fXC5OnrnT1f6iK9oBI~^(y+Fo0Znoe%AtBYv_1g9f2 zN(MoA20SB}y)3-0>!!*=afP9N{Xb9}AkRD1uKmi&D)k;hLF1cPw*JVQA(fSeglz$N zba-z5=97mgsnYfpG(Ua1Cm>daZeQ{zK3e}uQy45=8DZH|)#8wUqvD1ru-Vsqez?TR zlLDgSrb0HrXLU_x#_nt9cCgoT+qI4CJz%lw>oRs)xcrQu%eH=!Y=l^fc-uB}11NDO ziC%Y+rmPA=!WuNtj@%3$zEbs=XR(CUd0)3c4o}@ZU z5OuR z8XR)^FFk{1;JKtq&w!$AA5UTXiEmwrPOXcqH#rPCa=@}~WP7f|QqM}_LVp7O zF{Zl<^?FG}H`J)h%RYoxPUB&ovSH%m$9Org3JP9$J2mZ+1Ha+d$)?|wwU^gqHYuM< z!XRZAeS6r2&6hlp2KT=VXgCiTYbg4vvZ#!9 zai5d97P>WMAN42yTMy_LJ#=Y&yKmQ<6U7e>8mE$Lm_Ec<~@E4auZ_YkI zS7TVL+N$1JVU#gwl-6>>0l~ceS9IhtK&8yHb=N)uB|F|}5sePqO4vQOHQ$KQox4^v zZ2``3O0{oEdvbp8VjokPkR5dT{*T5e!54M1hl;)PnSzC56_CVU`L3BfxdSxRBLUm8 zag#S-Tlw?d-L#ltldbO~&|$KWDYN{U+^mwaeT< z#&~nXc7N^YW0St3U21PuPq@`vy-Awi7*ZjkiX{yI2ThPu?Ua zPC+%^u3Eb1d!C(i9x_|YlJFkYCUG298_Q0(G#~FJ*I#61J<`uH9CoB=+W8_UO{ndl zswp{o7Fpw!-#jJV-F+6tk|94)cg|K`5X|{U5ePffno-R~L+V(mnP0NEa;96$?SMKDL?E@3^ zbn$abSa|o%iuCZGUlDPMTiY?=M_;yv{j$OKfq5eGEk9^-h0U3U`=t9VWaKMzF|V7gfFc zk4|Nif}VBuKb*r0h_;Wu(7D=5rGot#R}x`)+Lbc(yITa(3Y>+LuF_YwOC!w=E+qZ{ zn|xD!^;T5*9te}KJbh8bPeAq_JFG3t;tNinT|dTa^FtsZT8?wG^v(=_iqL-ZqFN_Q z1`QBCZeP-g1fg3s(uSq?oA{(}CNQ+vJ1F0cvr$E$SIy4{5g3 zgl`kn?G8h_V8@)W?w79Nk(fI0^dpV%Cmc^W*zw%q^Ws|M=(UEGQq4dSyzqXk*&CBL zq({d6zi@a69skHF0Xa^C7oOSdpp_QM2lxb5R=SJ@mzqD15Z~*#z*n(7mJ>6#`B;yp z!k~NY_lL9(I-=Y{9`$7`dAKp5utR^G>X96*Sr+vKfr(SUX{_a1v$L?)-hKD;&o&It zy3WNml|;jgc;ukAl_6>HvcUU98?k+?8zgxJGvSh`dg zoX|?^ipX<>hvcEL5zKkK^h4KR+}0@jh!R%7Rf zUZDLey9pCV(sM{(@6PNGA;fZPs2xpT6|$#+*@kX%FNyJXG00g6*UQsLqKCGcj20G( z@uY|*sJ0r$@lMa@XPE>_K%J$t)G1k2Yh9CwB?LSv3HU4ns{m<@*_pq@Cph7Tc){-L!dF^e6E~LAH}?5$?84*+@J9Qm)_o9Y}P-fdJbWenYk^UUsuj9 zQ~ki_n!iel?>|&;%vs=X)Lr<9-V$Xas+OKkxWJj{D>4WqD^zq2lX30<%RW%@-B?{+ ze(Fq6D#M7ZMr2E8g=#M2S|7(gYq?)#iKEC?F=~!wy?w!T|dZ6g&|IOL?pETV10YKme zAB>KE%KPWfGC#io;4~4AE!zHSJjz}QI(-+@%ppBrPKUd&@>dd~{l)(?m;<0Rt=hu> z1D?YP*MTwX2%`rE2M25KGWi`fgjic1=SbEze%g}wD%KQqd_P0ROh&`v{-HKjP@>o2 zE|GRM4FL~t36CMX{}Lq|Y_l|yot-`O`}cfq1whxY5f8$X5$cI6suRC|yJlNwQZEQV~Q&rz|>`PGzJibZf1Skzz$Rl0f-fTf4i_ zS#hM+>7m2x0yrXaI|9$w6A}`zvy4AC+k#u=R2u=F`s1fhyUwWV4KgaMro-ZLa$7U1 zlw>z6_|gpT>hk(^Xgy+qxU#(L@^i+3N_=2xnL<;$Uo@=<+b3Gs`0P3{r?0 zv8{WYcj_ir*|$aR+VXU~7LAin=xkKnwwQs_%?eDR&@XNKoswpWxj~Jm>t1zaB*T~8 zAl`dx=8qcTLk&&4hC?suF_hYa>M`LV%8@0U_pp~A+q0div^-X*&=0a)tDQtT_%?cfKLYZ{^Q|XAkE^{MPj`!wf#bA? zEW&CO;B{S`a(o|6CI>Nes6YKB;SYF2;}W3A?n97o-!Ull4BK>J{1opb-_|j z4ZnSPQdQsOo*SCvhyOD1hdWEytN^!$C9yK~cj283ucfWgJl4;X)2K7CvNdDRzV^01 z1lmbRejXci?5fSDtq!J%wVfKirAP7$?+jv(RG03ZZw8VAAUd;?1|pFYr`!XA__+3; zN$+9nf4TMClU_HhgZgTDm^EfP;u-1GjbH)EP)|urbz+v+xEZ^~ju~Z@sOb#k`~L{; ze#sxlaAfd^;q53v*dX=wx>>7K_REV%^}P{?PmPTe*xiq|^&a;4Q-+>Uw|KL08v~E zAgsMP8$d+k^u=LEP=*^qKfy1eqX`t-wWwUsZ3H2+8VLphRN&TtYj>W8s(%O5m7cu( zy8m_K^Mx|}K>P;KD^Ps)8pz>f$u#JxY|~MtAZ9A$+4GW5Q+*EZAh(6rmd`eKai<(k zj*4MS9r7Fi9hdoQXaTIXhSrcX$z^ZMO-p??P7wtiQj}oK0nr-SU|3`u58hD$n}D=p z5umZvB^vlNB;D+_Cpy$9xb8vt*vqIK(ww@-6PXYCR%km`OPEO#tr~Kbk;I z_6Hqr?~&S|V+?0q>;P33(1diCCV-Jy!eY~bX1S-`G`Y$^To88VjBGP)V={T!yy+=G z`);fPtr3*~dY-Z#nJA<+VdR1j0U^LFIk$^$d@c)^zo2=ZPs6Xe>@Mj(Gm4vacQHTl zML$Dg=n^4I%?psA>|SLMr~`RxK1Vi(&F=DUa$*2sSRYn;x}Wz%jRZU`GbMlh`0?Xk z#XkVm_o?8sV?hqn@RT)@oo4IrDOkOOVK>Q7U#{rejF1gzk@>Q!kg4DpvxeX9)AY_; z#c}pWDQE%{vi`>G1oSSB7&=Tx8gB&7`|w4uLgkB45M6GEcbaV`NBC}ZO#AzyjVSvP zz0<&M4_E^JvLWQQHh{QRvq51?5$#~b%QeQ!vckoyZg@nQJel~)S_r~Ha*0{~31400iC@|so^IbMZ%5Qa5w3Sg*}?Ur|c-8QYSC7{J@IDDtb;ZC8( z^DN~w;Mvn2prCF2hKvk;p3+mpbNDLBqO|ewDUWgZnLK`lhd7~=aiS)XtoVBddn%z~ z>7A9`Fl}c8eyRjFPkjq_(&d954TR(nBcdJIz{r(roUdT8%)5ubsMQ!R6E{0btY@s z1TX&@q$$*e{H^ntJ(@6?t%D901@8Un)ZolrB9W)T3HjijE$Z-yKTGO za&MA8T#Ov{ zWQ9geJ_g}Itlaj^UU@D7A46L@4w+b*#&eaSTj@=9jkaxxt)6=HI5xw+4GjrKo7?Q` zZA$T5qBfhXpxEYs2v+hQ%ha?So4y>tL#l*xCnhNLXQ>Si--Mkj)P{@Ule+&A`iH5E z?T%8fq;egI!V8q(ptjzSX<>v$nKV`U^h zf8yjW(>Nhx@PvGA+xGsOYc1aM-C~fHvuDcQfd3Z1lprmwQuzD@#N#)LX0eS`KBber zlXK_7dfKC02lOX^;(cr7T3=^{%}ZOOro5IqO|1@1a{F$8C%*cb$B8P>u>bvA8V6VW z=NM;g$d{0Ts906RaL7pCN>7DqS{OA8$f$u;T|dg{tSF={&Z}i{2X`fh;c)Y%vj|Yq zAKwr+t!gD}ihkct^lBNH-Snb(5*;%8jXO7iaIYFhkayzjHcqpJkG0fYGKG6jS!5;d zAQL*(P9+c~qpGscYTc^7TJrAXJ=uG&Z4*!%M^&qrP7Z5yvU(Cjj(7gl4?G9rO{q$2t!Wp3AC3_<`9t^*5y^?!mnH3!l3Om>pezQo7JpX$YT zC$8*G9#frnkMwN-(Tn`0Wb}W4yZ=>>A^$SpX6fm3K}na=%NypUsQH%xH$cw-9a=FT z#0?!;z#J2|lf_I`%=9kyI(fq!rxa~&gCren`m)Gsz+W1*qdCF6kBPY};p8I^#*{8vQFa~v)o**v7=>E)cNPt$E z(RdhuHvL<=o)epnAZaP{^ii!S;Er=8no*n{xXOPz@T_RMdk4a-tZ(BZr2x%a*8 zAzJXM`Tk_1)QB|I?V07S+}Y66ip10l(?fC6+~!Nf7(tk3W?&a0RX%uW&Wypf9p7pj zPXJ_*uT=&tOZ$J11~Gn)$(WgVaX?g$C8aiC==>Cn&sO)G|%Yq|92 zAskA+Qp~LTAm9|I{gI{ryDf=nQrm?u*hw45*s7b9Q_dMYWr3q_`2eXi;2)sXjpsav zYSl-Yfh$FxGx*LLz+ys!Eik$e@cwy12hh4YH4KI&fA}Ef-|s&$yH7J7g;D1C!D42E z{|9L2s_Ue$la&vFB`fDnN2tQ3P5#>lgltRDiUpz6dGvxg#S67sqhn zS!C+oZs5qNQQCL(=N+!<@S283iwXd%R4xj620%*h8I?=nX>=cP{t~z;@?ET@97l?> z=UmLJYb3O{NHD!M0B9rkn>Mt8_I2R(7^D@BlTwuB8MDEN>+1}Juy$y`7z&><3I&uC z86msTwYxy?UTcpYNe;b&G!Y<9=$}8gDy~xx`4O>i0IR^I#hGzB@FqqD;N0RyfRc_G z&<3HF^7PTgC!pD*+K`)I+*@n4(?+?(#!inyhj20>Q+Q4+ zG}uWedtK1K%>Nqr*C=2Ix&A7?xqfllBOBQFZP?$@alV2=;}k?Mhocl5}W}=D~x};l_mu&o{Jo#TX=xp(28*^GdTvXfnKly*76na@~ZH zBz*}`(x*x-@N#H+xn|q*$S3_kL)cP9i0G>LARCGcPcJf^4P-EggcP5uIc<|V24USK z(v9OIqShD4G{;TD!rQpB`=`w;i?^k9Lo~M*MH?qVn?uIjn*Nr>N($Jp?iTii!wgD_ zd2D#|^fqrPwR0Tbl|#zgKkw5xWltDHpFVb3%pH>J6%G)076o$|J%n-NxzOxzbCn@g zi$rA2I?!ACODJ3*-?2fT)qY(Ecf&9U57!UFv=J0E7t$R99)v6gj|X$WL&HSR1qaV! z?zsi7SOzjj;*z!G1K+%M7t)XSMD39DWW-V#;kkXA_mh&zPh9^y1k&q4FLs-;l5cq8bmk; zo{zauM%opa5ul69^ghGwxTy15D)V!DA1gm*;=C+4hD z(rfkNk7G{4k>|#Bn9T;j?7?X9F-=GFvNu>c<+Z_}!Ix*B)wR&M(V;jCWgtw>(15da z>GzOG3_MHg*tC<9!EC2btd%OcP4Me33!*ynAWJ09<%y(8rZ0et) zoJydk`~>68cHNqJFd)L78sZHda)#XNQ!&8(=}H#0e&3Z?S*0p)Td`1URa6Ydp|6@> zf=U^`#u+}W2-H@0sdce8wX}rBc)4P$)hsMW?4ty&vOMQ}?cVw#)GQS3H(yJ31GUPS zmbHlW9LE?<&9GE(+jMuz;5_7mG|5nwe zK?pYsK3T|o>0I`uX0i<_$RLng(W?yXU&fjxj#3`q<~?!HD8wIP+=BYH=`Dbp+Y#_4R1C^EH4I3WdC(E8*G0S_6o49z$> zqq!Cj!ds<&ZJ)_Rg6HdnyD}RC4#BepIFy&Wt5v`FJl*^NbL+~PGqHfLp{w?vhNJ&s zPbv>hCxqrn#GniQW6Wp_$u&h!t(ahog#Y~>g-w--#bH1@R3U8=imIlX$9&2 z&v&2x^OEIHyOM-Y=VCa0%S8XCbojsX@}DLz2>^MjfL;Cn_^^fY!!FqA^gEmQ{_80I zzjZ18LzVqc@*e-k8?NNEz&dT~Q-1V2>90>3V2ajtn4sUCvTn{d{(m$b7 z_o`{xru8*>#=8~G{#I6|5*gXPqP{wQu$i#bEVE3l+CX`)esbE_JU*nn$o@T~qDtl4 zDd3Zi^W45~X*)SAWb@DeQr2035*bF z>2M%1L|VE=g945c1{=A-=w>vG<~_de$M^eoe&=@<=RWs+{jZw|BKQF^QDjJr4gN}0 zdR(LBA2{Xvb#26=i)d3mTt}XK3>i~)Tzg+qR;EzJLpHrx%ohYM+zFHhu@f}>h>1P9BfIDjXBlWUEQ;QsH< z+JseCc!7~ej*$WMq@=D4g{T5fy)o7E!-rEn&*(>*0aBE-ovk0Rod^WtVlRF#*U`bj zRh6{5D%AYM@kQ_5FjbCmjH1bgM{8c~?}^Fb1ux;!Km!khz}DcHVTvW_y~SAQz%Mx} z?LC%~+`#97Ht7mS0oKEDGKTSpvzf5h=m_4j zR9N>-*1(tm!F+VehNjWCq_KeTKFNDnR)&}1h01U;Hh*1#b*+@g=dqcvmXrxK5$UL_ z(;fkMkX(`k^ie>g8V!8AU%`)N!%2W(rB(px-EQtZdp#Wthq;%&4t>qD>uSBgr4#Kg z%@;I-iz&>RLWr2X7j4;39GeHqrnPc5!d-ry3KmJb@!iEfI2+hYPpJU`YPY1mdp=R% zewaHjHa_kkX+KZ{JPC=^5^N5C)>Cf;QFB&=bNY7w9kW6kfp&Wve+aB1X<6UM=dgz3 zARTB!f`LH%At1-`Z317O?a6qp4gXtr{CF7p5@kfwJ`L$Fof=I*mF7M4Vd@bm%KS2! z_}&D;p0sXWQfDzGO$hK^zTLF@o7DtQgo68fOdv0aFB}=O79yo;y^K{&;-qW$bAw#z zBekTMX+y1sG@02>wGmI;=6{rxp^U2SCORYUl2!|{U_70IHl4wXyXINBdJ#7bg;uK`*LHw&(GjK*v5p|MvW|XCu?k23SrW&FDdqkR`nNrtW>cU&c)HCW?&ehFD!eC_mYI>WaI7@ zj2o6~9TaO3J@pF?JZs+CXv7KY;WDpB_F-*xwc?G(zQsB|;rCQh7w7c!EL@2Ogj!^e zg}8@Tv4aqKsve5$>>YaKO8f%T93$b_e~d4O-BbPcTI=cNUTnC=^K+Z`>Mh)aTwAsv zpTh?GbJl$KS8WH+H}#KInCFjQoA;7|hrEuy&qI~^@X!<^3yUo%TG}+uRf2mGXi^iG z5|}W#`>pF~$ya>|wPXa%Y!iUy`CTbAe=~J?`@5(LlHwo_y4v=?qn3^FN{CqD-u!~< z#ZJ$`-*ag)d0zt7bwu#t8vU)R&v!>7VZ*{j<^7N<$m)1SiV3MBr62V}JH==uA{2$= zGazA$Vq|zCyUZlhHo8st$A>=XSG)Bomhk6oY2k8WrEK3rIo@)ad0==OeoL{A;ppol z>N~t2HY7a!M+YJohxZ_|DR@1_j*N@}swi^fpc_c3Cm2&jw$RAsd9}n`Iv&^f{Cp+j z)e<+4waI(-Xc7^=RcqUa_|hL}CP670jdXwQto~lDB|krZI_k5BKIk}vZEmu`p$k*BNu<8`UmWsaS94+GXSzut3w2Ownkym;8Vj}6{D*ir0Bbiu9yx0L1 z+Bl^&Z8ciz_q|@a_Elyd8|ByUY$~bJ?#1Xk_c~%UWb^31UTXj*RoZ^X*mtd3wEp-su>oq zc6^jO>Ew~&UWI`TM@o6VY-Y*#1kqtrn#LNfSNA$wG&Hx>znkaICLLVwjS;VU!{{{! z^2&9-eeW-(P@YqQLEQ>_iLKi~Zi{W_ju$AkIC{tVSak5%y-)HuyE{K+vt;xXJ7n*p zG|Yt+Wfpv~)lxP-^%^>r>2>%sgO#vcRX~~!Z*%%DMRe;xO?^N+!|Kv!qVMofJD>1| z$8KCE$Bq!jgsJ=y#bh#4Xk6S_GD?(oYCNCmEpY0sLQ8>v)W+tgC6j#_leS;D2CX{P zhuxrA_MY*4qVOonq!5%Dw--&%Zc*cqV4<(%`EpV#7AMppr@hr65@|m)F|xYO(J zd{=_jayIsQ(;17JeGaFoY75Iy`_W2a#I4ma!zn>7+odGbjFIGjR;1w8rwxLV1~ph5Y6pme{4zl$zrbam^r+ZEZeJkzT)AX`d9Nso;bSw2=sRlR1Ob? zzEti^L`7Z1bam`t;bo6e(gm%fqt-ME@Qptj%LEjYeuZqTaeOE5&EH>QwB8~n(v#jg z`48PY9h}Y|S68(+9^sSL(p*c5AD#%ySt1NDfo*xREZ#>oCE8#U@U;z<8!d0bfq#nn zLuN21^({>0ij$uNt7QnYF*CiBGvqK-lr?(2CpI&I; z2~)Qpy}#WlsJ!77y5)s&Iy>rWITO#DH&&Pb*)C}ykEHhb(zJ}XtGNmt#!k+Wg12`z zAT+%or*W}zy15(T6|)`TO@=oMPk%F6Y&`1p`1KP3xbHBb%c0(7hN?Mnc^7I~xdFqE zDU+*)mMvm*W_h^Q!sEGB78tInDvNx$^!k-Qs#mP5f{n-9Y@9tf#YYs7T2uuHZ87bV zM$RrQN@GfHi>8VT$oHqjDQVQyNEAu8V@cpyQQhSh_B~aggTGANLk0sO8sP(e=IJ$V@5?&C1eiin3Sy8 z4HlBLe&$oi_9(vmCJ+`p=|&s=8cx`Y;N_9>xl*=#9M5FH-pSYe#ohKTQ?4^;j4vw1 z`6?a0$lX*D#hyr6f8QkW~*R%unaqeWZ6jNk#WMvd#<4ns7c9c4S z8mlNEk$9GkNA8!ReuYYsm~!mLd7>1ccIgv;?5Z`GJSQI3VX6b$ytB^<(ezF_dcBQEtw4U<5pzM$%(44mhr~p%@iNI79-hV_Ipj3M z&X9zdqC0?crc(pynEsGAepdyQkeW95kbxp3Ha4v5m(r@7zF9ru4hxP-fy?|>m$=U4 zqR-y)@xfwmg$VOO$9dP&LZ&XkyIwzY-u+O==cD6M;*O<;}ve|)IUXlW!)#I?U#C8;S{+ZUWUHU=NiuV)Z?-zj}Q`UP7 zR{w5YKFHZh2^Ig8a{=%Y5OxJ&su!%-FxhGm&57V0ooxjmo3HWJI-3zg=@Jbw8vg1i zrZQ?E_U~G-r8{`J=&>~;hs0)6nI=d3;L*D)%!-G^`van;HG?r!E}wl95ht!ssBVK; z)cr$v@Hac6LMQ9>1Gc<$H!(Fy_PP_}1tQ5={wF|G!~6w@vbVo<*`FqB|)rGKjq#iD|>K&p-2V$t#38W`R>wa&hNG7x~UU!zXOYb5ED36!H6D z%)$kzWWSGHSG9@R05ZST#bu4X)VIp=Nb>p?5zDVOiR+(}!(leYy#d26kTh$wl)xpG zfWX1ebti4;9}g9v;~V$Yucz zyh@kbWULR5rjMTS=J(VC(FJ7vY~kT5%TAzYRaiK25bR}$-tA1g z`Asi^(tx5D^I56P-H+qWajhT+K#1ya`fWcW6W{*fvru^V#N28|aIY>yfXukkk2A#XQocI@AO_G^Zj#KU3UWBFDxC^^zy0-AlcFMYCnc75;M zgl!c52}mSsU&E6JN=kFO zBs>@oH2-7Rp}nCjVq|GTmu}g1e0rPBf?!4S`goa7z{yXy?%aJ}hhR6J%nPEyCOafR zK~8C;4+M~+l}gl<*_87L$*jmCxox?)k{&}jVn=D&%1-rZXwdZrHEm=;5W~<8pz?Zz zlVAOl8+Gad{@$TK*b_|Ew^diBqkd9s~Z3kv&Ea!Tee1VS@r2?N<5_^ z-a!8J;`Pzm?-|}6rU+MG@j8>&{UPUZt!IO;uRI;CD6$Bpi6^gH;ZBS*tu5~6&23eSGNbf zWxVq@k`Nb~r{euafuwOnz9{4cwt1X25t?zl{e&<#SM(GEIficGA7rVHU5NgivJP`^o9AF$JjxoM<-C6f%ex{K?^|%o!y<} zokIDjH$xRtDxNhCn(7Yfr21Hw(3J|QC##y(O0;y3Sfe|=4NCmC4IG>4qwicjIEepO zR)NiyU-+78=1M0sk0pLPjv5Y5mG&VzzCa4(3Kz2BM3M4Pb+ALY*f$4BwQFSM2a*hW z`E)hnUUu}BtRD+h2Y~#e zFXjJ<{A1hS!&9V3?70o^8Z0{G%6TvW7e!i!TPO`IJ$dUO)UiOi-K+%EWT2OYtpFVh4J>;!h=5=NiNS89>Ie+*n1wmm8_kE;*~w>K!v(V7-R?*U!S` zs|SUT{5|!sHkKf|XvSX)#tN$^KeXddZPZS2HeE0D z$Gnn9^uUW?S32x7g@;}8=m-WJhk}=L#sU+EwSUrbXB}7FR6u%Md$gV>8teNEtI~WA zbPvS*z)Z_R1h_r+vR-58VoqSVrxxc$g?$-bcsKCPQ$mGqCh&o#{a#6JeBSC;Mus`U z^DaBLzN~nB6k@UdRl`1OIh1-e#y=lwIz2MAKICe4kx|H&pH2|q1mp8ch& z3e|A*{InaWS8a0g@z;|SoK)PC%aP;nl-uB~9P-Y{sg`dMTqPI2}qF*fqykdgS)?m~`f{EV*z zb;0a+NkkvqU;K9P?oP?kRi+%{l9<8cw~{Jy%p)xQN2TaaCV`WPe#0*BtK#jnw^Sdi zo?KC5PHms@uN(;0P=`NT`z-KDyh@Ox?M9xn)w|#?n>(=mQ3m~l-RdJ9|L`Sz8=fi6n_WcGoJ;Dgs%;R;ESGjH ztwu{ZfWNBEJC60E>MjnR7oQM#P<>uF(okMYTaH#;C7&>)V%@2dZxm9U#66oQQ#aD+ z>UnbBXkc_SWS-XkVc1yJUY9XRef_;Nc@MY}raIq5b!Ol2&%J)c{HJF}$(6^)ioWZJ zDk!#Z@{2@BC9RBVl*G_4Z@r-%u`1WNB08_AqHA6B?9t_I9{h;DK(Y9fhjYU*sHf~k zTvcJj9|y4T7fVUF|@?ml;9PWE##CeLoqo76IQf@m>TVBtg63z7T+A>H$I zED)@S&g8EFD$2J8{*0kO@tc^BZhp`GrAd(mW+*W?z)Qs;d{(5IB#naQ z6~*(>@t9!~oP>0>6w=pA1$+dcXHZkeI^A-8q8(%Qbs=5*UH1}L*@4ubI#m9`D^!2= z=3(Awzy2oM10(&tN9#J)!xK765Z`qJ4y1mg#jde2Aq|^c{DJk2@gZRJfvoDd(bC2@ zg|LTjzB$Z`@pM`qOXOF07icc!FfEg1)qGs()pLeSmYk-unvu&@-R;?FMh*upM<=+8 zl;ch;lZz)|fp9*I#9@))FfCe%#EJQq{OYpSXw1)Qgp89R3yA zR%>U6&Tu=mKMxV3?*<{giP8A9;&Z;C(o)iBYV+r?JL5_DN~;ant~5r26TD|x5t!Dr zN3jT^jcJkhVTLqf@n3qUzHU6xg?h7rMHRN*n<3V!hu50c5^qSqwP8#h<$Vc;yxh0w zMU4u$gxKT1r0%{zYS}XisO1aad~2XEVDTgc(PSe^1Nan;T#{~<0);_QYmH<2WcZy2ipXr?Ezul?PrL#bNBE>XF;2P(%;o=i-z_ljR}{{-VL)%ypxz;li{>?;FA%apyVPi7+L_>SRx}0=w3E7d3j}Vy z*sU?}r>{mYEDjgU*RFC37dcM}_Yfd@MALutRoRGxte0h{C z^+@%coZrDzeu>Jo?W`(i!)eWOX!$@7`1_A56(0|7Jg{4h&YfjnP$K$ZYjcGS2Wp>f z_WK*9o)M-m?10qy!SDZiuYPw*zWM6*&iusF2j7pY1M*dh_e#bd2r;Q>g5UBMfRDrt zOH5wT_4Z{b_G)Fy4ah8y^Jj^PA+JLAuG$zKNVv2CZ1D`PrQ1fA@MNiKLMLu)LPs1AWvxM4=-Ch9S3-a; zl3G)BNXz@9AGmi6>8TbSs!U~*9V<-{5G_1lTP+PjqG;RvxAKa?o9*MHHT`0q-7@XJTjKsg zC1ck!J`jCi!>=^>KD3gBPm`kpUStYAUJTn8qWb6L{&}*;P~2+pzVaqRTYBT(fa00Y zprJgPZu+f5mo}M8lz9HZqR_5l<^KHcqQ!kx9fT*0Ph87-s=eG4_cP=6=`R*-($P@d zgl^Ot3Hh8BcB$RBk;f}xlmDk`hz@L5r)T!gBZ=EoZt3P}&y)vgXN^;FzEud;%b`DB zgBEFm`=*0i>PMV2r25J-YJQgaTUUVa|8(HPLL3Jg?Y0iwQVRLh$)tIs* zuFM;j4{j_Rc>g+0D)7Z;Ts$Zxe_^7=$c%9jy9@Uo9AUUSz{AK)IX(ET7hpmcW+jaE zQ{{fC$Fi@|c00KBOOMryo4NhIuf)15k@=VKSG*VFwfMyl{})cbR1cY#Qs6+`(d<$J z)aO(55Z;g*!F(`(~~u13!s&wQfTyP8D@R{>a)$m+cJ)r zwkmE2P_a8-o;&jhnURmcoY~AUpJQx z$D!s3auVkLFB}A|4++aMv65KlTiKe+3XMx=O-k)`i zJ8b{IlSN=IzP`2Ab_tCWqn{f z8O*nf_5dP(OQp|a!3TkWdrf4Vyzw$LNmG~Nqj1)ARtfgX7y8rJp9$Nk#%(Nw^G|dO z*pKgNy>w2+L8qISv=nE{c3|BHm~je^b?DI%%i*3t`o{5sS;k&Bd((EpgbW|_a)+xA zx)P;LqOJqkX(%`R6!EqW%e)|`Y@8h1X-q2hm6?xQPIK&)WCn~y9d7saAD*&tR^hmO zdekwd&f3^_*#$yE#{RqL#4e58pN+AB&RrwOC08VRe)fB>Q_dX7L4k=Qh9NlYyT`+O zQuHtSZw%DQ8k+iq($IE!AH{($Qe|(T(O$XBvaAvJY5gbNx*Bfm!0&a2qaT$Y$yn)X zG>q^atgWu

dAfvtK*69Dr2?%03N3Y~LdaRL-yR@bQ2TmR!uPV4Tgqv?R}df}^=a5#Gpi3M~l`QaCK&V8pP=bvuLMwi>6n75Dd;m7E(~XnnRJ*qKt;G*(RW zl}5-lO!U?GG2t0A0|Cke`}XSZN+87(@alF21OKk=mAof64xc`+<{K$0lLQwZhDp_G zI_Xf@I~M5va7HOEKdE)A6_z^->(XGQK7c?cfc&C}^tc|JZc*`-n7D{J^52#RB zYSz~>)07FTJhc($%l_ry8nEKEH4bl?rKeGMQ;+Q+yi^c%af`^r5Kms+#}7Q&n-NVoV-EngC7K)leLs(%oa&4U9}1UGU7TgDo>F|&m0MRU--QxYB;GPe&PA zQzH)5zEn}`cF}#F4BGYE{wM}Rijx-s^F#CP&RF*$S$VxQg2wdbr=XXw-!$Lq3_bil z8-11Fr z4Et%bZsB?bTUM6U2mN&W6y@C-u$X-$7*&rh^LIvpk?gUOS!VA7z1_1p{PsLx=wQ); zBHbjj<0Ea@!Mp)!v>+c}f*vLtG*UeXBfM_Fn@k4(BMg5|Qz6BTW8)P32Xo`Mn}Q(K zKy#8j-*;8kr6hK`F(iEOD$7^L_4ods8WEa(KBl-MX+9sz=AF`;IYP8uwb8EZY!1P+ z$-`NvJct|C$w?l=nFC$oy&4ljTv?#IND42r%;jbj%VLgca)L{N1I3y~%L7s4je~D7 zUmtZgc1e$!&!f>%Igqx($0YTDgy=XSu1Fr{7rtUea2cL$*IJ?JshojV$+5eNdvQ<3Nv1;H>BmUP#iT^d4uo$(jef zeKW`tCwE7SEruZ`b6T`)nSIPnDOP@LXhrXM4(Vewz69#Z+1&8RuyHaVYIezFW}b~( zSmb5^Ta>oHj)i&*$9XV6n8UcOb;wYu`C@qgen9JAPThRcMtALoqH$VDao&)^ zT}4I$0|FuAsG~ACG-U&g^aJq38gk!i3U4kKm9lUIH;uoHF-LlfmGENJR7bk5IqC}=6l~CLZnb* zUs5~Ib25@edw=`%Y8ibGaHEBsP3-%VXwSdax0frc`}aaSjxs52W0rNNCJM@3Mapiv zaJMO~_1F3>b&d0ro_0&dt~UrAcLnSV9p->)s88LZrA#SSEjBb*2fAdk5)cvwm)y(p zOvecbsR-?bo)+qX{gT8T7=Q5Ann2)VoFyryCmtv85X6wi89>4h$Hz(=e_(6V(#q!O6!5IZ?uTIXX zZoAf16u9VP!;(QD5HnqtjZ@bFdlY*1Es&SZwaU^TsODIZWfU7wfBIzAsw z-j5Mv@^M#Qqc`}`e3na>gW2ou`{L5oAji4vj;^dX6vH^`cJEV3jNF86Q=oX6BQy=! zzQ>2;39)!t8%k^pEC_k>&aP@&;}*@;7%!EER-N^2p}OX#9*&GDZ`QTuaJYX{y7do} zm_l@=3zYC_R9Be3@xBxiE%VyC@oaaM)>doLW@f7zlL6qmN98@QZT!HlVxu>CY;PG% zk1BrIS=C8vl`05I`aMBBNanqBHrI%$-?6iF^6>j@LmC~%L;E93OCdj!@}Hhna!vo) zzo5NiP|VvqkR13uMSvt*;Fz97|0;~QTM>XwI<)wzKn3Ky<+{7;_-UafW}b)DLM)F+PWTUZZDIBZmr)xd&LoG+V#o4 z#9~{Rjwb8uzRT7BezOdd@R$(fkwWE*DmfwPuBm{~W^Qa{l5!DIb}=p3a> zN~I3U>UiBtYBm6tmi?XD6Z$(3l&s{h3VoRBop>xLHu~E4xc3-qBl1sVC&yATWIQ1x zk0L~zMOQt&7{_mM5)+Omu+l2c14uvR{;J9{o}B*}o0K96PK zm%tun@mnSKi=%9%#0#C#t2rLk96Z?y+jv{hbhCxW6Uq>OJSDod-tPb2eas_nbsjwC z|A=#kI&cxM&Cblnzy8tF{30VuHgU>zp7w%~!<>)|9)v* zh3KhXto_7w^pm>e$B!4Ln1%j>eXsn?_0txKa#`SvC49=7QHdWuZvrV{)D(;`@pom^ z=~0)mGmwF3sYftlzCx8g0J7K9CE2!B(T@Yui3t4OS^`__egj-|Gk4#?3W zrZZby_s8z|09~U5a@B6nV*#6opw3{}>{|#tk^*?Wa8fK=8)QbFLWzONYU#l! zlxxMa)`H?jUH^8O)h+m>+|uyteJq3!;g3%ATOOcz@K-rdtaQGrPnHk*#C?N8V+0tT zL#a8vzx}o9*ZhqM|J^iJlKj_T3S?`6oHFf})89pdK$Q7E)AY&3Bowf`if_}YDOvH7 zb@^|Y8Zd%R7ZYA6TsHVCLsentxuoWGdIEg<{M2bIP2 From 273c1fd2571634f3c7fcc27427852ff5b003a615 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:06:02 +0100 Subject: [PATCH 162/937] Update README.adoc --- roles/pbx/README.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 0a0c11ef1..064911399 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -170,8 +170,11 @@ Due to Linphone's inability for phones to ring when the screen is locked ,you ca ** *SIP Authentification ID* is your extension number eg 301 ** *Password* is the same as above *Secret* ** *Confirm by clicking tick synbol ✓ on top right* ++ +image::files/wave_sip settings.png[width='33%'] * If the connection is successful, you will see a green circle next to your name [John Doe]. +image::files/Wave_sip_phone_connected.png[width='33%'] ** You should see activity in the *FreePBX Statistics* applet at http://box/freebx (or http://box:83/freebx) > *Dashboard* ** Connection details may also be seen in the Asterisk logs at: `/var/logs/asterisk/full` From 0d900a32abdb1eee4643f5cf042d380b67220c38 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:08:48 +0100 Subject: [PATCH 163/937] Update README.adoc --- roles/pbx/README.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 064911399..85f76de56 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -174,6 +174,7 @@ Due to Linphone's inability for phones to ring when the screen is locked ,you ca image::files/wave_sip settings.png[width='33%'] * If the connection is successful, you will see a green circle next to your name [John Doe]. ++ image::files/Wave_sip_phone_connected.png[width='33%'] ** You should see activity in the *FreePBX Statistics* applet at http://box/freebx (or http://box:83/freebx) > *Dashboard* From 0695907bc0a77cb7b7160d80086eb00e2212e4aa Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:31:32 +0100 Subject: [PATCH 164/937] Update README.adoc --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 85f76de56..f6a168cb6 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -169,7 +169,7 @@ Due to Linphone's inability for phones to ring when the screen is locked ,you ca ** *SIP User ID* is your extension number eg 301 ** *SIP Authentification ID* is your extension number eg 301 ** *Password* is the same as above *Secret* -** *Confirm by clicking tick synbol ✓ on top right* +** *Confirm by clicking tick symbol ✓ on top right* + image::files/wave_sip settings.png[width='33%'] From 660f2f094086501b8c263c1e122fad1e385a3263 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 10 Apr 2023 12:34:21 -0400 Subject: [PATCH 165/937] pbx/README.adoc copyedits/suggestions for review --- roles/pbx/README.adoc | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f6a168cb6..7be24bec4 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -157,23 +157,23 @@ image::files/linphone_connected.jpg[width='33%'] * _If you've created more than one extension, make a call to another extension!_ If you've not yet made more than one extension, try calling an arbitrary extension, or try calling your own extension (your own phone number). + -Due to Linphone's inability for phones to ring when the screen is locked ,you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: +Due to Linphone's inability for phones to ring when the screen is locked, you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: -* Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot -* Go to Account Settings * -* Add new account * -* Select *SIP ACCOUNT* +** Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot +** Go to Account Settings +** Add new account +** Select *SIP ACCOUNT* -** *Account name* is your name,eg John Doe* -** *Sip Server* is your IIAB server's IP address -** *SIP User ID* is your extension number eg 301 -** *SIP Authentification ID* is your extension number eg 301 -** *Password* is the same as above *Secret* -** *Confirm by clicking tick symbol ✓ on top right* -+ +*** *Account name* is your name, e.g. John Doe* +*** *Sip Server* is your IIAB server's IP address +*** *SIP User ID* is your extension number, e.g. 301 +*** *SIP Authentification ID* is your extension number, e.g. 301 +*** *Password* is the same as above *Secret* +*** *Confirm by clicking tick symbol ✓ (top right) ++ image::files/wave_sip settings.png[width='33%'] -* If the connection is successful, you will see a green circle next to your name [John Doe]. +** If the connection is successful, you will see a green circle next to your name [John Doe]. + image::files/Wave_sip_phone_connected.png[width='33%'] From 28345650f9504429e67343269f23c8a632c824d4 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:36:47 +0100 Subject: [PATCH 166/937] Update README.adoc --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7be24bec4..8d8dc3dc3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -157,7 +157,7 @@ image::files/linphone_connected.jpg[width='33%'] * _If you've created more than one extension, make a call to another extension!_ If you've not yet made more than one extension, try calling an arbitrary extension, or try calling your own extension (your own phone number). + -Due to Linphone's inability for phones to ring when the screen is locked, you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: +Due to Linphone's inability for phones to ring when the screen is locked, you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_app], on an Android phone. After you open the app, follow these steps: ** Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot ** Go to Account Settings From b75b5a65e46fd61b74be4ebb451b500cfb1cff95 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 10 Apr 2023 13:06:45 -0400 Subject: [PATCH 167/937] pbx/README.adoc: Copyedit tweak --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 8d8dc3dc3..f92f2836f 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -164,7 +164,7 @@ Due to Linphone's inability for phones to ring when the screen is locked, you ca ** Add new account ** Select *SIP ACCOUNT* -*** *Account name* is your name, e.g. John Doe* +*** *Account name* is your name, e.g. John Doe *** *Sip Server* is your IIAB server's IP address *** *SIP User ID* is your extension number, e.g. 301 *** *SIP Authentification ID* is your extension number, e.g. 301 From f27a34708a2a3f1a8cda115268641a6347096e28 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 08:27:28 -0500 Subject: [PATCH 168/937] FUTURE python2 - use bullseye for armhf --- scripts/install_python2.sh | 106 ++++++++++++++++++++----------------- 1 file changed, 58 insertions(+), 48 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 9ca66c156..4a9c0f20c 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -4,68 +4,78 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv apt -y install mime-support #transitional package -#apt -y install libffi8 +# libpython2.7-stdlib from ubuntu-22.04 used in amd64 is compiled against libssl3 and libffi8 +# `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - "arm64") - wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb - apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb + #"amd64") + #wget http://mirrors.edge.kernel.org/ubuntu/pool/main/libf/libffi/libffi8_3.4.2-4_amd64.deb + #apt install ./libffi8_3.4.2-4_amd64.deb - wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb - apt install ./libffi7_3.3-6_arm64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - apt install ./python2.7-minimal_2.7.18-8_arm64.deb + #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + #;; - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - apt install ./python2.7_2.7.18-8_arm64.deb - ;; - - "amd64") - wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb - apt install ./libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/libf/libffi7/libffi7_3.3-5ubuntu1_amd64.deb - apt install ./libffi7_3.3-5ubuntu1_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + #"arm64") + #wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb + #apt install ./libffi7_3.3-6_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + #apt install ./python2.7-minimal_2.7.18-8_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + #apt install ./python2.7_2.7.18-8_arm64.deb + #;; + + "arm64"|"amd64") + apt -y install libffi8 + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +EOF ;; +# assume armhf is from raspbian "armhf") - wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb - apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb + #apt install ./libffi7_3.3-6_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb - apt install ./libffi7_3.3-6_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb + #apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb - apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb + #apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb - apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + #apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb - apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb - apt install ./python2.7_2.7.18-13.2_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb + #apt install ./python2.7_2.7.18-13.2_armhf.deb + #rm *.deb + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb http://raspbian.raspberrypi.org/raspbian/ bullseye main +deb http://archive.raspberrypi.org/debian/ bullseye main +EOF ;; esac -rm *.deb + +apt update +apt -y install python2 +rm /etc/apt/sources.list.d/python2.list +apt update From c17cf8dcc8685d2c399f741ecb698ee28be9c50d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 08:38:37 -0500 Subject: [PATCH 169/937] FUTURE python2 - use jammy for armhf on ubuntu --- scripts/install_python2.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 4a9c0f20c..12afe891d 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -43,6 +43,7 @@ case $ARCH in #apt install ./python2.7_2.7.18-8_arm64.deb #;; +# trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu "arm64"|"amd64") apt -y install libffi8 cat << EOF >> /etc/apt/sources.list.d/python2.list @@ -51,7 +52,6 @@ deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF ;; -# assume armhf is from raspbian "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb #apt install ./libffi7_3.3-6_armhf.deb @@ -68,10 +68,18 @@ EOF #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb #apt install ./python2.7_2.7.18-13.2_armhf.deb #rm *.deb - cat << EOF >> /etc/apt/sources.list.d/python2.list + + if [ -f /etc/rpi-issue ]; then + cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://raspbian.raspberrypi.org/raspbian/ bullseye main deb http://archive.raspberrypi.org/debian/ bullseye main EOF + else + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb http://ports.ubuntu.com/ jammy main universe +deb http://ports.ubuntu.com/ jammy-updates main universe +EOF + fi ;; esac From 29d0f0bf902ed8d7ceedfa44f83cace5a780330c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 09:29:22 -0500 Subject: [PATCH 170/937] notes and dependencies --- scripts/install_python2.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 12afe891d..8e3aaf70b 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -5,7 +5,7 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv apt -y install mime-support #transitional package -# libpython2.7-stdlib from ubuntu-22.04 used in amd64 is compiled against libssl3 and libffi8 +# libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in @@ -45,7 +45,7 @@ case $ARCH in # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu "arm64"|"amd64") - apt -y install libffi8 + apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe @@ -69,12 +69,15 @@ EOF #apt install ./python2.7_2.7.18-13.2_armhf.deb #rm *.deb +# armhf compile flags differ between RasPiOS and Ubuntu +# libssl1.1 would be available via bullseye if/when needed if [ -f /etc/rpi-issue ]; then cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://raspbian.raspberrypi.org/raspbian/ bullseye main deb http://archive.raspberrypi.org/debian/ bullseye main EOF else + apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe From 57833472a9eee5a3037d077204a9e97a9d853c2e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 10:09:05 -0500 Subject: [PATCH 171/937] media-types --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 8e3aaf70b..8b6ee9536 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -3,7 +3,7 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv -apt -y install mime-support #transitional package +apt -y install media-types # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` From 32d40f038d32fe4864920de20538666a5d086d4a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 10:57:39 -0500 Subject: [PATCH 172/937] more notes --- scripts/install_python2.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 8b6ee9536..ae672bf43 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -1,8 +1,12 @@ #!/bin/bash +# https://packages.debian.org/search?keywords=libpython2.7-stdlib&searchon=names&suite=all§ion=all # https://packages.debian.org/bullseye/libpython2.7-stdlib +# https://packages.ubuntu.com/search?keywords=libpython2.7-stdlib&searchon=names&suite=all§ion=all +# https://packages.ubuntu.com/jammy-updates/libpython2.7-stdlib ARCH=$(dpkg --print-architecture) apt -y install virtualenv +# https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 apt -y install media-types # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 From 5253c31d93f04977b23cf167b5ef474ea740ad5d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 13:36:40 -0500 Subject: [PATCH 173/937] bookworm armhf --- scripts/install_python2.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index ae672bf43..a04b876d0 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -74,13 +74,7 @@ EOF #rm *.deb # armhf compile flags differ between RasPiOS and Ubuntu -# libssl1.1 would be available via bullseye if/when needed - if [ -f /etc/rpi-issue ]; then - cat << EOF >> /etc/apt/sources.list.d/python2.list -deb http://raspbian.raspberrypi.org/raspbian/ bullseye main -deb http://archive.raspberrypi.org/debian/ bullseye main -EOF - else + if ! [ -f /etc/rpi-issue ]; then apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe @@ -92,5 +86,5 @@ esac apt update apt -y install python2 -rm /etc/apt/sources.list.d/python2.list +rm /etc/apt/sources.list.d/python2.list || true apt update From 6e08ff35ebbd763d4ffde111babec8fa7a49c5de Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 22:21:01 -0500 Subject: [PATCH 174/937] switch back to explicit dependencies --- scripts/install_python2.sh | 74 ++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 40 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index a04b876d0..61475e24c 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -7,54 +7,50 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 -apt -y install media-types +apt -y install media-types libffi8 libssl3 # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - #"amd64") - #wget http://mirrors.edge.kernel.org/ubuntu/pool/main/libf/libffi/libffi8_3.4.2-4_amd64.deb - #apt install ./libffi8_3.4.2-4_amd64.deb + "arm64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + apt install ./python2.7-minimal_2.7.18-8_arm64.deb - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + apt install ./python2.7_2.7.18-8_arm64.deb + rm *.deb + ;; - #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb - #;; + "amd64") + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #"arm64") - #wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb - #apt install ./libffi7_3.3-6_arm64.deb + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - #apt install ./python2.7-minimal_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - #apt install ./python2.7_2.7.18-8_arm64.deb - #;; + wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + rm *.deb + ;; # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu - "arm64"|"amd64") - apt -y install libffi8 libssl3 - cat << EOF >> /etc/apt/sources.list.d/python2.list -deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe -EOF - ;; +# "arm64"|"amd64") +# apt -y install +# cat << EOF >> /etc/apt/sources.list.d/python2.list +#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +#EOF +# ;; "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb @@ -75,16 +71,14 @@ EOF # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then - apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF fi + apt update + apt -y install python2 + rm /etc/apt/sources.list.d/python2.list || true + apt update ;; esac - -apt update -apt -y install python2 -rm /etc/apt/sources.list.d/python2.list || true -apt update From f95db00faf64e3e7ff11a8af2e573e404449807a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 22:34:00 -0500 Subject: [PATCH 175/937] switch order for easier diff --- scripts/install_python2.sh | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 61475e24c..3d8595b3b 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -13,21 +13,6 @@ apt -y install media-types libffi8 libssl3 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - "arm64") - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - apt install ./python2.7-minimal_2.7.18-8_arm64.deb - - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - apt install ./python2.7_2.7.18-8_arm64.deb - rm *.deb - ;; - "amd64") wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb @@ -43,6 +28,21 @@ case $ARCH in rm *.deb ;; + "arm64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + apt install ./python2.7-minimal_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + apt install ./python2.7_2.7.18-8_arm64.deb + rm *.deb + ;; + # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu # "arm64"|"amd64") # apt -y install From e6c4170f7c817eb481dce2e53d1924b294729fb5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 23:13:25 -0500 Subject: [PATCH 176/937] pending feedback keyring --- scripts/install_python2.sh | 56 +++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 3d8595b3b..72c08c5ef 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -13,44 +13,44 @@ apt -y install media-types libffi8 libssl3 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - "amd64") - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #"amd64") + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb - rm *.deb + #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + #rm *.deb ;; - "arm64") - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + #"arm64") + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - apt install ./python2.7-minimal_2.7.18-8_arm64.deb + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + #apt install ./python2.7-minimal_2.7.18-8_arm64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - apt install ./python2.7_2.7.18-8_arm64.deb - rm *.deb - ;; + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + #apt install ./python2.7_2.7.18-8_arm64.deb + #rm *.deb + #;; # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu -# "arm64"|"amd64") -# apt -y install -# cat << EOF >> /etc/apt/sources.list.d/python2.list -#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe -#EOF -# ;; + "arm64"|"amd64") + apt -y install ubuntu-keyring + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +EOF + ;; "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb From 3aaeca991e0903457b0f33d117ad274bb9207999 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 23:18:53 -0500 Subject: [PATCH 177/937] using repos --- scripts/install_python2.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 72c08c5ef..3da8acb84 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -76,9 +76,10 @@ deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF fi - apt update - apt -y install python2 - rm /etc/apt/sources.list.d/python2.list || true - apt update ;; esac + +apt update +apt -y install python2 +rm /etc/apt/sources.list.d/python2.list || true +apt update From 3e10fa7bf9e4e5fb49cea41ece852dbf7c89cc1c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Apr 2023 23:20:42 -0500 Subject: [PATCH 178/937] forgot a # --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 3da8acb84..083904e03 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -26,7 +26,7 @@ case $ARCH in #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb #rm *.deb - ;; + #;; #"arm64") #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb From df3590fb47d7db3568425c4c8590ef512793a6a9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Apr 2023 01:08:39 -0500 Subject: [PATCH 179/937] thoughts going forward --- roles/kalite/tasks/install.yml | 9 +++++++++ scripts/install_python2.sh | 16 +++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 6d0c8765e..674b18f03 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -20,6 +20,15 @@ when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. +#- name: Install Ubuntu keyrings on Debian +# get_url: +# url: +# dest: /etc/apt/keyrings/ +# mode: 0644 +# timeout: "{{ download_timeout }}" +# when: is_debian_12 + +# use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 083904e03..3caa3f52e 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -45,10 +45,19 @@ case $ARCH in # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu "arm64"|"amd64") - apt -y install ubuntu-keyring + #apt -y install ubuntu-keyring cat << EOF >> /etc/apt/sources.list.d/python2.list -deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +# gave 404 errors on U23.04 x86_64 VM +#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe + +# works on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe + +# keys for Debian future work maybe +#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe +#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe EOF ;; @@ -72,6 +81,7 @@ EOF # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then cat << EOF >> /etc/apt/sources.list.d/python2.list +# these might change deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF From ba2d00fd5af000ecad53c93a72895871cc01a3e2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Apr 2023 01:29:23 -0500 Subject: [PATCH 180/937] split the arm64/amd64 repos --- scripts/install_python2.sh | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 3caa3f52e..f7d119742 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -13,7 +13,7 @@ apt -y install media-types libffi8 libssl3 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - #"amd64") + "amd64") #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb @@ -26,9 +26,14 @@ case $ARCH in #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb #rm *.deb - #;; + # works on U23.04 x86_64 VM + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe +EOF + ;; - #"arm64") + "arm64") #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb @@ -41,25 +46,21 @@ case $ARCH in #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb #apt install ./python2.7_2.7.18-8_arm64.deb #rm *.deb - #;; + # gave 404 errors on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +EOF + ;; # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu - "arm64"|"amd64") - #apt -y install ubuntu-keyring - cat << EOF >> /etc/apt/sources.list.d/python2.list -# gave 404 errors on U23.04 x86_64 VM -#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe - -# works on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm -deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe -deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe - +# "arm64"|"amd64") +# cat << EOF >> /etc/apt/sources.list.d/python2.list # keys for Debian future work maybe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe -EOF - ;; +#EOF +# ;; "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb From 1738f7c54040784e0cf33a69565fb273be9a51c0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Apr 2023 01:38:04 -0500 Subject: [PATCH 181/937] always overwrite --- scripts/install_python2.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f7d119742..f7f494b43 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -27,7 +27,7 @@ case $ARCH in #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb #rm *.deb # works on U23.04 x86_64 VM - cat << EOF >> /etc/apt/sources.list.d/python2.list + cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe EOF @@ -47,7 +47,7 @@ EOF #apt install ./python2.7_2.7.18-8_arm64.deb #rm *.deb # gave 404 errors on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm - cat << EOF >> /etc/apt/sources.list.d/python2.list + cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF @@ -55,7 +55,7 @@ EOF # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu # "arm64"|"amd64") -# cat << EOF >> /etc/apt/sources.list.d/python2.list +# cat << EOF > /etc/apt/sources.list.d/python2.list # keys for Debian future work maybe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe @@ -81,7 +81,7 @@ EOF # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then - cat << EOF >> /etc/apt/sources.list.d/python2.list + cat << EOF > /etc/apt/sources.list.d/python2.list # these might change deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe From ca4cd1a2606cdb07c5d314ce3efc7b8c439b33e2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Apr 2023 01:58:41 -0500 Subject: [PATCH 182/937] apt export --- scripts/install_python2.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f7f494b43..a18a3d316 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -3,6 +3,7 @@ # https://packages.debian.org/bullseye/libpython2.7-stdlib # https://packages.ubuntu.com/search?keywords=libpython2.7-stdlib&searchon=names&suite=all§ion=all # https://packages.ubuntu.com/jammy-updates/libpython2.7-stdlib +export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) apt -y install virtualenv From 191ba3912995239964a9a49322075587ae38bd24 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Apr 2023 02:28:05 -0500 Subject: [PATCH 183/937] seems to be always installed --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index a18a3d316..cf51e4cd3 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -8,7 +8,7 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 -apt -y install media-types libffi8 libssl3 +#apt -y install media-types libffi8 libssl3 # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` From fbb614b1c66c1b92c8714be6a1c6b7164fd8761e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Apr 2023 08:45:56 -0500 Subject: [PATCH 184/937] cleanup --- scripts/install_python2.sh | 63 ++++++++------------------------------ 1 file changed, 12 insertions(+), 51 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index cf51e4cd3..d61b125d7 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -3,6 +3,16 @@ # https://packages.debian.org/bullseye/libpython2.7-stdlib # https://packages.ubuntu.com/search?keywords=libpython2.7-stdlib&searchon=names&suite=all§ion=all # https://packages.ubuntu.com/jammy-updates/libpython2.7-stdlib + +# payload to be installed: +# libpython2-stdlib +# libpython2.7-minimal +# libpython2.7-stdlib +# python2-minimal +# python2.7-minimal +# python2.7 +# python2 + export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) @@ -15,18 +25,6 @@ apt -y install virtualenv cd /tmp case $ARCH in "amd64") - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb - #rm *.deb # works on U23.04 x86_64 VM cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe @@ -35,18 +33,6 @@ EOF ;; "arm64") - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - #apt install ./python2.7-minimal_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - #apt install ./python2.7_2.7.18-8_arm64.deb - #rm *.deb # gave 404 errors on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe @@ -54,36 +40,11 @@ deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF ;; -# trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu -# "arm64"|"amd64") -# cat << EOF > /etc/apt/sources.list.d/python2.list -# keys for Debian future work maybe -#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe -#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe -#EOF -# ;; - "armhf") - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb - #apt install ./libffi7_3.3-6_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb - #apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb - #apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb - #apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb - #apt install ./python2.7_2.7.18-13.2_armhf.deb - #rm *.deb - -# armhf compile flags differ between RasPiOS and Ubuntu + # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then + # these might change cat << EOF > /etc/apt/sources.list.d/python2.list -# these might change deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF From a1aaf70975c83cc7cab64935932b7ea0098f4f62 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 14 Apr 2023 08:50:23 -0500 Subject: [PATCH 185/937] 2210 2304 fixed https://bugs.launchpad.net/bugs/1951586 --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 6757846d3..918e66ebe 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -26,7 +26,7 @@ fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 -if [ -f /run/netplan/wpa-$IFACE.conf ]; then +if [ -f /run/netplan/wpa-$IFACE.conf ] && ! $(grep country /run/netplan/wpa-$IFACE.conf); then NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` echo "cover netplan lack of country=" From bb95816c793392a868439dd063655558b4ac5686 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Apr 2023 04:31:03 -0500 Subject: [PATCH 186/937] use country value in hostapd if present --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 918e66ebe..2370c152f 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -26,11 +26,16 @@ fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 -if [ -f /run/netplan/wpa-$IFACE.conf ] && ! $(grep country /run/netplan/wpa-$IFACE.conf); then +if [ -f /run/netplan/wpa-$IFACE.conf ] && $(grep country /run/netplan/wpa-$IFACE.conf); then + REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') + sed -i -e "s/^country.*/country=$REG_DOM/" /etc/hostapd/hostapd.conf.iiab + cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf +else NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` echo "cover netplan lack of country=" - sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry=US|' /run/netplan/wpa-$IFACE.conf + sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf + fi # IIAB hint for NetworkManager # could scrape /etc/NetworkManager/system-connections/ looking for ssid From 2f321dc0a464f2cce71809e4b4379c4176270a62 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Apr 2023 05:23:42 -0500 Subject: [PATCH 187/937] use 'iw reg get' in hostapd if present --- roles/network/tasks/sysd-netd-debian.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index f1b860d85..2be2772df 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -87,6 +87,17 @@ systemd: daemon_reload: yes +- name: Detect WiFi country code in use + command: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: discovered_wireless_iface != "none" + +- name: Set Wifi Region country code for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM }}" + when: REG_DOM is defined and REG_DOM.stdout | length > 0 + - name: Clone wifi if needed systemd: name: iiab-clone-wifi From 7845a8bddc2d7abd3ef80a04cd2cf3b3a877aea2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Apr 2023 05:55:50 -0500 Subject: [PATCH 188/937] hints for iiab-hotspot-on|off --- roles/network/templates/hostapd/iiab-hotspot-off | 4 +++- roles/network/templates/hostapd/iiab-hotspot-on | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index eb5951c6b..98fb9dbf2 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -38,6 +38,8 @@ fi echo -e "\nPlease reboot to enable upstream WiFi access.\n" exit 0 {% endif %} +#is_raspbian +{% endif %} #wifi_up_down {% endif %} -{% endif %} +#network_enabled diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 04d551774..3f809bf44 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -46,7 +46,10 @@ systemctl enable hostapd echo -e "\nPlease reboot to activate hostapd feature.\n" exit 0 {% endif %} +#is_raspbian +{% endif %} #wifi_up_down {% endif %} +#can_be_ap {% endif %} -{% endif %} +#network_enabled From 4089be6b253b237820f669e11226032f2e82125b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Apr 2023 08:31:52 -0500 Subject: [PATCH 189/937] always remove old virtual environment --- roles/calibre-web/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 36c5da0c5..3c8e4345e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -22,6 +22,11 @@ line: ' ' state: present +- name: Remove previous virtual environment {{ calibreweb_venv_path }} + file: + path: "{{ calibreweb_venv_path }}" + state: absent + - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: state: directory From 061a96a5adb85cd490987841ec536b2f612e26e8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Apr 2023 13:43:16 -0500 Subject: [PATCH 190/937] positional ordering --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 3c8e4345e..7ffb5a32e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -61,7 +61,7 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv_site_packages: no - virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} --system-site-packages + virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 From 3ae4627956429bf7916c4e2b97b6962312e706e3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Apr 2023 19:20:11 -0500 Subject: [PATCH 191/937] use shell --- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 2be2772df..680b8316e 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -88,14 +88,14 @@ daemon_reload: yes - name: Detect WiFi country code in use - command: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True when: discovered_wireless_iface != "none" - name: Set Wifi Region country code for hostapd when present set_fact: - host_country_code: "{{ REG_DOM }}" + host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM is defined and REG_DOM.stdout | length > 0 - name: Clone wifi if needed From e63028f8eeb3d9d711e7cf8add5c9458a81a9f22 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Apr 2023 19:38:48 -0500 Subject: [PATCH 192/937] record --- roles/network/tasks/restart.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 1576a2af3..074ec5086 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -14,6 +14,16 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled +- name: Record host_country_code_applied in network of iiab_ini_file + ini_file: + dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: host_country_code_applied + value: "{{ host_country_code }}" + - name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed template: owner: root From 7a31b02a6720e642baf4b76d68c4995176729503 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 17 Apr 2023 13:58:21 -0400 Subject: [PATCH 193/937] Allow rescue/continue if CUPS or Samba installs fail --- roles/2-common/tasks/packages.yml | 6 ++--- roles/cups/tasks/main.yml | 45 ++++++++++++++++++------------- roles/samba/tasks/main.yml | 45 ++++++++++++++++++------------- 3 files changed, 55 insertions(+), 41 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index b694a4194..ad80ef98b 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, plocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events @@ -16,12 +16,12 @@ - logrotate # 67kB download: RasPiOS installs this regardless #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles - #- mlocate # 92kB download - - plocate # 97kB download: Faster & smaller than locate & mlocate #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics + #- mlocate # 92kB download + - plocate # 97kB download: Faster & smaller than locate & mlocate #- python3-pip # 337kB download: 2023-03-22: Used to be installed by /opt/iiab/iiab/scripts/ansible -- which would auto-install 'python3-setuptools' and 'python3' etc #- python3-venv # 1188kB download: 2023-03-22: Already installed by /opt/iiab/iiab/scripts/ansible -- used by roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 no longer auto-installs 'python3-venv' when you install 'python3' - rsync # 351kB download: RasPiOS installs this regardless diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index 2c9531814..a709ac090 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -23,26 +23,33 @@ quiet: yes -- name: Install CUPS if 'cups_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: cups_installed is undefined +- block: + - name: Install CUPS if 'cups_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: cups_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'cups' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: cups + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: CUPS + - option: description + value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."' + - option: cups_install + value: "{{ cups_install }}" + - option: cups_enabled + value: "{{ cups_enabled }}" -- name: Add 'cups' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: cups - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: CUPS - - option: description - value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."' - - option: cups_install - value: "{{ cups_install }}" - - option: cups_enabled - value: "{{ cups_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index 801d725f4..12d06f2d4 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Samba if 'samba_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: samba_installed is undefined +- block: + - name: Install Samba if 'samba_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: samba_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'samba' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: samba + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Samba + - option: description + value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."' + - option: samba_install + value: "{{ samba_install }}" + - option: samba_enabled + value: "{{ samba_enabled }}" -- name: Add 'samba' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: samba - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Samba - - option: description - value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."' - - option: samba_install - value: "{{ samba_install }}" - - option: samba_enabled - value: "{{ samba_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From f79f4c0f46cfc23b8eb8be56ffd8e241d0a0e5cd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 18 Apr 2023 16:08:08 -0500 Subject: [PATCH 194/937] clearer logic --- .../templates/hostapd/iiab-test-wifi.j2 | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 2370c152f..e358d4dbb 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -26,17 +26,22 @@ fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 -if [ -f /run/netplan/wpa-$IFACE.conf ] && $(grep country /run/netplan/wpa-$IFACE.conf); then - REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') - sed -i -e "s/^country.*/country=$REG_DOM/" /etc/hostapd/hostapd.conf.iiab - cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf -else - NETPLAN=1 +if [ -f /run/netplan/wpa-$IFACE.conf ]; then SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` - echo "cover netplan lack of country=" - sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf - + REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') + if [ -z "$REG_DOM" ]; then + NETPLAN=1 + echo "cover netplan wifi client lack of country=" + sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf + else + echo "set hostapd wifi country to $REG_DOM" + if [ -f /etc/hostapd/hostapd.conf.iiab ]; then + sed -i 's|^country.*|country=$REG_DOM|' /etc/hostapd/hostapd.conf.iiab + cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf + fi + fi fi + # IIAB hint for NetworkManager # could scrape /etc/NetworkManager/system-connections/ looking for ssid if [ -f /etc/iiab/iiab.env ]; then From ff905ef5d878f830271bb0b16adf253640bf0f54 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 18 Apr 2023 23:35:43 -0500 Subject: [PATCH 195/937] dispatcher has a call to alter hostapd.conf --- roles/network/tasks/restart.yml | 8 ++++++++ roles/network/tasks/sysd-netd-debian.yml | 6 ------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 074ec5086..0e1ccd980 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -36,6 +36,14 @@ - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } when: can_be_ap +- name: Enable & Restart networkd-dispatcher.service + systemd: + name: networkd-dispatcher + state: restarted + enabled: yes + masked: no + when: systemd_networkd_active + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: name: hostapd diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 680b8316e..e1b73db61 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -118,9 +118,3 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service - systemd: - name: networkd-dispatcher - state: restarted - enabled: yes - masked: no From 27c3b1b9a08406e84ce27b3acb441a595c69e1c6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 18 Apr 2023 23:33:56 -0500 Subject: [PATCH 196/937] Just set and let the next stanza in main handle the call --- roles/network/tasks/NM-debian.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index d5dad9ffc..200911a91 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -71,8 +71,9 @@ when: wan_ip != "dhcp" - name: Use systemd-networkd to handle br0 - include_tasks: sysd-netd-debian.yml - when: iiab_lan_iface == "br0" and not systemd_networkd_active + set_fact: + systemd_networkd_active: True + when: iiab_lan_iface == "br0" - name: Reload systemd systemd: From 5341cc6ca20af8ac0522736725f550f09723d7e5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 19 Apr 2023 10:38:50 -0500 Subject: [PATCH 197/937] typo, use double quotes, always restart netplan wifi --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 6 +++--- roles/network/templates/hostapd/netd-disp2 | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index e358d4dbb..39ae8caa8 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -29,14 +29,14 @@ fi if [ -f /run/netplan/wpa-$IFACE.conf ]; then SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') + NETPLAN=1 if [ -z "$REG_DOM" ]; then - NETPLAN=1 echo "cover netplan wifi client lack of country=" - sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf + sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf else echo "set hostapd wifi country to $REG_DOM" if [ -f /etc/hostapd/hostapd.conf.iiab ]; then - sed -i 's|^country.*|country=$REG_DOM|' /etc/hostapd/hostapd.conf.iiab + sed -i "s|^country.*|country_code=$REG_DOM|" /etc/hostapd/hostapd.conf.iiab cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf fi fi diff --git a/roles/network/templates/hostapd/netd-disp2 b/roles/network/templates/hostapd/netd-disp2 index 78e258627..7b9218899 100644 --- a/roles/network/templates/hostapd/netd-disp2 +++ b/roles/network/templates/hostapd/netd-disp2 @@ -13,6 +13,9 @@ if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then systemctl stop wpa_supplicant systemctl restart hostapd systemctl start wpa_supplicant + if [ -f /run/netplan/wpa-wlan0.conf ]; then + systemctl restart netplan-wpa-wlan0.service + fi else echo "Upstream Channel greater than 13 or is the same - not changing hostapd.conf" fi From 3c3affb16a907e46e0ef32fdf8f0ac9f4a15bfb7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 19 Apr 2023 10:44:39 -0500 Subject: [PATCH 198/937] softcode --- roles/network/templates/hostapd/netd-disp2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/netd-disp2 b/roles/network/templates/hostapd/netd-disp2 index 7b9218899..e6a8fca72 100644 --- a/roles/network/templates/hostapd/netd-disp2 +++ b/roles/network/templates/hostapd/netd-disp2 @@ -13,8 +13,8 @@ if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then systemctl stop wpa_supplicant systemctl restart hostapd systemctl start wpa_supplicant - if [ -f /run/netplan/wpa-wlan0.conf ]; then - systemctl restart netplan-wpa-wlan0.service + if [ -f /run/netplan/wpa-$IFACE.conf ]; then + systemctl restart netplan-wpa-$IFACE.service fi else echo "Upstream Channel greater than 13 or is the same - not changing hostapd.conf" From b286d9d6e940195d7d6dbc58479d0a98489c5ed8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 19 Apr 2023 10:46:45 -0500 Subject: [PATCH 199/937] easier diff --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 39ae8caa8..205f77fc7 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -27,9 +27,9 @@ fi # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 if [ -f /run/netplan/wpa-$IFACE.conf ]; then + NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') - NETPLAN=1 if [ -z "$REG_DOM" ]; then echo "cover netplan wifi client lack of country=" sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf From d831f057692c82b4da7c0185178126d83b59427d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 20 Apr 2023 10:02:34 -0500 Subject: [PATCH 200/937] NM ssid detection --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 205f77fc7..c3a49a847 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -22,10 +22,10 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` fi -# covers netplan's bugs workaround # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 +# covers netplan systemd use on server with bug workarounds if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` @@ -50,8 +50,14 @@ if [ -f /etc/iiab/iiab.env ]; then SSID=$CLIENT_SSID fi fi + +# NetworkManager +if [[ $SSID == "NA" ]]; then + SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) +fi echo "ssid is $SSID" -if [[ $SSID == "" ]] || [[ $SSID == "NA" ]]; then + +if [[ $SSID == "" ]]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" From 908c8f495136c19e7f420bddea6265b95c52d27d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 20 Apr 2023 10:43:18 -0500 Subject: [PATCH 201/937] tighten up when to install ap0 file --- roles/network/tasks/NM-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 200911a91..9cb2cf1db 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -22,7 +22,7 @@ dest: /etc/NetworkManager/conf.d/ap0-manage.conf src: network/ap0-manage.conf mode: 0644 - when: wifi_up_down + when: discovered_wireless_iface != "none" and wifi_up_down - name: Copy manage.conf for NetworkManager when wifi_up_down False template: From 4fe56e787efbaa120aa1c1be2b9f2447ab72773f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 20 Apr 2023 10:43:55 -0500 Subject: [PATCH 202/937] tighten up when to run wifi detection --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 3df0f2c36..7f5bd34a4 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -12,7 +12,7 @@ - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel - when: discovered_wireless_iface != "none" + when: has_wifi_gateway is defined - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: From 8aaa459d9c7bd29d8bae6dbfb334b982b602998a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 20 Apr 2023 12:56:14 -0500 Subject: [PATCH 203/937] restarting seems excessive just use start --- roles/network/templates/network/dnsmasq.sh.j2 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/network/dnsmasq.sh.j2 b/roles/network/templates/network/dnsmasq.sh.j2 index 00df42bf3..6a7f7179a 100755 --- a/roles/network/templates/network/dnsmasq.sh.j2 +++ b/roles/network/templates/network/dnsmasq.sh.j2 @@ -1,7 +1,6 @@ #!/bin/bash if [ "$IFACE" == "{{ iiab_lan_iface }}" ]; then - echo "Restarting dnsmasq in 5 seconds" - /bin/sleep 5 && /bin/systemctl --no-block restart dnsmasq.service - echo "Restarted dnsmasq" + /bin/systemctl --no-block start dnsmasq.service + echo "Started dnsmasq" fi From 07a63f3b8a57e5d7633ae637a4fca5e4a8861ce7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Apr 2023 09:59:29 -0400 Subject: [PATCH 204/937] Tighten up templates/hostapd/iiab-hotspot-off just a bit? --- roles/network/templates/hostapd/iiab-hotspot-off | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 98fb9dbf2..0b917b4df 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -11,13 +11,11 @@ systemctl disable iiab-clone-wifi.service systemctl disable iiab-wifi-test.service systemctl stop iiab-clone-wifi.service echo " IIAB hotspot access point Disabled" -exit 0 +#exit 0 {% else %} {% if is_raspbian %} # hotspot-off before ap0_updown sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf -systemctl disable hostapd -systemctl stop hostapd #systemctl disable dnsmasq #systemctl stop dnsmasq systemctl daemon-reload @@ -35,8 +33,8 @@ systemctl restart dhcpcd if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf fi -echo -e "\nPlease reboot to enable upstream WiFi access.\n" -exit 0 +echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" +#exit 0 {% endif %} #is_raspbian {% endif %} From d1a7ab2b74adaf09599e726ec5e23d27d43ff155 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Apr 2023 10:03:57 -0400 Subject: [PATCH 205/937] Tighten up templates/hostapd/iiab-hotspot-on just a bit? --- roles/network/templates/hostapd/iiab-hotspot-on | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 3f809bf44..bd7c4fa0e 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -14,8 +14,7 @@ sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} systemctl enable iiab-clone-wifi.service systemctl enable hostapd systemctl enable iiab-wifi-test.service -echo -e "\nPlease reboot to activate hostapd feature.\n" -exit 0 +#exit 0 {% else %} {% if is_raspbian %} # just do what we have always done in hotspot-on @@ -38,13 +37,12 @@ systemctl start dnsmasq # ip link set dev wlan0 promisc off #fi {% else %} -#ubuntu +#ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then sed -i -e "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf fi systemctl enable hostapd -echo -e "\nPlease reboot to activate hostapd feature.\n" -exit 0 +#exit 0 {% endif %} #is_raspbian {% endif %} @@ -53,3 +51,5 @@ exit 0 #can_be_ap {% endif %} #network_enabled + +echo -e "\nPlease reboot to activate hostapd feature.\n" From cdc77b121ccda228401de111edf9b404cc1dbaa8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Apr 2023 10:06:54 -0400 Subject: [PATCH 206/937] Clarifying templates/hostapd/iiab-hotspot-off ? --- roles/network/templates/hostapd/iiab-hotspot-off | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 0b917b4df..e59c18ebe 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -13,6 +13,7 @@ systemctl stop iiab-clone-wifi.service echo " IIAB hotspot access point Disabled" #exit 0 {% else %} +echo " IIAB hotspot access point Disabled" {% if is_raspbian %} # hotspot-off before ap0_updown sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf @@ -29,7 +30,7 @@ systemctl restart dhcpcd # ip link set dev wlan0 promisc on #fi {% else %} -#ubuntu +#ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf fi From 319b75fe7d30083d58ff28ab6c1e61a9552533e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Apr 2023 11:50:04 -0400 Subject: [PATCH 207/937] iiab-hotspot-off: sed "-e" flag optional --- roles/network/templates/hostapd/iiab-hotspot-off | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index e59c18ebe..25a5053be 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -3,7 +3,7 @@ echo -e "Networking role disabled\n" echo -e "For details, see: https://github.com/iiab/iiab/pull/3302\n" {% else %} -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} +sed -i "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} systemctl disable hostapd systemctl stop hostapd {% if wifi_up_down %} @@ -16,7 +16,7 @@ echo " IIAB hotspot access point Disabled" echo " IIAB hotspot access point Disabled" {% if is_raspbian %} # hotspot-off before ap0_updown -sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf +sed -i "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf #systemctl disable dnsmasq #systemctl stop dnsmasq systemctl daemon-reload @@ -32,7 +32,7 @@ systemctl restart dhcpcd {% else %} #ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then - sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf + sed -i "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf fi echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" #exit 0 From 9ed5cd53c7aa020f75332a2cd8e69d9e1516e719 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Apr 2023 11:50:51 -0400 Subject: [PATCH 208/937] iiab-hotspot-on: sed "-e" flag optional --- roles/network/templates/hostapd/iiab-hotspot-on | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index bd7c4fa0e..03ca2d4ae 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -9,7 +9,7 @@ echo -e "If you add Wi-Fi hardware, run 'cd /opt/iiab/iiab' then 'sudo ./iiab-ne echo -e "For details, see: https://github.com/iiab/iiab/pull/3179\n" exit 1 {% else %} -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} +sed -i "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} systemctl enable iiab-clone-wifi.service systemctl enable hostapd @@ -19,7 +19,7 @@ systemctl enable iiab-wifi-test.service {% if is_raspbian %} # just do what we have always done in hotspot-on cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf -sed -i -e "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf +sed -i "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf # shut down wlan0 in case connected to network ip link set wlan0 down systemctl enable hostapd @@ -39,7 +39,7 @@ systemctl start dnsmasq {% else %} #ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then - sed -i -e "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf + sed -i "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf fi systemctl enable hostapd #exit 0 From 262ca468e977740764b0a0fc26dfa496c687c124 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 22 Apr 2023 22:05:01 -0500 Subject: [PATCH 209/937] tighten up when to run wifi detection more --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 7f5bd34a4..e46f810b9 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -12,7 +12,7 @@ - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel - when: has_wifi_gateway is defined + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: From 0c037b276305621f19fbd5cd6abd72dad90c1f41 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 01:24:20 -0500 Subject: [PATCH 210/937] \[], echo, run netplan restart sooner, NM wait, move hostapd restart --- .../templates/hostapd/iiab-test-wifi.j2 | 37 +++++++++++-------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index c3a49a847..50f34fae2 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -9,11 +9,13 @@ SSID="NA" # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then + echo "systemd-network" SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` fi -# covers raspbian +# covers stock raspbian if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then + echo "RasPiOS" RASPBIAN=1 if /usr/sbin/rfkill list wifi | grep -q "Soft blocked: yes" ; then echo "unblocking WiFi" @@ -28,10 +30,11 @@ fi # covers netplan systemd use on server with bug workarounds if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 + echo "Netplan systemd" SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') if [ -z "$REG_DOM" ]; then - echo "cover netplan wifi client lack of country=" + echo "cover netplan wifi client lack of country= setting to {{ host_country_code }}" sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf else echo "set hostapd wifi country to $REG_DOM" @@ -52,12 +55,14 @@ if [ -f /etc/iiab/iiab.env ]; then fi # NetworkManager -if [[ $SSID == "NA" ]]; then +if [ $SSID == "NA" ] && [ ! -z $(pgrep NetworkManager) ]; then + echo "NetworkManager" + sleep 15 SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) fi echo "ssid is $SSID" -if [[ $SSID == "" ]]; then +if [ $SSID == "" ]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" @@ -76,14 +81,23 @@ for result in $FREQ; do echo "channel $result is 5Ghz - ignoring" fi done + echo "Using $FREQ2 for $SSID" -if [[ $FREQ2 == "" ]]; then + +if [ $NETPLAN -eq 1 ]; then + echo "Netplan2" + # This is more of a netplan workaround should go away. + /bin/systemctl restart netplan-wpa-$IFACE.service +fi + +if [ $FREQ2 == "" ]; then echo "Couldn't find frequency to use exiting" if [ $NETPLAN -eq 1 ]; then - echo "Netplan2" + echo "Netplan3" fi exit 0 fi + # ubuntu on boot exits at this point timing - issue with wpa_cli and scanning CHAN=$(($FREQ2 - 2407 )) CHAN=$(($CHAN / 5 )) @@ -94,14 +108,7 @@ if [ $CHAN -ne $HOSTAPD ]; then echo "Editing Hostapd for channel $CHAN" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf + /bin/systemctl --no-block restart hostapd fi -systemctl stop wpa_supplicant -systemctl stop hostapd -systemctl start hostapd -systemctl start wpa_supplicant -if [ $NETPLAN -eq 1 ]; then - echo "Netplan3" - # This is more of a netplan workaround should go away. - systemctl restart netplan-wpa-$IFACE.service -fi + exit 0 From b17cab4794c3189decab7deb35d7dd7186a7a948 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 01:25:24 -0500 Subject: [PATCH 211/937] run after NM and netplan --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 682680a07..6f86b7e34 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -2,11 +2,11 @@ Description=IIAB find channel freq for ssid After=wpa_supplicant.service Wants=wpa_supplicant.service +After=NetworkManager.service +After=netplan-wpa-{{ discovered_wireless_iface }}.service Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service -Before=NetworkManager.service -Before=netplan-wpa-{{ discovered_wireless_iface }}.service Before=network.target [Service] From 472fdfd1527aae807fed80544fe30b382b5f00d6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 01:59:52 -0500 Subject: [PATCH 212/937] style --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 50f34fae2..5b90cd691 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -62,7 +62,7 @@ if [ $SSID == "NA" ] && [ ! -z $(pgrep NetworkManager) ]; then fi echo "ssid is $SSID" -if [ $SSID == "" ]; then +if [ -z $SSID ]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" @@ -90,7 +90,7 @@ if [ $NETPLAN -eq 1 ]; then /bin/systemctl restart netplan-wpa-$IFACE.service fi -if [ $FREQ2 == "" ]; then +if [ -z $FREQ2 ]; then echo "Couldn't find frequency to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan3" @@ -109,6 +109,7 @@ if [ $CHAN -ne $HOSTAPD ]; then cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf /bin/systemctl --no-block restart hostapd + echo "Restarted hostapd" fi exit 0 From a6cd9ded51d1e0233a06c4b2581e6fff4c7e0198 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 02:03:16 -0500 Subject: [PATCH 213/937] replace backtics --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 5b90cd691..0b92ca259 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -10,7 +10,7 @@ SSID="NA" # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then echo "systemd-network" - SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` + SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi # covers stock raspbian @@ -21,7 +21,7 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then echo "unblocking WiFi" rfkill unblock wifi fi - SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` + SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 @@ -31,7 +31,7 @@ fi if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 echo "Netplan systemd" - SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` + SSID=$(grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') if [ -z "$REG_DOM" ]; then echo "cover netplan wifi client lack of country= setting to {{ host_country_code }}" @@ -71,7 +71,7 @@ if [ -z $SSID ]; then fi wpa_cli -i $IFACE scan > /dev/null sleep 2 -FREQ=`wpa_cli -i $IFACE scan_results | grep $SSID | awk '{print $2}'` +FREQ=$(wpa_cli -i $IFACE scan_results | grep $SSID | awk '{print $2}') for result in $FREQ; do echo "frequency is $result for $SSID" if [ $result -lt 2485 ] && [ $result -gt 2407 ]; then @@ -102,7 +102,7 @@ fi CHAN=$(($FREQ2 - 2407 )) CHAN=$(($CHAN / 5 )) echo "channel is $CHAN for $SSID" -HOSTAPD=`grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` +HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" if [ $CHAN -ne $HOSTAPD ]; then echo "Editing Hostapd for channel $CHAN" From d7d6404c534d2314e6e62681b4079ab505da6c2b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 08:02:57 -0500 Subject: [PATCH 214/937] tighten up country code detection --- roles/network/tasks/rpi_debian.yml | 2 ++ roles/network/tasks/sysd-netd-debian.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 4dbcd97ee..29b6e0591 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -39,6 +39,7 @@ shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' register: country_code ignore_errors: True + when: wifi_up_down and can_be_ap - name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf set_fact: @@ -52,6 +53,7 @@ line: country={{ host_country_code }} when: country_code is defined and country_code.stdout | length == 0 +# This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill shell: rfkill unblock 0 ignore_errors: True diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index e1b73db61..6051971b9 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -91,7 +91,7 @@ shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True - when: discovered_wireless_iface != "none" + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Set Wifi Region country code for hostapd when present set_fact: From 348974be6fab3b0a11b986a3da98f7c3437a48a4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 08:21:09 -0500 Subject: [PATCH 215/937] stdout country code detection --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 6051971b9..5f66db11c 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -96,7 +96,7 @@ - name: Set Wifi Region country code for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM is defined and REG_DOM.stdout | length > 0 + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - name: Clone wifi if needed systemd: From a49a0680d35c3530919363f25c20a94d069d3c58 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 12:23:33 -0500 Subject: [PATCH 216/937] drop NA --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 0b92ca259..b312867c2 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -2,7 +2,7 @@ IFACE={{ discovered_wireless_iface }} RASPBIAN=0 NETPLAN=0 -SSID="NA" +SSID="" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. None # of the backends that use wpa_supplicant should be active yet based on the Before= After= lines # in the iiab-wifi-test.service unit file. @@ -55,7 +55,7 @@ if [ -f /etc/iiab/iiab.env ]; then fi # NetworkManager -if [ $SSID == "NA" ] && [ ! -z $(pgrep NetworkManager) ]; then +if [ -z $SSID ] && [ ! -z $(pgrep NetworkManager) ]; then echo "NetworkManager" sleep 15 SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) From c49adcf39596b7b39f673c24db605fd9837e3537 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 13:53:05 -0500 Subject: [PATCH 217/937] borrow some bits from iiab-clone-wifi --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 6f86b7e34..4b3a5472c 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,5 +1,9 @@ [Unit] Description=IIAB find channel freq for ssid +Requires=network-pre.target +BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=iiab-clone-wifi.service After=wpa_supplicant.service Wants=wpa_supplicant.service After=NetworkManager.service From bc4850a09c1d8544fbfa81d939d0543566d408dc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 13:55:37 -0500 Subject: [PATCH 218/937] RasPiOS could be running NM backend, test if dhcpcd is running, drop rfkill --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index b312867c2..2fc85a962 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -3,9 +3,12 @@ IFACE={{ discovered_wireless_iface }} RASPBIAN=0 NETPLAN=0 SSID="" -# when we get here br0 should be available and dbus wpa_supplicant was started if enabled. None -# of the backends that use wpa_supplicant should be active yet based on the Before= After= lines -# in the iiab-wifi-test.service unit file. +# when we get here br0 should be available and dbus wpa_supplicant was started if enabled. Some +# of the backends that use wpa_supplicant should be active based on the Before= After= lines in +# the iiab-wifi-test.service unit file. + +echo "iiab-test-wifi called" +echo "running pid $$" # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then @@ -14,13 +17,9 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then fi # covers stock raspbian -if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then +if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ ! -z $(pgrep dhcpcd) ]; then echo "RasPiOS" RASPBIAN=1 - if /usr/sbin/rfkill list wifi | grep -q "Soft blocked: yes" ; then - echo "unblocking WiFi" - rfkill unblock wifi - fi SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi From cf67d4c9d775861dd475db877defa808b42a6932 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 14:56:10 -0500 Subject: [PATCH 219/937] netplan-systemd staging --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 4b3a5472c..23223c854 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -3,6 +3,8 @@ Description=IIAB find channel freq for ssid Requires=network-pre.target BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=network-pre.target + After=iiab-clone-wifi.service After=wpa_supplicant.service Wants=wpa_supplicant.service @@ -11,7 +13,6 @@ After=netplan-wpa-{{ discovered_wireless_iface }}.service Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service -Before=network.target [Service] Type=oneshot From ef6486b09b929c863af4f2d3830c775e8a638f67 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 Apr 2023 16:11:03 -0500 Subject: [PATCH 220/937] grouping, recording, staging --- roles/network/tasks/computed_services.yml | 19 ----------- roles/network/tasks/hostapd.yml | 40 +++++++++++++++++++++++ roles/network/tasks/main.yml | 5 +-- roles/network/tasks/restart.yml | 10 ------ roles/network/tasks/sysd-netd-debian.yml | 11 ------- 5 files changed, 43 insertions(+), 42 deletions(-) diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 9527ed7d3..2a113ce15 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -81,22 +81,3 @@ value: "{{ dnsmasq_enabled }}" - option: no_net_restart value: "{{ no_net_restart }}" - - option: hostapd_enabled - value: "{{ hostapd_enabled }}" - - option: host_ssid - value: "{{ host_ssid }}" - - option: host_wifi_mode - value: "{{ host_wifi_mode }}" - - option: host_channel - value: "{{ host_channel }}" - -- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} - ini_file: - dest: "{{ iiab_ini_file }}" - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index e46f810b9..7f732f73f 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,6 +9,17 @@ enabled: no when: not hostapd_enabled +- name: Detect WiFi country code in use + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set Wifi Region country code for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel @@ -88,3 +99,32 @@ regexp: '^HOSTAPD_ENABLED=*' line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}' state: present + +- name: Record host_country_code_applied and host_channel in network of {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: hostapd_enabled + value: "{{ hostapd_enabled }}" + - option: host_ssid + value: "{{ host_ssid }}" + - option: host_wifi_mode + value: "{{ host_wifi_mode }}" + - option: host_country_code_applied + value: "{{ host_country_code }}" + - option: host_channel + value: "{{ host_channel }}" + +- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: client_wifi_channel + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index f00939911..9e2954892 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -61,8 +61,6 @@ # when: squid_install and FQDN_changed and iiab_stage|int == 9 #### Start services - - name: hostapd - include_tasks: hostapd.yml - name: computed_services include_tasks: computed_services.yml - name: enable_services @@ -94,6 +92,9 @@ #when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 #### end network layout + - name: hostapd + include_tasks: hostapd.yml + - name: Restart services include_tasks: restart.yml diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 0e1ccd980..0d33f210f 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -14,16 +14,6 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled -- name: Record host_country_code_applied in network of iiab_ini_file - ini_file: - dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: host_country_code_applied - value: "{{ host_country_code }}" - - name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed template: owner: root diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 5f66db11c..1681f6cf7 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -87,17 +87,6 @@ systemd: daemon_reload: yes -- name: Detect WiFi country code in use - shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" - register: REG_DOM - ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - -- name: Set Wifi Region country code for hostapd when present - set_fact: - host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - - name: Clone wifi if needed systemd: name: iiab-clone-wifi From d738fdc1efe5140358ed0f89be2dcb65bb14a8d5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 01:10:03 -0500 Subject: [PATCH 221/937] use dash in place of bash, drop last bashism --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 2fc85a962..cbebb3439 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh IFACE={{ discovered_wireless_iface }} RASPBIAN=0 NETPLAN=0 @@ -44,15 +44,6 @@ if [ -f /run/netplan/wpa-$IFACE.conf ]; then fi fi -# IIAB hint for NetworkManager -# could scrape /etc/NetworkManager/system-connections/ looking for ssid -if [ -f /etc/iiab/iiab.env ]; then - source /etc/iiab/iiab.env - if [ ! -z $CLIENT_SSID ]; then - SSID=$CLIENT_SSID - fi -fi - # NetworkManager if [ -z $SSID ] && [ ! -z $(pgrep NetworkManager) ]; then echo "NetworkManager" From 995bc6308bbc76de5ae29d029b358df1e6ec747a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 01:12:37 -0500 Subject: [PATCH 222/937] drop unused assignment --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index cbebb3439..6693090ae 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -19,7 +19,6 @@ fi # covers stock raspbian if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ ! -z $(pgrep dhcpcd) ]; then echo "RasPiOS" - RASPBIAN=1 SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi From cb86366b134d016ff7ebec29fc8e3031bba9f7f3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 01:38:56 -0500 Subject: [PATCH 223/937] shellcheck --- .../templates/hostapd/iiab-test-wifi.j2 | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 6693090ae..948c8bd2a 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -1,6 +1,5 @@ #!/bin/sh IFACE={{ discovered_wireless_iface }} -RASPBIAN=0 NETPLAN=0 SSID="" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. Some @@ -17,7 +16,7 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then fi # covers stock raspbian -if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ ! -z $(pgrep dhcpcd) ]; then +if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ -n "$(pgrep dhcpcd)" ]; then echo "RasPiOS" SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi @@ -44,14 +43,14 @@ if [ -f /run/netplan/wpa-$IFACE.conf ]; then fi # NetworkManager -if [ -z $SSID ] && [ ! -z $(pgrep NetworkManager) ]; then +if [ -z "$SSID" ] && [ -n "$(pgrep NetworkManager)" ]; then echo "NetworkManager" sleep 15 SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) fi echo "ssid is $SSID" -if [ -z $SSID ]; then +if [ -z "$SSID" ]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" @@ -60,10 +59,10 @@ if [ -z $SSID ]; then fi wpa_cli -i $IFACE scan > /dev/null sleep 2 -FREQ=$(wpa_cli -i $IFACE scan_results | grep $SSID | awk '{print $2}') +FREQ=$(wpa_cli -i $IFACE scan_results | grep "$SSID" | awk '{print $2}') for result in $FREQ; do echo "frequency is $result for $SSID" - if [ $result -lt 2485 ] && [ $result -gt 2407 ]; then + if [ "$result" -lt 2485 ] && [ "$result" -gt 2407 ]; then FREQ2=$result break else @@ -79,7 +78,7 @@ if [ $NETPLAN -eq 1 ]; then /bin/systemctl restart netplan-wpa-$IFACE.service fi -if [ -z $FREQ2 ]; then +if [ -z "$FREQ2" ]; then echo "Couldn't find frequency to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan3" @@ -88,12 +87,12 @@ if [ -z $FREQ2 ]; then fi # ubuntu on boot exits at this point timing - issue with wpa_cli and scanning -CHAN=$(($FREQ2 - 2407 )) -CHAN=$(($CHAN / 5 )) +CHAN=$((FREQ2 - 2407 )) +CHAN=$((CHAN / 5 )) echo "channel is $CHAN for $SSID" HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" -if [ $CHAN -ne $HOSTAPD ]; then +if [ "$CHAN" -ne "$HOSTAPD" ]; then echo "Editing Hostapd for channel $CHAN" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf From 04ce0a9d7fb9cf7ec45e64f1be25b27f1cc2f2c4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 09:17:07 -0500 Subject: [PATCH 224/937] netplan2 --- .../templates/hostapd/iiab-test-wifi.j2 | 29 ++++++++++++++----- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 948c8bd2a..2df652560 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -5,6 +5,7 @@ SSID="" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. Some # of the backends that use wpa_supplicant should be active based on the Before= After= lines in # the iiab-wifi-test.service unit file. +# https://github.com/iiab/iiab/pull/3542#issuecomment-1519647266 echo "iiab-test-wifi called" echo "running pid $$" @@ -31,6 +32,7 @@ if [ -f /run/netplan/wpa-$IFACE.conf ]; then SSID=$(grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') if [ -z "$REG_DOM" ]; then + NETPLAN=2 echo "cover netplan wifi client lack of country= setting to {{ host_country_code }}" sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf else @@ -52,11 +54,28 @@ echo "ssid is $SSID" if [ -z "$SSID" ]; then echo "Couldn't find ssid $SSID to use exiting" - if [ $NETPLAN -eq 1 ]; then + if [ $NETPLAN -gt 0 ]; then echo "Netplan1" fi exit 0 fi + +if [ $NETPLAN -gt 0 ]; then + echo "Netplan2" + wpa_processes=$(ps -A | grep wpa_supplicant | wc -l) + if [ $wpa_processes -eq 1 ]; then + # This is more of a netplan workaround should go away. + echo "Starting netplan wifi" + NETPLAN=2 + else + echo "Restarting netplan wifi" + fi + # This one handles the changing of the country code from above + if [ $NETPLAN -eq 2 ]; then + /bin/systemctl restart netplan-wpa-$IFACE.service + sleep 2 + fi +fi wpa_cli -i $IFACE scan > /dev/null sleep 2 FREQ=$(wpa_cli -i $IFACE scan_results | grep "$SSID" | awk '{print $2}') @@ -72,15 +91,9 @@ done echo "Using $FREQ2 for $SSID" -if [ $NETPLAN -eq 1 ]; then - echo "Netplan2" - # This is more of a netplan workaround should go away. - /bin/systemctl restart netplan-wpa-$IFACE.service -fi - if [ -z "$FREQ2" ]; then echo "Couldn't find frequency to use exiting" - if [ $NETPLAN -eq 1 ]; then + if [ $NETPLAN -gt 0 ]; then echo "Netplan3" fi exit 0 From e1722645c5e516326edee6e1103c9240b0de9437 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 10:25:46 -0500 Subject: [PATCH 225/937] shellcheck and whitespace --- scripts/ansible | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 377203480..fa92cae32 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -96,7 +96,7 @@ echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" -if [ $(command -v ansible) ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" +if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ") # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: #CURR_VER=$(ansible --version | head -1 | awk '{print $2}') @@ -201,14 +201,13 @@ $APT_PATH/apt -y install python3-venv # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask # that virtual environments (venv) be used to safely isolate pip installs: -# https://peps.python.org/pep-0668 +# https://peps.python.org/pep-0668 echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" -cd /usr/local/ansible/bin -for bin in $(ls ansible*); do - ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin +for bin in /usr/local/ansible/bin/ansible*; do + ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" done # (Re)running collection installs appears safe, with --force-with-deps to force From 544a1f29598f0a1bfaab49ea3b67a15c65c0e92d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 10:34:54 -0500 Subject: [PATCH 226/937] https://github.com/iiab/iiab/issues/3547 --- scripts/ansible | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index fa92cae32..76a00b777 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -204,6 +204,12 @@ $APT_PATH/apt -y install python3-venv # https://peps.python.org/pep-0668 echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible + +# Same detection as local_facts.fact https://github.com/iiab/iiab/issues/3547 +if [ -f /etc/rpi-issue ] && [ "$(dpkg --print-architecture)" = armhfp ]; then + /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 +fi + /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" for bin in /usr/local/ansible/bin/ansible*; do From a17103f14fc8006daa26cbcc0d987c0a53fd874b Mon Sep 17 00:00:00 2001 From: root Date: Mon, 24 Apr 2023 17:46:24 +0100 Subject: [PATCH 227/937] Explain & lint templates/hostapd/iiab-test-wifi.j2 --- adm-run-roles-tmp.yml | 15 +++++++++++++++ .../templates/hostapd/iiab-test-wifi.j2 | 19 +++++++++++++++---- 2 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 adm-run-roles-tmp.yml diff --git a/adm-run-roles-tmp.yml b/adm-run-roles-tmp.yml new file mode 100644 index 000000000..8f6888707 --- /dev/null +++ b/adm-run-roles-tmp.yml @@ -0,0 +1,15 @@ +--- +- hosts: all + become: yes + + vars_files: + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml + + roles: + - { role: 0-init } + - { role: captiveportal } + - { role: lokole } + - { role: network } diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 948c8bd2a..1fe9d09ff 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -1,4 +1,17 @@ #!/bin/sh + +# 2023-04-24 PR #3542 / PR #3549 context: +# "systemd-network" "RasPiOS" have files with the client wifi info within them, +# those can be parsed for the ssid without needing the related service running +# first. +# "Netplan systemd" "NetworkManager" need to be running to be able to parse for +# the ssid, from the generated config file for "Netplan systemd" and from the +# running environment for "NetworkManager". +# "iiab-wifi-test.service" acts as a bit of a traffic cop keeping the ordering +# of the services more deterministic when active and tries to catch a channel +# mismatch between client wifi's current setting and what is contained within +# hostapd.conf early in the boot process. + IFACE={{ discovered_wireless_iface }} NETPLAN=0 SSID="" @@ -87,8 +100,8 @@ if [ -z "$FREQ2" ]; then fi # ubuntu on boot exits at this point timing - issue with wpa_cli and scanning -CHAN=$((FREQ2 - 2407 )) -CHAN=$((CHAN / 5 )) +CHAN=$((FREQ2 - 2407)) +CHAN=$((CHAN / 5)) echo "channel is $CHAN for $SSID" HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" @@ -99,5 +112,3 @@ if [ "$CHAN" -ne "$HOSTAPD" ]; then /bin/systemctl --no-block restart hostapd echo "Restarted hostapd" fi - -exit 0 From 78c22d3df58ac39abb5ec66bdc937c2b77d60611 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 24 Apr 2023 13:07:24 -0400 Subject: [PATCH 228/937] scripts/ansible: 2.14.5, cryptography==40.0.1 on armhf, for-loop fix --- scripts/ansible | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 76a00b777..ed368d1e6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.4] -GOOD_VER=2.14.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.5] +GOOD_VER=2.14.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -205,14 +205,21 @@ $APT_PATH/apt -y install python3-venv echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible -# Same detection as local_facts.fact https://github.com/iiab/iiab/issues/3547 -if [ -f /etc/rpi-issue ] && [ "$(dpkg --print-architecture)" = armhfp ]; then +# "if not ubuntu" (covers RasPiOC & Debian) would also work, but is overbroad: +# if ! grep -qi ubuntu /etc/os-release; then +# +# if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then +# +# 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. +# Release problems chart: https://www.piwheels.org/project/cryptography/ +if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" -for bin in /usr/local/ansible/bin/ansible*; do +cd /usr/local/ansible/bin +for bin in ansible*; do ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" done From 78603de7e6e3b1b99395f039b97c7da1ab937c5e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 12:23:56 -0500 Subject: [PATCH 229/937] capture running code --- .../templates/hostapd/iiab-test-wifi.j2 | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 2df652560..25c61b3a2 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -61,21 +61,25 @@ if [ -z "$SSID" ]; then fi if [ $NETPLAN -gt 0 ]; then - echo "Netplan2" - wpa_processes=$(ps -A | grep wpa_supplicant | wc -l) - if [ $wpa_processes -eq 1 ]; then + echo "Netplan2 sleep 10" + sleep 10 + wifi_processes=$(ps -A | grep wpa_supplicant | wc -l) + if [ $wifi_processes -eq 1 ]; then # This is more of a netplan workaround should go away. - echo "Starting netplan wifi" + echo "Problem - Now Starting netplan wifi" NETPLAN=2 else - echo "Restarting netplan wifi" + echo "Not Restarting netplan wifi sleep 20" + sleep 20 fi # This one handles the changing of the country code from above if [ $NETPLAN -eq 2 ]; then - /bin/systemctl restart netplan-wpa-$IFACE.service - sleep 2 + echo "Restarting netplan-wpa-$IFACE sleep 20" + /bin/systemctl --no-block restart netplan-wpa-$IFACE.service + sleep 20 fi fi +sleep 10 wpa_cli -i $IFACE scan > /dev/null sleep 2 FREQ=$(wpa_cli -i $IFACE scan_results | grep "$SSID" | awk '{print $2}') @@ -99,9 +103,8 @@ if [ -z "$FREQ2" ]; then exit 0 fi -# ubuntu on boot exits at this point timing - issue with wpa_cli and scanning -CHAN=$((FREQ2 - 2407 )) -CHAN=$((CHAN / 5 )) +CHAN=$((FREQ2 - 2407)) +CHAN=$((CHAN / 5)) echo "channel is $CHAN for $SSID" HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" @@ -112,5 +115,3 @@ if [ "$CHAN" -ne "$HOSTAPD" ]; then /bin/systemctl --no-block restart hostapd echo "Restarted hostapd" fi - -exit 0 From ba9e9ee01ae133a6d17125e5c7e4bebd29b3e821 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 12:27:00 -0500 Subject: [PATCH 230/937] capture running service --- .../templates/hostapd/iiab-wifi-test.service.j2 | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 23223c854..8d99e4a85 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,16 +1,10 @@ [Unit] Description=IIAB find channel freq for ssid -Requires=network-pre.target -BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=network-pre.target - -After=iiab-clone-wifi.service -After=wpa_supplicant.service -Wants=wpa_supplicant.service +Requisite=sys-subsystem-net-devices-wlan0.device +Requisite=iiab-clone-wifi.service +Requisite=wpa_supplicant.service After=NetworkManager.service After=netplan-wpa-{{ discovered_wireless_iface }}.service -Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service From 088537b9b86b117d7529249cc09af66100744166 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 12:42:16 -0500 Subject: [PATCH 231/937] clean up netd-disp2 --- roles/network/templates/hostapd/netd-disp2 | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/roles/network/templates/hostapd/netd-disp2 b/roles/network/templates/hostapd/netd-disp2 index e6a8fca72..2e39b26c2 100644 --- a/roles/network/templates/hostapd/netd-disp2 +++ b/roles/network/templates/hostapd/netd-disp2 @@ -2,20 +2,15 @@ if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then echo "NET-DISP-WiFi $IFACE $STATE" # If we are here we have a dhcp ip address - CHAN=`iw $IFACE info|grep channel|cut -d' ' -f2` + CHAN=$(iw "$IFACE" info|grep channel|cut -d' ' -f2) echo "Using channel $CHAN for carrier" - HOSTAPD=`grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` + HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" if [ $CHAN -ne $HOSTAPD ] && [ $CHAN -lt 14 ]; then echo "Editing Hostapd for channel $CHAN" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf - sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf - systemctl stop wpa_supplicant + sed -i "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf systemctl restart hostapd - systemctl start wpa_supplicant - if [ -f /run/netplan/wpa-$IFACE.conf ]; then - systemctl restart netplan-wpa-$IFACE.service - fi else echo "Upstream Channel greater than 13 or is the same - not changing hostapd.conf" fi From bfbb4f06f2891ef0894e64e52c33b56a4d5031cc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 Apr 2023 13:48:24 -0400 Subject: [PATCH 232/937] Delete adm-run-roles-tmp.yml --- adm-run-roles-tmp.yml | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 adm-run-roles-tmp.yml diff --git a/adm-run-roles-tmp.yml b/adm-run-roles-tmp.yml deleted file mode 100644 index 8f6888707..000000000 --- a/adm-run-roles-tmp.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: all - become: yes - - vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml - - roles: - - { role: 0-init } - - { role: captiveportal } - - { role: lokole } - - { role: network } From 25e44b3385ad3674c3e9f69e3295ab8029d153aa Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 Apr 2023 12:53:09 -0500 Subject: [PATCH 233/937] service set start timeout --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 8d99e4a85..450844b98 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -9,6 +9,7 @@ Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service [Service] +TimeoutStartSec=120 Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/iiab-test-wifi From fb2a9c82222f39c3d1a839454b335e71a1ee1ea1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 Apr 2023 14:02:35 -0400 Subject: [PATCH 234/937] Revert c49adcf "borrow some bits from iiab-clone-wifi" (& preserve cf67d4c "netplan-systemd staging" ?) --- .../templates/hostapd/iiab-wifi-test.service.j2 | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 23223c854..1110a9a21 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,11 +1,13 @@ [Unit] Description=IIAB find channel freq for ssid -Requires=network-pre.target -BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=network-pre.target -After=iiab-clone-wifi.service +# 2023-04-24 PR #3549: c49adcf went too far and broke netplan-systemd +#Requires=network-pre.target +#BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +#After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +#After=iiab-clone-wifi.service + +After=network-pre.target After=wpa_supplicant.service Wants=wpa_supplicant.service After=NetworkManager.service @@ -13,6 +15,7 @@ After=netplan-wpa-{{ discovered_wireless_iface }}.service Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service +#Before=network.target [Service] Type=oneshot From 40e4b9cce9df8872ba7ad3339401256bb2c919b4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 25 Apr 2023 10:31:28 -0500 Subject: [PATCH 235/937] softcode --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 555bf06f6..baa73eed6 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,6 +1,6 @@ [Unit] Description=IIAB find channel freq for ssid -Requisite=sys-subsystem-net-devices-wlan0.device +Requisite=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device Requisite=iiab-clone-wifi.service Requisite=wpa_supplicant.service From 18fe41b9c60d4dba5148a2f57ff16d3201dc7039 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Apr 2023 15:44:14 -0400 Subject: [PATCH 236/937] moodle_version: MOODLE_402_STABLE (for Moodle 4.2) --- roles/moodle/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 6c3e6db16..57f48e4a6 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,10 +8,10 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2022-11-27: Currently testing Moodle's master branch is mandatory if your -# OS PHP >= 8.2, see moodle/tasks/install.yml for detail! OR, *IF* your -# OS PHP < 8.2, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_401_STABLE # Moodle 4.1 LTS +# 2023-04-25: Currently testing Moodle's master branch is mandatory if your +# OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your +# OS PHP < 8.3, then {{ moodle_version }} will be attempted: +moodle_version: MOODLE_402_STABLE # Moodle 4.2 #moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From cac14ee4bbf8c5c686965ca6bde1f361c7dc38e9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Apr 2023 15:46:43 -0400 Subject: [PATCH 237/937] moodle/tasks/install.yml: Update comments for Moodle 4.2 --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4abac732f..c449b6c4e 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -30,7 +30,7 @@ #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - #- php{{ php_version }}-exif # 2022-11-27: Recommended by Moodle 4.1, required by Moodle 4.2 (for image metadata, rotation, etc?) apt package(s) NOT REQUIRED as it's somehow already installed with PHP's core, as confirmed by 'php -m' & 'php -i' on Ubuntu 22.04 and RasPiOS. + #- php{{ php_version }}-exif # 2022-11-27: Recommended by Moodle 4.1, possibly required by Moodle 4.2 (for image metadata, rotation, etc?) apt package(s) NOT REQUIRED as it's somehow already installed with PHP's core, as confirmed by 'php -m' & 'php -i' on Ubuntu 22.04 and RasPiOS. - php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml @@ -62,7 +62,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_401_STABLE (Moodle 4.1) + version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2) when: php_version is version('8.3', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From fda10dbe66864fa90644bc4a405c979c8d4ef202 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 26 Apr 2023 06:43:28 -0500 Subject: [PATCH 238/937] jupyterhub use --system-site-packages for psutils --- roles/jupyterhub/tasks/install.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index a34c1afd6..223985f5b 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,11 +13,16 @@ when: nodejs_installed is undefined -- name: "Install package: python3-venv" +- name: "Install package: python3-psutil" package: - name: python3-venv + name: python3-psutil state: present +- name: Remove previous virtual environment {{ jupyterhub_venv }} + file: + path: "{{ jupyterhub_venv }}" + state: absent + - name: Make 3 directories to hold JupyterHub config file: state: directory @@ -41,7 +46,7 @@ - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 @@ -58,7 +63,7 @@ - ipywidgets virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" + virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir" - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" From eacfec8c91ef603909d8a3dd94c1cd4070bde0ad Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 26 Apr 2023 06:45:27 -0500 Subject: [PATCH 239/937] remove python3-venv from roles --- roles/calibre-web/tasks/install.yml | 1 - roles/lokole/tasks/install.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7ffb5a32e..29affb3d2 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -2,7 +2,6 @@ package: name: - imagemagick - - python3-venv - python3-netifaces state: present diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 82d8593ca..bf4e64e7f 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -7,7 +7,6 @@ name: #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact #- python3-pip - - python3-venv - python3-dev - python3-bcrypt # 2019-10-14: Should work across modern Linux OS's #- bcrypt does not exist on Ubuntu 19.10 From dc35445c9c45edad6752ca60f61cc7dbe0acc2ff Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 26 Apr 2023 07:17:40 -0500 Subject: [PATCH 240/937] remove nodesource.list if failed --- roles/nodejs/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 3990e10b3..08b08bdb9 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -94,6 +94,12 @@ # warn: no # creates: /etc/apt/sources.list.d/nodesource.list +- name: Remove /etc/apt/sources.list.d/nodesource.list if install failed above + file: + path: /etc/apt/sources.list.d/nodesource.list + state: absent + when: curl_nodesource.failed + - name: Install latest Node.js -- includes /usr/bin/npm if nodesource installed above package: #name: nodejs={{ nodejs_version }} From 4bd5d1e9f638bdfb04c5c275ccf84f9768168acf Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 26 Apr 2023 07:20:13 -0500 Subject: [PATCH 241/937] verbage in other roles --- roles/calibre-web/tasks/install.yml | 2 +- roles/lokole/tasks/install.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 29affb3d2..285d138a1 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "Install packages: imagemagick, python3-venv, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - imagemagick diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index bf4e64e7f..f26457f87 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,7 +2,7 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Install 13 packages for Lokole +- name: Install 12 packages for Lokole apt: name: #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact From cc0a32cd676bf61a4aa736de76184f1c477e94dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Apr 2023 17:48:07 -0400 Subject: [PATCH 242/937] matomo/tasks/nginx.yml: Remove stale refs to box/maps --- roles/matomo/tasks/nginx.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/nginx.yml b/roles/matomo/tasks/nginx.yml index 8d432ee8c..46465dffb 100644 --- a/roles/matomo/tasks/nginx.yml +++ b/roles/matomo/tasks/nginx.yml @@ -1,10 +1,10 @@ -- name: Enable http://box/maps & http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template +- name: Enable http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template template: src: matomo-nginx.conf.j2 dest: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d when: matomo_enabled -- name: Disable http://box/maps & http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf +- name: Disable http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf file: path: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d state: absent From fc46f34f653d86b90128c9b59098de978f1336db Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Apr 2023 17:51:03 -0400 Subject: [PATCH 243/937] matomo/tasks/main.yml: Explanation for nginx.yml was stale! --- roles/matomo/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index eec80e81a..b99de06e7 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -21,7 +21,7 @@ - block: - - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + - name: Enable/Disable/Reload NGINX for Matomo include_tasks: nginx.yml - name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml From 8eb29a9edea2b99833473c786c23bd660472d764 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Apr 2023 18:57:05 -0400 Subject: [PATCH 244/937] rpi_debian.yml: Fix both "country_code is defined" -> "country_code.stdout is defined" --- roles/network/tasks/rpi_debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 29b6e0591..247b969df 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -44,14 +44,14 @@ - name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf set_fact: host_country_code: "{{ country_code.stdout }}" - when: country_code is defined and country_code.stdout | length > 0 + when: country_code.stdout is defined and country_code.stdout | length > 0 - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} - when: country_code is defined and country_code.stdout | length == 0 + when: country_code.stdout is defined and country_code.stdout | length == 0 # This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill From df08ecfef6e6615cf171592caa90334224296ab4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 Apr 2023 07:49:40 -0400 Subject: [PATCH 245/937] "Couldn't find an UPSTREAM SSID in files like wpa_supplicant.conf" --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index d364c5a5f..709a92fbb 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -5,7 +5,7 @@ # those can be parsed for the ssid without needing the related service running # first. # "Netplan systemd" "NetworkManager" need to be running to be able to parse for -# the ssid, from the generated config file for "Netplan systemd" and from the +# the ssid, from the generated config file for "Netplan systemd" and from the # running environment for "NetworkManager". # "iiab-wifi-test.service" acts as a bit of a traffic cop keeping the ordering # of the services more deterministic when active and tries to catch a channel @@ -66,7 +66,9 @@ fi echo "ssid is $SSID" if [ -z "$SSID" ]; then - echo "Couldn't find ssid $SSID to use exiting" + echo "Couldn't find an UPSTREAM SSID in files like wpa_supplicant.conf -- so exiting." + echo "CLARIF: This is normal when UPSTREAM WIFI is not active, as there would be no" + echo "UPSTREAM SSID to extract, e.g. if 'wifi_up_down: False'" if [ $NETPLAN -gt 0 ]; then echo "Netplan1" fi From 1884f484aeb35e370f792b7fc675bf46878418b4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 27 Apr 2023 10:40:04 -0500 Subject: [PATCH 246/937] iiab-clone-wifi needs template from hostapd - record wifi_up_down --- roles/network/tasks/hostapd.yml | 14 ++++++++++++++ roles/network/tasks/restart.yml | 18 ++++++------------ roles/network/tasks/rpi_debian.yml | 6 ------ roles/network/tasks/sysd-netd-debian.yml | 7 ------- 4 files changed, 20 insertions(+), 25 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 7f732f73f..4d64bf843 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -100,6 +100,18 @@ line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}' state: present +- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed + template: + owner: root + group: root + mode: 0644 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } + when: can_be_ap + - name: Record host_country_code_applied and host_channel in network of {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini @@ -113,6 +125,8 @@ value: "{{ host_ssid }}" - option: host_wifi_mode value: "{{ host_wifi_mode }}" + - option: wifi_up_down + value: "{{ wifi_up_down }}" - option: host_country_code_applied value: "{{ host_country_code }}" - option: host_channel diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 0d33f210f..ec1dda7b6 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -14,18 +14,6 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled -- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed - template: - owner: root - group: root - mode: 0644 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } - when: can_be_ap - - name: Enable & Restart networkd-dispatcher.service systemd: name: networkd-dispatcher @@ -34,6 +22,12 @@ masked: no when: systemd_networkd_active +- name: Clone wifi if needed + systemd: + name: iiab-clone-wifi + state: restarted + when: wifi_up_down and can_be_ap and ansible_ap0 is undefined + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: name: hostapd diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 247b969df..fc02dccd7 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -78,12 +78,6 @@ systemd: daemon_reload: yes -- name: Clone wifi if needed - systemd: - name: iiab-clone-wifi - state: restarted - when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - - name: Restart the networking service if appropriate systemd: name: networking diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 1681f6cf7..391494382 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -87,12 +87,6 @@ systemd: daemon_reload: yes -- name: Clone wifi if needed - systemd: - name: iiab-clone-wifi - state: restarted - when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - - name: Enable & Restart systemd-networkd.service systemd: name: systemd-networkd @@ -106,4 +100,3 @@ state: restarted enabled: yes masked: no - From 84f3ee80734e2c14e1458643e9bc0040c2ddcafe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 29 Apr 2023 13:30:40 -0400 Subject: [PATCH 247/937] pbx/README.adoc: Link to #3556 PHP 8 speculation --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f92f2836f..7cab471dc 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3557]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 38083b431464875ac60d25df6106d6dcda5239a0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 29 Apr 2023 13:32:22 -0400 Subject: [PATCH 248/937] pbx/README.adoc: Fix typo (link to #3556) --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7cab471dc..a9c8b3087 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3557]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 0324dfb918c010cce3bf88246ecac57dff6ae7a4 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 30 Apr 2023 14:25:30 -0400 Subject: [PATCH 249/937] Revert to Moodle 4.1 if PHP 7 + toughen Moodle/Nextcloud --- roles/moodle/tasks/install.yml | 36 +++++++++++++++++++++++++------ roles/nextcloud/tasks/install.yml | 4 ++-- 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index c449b6c4e..a3cd511de 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -49,13 +49,27 @@ when: php_settings_done is undefined -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" - git: - repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle - dest: "{{ moodle_base }}" # /opt/iiab/moodle - depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022) - when: php_version is version('8.3', '>=') +- name: Does /opt/iiab/moodle exist? + stat: + path: /opt/iiab/moodle + register: opt_iiab_moodle + +# 2023-04-30: Allows re-running (e.g. 'sudo iiab') if git clone was already +# begun, avoiding this error: (arises from 'www-data' ownership) +# "Failed to set a new url https://github.com/moodle/moodle for origin: +# fatal: detected dubious ownership in repository at '/opt/iiab/moodle' +# To add an exception for this directory, call: +# git config --global --add safe.directory /opt/iiab/moodle" + +- name: If /opt/iiab/moodle exists, move it to /tmp/opt-iiab-moodle.old (TO BE DELETED ON NEXT BOOT) -- allows re-running if git clone (below) was already begun + shell: rm -rf /tmp/opt-iiab-moodle.old && mv /opt/iiab/moodle /tmp/opt-iiab-moodle.old + when: opt_iiab_moodle.stat.exists + + +- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER MOODLE 4.1 LTS ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" + set_fact: + moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS + when: php_version is version('8.0', '<') - name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 git: @@ -65,6 +79,14 @@ version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2) when: php_version is version('8.3', '<') +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" + git: + repo: "{{ moodle_repo_url }}" + dest: "{{ moodle_base }}" + depth: 1 + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023) + when: php_version is version('8.3', '>=') + - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: path: "{{ moodle_base }}" diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ce23c1c4c..843cf84bc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -98,10 +98,10 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP <= 7.4 -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" +- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" set_fact: nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 - when: php_version is version('7.4', '<=') + when: php_version is version('8.0', '<') - name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: From d768757f7affeab24184714628bc19686c886404 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 30 Apr 2023 17:33:51 -0400 Subject: [PATCH 250/937] network/tasks/install.yml: Clarify 4 sysctl defaults --- roles/network/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 08a749707..c41f88a09 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -55,11 +55,11 @@ name: "{{ item.name }}" value: "{{ item.value }}" with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } + - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet; Default: 0 + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2 + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1 #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled; Default: 0 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 6e493c9131bfd9ac2c2ca310220a6bd9c660d5e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 30 Apr 2023 18:42:08 -0400 Subject: [PATCH 251/937] network/tasks/install.yml: Clarify 4 sysctl vars --- roles/network/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index c41f88a09..bb8b9592f 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -55,11 +55,11 @@ name: "{{ item.name }}" value: "{{ item.value }}" with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet; Default: 0 - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2 - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1 - #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled; Default: 0 + - { name: 'net.ipv4.ip_forward', value: '1' } # Default: 0. Masquerading LAN->Internet + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router); Default: 1 + #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 47a771f8c176f4370c4846601fcd30eae30e8352 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 30 Apr 2023 18:43:11 -0400 Subject: [PATCH 252/937] network/tasks/install.yml: Remove typo in comment --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index bb8b9592f..232b67ddc 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -57,7 +57,7 @@ with_items: - { name: 'net.ipv4.ip_forward', value: '1' } # Default: 0. Masquerading LAN->Internet - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router); Default: 1 + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router) #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET From e044de856abb7359074968194305c1773bc88f79 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 30 Apr 2023 19:15:44 -0400 Subject: [PATCH 253/937] Enable sysctl's IPv6 during Munin install/enable, so munin-node.service starts --- roles/munin/tasks/enable-or-disable.yml | 12 ++++++++++++ roles/munin/tasks/install.yml | 12 ++++++++++++ roles/network/tasks/install.yml | 2 +- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/roles/munin/tasks/enable-or-disable.yml b/roles/munin/tasks/enable-or-disable.yml index 1b0d3ac28..fce74cae5 100644 --- a/roles/munin/tasks/enable-or-disable.yml +++ b/roles/munin/tasks/enable-or-disable.yml @@ -1,3 +1,9 @@ +# SEE ALSO roles/network/tasks/install.yml +- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 0 + - name: Enable & Start 'munin-node' systemd service systemd: name: munin-node @@ -6,6 +12,12 @@ state: started when: munin_enabled +# SEE ALSO roles/network/tasks/install.yml +- name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 1 + - name: Disable & Stop 'munin-node' systemd service systemd: name: munin-node diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 7d439ff5a..a889ff15b 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,3 +1,9 @@ +# SEE ALSO roles/network/tasks/install.yml +- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 0 + - name: "Install 5 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra, python3-passlib" package: name: @@ -9,6 +15,12 @@ - python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below state: present +# SEE ALSO roles/network/tasks/install.yml +- name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 1 + - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd htpasswd: path: /etc/munin/munin-htpasswd diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 232b67ddc..71aa2a1eb 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -59,7 +59,7 @@ - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router) #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6. SEE ALSO: roles/munin/tasks/install.yml & enable-and-disable.yml #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 21a7d70c7e625f51c6b6c7b5011781b6576137ec Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 May 2023 11:21:39 -0400 Subject: [PATCH 254/937] Toughen up vnStat: Mitigate #3539 db errors, stop using 2011's /etc/vnstat.conf, etc --- roles/vnstat/tasks/install.yml | 39 +++++++++++++------ .../{vnstat.conf.j2 => vnstat.conf.j2.unused} | 0 test.yml | 8 +++- 3 files changed, 33 insertions(+), 14 deletions(-) rename roles/vnstat/templates/{vnstat.conf.j2 => vnstat.conf.j2.unused} (100%) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 84bec243c..f1d65ada9 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,21 +1,36 @@ -# Similar code block in roles/network/tasks/detected_network.yml -- name: "Setting iiab_wan_iface to '{{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" - set_fact: - iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" - when: ansible_default_ipv4.gateway is defined - - - name: Install 'vnstat' package package: name: vnstat state: present -- name: Install /etc/vnstat.conf from template - template: - src: vnstat.conf.j2 - dest: /etc/vnstat.conf - mode: '0744' +# Similar code block in roles/network/tasks/detected_network.yml (line ~35) and roles/network/tasks/computed_network.yml (lines ~74 and ~110) +- name: "Setting iiab_wan_iface to '{{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" + set_fact: + iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: ansible_default_ipv4.gateway is defined + +# 2023-05-01: Probably no longer nec, as line 'Interface ""' in /etc/vnstat.conf automatically selects the default interface +- name: Insert 'Interface "{{ iiab_wan_iface }}"' into /etc/vnstat.conf + lineinfile: + path: /etc/vnstat.conf + regexp: '^Interface ' + line: 'Interface "{{ iiab_wan_iface }}"' + +# - name: Install /etc/vnstat.conf from template +# template: +# src: vnstat.conf.j2 +# dest: /etc/vnstat.conf +# mode: '0744' + + +# 2023-05-01: https://github.com/vergoh/vnstat/issues/134#issuecomment-663836557 +- name: 'Precautionary Start & Enable of vnstat.service, to mitigate intermittent #3539 (''Failed to open database "/var/lib/vnstat/vnstat.db" in read-only mode'') during WAN db creation just below' + systemd: + name: vnstat + daemon_reload: true + state: started + enabled: true - name: Create database for WAN to collect vnStat data shell: /usr/bin/vnstat -i {{ iiab_wan_iface }} diff --git a/roles/vnstat/templates/vnstat.conf.j2 b/roles/vnstat/templates/vnstat.conf.j2.unused similarity index 100% rename from roles/vnstat/templates/vnstat.conf.j2 rename to roles/vnstat/templates/vnstat.conf.j2.unused diff --git a/test.yml b/test.yml index bfda3f92a..8eb2e9be0 100644 --- a/test.yml +++ b/test.yml @@ -27,11 +27,15 @@ - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini descriptions for azuracast, captiveportal, mosquitto, munin, nodejs, osm-vector-maps, sshd debug: - msg: '"''"' # FAILS: '"\'"' + msg: '"''"' # OR: '''' FAILS: '"\'"' - name: BACKSLASH to escape double quotes... "'\"'" e.g. cups/tasks/install.yml debug: - msg: "'\"'" # FAILS: "'""'" + msg: "'\"'" # OR: "\"" FAILS: "'""'" + + - name: "Entire string must be enclosed in quotes if using ' #' Space-then-Pound/Hash sequence -- or right side will be a comment! e.g. roles/vnstat/install.yml" + debug: + msg: "Left side # Right side" - name: a shows "VARIABLE IS NOT DEFINED!" -- whereas b (w/o whitespace) AND c (with space) AND d (with tab, STRICTLY DISALLOWED IN YAML BY ansible-core 2.11.6) showed null (without quotes!) -- whereas e (singlequotes) and f (doublequotes) show "" empty string set_fact: From 423eecc29363a07dce8310d1396a614350212031 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 1 May 2023 11:41:04 -0400 Subject: [PATCH 255/937] CLARIF: Let's use apt version of /etc/vnstat.conf (not 2011-era template) --- roles/vnstat/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index f1d65ada9..70e4f56cc 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -10,7 +10,7 @@ iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" when: ansible_default_ipv4.gateway is defined -# 2023-05-01: Probably no longer nec, as line 'Interface ""' in /etc/vnstat.conf automatically selects the default interface +# 2023-05-01: Probably no longer nec, as line 'Interface ""' in /etc/vnstat.conf (as installed by apt) automatically selects the default interface - name: Insert 'Interface "{{ iiab_wan_iface }}"' into /etc/vnstat.conf lineinfile: path: /etc/vnstat.conf From 7b214064faf69e54e61e43f08cd7f61bc18d426d Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 May 2023 18:46:27 -0400 Subject: [PATCH 256/937] Allow multiple (timestamped) backups of WiFi firmware originals --- roles/firmware/tasks/download.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 5e4027623..c2927c0f9 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -17,7 +17,7 @@ # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - command: cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) + shell: mv /lib/firmware/cypress/{{ item }}.orig /lib/firmware/cypress/{{ item }}.orig.$(date +%F-%T) || true && cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob From 38a292227d91ef03e1ba91c43786b030aaf9d5a5 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 May 2023 20:29:49 -0400 Subject: [PATCH 257/937] Clarify PR #3564 (pre-download WiFi firmware backups) --- roles/firmware/tasks/download.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index c2927c0f9..abda2e6b4 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -17,7 +17,12 @@ # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - shell: mv /lib/firmware/cypress/{{ item }}.orig /lib/firmware/cypress/{{ item }}.orig.$(date +%F-%T) || true && cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) + # 2023-05-01 CLARIF OF BELOW: + # 1) Even if 'mv' fails, no matter it'll continue to 'cp' below + # 2) 'cp -P' == 'cp --no-dereference' sufficient to replicate these symlinks and files ('cp -d' & 'cp -a' are incrementally stronger, and so probably can't hurt) + shell: | + mv /lib/firmware/cypress/{{ item }}.orig /lib/firmware/cypress/{{ item }}.orig.$(date +%F-%T) + cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob From 7e1dff54d2c25ac6f60c2cccf0b05f62a8959544 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 May 2023 03:52:39 -0400 Subject: [PATCH 258/937] scripts/ansible: Fix typo in comment --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index ed368d1e6..0fc8f611e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -205,7 +205,7 @@ $APT_PATH/apt -y install python3-venv echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible -# "if not ubuntu" (covers RasPiOC & Debian) would also work, but is overbroad: +# "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: # if ! grep -qi ubuntu /etc/os-release; then # # if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then From 139696fa3136a7060a665410a4d9cce5955b2dbf Mon Sep 17 00:00:00 2001 From: root Date: Wed, 3 May 2023 17:00:02 -0400 Subject: [PATCH 259/937] If 32-bit OS, bypass Sugarizer & Explain during iiab-install --- roles/7-edu-apps/tasks/main.yml | 15 ++++++++++++++- roles/mongodb/tasks/main.yml | 9 ++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 8f223b1fd..c5f15e117 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -40,10 +40,23 @@ name: pathagar when: pathagar_install is defined and pathagar_install +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3422 and #3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) + command: dpkg --print-architecture + register: dpkg_arch + when: sugarizer_install + +- name: Explain bypassing of Sugarizer install if 32-bit OS + fail: # FORCE IT RED THIS ONCE! + msg: "BYPASSING SUGARIZER INSTALL ATTEMPT, as Sugarizer Server 1.5.0 requires MongoDB 3.2+ which is NO LONGER SUPPORTED on 32-bit Raspberry Pi OS. 'dpkg --print-architecture' output for your OS: {{ dpkg_arch.stdout }}" + when: sugarizer_install and not dpkg_arch.stdout is search("64") + ignore_errors: True + - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install + when: sugarizer_install and dpkg_arch.stdout is search("64") - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index aab67fc0f..1dc712a0a 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -37,7 +37,9 @@ - debug: var: mongodb_version -- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3422 and #3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) command: dpkg --print-architecture register: dpkg_arch - debug: @@ -45,10 +47,11 @@ - block: - - name: EXIT 'mongodb' ROLE, if 'dpkg --print-architecture' shows "armhf" or mongodb_version == "unsupported" or ansible_machine not found + - name: EXIT 'mongodb' ROLE, if 'dpkg --print-architecture' appears to be 32-bit (i.e. does not contain "64") or mongodb_version == "unsupported" or ansible_machine not found fail: # FORCE IT RED THIS ONCE! msg: MongoDB 3.2+ (as needed by Sugarizer Server 1.5.0) is NO LONGER SUPPORTED on 32-bit Raspberry Pi OS. - when: dpkg_arch.stdout == "armhf" or mongodb_version == "unsupported" or mongodb_version == "unknown" + when: not dpkg_arch.stdout is search("64") or mongodb_version == "unsupported" or mongodb_version == "unknown" + #when: dpkg_arch.stdout == "armhf" or mongodb_version == "unsupported" or mongodb_version == "unknown" - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml From 1939ad22e186ff3524e1faa6e8d39351c4d7acaf Mon Sep 17 00:00:00 2001 From: root Date: Sat, 6 May 2023 00:48:07 -0400 Subject: [PATCH 260/937] GHA Stub: .github/workflows/10min-iiab-test-install.yml --- .github/workflows/10min-iiab-test-install.yml | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 .github/workflows/10min-iiab-test-install.yml diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml new file mode 100644 index 000000000..3aa1d159a --- /dev/null +++ b/.github/workflows/10min-iiab-test-install.yml @@ -0,0 +1,53 @@ +name: '"10 min" IIAB test install' +# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 + +# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html +on: [push, pull_request, workflow_dispatch] + +# on: +# push: +# +# pull_request: +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# +# # Set your workflow to run every day of the week from Monday to Friday at 6:00 UTC +# schedule: +# - cron: "0 6 * * 1-5" + +jobs: + test-install: + runs-on: ubuntu-latest + steps: + - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + - name: Check out repository code + uses: actions/checkout@v3 + - run: echo "🍏 This job's status is ${{ job.status }}." + - name: GitHub Actions "runner" environment + run: | + whoami # runner + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + # ls + # ls $GITHUB_WORKSPACE + # ls ${{ github.workspace }} + # ls -la /opt # az, containerd, google, hostedtoolcache, microsoft, mssql-tools, pipx, pipx_bin, post-generation, runner, vsts + # apt update + # apt dist-upgrade -y + # apt autoremove -y + - name: Set up /opt/iiab/iiab + run: | + mkdir /opt/iiab + mv $GITHUB_WORKSPACE /opt/iiab + mkdir $GITHUB_WORKSPACE # OR SUBSEQUENT STEPS WILL FAIL ('working-directory: /opt/iiab/iiab' hacks NOT worth it!) + - name: Set up /etc/iiab/local_vars.yml + run: | + sudo mkdir /etc/iiab + # touch /etc/iiab/local_vars.yml + sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + - run: sudo /opt/iiab/iiab/scripts/ansible + - run: sudo ./iiab-install + working-directory: /opt/iiab/iiab + - run: iiab-summary + - run: cat /etc/iiab/iiab_state.yml From cb36d2b02fd80e7cc6a16dad105fa6e8fa056e1c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 May 2023 11:05:39 -0400 Subject: [PATCH 261/937] Try aarch64 version of kiwix-tools 3.5.0+ --- roles/kiwix/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 2696974fd..92cd15e26 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -31,7 +31,7 @@ kiwix_arch_dict: x86_64: x86_64 armv6l: armhf armv7l: armhf - aarch64: armhf + aarch64: aarch64 # ansible_architecture might also work, if not quite as well: # https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 From 5eab78b6bf2498e9c4dc08e7a34663304b8d9121 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 May 2023 19:23:46 -0400 Subject: [PATCH 262/937] Clarify kiwix/defaults/main.yml as kiwix-tools & RasPiOS evolve --- roles/kiwix/defaults/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 92cd15e26..286d09440 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# INSTRUCTIONS TO REINSTALL Kiwix: -# (1) VERIFY THESE VARS IN /etc/iiab/local_vars.yml +# ONLINE UPGRADE INSTRUCTIONS: +# (1) VERIFY VARS IN /etc/iiab/local_vars.yml # kiwix_install: True # kiwix_enabled: True -# (2) RUN: cd /opt/iiab/iiab; ./runrole --reinstall kiwix +# (2) RUN: cd /opt/iiab/iiab; sudo ./runrole --reinstall kiwix # FYI /library/zims contains 3 important things: @@ -25,13 +25,13 @@ kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ #kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ #kiwix_base_url: "{{ iiab_download_url }}/" # e.g. https://download.iiab.io/packages/ -kiwix_arch_dict: - #i386: - i686: i586 - x86_64: x86_64 - armv6l: armhf - armv7l: armhf - aarch64: aarch64 +kiwix_arch_dict: # 'dpkg --print-architecture' key would be: + #i386: # ? + i686: i586 # ? + x86_64: x86_64 # amd64 + armv6l: armhf # arm6l + armv7l: armhf # arm7l BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574 + aarch64: aarch64 # arm64 BEWARE: "32-bit" RasPiOS suddenly boots 64-bit kernel since March 2023 -- #3516, explained at https://github.com/iiab/iiab/pull/3422#issuecomment-1533441463 # ansible_architecture might also work, if not quite as well: # https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 From e227fdc29e7f37991d184f6eac9a98e1245ea494 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 May 2023 22:22:01 -0400 Subject: [PATCH 263/937] roles/kiwix/README.rst: Clarify proxying --- roles/kiwix/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/README.rst b/roles/kiwix/README.rst index e635be2de..db77fd05e 100644 --- a/roles/kiwix/README.rst +++ b/roles/kiwix/README.rst @@ -14,7 +14,7 @@ Locations - Your ZIM files go in ``/library/zims/content`` - Your ZIM index files used to go in directories under ``/library/zims/index`` (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!) -- The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats) +- The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats, Matomo, ETC) - Use URL http://box:3000/kiwix if you want to avoid the proxy Your ``/library/zims/library.xml`` (containing essential metadata for the ZIM files you've installed) can be regenerated if necessary, by running: From b1a219bcae70fa7ee656dfa10d5cd8fb1886a9e0 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 14 May 2023 09:06:29 -0400 Subject: [PATCH 264/937] Revert to kiwix-tools 3.4.0 if armhf 3.5.0 downloads --- roles/kiwix/defaults/main.yml | 6 +++--- roles/kiwix/tasks/install.yml | 10 ++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 286d09440..3d3472f1a 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -25,12 +25,12 @@ kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ #kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ #kiwix_base_url: "{{ iiab_download_url }}/" # e.g. https://download.iiab.io/packages/ -kiwix_arch_dict: # 'dpkg --print-architecture' key would be: +kiwix_arch_dict: # 'dpkg --print-architecture' key would be: (to mitigate #3516 in future, if truly nec?) #i386: # ? i686: i586 # ? x86_64: x86_64 # amd64 - armv6l: armhf # arm6l - armv7l: armhf # arm7l BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574 + armv6l: armhf # armhf + armv7l: armhf # armhf BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574, PR #3576 aarch64: aarch64 # arm64 BEWARE: "32-bit" RasPiOS suddenly boots 64-bit kernel since March 2023 -- #3516, explained at https://github.com/iiab/iiab/pull/3422#issuecomment-1533441463 # ansible_architecture might also work, if not quite as well: diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 8a95d52ba..b28f3636e 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -19,6 +19,14 @@ timeout: "{{ download_timeout }}" register: kiwix_dl # PATH /opt/iiab/downloads + ACTUAL filename put in kiwix_dl.dest, for unarchive ~28 lines below +- name: "2023-05-14: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" + get_url: + url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz + dest: "{{ downloads_dir }}" + timeout: "{{ download_timeout }}" + register: kiwix_dl + when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" + - name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) stat: path: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix @@ -58,6 +66,8 @@ src: "{{ kiwix_dl.dest }}" # See ~28 lines above, e.g. /opt/iiab/downloads/kiwix-tools_linux-x86_64-3.3.0-1.tar.gz dest: "{{ kiwix_path }}/bin" extra_opts: --strip-components=1 + owner: root # 2023-05-14: When unpacking let's avoid bogus owner/group, + group: root # arising from UID/GID on Kiwix's build machine. # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU From e3bb5c1ed59ca1bbcf1755d608e68d3a8a933b9c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 14 May 2023 20:29:43 -0400 Subject: [PATCH 265/937] Update debian-12.yml --- vars/debian-12.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/debian-12.yml b/vars/debian-12.yml index abdbf891b..3b51e4478 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -15,6 +15,6 @@ is_debian_12: True # sshd_package: openssh-server # sshd_service: ssh # systemd_location: /lib/systemd/system -# php_version: "8.1" +# php_version: "8.2" # postgresql_version: 15 -# python_version: "3.10" +# python_version: "3.11" From a23faea688f42498255d208e16b013330005682c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 14 May 2023 20:31:46 -0400 Subject: [PATCH 266/937] Update ubuntu-2304.yml --- vars/ubuntu-2304.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml index 07ed43529..72bb3d960 100644 --- a/vars/ubuntu-2304.yml +++ b/vars/ubuntu-2304.yml @@ -16,5 +16,5 @@ is_ubuntu_2304: True # sshd_service: ssh # systemd_location: /lib/systemd/system # php_version: "8.1" -# postgresql_version: 14 -# python_version: "3.10" +# postgresql_version: 15 +# python_version: "3.11" From 1157bb0f248804169fb9ca01e966fceab197cb7a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 14 May 2023 20:32:46 -0400 Subject: [PATCH 267/937] Update raspbian-12.yml --- vars/raspbian-12.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml index e6fd2f9d5..9fa4b1e75 100644 --- a/vars/raspbian-12.yml +++ b/vars/raspbian-12.yml @@ -17,6 +17,6 @@ is_raspbian_12: True # sshd_package: ssh # sshd_service: ssh # systemd_location: /lib/systemd/system -# php_version: "7.4" -# postgresql_version: 13 -# python_version: "3.9" +# php_version: "8.2" +# postgresql_version: 15 +# python_version: "3.11" From 9f866078a0ac9d7405a1088926084cc46cf7b91c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 14 May 2023 20:33:43 -0400 Subject: [PATCH 268/937] Update ubuntu-2310.yml --- vars/ubuntu-2310.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml index 843810075..ed40633df 100644 --- a/vars/ubuntu-2310.yml +++ b/vars/ubuntu-2310.yml @@ -15,6 +15,6 @@ is_ubuntu_2310: True # sshd_package: openssh-server # sshd_service: ssh # systemd_location: /lib/systemd/system -# php_version: "8.1" -# postgresql_version: 14 -# python_version: "3.10" +# php_version: "8.2" +# postgresql_version: 15 +# python_version: "3.11" From 687c497669384fdf9908d438055d93b267d7ece8 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 15 May 2023 14:03:21 -0400 Subject: [PATCH 269/937] Recommend ansible-core 2.15.0 --- iiab-install | 4 ++-- scripts/ansible | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/iiab-install b/iiab-install index 532cbf81d..2be185afc 100755 --- a/iiab-install +++ b/iiab-install @@ -10,8 +10,8 @@ ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forc CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' -MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.11.12 # 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 +MIN_ANSIBLE_VER=2.13.9 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false diff --git a/scripts/ansible b/scripts/ansible index 0fc8f611e..d117ca996 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.5] -GOOD_VER=2.14.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.0] +GOOD_VER=2.15.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 7f714e7c65d4de4497137c51fb0ae071353ca139 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 15 May 2023 16:51:08 -0400 Subject: [PATCH 270/937] Fix PR #3576, allowing regular Kiwix installs too! --- roles/kiwix/tasks/install.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index b28f3636e..0adaeef36 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -24,7 +24,17 @@ url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz dest: "{{ downloads_dir }}" timeout: "{{ download_timeout }}" - register: kiwix_dl + #register: kiwix_dl # CLOBBERS kiwix_dl.dest WHEN THIS STANZA DOES NOT RUN :/ + when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" + +# Ansible does not allow changing individuals subfields in a dictionary, but +# this crude hack works, overwriting the entire kiwix_dl dictionary var with +# the single (needed) key/value pair. (Or "register: tmp_dl" could be set +# above, if its other [subfields, key/value pairs, etc] really mattered...) +- name: "2023-05-15: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" + set_fact: + kiwix_dl: + dest: /opt/iiab/downloads/kiwix-tools_linux-armhf-3.4.0.tar.gz when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" - name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) From 58961b862c203d3152338b6e7e3e0849c0b55b38 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 15 May 2023 17:53:44 -0400 Subject: [PATCH 271/937] More consistent punctuation in local_vars files --- vars/default_vars.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4786cbe94..fc2826b03 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -502,7 +502,7 @@ kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk postgresql_install: False postgresql_enabled: False -# Warning: Moodle is a serious LMS, that takes a while to install. +# Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index de02105a9..35514ab81 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -295,7 +295,7 @@ kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu kiwix_install: True kiwix_enabled: True -# Warning: Moodle is a serious LMS, that takes a while to install. +# Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index e5e086fd6..4cc01a9c6 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -295,7 +295,7 @@ kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu kiwix_install: False kiwix_enabled: False -# Warning: Moodle is a serious LMS, that takes a while to install. +# Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, From ea2dc1ae62eb6e2ae27e10855e210550c8726385 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Acevedo=20=28Neomatrix=29?= Date: Mon, 15 May 2023 20:53:35 -0600 Subject: [PATCH 272/937] GitHub Actions .github/workflows/10min-iiab-test-install-raspbian.yml for CI/CD & QA (#1) * add .github/workflows/10min-iiab-test-install-raspbian.yml --- .../10min-iiab-test-install-raspbian.yml | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/workflows/10min-iiab-test-install-raspbian.yml diff --git a/.github/workflows/10min-iiab-test-install-raspbian.yml b/.github/workflows/10min-iiab-test-install-raspbian.yml new file mode 100644 index 000000000..b92a3caf1 --- /dev/null +++ b/.github/workflows/10min-iiab-test-install-raspbian.yml @@ -0,0 +1,69 @@ +name: '"10 min" IIAB raspbian test install' +# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 + +# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html +on: [push, pull_request, workflow_dispatch] + +# on: +# push: +# +# pull_request: +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# +# # Set your workflow to run every day of the week from Monday to Friday at 6:00 UTC +# schedule: +# - cron: "0 6 * * 1-5" + +jobs: + test-install: + runs-on: ubuntu-latest + strategy: + matrix: + arch: [aarch64] + include: + #- target: zero_raspbian + # cpu: arm1176 + # cpu_info: cpuinfo/raspberrypi_zero_w + # base_image: raspbian_lite:latest + #- target: zero_raspios + # cpu: arm1176 + # cpu_info: cpuinfo/raspberrypi_zero_w + # base_image: raspios_lite:latest + #- target: zero2_raspios + # cpu: cortex-a7 + # cpu_info: cpuinfo/raspberrypi_zero2_w + # base_image: raspios_lite:latest + - arch: aarch64 + cpu: cortex-a53 + cpu_info: cpuinfo/raspberrypi_zero2_w_arm64 + base_image: raspios_lite_arm64:latest + steps: + #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + #- name: Check out repository code + - uses: actions/checkout@v2 + - uses: pguyot/arm-runner-action@v2 + with: + image_additional_mb: 1024 + base_image: ${{ matrix.base_image }} + cpu: ${{ matrix.cpu }} + cpu_info: ${{ matrix.cpu_info }} + copy_repository_path: /opt/iiab/iiab + commands: | + test `uname -m` = ${{ matrix.arch }} + grep Model /proc/cpuinfo + echo "🍏 This job's status is ${{ job.status }}." + whoami # runner + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + sudo apt-get update -y --allow-releaseinfo-change + sudo apt-get install --no-install-recommends -y git + ls /opt/iiab/iiab + sudo mkdir /etc/iiab + sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + sudo /opt/iiab/iiab/scripts/ansible + sudo ./iiab-install + cd /opt/iiab/iiab + iiab-summary + cat /etc/iiab/iiab_state.yml From 0812cc4bc3290572d657dad9cb3f11102b55f319 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Acevedo=20=28Neomatrix=29?= Date: Mon, 15 May 2023 21:02:00 -0600 Subject: [PATCH 273/937] Update 10min-iiab-test-install-raspbian.yml change 'target' to 'arch' --- .github/workflows/10min-iiab-test-install-raspbian.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install-raspbian.yml b/.github/workflows/10min-iiab-test-install-raspbian.yml index b92a3caf1..35dfa9f5e 100644 --- a/.github/workflows/10min-iiab-test-install-raspbian.yml +++ b/.github/workflows/10min-iiab-test-install-raspbian.yml @@ -21,17 +21,17 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [aarch64] + arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] include: - #- target: zero_raspbian + #- arch: zero_raspbian # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspbian_lite:latest - #- target: zero_raspios + #- arch: zero_raspios # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspios_lite:latest - #- target: zero2_raspios + #- arch: zero2_raspios # cpu: cortex-a7 # cpu_info: cpuinfo/raspberrypi_zero2_w # base_image: raspios_lite:latest From 23ef49f7dffa091de387aeaebd29c8b318b36337 Mon Sep 17 00:00:00 2001 From: codeneomatrix Date: Mon, 15 May 2023 23:16:04 -0600 Subject: [PATCH 274/937] change namefile --- ...aspbian.yml => 30min-iiab-test-install-raspios.yml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename .github/workflows/{10min-iiab-test-install-raspbian.yml => 30min-iiab-test-install-raspios.yml} (91%) diff --git a/.github/workflows/10min-iiab-test-install-raspbian.yml b/.github/workflows/30min-iiab-test-install-raspios.yml similarity index 91% rename from .github/workflows/10min-iiab-test-install-raspbian.yml rename to .github/workflows/30min-iiab-test-install-raspios.yml index 35dfa9f5e..bdb7a082f 100644 --- a/.github/workflows/10min-iiab-test-install-raspbian.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -1,4 +1,4 @@ -name: '"10 min" IIAB raspbian test install' +name: '"30 min" IIAB test install raspios' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html @@ -21,17 +21,17 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] + arch: [aarch64] include: - #- arch: zero_raspbian + #- target: zero_raspbian # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspbian_lite:latest - #- arch: zero_raspios + #- target: zero_raspios # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspios_lite:latest - #- arch: zero2_raspios + #- target: zero2_raspios # cpu: cortex-a7 # cpu_info: cpuinfo/raspberrypi_zero2_w # base_image: raspios_lite:latest From 8e9401dbe85c3816f087347c6eb06ac457ac8860 Mon Sep 17 00:00:00 2001 From: codeneomatrix Date: Mon, 15 May 2023 23:17:51 -0600 Subject: [PATCH 275/937] update file --- .github/workflows/30min-iiab-test-install-raspios.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index bdb7a082f..1262fed71 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -21,17 +21,17 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [aarch64] + arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] include: - #- target: zero_raspbian + #- arch: zero_raspbian # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspbian_lite:latest - #- target: zero_raspios + #- arch: zero_raspios # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspios_lite:latest - #- target: zero2_raspios + #- arch: zero2_raspios # cpu: cortex-a7 # cpu_info: cpuinfo/raspberrypi_zero2_w # base_image: raspios_lite:latest From 8339e46c5d181964bae4a73694e4948f6e6d8ed5 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 16 May 2023 01:42:22 -0400 Subject: [PATCH 276/937] Set rpi_model from /proc/cpuinfo for QEMU --- scripts/local_facts.fact | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 27fa281fb..4debf731a 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -113,8 +113,9 @@ tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp -grep -iq raspberry /proc/device-tree/model && - RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') +grep -iq raspberry /proc/cpuinfo && + RPI_MODEL=$(grep -i raspberry /proc/cpuinfo | sed 's/.*: //') + #RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') # /proc/device-tree/model e.g. 'Parallels ARM Virtual Machine' identical to... # /sys/firmware/devicetree/base/model (also true on RPi hardware!) From 95cb6f415c778f0406b56e4d0abfcd5f79eeadf7 Mon Sep 17 00:00:00 2001 From: codeneomatrix Date: Tue, 16 May 2023 10:16:53 -0600 Subject: [PATCH 277/937] update actions/checkout to v3.1.0 --- .github/workflows/10min-iiab-test-install.yml | 2 +- .github/workflows/30min-iiab-test-install-raspios.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 3aa1d159a..0926191af 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -23,7 +23,7 @@ jobs: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - name: Check out repository code - uses: actions/checkout@v3 + uses: actions/checkout@v3.1.0 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index 1262fed71..e1cb81c17 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -43,7 +43,7 @@ jobs: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." #- name: Check out repository code - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.1.0 - uses: pguyot/arm-runner-action@v2 with: image_additional_mb: 1024 From 9ca80db3fad692b12f6a41dd3cc7b9d297ed4a20 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 19 May 2023 15:45:38 -0400 Subject: [PATCH 278/937] 'pip install virtualenv==20.21.1' for KA Lite on Ubuntu 23.10 --- roles/kalite/tasks/install.yml | 4 ++-- scripts/install_python2.sh | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 674b18f03..09f9858dc 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -38,7 +38,7 @@ name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv virtualenv_site_packages: no - virtualenv_command: /usr/bin/virtualenv + virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) @@ -50,7 +50,7 @@ version: "{{ kalite_version }}" virtualenv: "{{ kalite_venv }}" virtualenv_site_packages: no - virtualenv_command: /usr/bin/virtualenv + virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index d61b125d7..f4cf75a19 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -16,7 +16,12 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) -apt -y install virtualenv +# Older version http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb +# unfortunately drags in newer 20.23+ version of python3-virtualenv, preventing Python 2. +# So let's try pip: (which installs to /usr/local/bin) +apt -y install python3-pip +pip install virtualenv==20.21.1 --break-system-packages +#apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 #apt -y install media-types libffi8 libssl3 From e1df2a50613ece4a31d4babf76a1ff29abc64b2f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 19 May 2023 16:38:32 -0400 Subject: [PATCH 279/937] kalite/tasks/install.yml: Force Python 2 if Debian > 11 or Ubuntu > 22.04 --- roles/kalite/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 09f9858dc..f17a3353c 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,7 +17,8 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) + when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_12, and is more future-proof than... + #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. #- name: Install Ubuntu keyrings on Debian @@ -31,7 +32,8 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 + when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_12, and is more future-proof than... + #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: From b61053cc3a842f860e93ecec1a4ed360b76500e1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 19 May 2023 17:38:34 -0400 Subject: [PATCH 280/937] kalite/tasks/install.yml: Fix typos "is_linuxmint_21" --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index f17a3353c..2300de138 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,7 +17,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_12, and is more future-proof than... + when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_21, and is more future-proof than... #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. @@ -32,7 +32,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_12, and is more future-proof than... + when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_21, and is more future-proof than... #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 From 6dec23b6c3238d851b7c29cecacaaf774917c15e Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 19 May 2023 17:48:16 -0400 Subject: [PATCH 281/937] scripts/install_python2.sh: Explain pip install of older virtualenv --- scripts/install_python2.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f4cf75a19..b12eccf58 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -16,9 +16,12 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) -# Older version http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb -# unfortunately drags in newer 20.23+ version of python3-virtualenv, preventing Python 2. -# So let's try pip: (which installs to /usr/local/bin) +# 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer +# supports Python 2. Older version from Ubuntu 23.04 seemed plausible... +# http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb +# ...but drags in newer 20.23+ version of python3-virtualenv, leaving us +# with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. +# Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: apt -y install python3-pip pip install virtualenv==20.21.1 --break-system-packages #apt -y install virtualenv From e8a3129f13855866f4bc417e19d3fa0704283d41 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 20 May 2023 08:53:45 -0400 Subject: [PATCH 282/937] Further clarify kalite/tasks/install.yml --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 2300de138..a819a2cee 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,7 +17,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_21, and is more future-proof than... + when: is_debian_11 or is_ubuntu_2204 # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. @@ -32,7 +32,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_21, and is more future-proof than... + when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 From 5b4f4d79e62c3dc078bcdeaab441ea91c1529f9a Mon Sep 17 00:00:00 2001 From: root Date: Sat, 20 May 2023 11:09:03 -0400 Subject: [PATCH 283/937] Begin transition to 'nodejs_version: 20.x' --- roles/internetarchive/tasks/install.yml | 6 +++--- roles/nodejs/README.md | 10 +++++----- vars/default_vars.yml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 0427f816c..8932c3f26 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 19.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 20.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('19.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 19.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('20.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 20.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 7a151adc6..33c6bcb02 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -8,15 +8,15 @@ Nodesource.com often supports Debian long before each Debian release, whereas fo For late-breaking details on Nodesource.com support for your particular Linux OS, keep an eye on: - https://github.com/nodesource/distributions#deb -- https://deb.nodesource.com/node_18.x/dists/ - - https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/ - - https://nodejs.org/dist/latest-v18.x/ +- https://deb.nodesource.com/node_20.x/dists/ + - https://deb.nodesource.com/node_20.x/pool/main/n/nodejs/ + - https://nodejs.org/dist/latest-v20.x/ - https://deb.nodesource.com/node_19.x/dists/ - https://deb.nodesource.com/node_19.x/pool/main/n/nodejs/ - https://nodejs.org/dist/latest-v19.x/ - _ETC!_ -If Nodesource.com does not yet support your Linux OS and IIAB's asked to install Node.js — IIAB will then [fall back](https://github.com/iiab/iiab/blob/15a689e30b4eea325e4bb8d35e19990dd8062fbc/roles/nodejs/tasks/install.yml#L103-L107) to: (running the equivalent of) +If Nodesource.com does not yet support your Linux OS and IIAB's asked to install Node.js — IIAB will then [fall back](https://github.com/iiab/iiab/blob/91a5cd33f34d5d2a55e75bf0cdc85bcd9d7b4821/roles/nodejs/tasks/install.yml#L103-L107) to: (running the equivalent of) ``` sudo apt install nodejs npm @@ -41,7 +41,7 @@ On the original Raspberry Pi Zero W (ARMv6) however: Node.js applications like I If necessary, run `sudo apt purge nodejs npm` then `sudo rm /etc/apt/sources.list.d/nodesource.list` then `sudo apt update` and then attempt to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/install.yml) _on the Raspberry Pi Zero W itself_ (`cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs`). -Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) — if that is your preference, consider a more recent version like: https://nodejs.org/dist/latest-v18.x/ +Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) — if that is your preference, consider a more recent version like: https://nodejs.org/dist/latest-v20.x/ Either way, you'll (likely) then also need to run: `sudo apt install npm` diff --git a/vars/default_vars.yml b/vars/default_vars.yml index fc2826b03..11e13f7dc 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -443,7 +443,7 @@ mosquitto_port: 1883 # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -nodejs_version: 18.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20 +nodejs_version: 20.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 7209bcd97d98bf1177def425ecccd95a27296b62 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 20 May 2023 17:33:37 -0400 Subject: [PATCH 284/937] install_python2.sh: Summarize messy virtualenv options --- scripts/install_python2.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index b12eccf58..c4ad4b897 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -15,12 +15,11 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) - # 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer -# supports Python 2. Older version from Ubuntu 23.04 seemed plausible... +# supports Python 2. Older versions from Ubuntu 22.04 (#3583) & 23.04 like... # http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb -# ...but drags in newer 20.23+ version of python3-virtualenv, leaving us -# with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. +# ...unfortunately drag in newer 20.23+ version of python3-virtualenv, leaving +# us with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. # Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: apt -y install python3-pip pip install virtualenv==20.21.1 --break-system-packages From a55c033a1668c3f7f77b00902ad98f0fb91bfd0a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 20 May 2023 17:35:03 -0400 Subject: [PATCH 285/937] Update install_python2.sh --- scripts/install_python2.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index c4ad4b897..5e0089f3b 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -15,6 +15,7 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) + # 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer # supports Python 2. Older versions from Ubuntu 22.04 (#3583) & 23.04 like... # http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb From 4e430da1a9868c6709d2973747eb5a9a1fb7b930 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 20 May 2023 20:30:27 -0400 Subject: [PATCH 286/937] Pin python3-platformdirs & python3-virtualenv to 22.04 for Python 2 on 23.10 ? --- scripts/install_python2.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 5e0089f3b..01269fda9 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -22,8 +22,9 @@ ARCH=$(dpkg --print-architecture) # ...unfortunately drag in newer 20.23+ version of python3-virtualenv, leaving # us with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. # Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: -apt -y install python3-pip -pip install virtualenv==20.21.1 --break-system-packages +#apt -y install python3-pip +#pip install virtualenv==20.21.1 --break-system-packages +# #apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 #apt -y install media-types libffi8 libssl3 @@ -61,6 +62,12 @@ EOF esac apt update +# 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less +# fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) +apt -y install python3-platformdirs=2.5.1-1 +apt-mark hold python3-platformdirs +apt -y install python3-virtualenv=20.13.0+ds-2 +apt-mark hold virtualenv apt -y install python2 rm /etc/apt/sources.list.d/python2.list || true apt update From 352ddcf6953bbbef9157890846e181e3ed1b9069 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 21 May 2023 07:52:17 -0400 Subject: [PATCH 287/937] install_python2.sh: Clarify virtualenv (22.04 for now, 23.04 later?) --- scripts/install_python2.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 01269fda9..7d0de2062 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -68,6 +68,8 @@ apt -y install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs apt -y install python3-virtualenv=20.13.0+ds-2 apt-mark hold virtualenv +# 2023-05-21 PR #3587: Above 4 lines should really install a more recent +# version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? apt -y install python2 rm /etc/apt/sources.list.d/python2.list || true apt update From 842bf91f764754f80c569712a85a613eb318a363 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 21 May 2023 08:25:39 -0400 Subject: [PATCH 288/937] install_python2.sh: Honor Bookworm's built-in virtualenv --- scripts/install_python2.sh | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 7d0de2062..f7e0bbd90 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -62,14 +62,18 @@ EOF esac apt update -# 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less -# fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) -apt -y install python3-platformdirs=2.5.1-1 -apt-mark hold python3-platformdirs -apt -y install python3-virtualenv=20.13.0+ds-2 -apt-mark hold virtualenv -# 2023-05-21 PR #3587: Above 4 lines should really install a more recent -# version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? +if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) need this. Ubuntu 23.04 tolerates it. + # 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less + # fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) + apt -y install python3-platformdirs=2.5.1-1 + apt-mark hold python3-platformdirs + apt -y install python3-virtualenv=20.13.0+ds-2 + apt-mark hold virtualenv + # 2023-05-21 PR #3587: Above 4 lines should really install a more recent + # version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? +else + apt -y install virtualenv # Debian 12 & RasPiOS 12 are A-Ok with built-in virtualenv 20.17.1 (<= 20.21.1) +fi apt -y install python2 rm /etc/apt/sources.list.d/python2.list || true apt update From 987fd7324f3bbb58212261cfc070cd3faa6d2e33 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 21 May 2023 09:18:25 -0400 Subject: [PATCH 289/937] install_python2.sh: Clarify pip & apt virtualenv options --- scripts/install_python2.sh | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f7e0bbd90..50089b4e1 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -17,13 +17,20 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) # 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer -# supports Python 2. Older versions from Ubuntu 22.04 (#3583) & 23.04 like... +# supports Python 2. Root cause is virtualenv 20.22.0 (2023-04-19) which +# removed Python 2 support: https://virtualenv.pypa.io/en/latest/changelog.html +# Unfortunately older versions from Ubuntu 22.04 (#3583) & 23.04 like... # http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb -# ...unfortunately drag in newer 20.23+ version of python3-virtualenv, leaving +# ...can drag in newer 20.23+ version of python3-virtualenv, leaving # us with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. # Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: -#apt -y install python3-pip -#pip install virtualenv==20.21.1 --break-system-packages +# +#iif grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) needs this. Ubuntu 23.04 tolerates it. +# apt -y install python3-pip +# pip install virtualenv==20.21.1 --break-system-packages +#else +# apt -y install virtualenv # Debian 12 & RasPiOS 12 are A-Ok with built-in virtualenv 20.17.1 (<= 20.21.1) +#fi # #apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 @@ -62,7 +69,7 @@ EOF esac apt update -if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) need this. Ubuntu 23.04 tolerates it. +if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) needs this. Ubuntu 23.04 tolerates it. # 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less # fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) apt -y install python3-platformdirs=2.5.1-1 From 56d27330636cc456d8296564801c998f05f75bcf Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 22 May 2023 11:56:18 -0400 Subject: [PATCH 290/937] TEMPORARILY revert ansible-core 2.15.0 to 2.14.6 for #3588 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index d117ca996..838fdb538 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -216,7 +216,7 @@ if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi -/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core +/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core==2.14.6 # 2023-05-22: TEMPORARILY REVERT FROM 2.15.0 UNTIL ansible/ansible#80863 FIXED (e.g. for FreePBX, #3588) echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do From 8ae4f020e988c4eb3f55dd0105af957c13365d4b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 22 May 2023 17:47:29 -0400 Subject: [PATCH 291/937] Refine PR #3590 to document ansible-core 2.14.6 recommendation --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 838fdb538..3ae46a4c9 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.0] -GOOD_VER=2.15.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.6] +GOOD_VER=2.14.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From a57710c117a3f1b627e79d98d780e7b23d763ce7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 26 May 2023 21:47:14 -0400 Subject: [PATCH 292/937] local_vars_medium.yml: Avoid Lokole for now due to #3572 --- vars/local_vars_medium.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 8a8ae98d6..776d94614 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -244,8 +244,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: True # 2022-03-13: Python 3.9+ work -lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 +lokole_install: False # 2022-03-13: Python 3.9+ work +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False From fc524462baefb7e35498a793f5d28a5b42d12b0d Mon Sep 17 00:00:00 2001 From: root Date: Sat, 27 May 2023 03:26:04 -0400 Subject: [PATCH 293/937] Record approx disk usage for 45 roles (to iiab.ini) --- roles/awstats/tasks/install.yml | 16 ++++++++++++++++ roles/azuracast/tasks/install.yml | 16 ++++++++++++++++ roles/calibre-web/tasks/install.yml | 16 ++++++++++++++++ roles/calibre/tasks/install.yml | 16 ++++++++++++++++ roles/captiveportal/tasks/install.yml | 16 ++++++++++++++++ roles/cups/tasks/install.yml | 16 ++++++++++++++++ roles/gitea/tasks/install.yml | 16 ++++++++++++++++ roles/gitea/tasks/main.yml | 2 +- roles/iiab-admin/tasks/main.yml | 16 ++++++++++++++++ roles/internetarchive/tasks/install.yml | 16 ++++++++++++++++ roles/jupyterhub/tasks/install.yml | 16 ++++++++++++++++ roles/kalite/tasks/install.yml | 16 ++++++++++++++++ roles/kiwix/tasks/install.yml | 16 ++++++++++++++++ roles/kolibri/tasks/install.yml | 16 ++++++++++++++++ roles/lokole/tasks/install.yml | 16 ++++++++++++++++ roles/matomo/tasks/install.yml | 16 ++++++++++++++++ roles/mediawiki/tasks/install.yml | 16 ++++++++++++++++ roles/minetest/tasks/install.yml | 20 +++++++++++++++++--- roles/mongodb/tasks/install.yml | 16 ++++++++++++++++ roles/monit/tasks/install.yml | 16 ++++++++++++++++ roles/moodle/tasks/install.yml | 16 ++++++++++++++++ roles/mosquitto/tasks/install.yml | 16 ++++++++++++++++ roles/munin/tasks/install.yml | 16 ++++++++++++++++ roles/mysql/tasks/install.yml | 16 ++++++++++++++++ roles/network/tasks/install.yml | 16 ++++++++++++++++ roles/nextcloud/tasks/install.yml | 16 ++++++++++++++++ roles/nextcloud/tasks/main.yml | 2 +- roles/nginx/tasks/install.yml | 16 ++++++++++++++++ roles/nodejs/tasks/install.yml | 20 ++++++++++++++++++++ roles/nodered/tasks/install.yml | 16 ++++++++++++++++ roles/openvpn/tasks/install.yml | 16 ++++++++++++++++ roles/osm-vector-maps/tasks/install.yml | 16 ++++++++++++++++ roles/pbx/tasks/install.yml | 16 ++++++++++++++++ roles/phpmyadmin/tasks/install.yml | 16 ++++++++++++++++ roles/postgresql/tasks/install.yml | 16 ++++++++++++++++ roles/pylibs/tasks/main.yml | 16 ++++++++++++++++ roles/remoteit/tasks/install.yml | 16 ++++++++++++++++ roles/samba/tasks/install.yml | 16 ++++++++++++++++ roles/sshd/tasks/install.yml | 17 +++++++++++++++++ roles/sugarizer/tasks/install.yml | 16 ++++++++++++++++ roles/transmission/tasks/install.yml | 16 ++++++++++++++++ roles/usb_lib/tasks/install.yml | 17 +++++++++++++++++ roles/vnstat/tasks/install.yml | 16 ++++++++++++++++ roles/wordpress/tasks/install.yml | 20 ++++++++++++++++++++ roles/wordpress/tasks/main.yml | 6 ------ roles/www_base/tasks/main.yml | 17 +++++++++++++++++ roles/www_options/tasks/main.yml | 16 ++++++++++++++++ roles/yarn/tasks/install.yml | 16 ++++++++++++++++ 48 files changed, 734 insertions(+), 11 deletions(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index f88e7174c..5585c19ca 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: 'Install package: awstats' package: name: awstats @@ -93,6 +98,17 @@ # RECORD AWStats AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'awstats_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: awstats + option: awstats_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'awstats_installed: True'" set_fact: awstats_installed: True diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 8ce9474d2..741e164f5 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -25,6 +25,11 @@ # 5. Run './runrole --reinstall azuracast' in /opt/iiab/iiab +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: AzuraCast - Make config directory {{ azuracast_host_dir }} file: path: "{{ azuracast_host_dir }}" @@ -102,6 +107,17 @@ # RECORD AzuraCast AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'azuracast_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: azuracast + option: azuracast_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'azuracast_installed: True'" set_fact: azuracast_installed: True diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 285d138a1..674880514 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: imagemagick, python3-netifaces" package: name: @@ -110,6 +115,17 @@ # RECORD Calibre-Web AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'calibreweb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre-web + option: calibreweb_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'calibreweb_installed: True'" set_fact: calibreweb_installed: True diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index 6a435c968..7646167a4 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. APT INSTALL CALIBRE 4.12+ or 5.12+ (calibre, calibredb, calibre-server etc) ON ALL OS'S - name: "Install OS's latest packages: calibre, calibre-bin" @@ -79,6 +84,17 @@ # 5. RECORD Calibre AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'calibre_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre + option: calibre_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'calibre_installed: True'" set_fact: calibre_installed: True diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index ab25d50b6..791d516fa 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: python3-dateutil, python3-jinja2" package: name: @@ -51,6 +56,17 @@ # RECORD Captive Portal AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'captiveportal_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: captiveportal + option: captiveportal_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'captiveportal_installed: True'" set_fact: captiveportal_installed: True diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 12296cfe5..e080b68cf 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -2,6 +2,11 @@ # (OR ANY MEMBER OF LINUX GROUP 'lpadmin') AS SET UP BELOW... +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 'cups' package package: name: cups @@ -124,6 +129,17 @@ # RECORD CUPS AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'cups_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: cups + option: cups_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'cups_installed: True'" set_fact: cups_installed: True diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 02dfa7cda..59f9d0be9 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. Prepare to install Gitea: create user and directory structure - name: Shut down existing Gitea instance (if we're reinstalling) @@ -105,6 +110,17 @@ # 5. RECORD Gitea AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'gitea_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: gitea + option: gitea_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'gitea_installed: True'" set_fact: gitea_installed: True diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 4fbd7359e..335911c96 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -27,7 +27,7 @@ - include_tasks: enable-or-disable.yml - - name: Add 'gitea' to list of services at {{ iiab_ini_file }} + - name: Add 'gitea' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: gitea diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 09a408aa4..f9d6d38a5 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -2,6 +2,11 @@ # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install text-mode packages, useful during remote access: lynx, screen" package: name: @@ -35,6 +40,17 @@ # RECORD iiab-admin AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'iiab_admin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: iiab-admin + option: iiab_admin_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'iiab_admin_installed: True'" set_fact: iiab_admin_installed: True diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 0427f816c..9f67851cf 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -30,6 +30,11 @@ state: present +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2. CREATE 2 DIRS, WIPE /opt/iiab/internetarchive/node_modules & RUN YARN - name: mkdir {{ internetarchive_dir }} @@ -64,6 +69,17 @@ # 4. RECORD Internet Archive AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'internetarchive_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: internetarchive + option: internetarchive_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'internetarchive_installed: True'" set_fact: internetarchive_installed: True diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 223985f5b..eeffed232 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,6 +13,11 @@ when: nodejs_installed is undefined +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install package: python3-psutil" package: name: python3-psutil @@ -104,6 +109,17 @@ # RECORD JupyterHub AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'jupyterhub_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: jupyterhub + option: jupyterhub_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'jupyterhub_installed: True'" set_fact: jupyterhub_installed: True diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index a819a2cee..dc802f8cc 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Download {{ kalite_requirements }} to {{ pip_packages_dir }}/kalite.txt get_url: url: "{{ kalite_requirements }}" @@ -105,6 +110,17 @@ # RECORD KA Lite AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'kalite_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kalite + option: kalite_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'kalite_installed: True'" set_fact: kalite_installed: True diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 0adaeef36..e8a606b13 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -6,6 +6,11 @@ when: kiwix_arch == "unsupported" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. PUT IN PLACE: /opt/iiab/downloads/kiwix-tools_linux-*.tar.gz, move /opt/iiab/kiwix/bin aside if nec, create essential dirs, and test.zim if nec (library.xml is created later, by enable-or-disable.yml) # 2022-10-04: get_url might be removed in future (unarchive below can handle @@ -118,6 +123,17 @@ # 5. RECORD Kiwix AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'kiwix_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kiwix + option: kiwix_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'kiwix_installed: True'" set_fact: kiwix_installed: True diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index df74817e4..3b5826f6c 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -23,6 +23,11 @@ # https://kolibri.readthedocs.io/en/latest/install/provision.html +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" @@ -209,6 +214,17 @@ # RECORD Kolibri AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'kolibri_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kolibri + option: kolibri_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'kolibri_installed: True'" set_fact: kolibri_installed: True diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index f26457f87..5f8c76d4f 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,6 +2,11 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 12 packages for Lokole apt: name: @@ -133,6 +138,17 @@ # RECORD Lokole AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'lokole_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: lokole + option: lokole_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'lokole_installed: True'" set_fact: lokole_installed: True diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 56439de3e..97c321d83 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,6 +12,11 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # https://matomo.org/faq/on-premise/matomo-requirements/ - name: Install Matomo's recommended PHP extensions package: @@ -239,6 +244,17 @@ # RECORD Matomo AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'matomo_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: matomo + option: matomo_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'matomo_installed: True'" set_fact: matomo_installed: True diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 145c1dc3d..b5af608c1 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # https://www.mediawiki.org/wiki/Manual:Installation_requirements#PHP - name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml' package: @@ -95,6 +100,17 @@ # RECORD MediaWiki AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mediawiki_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mediawiki + option: mediawiki_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mediawiki_installed: True'" set_fact: mediawiki_installed: True diff --git a/roles/minetest/tasks/install.yml b/roles/minetest/tasks/install.yml index 1850eda84..e9e9982b9 100644 --- a/roles/minetest/tasks/install.yml +++ b/roles/minetest/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Check for Minetest world file ({{ minetest_world_dir }}/world.mt) stat: path: "{{ minetest_world_dir }}/world.mt" @@ -7,9 +12,6 @@ file: state: directory path: /library/games - # owner: root - # group: root - # mode: '0755' - include_tasks: minetest_install.yml when: not minetest_world.stat.exists @@ -35,8 +37,20 @@ url: https://content.minetest.net/packages/sfan5/worldedit/releases/13367/download/ when: minetest_default_game == "minetest" + # RECORD Minetest AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'minetest_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: minetest + option: minetest_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'minetest_installed: True'" set_fact: minetest_installed: True diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index eb5d8b345..8efb7d91d 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -4,6 +4,11 @@ # https://www.mongodb.com/docs/manual/installation/ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. INSTALL MongoDB PACKAGES AND/OR BINARIES # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so @@ -367,6 +372,17 @@ # 3. RECORD MongoDB AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mongodb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mongodb + option: mongodb_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mongodb_installed: True'" set_fact: mongodb_installed: True diff --git a/roles/monit/tasks/install.yml b/roles/monit/tasks/install.yml index bc6173468..7dd9802d1 100644 --- a/roles/monit/tasks/install.yml +++ b/roles/monit/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 'monit' package package: name: monit @@ -35,6 +40,17 @@ # RECORD Monit AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'monit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: monit + option: monit_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'monit_installed: True'" set_fact: monit_installed: True diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a3cd511de..cb19f242c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,6 +17,11 @@ name: postgresql +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: # https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries # https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml @@ -189,6 +194,17 @@ # RECORD Moodle AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'moodle_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: moodle + option: moodle_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'moodle_installed: True'" set_fact: moodle_installed: True diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml index 6ba7fd0d0..5f1fdde01 100644 --- a/roles/mosquitto/tasks/install.yml +++ b/roles/mosquitto/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: mosquitto, mosquitto-clients" package: name: "{{ item }}" @@ -32,6 +37,17 @@ # RECORD Mosquitto AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mosquitto_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mosquitto + option: mosquitto_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mosquitto_installed: True'" set_fact: mosquitto_installed: True diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index a889ff15b..cb6460c9f 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # SEE ALSO roles/network/tasks/install.yml - name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 sysctl: @@ -44,6 +49,17 @@ # RECORD Munin AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'munin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: munin + option: munin_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'munin_installed: True'" set_fact: munin_installed: True diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index ceff65c66..3abfc3d30 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql, python3-pymysql' package: name: @@ -61,6 +66,17 @@ # RECORD MySQL AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mysql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mysql + option: mysql_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mysql_installed: True'" set_fact: mysql_installed: True diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 71aa2a1eb..10ed94b5e 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 @@ -101,6 +106,17 @@ # RECORD Network AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'network_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: network + option: network_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'network_installed: True'" set_fact: network_installed: True diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 843cf84bc..ee1bed19f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # CHECK FOR PHP VERSION AUTOMATICALLY, TO DETERMINE WHICH NEXTCLOUD TO INSTALL. # INSPIRED BY: github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml @@ -119,6 +124,17 @@ # RECORD Nextcloud AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nextcloud_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nextcloud + option: nextcloud_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nextcloud_installed: True'" set_fact: nextcloud_installed: True diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index d98ae5b27..1308da347 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -31,7 +31,7 @@ - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: Nextcloud + section: nextcloud option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index d9f3c4dda..a9e4c0b6c 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Stop & Disable '{{ apache_service }}' systemd service, in case it exists systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml @@ -66,6 +71,17 @@ # RECORD NGINX AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nginx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nginx + option: nginx_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nginx_installed: True'" set_fact: nginx_installed: True diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 08b08bdb9..fcc6aaaea 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -1,3 +1,12 @@ +# Lokole PDF (User's Guide) gets copied for offline use (http://box/info) here: +# https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 + + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. TEST IF Node.js ALEADY INSTALLED & IF SO WARN IT'LL BE REPLACED # 2019-02-03: BELOW TESTS IF 'nodejs' VERSION IS ALREADY INSTALLED: @@ -161,6 +170,17 @@ # 3. RECORD Node.js AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nodejs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodejs + option: nodejs_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nodejs_installed: True'" set_fact: nodejs_installed: True diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 7ee0a7d73..70a213087 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -23,6 +23,11 @@ # when: nodejs_version != "12.x" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & # Ubermix that often include an older version of Node-RED. Brutal, as this # removes customizations on graphical desktop OS's e.g. Raspbian Desktop's: @@ -138,6 +143,17 @@ # RECORD Node-RED AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nodered_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodered + option: nodered_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nodered_installed: True'" set_fact: nodered_installed: True diff --git a/roles/openvpn/tasks/install.yml b/roles/openvpn/tasks/install.yml index cbe2e36af..4241fa723 100644 --- a/roles/openvpn/tasks/install.yml +++ b/roles/openvpn/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: ncat, nmap, openvpn, sudo" package: name: @@ -100,6 +105,17 @@ # RECORD OpenVPN AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'openvpn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: openvpn + option: openvpn_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'openvpn_installed: True'" set_fact: openvpn_installed: True diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 03642c274..17a82b5b4 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" package: state: present @@ -196,6 +201,17 @@ # RECORD OSM Vector Maps AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'osm_vector_maps_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: osm-vector-maps + option: osm_vector_maps_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'osm_vector_maps_installed: True'" set_fact: osm_vector_maps_installed: True diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index 7af2c144e..934d1dbe3 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -22,6 +22,11 @@ # when: nodejs_version != "12.x" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2021-08-09: Moved to roles/pbx/tasks/apache.yml # - name: "Set 'apache_install: True' and 'apache_enabled: True'" @@ -44,6 +49,17 @@ # RECORD PBX AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'pbx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: pbx + option: pbx_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'pbx_installed: True'" set_fact: pbx_installed: True diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index 345927a04..6c5ccc499 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Download {{ phpmyadmin_dl_url }} to {{ downloads_dir }} get_url: url: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.0.4/phpMyAdmin-5.0.4-all-languages.zip @@ -48,6 +53,17 @@ # RECORD phpMyAdmin AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'phpmyadmin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: phpmyadmin + option: phpmyadmin_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'phpmyadmin_installed: True'" set_fact: phpmyadmin_installed: True diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 214f8b028..f16a06b8d 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: 'Install packages: postgresql, postgresql-client, python3-psycopg2' package: name: @@ -90,6 +95,17 @@ # RECORD PostgreSQL AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'postgresql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: postgresql + option: postgresql_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'postgresql_installed: True'" set_fact: postgresql_installed: True diff --git a/roles/pylibs/tasks/main.yml b/roles/pylibs/tasks/main.yml index f7ffa0f1d..aecabbeb8 100644 --- a/roles/pylibs/tasks/main.yml +++ b/roles/pylibs/tasks/main.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install iiab lib files template: src: "{{ item.src }}" @@ -13,6 +18,17 @@ # RECORD pylibs AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'pylibs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: pylibs + option: pylibs_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'pylibs_installed: True'" set_fact: pylibs_installed: True diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 360cb7397..6f2bedae6 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # - name: Fail if architecture remoteit_device_suffix == "unknown" # fail: # msg: "Could not find a remote.it Device Package (.deb) for CPU architecture \"{{ ansible_architecture }}\"" @@ -124,6 +129,17 @@ # RECORD remote.it AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'remoteit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: remoteit + option: remoteit_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'remoteit_installed: True'" set_fact: remoteit_installed: True diff --git a/roles/samba/tasks/install.yml b/roles/samba/tasks/install.yml index 4b804168f..6c2b47fa0 100644 --- a/roles/samba/tasks/install.yml +++ b/roles/samba/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Create smb user: {{ smbuser }}" user: name: "{{ smbuser }}" @@ -31,6 +36,17 @@ # RECORD Samba AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'samba_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: samba + option: samba_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'samba_installed: True'" set_fact: samba_installed: True diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index 86d1e9360..20e8b4bf5 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -9,6 +9,12 @@ # # 2) Use Ansible handler to reload ssh? + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install ssh daemon using package: {{ sshd_package }}" package: name: "{{ sshd_package }}" @@ -41,6 +47,17 @@ # RECORD sshd AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'sshd_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: sshd + option: sshd_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'sshd_installed: True'" set_fact: sshd_installed: True diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 5e9cf3826..95206dc7a 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -27,6 +27,11 @@ # when: nodejs_version != "12.x" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2. DOWNLOAD+LINK /opt/iiab/sugarizer - name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~740 MB) @@ -232,6 +237,17 @@ # 6. RECORD Sugarizer AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'sugarizer_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: sugarizer + option: sugarizer_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'sugarizer_installed: True'" set_fact: sugarizer_installed: True diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 015116b82..17a87d1c0 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install BitTorrent packages: transmission-daemon, transmission-cli" package: name: @@ -55,6 +60,17 @@ # RECORD Transmission AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'transmission_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: transmission + option: transmission_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'transmission_installed: True'" set_fact: transmission_installed: True diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 6510ab336..bea8638ee 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,6 +7,12 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Does systemd-udevd.service exist stat: path: "{{ systemd_location }}/systemd-udevd.service" @@ -87,6 +93,17 @@ # RECORD 'USB_LIB' AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'usb_lib_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: usb_lib + option: usb_lib_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'usb_lib_installed: True'" set_fact: usb_lib_installed: True diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 70e4f56cc..0d34e5cfc 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 'vnstat' package package: name: vnstat @@ -42,6 +47,17 @@ # RECORD vnStat AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'vnstat_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: vnstat + option: vnstat_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'vnstat_installed: True'" set_fact: vnstat_installed: True diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index cfab49cc0..449891e37 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,6 +12,15 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + +- name: Provision MySQL DB + include_tasks: setup.yml + + # 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: # https://make.wordpress.org/hosting/handbook/server-environment/ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) @@ -131,6 +140,17 @@ # RECORD WordPress AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'wordpress_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: wordpress + option: wordpress_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'wordpress_installed: True'" set_fact: wordpress_installed: True diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index aa93c6672..106343a84 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -23,19 +23,13 @@ - block: - - name: Provision MySQL DB for WordPress, if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: setup.yml - when: wordpress_installed is undefined # and not installing - - name: Install WordPress if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: wordpress_installed is undefined - - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - - name: Add 'wordpress' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 0f557148f..8e278d60b 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,6 +1,12 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2021-06-27: Antifragile roles can become less brittle by fully declaring # their own dependencies (i.e. for modularity, separation-of-concerns, # encapsulation, compartmentalization, scope sanity, etc). @@ -54,6 +60,17 @@ # RECORD www_base AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'www_base_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: www_base + option: www_base_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'www_base_installed: True'" set_fact: www_base_installed: True diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 6342bcdd0..eea007b7f 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -2,6 +2,11 @@ # Role "www_options" runs here, probably in 4-SERVER-OPTIONS. +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # HOMEPAGE - name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.) @@ -119,6 +124,17 @@ # RECORD www_options AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'www_options_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: www_options + option: www_options_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'www_options_installed: True'" set_fact: www_options_installed: True diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index e7f759a96..5d8e3a258 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Yarn | Download apt key to /usr/share/keyrings/yarn.gpg shell: curl https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn.gpg @@ -40,6 +45,17 @@ # RECORD Yarn AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'yarn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: yarn + option: yarn_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'yarn_installed: True'" set_fact: yarn_installed: True From 3c5b071c25deb46ef5ec57c0937af557b4549bb3 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 27 May 2023 14:07:13 -0400 Subject: [PATCH 294/937] Estimate IIAB software disk usage, in /etc/iiab/iiab.ini 'summary' section --- roles/0-init/tasks/create_iiab_ini.yml | 19 +++++++++++++------ roles/9-local-addons/tasks/main.yml | 15 +++++++++++++++ 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 980a7fc1b..002e09225 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -1,7 +1,11 @@ -# workaround for fact that auto create does not work on iiab_ini_file (/etc/iiab/iiab.ini) +- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }}) to later estimate iiab_software_disk_usage + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + +# workaround for fact that auto create does not work on iiab_ini_file - name: Create {{ iiab_ini_file }} file: - path: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini state: touch - name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) @@ -12,10 +16,11 @@ command: dpkg --print-foreign-architectures register: dpkg_foreign_arch -- name: Add 'location' variable values to {{ iiab_ini_file }} + +- name: Add 'summary' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: initial-location + section: summary option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: @@ -23,11 +28,13 @@ value: "{{ iiab_base }}" - option: iiab_dir value: "{{ iiab_dir }}" + - option: disk_space_a_priori + value: "{{ df1.stdout }}" -- name: Add 'version' variable values to {{ iiab_ini_file }} +- name: Add 'initial-versions' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: initial-version + section: initial-versions option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index f9ea8e20f..7070973c6 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,6 +42,21 @@ name: pbx when: pbx_install +- name: Read 'disk_space_a_priori' from /etc/iiab/iiab.ini + set_fact: + df1: "{{ lookup('ansible.builtin.ini', 'disk_space_a_priori', section='summary', file=iiab_ini_file) }}" + +- name: Record currently available disk space, to compare with original 'disk_space_a_priori' + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add ESTIMATED 'iiab_software_disk_usage = {{ df1|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: summary + option: iiab_software_disk_usage + value: "{{ df1|int - df2.stdout|int }}" + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" From 7205219292258593234a9a6a22fa7f7096d89017 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 27 May 2023 15:24:13 -0400 Subject: [PATCH 295/937] create_iiab_ini.yml: Rename iiab.ini section to 'initial' --- roles/0-init/tasks/create_iiab_ini.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 002e09225..98c195b67 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -31,10 +31,10 @@ - option: disk_space_a_priori value: "{{ df1.stdout }}" -- name: Add 'initial-versions' variable values to {{ iiab_ini_file }} +- name: Add 'initial' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: initial-versions + section: initial option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: From e06f833c6b1bebfc07e9ac607562c5011a3c7c79 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 27 May 2023 15:47:51 -0400 Subject: [PATCH 296/937] Explain saving disk_space_a_priori to iiab.ini --- roles/0-init/tasks/create_iiab_ini.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 98c195b67..6e3e08a73 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -1,4 +1,4 @@ -- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }}) to later estimate iiab_software_disk_usage +- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }} below) to later estimate iiab_software_disk_usage shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' register: df1 From efa974b26a51c36565df0df5085b2d572cecf205 Mon Sep 17 00:00:00 2001 From: neomatrixcode Date: Sat, 27 May 2023 14:52:30 -0600 Subject: [PATCH 297/937] add iiab size --- scripts/iiab-item-size.py | 128 ++++++++++++++++++++++++++++++++++++++ scripts/iiab-size.py | 44 +++++++++++++ 2 files changed, 172 insertions(+) create mode 100644 scripts/iiab-item-size.py create mode 100644 scripts/iiab-size.py diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py new file mode 100644 index 000000000..c4727a221 --- /dev/null +++ b/scripts/iiab-item-size.py @@ -0,0 +1,128 @@ +#!/usr/bin/python3 +# Creates json files for presets + +import os, sys, syslog +from datetime import date +import pwd, grp +import shutil +import argparse +import sqlite3 +import iiab.iiab_lib as iiab +import iiab.adm_lib as adm +import requests +import json + +all_menu_defs = adm.get_all_menu_defs() + +def main(): + parser = argparse.ArgumentParser(description="Get size for item.") + parser.add_argument("name", help="Name item.") + + # menu_dir + args = parser.parse_args() + + name = args.name + + content= get_item_size(name) + + #print('size: ',iiab.human_readable(content["size"])) + print(f'content ', content) + + sys.exit() + +def get_zims_size_from_header(url): + #url = 'https://download.kiwix.org/zim/other/mdwiki_en_all_2023-03.zim' + response = requests.head(url, allow_redirects=True) + size = 0 + if (response.status_code == 200): + size = int(response.headers.get('Content-Length', 0)) + return size + +def get_zims_size_from_file(name): + data_output = {} + data_output['download_url']= '' + data_output['size'] = 0 + + with open('/etc/iiab/kiwix_catalog.json') as json_file: + data = json.load(json_file)['zims'] + result = { data[element]['perma_ref']: data[element] for element in list(data.keys())} + if result.get(name) is not None: + data_output['download_url']= result[name]['download_url'] + data_output['size']= (int(result[name].get('size',0)) * 1024) + 1023 + return data_output + +def get_zims_size(name): + data = get_zims_size_from_file(name) + #if data['size'] <= 1023: + # data['size'] = get_zims_size_from_header(data['download_url']) + return data + +def get_oer2go_size_from_file(name): + data_output = {} + data_output['download_url']= '' + data_output['size'] = 0 + + with open('/etc/iiab/oer2go_catalog.json') as json_file: + data = json.load(json_file)['modules'] + if data.get(name) is not None: + data_output['download_url']= data[name]['rsync_url'] + data_output['size']= (int(data[name].get('ksize',0)) * 1024) + 1023 + return data_output + +def get_map_size_from_file(name): + data_output = {} + data_output['download_url']= '' + data_output['size'] = 0 + + with open('/etc/iiab/map-catalog.json') as json_file: + data = json.load(json_file)['base'] + result = { data[element]['perma_ref']: data[element] for element in list(data.keys())} + if result.get(name) is not None: + data_output['download_url']= result[name]['archive_url'] + data_output['size']= (int(result[name].get('size',0))) + 1023 + return data_output + + +def get_item_size(name_input): + return [get_size(element) for element in [name_input]] + +def get_items_size(name_input): + return [get_size(element) for element in name_input] + +def element_unknown(name): + return {"size":0} + +def build_otput(name, type_element, function): + data = function(name) + if data['size']== 0: + print(name, "element",type_element,"not found") + + return { + "name": name + ,"type": type_element + ,"size": data['size'] + } + +def get_size(name_input): + if name_input in all_menu_defs: + info = all_menu_defs[name_input] + intended_use = info["intended_use"] + + if intended_use == "html": + name_element = info["moddir"] + return build_otput(name_element, "module", get_oer2go_size_from_file) + + elif intended_use == "zim": + name_element = info["zim_name"] + return build_otput(name_element, "zim", get_zims_size) + + elif intended_use == "webroot": + name_element = info["name"] + return build_otput(name_element, "map", get_map_size_from_file) + + return build_otput(name_input, "unknown", element_unknown) + +# Now start the application +if __name__ == "__main__": + main() + diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py new file mode 100644 index 000000000..851119089 --- /dev/null +++ b/scripts/iiab-size.py @@ -0,0 +1,44 @@ +#!/usr/bin/python3 +# Creates json files for presets + +import os, sys, syslog +from datetime import date +import pwd, grp +import shutil +import argparse +import sqlite3 +import iiab.iiab_lib as iiab +import iiab.adm_lib as adm +import requests +import json +import importlib +from functools import reduce +iiab_item_size = importlib.import_module("iiab-item-size") + +def main(): + parser = argparse.ArgumentParser(description="Read menu file for get size.") + parser.add_argument("menuFile", help="Is the menu file.") + # menu_dir + args = parser.parse_args() + + menu_file = args.menuFile + if not os.path.exists(menu_file): + print('Menu file ' + menu_file + ' not found.') + exit(1) + + total_size= content_from_menu(menu_file) + + print('total: ',iiab.human_readable(total_size)) + print(f'total (bytes): ', total_size) + + sys.exit() + +def content_from_menu(menu_file): + menu = adm.read_json(menu_file) + items = iiab_item_size.get_items_size(menu["menu_items_1"]) + total_size = reduce(lambda accumulator,item: accumulator+int(item['size']), items, 0) + return total_size + +# Now start the application +if __name__ == "__main__": + main() From 87bdd3fa0cf4cce79429facf93b90f4e7e4ac000 Mon Sep 17 00:00:00 2001 From: neomatrixcode Date: Mon, 29 May 2023 21:47:48 -0600 Subject: [PATCH 298/937] update function get_size --- scripts/iiab-item-size.py | 79 +++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 12 deletions(-) diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py index c4727a221..e7f8d486d 100644 --- a/scripts/iiab-item-size.py +++ b/scripts/iiab-item-size.py @@ -95,7 +95,7 @@ def element_unknown(name): def build_otput(name, type_element, function): data = function(name) if data['size']== 0: - print(name, "element",type_element,"not found") + print(name, ": the size of this",type_element,"element is unknown") return { "name": name @@ -103,22 +103,77 @@ def build_otput(name, type_element, function): ,"size": data['size'] } + +intended_use_dict = { + "azuracast":{ + "name":"name" + ,"type":"azuracast" + ,"function":element_unknown + } + ,"calibre":{ + "name":"name" + ,"type":"calibre" + ,"function":element_unknown + } + ,"external":{ + "name":"name" + ,"type":"external" + ,"function":element_unknown + } + ,"html":{ + "name":"moddir" + ,"type":"module" + ,"function":get_oer2go_size_from_file + } + ,"info":{ + "name":"name" + ,"type":"info" + ,"function":element_unknown + } + ,"internetarchive":{ + "name":"name" + ,"type":"internetarchive" + ,"function":element_unknown + } + ,"kalite":{ + "name":"name" + ,"type":"kalite" + ,"function":element_unknown + } + ,"kolibri":{ + "name":"name" + ,"type":"kolibri" + ,"function":element_unknown + } + ,"map":{ + "name":"name" + ,"type":"map" + ,"function":get_map_size_from_file + } + ,"webroot":{ + "name":"name" + ,"type":"webroot" + ,"function":element_unknown + } + ,"zim":{ + "name":"zim_name" + ,"type":"zim" + ,"function":get_zims_size + } +} + + def get_size(name_input): if name_input in all_menu_defs: info = all_menu_defs[name_input] intended_use = info["intended_use"] - if intended_use == "html": - name_element = info["moddir"] - return build_otput(name_element, "module", get_oer2go_size_from_file) - - elif intended_use == "zim": - name_element = info["zim_name"] - return build_otput(name_element, "zim", get_zims_size) - - elif intended_use == "webroot": - name_element = info["name"] - return build_otput(name_element, "map", get_map_size_from_file) + try: + data_intend = intended_use_dict[intended_use] + name_element = info[data_intend["name"]] + return build_otput(name_element, data_intend["type"], data_intend["function"]) + except: + pass return build_otput(name_input, "unknown", element_unknown) From c22a713ec414b963ae19819f041870854624c136 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 30 May 2023 16:15:03 -0400 Subject: [PATCH 299/937] scripts/iiab-item-size.py: Clarify PR #3594 --- scripts/iiab-item-size.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py index e7f8d486d..6e1261ba3 100644 --- a/scripts/iiab-item-size.py +++ b/scripts/iiab-item-size.py @@ -1,5 +1,6 @@ #!/usr/bin/python3 -# Creates json files for presets +# Auto-calculate IIAB + EduPack disk space needs, in advance [& design review] +# https://github.com/iiab/iiab/pull/3594 import os, sys, syslog from datetime import date @@ -180,4 +181,3 @@ def get_size(name_input): # Now start the application if __name__ == "__main__": main() - From 7cecb4d89bdd277ac432a03d1f0fdec90aacadcd Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 30 May 2023 16:16:46 -0400 Subject: [PATCH 300/937] scripts/iiab-size.py: Clarify PR #3594 --- scripts/iiab-size.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py index 851119089..c44e7034b 100644 --- a/scripts/iiab-size.py +++ b/scripts/iiab-size.py @@ -1,5 +1,6 @@ #!/usr/bin/python3 -# Creates json files for presets +# Auto-calculate IIAB + EduPack disk space needs, in advance [& design review] +# https://github.com/iiab/iiab/pull/3594 import os, sys, syslog from datetime import date From a9585365c019891299632463d01cc9517e57cb18 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 7 Jun 2023 19:33:01 -0400 Subject: [PATCH 301/937] transmission/README.rst: Add "Docs" section --- roles/transmission/README.rst | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 40f6e38fc..2112fc778 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -103,7 +103,19 @@ More advanced configuration and status are in directory ``/var/lib/transmission- stats.json torrents/ -These are further explained in https://github.com/transmission/transmission/wiki/Configuration-Files (to align with the above, apt package transmission-daemon sets user debian-transmission's home directory to ``/var/lib/transmission-daemon`` in /etc/passwd). +These are further explained in |ss| https://github.com/transmission/transmission/wiki/Configuration-Files |se| (to align with the above, apt package transmission-daemon sets user debian-transmission's home directory to ``/var/lib/transmission-daemon`` in /etc/passwd). + +Docs +---- + +As of June 2023, these docs appear to be the most up-to-date: + +- https://github.com/transmission/transmission/tree/main/docs + - https://github.com/transmission/transmission/blob/main/docs/Configuration-Files.md + - https://github.com/transmission/transmission/blob/main/docs/Headless-Usage.md +- https://wiki.archlinux.org/title/transmission (updated regularly) +- https://cli-ck.io/transmission-cli-user-guide/ (2016 but still useful) +- https://trac.transmissionbt.com/wiki (2006-2019) Logging ------- From 30c54e844804c70afa6c9a1312b7369b757a469e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 7 Jun 2023 19:43:54 -0400 Subject: [PATCH 302/937] transmission/tasks/install.yml: Remove stale comment --- roles/transmission/tasks/install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 17a87d1c0..7f64d0e70 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -16,7 +16,6 @@ path: "{{ transmission_download_dir }}" # /library/transmission owner: "{{ transmission_user }}" # debian-transmission group: "{{ transmission_group }}" # debian-transmission - # mode: '0755' - name: Stop 'transmission-daemon' systemd service, before modifying its settings systemd: From 03531dfdecf4025304ba6241e354799756b19727 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Acevedo=20=28Neomatrix=29?= Date: Wed, 7 Jun 2023 21:58:51 -0600 Subject: [PATCH 303/937] GitHub Actions .github/workflows/30min-iiab-test-install-debian12.yml for CI/CD & QA (#2) * add debian12 --- .../30min-iiab-test-install-debian12.yml | 58 +++++++++++++++++++ .../30min-iiab-test-install-raspios.yml | 2 +- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/30min-iiab-test-install-debian12.yml diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml new file mode 100644 index 000000000..e98618e20 --- /dev/null +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -0,0 +1,58 @@ +name: '"30 min" IIAB test install debian 12' +# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 + +# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html +on: [push, pull_request, workflow_dispatch] + +# on: +# push: +# +# pull_request: +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# +# # Set your workflow to run every day of the week from Monday to Friday at 6:00 UTC +# schedule: +# - cron: "0 6 * * 1-5" + +jobs: + test-install: + runs-on: ubuntu-latest + strategy: + matrix: + arch: [debian12] + include: + - arch: debian12 + cpu: cortex-a7 + cpu_info: cpuinfo/raspberrypi_3b + base_image: https://raspi.debian.net/daily/raspi_3_bookworm.img.xz + # source https://raspi.debian.net/daily-images/ + steps: + #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + #- name: Check out repository code + - uses: actions/checkout@v3.1.0 + - uses: pguyot/arm-runner-action@v2 + with: + image_additional_mb: 1024 + base_image: ${{ matrix.base_image }} + cpu: ${{ matrix.cpu }} + cpu_info: ${{ matrix.cpu_info }} + copy_repository_path: /opt/iiab/iiab + commands: | + #test `uname -m` = ${{ matrix.arch }} + grep Model /proc/cpuinfo + echo "🍏 This job's status is ${{ job.status }}." + whoami # runner + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + apt-get update -y --allow-releaseinfo-change + apt-get install --no-install-recommends -y git + ls /opt/iiab/iiab + mkdir /etc/iiab + cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + /opt/iiab/iiab/scripts/ansible + ./iiab-install + cd /opt/iiab/iiab + iiab-summary + cat /etc/iiab/iiab_state.yml diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index e1cb81c17..dea22ffa6 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -52,7 +52,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - test `uname -m` = ${{ matrix.arch }} + #test `uname -m` = ${{ matrix.arch }} grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 249d6fd24d0b3bde959df21532cc65752e66fa11 Mon Sep 17 00:00:00 2001 From: neomatrixcode Date: Thu, 8 Jun 2023 12:08:00 -0600 Subject: [PATCH 304/937] echo hostnamectl --- .github/workflows/30min-iiab-test-install-debian12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index e98618e20..ac139cd76 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,7 +41,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - #test `uname -m` = ${{ matrix.arch }} + echo "${{ hostnamectl }}" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 815f098475c02e65ce3851274422ff56e117b67e Mon Sep 17 00:00:00 2001 From: neomatrixcode Date: Thu, 8 Jun 2023 12:13:52 -0600 Subject: [PATCH 305/937] update hostnamectl --- .github/workflows/30min-iiab-test-install-debian12.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index ac139cd76..f73f5d93b 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -27,6 +27,7 @@ jobs: cpu: cortex-a7 cpu_info: cpuinfo/raspberrypi_3b base_image: https://raspi.debian.net/daily/raspi_3_bookworm.img.xz + os: linux # source https://raspi.debian.net/daily-images/ steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." @@ -41,7 +42,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "${{ hostnamectl }}" + echo "$(hostnamectl)"" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 28d51dd064dbc3a5710f5b1bac0a3e524127c443 Mon Sep 17 00:00:00 2001 From: neomatrixcode Date: Thu, 8 Jun 2023 12:17:09 -0600 Subject: [PATCH 306/937] remove OS parameter --- .github/workflows/30min-iiab-test-install-debian12.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index f73f5d93b..f9b3ea8bc 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -27,7 +27,6 @@ jobs: cpu: cortex-a7 cpu_info: cpuinfo/raspberrypi_3b base_image: https://raspi.debian.net/daily/raspi_3_bookworm.img.xz - os: linux # source https://raspi.debian.net/daily-images/ steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." From ba404ac0f9197335b93e42e8876ae7da267e314d Mon Sep 17 00:00:00 2001 From: neomatrixcode Date: Thu, 8 Jun 2023 12:20:54 -0600 Subject: [PATCH 307/937] remove quote --- .github/workflows/30min-iiab-test-install-debian12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index f9b3ea8bc..1584642a5 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,7 +41,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "$(hostnamectl)"" + echo "$(hostnamectl)" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From bac736d6166fff71963995141b1f87385bb0034c Mon Sep 17 00:00:00 2001 From: neomatrixcode Date: Thu, 8 Jun 2023 12:27:31 -0600 Subject: [PATCH 308/937] add uname --- .github/workflows/30min-iiab-test-install-debian12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 1584642a5..a7c5d1249 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,7 +41,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "$(hostnamectl)" + echo "$(uname -srm)" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 81ba0fc7b797b69a0427fd47e8b1a8ed5229de9b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Jun 2023 14:49:07 -0400 Subject: [PATCH 309/937] GHA: Try recording more 'runner context' on top of job --- .github/workflows/30min-iiab-test-install-debian12.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index a7c5d1249..1262fac8d 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,9 +41,11 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "$(uname -srm)" - grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." + echo -e "Complete 'runner context':\n{{ $matrix }}" + uname -srm + hostnamectl + grep Model /proc/cpuinfo whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} apt-get update -y --allow-releaseinfo-change From dddd7ce0b4e351f4ddce46fc2316de00c2f6ae68 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Jun 2023 15:04:52 -0400 Subject: [PATCH 310/937] GHA: Try dumping runner contexts --- .../30min-iiab-test-install-debian12.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 1262fac8d..0753cd422 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -32,7 +32,23 @@ jobs: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." #- name: Check out repository code + - name: Dump GitHub context + env: + GITHUB_CONTEXT: ${{ toJSON(github) }} + run: echo "$GITHUB_CONTEXT" + - name: Dump matrix context + env: + MATRIX_CONTEXT: ${{ toJSON(matrix) }} + run: echo "$MATRIX_CONTEXT" - uses: actions/checkout@v3.1.0 + - name: Dump GitHub context + env: + GITHUB_CONTEXT: ${{ toJSON(github) }} + run: echo "$GITHUB_CONTEXT" + - name: Dump matrix context + env: + MATRIX_CONTEXT: ${{ toJSON(matrix) }} + run: echo "$MATRIX_CONTEXT" - uses: pguyot/arm-runner-action@v2 with: image_additional_mb: 1024 @@ -44,7 +60,6 @@ jobs: echo "🍏 This job's status is ${{ job.status }}." echo -e "Complete 'runner context':\n{{ $matrix }}" uname -srm - hostnamectl grep Model /proc/cpuinfo whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} From 751931a917e61baa07905bf5561307d4a4c960ed Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Jun 2023 15:14:46 -0400 Subject: [PATCH 311/937] GHA: Try tightening up, with 'uname -a' --- .../30min-iiab-test-install-debian12.yml | 20 +++++-------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 0753cd422..2ae59027d 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -31,24 +31,15 @@ jobs: steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - #- name: Check out repository code - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJSON(github) }} - run: echo "$GITHUB_CONTEXT" + #- name: Dump GitHub context (typically almost 500 lines) + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: echo "$GITHUB_CONTEXT" - name: Dump matrix context env: MATRIX_CONTEXT: ${{ toJSON(matrix) }} run: echo "$MATRIX_CONTEXT" - uses: actions/checkout@v3.1.0 - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJSON(github) }} - run: echo "$GITHUB_CONTEXT" - - name: Dump matrix context - env: - MATRIX_CONTEXT: ${{ toJSON(matrix) }} - run: echo "$MATRIX_CONTEXT" - uses: pguyot/arm-runner-action@v2 with: image_additional_mb: 1024 @@ -58,8 +49,7 @@ jobs: copy_repository_path: /opt/iiab/iiab commands: | echo "🍏 This job's status is ${{ job.status }}." - echo -e "Complete 'runner context':\n{{ $matrix }}" - uname -srm + uname -a # uname -srm grep Model /proc/cpuinfo whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} From 935cc5606ec62da574a5dc145d4b703ba9546a0f Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Jun 2023 15:23:01 -0400 Subject: [PATCH 312/937] Similarly update 10min-iiab-test-install.yml --- .github/workflows/10min-iiab-test-install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 0926191af..16cddfcd9 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -22,11 +22,16 @@ jobs: steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + #- name: Dump GitHub context (typically almost 500 lines) + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: echo "$GITHUB_CONTEXT" - name: Check out repository code uses: actions/checkout@v3.1.0 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | + uname -a whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} # ls From 4d6bdaf808a27a3a1b571df8410329d7b99bd0ca Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Jun 2023 15:25:48 -0400 Subject: [PATCH 313/937] Update 10min-iiab-test-install.yml --- .github/workflows/10min-iiab-test-install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 16cddfcd9..2e567f984 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -31,9 +31,9 @@ jobs: - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | - uname -a - whoami # runner - pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + uname -a # uname -srm + whoami # Typically 'runner' instead of 'root' + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} # ls # ls $GITHUB_WORKSPACE # ls ${{ github.workspace }} From feccd64b4ac3bf378f43158bc92ab768f1cd92aa Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Jun 2023 15:26:25 -0400 Subject: [PATCH 314/937] Update 30min-iiab-test-install-debian12.yml --- .github/workflows/30min-iiab-test-install-debian12.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 2ae59027d..d61230890 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -49,10 +49,10 @@ jobs: copy_repository_path: /opt/iiab/iiab commands: | echo "🍏 This job's status is ${{ job.status }}." - uname -a # uname -srm grep Model /proc/cpuinfo - whoami # runner - pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + uname -a # uname -srm + whoami # Typically 'root' instead of 'runner' + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} apt-get update -y --allow-releaseinfo-change apt-get install --no-install-recommends -y git ls /opt/iiab/iiab From 0170835529ed660f8a0b64ff87231fdd91bf6eaa Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Jun 2023 15:30:47 -0400 Subject: [PATCH 315/937] Try 30min-iiab-test-install-raspios.yml like -debian12.yml --- .../30min-iiab-test-install-raspios.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index dea22ffa6..ea89758ed 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -42,7 +42,14 @@ jobs: steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - #- name: Check out repository code + #- name: Dump GitHub context (typically almost 500 lines) + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: echo "$GITHUB_CONTEXT" + - name: Dump matrix context + env: + MATRIX_CONTEXT: ${{ toJSON(matrix) }} + run: echo "$MATRIX_CONTEXT" - uses: actions/checkout@v3.1.0 - uses: pguyot/arm-runner-action@v2 with: @@ -52,11 +59,12 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | + echo "🍏 This job's status is ${{ job.status }}." #test `uname -m` = ${{ matrix.arch }} grep Model /proc/cpuinfo - echo "🍏 This job's status is ${{ job.status }}." - whoami # runner - pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + uname -a # uname -srm + whoami # Typically 'root' instead of 'runner' + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} sudo apt-get update -y --allow-releaseinfo-change sudo apt-get install --no-install-recommends -y git ls /opt/iiab/iiab From 10ab5dc91b6feba1db9819a59e134e3944656041 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Jun 2023 15:32:20 -0400 Subject: [PATCH 316/937] Rename 30min-iiab-test-install-debian12.yml to 30min-iiab-test-install-deb12-on-rpi3.yml --- ...all-debian12.yml => 30min-iiab-test-install-deb12-on-rpi3.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{30min-iiab-test-install-debian12.yml => 30min-iiab-test-install-deb12-on-rpi3.yml} (100%) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml similarity index 100% rename from .github/workflows/30min-iiab-test-install-debian12.yml rename to .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml From 0845b9b484cef79523971f3514eb6b190b5fa3cb Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Jun 2023 15:47:42 -0400 Subject: [PATCH 317/937] Likewise update job name to "deb12 on rpi3" --- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index d61230890..9940b2781 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install debian 12' +name: '"30 min" IIAB test install deb12 on rpi3' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html From 3f63c0b4dd407d75d283a868340828f34e2a1aed Mon Sep 17 00:00:00 2001 From: root Date: Sat, 10 Jun 2023 09:10:47 -0400 Subject: [PATCH 318/937] Clean df syntax, for each app's disk usage in iiab.ini --- roles/0-init/tasks/create_iiab_ini.yml | 6 +++--- roles/9-local-addons/tasks/main.yml | 12 ++++++------ roles/awstats/tasks/install.yml | 12 ++++++------ roles/azuracast/tasks/install.yml | 12 ++++++------ roles/calibre-web/tasks/install.yml | 12 ++++++------ roles/calibre/tasks/install.yml | 12 ++++++------ roles/captiveportal/tasks/install.yml | 12 ++++++------ roles/cups/tasks/install.yml | 12 ++++++------ roles/gitea/tasks/install.yml | 12 ++++++------ roles/iiab-admin/tasks/main.yml | 12 ++++++------ roles/internetarchive/tasks/install.yml | 12 ++++++------ roles/jupyterhub/tasks/install.yml | 12 ++++++------ roles/kalite/tasks/install.yml | 12 ++++++------ roles/kiwix/tasks/install.yml | 12 ++++++------ roles/kolibri/tasks/install.yml | 12 ++++++------ roles/lokole/tasks/install.yml | 12 ++++++------ roles/matomo/tasks/install.yml | 12 ++++++------ roles/mediawiki/tasks/install.yml | 12 ++++++------ roles/minetest/tasks/install.yml | 12 ++++++------ roles/mongodb/tasks/install.yml | 12 ++++++------ roles/monit/tasks/install.yml | 12 ++++++------ roles/moodle/tasks/install.yml | 12 ++++++------ roles/mosquitto/tasks/install.yml | 12 ++++++------ roles/munin/tasks/install.yml | 12 ++++++------ roles/mysql/tasks/install.yml | 12 ++++++------ roles/network/tasks/install.yml | 12 ++++++------ roles/nextcloud/tasks/install.yml | 12 ++++++------ roles/nginx/tasks/install.yml | 12 ++++++------ roles/nodejs/tasks/install.yml | 12 ++++++------ roles/nodered/tasks/install.yml | 12 ++++++------ roles/openvpn/tasks/install.yml | 12 ++++++------ roles/osm-vector-maps/tasks/install.yml | 12 ++++++------ roles/pbx/tasks/install.yml | 12 ++++++------ roles/phpmyadmin/tasks/install.yml | 12 ++++++------ roles/postgresql/tasks/install.yml | 12 ++++++------ roles/pylibs/tasks/main.yml | 12 ++++++------ roles/remoteit/tasks/install.yml | 12 ++++++------ roles/samba/tasks/install.yml | 12 ++++++------ roles/sshd/tasks/install.yml | 12 ++++++------ roles/sugarizer/tasks/install.yml | 12 ++++++------ roles/transmission/tasks/install.yml | 12 ++++++------ roles/usb_lib/tasks/install.yml | 12 ++++++------ roles/vnstat/tasks/install.yml | 12 ++++++------ roles/wordpress/tasks/install.yml | 12 ++++++------ roles/www_base/tasks/main.yml | 12 ++++++------ roles/www_options/tasks/main.yml | 12 ++++++------ roles/yarn/tasks/install.yml | 12 ++++++------ 47 files changed, 279 insertions(+), 279 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 6e3e08a73..75b2b338f 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -1,5 +1,5 @@ -- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }} below) to later estimate iiab_software_disk_usage - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record disk_used_a_priori (permanently, into {{ iiab_ini_file }} below) to later estimate iiab_software_disk_usage + shell: df -B1 --output=used / | tail -1 register: df1 # workaround for fact that auto create does not work on iiab_ini_file @@ -28,7 +28,7 @@ value: "{{ iiab_base }}" - option: iiab_dir value: "{{ iiab_dir }}" - - option: disk_space_a_priori + - option: disk_used_a_priori value: "{{ df1.stdout }}" - name: Add 'initial' variable values to {{ iiab_ini_file }} diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 7070973c6..ac657cd5c 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,20 +42,20 @@ name: pbx when: pbx_install -- name: Read 'disk_space_a_priori' from /etc/iiab/iiab.ini +- name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini set_fact: - df1: "{{ lookup('ansible.builtin.ini', 'disk_space_a_priori', section='summary', file=iiab_ini_file) }}" + df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}" -- name: Record currently available disk space, to compare with original 'disk_space_a_priori' - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record currently used disk space, to compare with original 'disk_used_a_priori' + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add ESTIMATED 'iiab_software_disk_usage = {{ df1|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add ESTIMATED 'iiab_software_disk_usage = {{ df2.stdout|int - df1|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: summary option: iiab_software_disk_usage - value: "{{ df1|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1|int }}" - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 5585c19ca..24a005c74 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -98,16 +98,16 @@ # RECORD AWStats AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'awstats_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'awstats_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: awstats option: awstats_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'awstats_installed: True'" set_fact: diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 741e164f5..bd25d96fb 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -25,8 +25,8 @@ # 5. Run './runrole --reinstall azuracast' in /opt/iiab/iiab -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -107,16 +107,16 @@ # RECORD AzuraCast AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'azuracast_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'azuracast_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: azuracast option: azuracast_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'azuracast_installed: True'" set_fact: diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 674880514..ebeefb6d7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -115,16 +115,16 @@ # RECORD Calibre-Web AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'calibreweb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'calibreweb_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: calibre-web option: calibreweb_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'calibreweb_installed: True'" set_fact: diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index 7646167a4..82218ada0 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -84,16 +84,16 @@ # 5. RECORD Calibre AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'calibre_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'calibre_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: calibre option: calibre_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'calibre_installed: True'" set_fact: diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index 791d516fa..b76ad39b0 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -56,16 +56,16 @@ # RECORD Captive Portal AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'captiveportal_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'captiveportal_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: captiveportal option: captiveportal_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'captiveportal_installed: True'" set_fact: diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index e080b68cf..e4e2e04ed 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -2,8 +2,8 @@ # (OR ANY MEMBER OF LINUX GROUP 'lpadmin') AS SET UP BELOW... -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -129,16 +129,16 @@ # RECORD CUPS AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'cups_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'cups_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: cups option: cups_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'cups_installed: True'" set_fact: diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 59f9d0be9..c46abbdab 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -110,16 +110,16 @@ # 5. RECORD Gitea AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'gitea_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'gitea_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: gitea option: gitea_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'gitea_installed: True'" set_fact: diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index f9d6d38a5..fabe0bffe 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -2,8 +2,8 @@ # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -40,16 +40,16 @@ # RECORD iiab-admin AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'iiab_admin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'iiab_admin_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: iiab-admin option: iiab_admin_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'iiab_admin_installed: True'" set_fact: diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 9f67851cf..0d36c09c8 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -30,8 +30,8 @@ state: present -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -69,16 +69,16 @@ # 4. RECORD Internet Archive AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'internetarchive_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'internetarchive_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: internetarchive option: internetarchive_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'internetarchive_installed: True'" set_fact: diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index eeffed232..8d7273215 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,8 +13,8 @@ when: nodejs_installed is undefined -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -109,16 +109,16 @@ # RECORD JupyterHub AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'jupyterhub_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'jupyterhub_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: jupyterhub option: jupyterhub_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'jupyterhub_installed: True'" set_fact: diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index dc802f8cc..7df40364d 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -110,16 +110,16 @@ # RECORD KA Lite AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'kalite_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'kalite_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: kalite option: kalite_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'kalite_installed: True'" set_fact: diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index e8a606b13..3ad37ba2c 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -6,8 +6,8 @@ when: kiwix_arch == "unsupported" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -123,16 +123,16 @@ # 5. RECORD Kiwix AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'kiwix_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'kiwix_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: kiwix option: kiwix_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'kiwix_installed: True'" set_fact: diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 3b5826f6c..f0a06d292 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -23,8 +23,8 @@ # https://kolibri.readthedocs.io/en/latest/install/provision.html -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -214,16 +214,16 @@ # RECORD Kolibri AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'kolibri_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'kolibri_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: kolibri option: kolibri_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'kolibri_installed: True'" set_fact: diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 5f8c76d4f..a002268fc 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,8 +2,8 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -138,16 +138,16 @@ # RECORD Lokole AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'lokole_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'lokole_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: lokole option: lokole_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'lokole_installed: True'" set_fact: diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 97c321d83..d6f8060a4 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,8 +12,8 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -244,16 +244,16 @@ # RECORD Matomo AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'matomo_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'matomo_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: matomo option: matomo_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'matomo_installed: True'" set_fact: diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index b5af608c1..204fc0c45 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -100,16 +100,16 @@ # RECORD MediaWiki AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mediawiki_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mediawiki_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mediawiki option: mediawiki_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mediawiki_installed: True'" set_fact: diff --git a/roles/minetest/tasks/install.yml b/roles/minetest/tasks/install.yml index e9e9982b9..9c00a10c2 100644 --- a/roles/minetest/tasks/install.yml +++ b/roles/minetest/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -40,16 +40,16 @@ # RECORD Minetest AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'minetest_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'minetest_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: minetest option: minetest_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'minetest_installed: True'" set_fact: diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 8efb7d91d..10c2f39f5 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -4,8 +4,8 @@ # https://www.mongodb.com/docs/manual/installation/ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -372,16 +372,16 @@ # 3. RECORD MongoDB AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mongodb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mongodb_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mongodb option: mongodb_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mongodb_installed: True'" set_fact: diff --git a/roles/monit/tasks/install.yml b/roles/monit/tasks/install.yml index 7dd9802d1..8d523c653 100644 --- a/roles/monit/tasks/install.yml +++ b/roles/monit/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -40,16 +40,16 @@ # RECORD Monit AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'monit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'monit_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: monit option: monit_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'monit_installed: True'" set_fact: diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index cb19f242c..570e782b7 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,8 +17,8 @@ name: postgresql -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -194,16 +194,16 @@ # RECORD Moodle AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'moodle_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'moodle_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: moodle option: moodle_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'moodle_installed: True'" set_fact: diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml index 5f1fdde01..d4b7271a0 100644 --- a/roles/mosquitto/tasks/install.yml +++ b/roles/mosquitto/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -37,16 +37,16 @@ # RECORD Mosquitto AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mosquitto_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mosquitto_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mosquitto option: mosquitto_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mosquitto_installed: True'" set_fact: diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index cb6460c9f..4366a19d8 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -49,16 +49,16 @@ # RECORD Munin AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'munin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'munin_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: munin option: munin_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'munin_installed: True'" set_fact: diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 3abfc3d30..87bcd9c1a 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -66,16 +66,16 @@ # RECORD MySQL AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mysql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mysql_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mysql option: mysql_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mysql_installed: True'" set_fact: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 10ed94b5e..188713b8f 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -106,16 +106,16 @@ # RECORD Network AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'network_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'network_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: network option: network_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'network_installed: True'" set_fact: diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ee1bed19f..4262bddc5 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -124,16 +124,16 @@ # RECORD Nextcloud AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nextcloud_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nextcloud_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nextcloud option: nextcloud_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nextcloud_installed: True'" set_fact: diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index a9e4c0b6c..b45920dd1 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -71,16 +71,16 @@ # RECORD NGINX AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nginx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nginx_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nginx option: nginx_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nginx_installed: True'" set_fact: diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index fcc6aaaea..830b1e002 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -2,8 +2,8 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -170,16 +170,16 @@ # 3. RECORD Node.js AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nodejs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nodejs_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nodejs option: nodejs_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nodejs_installed: True'" set_fact: diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 70a213087..b7c711ac5 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -23,8 +23,8 @@ # when: nodejs_version != "12.x" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -143,16 +143,16 @@ # RECORD Node-RED AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nodered_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nodered_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nodered option: nodered_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nodered_installed: True'" set_fact: diff --git a/roles/openvpn/tasks/install.yml b/roles/openvpn/tasks/install.yml index 4241fa723..53f5dc7f2 100644 --- a/roles/openvpn/tasks/install.yml +++ b/roles/openvpn/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -105,16 +105,16 @@ # RECORD OpenVPN AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'openvpn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'openvpn_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: openvpn option: openvpn_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'openvpn_installed: True'" set_fact: diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 17a82b5b4..f46016ebc 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -201,16 +201,16 @@ # RECORD OSM Vector Maps AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'osm_vector_maps_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'osm_vector_maps_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: osm-vector-maps option: osm_vector_maps_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'osm_vector_maps_installed: True'" set_fact: diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index 934d1dbe3..ef9dea71d 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -22,8 +22,8 @@ # when: nodejs_version != "12.x" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -49,16 +49,16 @@ # RECORD PBX AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'pbx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'pbx_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: pbx option: pbx_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'pbx_installed: True'" set_fact: diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index 6c5ccc499..7d510de69 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -53,16 +53,16 @@ # RECORD phpMyAdmin AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'phpmyadmin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'phpmyadmin_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: phpmyadmin option: phpmyadmin_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'phpmyadmin_installed: True'" set_fact: diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index f16a06b8d..f07cf943d 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -95,16 +95,16 @@ # RECORD PostgreSQL AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'postgresql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'postgresql_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: postgresql option: postgresql_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'postgresql_installed: True'" set_fact: diff --git a/roles/pylibs/tasks/main.yml b/roles/pylibs/tasks/main.yml index aecabbeb8..9283c44f3 100644 --- a/roles/pylibs/tasks/main.yml +++ b/roles/pylibs/tasks/main.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -18,16 +18,16 @@ # RECORD pylibs AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'pylibs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'pylibs_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: pylibs option: pylibs_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'pylibs_installed: True'" set_fact: diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 6f2bedae6..4610f63fc 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -129,16 +129,16 @@ # RECORD remote.it AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'remoteit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'remoteit_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: remoteit option: remoteit_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'remoteit_installed: True'" set_fact: diff --git a/roles/samba/tasks/install.yml b/roles/samba/tasks/install.yml index 6c2b47fa0..1ebc623ed 100644 --- a/roles/samba/tasks/install.yml +++ b/roles/samba/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -36,16 +36,16 @@ # RECORD Samba AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'samba_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'samba_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: samba option: samba_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'samba_installed: True'" set_fact: diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index 20e8b4bf5..b5b3271bc 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -10,8 +10,8 @@ # 2) Use Ansible handler to reload ssh? -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -47,16 +47,16 @@ # RECORD sshd AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'sshd_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'sshd_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: sshd option: sshd_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'sshd_installed: True'" set_fact: diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 95206dc7a..e0f973037 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -27,8 +27,8 @@ # when: nodejs_version != "12.x" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -237,16 +237,16 @@ # 6. RECORD Sugarizer AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'sugarizer_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'sugarizer_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: sugarizer option: sugarizer_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'sugarizer_installed: True'" set_fact: diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 7f64d0e70..90c133511 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -59,16 +59,16 @@ # RECORD Transmission AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'transmission_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'transmission_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: transmission option: transmission_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'transmission_installed: True'" set_fact: diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index bea8638ee..5db37908b 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -8,8 +8,8 @@ # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -93,16 +93,16 @@ # RECORD 'USB_LIB' AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'usb_lib_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'usb_lib_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: usb_lib option: usb_lib_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'usb_lib_installed: True'" set_fact: diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 0d34e5cfc..46db71ddd 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -47,16 +47,16 @@ # RECORD vnStat AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'vnstat_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'vnstat_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: vnstat option: vnstat_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'vnstat_installed: True'" set_fact: diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 449891e37..38fb08180 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,8 +12,8 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -140,16 +140,16 @@ # RECORD WordPress AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'wordpress_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'wordpress_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: wordpress option: wordpress_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'wordpress_installed: True'" set_fact: diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 8e278d60b..8efe11472 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -2,8 +2,8 @@ # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -60,16 +60,16 @@ # RECORD www_base AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'www_base_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'www_base_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: www_base option: www_base_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'www_base_installed: True'" set_fact: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index eea007b7f..9e41f6e76 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -2,8 +2,8 @@ # Role "www_options" runs here, probably in 4-SERVER-OPTIONS. -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -124,16 +124,16 @@ # RECORD www_options AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'www_options_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'www_options_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: www_options option: www_options_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'www_options_installed: True'" set_fact: diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index 5d8e3a258..331a10474 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -45,16 +45,16 @@ # RECORD Yarn AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'yarn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'yarn_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: yarn option: yarn_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'yarn_installed: True'" set_fact: From e5a9cee54fb749cd87b9cb3a74f97d89bd60bb88 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 11 Jun 2023 07:59:09 -0400 Subject: [PATCH 319/937] Stub support for upcoming Debian 13 "Trixie" pre-releases --- scripts/local_facts.fact | 1 + vars/debian-13.yml | 5 +++++ vars/default_vars.yml | 1 + vars/ubuntu-2310.yml | 15 --------------- 4 files changed, 7 insertions(+), 15 deletions(-) create mode 100644 vars/debian-13.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 4debf731a..885fbec8e 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -81,6 +81,7 @@ OS_VER="$OS-$VERSION_ID" case $OS_VER in "debian-11" | \ "debian-12" | \ + "debian-13" | \ "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ diff --git a/vars/debian-13.yml b/vars/debian-13.yml new file mode 100644 index 000000000..09ef89f68 --- /dev/null +++ b/vars/debian-13.yml @@ -0,0 +1,5 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_13: True diff --git a/vars/default_vars.yml b/vars/default_vars.yml index fc2826b03..5502204b9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -790,6 +790,7 @@ is_linuxmint_21: False is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) +is_debian_13: False is_debian_12: False is_debian_11: False #is_debian_10: False diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml index ed40633df..165a64a46 100644 --- a/vars/ubuntu-2310.yml +++ b/vars/ubuntu-2310.yml @@ -3,18 +3,3 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2310: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: openssh-server -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" From 73f1d6cf8e64ca3335e6b82d3146477cfa6504dd Mon Sep 17 00:00:00 2001 From: root Date: Sun, 11 Jun 2023 21:33:35 -0400 Subject: [PATCH 320/937] WIP: Try 'transmission_compile_latest: True' --- roles/transmission/README.rst | 5 ++- roles/transmission/defaults/main.yml | 1 + roles/transmission/tasks/install.yml | 48 ++++++++++++++++++++++++++-- vars/default_vars.yml | 1 + vars/local_vars_large.yml | 1 + vars/local_vars_medium.yml | 1 + vars/local_vars_small.yml | 1 + vars/local_vars_unittest.yml | 1 + 8 files changed, 56 insertions(+), 3 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 2112fc778..80af71b96 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -111,10 +111,13 @@ Docs As of June 2023, these docs appear to be the most up-to-date: - https://github.com/transmission/transmission/tree/main/docs + - https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md - https://github.com/transmission/transmission/blob/main/docs/Configuration-Files.md + - https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md - https://github.com/transmission/transmission/blob/main/docs/Headless-Usage.md -- https://wiki.archlinux.org/title/transmission (updated regularly) - https://cli-ck.io/transmission-cli-user-guide/ (2016 but still useful) + - https://github.com/transmission/transmission#command-line-interface-notes ("``transmission-cli`` is deprecated and exists primarily to support older hardware dependent upon it. In almost all instances, ``transmission-remote`` should be used instead.") +- https://wiki.archlinux.org/title/transmission (updated regularly) - https://trac.transmissionbt.com/wiki (2006-2019) Logging diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index f6763f593..96fd188d4 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -1,6 +1,7 @@ # Transmission is a BitTorrent downloader for large Content Packs etc # transmission_install: False # transmission_enabled: False +# transmission_compile_latest: True # transmission_username: Admin # transmission_password: changeme diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 90c133511..eaf211bfa 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -10,6 +10,47 @@ - transmission-cli state: present + +- block: + + - name: "TRY TO COMPILE & INSTALL very latest Transmission, installing ~5 binaries in /usr/local/bin to take precedence over above binaries in /usr/bin (attempt surgery on systemd unit file from apt install above!)" + meta: noop + + # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#on-unix + - name: apt install build-essential cmake libcurl4-openssl-dev libssl-dev # git python3 + package: + name: + - build-essential + - cmake + - libcurl4-openssl-dev + - libssl-dev + state: present + + # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time + - name: Git clone latest to /opt/iiab/transmission + git: + repo: https://github.com/transmission/transmission + dest: /opt/iiab/transmission + #version: 4.0.x # Otherwise default branch 'main' + depth: 1 + force: yes + + - name: Compile & Install (CAN TAKE 10+ MINUTES, OR MUCH MORE ON A RASPBERRY PI!) + shell: | + cd /opt/iiab/transmission + git submodule update --init --recursive + mkdir build + cd build + cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo .. + make + make install + + - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service changing /usr/bin/transmission* to /usr/local/bin/transmission* + command: sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml + + when: transmission_compile_latest + + - name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }} file: state: directory @@ -23,7 +64,10 @@ state: stopped ignore_errors: yes -- name: Back up prior /etc/transmission-daemon/settings.json (original file from apt, or new symlink contents) to /etc/transmission-daemon/settings.json.old* +# 'transmission-daemon -d' (--dump-settings) CAN GENERATE A NEW settings.json +# ...then customize ~8 var lines to create a new templates/settings.json.j2 + +- name: Back up prior /etc/transmission-daemon/settings.json (file originally from apt, or new symlink contents) to /etc/transmission-daemon/settings.json.old* copy: src: /etc/transmission-daemon/settings.json dest: /etc/transmission-daemon/settings.json.old @@ -52,7 +96,7 @@ - name: "Reverse Transmission's fragile OOTB symlink -- instead we establish /etc/transmission-daemon/settings.json -> /var/lib/transmission-daemon/.config/transmission-daemon/settings.json -- REASON: /etc/transmission-daemon/settings.json was intermittently being IGNORED, as Transmission sometimes breaks its own symlink from /var/lib/transmission-daemon/.config/transmission-daemon/settings.json (by turning it into a file instead)" file: path: /etc/transmission-daemon/settings.json - src: /var/lib/transmission-daemon/.config/transmission-daemon/settings.json + src: /var/lib/transmission-daemon/.config/transmission-daemon/settings.json # Symlink /var/lib/transmission-daemon/home/settings.json also points to this state: link force: yes diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 5502204b9..47a03b1aa 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -543,6 +543,7 @@ sugarizer_port: 8089 # Transmission is a BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False +transmission_compile_latest: True transmission_username: Admin transmission_password: changeme diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1c1e8b7d3..7a98cfa37 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -320,6 +320,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 776d94614..237063f15 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -320,6 +320,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 35514ab81..83c58e62a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -320,6 +320,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 4cc01a9c6..940142665 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -320,6 +320,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: From d03ff5d6298fb3b26be9522feaa02774b9c00c52 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 11 Jun 2023 22:17:46 -0400 Subject: [PATCH 321/937] Hint: use transmission-remote NOT deprecated transmission-cli --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index eaf211bfa..280d210f7 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -13,7 +13,7 @@ - block: - - name: "TRY TO COMPILE & INSTALL very latest Transmission, installing ~5 binaries in /usr/local/bin to take precedence over above binaries in /usr/bin (attempt surgery on systemd unit file from apt install above!)" + - name: "TRY TO COMPILE & INSTALL very latest Transmission, installing ~5 binaries in /usr/local/bin to take precedence over above ~6 binaries in /usr/bin (attempt surgery on systemd unit file from apt install above!)" meta: noop # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#on-unix From beae3643b9898aaf7adbc34c25b0c4f6e7158307 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 11 Jun 2023 22:37:23 -0400 Subject: [PATCH 322/937] transmission-daemon.service: --log-error -> --log-level=error --- roles/transmission/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 280d210f7..4ab86a05d 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -45,8 +45,10 @@ make make install - - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service changing /usr/bin/transmission* to /usr/local/bin/transmission* - command: sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml + - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service (1) changing --log-error to --log-level=error (2) changing /usr/bin/transmission* to /usr/local/bin/transmission* + shell: | + sed -i 's/--log-error/--log-level=error/' /lib/systemd/system/transmission-daemon.service # --log-error deprecated since 2020 + sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml when: transmission_compile_latest From 122a84588a9af4a763d67e8c1330cf150c21faf2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 00:44:14 -0400 Subject: [PATCH 323/937] transmission/tasks/install.yml: Clarify compile link --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 4ab86a05d..d0266f9dd 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -26,7 +26,6 @@ - libssl-dev state: present - # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - name: Git clone latest to /opt/iiab/transmission git: repo: https://github.com/transmission/transmission @@ -35,6 +34,7 @@ depth: 1 force: yes + # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - name: Compile & Install (CAN TAKE 10+ MINUTES, OR MUCH MORE ON A RASPBERRY PI!) shell: | cd /opt/iiab/transmission From 7f09784fe187fd34e6ee922a195656e4ee1f92ec Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 00:48:31 -0400 Subject: [PATCH 324/937] 'transmission-daemon --log-level=error' since ~2020 --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index d0266f9dd..61b3ec4f4 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -47,7 +47,7 @@ - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service (1) changing --log-error to --log-level=error (2) changing /usr/bin/transmission* to /usr/local/bin/transmission* shell: | - sed -i 's/--log-error/--log-level=error/' /lib/systemd/system/transmission-daemon.service # --log-error deprecated since 2020 + sed -i 's/--log-error/--log-level=error/' /lib/systemd/system/transmission-daemon.service # --log-error deprecated since ~2020 sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml when: transmission_compile_latest From 71010c0feed88d73e370ffd349d7d50a98a7c0d7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 00:51:20 -0400 Subject: [PATCH 325/937] Clarify 'git clone https://github.com/transmission/transmission' --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 61b3ec4f4..2fc2fde70 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -26,7 +26,7 @@ - libssl-dev state: present - - name: Git clone latest to /opt/iiab/transmission + - name: Git clone https://github.com/transmission/transmission to /opt/iiab/transmission git: repo: https://github.com/transmission/transmission dest: /opt/iiab/transmission From 16ba23bf3e5c5e7df1c71a76a04156fccb8143bc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 01:00:58 -0400 Subject: [PATCH 326/937] transmission/README.rst: Link to transmission-rpc docs --- roles/transmission/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 80af71b96..90048c596 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -115,6 +115,8 @@ As of June 2023, these docs appear to be the most up-to-date: - https://github.com/transmission/transmission/blob/main/docs/Configuration-Files.md - https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md - https://github.com/transmission/transmission/blob/main/docs/Headless-Usage.md + - https://github.com/transmission/transmission/blob/main/docs/rpc-spec.md + - https://transmission-rpc.readthedocs.io - https://cli-ck.io/transmission-cli-user-guide/ (2016 but still useful) - https://github.com/transmission/transmission#command-line-interface-notes ("``transmission-cli`` is deprecated and exists primarily to support older hardware dependent upon it. In almost all instances, ``transmission-remote`` should be used instead.") - https://wiki.archlinux.org/title/transmission (updated regularly) From 9df95cedf8b9bd9cddc8e7a77ca875bdd5c7c79a Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 01:31:19 -0400 Subject: [PATCH 327/937] transmission/README.rst: Overhaul logging instructions --- roles/transmission/README.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 90048c596..8df899064 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -125,14 +125,14 @@ As of June 2023, these docs appear to be the most up-to-date: Logging ------- -To turn on logging and/or record the Process ID (PID), follow these instructions: https://pawelrychlicki.pl/Home/Details/59/transmission-daemon-doesnt-create-a-log-file-nor-a-pid-file-ubuntu-server-1804 +Increase logging by changing transmission-daemon's ``--log-level=error`` to ``--log-level=debug`` in ``/lib/systemd/system/transmission-daemon.service`` -This gives permissions to user ``debian-transmission`` — if you use these 3 lines in ``/lib/systemd/system/transmission-daemon.service`` : +(Options are: ``critical``, ``error``, ``warn``, ``info``, ``debug`` or ``trace``) -:: +Then run:: - RuntimeDirectory=transmission-daemon - LogsDirectory=transmission-daemon - ExecStart=/usr/bin/transmission-daemon -f --log-error --log-debug --logfile /var/log/transmission-daemon/transmission.log --pid-file /run/transmission-daemon/transmission.pid + systemctl daemon-reload + systemctl restart transmission-daemon + journalctl -eu transmission-daemon Noting that one should not normally edit files in ``/lib`` or ``/usr/lib`` — systemd has a command for customizing unit files: ``systemctl edit --full transmission-daemon.service`` From 2c8423394690bafc9e9cdefe4e856626818b1452 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 09:59:31 -0400 Subject: [PATCH 328/937] Compiling Transmission requires 'apt install libsystemd-dev' --- roles/transmission/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 2fc2fde70..570b9cd8a 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -17,13 +17,15 @@ meta: noop # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#on-unix - - name: apt install build-essential cmake libcurl4-openssl-dev libssl-dev # git python3 + # https://github.com/transmission/transmission/issues/5362 tips thanks to @tearfur + - name: apt install build-essential cmake libcurl4-openssl-dev libssl-dev libsystemd-dev # git python3 package: name: - build-essential - cmake - libcurl4-openssl-dev - libssl-dev + - libsystemd-dev state: present - name: Git clone https://github.com/transmission/transmission to /opt/iiab/transmission From 251694f2f257db3870c0acce09fb2f70760073ca Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 12:56:36 -0400 Subject: [PATCH 329/937] Free up disk (~1.6 GB) after Transmission compile --- roles/transmission/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 570b9cd8a..20dc9a5f2 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -37,7 +37,7 @@ force: yes # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - - name: Compile & Install (CAN TAKE 10+ MINUTES, OR MUCH MORE ON A RASPBERRY PI!) + - name: Compile, install & remove detritus (CAN TAKE 50 MINUTES OR MORE ON A RASPBERRY PI 4!) shell: | cd /opt/iiab/transmission git submodule update --init --recursive @@ -46,6 +46,8 @@ cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo .. make make install + cd + rm -rf /opt/iiab/transmission # 2023-06-12: Frees up 1.1 GB on 32-bit RasPiOS. Frees up 1.6 GB on 64-bit RasPiOS. - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service (1) changing --log-error to --log-level=error (2) changing /usr/bin/transmission* to /usr/local/bin/transmission* shell: | From 934f2c1799cdc2ac6a6ab8a4e1b97ab0a8e449cc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 14:25:12 -0400 Subject: [PATCH 330/937] Kiwix support for 'armv6l: armv6' & 'armv7l: armv8' (tentative!) --- roles/kiwix/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 3d3472f1a..0010929c9 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -29,8 +29,8 @@ kiwix_arch_dict: # 'dpkg --print-architecture' key would be: (to mitigate # #i386: # ? i686: i586 # ? x86_64: x86_64 # amd64 - armv6l: armhf # armhf - armv7l: armhf # armhf BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574, PR #3576 + armv6l: armv6 # armhf + armv7l: armv8 # armhf BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574, PR #3576 aarch64: aarch64 # arm64 BEWARE: "32-bit" RasPiOS suddenly boots 64-bit kernel since March 2023 -- #3516, explained at https://github.com/iiab/iiab/pull/3422#issuecomment-1533441463 # ansible_architecture might also work, if not quite as well: From 21ca31877878465f2ffca4a0334ad1c702aa222e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 14:29:47 -0400 Subject: [PATCH 331/937] Revert May's kiwix-tools armhf 3.5.0 workaround to 3.4.0 --- roles/kiwix/tasks/install.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 3ad37ba2c..a78f71d21 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -24,23 +24,23 @@ timeout: "{{ download_timeout }}" register: kiwix_dl # PATH /opt/iiab/downloads + ACTUAL filename put in kiwix_dl.dest, for unarchive ~28 lines below -- name: "2023-05-14: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" - get_url: - url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz - dest: "{{ downloads_dir }}" - timeout: "{{ download_timeout }}" - #register: kiwix_dl # CLOBBERS kiwix_dl.dest WHEN THIS STANZA DOES NOT RUN :/ - when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" - -# Ansible does not allow changing individuals subfields in a dictionary, but -# this crude hack works, overwriting the entire kiwix_dl dictionary var with -# the single (needed) key/value pair. (Or "register: tmp_dl" could be set -# above, if its other [subfields, key/value pairs, etc] really mattered...) -- name: "2023-05-15: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" - set_fact: - kiwix_dl: - dest: /opt/iiab/downloads/kiwix-tools_linux-armhf-3.4.0.tar.gz - when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" +# - name: "2023-05-14: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" +# get_url: +# url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz +# dest: "{{ downloads_dir }}" +# timeout: "{{ download_timeout }}" +# #register: kiwix_dl # CLOBBERS kiwix_dl.dest WHEN THIS STANZA DOES NOT RUN :/ +# when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" +# +# # Ansible does not allow changing individuals subfields in a dictionary, but +# # this crude hack works, overwriting the entire kiwix_dl dictionary var with +# # the single (needed) key/value pair. (Or "register: tmp_dl" could be set +# # above, if its other [subfields, key/value pairs, etc] really mattered...) +# - name: "2023-05-15: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" +# set_fact: +# kiwix_dl: +# dest: /opt/iiab/downloads/kiwix-tools_linux-armhf-3.4.0.tar.gz +# when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" - name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) stat: From c4e94c5be04831b862da0e387cb4eb6300113b1c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 22:08:51 -0400 Subject: [PATCH 332/937] kiwix/defaults/main.yml: Update redirect doc link --- roles/kiwix/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 0010929c9..52e881796 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -42,6 +42,7 @@ kiwix_arch: "{{ kiwix_arch_dict[ansible_machine] | default('unsupported') }}" # Latest official kiwix-tools release, per Kiwix permalink redirects: # https://www.kiwix.org/en/downloads/kiwix-serve/ # https://github.com/kiwix/container-images/issues/236 +# https://github.com/kiwix/kiwix-tools/issues/623 kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}.tar.gz" #kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}-3.3.0-1.tar.gz" # Version can be hard-coded if you prefer (as was done til 2022-10-04) From 87d3bccd25cad912c72c0e91987a793ac401011f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jun 2023 23:08:57 -0400 Subject: [PATCH 333/937] remote.it workaround for incoming ICMP firewalls e.g. GitHub Actions --- roles/remoteit/tasks/enable-or-disable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 5fba120ca..0023e0b17 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -33,7 +33,7 @@ # service, that they removed from 4.15.2 device packages on 2022-09-07. # (Either way, the job below never deletes /etc/remoteit/registration) -- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don''t already have a license key in /etc/remoteit/registration) -- FYI this spawns 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' +- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don''t already have a license key in /etc/remoteit/registration) -- FYI this should spawn 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' command: /usr/share/remoteit/refresh.sh when: remoteit_enabled @@ -59,6 +59,7 @@ name: schannel enabled: no state: stopped + ignore_errors: yes # 2023-06-12: Let's make these rare-but-unavoidable errors RED very intentionally, as below. Thanks to @neomatrixcode for surfacing this GitHub Actions problem, likely arising from inbound ICMP being blocked during remote.it install and/or above refresh.sh setup: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#cloud-hosts-used-by-github-hosted-runners when: not remoteit_enabled - name: Stop & Disable "Remote tcp connection services" remoteit@* found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service From b3f284c35a82b033707441978e2b08ec96910fbd Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 13 Jun 2023 00:33:45 -0400 Subject: [PATCH 334/937] Update/clarify remote.it's latest pricing/plans --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 8a58110fb..218094d06 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [October 2022](https://remote.it/pricing/), 5 IIAB devices can be managed for free, and an unlimited number can be managed for $10/month. +As of [June 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From 8387cd94a3a82aef1ff04cdd10f40add8da5325a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 15 Jun 2023 09:01:38 -0400 Subject: [PATCH 335/937] nextcloud/tasks/install.yml: Clarify Nextcloud 27 reqs --- roles/nextcloud/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 4262bddc5..090c184fc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -46,12 +46,12 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. -# 2023-03-21: Check the latest required AND recommended prereqs below. -# e.g. Nextcloud 26 now allows installation on PHP 8.2: +# 2023-03-21 & 2023-06-15: Check latest required AND recommended prereqs below. +# e.g. Nextcloud 26 now works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0 # https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/25/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/26/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From 36c5caecd1612f59e60641f806da0088f3ba7c0c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Jun 2023 13:41:41 -0400 Subject: [PATCH 336/937] Recommend ansible-core 2.15.1 --- scripts/ansible | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 3ae46a4c9..2a9be4a75 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.6] -GOOD_VER=2.14.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.1] +GOOD_VER=2.15.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -216,7 +216,8 @@ if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi -/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core==2.14.6 # 2023-05-22: TEMPORARILY REVERT FROM 2.15.0 UNTIL ansible/ansible#80863 FIXED (e.g. for FreePBX, #3588) +# 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) +/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do From ed73e94b460baff5d8e36f365f8c3bc2deb72c5a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Jun 2023 14:44:25 -0400 Subject: [PATCH 337/937] freepbx.yml: Interim use of 'nohup' for ansible 2.15.x regression --- roles/pbx/tasks/freepbx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index d8632aa5b..521ecedc5 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -238,7 +238,7 @@ chdir: "{{ freepbx_src_dir }}" creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx with_items: - - ./start_asterisk start + - nohup ./start_asterisk start # 2023-06-20: Interim use of 'nohup' until ansible 2.15.x solves regression ansible/ansible#80863 - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} From c6316c1df7cf78c6a23a03f8faab784377f9ff5a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Jun 2023 15:24:15 -0400 Subject: [PATCH 338/937] freepbx.yml: Clarify 2-step FreePBX install (1st stab) --- roles/pbx/tasks/freepbx.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 521ecedc5..5a44d86fd 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -232,7 +232,8 @@ dest: /etc/asterisk/cdr_mysql.conf -- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) +# 2023-05-21: Asterisk is normally OFF at this point (but that doesn't matter, either way!) +- name: FreePBX - 2-step install - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) command: "{{ item }}" args: chdir: "{{ freepbx_src_dir }}" From 822c4c2e08c7d0a7282bd425546c08585427be49 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 21 Jun 2023 09:21:39 -0400 Subject: [PATCH 339/937] Interim hack to start Asterisk til ansible-core 2.15.x recovers --- roles/pbx/tasks/freepbx.yml | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 5a44d86fd..daa2f4e3c 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -232,16 +232,30 @@ dest: /etc/asterisk/cdr_mysql.conf -# 2023-05-21: Asterisk is normally OFF at this point (but that doesn't matter, either way!) -- name: FreePBX - 2-step install - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) - command: "{{ item }}" +# 2023-05-21: Asterisk is in fact normally OFF at this point (shouldn't matter!) +# - name: FreePBX - Spawn 'nohup ./start_asterisk start' in {{ freepbx_src_dir }} +# command: nohup ./start_asterisk start +# args: +# chdir: "{{ freepbx_src_dir }}" + +# 2023-06-21: Interim use of 'nohup' didn't quite solve ansible 2.15.x +# regression ansible/ansible#80863, which led to PR's #3588 and #3604. +- name: FreePBX - INTERIM USE OF 'systemctl start asterisk' TIL ANSIBLE FIXES 2.15.x REGRESSION ansible/ansible#80863 -- 'nohup ./start_asterisk start' ALSO DOESN'T WORK WITH 2.15.0 AND 2.15.1 + systemd: + name: asterisk + state: started + #enabled: yes + +# 2023-06-21: Commands to try to see if Asterisk has started & stabilized? +# pidof asterisk +# /usr/sbin/asterisk -rx 'core show version' +# journalctl -eu asterisk + +- name: FreePBX - WAIT 5 SECONDS TO SIMULATE './start_asterisk start' (REQUIRED DUE TO ABOVE ANSIBLE BUG) THEN install FreePBX to {{ freepbx_install_dir }} - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) + shell: sleep 5 && ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} args: chdir: "{{ freepbx_src_dir }}" - creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx - with_items: - - nohup ./start_asterisk start # 2023-06-20: Interim use of 'nohup' until ansible 2.15.x solves regression ansible/ansible#80863 - - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} - # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} + #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 From ea3bb783cc65c23258c2d3acb7242bc1974c3bd8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Jun 2023 09:53:43 -0400 Subject: [PATCH 340/937] Clarify freepbx.yml hack, to start Asterisk (awaiting ansible-core 2.15.x fix) --- roles/pbx/tasks/freepbx.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index daa2f4e3c..8ca2cd83f 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -240,18 +240,18 @@ # 2023-06-21: Interim use of 'nohup' didn't quite solve ansible 2.15.x # regression ansible/ansible#80863, which led to PR's #3588 and #3604. -- name: FreePBX - INTERIM USE OF 'systemctl start asterisk' TIL ANSIBLE FIXES 2.15.x REGRESSION ansible/ansible#80863 -- 'nohup ./start_asterisk start' ALSO DOESN'T WORK WITH 2.15.0 AND 2.15.1 +- name: FreePBX - INTERIM USE OF 'systemctl start asterisk' TIL ANSIBLE FIXES 2.15.x REGRESSION ansible/ansible#80863 -- AS EVEN 'nohup ./start_asterisk start' DOESN'T WORK WITH 2.15.0 AND 2.15.1 systemd: name: asterisk state: started #enabled: yes -# 2023-06-21: Commands to try to see if Asterisk has started & stabilized? +# 2023-06-21: Commands to try, to see if Asterisk has started & stabilized? # pidof asterisk # /usr/sbin/asterisk -rx 'core show version' # journalctl -eu asterisk -- name: FreePBX - WAIT 5 SECONDS TO SIMULATE './start_asterisk start' (REQUIRED DUE TO ABOVE ANSIBLE BUG) THEN install FreePBX to {{ freepbx_install_dir }} - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) +- name: FreePBX - WAIT 5 SECONDS TO SIMULATE './start_asterisk start' (REQUIRED DUE TO ABOVE ANSIBLE BUG) THEN... install FreePBX to {{ freepbx_install_dir }} - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) shell: sleep 5 && ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} args: chdir: "{{ freepbx_src_dir }}" From cf724194f81d683b76980510cc26e3ad971447b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Jun 2023 08:00:11 -0400 Subject: [PATCH 341/937] Update nextcloud/README.md PHP & prereq links --- roles/nextcloud/README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 2e346a16f..6b4622bcf 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) -(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini: +(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : - upload_max_filesize - post_max_size @@ -34,10 +34,13 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi - max_input_time - max_input_vars (Moodle 3.11+ requires 5000+ with PHP 8+) -Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/main.yml#L53-L133) +FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle requires). -(4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/php-settings.yml#L55-L110) +(4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: + +- https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml From d7ec19a70b0455b1d07bb2b75528600b1403543a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Jun 2023 08:07:04 -0400 Subject: [PATCH 342/937] Fix doc link to www_options/tasks/php-settings.yml --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 6b4622bcf..adea58ee9 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -36,7 +36,7 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle requires). -Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/php-settings.yml#L55-L110) +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/php-settings.yml#L55-L110](../www_options/tasks/php-settings.yml#L55-L110) (4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: From dd2ed569511c5703ccb7c1d019a98bdf855ee048 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Jun 2023 09:27:57 -0400 Subject: [PATCH 343/937] nextcloud/README.md: Strike ownyourbits.com (site died) --- roles/nextcloud/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index adea58ee9..64747521b 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -60,8 +60,8 @@ Do not install the [Nextcloud News](https://apps.nextcloud.com/apps/news) app (a Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? -- https://ownyourbits.com/nextcloudpi/ -- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ +- ~https://ownyourbits.com/nextcloudpi/~ +- ~https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/~ - https://github.com/nextcloud/nextcloudpi Please [contact us](https://internet-in-a-box.org/contributing.html) if you can help! From 55caae4eec5d4c17a23f169907410e78847844e3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Jun 2023 05:00:22 -0400 Subject: [PATCH 344/937] README.md: Link to FAQ "quick install" tips --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a16a4437d..f2485c06c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible3F)) as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 9b57d39bf5535caf9fbea04358b1afefab740daa Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Jun 2023 05:01:54 -0400 Subject: [PATCH 345/937] README.md: Fix typo in URL --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f2485c06c..633e0b392 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible3F)) as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 586bfc5cb1abf6b4333a21d3fa89695f115432dc Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Jun 2023 09:23:09 -0400 Subject: [PATCH 346/937] nodejs/README.md: Soften 64-bit "Zero 2 W" warning --- roles/nodejs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 33c6bcb02..7e2716bc9 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -35,7 +35,7 @@ sudo ./runrole --reinstall nodejs Raspberry Pi Zero W Warning --------------------------- -UPDATE: The Zero 2 W released 2021-10-28 is 64-bit (ARMv7) so may or may not have such serious problems... +UPDATE: The Zero 2 W released 2021-10-28 is 64-bit (ARMv7) so may not have such serious problems... On the original Raspberry Pi Zero W (ARMv6) however: Node.js applications like Internet Archive, JupyterHub, Node-RED, PBX (Asterisk/FreePBX) and Sugarizer won't work — if you installed Node.js while on Raspberry Pi 3, 3 B+ (ARMv7) or Raspberry Pi 4 (ARMv8). From 4be4ac68d435492229f278787ac82810e7fe4f66 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Jun 2023 17:02:11 -0400 Subject: [PATCH 347/937] usb_lib/tasks/install.yml: Fix exFAT doc URL --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 5db37908b..e0699a652 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -78,7 +78,7 @@ # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... -# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml#L22-L23 +# SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 - name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf lineinfile: regexp: '^FILESYSTEMS=.*' From 712b26c4025608c1eaf3c8f0afb483295f3d95dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Jun 2023 16:29:13 -0400 Subject: [PATCH 348/937] MediaWiki 1.40.0 (new release) --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 16943b39a..aa695a65c 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 3 +mediawiki_major_version: 1.40 # "1.35" also works +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 975ce2f54e1fee82ba6412641b47a51ac078921d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Jul 2023 14:06:22 -0400 Subject: [PATCH 349/937] PR #3605: Add "1.40" quotes for trailing zero --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index aa695a65c..22cd060ad 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.40 # "1.35" also works +mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" From 6cf233b33201ff4c583f5bdc4e843042529cb42b Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jul 2023 12:11:10 -0400 Subject: [PATCH 350/937] calibre-web-nginx.conf.j2: Quote all 3 URL params --- roles/calibre-web/templates/calibre-web-nginx.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/templates/calibre-web-nginx.conf.j2 b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 index d1f2da25b..2ebfe47fe 100644 --- a/roles/calibre-web/templates/calibre-web-nginx.conf.j2 +++ b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 @@ -5,7 +5,7 @@ location {{ calibreweb_url1 }}/ { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url1 }}; + proxy_set_header X-Script-Name "{{ calibreweb_url1 }}"; proxy_pass http://127.0.0.1:8083; } @@ -14,7 +14,7 @@ location {{ calibreweb_url2 }}/ { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url2 }}; + proxy_set_header X-Script-Name "{{ calibreweb_url2 }}"; proxy_pass http://127.0.0.1:8083; } @@ -23,6 +23,6 @@ location {{ calibreweb_url3 }}/ { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url3 }}; + proxy_set_header X-Script-Name "{{ calibreweb_url3 }}"; proxy_pass http://127.0.0.1:8083; } From 65295a100c07d1779da839b071643b82f122b22a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jul 2023 22:30:01 -0400 Subject: [PATCH 351/937] Softcode calibreweb_repo_url in install.yml --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index ebeefb6d7..17640c3ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -45,7 +45,7 @@ ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 - name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: - repo: https://github.com/janeczku/calibre-web.git + repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes depth: 1 From 8df3848b96319daaebf5c3c5d6a9b7bf403c7f6a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jul 2023 22:31:51 -0400 Subject: [PATCH 352/937] Softcode calibreweb_repo_url in defaults/main.yml --- roles/calibre-web/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 7abab0bd8..250deeaf6 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -14,6 +14,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 calibreweb_venv_path: /usr/local/calibre-web-py3 From 41f4617a4f70cdbf2d78291b7e120254d28fc6b1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jul 2023 22:42:16 -0400 Subject: [PATCH 353/937] calibre-web/tasks/install.yml: Mention 0.6.20 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 17640c3ed..24f44d0f7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -49,7 +49,7 @@ dest: "{{ calibreweb_venv_path }}" force: yes depth: 1 - version: "{{ calibreweb_version }}" # e.g. master, 0.6.17 + version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 ## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) #- name: Download calibre-web dependencies into vendor subdirectory. From 303498a9d18591864a55a6c82ad735b359be7e17 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jul 2023 23:01:55 -0400 Subject: [PATCH 354/937] Note {{ calibreweb_repo_url }} in Ansible output for #3606 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 24f44d0f7..b8a735587 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -43,7 +43,7 @@ - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 -- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) +- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From c8307501e5e3498a12fcc5392dfa8a4ce9214f69 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jul 2023 23:18:31 -0400 Subject: [PATCH 355/937] www_options/tasks/main.yml: Clarify iiab_home_url --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 9e41f6e76..a78b1f7f3 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -12,7 +12,7 @@ - name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.) file: state: directory - path: "{{ doc_root }}{{ iiab_home_url }}" # /library/www/html/home + path: "{{ doc_root }}{{ iiab_home_url }}" # e.g. /library/www/html/home owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: '0755' From c28e5e6a6724417a82f032d9d48f8cb690c253ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 15 Jul 2023 11:16:30 -0400 Subject: [PATCH 356/937] calibre-web/tasks/install.yml: Install ffmpeg not just imagemagick --- roles/calibre-web/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index b8a735587..62d55f32f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -6,6 +6,7 @@ - name: "Install packages: imagemagick, python3-netifaces" package: name: + - ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved! - imagemagick - python3-netifaces state: present From e7b314334a283a4ae1cb23b4a8017d4c4f3cec59 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 15 Jul 2023 11:20:17 -0400 Subject: [PATCH 357/937] Clarify install of ffmpeg during Calibre-Web install --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62d55f32f..36f1ae5e6 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,7 +3,7 @@ register: df1 -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install packages: ffmpeg, imagemagick, python3-netifaces" package: name: - ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved! From c657581e69a08fb78aab04aed0c43fa691a7be56 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 15 Jul 2023 14:50:53 -0400 Subject: [PATCH 358/937] calibre-web/tasks/install.yml: Update + clean comments! --- roles/calibre-web/tasks/install.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 36f1ae5e6..1c0a9505f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -19,6 +19,7 @@ # - gcc # compiler # state: present # when: python_version is version('3.10', '>=') + - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -43,7 +44,13 @@ - "{{ calibreweb_config }}" # /library/calibre-web/config - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 -## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 +# FYI since May 2021, Calibre-Web (major releases) can be installed with pip: +# https://pypi.org/project/calibreweb/ +# https://github.com/janeczku/calibre-web/issues/456 +# https://github.com/janeczku/calibre-web/issues/677 +# https://github.com/janeczku/calibre-web/pull/927 +# https://github.com/janeczku/calibre-web/pull/1459 + - name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web @@ -52,15 +59,6 @@ depth: 1 version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 -## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) -#- name: Download calibre-web dependencies into vendor subdirectory. -# pip: -# requirements: "{{ calibreweb_path }}/requirements.txt" -# chdir: "{{ calibreweb_path }}" -# extra_args: '--target vendor' -# ignore_errors: True -## -# Implementing this with Ansible command module for now. - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} pip: requirements: "{{ calibreweb_venv_path }}/requirements.txt" From 31644737ae90cf6b8a6e9bb41116e7a152c8a1ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 16 Jul 2023 16:02:11 -0400 Subject: [PATCH 359/937] New Gitea release 1.20 --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index fff7e0b28..1bbdb828c 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.19 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. +gitea_version: "1.20" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 831fdad5dd013c9ea6c06fb04ba390e8ae96c42b Mon Sep 17 00:00:00 2001 From: root Date: Sun, 16 Jul 2023 18:21:42 -0400 Subject: [PATCH 360/937] Patch app.ini.j2 for Gitea 1.20 --- roles/gitea/defaults/main.yml | 2 +- roles/gitea/tasks/install.yml | 6 +++--- roles/gitea/templates/app.ini.j2 | 28 +++++++++++++++++++++------- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 1bbdb828c..e2311c804 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -19,7 +19,7 @@ iset_suffixes: gitea_iset_suffix: "{{ iset_suffixes[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) -gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" +gitea_download_url: "https://dl.gitea.com/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" gitea_integrity_url: "{{ gitea_download_url }}.asc" gitea_root_directory: "{{ content_base }}/gitea" # /library/gitea diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index c46abbdab..592e148f3 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -48,10 +48,10 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~108 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" - dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16 + dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.20 mode: 0775 timeout: "{{ download_timeout }}" @@ -63,7 +63,7 @@ - name: Verify Gitea binary with GPG signature shell: | - gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }} + gpg --keyserver keys.openpgp.org --recv {{ gitea_gpg_key }} gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }} ignore_errors: yes diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2 index 00d503fdb..98add8b15 100644 --- a/roles/gitea/templates/app.ini.j2 +++ b/roles/gitea/templates/app.ini.j2 @@ -2,7 +2,8 @@ ; Copy required sections to your own app.ini (default is custom/conf/app.ini) ; and modify as needed. -; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation. +; see https://docs.gitea.com/administration/config-cheat-sheet for additional documentation. +; https://docs.gitea.com/next/administration/config-cheat-sheet ; App name that shows in every page title APP_NAME = {{ gitea_display_name }} @@ -23,9 +24,11 @@ DEFAULT_PRIVATE = last ; Global limit of repositories per user, applied at creation time. -1 means no limit MAX_CREATION_LIMIT = -1 ; Mirror sync queue length, increase if mirror syncing starts hanging -MIRROR_QUEUE_LENGTH = 1000 +; 2023-07-16 ERROR: MIRROR_QUEUE_LENGTH = 1000 +; `[repository].MIRROR_QUEUE_LENGTH`. Use new options in `[queue.mirror]` ; Patch test queue length, increase if pull request patch testing starts hanging -PULL_REQUEST_QUEUE_LENGTH = 1000 +; 2023-07-16 ERROR: PULL_REQUEST_QUEUE_LENGTH = 1000 +; `[repository].PULL_REQUEST_QUEUE_LENGTH`. Use new options in `[queue.pr_patch_checker]` ; Preferred Licenses to place at the top of the List ; The name here must match the filename in conf/license or custom/conf/license PREFERRED_LICENSES = Apache License 2.0,MIT License @@ -201,13 +204,22 @@ PPROF_DATA_PATH = data/tmp/pprof LANDING_PAGE = home ; Enables git-lfs support. true or false, default is false. LFS_START_SERVER = false -; Where your lfs files reside, default is data/lfs. -LFS_CONTENT_PATH = {{ gitea_lfs_root }} ; LFS authentication secret, change this yourself LFS_JWT_SECRET = ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. LFS_HTTP_AUTH_EXPIRY = 20m +; lfs [Large File Storage] storage will override storage +; +[lfs] +;STORAGE_TYPE = local +; +; Where your lfs files reside, default is data/lfs. +PATH = {{ gitea_lfs_root }} +; +; override the minio base path if storage type is minio +;MINIO_BASE_PATH = lfs/ + ; Define allowed algorithms and their minimum key length (use -1 to disable a type) [ssh.minimum_key_sizes] ED25519 = 256 @@ -240,7 +252,8 @@ ISSUE_INDEXER_PATH = indexers/issues.bleve ; repo indexer by default disabled, since it uses a lot of disk space REPO_INDEXER_ENABLED = false REPO_INDEXER_PATH = indexers/repos.bleve -UPDATE_BUFFER_LEN = 20 +; 2023-07-16 ERROR: UPDATE_BUFFER_LEN = 20 +; `[indexer].UPDATE_BUFFER_LEN`. Use new options in `[queue.issue_indexer]` MAX_FILE_SIZE = 1048576 [admin] @@ -360,7 +373,8 @@ PAGING_NUM = 10 [mailer] ENABLED = false ; Buffer length of channel, keep it as it is if you don't know what it is. -SEND_BUFFER_LEN = 100 +; 2023-07-16 ERROR: SEND_BUFFER_LEN = 100 +; `[mailer].SEND_BUFFER_LEN`. Use new options in `[queue.mailer]` ; Name displayed in mail title SUBJECT = %(APP_NAME)s ; Mail server From 89148e8214803ea78c20ae666e8a967dd0eb9acf Mon Sep 17 00:00:00 2001 From: root Date: Sun, 16 Jul 2023 18:38:54 -0400 Subject: [PATCH 361/937] Clarify bogus PGP signing of Gitea binary downloads --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 592e148f3..957da4822 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -61,7 +61,7 @@ dest: "{{ gitea_checksum_path }}" timeout: "{{ download_timeout }}" -- name: Verify Gitea binary with GPG signature +- name: Verify Gitea binary with GPG signature ("BAD signature" FALSE ALARMS continue as of 2023-07-16, despite their claims at https://docs.gitea.com/installation/install-from-binary#verify-gpg-signature) shell: | gpg --keyserver keys.openpgp.org --recv {{ gitea_gpg_key }} gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }} From ff6a0cf4d8f92b1fc580d7c23f79ccb31ad4d460 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 17 Jul 2023 22:35:02 -0400 Subject: [PATCH 362/937] Recommend ansible-core 2.15.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2a9be4a75..be37b2556 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.1] -GOOD_VER=2.15.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.2] +GOOD_VER=2.15.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 8df708d47393f2c9e24f1469432d054056e9d672 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 17 Jul 2023 22:40:26 -0400 Subject: [PATCH 363/937] iiab-install: MIN_ANSIBLE_VER=2.13.11 alongside PR #3610 --- iiab-install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-install b/iiab-install index 2be185afc..bd7185f41 100755 --- a/iiab-install +++ b/iiab-install @@ -10,8 +10,8 @@ ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forc CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' -MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.9 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 +MIN_ANSIBLE_VER=2.13.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 17413fd5703514c19389106628fe306715b3e3cc Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Jul 2023 19:15:19 -0400 Subject: [PATCH 364/937] calibre-web/README.rst: Outline log levels --- roles/calibre-web/README.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 44df76aa4..cc8fb2b3b 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -56,6 +56,12 @@ You can manage the backend Calibre-Web server with these systemd commands:: systemctl status calibre-web systemctl stop calibre-web +Errors and warnings can be seen if you run:: + + journalctl -u calibre-web + +Log verbosity level can be `adjusted `_ within Calibre-Web's web **Configuration > Basic Configuration > Logfile Configuration**. + Configuration ------------- From db7d85c50c82d75d462b8002f6b58a8c51659557 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Jul 2023 19:18:55 -0400 Subject: [PATCH 365/937] calibre-web/README.rst: Tidy up / clarify --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index cc8fb2b3b..418e4a57a 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -60,7 +60,7 @@ Errors and warnings can be seen if you run:: journalctl -u calibre-web -Log verbosity level can be `adjusted `_ within Calibre-Web's web **Configuration > Basic Configuration > Logfile Configuration**. +Log verbosity level can be `adjusted `_ within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration** (details below). Configuration ------------- From 64cdb3869c09b3ac0495faa810b72fb71e774dcc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 Jul 2023 22:55:16 -0400 Subject: [PATCH 366/937] venv pip requirements.txt tips (e.g. for Calibre-Web) --- roles/calibre-web/tasks/install.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1c0a9505f..96bdda124 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -68,12 +68,13 @@ # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 -# source bin/activate -# python3 -m pip list ('pip list' probably sufficient, likewise below) +# source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) +# python3 -m pip list ('pip list' sufficient *IF* path set above!) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt # deactivate -# https://pip.pypa.io/en/latest/user_guide/#requirements-files +# https://pip.pypa.io/en/stable/user_guide/#requirements-files +# https://pip.pypa.io/en/latest/reference/requirements-file-format/ - name: Install /etc/systemd/system/calibre-web.service from template template: From 3934563ad689456061c400aeb5ea81eb86fd1dce Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Jul 2023 04:28:14 -0400 Subject: [PATCH 367/937] Remote.It CLI can no longer coexist with remoteit Device Package --- roles/remoteit/tasks/install.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 4610f63fc..f8905e7ee 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -118,13 +118,18 @@ msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" when: remoteit_arch == "unknown" -- name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) - get_url: - url: "{{ remoteit_cli_url }}" - dest: /usr/bin/remoteit - mode: 0755 - force: yes - timeout: "{{ download_timeout }}" +# 2023-07-26: Remote.It CLI used to coexist fine with their "Device Package" +# e.g. it worked with remoteit apt package 4.17.12 in Q2 2023. +# But no longer--with remoteit apt package 4.18.4 (in Q3 2023) which fails to +# install with error: "Device Package cannot coexist with Remote.It CLI" +# +# - name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) +# get_url: +# url: "{{ remoteit_cli_url }}" # e.g. https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux +# dest: /usr/bin/remoteit +# mode: 0755 +# force: yes +# timeout: "{{ download_timeout }}" # RECORD remote.it AS INSTALLED From 9ac22d65ef87b68329bf77415ac43a84aaae93ca Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Jul 2023 04:34:11 -0400 Subject: [PATCH 368/937] Remote.It CLI can no longer coexist with remoteit Device Package --- roles/remoteit/defaults/main.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index 5acf6b379..0011567bd 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -41,16 +41,19 @@ # SEE https://www.remote.it/download-list # https://www.remote.it/download-list?products=cli to refine arch/URL below # BUT https://docs.remote.it/software/cli/overview can be useful OR stale :/ -remoteit_arch_dict: - armv6: arm-v6 - armv6l: arm-v6 - armv7: arm-v7 - armv7l: arm-v7 - armv8: aarch64 - aarch64: aarch64 - x86_64: x86_64 -remoteit_arch: "{{ remoteit_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) -remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux +# +# 2023-07-26: Remote.It CLI can no longer coexist with their "Device Package" +# SEE remoteit/tasks/install.yml Line ~121. +# remoteit_arch_dict: +# armv6: arm-v6 +# armv6l: arm-v6 +# armv7: arm-v7 +# armv7l: arm-v7 +# armv8: aarch64 +# aarch64: aarch64 +# x86_64: x86_64 +# remoteit_arch: "{{ remoteit_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) +# remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux # OPTION #1: Run 'sudo iiab-remoteit' after IIAB is installed. From aeb7b60ca7ef3f89a523b29b00712167fe9c8734 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Jul 2023 04:36:46 -0400 Subject: [PATCH 369/937] remoteit/tasks/install.yml: Fully excise remote.it CLI --- roles/remoteit/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index f8905e7ee..8d8874f2e 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -113,16 +113,16 @@ mode: 0755 -- name: Fail if architecture remoteit_arch == "unknown" - fail: - msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" - when: remoteit_arch == "unknown" - # 2023-07-26: Remote.It CLI used to coexist fine with their "Device Package" # e.g. it worked with remoteit apt package 4.17.12 in Q2 2023. # But no longer--with remoteit apt package 4.18.4 (in Q3 2023) which fails to # install with error: "Device Package cannot coexist with Remote.It CLI" # +# - name: Fail if architecture remoteit_arch == "unknown" +# fail: +# msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" +# when: remoteit_arch == "unknown" +# # - name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) # get_url: # url: "{{ remoteit_cli_url }}" # e.g. https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux From c62d986316186821c0f23727bb96fda7e007de1c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Jul 2023 05:02:44 -0400 Subject: [PATCH 370/937] remoteit/README.md: CLI can no longer coexist w/ Device Package --- roles/remoteit/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 218094d06..5a6eb663c 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [June 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [July 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" @@ -14,13 +14,13 @@ For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> " 2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. - COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage + 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist](https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports -Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is already installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. +Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is already installed on your IIAB, most important. 1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB: @@ -158,7 +158,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s - https://docs.remote.it - - https://docs.remote.it/developer-tools/cli-usage + - ~https://docs.remote.it/developer-tools/cli-usage~ - https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account - https://support.remote.it - https://support.remote.it/hc/en-us/categories/360003417511-Getting-Started From 8acf624c52c8975a8f1598e8e3fd99297a10feda Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Jul 2023 05:28:12 -0400 Subject: [PATCH 371/937] remoteit/README.md: Fix doc URL for #3611 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 5a6eb663c..a6d5774a6 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -14,7 +14,7 @@ For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> " 2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. - 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist](https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage + 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist]([https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132](https://github.com/iiab/iiab/blob/9d27ff04184fc971b0a8737ba0d14b69d433a5ad/roles/remoteit/tasks/install.yml#L116-L132)) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports From ff5fc18f183ed4c457dcfcbb56087b325e9f99af Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Jul 2023 05:29:35 -0400 Subject: [PATCH 372/937] remoteit/README.md: Really fix doc URL for #3611 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index a6d5774a6..43395bdc7 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -14,7 +14,7 @@ For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> " 2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. - 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist]([https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132](https://github.com/iiab/iiab/blob/9d27ff04184fc971b0a8737ba0d14b69d433a5ad/roles/remoteit/tasks/install.yml#L116-L132)) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage + 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist](https://github.com/iiab/iiab/blob/9d27ff04184fc971b0a8737ba0d14b69d433a5ad/roles/remoteit/tasks/install.yml#L116-L132) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports From 8b628f96024b415c970348a30df69d040715f618 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Jul 2023 06:43:04 -0400 Subject: [PATCH 373/937] calibre-web/README.rst: Clarify ebook-convert may need ~1GB --- roles/calibre-web/README.rst | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 418e4a57a..d55cd0949 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -18,16 +18,18 @@ e-books using an existing Calibre database. Teachers can upload e-books, adjust e-book metadata, and create custom e-book collections ("bookshelves"): https://github.com/janeczku/calibre-web#about -This Ansible role installs Calibre-Web as part of your Internet-in-a-Box (IIAB) -as a possible alternative to Calibre. +This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for +your Internet-in-a-Box (IIAB). -*WARNING: Calibre-Web depends on Calibre's own* ``/usr/bin/ebook-convert`` *program, -so we strongly recommend you also install Calibre during your IIAB -installation!* +*NOTE: Calibre-Web takes advantage of Calibre's own +`/usr/bin/ebook-convert `_ +program if that's installed — so consider installing Calibre during your IIAB +installation — if you tolerate the weighty ~1 GB (of graphical OS libraries) +that Calibre mandates!* -Please note Calibre-Web's Ansible playbook is ``/opt/iiab/iiab/roles/calibre-web`` -whereas its Ansible variables ``calibreweb_*`` do **not** include the dash, -per Ansible recommendations. +Please note Calibre-Web's Ansible playbook is +``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables +``calibreweb_*`` do **not** include the dash, per Ansible recommendations. Using It -------- From 71dfda824b6c12e2ecb51160b0cb4f36ef0577bd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Jul 2023 06:45:44 -0400 Subject: [PATCH 374/937] calibre-web/README.rst: URL syntax cleanup --- roles/calibre-web/README.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d55cd0949..011f422eb 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -21,11 +21,11 @@ https://github.com/janeczku/calibre-web#about This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for your Internet-in-a-Box (IIAB). -*NOTE: Calibre-Web takes advantage of Calibre's own +*NOTE: Calibre-Web takes advantage of Calibre's own* `/usr/bin/ebook-convert `_ -program if that's installed — so consider installing Calibre during your IIAB -installation — if you tolerate the weighty ~1 GB (of graphical OS libraries) -that Calibre mandates!* +*program if that's installed — so consider also installing Calibre during your +IIAB installation — if you tolerate the weighty ~1 GB (of graphical OS +libraries) that Calibre mandates!* Please note Calibre-Web's Ansible playbook is ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables From 93d99f9d0ab08d6dadc908bc65506622e9120e38 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 4 Aug 2023 18:51:35 -0400 Subject: [PATCH 375/937] calibre-web/README.rst: Clarify "Configuration" buttons --- roles/calibre-web/README.rst | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 011f422eb..a1bf69260 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -14,9 +14,9 @@ Calibre-Web README ================== Calibre-Web provides a clean interface for browsing, reading and downloading -e-books using an existing Calibre database. Teachers can upload e-books, -adjust e-book metadata, and create custom e-book collections ("bookshelves"): -https://github.com/janeczku/calibre-web#about +e-books using a `Calibre `_ database. +Teachers can upload e-books, adjust e-book metadata, and create custom e-book +collections ("bookshelves"): https://github.com/janeczku/calibre-web#about This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for your Internet-in-a-Box (IIAB). @@ -62,19 +62,25 @@ Errors and warnings can be seen if you run:: journalctl -u calibre-web -Log verbosity level can be `adjusted `_ within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration** (details below). +Log verbosity level can be +`adjusted `_ +within Calibre-Web's **Configuration > Basic Configuration > Logfile +Configuration** (details below). Configuration ------------- -To configure Calibre-Web, log in as user 'Admin' then click 'Admin' on top. -Check 'Configuration' options near the bottom of the page. +To configure Calibre-Web browse to http://box/books then click **Guest** to log +in as user **Admin** (default passwords above!) -Critical settings are stored in:: +Then click the leftmost **Admin** button to administer — considering all 3 +**Configuration** buttons further below. + +These critical settings are stored in:: /library/calibre-web/config/app.db -Your e-book metadata is stored in a Calibre-style database:: +Whereas your e-book metadata is stored in a Calibre-style database:: /library/calibre-web/metadata.db From fc75b456bddb6e77b7f57361377a30e7d973b63b Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 4 Aug 2023 22:29:48 -0400 Subject: [PATCH 376/937] calibre-web/README.rst: Refine links --- roles/calibre-web/README.rst | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index a1bf69260..dfc34c648 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -14,12 +14,15 @@ Calibre-Web README ================== Calibre-Web provides a clean interface for browsing, reading and downloading -e-books using a `Calibre `_ database. +e-books using a `Calibre database `_. Teachers can upload e-books, adjust e-book metadata, and create custom e-book -collections ("bookshelves"): https://github.com/janeczku/calibre-web#about +collections ("bookshelves"): -This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for -your Internet-in-a-Box (IIAB). +https://github.com/janeczku/calibre-web#about + +This Ansible role installs Calibre-Web, as a modern alternative to +`Calibre `_, +for your Internet-in-a-Box (IIAB). *NOTE: Calibre-Web takes advantage of Calibre's own* `/usr/bin/ebook-convert `_ @@ -29,7 +32,7 @@ libraries) that Calibre mandates!* Please note Calibre-Web's Ansible playbook is ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables -``calibreweb_*`` do **not** include the dash, per Ansible recommendations. +``calibreweb_*`` do **not** include the dash. Using It -------- From 86610263193d3880711e8d45635362f9a462a1f3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 5 Aug 2023 08:01:51 -0400 Subject: [PATCH 377/937] calibre-web/README.rst: Overhaul intro --- roles/calibre-web/README.rst | 45 +++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index dfc34c648..8e816ef14 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -13,26 +13,39 @@ Calibre-Web README ================== -Calibre-Web provides a clean interface for browsing, reading and downloading -e-books using a `Calibre database `_. -Teachers can upload e-books, adjust e-book metadata, and create custom e-book -collections ("bookshelves"): +This Ansible role installs +`Calibre-Web `_ as a modern +client-server alternative to Calibre, for your +`Internet-in-a-Box (IIAB) `_. -https://github.com/janeczku/calibre-web#about +Calibre-Web provides a clean web interface for students to browse, read and +download e-books using a +`Calibre-compatible database `_. -This Ansible role installs Calibre-Web, as a modern alternative to -`Calibre `_, -for your Internet-in-a-Box (IIAB). +Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" +collections — to help students build the best local library! -*NOTE: Calibre-Web takes advantage of Calibre's own* -`/usr/bin/ebook-convert `_ -*program if that's installed — so consider also installing Calibre during your -IIAB installation — if you tolerate the weighty ~1 GB (of graphical OS -libraries) that Calibre mandates!* +.. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg -Please note Calibre-Web's Ansible playbook is -``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables -``calibreweb_*`` do **not** include the dash. +🍒 GURU TIPS 🍒 + +* Calibre-Web takes advantage of Calibre's own `/usr/bin/ebook-convert + `_ program + if that's installed — so consider also installing + `Calibre `_ during your IIAB + installation — *if you tolerate the weighty ~1 GB (of graphical OS libraries) + that Calibre mandates!* + +* If you choose to also install Calibre (e.g. by running + ``sudo apt install calibre``) then you'll get useful e-book + importing/organizing tools like + `/usr/bin/calibredb `_. + +* WARNING: Calibre-Web's Ansible playbook is + ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables (in + `/etc/iiab/local_vars.yml + `_) + ``calibreweb_*`` do **not** include the dash. Using It -------- From 31c9ef6297aadc887d98ee2f648a5d92dd8b224c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 5 Aug 2023 08:20:39 -0400 Subject: [PATCH 378/937] calibre-web/README.rst: Clarify hyphen mess! --- roles/calibre-web/README.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 8e816ef14..ef80c67d4 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -41,11 +41,11 @@ collections — to help students build the best local library! importing/organizing tools like `/usr/bin/calibredb `_. -* WARNING: Calibre-Web's Ansible playbook is - ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables (in - `/etc/iiab/local_vars.yml +* WARNING: Calibre-Web's Ansible role (playbook) is + ``/opt/iiab/iiab/roles/calibre-web`` which contains a hyphen, whereas its + Ansible variables (in `/etc/iiab/local_vars.yml `_) - ``calibreweb_*`` do **not** include the dash. + ``calibreweb_*`` do **not** contain a hyphen! Using It -------- From 11a978b1daf0c89cb4f5d5167f487b0b070a4fc7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 5 Aug 2023 12:00:20 -0400 Subject: [PATCH 379/937] scripts/ansible: Install cryptography 40.0.1 on ALL 32-bit arch's --- scripts/ansible | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index be37b2556..0e61dc7f2 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -212,7 +212,8 @@ python3 -m venv /usr/local/ansible # # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ -if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM +#if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM +if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi From ceccade90ccd494c754ba75501636f26931c9606 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 5 Aug 2023 13:30:13 -0400 Subject: [PATCH 380/937] scripts/ansible: Update doc links --- scripts/ansible | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0e61dc7f2..d8285f680 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -33,23 +33,24 @@ GOOD_VER=2.15.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags -# https://github.com/ansible/ansible/releases (OLD) +# https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.15 +# https://github.com/ansible/ansible/blob/stable-2.15/changelogs/CHANGELOG-v2.15.rst # https://github.com/ansible/ansible/commits/stable-2.14 # https://github.com/ansible/ansible/blob/stable-2.14/changelogs/CHANGELOG-v2.14.rst # https://github.com/ansible/ansible/commits/stable-2.13 # https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst # https://github.com/ansible/ansible/commits/stable-2.12 # https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-v2.12.rst -# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_12.rst # https://pypi.org/project/ansible-core/ -# https://pypi.org/project/ansible-base/ -# https://releases.ansible.com/ansible-core/ +# https://pypi.org/project/ansible-base/ (OLD) +# https://releases.ansible.com/ansible-core/ (OLD) # https://releases.ansible.com/ansible-base/ (OLD) # https://launchpad.net/~ansible # https://launchpad.net/~ansible-gha # https://launchpad.net/~ansible/+archive/ubuntu/ansible # https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 (OLD) -# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ +# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible-core/ # FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743) From b439aa77245aac9fa94b9cd4e49821d123099754 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 5 Aug 2023 14:18:28 -0400 Subject: [PATCH 381/937] calibre-web/README.rst: 2 tiny copyedit cleanups --- roles/calibre-web/README.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index ef80c67d4..3957ccd24 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -43,9 +43,9 @@ collections — to help students build the best local library! * WARNING: Calibre-Web's Ansible role (playbook) is ``/opt/iiab/iiab/roles/calibre-web`` which contains a hyphen, whereas its - Ansible variables (in `/etc/iiab/local_vars.yml + Ansible variables ``calibreweb_*`` (in `/etc/iiab/local_vars.yml `_) - ``calibreweb_*`` do **not** contain a hyphen! + do **not** contain a hyphen! Using It -------- @@ -134,7 +134,7 @@ manually:: cd /usr/local/calibre-web-py3 git pull -This older way *is no longer recommended*:: +This older way is *no longer recommended*:: cd /opt/iiab/iiab ./iiab-install --reinstall # OR: ./iiab-configure From 6fce6c784798ea655c8f4594277ba9ad1310a65a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Aug 2023 10:59:38 -0400 Subject: [PATCH 382/937] calibre-web/README.rst: New 'Install It' section --- roles/calibre-web/README.rst | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 3957ccd24..6e167a9e4 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -41,16 +41,25 @@ collections — to help students build the best local library! importing/organizing tools like `/usr/bin/calibredb `_. -* WARNING: Calibre-Web's Ansible role (playbook) is - ``/opt/iiab/iiab/roles/calibre-web`` which contains a hyphen, whereas its - Ansible variables ``calibreweb_*`` (in `/etc/iiab/local_vars.yml - `_) - do **not** contain a hyphen! +Install It +---------- + +Install Calibre-Web by setting these 2 variables in `/etc/iiab/local_vars.yml `_:: + + calibreweb_install: True + calibreweb_enabled: True + +Then install IIAB (`download.iiab.io `_). Or if IIAB's already installed, run:: + + cd /opt/iiab/iiab + sudo ./runrole calibre-web + +NOTE: Calibre-Web's Ansible role (playbook) in `/opt/iiab/iiab/roles `_ is ``calibre-web`` which contains a hyphen — *whereas its Ansible variables* ``calibreweb_*`` *do NOT contain a hyphen!* Using It -------- -After installation, try out Calibre-Web at http://box/books (or box.lan/books). +Try Calibre-Web on your own IIAB by browsing to http://box/books (or box.lan/books). Typically students access it without a password (to read and download books) whereas teachers add books using an administrative account, as follows:: From 318ef5aade5a9e4ecba65f989d7cd35432048319 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Aug 2023 11:38:19 -0400 Subject: [PATCH 383/937] calibre-web/README.rst: Clarify password recovery --- roles/calibre-web/README.rst | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 6e167a9e4..9ac41ff27 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -59,19 +59,23 @@ NOTE: Calibre-Web's Ansible role (playbook) in `/opt/iiab/iiab/roles Date: Sun, 6 Aug 2023 13:02:59 -0400 Subject: [PATCH 384/937] calibre-web/README.rst: Touchups --- roles/calibre-web/README.rst | 40 ++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9ac41ff27..9168a5f03 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -23,7 +23,7 @@ download e-books using a `Calibre-compatible database `_. Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" -collections — to help students build the best local library! +collections — to help students build the best local community library! .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg @@ -77,25 +77,6 @@ Try Calibre-Web on your own IIAB by browsing to http://box/books (or http://box. * If you lose your password, you can change it with the ``-s [username]:[newpassword]`` command-line option: https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password -Backend -------- - -You can manage the backend Calibre-Web server with these systemd commands:: - - systemctl enable calibre-web - systemctl restart calibre-web - systemctl status calibre-web - systemctl stop calibre-web - -Errors and warnings can be seen if you run:: - - journalctl -u calibre-web - -Log verbosity level can be -`adjusted `_ -within Calibre-Web's **Configuration > Basic Configuration > Logfile -Configuration** (details below). - Configuration ------------- @@ -119,6 +100,25 @@ See also:: Finally, take note of Calibre-Web's `FAQ `_ and official docs on its `Runtime Configuration Options `_ and `Command Line Interface `_. +Backend +------- + +You can manage the backend Calibre-Web server with these systemd commands:: + + systemctl enable calibre-web + systemctl restart calibre-web + systemctl status calibre-web + systemctl stop calibre-web + +Errors and warnings can be seen if you run:: + + journalctl -u calibre-web + +Log verbosity level can be +`adjusted `_ +within Calibre-Web's **Configuration > Basic Configuration > Logfile +Configuration** (details below). + Back Up Everything ------------------ From 7b807b4bb0bfd9759727b75d488367a2542972b3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Aug 2023 13:18:36 -0400 Subject: [PATCH 385/937] calibre-web/README.rst: Clarify need to run as root --- roles/calibre-web/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9168a5f03..458d8132e 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -110,6 +110,8 @@ You can manage the backend Calibre-Web server with these systemd commands:: systemctl status calibre-web systemctl stop calibre-web +Run all commands `as root `_. + Errors and warnings can be seen if you run:: journalctl -u calibre-web @@ -136,7 +138,7 @@ But first: back up your content **and** settings, as explained above. **Also move your /library/calibre-web/config/app.db AND/OR /library/calibre-web/metadata.db out of the way — if you're sure you want to fully reset your Calibre-Web settings (to install defaults) AND/OR remove all -e-book metadata! Then run**:: +e-book metadata! Then run, as root**:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web From 6a0ad0c5ae9521a604269a2b2dd8cbf2de13ce46 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Aug 2023 14:52:28 -0400 Subject: [PATCH 386/937] calibre-web/README.rst: Tighten up systemctl examples --- roles/calibre-web/README.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 458d8132e..1076f7ce8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -103,12 +103,11 @@ Finally, take note of Calibre-Web's `FAQ `_. From b3e682f24e59cf0d16797b946a08e186fa6adef9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Aug 2023 14:59:53 -0400 Subject: [PATCH 387/937] calibre-web/README.rst: Fix to "details above" --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 1076f7ce8..37be1bcc0 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -118,7 +118,7 @@ Errors and warnings can be seen if you run:: Log verbosity level can be `adjusted `_ within Calibre-Web's **Configuration > Basic Configuration > Logfile -Configuration** (details below). +Configuration** (details above). Back Up Everything ------------------ From 79a22d5af6b55f8e441d058eaa5c3fc4ab4c5b12 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Aug 2023 15:57:15 -0400 Subject: [PATCH 388/937] calibre-web/README.rst: Try for < 80 chars for source readability --- roles/calibre-web/README.rst | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 37be1bcc0..d213dc9fa 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -44,38 +44,48 @@ collections — to help students build the best local community library! Install It ---------- -Install Calibre-Web by setting these 2 variables in `/etc/iiab/local_vars.yml `_:: +Install Calibre-Web by setting these 2 variables in +`/etc/iiab/local_vars.yml `_:: calibreweb_install: True calibreweb_enabled: True -Then install IIAB (`download.iiab.io `_). Or if IIAB's already installed, run:: +Then install IIAB (`download.iiab.io `_). Or if +IIAB's already installed, run:: cd /opt/iiab/iiab sudo ./runrole calibre-web -NOTE: Calibre-Web's Ansible role (playbook) in `/opt/iiab/iiab/roles `_ is ``calibre-web`` which contains a hyphen — *whereas its Ansible variables* ``calibreweb_*`` *do NOT contain a hyphen!* +NOTE: Calibre-Web's Ansible role (playbook) in +`/opt/iiab/iiab/roles `_ is +``calibre-web`` which contains a hyphen — *whereas its Ansible variables* +``calibreweb_*`` *do NOT contain a hyphen!* Using It -------- -Try Calibre-Web on your own IIAB by browsing to http://box/books (or http://box.lan/books). +Try Calibre-Web on your own IIAB by browsing to http://box/books (or +http://box.lan/books). *Students* access it without a password (to read and download books). -*Teachers* add and arrange books using an administrative account, by clicking **Guest** then logging in with:: +*Teachers* add and arrange books using an administrative account, by clicking +**Guest** then logging in with:: Username: Admin Password: changeme 🍒 GURU TIPS 🍒 -* If Calibre-Web's configuration file (app.db) goes missing, the administrative account will revert to:: +* If Calibre-Web's configuration file (app.db) goes missing, the administrative + account will revert to:: Username: admin Password: admin123 -* If you lose your password, you can change it with the ``-s [username]:[newpassword]`` command-line option: https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password +* If you lose your password, you can change it with the + ``-s [username]:[newpassword]`` command-line option: + https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password Configuration ------------- @@ -98,7 +108,12 @@ See also:: /library/calibre-web/metadata_db_prefs_backup.json -Finally, take note of Calibre-Web's `FAQ `_ and official docs on its `Runtime Configuration Options `_ and `Command Line Interface `_. +Finally, take note of Calibre-Web's +`FAQ `_ and official docs on +its +`Runtime Configuration Options `_ +and +`Command Line Interface `_. Backend ------- @@ -109,7 +124,8 @@ You can manage the backend Calibre-Web server with systemd commands like:: systemctl stop calibre-web systemctl restart calibre-web -Run all commands `as root `_. +Run all commands +`as root `_. Errors and warnings can be seen if you run:: From 61f3d4a9c20fb930365fbda9c2a11f42b9da8d90 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Aug 2023 21:52:06 -0400 Subject: [PATCH 389/937] calibre-web/README.rst: Small refinements --- roles/calibre-web/README.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d213dc9fa..d8f89c591 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -140,15 +140,15 @@ Back Up Everything ------------------ Please back up the entire folder ``/library/calibre-web`` before upgrading — -as it contains your Calibre-Web content **and** settings! +as it contains your Calibre-Web content **and** configuration settings! Upgrading --------- -Reinstalling Calibre-Web automatically upgrades to the latest version if your +"Reinstalling" Calibre-Web automatically installs the latest version — if your Internet-in-a-Box (IIAB) is online. -But first: back up your content **and** settings, as explained above. +But first: back up your content **and** configuration settings, as explained above. **Also move your /library/calibre-web/config/app.db AND/OR /library/calibre-web/metadata.db out of the way — if you're sure you want to From 50cded27f2f11b00871b65bf00d37e96499479bb Mon Sep 17 00:00:00 2001 From: root Date: Thu, 10 Aug 2023 03:32:08 -0400 Subject: [PATCH 390/937] scripts/ansible: python3-cryptography for 32-bit i386 e.g. i686 --- scripts/ansible | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index d8285f680..ab6aa16bb 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -213,9 +213,14 @@ python3 -m venv /usr/local/ansible # # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ -#if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM -if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! - /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 +if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! + if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 + else + # 2023-08-10: Installs cryptography 38.0.4 on Debian 12.1 when + # `dpkg --print-architecture` is i386 e.g. `uname -m` is i686 + $APT_PATH/apt -y install python3-cryptography + fi fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) From 6c648cbd9bd40d3eccec6fc775d39266864374bc Mon Sep 17 00:00:00 2001 From: root Date: Thu, 10 Aug 2023 03:54:18 -0400 Subject: [PATCH 391/937] Clarify 'apt install python3-cryptography' for i386 Ansible --- scripts/ansible | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ab6aa16bb..fc78d36b6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -217,8 +217,9 @@ if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 else - # 2023-08-10: Installs cryptography 38.0.4 on Debian 12.1 when - # `dpkg --print-architecture` is i386 e.g. `uname -m` is i686 + # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # `dpkg --print-architecture` was i386 and `uname -m` was i686: $APT_PATH/apt -y install python3-cryptography fi fi From 8a323c6799704aa49cb8387e5f4095bb2d21b869 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 10 Aug 2023 05:15:26 -0400 Subject: [PATCH 392/937] scripts/install_python2.sh: Bullseye apt sources for i386 Debian --- scripts/install_python2.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 50089b4e1..d186c8cbe 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -63,6 +63,16 @@ EOF cat << EOF > /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe +EOF + fi + ;; + + "i386") + # Building on scripts/ansible fix PR #3615 + if grep -q '^ID=debian$' /etc/os-release; then + cat << EOF > /etc/apt/sources.list.d/python2.list +deb http://deb.debian.org/debian bullseye main contrib non-free +deb http://deb.debian.org/debian bullseye-updates main contrib non-free EOF fi ;; From ba596cb5a3737648e829f9726e75d2af353334e3 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 10 Aug 2023 22:54:02 -0400 Subject: [PATCH 393/937] Brute Force 'apt install ansible-core' on 32-bit legacy i386 --- scripts/ansible | 57 +++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index fc78d36b6..1673273b6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -200,37 +200,42 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -# 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask -# that virtual environments (venv) be used to safely isolate pip installs: -# https://peps.python.org/pep-0668 -echo -e "\nCreate virtual environment for Ansible" -python3 -m venv /usr/local/ansible +if [[ $(dpkg --print-architecture) == i386 ]]; then + # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 + # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! + $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 +else + # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask + # that virtual environments (venv) be used to safely isolate pip installs: + # https://peps.python.org/pep-0668 + echo -e "\nCreate virtual environment for Ansible" + python3 -m venv /usr/local/ansible -# "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: -# if ! grep -qi ubuntu /etc/os-release; then -# -# if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then -# -# 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. -# Release problems chart: https://www.piwheels.org/project/cryptography/ -if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! + # "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: + # if ! grep -qi ubuntu /etc/os-release; then + # + # if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then + # + # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. + # Release problems chart: https://www.piwheels.org/project/cryptography/ + # if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 - else - # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # `dpkg --print-architecture` was i386 and `uname -m` was i686: - $APT_PATH/apt -y install python3-cryptography + # else + # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # $APT_PATH/apt -y install python3-cryptography fi -fi -# 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) -/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core -echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" -cd /usr/local/ansible/bin -for bin in ansible*; do - ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" -done + # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) + /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core + echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" + cd /usr/local/ansible/bin + for bin in ansible*; do + ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" + done +fi # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 2c38bf505cc7d98ee1ea91402328302465d43bff Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 11 Aug 2023 18:22:31 -0400 Subject: [PATCH 394/937] iiab-diagnostics: Change pastebin service (sprunge.us -> paste2.org) --- scripts/iiab-diagnostics | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 89ddd3311..a74dba058 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -265,10 +265,11 @@ echo -e "\e[1m" if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " #pastebinit -b dpaste.com < $outfile - pastebinit -b sprunge.us < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs + #pastebinit -b sprunge.us < $outfile + pastebinit -b paste2.org < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b sprunge.us < $outfile" + echo -e " pastebinit -b paste2.org < $outfile" fi echo -e "\e[0m" From 8ce25a7a205d3d56dda04de1870b72bea82c3388 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 11 Aug 2023 20:37:24 -0400 Subject: [PATCH 395/937] iiab-diagnostics: Change pastebin service (paste2.org -> dpaste.com) --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a74dba058..8eef6f39b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -264,12 +264,12 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " - #pastebinit -b dpaste.com < $outfile - #pastebinit -b sprunge.us < $outfile - pastebinit -b paste2.org < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs + #pastebinit -b sprunge.us < $outfile # Stopped working mid-2023 + #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins + pastebinit -b dpaste.com < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b paste2.org < $outfile" + echo -e " pastebinit -b dpaste.com < $outfile" fi echo -e "\e[0m" From e2948a99faaa641d85b434bb56c2a62329f13862 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 12 Aug 2023 11:22:04 -0400 Subject: [PATCH 396/937] iiab-diagnostics.README.md: sprunge.us -> dpaste.com for #3619 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index a6d8a3f9e..abe6b22c8 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b dpaste.com < /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From 62e5c0ccb33fa2d64600446892ff7ab6fdc5959e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 14 Aug 2023 15:40:00 -0400 Subject: [PATCH 397/937] scripts/ansible: Recommend ansible-core 2.15.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1673273b6..1e6f2c38a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.2] -GOOD_VER=2.15.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.3] +GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 4508a94528bd1b69429ff89d4a749d7177a05e84 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 14 Aug 2023 15:54:49 -0400 Subject: [PATCH 398/937] local_facts.fact: Deprecate support for EOL'd Ubuntu 22.10 --- scripts/local_facts.fact | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 885fbec8e..f4f86cb17 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -70,6 +70,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2004" | \ #"ubuntu-2104" | \ #"ubuntu-2110" | \ + #"ubuntu-2210" | \ #"linuxmint-20" | \ #"raspbian-8" | \ #"raspbian-9" | \ @@ -83,7 +84,6 @@ case $OS_VER in "debian-12" | \ "debian-13" | \ "ubuntu-2204" | \ - "ubuntu-2210" | \ "ubuntu-2304" | \ "ubuntu-2310" | \ "linuxmint-21" | \ From d3c3a63db36f05525eebde44e602f198f60b7654 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Aug 2023 17:37:16 -0400 Subject: [PATCH 399/937] local_facts.fact: Welcome Ubuntu 24.04 testing starting in Oct/Nov --- scripts/local_facts.fact | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index f4f86cb17..aab8e81a2 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -86,6 +86,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2304" | \ "ubuntu-2310" | \ + "ubuntu-2404" | \ "linuxmint-21" | \ "raspbian-11" | \ "raspbian-12") From 14fc8a1cce285114cde44d088ad293d035acb116 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 17 Aug 2023 15:02:03 -0400 Subject: [PATCH 400/937] nextcloud/tasks/install.yml: Revise disk space estimate to ~591 MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 090c184fc..0d82351d5 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -108,7 +108,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 35006bff5fbfc832e8840d916da58e5272ddf2f8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 24 Aug 2023 09:35:56 -0400 Subject: [PATCH 401/937] nextcloud/tasks/install.yml: Clarify ~162MB d/l unpacks to ~555MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0d82351d5..dafff5ad4 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -108,7 +108,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~162 MB) to {{ nextcloud_root_dir }} (~555 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 3a37ab385d60b452a62fc5fed12e99972b1d52ce Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 24 Aug 2023 09:42:26 -0400 Subject: [PATCH 402/937] sugarizer/tasks/install.yml: Note ~748MB /opt/iiab/sugarizer-1.7.0 --- roles/sugarizer/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index e0f973037..c37b4c6de 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -34,7 +34,7 @@ # 2. DOWNLOAD+LINK /opt/iiab/sugarizer -- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~740 MB) +- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~748 MB) git: repo: https://github.com/llaske/sugarizer dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}" From d0158ec50b18268cc89f9d2f9bca55143e608ba3 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Aug 2023 10:27:04 -0400 Subject: [PATCH 403/937] Force nginx_high_php_limits / 'memory_limit = 512M' if 'nextcloud_install: True' --- roles/nginx/templates/server.conf.j2 | 4 ++-- roles/www_options/tasks/php-settings.yml | 12 ++++++------ vars/default_vars.yml | 9 +++++---- vars/local_vars_large.yml | 9 +++++---- vars/local_vars_medium.yml | 9 +++++---- vars/local_vars_small.yml | 9 +++++---- vars/local_vars_unittest.yml | 9 +++++---- 7 files changed, 33 insertions(+), 28 deletions(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..53eddef18 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -10,8 +10,8 @@ server { # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 500M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: - # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 - # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 + # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L90-L91 + # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L104-L105 # 2. 'client_max_body_size 512M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 client_max_body_size 500M; diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 39a2a0bce..3cdd2b887 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -64,7 +64,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install + when: not nginx_high_php_limits and not moodle_install and not nextcloud_install - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: @@ -78,10 +78,10 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install + when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -93,9 +93,9 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install + when: nginx_high_php_limits or moodle_install or nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -107,7 +107,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install + when: nginx_high_php_limits or moodle_install or nextcloud_install # To tweak .ini files, Ansible's ini_file is normally better than lineinfile: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 509a52028..f9d208d5e 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -340,11 +340,12 @@ nmb_service: nmbd # Could move to roles/samba/defaults/main.yml # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7a98cfa37..95226d852 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 237063f15..78eaaf4f9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 83c58e62a..3ee17ff7a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 940142665..0a6ed4a72 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf From 3f1d25bb44273b06d29ac4ab5e0834dab127db8f Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Aug 2023 10:45:33 -0400 Subject: [PATCH 404/937] Also run php-settings.yml if nginx_high_php_limits --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index a78b1f7f3..d41607982 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -61,7 +61,7 @@ # WordPress) so './runrole ' and similar are fully self-sufficient! - name: "Run php-settings.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" include_tasks: php-settings.yml - when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From 34091ba16dfd17c350c5af7a9011fd635c287790 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Aug 2023 15:55:28 -0400 Subject: [PATCH 405/937] 'apt install gpg' required on Debian 12+ for apt installs of gitea, kolibri, mongodb, yarn --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index ad80ef98b..1e594131b 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 18 common packages: acpid, bzip2, cron, curl, gawk, gpg, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events @@ -11,6 +11,7 @@ #- exfat-fuse # 28kB download: 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out #- exfat-utils # 41kB download: Ditto! See also 'ntfs-3g' below - gawk # 533kB download + - gpg # 884kB download: Debian 12+ (especially!) require this for apt installs of gitea, kolibri, mongodb, yarn - htop # 109kB download: RasPiOS installs this regardless - i2c-tools # 78kB download: Low-level bus/chip/register/EEPROM tools e.g. for RTC - logrotate # 67kB download: RasPiOS installs this regardless From 25d8d6a0c8357624829d391d6dc19fcaf913fe20 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 24 Aug 2023 18:50:44 -0400 Subject: [PATCH 406/937] nextcloud/tasks/install.yml: Mention 'nginx_high_php_limits: True' behavior #3624 --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index dafff5ad4..f512fcad7 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -93,7 +93,7 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: True' by default" include_tasks: roles/www_options/tasks/php-settings.yml when: php_settings_done is undefined From 1c74b55a7fa87f36d601f878fb51a40a1ec2dcaf Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Aug 2023 07:47:28 -0400 Subject: [PATCH 407/937] iiab-diagnostics: Include Node.js and npm versions --- scripts/iiab-diagnostics | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 8eef6f39b..75d9a2e52 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -224,6 +224,8 @@ cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' cat_cmd 'env' 'Environment variables' +cat_cmd 'node -v' 'Node.js version' +cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From 2b1a8f548aee36f174269119dc46f4d2eacf62a6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Aug 2023 07:51:28 -0400 Subject: [PATCH 408/937] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index abe6b22c8..4a26c3076 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-248 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 1afd6f81e93f53478e1e4a569bc7a02975e207ef Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Aug 2023 20:08:36 -0400 Subject: [PATCH 409/937] default_vars.yml: sudo iiab-network --- vars/default_vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f9d208d5e..062a2f749 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -193,7 +193,7 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network # dnsmasq - handles DHCP and DNS dnsmasq_install: True @@ -209,7 +209,7 @@ dnsmasq_enabled: True #named_enabled: False block_DNS: False -# Enable in local_vars.yml AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable in local_vars.yml AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False # UNMAINTAINED as of October 2017: https://github.com/iiab/iiab/pull/382 @@ -250,7 +250,7 @@ openvpn_server_port: 1194 # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From c046ac72bb67388f816f10132c37b45326b7ab31 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Aug 2023 20:15:07 -0400 Subject: [PATCH 410/937] local_vars_unittest.yml: sudo iiab-network --- vars/local_vars_unittest.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 0a6ed4a72..9fd0605a6 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: UNITTEST - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From 251c92539e9b5b98fb720958b5142a27e6dda11b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Aug 2023 20:16:57 -0400 Subject: [PATCH 411/937] local_vars_small.yml: sudo iiab-network --- vars/local_vars_small.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 3ee17ff7a..be689cd52 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: SMALL - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From a609f3041afd8b47615cc3a27b589aad7c2d8c8c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Aug 2023 20:18:28 -0400 Subject: [PATCH 412/937] local_vars_medium.yml: sudo iiab-network --- vars/local_vars_medium.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 78eaaf4f9..829b6fb6c 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: MEDIUM-sized - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From afa0a497bebc1c0088f01d19469983ff28100db3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Aug 2023 20:20:13 -0400 Subject: [PATCH 413/937] local_vars_large.yml: sudo iiab-network --- vars/local_vars_large.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 95226d852..c1ce47ec6 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: LARGE - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From 7430573573111267baeb14bd2097081335f84381 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Sep 2023 15:12:32 -0400 Subject: [PATCH 414/937] local_vars_large.yml: Set Lokole to False/False due to mkwvconf --- vars/local_vars_large.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c1ce47ec6..7b108429f 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -245,8 +245,8 @@ jupyterhub_install: True jupyterhub_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: True # 2022-03-13: Python 3.9+ work -lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 +lokole_install: False # 2023-09-06: wheel for mkwvconf still +lokole_enabled: False # missing from Ubuntu 23.10 (#3572) # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: True From b9a5a67c7499ad7dd635736ffb0e1eadebeb9d22 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Sep 2023 16:38:11 -0400 Subject: [PATCH 415/937] nodejs/tasks/install.yml: nodesource.com requires NEW install method --- roles/nodejs/tasks/install.yml | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 830b1e002..96e1ec9df 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -95,27 +95,39 @@ # apt install ./nodejs_18.11.0-deb-1nodesource1_amd64.deb # SMARTER + CLEANER THAN: dpkg -i nodejs_18... # echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml -- name: Try 'curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list - shell: curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - +- name: Try NEW (since August 2023) approach setting up /etc/apt/keyrings/nodesource.gpg and /etc/apt/sources.list.d/nodesource.list -- per https://github.com/nodesource/distributions#installation-instructions + shell: | + mkdir -p /etc/apt/keyrings + rm -f /etc/apt/keyrings/nodesource.gpg + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main" > /etc/apt/sources.list.d/nodesource.list register: curl_nodesource ignore_errors: yes - #args: - # warn: no - # creates: /etc/apt/sources.list.d/nodesource.list -- name: Remove /etc/apt/sources.list.d/nodesource.list if install failed above +# 2023-09-06: OBSOLETE as nodesource.com no longer supports https://deb.nodesource.com/node_{{ nodejs_version }}/dists/ +# - name: Try 'curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list +# shell: curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - +# register: curl_nodesource +# ignore_errors: yes +# #args: +# # warn: no +# # creates: /etc/apt/sources.list.d/nodesource.list + +- name: Remove /etc/apt/sources.list.d/nodesource.list if above failed file: path: /etc/apt/sources.list.d/nodesource.list state: absent when: curl_nodesource.failed -- name: Install latest Node.js -- includes /usr/bin/npm if nodesource installed above - package: +- name: Install Node.js -- also includes /usr/bin/npm if nodesource.list installed above + apt: #name: nodejs={{ nodejs_version }} name: nodejs state: latest # Equivalent to 'state: present' ? + update_cache: yes -- name: Also install latest npm (OS's) if nodesource failed to install above -- i.e. if OS not yet supported by https://github.com/nodesource/distributions#deb and https://deb.nodesource.com/node_{{ nodejs_version }}/dists/ +# Also run 'npm install -g npm' later, if you truly want the LATEST! +- name: Also install latest npm (OS's) if nodesource failed to install above -- i.e. if OS not yet supported by https://github.com/nodesource/distributions package: name: npm state: latest # Equivalent to 'state: present' ? From 5193ea2a44f8700efbac230bdd792fc8b1ca28ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Sep 2023 17:32:53 -0400 Subject: [PATCH 416/937] scripts/ansible: Eval piwheels / cryptography fix on 32-bit "RasPiOS 12" --- scripts/ansible | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1e6f2c38a..5f68a0dbe 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -219,14 +219,17 @@ else # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ # if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! - if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 - # else - # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # # `dpkg --print-architecture` was i386 and `uname -m` was i686: - # $APT_PATH/apt -y install python3-cryptography - fi + # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates + # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) + # on pre-release 32-bit RasPiOS 12... (#3526) + # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + # /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 + # # else + # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # # $APT_PATH/apt -y install python3-cryptography + # fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core From 5da0b600579cd422c9e82f1a49acc533c0947973 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Sep 2023 22:15:56 -0400 Subject: [PATCH 417/937] iiab-diagnostics: pastebinit service back to sprunge.us --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 75d9a2e52..49927c881 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -265,13 +265,13 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " - #pastebinit -b sprunge.us < $outfile # Stopped working mid-2023 + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023) #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins - pastebinit -b dpaste.com < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs + #pastebinit -b dpaste.com < $outfile # Claims 1,000,000 character maximum pastebin size, but not reliable else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b dpaste.com < $outfile" + echo -e " pastebinit -b sprunge.us < $outfile" fi echo -e "\e[0m" From d585def5d338f1fca3fd6cdb24c6392bbcaedff1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Sep 2023 22:17:35 -0400 Subject: [PATCH 418/937] iiab-diagnostics.README.md: Change dpaste.com back to sprunge.us --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 4a26c3076..1d0feab6c 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b dpaste.com < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From 8ef8752ad7fb2f819d903deab8afb954dfdc43b0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Sep 2023 11:37:32 -0400 Subject: [PATCH 419/937] scripts/ansible: Evaluate 'apt install ansible-core' on 32-bit RasPiOS --- scripts/ansible | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1e6f2c38a..af31ca78d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -200,7 +200,12 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -if [[ $(dpkg --print-architecture) == i386 ]]; then +# 2023-09-08: 'apt install ansible-core' is overweight, but @EMG70 is trying it +# on "32-bit" RasPiOS 12 too (regardless if it boot 32-bit or 64-bit kernel). +# Ugly hack sufficient across the board, on all OS's purporting to be 32-bit? +# (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) +if ! dpkg --print-architecture | grep -q 64; then +#if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 From b38b45e27ce34b1e5e849a194fc82b44517e349d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Sep 2023 11:55:37 -0400 Subject: [PATCH 420/937] scripts/ansible: Clarify 'apt install ansible-core' test on "32-bit" OS's --- scripts/ansible | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index af31ca78d..1c9ac3c4d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -201,9 +201,11 @@ $APT_PATH/apt update $APT_PATH/apt -y install python3-venv # 2023-09-08: 'apt install ansible-core' is overweight, but @EMG70 is trying it -# on "32-bit" RasPiOS 12 too (regardless if it boot 32-bit or 64-bit kernel). -# Ugly hack sufficient across the board, on all OS's purporting to be 32-bit? -# (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) +# on "32-bit" RasPiOS 12 too (regardless if it boots 32-bit or 64-bit kernel, +# i.e. whether or not booting a 32-bit kernel thanks to 'arm_64bit=0' in +# /boot/config.txt per #3516). +# IN SHORT: Ugly hack sufficient across the board, on all OS's purporting to be +# 32-bit ? (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) if ! dpkg --print-architecture | grep -q 64; then #if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 From 9c7c689a55aff29090ada36b1320dcf24987f435 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Sep 2023 12:43:30 -0400 Subject: [PATCH 421/937] iiab-summary: 'uname -n' hostname + 'uname -m' kernel arch for RasPiOS --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 2e1da90a7..75102048d 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -64,7 +64,7 @@ else echo "$(cat /etc/issue.net) $(cat /etc/debian_version)" fi echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $(dpkg --print-architecture) Arch2: $(dpkg --print-foreign-architectures)" -uname -rvp +uname -nrvm echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) if [ -f /proc/device-tree/model ]; then cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo From f363494625a83c569b8069851e0bd2534ee6b85d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Sep 2023 16:05:09 -0400 Subject: [PATCH 422/937] Force 'apt install ansible-core' on "32-bit" IFF "Debian 12+" --- scripts/ansible | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1c9ac3c4d..d0535bda7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -200,13 +200,12 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -# 2023-09-08: 'apt install ansible-core' is overweight, but @EMG70 is trying it -# on "32-bit" RasPiOS 12 too (regardless if it boots 32-bit or 64-bit kernel, -# i.e. whether or not booting a 32-bit kernel thanks to 'arm_64bit=0' in -# /boot/config.txt per #3516). -# IN SHORT: Ugly hack sufficient across the board, on all OS's purporting to be -# 32-bit ? (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) -if ! dpkg --print-architecture | grep -q 64; then +# 2023-09-08 PR #3634: 'apt install ansible-core' is overweight, but works on +# "32-bit" RasPiOS 12 (@EMG70 set 'arm_64bit=0' in /boot/config.txt per #3516 +# to force boot its 32-bit kernel; its 64-bit kernel should work too!) +# IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's +# (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). +if ! dpkg --print-architecture | grep -q 64 && ! grep -q 11 /etc/debian_version; then #if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! From 14f2f8be69184ee108a6fbb1c1a4ea346969be58 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Sep 2023 17:03:10 -0400 Subject: [PATCH 423/937] scripts/ansible: Comment out stale tips RE: ansible-base & /etc/apt --- scripts/ansible | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index d0535bda7..931eb8e80 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -89,10 +89,10 @@ echo -e "RECOMMENDED PREREQUISITES:" echo -e "(1) Verify you're online" echo -e "(2) Remove all prior versions of Ansible using..." echo -e " 'apt purge ansible-core' and/or 'pip3 uninstall ansible-core' and/or" -echo -e " 'apt purge ansible-base' and/or 'pip3 uninstall ansible-base' and/or" +#echo -e " 'apt purge ansible-base' and/or 'pip3 uninstall ansible-base' and/or" echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'" -echo -e "(3) Remove all lines containing 'ansible' from..." -echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" +#echo -e "(3) Remove all lines containing 'ansible' from..." +#echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" From eb09a04bd99c71f082c986fab794158f6f1cfc61 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Sep 2023 17:10:23 -0400 Subject: [PATCH 424/937] scripts/ansible: Mention "+packages" PPA URL --- scripts/ansible | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ansible b/scripts/ansible index 931eb8e80..da7d9ed89 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -49,6 +49,7 @@ GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://launchpad.net/~ansible # https://launchpad.net/~ansible-gha # https://launchpad.net/~ansible/+archive/ubuntu/ansible +# https://launchpad.net/~ansible/+archive/ubuntu/ansible/+packages # https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible-core/ From f527807bb83b70ed61a669d70ab0d7b1234f6f06 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Sep 2023 18:56:55 -0400 Subject: [PATCH 425/937] scripts/ansible: Document 'pipx install ansible-core' --- scripts/ansible | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index da7d9ed89..692850f7b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -215,6 +215,12 @@ else # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask # that virtual environments (venv) be used to safely isolate pip installs: # https://peps.python.org/pep-0668 + + # 2023-09-08: NEW WAY ANSIBLE RECOMMENDS? https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html + # $APT_PATH/apt -y install pipx # Typically adds 50+ packages! + # pipx install ansible-core + # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible + echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible From 42e3485023535bd11c8d107bf87b531ea8a6cc3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 10 Sep 2023 09:07:32 -0400 Subject: [PATCH 426/937] Verify apt package 'ansible-core' is truly available on "32-bit" --- scripts/ansible | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 692850f7b..2bb8168b9 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -206,7 +206,10 @@ $APT_PATH/apt -y install python3-venv # to force boot its 32-bit kernel; its 64-bit kernel should work too!) # IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). -if ! dpkg --print-architecture | grep -q 64 && ! grep -q 11 /etc/debian_version; then +# 2023-09-10: Even safer test than querying for Debian 12+ -- verify that apt +# package ansible-core is truly available: +if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then +#if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then #if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! From ee20455bd7edc6278190e4df8acb352fb04e5fbe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 10 Sep 2023 09:20:54 -0400 Subject: [PATCH 427/937] scripts/ansible: Clarify PR #3637 test for apt pkg ansible-core --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2bb8168b9..fa5b704cf 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -206,8 +206,8 @@ $APT_PATH/apt -y install python3-venv # to force boot its 32-bit kernel; its 64-bit kernel should work too!) # IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). -# 2023-09-10: Even safer test than querying for Debian 12+ -- verify that apt -# package ansible-core is truly available: +# 2023-09-10 PR #3637: Even safer test than querying for Debian 12+ -- verify +# that apt package ansible-core is truly available: if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then #if [[ $(dpkg --print-architecture) == i386 ]]; then From 05372f85081824cef0fce73461aa3a00ebca0687 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 10 Sep 2023 21:03:27 -0400 Subject: [PATCH 428/937] scripts/ansible: Interim /etc/pip.conf for "32-bit" RasPiOS 12 --- scripts/ansible | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 10dc82a93..ead6b392e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -227,6 +227,17 @@ else echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible + # 2023-09-10: Work around #3526 "32-bit" RasPiOS 12 pre-release issue... + # 'Package issue: cryptography 41.0.3 leads to cffi 1.15.1 failure on + # "32-bit" Raspberry Pi OS [REASON: /etc/pip.conf missing on some Bookworm + # pre-releases' == https://github.com/piwheels/packages/issues/390 + if ! [ -f /etc/pip.conf ] && [ -f /etc/rpi-issue ]; then + cat > /etc/pip.conf << EOF +[global] +extra-index-url=https://www.piwheels.org/simple +EOF + fi + # "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: # if ! grep -qi ubuntu /etc/os-release; then # From 7191d52a5da570ca9d025ac1ae140c7da95cda8b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 10 Sep 2023 21:32:13 -0400 Subject: [PATCH 429/937] Revert #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 --- scripts/ansible | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ead6b392e..1b3f41535 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -208,9 +208,10 @@ $APT_PATH/apt -y install python3-venv # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). # 2023-09-10 PR #3637: Even safer test than querying for Debian 12+ -- verify # that apt package ansible-core is truly available: -if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then +#if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then -#if [[ $(dpkg --print-architecture) == i386 ]]; then +# 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 +if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 From 1986126701954c10912ba5be2e35b58b7948a591 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 10 Sep 2023 21:44:12 -0400 Subject: [PATCH 430/937] apt instead of pip IFF "i386" AND ansible-core apt installable --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1b3f41535..ee289b99b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -211,7 +211,7 @@ $APT_PATH/apt -y install python3-venv #if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then # 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 -if [[ $(dpkg --print-architecture) == i386 ]]; then +if [[ $(dpkg --print-architecture) == "i386" ]] && apt-cache show ansible-core > /dev/null; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 From c85c292a5e852ad7491466e829860b13b70c5bc1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Sep 2023 00:54:05 -0400 Subject: [PATCH 431/937] install_python2.sh: ports.ubuntu.com apt sources for "32-bit" RasPiOS 12 --- scripts/install_python2.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index d186c8cbe..43db6f8ef 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -38,7 +38,8 @@ ARCH=$(dpkg --print-architecture) # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` -cd /tmp +#cd /tmp + case $ARCH in "amd64") # works on U23.04 x86_64 VM @@ -58,12 +59,16 @@ EOF "armhf") # armhf compile flags differ between RasPiOS and Ubuntu - if ! [ -f /etc/rpi-issue ]; then - # these might change + if [ -f /etc/rpi-issue ] && ! grep -q 11 /etc/issue; then # RasPiOS 12+ / Bookworm+ cat << EOF > /etc/apt/sources.list.d/python2.list -deb http://ports.ubuntu.com/ jammy main universe -deb http://ports.ubuntu.com/ jammy-updates main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF +# elif ! [ -f /etc/rpi-issue ]; then # Ubuntu/Debian on armhf not supported +# cat << EOF > /etc/apt/sources.list.d/python2.list +# deb http://ports.ubuntu.com/ jammy main universe +# deb http://ports.ubuntu.com/ jammy-updates main universe +# EOF fi ;; From 821f1448b132c9ad08c88c1f3e6ed0ca1fc30bbe Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Sep 2023 01:51:40 -0400 Subject: [PATCH 432/937] CLARIF: apt-not-pip on 32-bit i386 for ansible-core --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ee289b99b..1b42305ae 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -212,8 +212,8 @@ $APT_PATH/apt -y install python3-venv #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then # 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 if [[ $(dpkg --print-architecture) == "i386" ]] && apt-cache show ansible-core > /dev/null; then - # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 - # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! + # 2023-08-10 #3613/#3615/#3617: apt-not-pip kludge for legacy 32-bit i386 + # (DEBIAN 12+ ETC) avoids #3547 rust/wheels/cryptography compiling mess! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 else # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask From 9d4ae8966be9b8e2b7638fdcd3a4d5fdf00ddcd4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Sep 2023 09:39:17 -0400 Subject: [PATCH 433/937] jupyterhub/README.md: Steer implementers away from 32-bit OS's! --- roles/jupyterhub/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index db780e595..6a48cacf5 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -1,5 +1,7 @@ ## JupyterHub programming environment with student Notebooks +### CAUTION: Internet-in-a-Box (IIAB) does not support JupyterHub on 32-bit OS's, where installation will likely fail ([#3639](https://github.com/iiab/iiab/issues/3639)). + #### Secondary schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their own blog-like "Jupyter Notebooks." * Jupyter Notebooks are widely used in the scientific community: @@ -10,7 +12,7 @@ * Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (unfortunately the login screen doesn't make that clear, but the teacher _does not_ need to be involved!) * A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks). * The teacher should set and protect JupyterHub's overall `Admin` password, just in case. As with student accounts, the login screen unfortunately doesn't make that clear — so just log in with username `Admin` — using any password that you want to become permanent. -* Individual student folders are created in `/var/lib/private/` on the Internet-in-a-Box (IIAB) server: +* Individual student folders are created in `/var/lib/private/` on your Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. * Linux administrators can read more about JupyterHub's [Local Users](https://github.com/jupyterhub/systemdspawner#local-users) and [c.SystemdSpawner.dynamic_users = True](https://github.com/jupyterhub/systemdspawner#dynamic_users) From 28cfb9cf47f6a62d05edfc733b4a193bfdf24295 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Sep 2023 18:25:08 -0400 Subject: [PATCH 434/937] Recommend ansible-core 2.15.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ee289b99b..5f44a6700 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.3] -GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.4] +GOOD_VER=2.15.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From b184897d1e715dca58a69509c38723effa3ad279 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Sep 2023 18:26:26 -0400 Subject: [PATCH 435/937] iiab-install: Set MIN_ANSIBLE_VER=2.13.12 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index bd7185f41..c6a8eb361 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.13.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 0e30549e432299f728e131cbc1bd60446933b098 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 16 Sep 2023 12:34:13 -0400 Subject: [PATCH 436/937] Nextcloud 27.1.0 download & /library/www/nextcloud sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f512fcad7..ce62729c8 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -108,7 +108,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~162 MB) to {{ nextcloud_root_dir }} (~555 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~606 MB initially, sometimes ~642 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 6333c707b824e222c69bc9cb952a4b5af0afb23d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 16 Sep 2023 18:42:29 -0400 Subject: [PATCH 437/937] README.md: Refine quotation marks --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 633e0b392..2fcb5085c 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ # Internet-in-a-Box (IIAB) -[Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) is a "learning hotspot" that brings the Internet's crown jewels -(Wikipedia in any language, thousands of Khan Academy videos, zoomable OpenStreetMap, electronic books, WordPress journaling, Toys from Trash electronics projects, ETC) to those without Internet. +[Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) is a “learning hotspot” that brings the Internet's crown jewels +(Wikipedia in any language, thousands of Khan Academy videos, zoomable OpenStreetMap, electronic books, WordPress journaling, “Toys from Trash” electronics projects, ETC) to those without Internet. You can build your own tiny, affordable server (an offline digital library) for your school, your medical clinic, your prison, your region and/or your very own family — accessible with any nearby smartphone, tablet or laptop. @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. @@ -37,14 +37,14 @@ Global community updates and videos are regularly posted to: **[@internet_in_box _Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over ["How can I help?"](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -To learn more about our open community architecture for "offline" learning, check out ["What technical documentation exists?"](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists%3F) +To learn more about our open community architecture for “offline” learning, check out [“What technical documentation exists?”](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists%3F) FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use%3F) to install, deploy, configure and manage the various software components. -*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* +*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as “Sneakernet-of-Alexandria” distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* ## Versions From 4a700cc351789589fdf0bb91263567a676973a62 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Sep 2023 09:51:50 -0400 Subject: [PATCH 438/937] 2-common/tasks/packages.yml: 'apt install lshw' --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 1e594131b..95b227d95 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 18 common packages: acpid, bzip2, cron, curl, gawk, gpg, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 19 common packages: acpid, bzip2, cron, curl, gawk, gpg, htop, i2c-tools, logrotate, lshw, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events @@ -15,6 +15,7 @@ - htop # 109kB download: RasPiOS installs this regardless - i2c-tools # 78kB download: Low-level bus/chip/register/EEPROM tools e.g. for RTC - logrotate # 67kB download: RasPiOS installs this regardless + - lshw # 257kB download: For 'lshw -C network' in iiab-diagnostics #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 From 97f1038ab7703ab3d33c2196a8c8230a1ff05221 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Sep 2023 10:00:33 -0400 Subject: [PATCH 439/937] scripts/iiab-diagnostics: 'lshw -C network' --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 49927c881..adbaa73ea 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -200,6 +200,7 @@ cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' cat_cmd 'blkid' 'Mount point details' cat_file /etc/fstab +cat_cmd 'lshw -C network' 'Network hardware/interfaces' cat_cmd 'ip addr' 'Network interfaces' cat_cmd 'ifconfig' 'Network interfaces (old view)' cat_cmd 'ip route' 'Routing table' From 91fcc6ff07c3407a3320c450ba27b9f44c3b18c3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Sep 2023 10:02:45 -0400 Subject: [PATCH 440/937] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 1d0feab6c..6f3b4fed0 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-248 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 470b64bc5acf2d9d53be0847d53caa38c6e73a6d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Sep 2023 10:04:04 -0400 Subject: [PATCH 441/937] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 6f3b4fed0..7216e8feb 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -64,8 +64,6 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Include a description of the symptoms, and how to reproduce the problem. -4. If you don't understand Step 3, email everything to bugs@iiab.io instead. - ## Source Code Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From a8772498cbab4834677e8fbdfb4c1770b98b7c21 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 26 Sep 2023 13:02:00 -0400 Subject: [PATCH 442/937] install_python2.sh: apt-mark hold python3-virtualenv --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 43db6f8ef..b9d0d2bed 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -90,7 +90,7 @@ if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) nee apt -y install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs apt -y install python3-virtualenv=20.13.0+ds-2 - apt-mark hold virtualenv + apt-mark hold python3-virtualenv # 2023-09-26: 'apt-mark hold virtualenv' was definitely insufficient on Ubuntu 23.10 # 2023-05-21 PR #3587: Above 4 lines should really install a more recent # version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? else From ca19c18b80fa9975838e38f724b78e308264f609 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 27 Sep 2023 11:20:04 -0400 Subject: [PATCH 443/937] mediawiki/defaults/main.yml: Security release 1.40.1 ETA 2023-09-28 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 22cd060ad..ddad4f10c 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 488e2fbe0d1fdfe6f4c2b212e7e849b570cb1023 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Sep 2023 19:49:04 -0400 Subject: [PATCH 444/937] scripts/ansible: Install cryptography==41.0.3 if dpkg arch armhf --- scripts/ansible | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 19717a95c..554720f3b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -250,14 +250,14 @@ EOF # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) - # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - # /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 - # # else - # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # # `dpkg --print-architecture` was i386 and `uname -m` was i686: - # # $APT_PATH/apt -y install python3-cryptography - # fi + if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # 2023-09-30: 41.0.4 fails for now, see #3650 + # else + # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # $APT_PATH/apt -y install python3-cryptography + fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core From efdf693621d4fc2e3e2588631da6728cabcf55fb Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Sep 2023 20:32:32 -0400 Subject: [PATCH 445/937] scripts/ansible: Also 'apt install libffi-dev python3-dev' on armhf --- scripts/ansible | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 554720f3b..8b8e95eb7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -251,7 +251,8 @@ EOF # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # 2023-09-30: 41.0.4 fails for now, see #3650 + $APT_PATH/apt -y install libffi-dev python3-dev # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 + /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # else # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where From 8f12c34b1c686d78ec0959fe4743e8c44d42ded0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Sep 2023 21:31:33 -0400 Subject: [PATCH 446/937] munin/tasks/install.yml: Fix Ansible quotes around #3434 --- roles/munin/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 4366a19d8..f6b23e619 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -4,7 +4,7 @@ # SEE ALSO roles/network/tasks/install.yml -- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 +- name: "TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434" sysctl: name: net.ipv6.conf.all.disable_ipv6 value: 0 From 6c9e684841433cfc816440fee238d86258a4c96f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Oct 2023 13:46:03 -0400 Subject: [PATCH 447/937] scripts/ansible: pip install --prefer-binary ansible-core --- scripts/ansible | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 8b8e95eb7..b1226f0d3 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -250,18 +250,24 @@ EOF # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) - if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - $APT_PATH/apt -y install libffi-dev python3-dev # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 - /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 - # else - # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # `dpkg --print-architecture` was i386 and `uname -m` was i686: - # $APT_PATH/apt -y install python3-cryptography - fi + # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + # # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 + # $APT_PATH/apt -y install libffi-dev python3-dev + # /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 + # # else + # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # # $APT_PATH/apt -y install python3-cryptography + # fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) - /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core + # 2023-10-01 #3650: --prefer-binary or --only-binary ensure you get wheels, + # even if they're not the very latest release -- thereby avoiding compiling + # messes -- and obviating the need for these 2: (above, both commented out) + # - 'install libffi-dev python3-dev' + # - painstaking pinning of cryptography or cffi (etc) to older version numbers + /usr/local/ansible/bin/python3 -m pip install --prefer-binary --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do From d55e61c32b990c39f94a11b70802e059aafd2b18 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Oct 2023 13:55:33 -0400 Subject: [PATCH 448/937] scripts/ansible: Clean up explanation of --prefer-binary --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b1226f0d3..b3a110960 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -265,8 +265,8 @@ EOF # 2023-10-01 #3650: --prefer-binary or --only-binary ensure you get wheels, # even if they're not the very latest release -- thereby avoiding compiling # messes -- and obviating the need for these 2: (above, both commented out) - # - 'install libffi-dev python3-dev' - # - painstaking pinning of cryptography or cffi (etc) to older version numbers + # - 'apt -y install libffi-dev python3-dev' + # - painstaking pinning of cryptography or cffi (etc) to older version #s /usr/local/ansible/bin/python3 -m pip install --prefer-binary --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin From 3b70f38544f0703606852569f0ab95ea789ac222 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 1 Oct 2023 18:34:19 -0400 Subject: [PATCH 449/937] 32-bit fixes (CWeb, JHub, Moodle) + defer IArchive --- roles/9-local-addons/tasks/main.yml | 15 ++++++++++++++- roles/calibre-web/tasks/install.yml | 3 ++- roles/jupyterhub/tasks/install.yml | 4 ++-- roles/moodle/tasks/install.yml | 10 ++++++++-- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index ac657cd5c..075752bec 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -14,10 +14,23 @@ name: captiveportal when: captiveportal_install +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) + command: dpkg --print-architecture + register: dpkg_arch + when: internetarchive_install + +- name: Explain bypassing of Internet Archive install if 32-bit OS + fail: # FORCE IT RED THIS ONCE! + msg: "BYPASSING INTERNET ARCHIVE PER https://github.com/iiab/iiab/issues/3641 -- 'dpkg --print-architecture' output for your OS: {{ dpkg_arch.stdout }}" + when: internetarchive_install and not dpkg_arch.stdout is search("64") + ignore_errors: True + - name: INTERNETARCHIVE include_role: name: internetarchive - when: internetarchive_install + when: internetarchive_install and dpkg_arch.stdout is search("64") - name: MINETEST include_role: diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 96bdda124..f1eac71ec 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -63,8 +63,9 @@ pip: requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 8d7273215..4e23f9ccc 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -53,7 +53,7 @@ virtualenv_site_packages: no virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) - extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 + extra_args: "--no-cache-dir --prefer-binary" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 # 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below) # fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) @@ -69,7 +69,7 @@ virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" - extra_args: "--no-cache-dir" + extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" template: diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 570e782b7..1406a6e38 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -71,10 +71,16 @@ when: opt_iiab_moodle.stat.exists -- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER MOODLE 4.1 LTS ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) + command: dpkg --print-architecture + register: dpkg_arch + +- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO INSTALLING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022" set_fact: moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS - when: php_version is version('8.0', '<') + when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") - name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 git: From 542198376637edaf6cbd0562a833af66273963d6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Oct 2023 21:40:55 -0400 Subject: [PATCH 450/937] transmission/README.rst: Clarify 4.0.4+ compile slowness & 4.1 soon? --- roles/transmission/README.rst | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 8df899064..4b95b3309 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -15,20 +15,23 @@ Transmission README Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form). All these incarnations feature a very simple and intuitive interface, on top on an efficient, cross-platform backend: https://transmissionbt.com -Transmission is intended to download KA Lite content to Internet-in-a-Box (IIAB) from places like https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. +Transmission is intended to download content like KA Lite to Internet-in-a-Box (IIAB), from places like https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO Caution ------- -Usage of Transmission consumes significant Internet data and system resources. -Caveat emptor! (That's Latin for "Buyer Beware") +In order to make the latest features available to you as October 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ `_, which painfully can take most of an hour. + +We hope that `Transmission 4.1 `_ install options improve soon for 2024 (`#5585 `_) eliminating this install-time slowness! + +Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") Using It -------- -Install Transmission by setting 'transmission_install' and 'transmission_enabled' to True in `/etc/iiab/local_vars.yml `_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: +Install Transmission by setting ``transmission_install: True`` and ``transmission_enabled: True`` in `/etc/iiab/local_vars.yml `_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: cd /opt/iiab/iiab ./runrole transmission From 67235691099c767c2cb018c060edd85add85433b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Oct 2023 22:00:37 -0400 Subject: [PATCH 451/937] transmission/README.rst: "2023 Caution" re: slow compile --- roles/transmission/README.rst | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 4b95b3309..f868f7f9e 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -19,14 +19,16 @@ Transmission is intended to download content like KA Lite to Internet-in-a-Box ( For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO -Caution -------- +2023 Caution +------------ -In order to make the latest features available to you as October 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ `_, which painfully can take most of an hour. +In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ `_ as you install it, which unfortunately can take most of an hour. -We hope that `Transmission 4.1 `_ install options improve soon for 2024 (`#5585 `_) eliminating this install-time slowness! +Thankfully `Transmission 4.1+ `_ should install quickly starting sometime soon in 2024 (`#5585 `_) eliminating this install-time slowness! -Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") +Finally, if you want to quickly install a very old version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml `_ prior to installing. + +.. Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") Using It -------- From 7905e30f22a59618cdb16020668a941e75c8e6a2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Oct 2023 22:50:08 -0400 Subject: [PATCH 452/937] transmission/README.rst: "2023 Caution" grammar touch-ups --- roles/transmission/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index f868f7f9e..e8bf3f7a7 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -24,9 +24,9 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ `_ as you install it, which unfortunately can take most of an hour. -Thankfully `Transmission 4.1+ `_ should install quickly starting sometime soon in 2024 (`#5585 `_) eliminating this install-time slowness! +Thankfully `Transmission 4.1+ `_ should once again install quickly, starting sometime soon in 2024 (`#5585 `_). -Finally, if you want to quickly install a very old version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml `_ prior to installing. +Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml `_ prior to installing. .. Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") From aad284b3c6a3f65aa7c17458b3f70e5d5f2649c2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 2 Oct 2023 15:27:45 -0400 Subject: [PATCH 453/937] transmission/README.rst: Link to Debian 12 docs --- roles/transmission/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index e8bf3f7a7..7e68d1325 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -24,7 +24,7 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ `_ as you install it, which unfortunately can take most of an hour. -Thankfully `Transmission 4.1+ `_ should once again install quickly, starting sometime soon in 2024 (`#5585 `_). +Thankfully `Transmission 4.1+ `_ should once again install quickly, starting sometime soon in 2024 (`#5585 `_, `PR #5866 `_). Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml `_ prior to installing. From beb34f8eee6b4db28b6ffa2147c82aa526b977ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 2 Oct 2023 19:01:34 -0400 Subject: [PATCH 454/937] nextcloud/README.md: Quick cleanup & update --- roles/nextcloud/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 64747521b..07556d4a2 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) -(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : +(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : - upload_max_filesize - post_max_size @@ -38,11 +38,11 @@ FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/php-settings.yml#L55-L110](../www_options/tasks/php-settings.yml#L55-L110) -(4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +(4) Verify system requirements and recommendations for the [latest version Nextcloud](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule): - https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml ## Using It From 332c968c5213acc437412637affc77a149cf13fb Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 2 Oct 2023 19:28:07 -0400 Subject: [PATCH 455/937] nextcloud/README.md: Clarify PHP/RAM/disk warning --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 07556d4a2..b33ca98ea 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) -(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : +(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure: - upload_max_filesize - post_max_size From 3ef3a4cfa124c02d9419e5a5af0db993b61d67ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 3 Oct 2023 08:47:20 -0400 Subject: [PATCH 456/937] nextcloud/README.md: Clarify automatic 'nginx_high_php_limits: True' --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index b33ca98ea..e74518b32 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) -(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure: +(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP, and is effectively auto-enabled for Nextcloud ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure: - upload_max_filesize - post_max_size From 667c07048bbb1f55bb822e9cbbda1a70f8830aa9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 5 Oct 2023 14:43:30 -0400 Subject: [PATCH 457/937] moodle/install.yml CLARIF: Reverting to 4.1 LTS is not guaranteed --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 1406a6e38..f1a5a7cbd 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -77,7 +77,7 @@ command: dpkg --print-architecture register: dpkg_arch -- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO INSTALLING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022" +- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO TRYING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022" set_fact: moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") From 03d49be4a03ccf86dd28e817c611c4e97a94358e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 5 Oct 2023 16:52:23 -0400 Subject: [PATCH 458/937] iiab-expand-rootfs DOC: raspi-config nonint do_expand_rootfs --- roles/1-prep/templates/iiab-expand-rootfs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index a1fd06772..f6c75b46e 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -14,6 +14,9 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config + # 2023-10-05: Official new RPi instructions: + # sudo raspi-config nonint do_expand_rootfs + # https://www.raspberrypi.com/documentation/computers/configuration.html#expand-filesystem-nonint raspi-config --expand-rootfs # REQUIRES A REBOOT rm -f /.expand-rootfs /.resize-rootfs reboot # In future, we might warn interactive users that a reboot is coming? From 2e919694cfb43f43f2177f752d84b4e1469b6793 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 Oct 2023 12:07:12 -0400 Subject: [PATCH 459/937] Recommend ansible-core 2.15.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b3a110960..105a737c1 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.4] -GOOD_VER=2.15.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.5] +GOOD_VER=2.15.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From eea8b086ee8d71d2e81ba2474bae1e6a4cf678e0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 Oct 2023 12:12:14 -0400 Subject: [PATCH 460/937] iiab-install: Set MIN_ANSIBLE_VER=2.13.13 w/ #3654 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index c6a8eb361..3b7811308 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.13.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From f3d30d6187d97e514107f9f0cfc8270511d48cda Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 Oct 2023 11:32:35 -0400 Subject: [PATCH 461/937] moodle_version: MOODLE_403_STABLE (Moodle 4.3) --- roles/moodle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 57f48e4a6..4597665b1 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -11,7 +11,7 @@ # 2023-04-25: Currently testing Moodle's master branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_402_STABLE # Moodle 4.2 +moodle_version: MOODLE_403_STABLE # Moodle 4.3 #moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From ca34259402c5dc11bdabb74a9d1878c1195e6d2f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 Oct 2023 11:35:34 -0400 Subject: [PATCH 462/937] For now, install Moodle 4.4dev if PHP >= 8.3 --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index f1a5a7cbd..9edbafca3 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -87,7 +87,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2) + version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) when: php_version is version('8.3', '<') - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" @@ -95,7 +95,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023) + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From 1016a49edd1afa4d66c0b0220e52cc0a5b19651d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 Oct 2023 11:58:29 -0400 Subject: [PATCH 463/937] moodle/tasks/install.yml: Note new Moodle 4.3 disk footprint(s) --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 9edbafca3..eb6ec62d5 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -82,7 +82,7 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.3 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle @@ -90,7 +90,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From de83ed694f94e9a5da25ce4d9958ae5dcd0b2fc5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 Oct 2023 15:13:28 -0400 Subject: [PATCH 464/937] Links: RasPiOS Bookworm doc for Python with venv --- roles/calibre-web/tasks/install.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index f1eac71ec..d8f2c6f94 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -67,6 +67,10 @@ virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 +# 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) +# https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi +# https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments + # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 # source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) From 60763fab8e41ee126a21af250cb6639203cbaed3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 Oct 2023 15:15:33 -0400 Subject: [PATCH 465/937] scripts/ansible links: RasPiOS Bookworm doc for Python with venv --- scripts/ansible | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 105a737c1..6af471008 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -225,6 +225,10 @@ else # pipx install ansible-core # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible + # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) + # https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi + # https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments + echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible From e1ccb6c3285e7e78e9cc88365d9394393ed12957 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 11 Oct 2023 20:39:38 -0500 Subject: [PATCH 466/937] Update install.yml moving --- roles/network/tasks/install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 188713b8f..df473eae1 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -31,7 +31,6 @@ - libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - netmask # 25kB download: Handy utility -- helps determine network masks - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP From cf47363316f718e8b491459de0a346daf2d9116d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 11 Oct 2023 20:46:45 -0500 Subject: [PATCH 467/937] Update sysd-netd-debian.yml rework for RasPiOS --- roles/network/tasks/sysd-netd-debian.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 391494382..32734a77b 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,4 +1,11 @@ # sysd-netd-debian.yml +- name: 'Install systemd-networkd, systemd-resolved, networkd-dispatcher + package: + name: + - systemd-networkd + - systemd-resolved + - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes + - name: Copy the bridge script - Creates br0 template: dest: /etc/systemd/network/IIAB-Bridge.netdev From 4c8ca30769770e04f5f3be9bc4451df93cc851af Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 11 Oct 2023 20:57:55 -0500 Subject: [PATCH 468/937] Update sysd-netd-debian.yml --- roles/network/tasks/sysd-netd-debian.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 32734a77b..1613f9a4c 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -2,8 +2,6 @@ - name: 'Install systemd-networkd, systemd-resolved, networkd-dispatcher package: name: - - systemd-networkd - - systemd-resolved - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - name: Copy the bridge script - Creates br0 From b81d3365de75d1dfa31c38cf457c28be15a2f239 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 11 Oct 2023 20:58:28 -0500 Subject: [PATCH 469/937] Update sysd-netd-debian.yml --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 1613f9a4c..3a815008d 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,5 +1,5 @@ # sysd-netd-debian.yml -- name: 'Install systemd-networkd, systemd-resolved, networkd-dispatcher +- name: 'Install networkd-dispatcher package: name: - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes From 7055165f7705326b0499e97ceb199de4d2685307 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 11 Oct 2023 21:13:07 -0500 Subject: [PATCH 470/937] Update sysd-netd-debian.yml --- roles/network/tasks/sysd-netd-debian.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 3a815008d..0a734aa44 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -4,6 +4,12 @@ name: - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes +- name: 'Install networkd-resolved + package: + name: + - networkd-resolved + when: is_raspbian and os_ver is version('raspbian-12', '>=') + - name: Copy the bridge script - Creates br0 template: dest: /etc/systemd/network/IIAB-Bridge.netdev From cdd88d20c55e5c7c9d45b5d2b045c7ff60ff09a7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 11 Oct 2023 21:19:02 -0500 Subject: [PATCH 471/937] Update sysd-netd-debian.yml 'systemd' --- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 0a734aa44..3fe944511 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -4,10 +4,10 @@ name: - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes -- name: 'Install networkd-resolved +- name: 'Install systemd-resolved for RasPiOS package: name: - - networkd-resolved + - systemd-resolved when: is_raspbian and os_ver is version('raspbian-12', '>=') - name: Copy the bridge script - Creates br0 From 6f397c63a9f8629a6b7952b80fca4b77a59d0fa1 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 14 Oct 2023 15:32:50 -0400 Subject: [PATCH 472/937] sysd-netd-debian.yml: Install systemd-resolved (if available) --- roles/network/tasks/main.yml | 4 ++-- roles/network/tasks/sysd-netd-debian.yml | 19 ++++++++++++------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 9e2954892..7a1e6d5f5 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -75,13 +75,13 @@ - name: NetworkManager in use include_tasks: NM-debian.yml when: network_manager_active - #when: is_debuntu and network_manager_active - name: systemd-networkd in use include_tasks: sysd-netd-debian.yml when: systemd_networkd_active - #when: is_debuntu and systemd_networkd_active + #when: systemd_networkd_active and not network_manager_active # 2023-10-11: NOT the right way to solve #3657 (systemd-resolved issue on RasPiOS 12+) as this would damage Ubuntu/Mint. + # 2023-10-11: Should rpi_debian.yml go away in future, now that RasPiOS Bookworm uses NetworkManager? - name: Raspbian can use dhcpcd only with no N-M or SYS-NETD active include_tasks: rpi_debian.yml when: is_raspbian and not network_manager_active diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 3fe944511..7fb0e26c9 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,14 +1,19 @@ # sysd-netd-debian.yml -- name: 'Install networkd-dispatcher +- name: Install networkd-dispatcher package: - name: - - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes + name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes -- name: 'Install systemd-resolved for RasPiOS +# 2023-10-14 #3657, #3658, #3659: New RasPiOS 12/Bookworm issue. +# FWIW Ubuntu >= 22.10 offers 'systemd-resolved' as a distinct apt package. +# Whereas Ubuntu <= 22.04 bundled the functionality within apt package 'systemd' +# Debian 12/Bookworm (like Ubuntu >= 22.10) offers it as a distinct package: +# https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#systemd-resolved +- name: Install systemd-resolved (or intentionally show red error then continue, if apt package not available) package: - name: - - systemd-resolved - when: is_raspbian and os_ver is version('raspbian-12', '>=') + name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm + ignore_errors: yes + #shell: apt -y install systemd-resolved || true + #when: is_raspbian and os_ver is version('raspbian-12', '>=') - name: Copy the bridge script - Creates br0 template: From bbef784d8011f2c23e9097820ee012f43edd367f Mon Sep 17 00:00:00 2001 From: root Date: Sat, 14 Oct 2023 15:45:51 -0400 Subject: [PATCH 473/937] sysd-netd-debian.yml: Clean comment spacing --- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 7fb0e26c9..9868d5b96 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,7 +1,7 @@ # sysd-netd-debian.yml - name: Install networkd-dispatcher package: - name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes + name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes # 2023-10-14 #3657, #3658, #3659: New RasPiOS 12/Bookworm issue. # FWIW Ubuntu >= 22.10 offers 'systemd-resolved' as a distinct apt package. @@ -10,7 +10,7 @@ # https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#systemd-resolved - name: Install systemd-resolved (or intentionally show red error then continue, if apt package not available) package: - name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm + name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm ignore_errors: yes #shell: apt -y install systemd-resolved || true #when: is_raspbian and os_ver is version('raspbian-12', '>=') From 820ad422399275b5168e509f2cfbcf4e9c8bbd6f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 Oct 2023 09:29:14 -0400 Subject: [PATCH 474/937] calibre-web/README.rst: Remove useless "details above" --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d8f89c591..6b2884065 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -134,7 +134,7 @@ Errors and warnings can be seen if you run:: Log verbosity level can be `adjusted `_ within Calibre-Web's **Configuration > Basic Configuration > Logfile -Configuration** (details above). +Configuration**. Back Up Everything ------------------ From 70a139b643ee25e7489c822a8f20307f3863c08f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 27 Oct 2023 14:31:21 -0400 Subject: [PATCH 475/937] Support Ubuntu 24.04 pre-releases --- vars/default_vars.yml | 1 + vars/ubuntu-2404.yml | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 vars/ubuntu-2404.yml diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 062a2f749..a9845e447 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -775,6 +775,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2404: False is_ubuntu_2310: False is_ubuntu_2304: False is_ubuntu_2210: False diff --git a/vars/ubuntu-2404.yml b/vars/ubuntu-2404.yml new file mode 100644 index 000000000..d5355dcd0 --- /dev/null +++ b/vars/ubuntu-2404.yml @@ -0,0 +1,5 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2404: True From 0c09a2d46de833794294b3721786c7932d15781e Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 27 Oct 2023 19:31:14 -0400 Subject: [PATCH 476/937] Rename ubuntu-2210.yml to ubuntu-2210.yml.unused --- vars/{ubuntu-2210.yml => ubuntu-2210.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{ubuntu-2210.yml => ubuntu-2210.yml.unused} (100%) diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml.unused similarity index 100% rename from vars/ubuntu-2210.yml rename to vars/ubuntu-2210.yml.unused From 19cd6be03d5081a54ba8c46050fe8f571f7c1f82 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 2 Nov 2023 11:31:12 -0400 Subject: [PATCH 477/937] calibre-web/README.rst: http://box/live/stats lists Python deps / versions --- roles/calibre-web/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 6b2884065..584f2d409 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -136,6 +136,8 @@ Log verbosity level can be within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration**. +Finally, http://box/live/stats (Calibre-Web's About page) can be a very useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the version number of each that's installed). + Back Up Everything ------------------ From 6d5c211f929b210cac25da5a32e1d73775914926 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 2 Nov 2023 11:34:33 -0400 Subject: [PATCH 478/937] calibre-web/README.rst: Clean http://box/live/stats explanation --- roles/calibre-web/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 584f2d409..d63a36c5a 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -136,7 +136,9 @@ Log verbosity level can be within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration**. -Finally, http://box/live/stats (Calibre-Web's About page) can be a very useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the version number of each that's installed). +Finally, http://box/live/stats (Calibre-Web's **About** page) can be a very +useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the +version number of each that's installed). Back Up Everything ------------------ From 53a74c77a777eae7aa127edab90d7d73bc201c54 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 2 Nov 2023 11:37:16 -0400 Subject: [PATCH 479/937] calibre-web/README.rst: Link to Calibre-Web wiki (deps) --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d63a36c5a..f947c4a02 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -137,8 +137,8 @@ within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration**. Finally, http://box/live/stats (Calibre-Web's **About** page) can be a very -useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the -version number of each that's installed). +useful list of ~42 `Calibre-Web dependencies `_ +(mostly Python packages, and the version number of each that's installed). Back Up Everything ------------------ From 699adb9c5a5c2a21e17eecb31dd696698f0c52a4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 4 Nov 2023 08:24:39 -0400 Subject: [PATCH 480/937] calibre-web/tasks/install.yml: Full clone for now (community testing) --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index d8f2c6f94..7f778a38f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes - depth: 1 + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From 8def5c98cf101b18ba39389609aacc104d430e21 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 5 Nov 2023 09:44:12 -0500 Subject: [PATCH 481/937] Doc: pipx option to install pkg globally for multi-user access --- scripts/ansible | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 6af471008..78baa8013 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -224,6 +224,8 @@ else # $APT_PATH/apt -y install pipx # Typically adds 50+ packages! # pipx install ansible-core # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible + # Or, to install package globally for multi-user access: (pypa/pipx#754) + # PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install ansible-core # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) # https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi From 402ce97d1dc3cde5cd15868f7c272c95c1ec397d Mon Sep 17 00:00:00 2001 From: root Date: Sun, 5 Nov 2023 12:14:46 -0500 Subject: [PATCH 482/937] Install MySQL/MariaDB on-demand--for MediaWiki, WordPress, Matomo &/or Admin Console --- roles/0-init/tasks/validate_vars.yml | 6 +-- roles/3-base-server/README.rst | 13 +++++- roles/3-base-server/tasks/main.yml | 11 +++-- roles/9-local-addons/tasks/main.yml | 18 ++++++++ roles/matomo/tasks/install.yml | 15 +++++++ roles/mediawiki/tasks/install.yml | 15 +++++++ roles/munin/tasks/install.yml | 5 ++- roles/mysql/tasks/enable-or-disable.yml | 15 +++++++ roles/mysql/tasks/main.yml | 57 +++++++++++-------------- roles/wordpress/tasks/install.yml | 15 +++++++ vars/default_vars.yml | 11 +++-- 11 files changed, 133 insertions(+), 48 deletions(-) create mode 100644 roles/mysql/tasks/enable-or-disable.yml diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f5277d2d9..a369fca5c 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -64,7 +64,7 @@ # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -76,7 +76,7 @@ - admin_console #- nginx # MANDATORY #- apache # Unmaintained - former dependency - #- mysql # MANDATORY + - mysql # Dependency - excluded from _installed check below - squid - cups - samba @@ -155,7 +155,7 @@ that: "{{ item }}_install or {{ item }}_installed is undefined" fail_msg: "DISALLOWED: '{{ item }}_install: False' (e.g. in /etc/iiab/local_vars.yml) WHEN '{{ item }}_installed' is defined (e.g. in /etc/iiab/iiab_state.yml) -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 files especially, and other places variables are defined?" quiet: yes - when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies + when: item != 'mysql' and item != 'postgresql' and item != 'mongodb' and item != 'nodejs' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" - name: 'DISALLOW "XYZ_install: True" if deprecated' diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index e458d7be0..ed80399ba 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -1,10 +1,21 @@ +.. |ss| raw:: html + + + +.. |se| raw:: html + + + +.. |nbsp| unicode:: 0xA0 + :trim: + ==================== 3-base-server README ==================== This 3rd `stage `_ installs base server infra that `Internet-in-a-Box (IIAB) `_ requires, including: -- `MySQL `_ (database underlying many/most user-facing apps). This IIAB role also installs apt package: +- |ss| `MySQL `_ (database underlying many/most user-facing apps). |se| (NEW of 2023-11-05, MySQL / MariaDB is instead installed on demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.) This IIAB role also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX `_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 5e2e7355d..89d0610be 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,10 +3,13 @@ - name: ...IS BEGINNING ===================================== meta: noop -- name: MYSQL + CORE PHP - include_role: - name: mysql - #when: mysql_install +# 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every +# IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, +# MediaWiki, WordPress &/or Admin Console. +# - name: MYSQL + CORE PHP +# include_role: +# name: mysql +# #when: mysql_install # 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles: # diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 075752bec..257797dbd 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -55,6 +55,24 @@ name: pbx when: pbx_install + +- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)' + set_fact: + mysql_install: True + mysql_enabled: True + when: admin_console_install + +- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)' + include_role: + name: mysql + when: admin_console_install + +- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)' + fail: + msg: "Admin Console install cannot proceed, as MySQL / MariaDB is not installed." + when: admin_console_install and mysql_installed is undefined + + - name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini set_fact: df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}" diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index d6f8060a4..1df6c32b4 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,6 +12,21 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "Matomo install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 204fc0c45..e89afdcd9 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,3 +1,18 @@ +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "MediaWiki install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index f6b23e619..3895b7bf9 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -32,7 +32,7 @@ name: "{{ munin_username}}" # Admin password: "{{ munin_password }}" # changeme -- name: If MySQL is enabled, let Munin monitor it +- name: If MySQL is installed, let Munin monitor it copy: src: "{{ item }}" dest: /etc/munin/plugins/ @@ -44,7 +44,8 @@ - /usr/share/munin/plugins/mysql_queries - /usr/share/munin/plugins/mysql_slowqueries - /usr/share/munin/plugins/mysql_threads - when: mysql_enabled + when: mysql_installed + #when: mysql_enabled # RECORD Munin AS INSTALLED diff --git a/roles/mysql/tasks/enable-or-disable.yml b/roles/mysql/tasks/enable-or-disable.yml new file mode 100644 index 000000000..ac06c0c8c --- /dev/null +++ b/roles/mysql/tasks/enable-or-disable.yml @@ -0,0 +1,15 @@ +- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled + systemd: + name: "{{ mysql_service }}" + daemon_reload: yes + state: started + enabled: yes + when: mysql_enabled + +# We had to start MySQL in order to configure it, now turn if off if not enabled +- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled + systemd: + name: "{{ mysql_service }}" + enabled: no + state: stopped + when: not mysql_enabled diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 789d406c1..d91bbce14 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -26,40 +26,33 @@ var: mysql_installed -- name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mysql_installed is undefined +- block: + - name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mysql_installed is undefined -- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled - systemd: - name: "{{ mysql_service }}" - daemon_reload: yes - state: started - enabled: yes - when: mysql_enabled + - include_tasks: enable-or-disable.yml -# We had to start MySQL in order to configure it, now turn if off if not enabled -- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled - systemd: - name: "{{ mysql_service }}" - enabled: no - state: stopped - when: not mysql_enabled + - name: Add 'mysql' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mysql + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: MySQL + - option: description + value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."' + - option: mysql_install + value: "{{ mysql_install }}" + - option: mysql_enabled + value: "{{ mysql_enabled }}" + rescue: -- name: Add 'mysql' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mysql - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: MySQL - - option: description - value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."' - - option: mysql_install - value: "{{ mysql_install }}" - - option: mysql_enabled - value: "{{ mysql_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 38fb08180..fb4aca021 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,6 +12,21 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "WordPress install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a9845e447..4557d815a 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -265,12 +265,11 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER -# 2020-09-24: MySQL / MariaDB is MANDATORY but still evolving - please see: -# https://github.com/iiab/iiab/blob/master/roles/mysql/tasks/install.yml -# https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml -# THESE 2 LEGACY VARS ARE PRESERVED BUT HAVE NO EFFECT: -mysql_install: True -mysql_enabled: True +# 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every +# IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, +# MediaWiki, WordPress &/or Admin Console. BOTH VALUES BELOW INITIALLY IGNORED: +mysql_install: False +mysql_enabled: False mysql_service: mariadb # 2020-09-24: NGINX is MANDATORY but still evolving - please see: From 58d992328455aaa1d4fa17e605af7931028f1708 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 5 Nov 2023 12:53:46 -0500 Subject: [PATCH 483/937] roles/3-base-server/README.rst: Explain MySQL / MariaDB change --- roles/3-base-server/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index ed80399ba..4c03f3f8d 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -15,7 +15,7 @@ This 3rd `stage `_ installs base server infra that `Internet-in-a-Box (IIAB) `_ requires, including: -- |ss| `MySQL `_ (database underlying many/most user-facing apps). |se| (NEW of 2023-11-05, MySQL / MariaDB is instead installed on demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.) This IIAB role also installs apt package: +- |ss| `MySQL `_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX `_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** From 27cc66b87e6f351c5896d393c065e23312b56e06 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 5 Nov 2023 12:58:05 -0500 Subject: [PATCH 484/937] 0-init/tasks/validate_vars.yml: Cleaner ordering of mysql within 45 --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index a369fca5c..3617715dd 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -76,7 +76,6 @@ - admin_console #- nginx # MANDATORY #- apache # Unmaintained - former dependency - - mysql # Dependency - excluded from _installed check below - squid - cups - samba @@ -85,6 +84,7 @@ - gitea - jupyterhub - lokole + - mysql # Dependency - excluded from _installed check below - mediawiki - mosquitto - nodejs # Dependency - excluded from _installed check below From aabfd5de9b48b561629dc250cafd7353a1b1ffb9 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 5 Nov 2023 13:25:52 -0500 Subject: [PATCH 485/937] Move Munin install: 8-mgmt-tools -> 9-local-addons --- roles/8-mgmt-tools/tasks/main.yml | 5 ----- roles/9-local-addons/tasks/main.yml | 7 +++++++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 61ac785ad..8771b66a0 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -23,11 +23,6 @@ name: monit when: monit_install -- name: MUNIN - include_role: - name: munin - when: munin_install - - name: PHPMYADMIN include_role: name: phpmyadmin diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 257797dbd..337a74445 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -73,6 +73,13 @@ when: admin_console_install and mysql_installed is undefined +# 2023-11-05: Moved from Stage 8, as it acts on mysql_installed (that might be set just above!) +- name: MUNIN + include_role: + name: munin + when: munin_install + + - name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini set_fact: df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}" From a10384c9f1ea7ddf98ebe39b8f2576ea0cb41572 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 5 Nov 2023 16:54:48 -0500 Subject: [PATCH 486/937] scripts/ansible: Recommend ansible-core 2.16.0 ETA 2023-11-06 --- scripts/ansible | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 78baa8013..48d337b19 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.5] -GOOD_VER=2.15.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.0] +GOOD_VER=2.16.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.15.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.16 +# https://github.com/ansible/ansible/blob/stable-2.16/changelogs/CHANGELOG-v2.16.rst # https://github.com/ansible/ansible/commits/stable-2.15 # https://github.com/ansible/ansible/blob/stable-2.15/changelogs/CHANGELOG-v2.15.rst # https://github.com/ansible/ansible/commits/stable-2.14 From 11257daf2a80029055e3b94fec997feef25b8b41 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 5 Nov 2023 16:56:30 -0500 Subject: [PATCH 487/937] iiab-install: Set MIN_ANSIBLE_VER=2.14.11 (2.13 EOL on 2023-11-06) --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 3b7811308..bc887d659 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 9f3ca844ff9b979de97c78365256f5f946bd4bf3 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 6 Nov 2023 12:12:51 -0500 Subject: [PATCH 488/937] roles/nextcloud: Install prereq MySQL / MariaDB --- roles/3-base-server/README.rst | 2 +- roles/3-base-server/tasks/main.yml | 2 +- roles/nextcloud/tasks/install.yml | 15 +++++++++++++++ vars/default_vars.yml | 3 ++- 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 4c03f3f8d..579977f55 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -15,7 +15,7 @@ This 3rd `stage `_ installs base server infra that `Internet-in-a-Box (IIAB) `_ requires, including: -- |ss| `MySQL `_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: +- |ss| `MySQL `_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX `_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 89d0610be..96cee56a9 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -5,7 +5,7 @@ # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, WordPress &/or Admin Console. +# MediaWiki, Nextcloud, WordPress &/or Admin Console. # - name: MYSQL + CORE PHP # include_role: # name: mysql diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ce62729c8..f62a080be 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -1,3 +1,18 @@ +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "Nextcloud install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4557d815a..4f89f695a 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -267,7 +267,8 @@ pi_swap_file_size: 1024 # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, WordPress &/or Admin Console. BOTH VALUES BELOW INITIALLY IGNORED: +# MediaWiki, Nextcloud, WordPress &/or Admin Console. SO BOTH VALUES BELOW ARE +# INITIALLY IGNORED: mysql_install: False mysql_enabled: False mysql_service: mariadb From 8d97dd9addfeb9502397889f3a6da82e84227b61 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Nov 2023 12:47:44 -0500 Subject: [PATCH 489/937] nextcloud/tasks/install.yml: Disk space estimates for /library/www/nextcloud --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f62a080be..2eef6290f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -123,7 +123,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~606 MB initially, sometimes ~642 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~607 MB initially, sometimes ~643 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From ba9fa67aaa678581671476aba3626e8ddd2d8bd5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Nov 2023 13:47:34 -0500 Subject: [PATCH 490/937] nextcloud-nginx.conf.j2: Patch both 'oc[ms]-provider' to 'ocs-provider' --- roles/nextcloud/templates/nextcloud-nginx.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 index a1d1a53b3..285c6c8e2 100644 --- a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 +++ b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 @@ -85,7 +85,7 @@ location ^~ {{ nextcloud_url }} { deny all; } - location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { + location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; @@ -102,7 +102,7 @@ location ^~ {{ nextcloud_url }} { fastcgi_request_buffering off; } - location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) { + location ~ ^\/nextcloud\/(?:updater|ocs-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } From 128088ea90e93601b894b22a3ef119f708df1fcc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Nov 2023 13:52:07 -0500 Subject: [PATCH 491/937] Desupport EOL'd Nextcloud 25, a year after its PHP 7 was (also!) EOL'd --- roles/nextcloud/tasks/install.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 2eef6290f..09b72749f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -118,10 +118,12 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" - set_fact: - nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 - when: php_version is version('8.0', '<') +# Nextcloud 25 EOL was 2023-10-01: https://endoflife.date/nextcloud +# https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule#eol-versions +#- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" +# set_fact: +# nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 +# when: php_version is version('8.0', '<') - name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~607 MB initially, sometimes ~643 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: From afbddd16c46bcfd33b7f699191a204be67a0e8f0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Nov 2023 10:07:38 -0500 Subject: [PATCH 492/937] gitea/defaults/main.yml: gitea_version: "1.21" --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index e2311c804..c318acfd7 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: "1.20" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. +gitea_version: "1.21" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 5b7297999b1850d2ba5f1133f32fdfeacd4e548c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Nov 2023 10:12:49 -0500 Subject: [PATCH 493/937] gitea/tasks/install.yml: Mention Gitea 1.21 --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 957da4822..d61aa76c1 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -51,7 +51,7 @@ - name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" - dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.20 + dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.21 mode: 0775 timeout: "{{ download_timeout }}" From acf125f46d3eff3ac7550faeb3d00711d73131a6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Nov 2023 11:43:32 -0500 Subject: [PATCH 494/937] gitea/tasks/install.yml: Doc ~134MB /library/gitea for #3671 --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index d61aa76c1..eed1559f8 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -48,7 +48,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~134 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.21 From c968abc77205649707ae6874e5db833f1ee0e081 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 15:56:45 -0500 Subject: [PATCH 495/937] pbx/default/main.yml: Try Asterisk 21 and FreePBX 17 --- roles/pbx/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 2cc6eece6..f7173c2b3 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,13 +26,13 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-20-current.tar.gz +asterisk_src_file: asterisk-21-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From 5e127a7cd7f2d5e415d2aa7a52b08a1715e90f5d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 16:00:36 -0500 Subject: [PATCH 496/937] default_vars.yml: 'asterisk_rpi_patch: False' safer --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4f89f695a..b7a197cb0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -692,7 +692,7 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False pbx_signaling_ports_chan_sip: 5160:5161 pbx_signaling_ports_chan_pjsip: 5060 From 409dace2e7263040e5ff7135afa3ba63b5f50f88 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 16:38:25 -0500 Subject: [PATCH 497/937] local_vars_unittest.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 9fd0605a6..59c80a0e2 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 01bec789fb9aa139f29408ac4a982c2b6b543584 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 16:39:22 -0500 Subject: [PATCH 498/937] local_vars_small.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_small.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index be689cd52..6765c20d5 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 4ca14a75fcaefc11a2afbc746dcb1a500de16529 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 16:40:05 -0500 Subject: [PATCH 499/937] local_vars_medium.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 829b6fb6c..4ed3e7e3e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 20e42b37224df77b1e243cc1468bc30571d2ccf5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 16:40:51 -0500 Subject: [PATCH 500/937] local_vars_large.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_large.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7b108429f..c679b30f9 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 356c2bd1717b54ac9b83c10cf842d7d71f501e04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 17:05:03 -0500 Subject: [PATCH 501/937] asterisk.yml w/o 'menuselect --enable app_macro' --- roles/pbx/tasks/asterisk.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index bc7638191..f5ce31b26 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -83,8 +83,8 @@ creates: menuselect.makeopts - name: Asterisk - Do a bit of menuselect configuration - command: menuselect/menuselect --enable app_macro --enable format_mp3 menuselect.makeopts - # 2021-08-06: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed? + command: menuselect/menuselect --enable format_mp3 menuselect.makeopts + # 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed? # command: > # menuselect/menuselect --enable app_macro --enable format_mp3 # --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722 From 93b381804ef65e093e2a4378ec2339cd2214b38b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 17:20:23 -0500 Subject: [PATCH 502/937] pbx/tasks/install.yml: Install MySQL / MariaDB --- roles/pbx/tasks/install.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index ef9dea71d..5c49dfa14 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -22,6 +22,21 @@ # when: nodejs_version != "12.x" +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "PBX install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 From cf69b6438d5f8555503b5022de6b93c36683f4f7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 17:26:34 -0500 Subject: [PATCH 503/937] default_vars.yml: Clarify PBX need for MySQL --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b7a197cb0..ea4130c3c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -267,8 +267,8 @@ pi_swap_file_size: 1024 # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, Nextcloud, WordPress &/or Admin Console. SO BOTH VALUES BELOW ARE -# INITIALLY IGNORED: +# MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console. +# SO BOTH VALUES BELOW ARE INITIALLY IGNORED: mysql_install: False mysql_enabled: False mysql_service: mariadb From f2851ad9c4fa03c5945914f1551fabcb3e5570ec Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 17:28:27 -0500 Subject: [PATCH 504/937] 3-base-server: Clarify PBX need for MySQL --- roles/3-base-server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 96cee56a9..efe1c93e2 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -5,7 +5,7 @@ # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, Nextcloud, WordPress &/or Admin Console. +# MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console. # - name: MYSQL + CORE PHP # include_role: # name: mysql From 3d6450a1887b692dffe2486dadb19aab1c789aa1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 17:42:53 -0500 Subject: [PATCH 505/937] pbx/tasks/asterisk.yml: Clarify 7 (not 6) --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index f5ce31b26..1721d69d2 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -84,7 +84,7 @@ - name: Asterisk - Do a bit of menuselect configuration command: menuselect/menuselect --enable format_mp3 menuselect.makeopts - # 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed? + # 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 7 others (BELOW) aren't needed? # command: > # menuselect/menuselect --enable app_macro --enable format_mp3 # --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722 From de1f5ed44ab0ce6f1c3c442f226d660ff9006650 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 Nov 2023 17:47:30 -0500 Subject: [PATCH 506/937] 3-base-server/README.rst: Clarify PBX needs MySQL --- roles/3-base-server/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 579977f55..1f22db3a2 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -15,7 +15,7 @@ This 3rd `stage `_ installs base server infra that `Internet-in-a-Box (IIAB) `_ requires, including: -- |ss| `MySQL `_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: +- |ss| `MySQL `_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX `_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** From 022569fc612d5bc0614d0c67e0095c73f6793076 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Nov 2023 01:29:16 -0500 Subject: [PATCH 507/937] Revert to 'freepbx_git_branch: release/16.0' for now --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f7173c2b3..c93a9781a 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -32,7 +32,7 @@ asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From e9655ad79801f8ea50c4ddf64fee252897a4f6e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Nov 2023 01:57:32 -0500 Subject: [PATCH 508/937] Revert to 'asterisk_src_file: asterisk-20-current.tar.gz' for now --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index c93a9781a..2cc6eece6 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,7 +26,7 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-21-current.tar.gz +asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From c82709eaba75d972c412fcc84de461695fdc62ba Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Nov 2023 02:24:28 -0500 Subject: [PATCH 509/937] README.adoc: Comment out PR #3523 & var `asterisk_rpi_patch` --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a9c8b3087..727118015 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -61,12 +61,14 @@ If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/ph nginx_high_php_limits: True ---- + +//// As of April 2023 (https://github.com/iiab/iiab/pull/3523[PR #3523]) IIAB will patch Asterisk automatically (https://github.com/asterisk/asterisk/pull/32[PR asterisk/asterisk#32]) so it can be run experimentally on Raspberry Pi, so long as you keep this default settings: + ---- asterisk_rpi_patch: True ---- + +//// Optionally, you may want to enable https://github.com/wdoekes/asterisk-chan-dongle[chan_dongle], which is a channel driver for Huawei UMTS cards (e.g. 3G USB dongles) allowing regular voice calls over GSM mobile networks. You will need to configure a dongle post-install, for it to be recognized properly: + ---- From f2fd0fda9a461d59a7072f356a410a55d1b25ce2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Nov 2023 02:33:15 -0500 Subject: [PATCH 510/937] pbx/defaults/main.yml: Try Asterisk 21 and FreePBX 17 --- roles/pbx/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 2cc6eece6..f7173c2b3 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,13 +26,13 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-20-current.tar.gz +asterisk_src_file: asterisk-21-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From 7b1b6eca723da732352ea4bed4d3b3f1dce190d0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Nov 2023 14:52:17 -0500 Subject: [PATCH 511/937] README.rst: Transmission 4.1 ETA early 2024 --- roles/transmission/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 7e68d1325..944f3883f 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -24,7 +24,7 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ `_ as you install it, which unfortunately can take most of an hour. -Thankfully `Transmission 4.1+ `_ should once again install quickly, starting sometime soon in 2024 (`#5585 `_, `PR #5866 `_). +Thankfully `Transmission 4.1+ `_ should once again install quickly, starting sometime soon in early 2024 (`#5585 `_, `PR #5866 `_). Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml `_ prior to installing. From a3c7955b1b6a0b3d63bceac95b94e51bd31a063a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Nov 2023 15:01:07 -0500 Subject: [PATCH 512/937] remoteit/README.md: Link to their pricing --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 43395bdc7..051d3b7f5 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [July 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From 13467a8b92160b3924c3522e554424d71884d92a Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Nov 2023 16:44:29 -0500 Subject: [PATCH 513/937] Calibre-Web prereqs for audio/video + set app.db log to /var/log/calibre-web.log --- roles/calibre-web/files/app.db | Bin 94208 -> 126976 bytes roles/calibre-web/tasks/enable-or-disable.yml | 18 +++++++++++++++++- roles/calibre-web/tasks/install.yml | 15 ++++++++++++--- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/files/app.db b/roles/calibre-web/files/app.db index 31a8b716a1427cd61610ed5f5c68253fe452aea8..01c0f038338a22ada9d7caaceb4b65880e84d183 100644 GIT binary patch delta 3325 zcmcgu+i%;}8Rt>#h_<6LUg9c=4Dm96F9Wva4=CUSnD;Vt*jpd_(moZ)(}3=!0}2EK2CO?|ElR$m=w3$X z2t42UeILL3`96Hv{o%{-lfnLJf*^+R>cZ;`Ui==D9GE6Px);2NfbiFaEXA z`*QRn;ym#+LH+!VwaDk^{@nLP@2`4(M?MZeIQzHmt?o=$A@nh5V!$u1;32CU;h~FUmL0FqApllnlwUBEG*0x^7HiV!cX(7vnzBNsuptp zxB%XAzv2OX@b`DXXTUSAxYwNjO{qIdtP}Xhf=9$-yjXCD`jmP`J=<%p_Wu6d#c*_J z2>hjb@YW=lAO}ZkP*DW~TGobc$^sgpmu*wgDhxg1^3!0jafBr4T3M+GstgUmLT3F` z#*#16QXZfZJu|;jm?{(l-Ai1CV^gU_qQuaLI4lO4g1u#6`0`wSb{6xr@r^dJ;>)%5 zD$+{yo#lnLM@ri}p1ectB&aH)i3G<{T^bj!8^acu?LP(emz=%}`!LapM!3byC)McYp5n- zJsg|~f-c@i5_adI#ixFtiVR0o%3DWNX>02kst#qLteZ6$xVn+=P{7`_nGGZwOj+a@ zS(m)E$<(TKMmHRbk;Df~Ed`m1QpWEX3hQ_;G6qg(y;5OR#b>WEz9LLb7Zv8dQDNYN z4Q9=*sf>KT&RF#dQ!`SGrz<{bY$WkE$&^(nF@`BIx@=?NS;mmPkC<2hsxYQq_L!Xx z4>_75=`s?^ii$K?!=XK1$6lZ;X${GaiUiAsI7qhQ0XvJP;Z=Mo6d_OJ|;o{T$4ERpzHDp5>+E5Uo zRCSEgbvdkKzbQ4mu4L${B5j=nv+d*wI#^B71nlvOm+dFqlj{gjz@a%_8ox$*GW z3w{LtvDoInu+CWDn@^ANOMoJipvKR)^-8s#nGiJ8~S??oGURO&$EYQOSGH zg!)0IxKPR8&8nO4EA?D_J-wcpg2g-Xv?@;4t@?XKU7KHDim%+`oa)l#2bp_CQPLLe zyEDa~*-J8uQXAFyWMWI==M&ECJ(ycftSc+4D@Ji?d>lL>i0vK7m)R`ja&e9m<#>uu zuyH=s;H5Ycb7fiP_;Nzzho9ocjI{q-i@DwIG5=GG>FOmT_^t=kCP8iPH#Mr!>;~OL z&u)av@RBTx2{|L86oMR|DnkjTS)R}GQnt)x`4pc`=TMqWWD;qZ;Sz|=WRi)LoJ1Km zo62xfCMiLb5YtIEmE>6#u?V3w6j2Vcaw1uVskF#*lMH>ap~M?>d{=n&4O{?G+4S^CK-2U)hJ|HQw)z;&b<-(c5o z?=%U}Pedc3=1ipj%pvya)8SfZd*?abMgJh&M+54eH>#0hWVp}lo9UzXo4tLZkwN#< zTi_bWdH2u{N3M9g8#jj@#x94W0|Vf3+J>TvyhCqYoh%meD+PKbKQUXNuY08H^r-vg zIJi0KwdvLcHkwJr7+=GH!g7fiW9ljj#uTR27Frm_t-T8_tEzvQw}_)$jIk6MiO>}4 z3fgG3CFc0N5HKWT_)JrfEZDGOwa5(i67D|7h;CvETy@89fuZ+3;dm^wZ9KnO{)EK% zW2COBTY|NQ)H<^KnX+xb>io>oYJnd0Oph_Goo{z6MzEL8MhnAkEeS5o*=x8>YTmHO z2Csv=Z$`t>;bHJ_+jnws5WHMD;_iU#{*}X{C9XEb-Vzi!@Ce=8<4tXW#d!biIM7M) zM#Z)T7-AwzR~_$0JVI{Wyq&zQ+f5dr-9z8TnXoc5S8(T3V9>2)!9}6v0#A)tZ>%}@ zW;i-F26ktB1B0m?N5Q*NtrLXHM+`o3>>KV5<-iSBO@mwc=EOia`u5vkcPhwI96`U& Yd#TxazjQ=u=Sd*&Limu+)pB6rzoLm6iU0rr delta 748 zcmZ8f&ubG=5Z>8My4$szx1o)Tjlpf9Hj!4-ScR5KyNOF18aHihJ@isH?W07KP05dn z6`^Ymy@(h*>|dY<1tBdo7e(n^#e;_)gj_sGa}Ww8P*C5lqz4BE-uJ!ln_-68YOq@k z_jAA3Pf?UavK?Y|=xVp0x;%N{CKR9(`@@G$c0qiKJUya7AdQwNWTK^-siCm}8c|Y! z76dQd-6@cmF5_a!$WP&%p2+3aHwDM_HsxZq{}>8$Dp$nAXum)rs9m_o;- zMHA5+?6#78<5G(f=?zMFhrXa!!o9AIGe7vByoYZ-?)yL*UTCb{6ej&d6%v* zRWt2Et&Z)&p`0fZ`Rz)C(JY>$-mbQYJ3 zxL_w8OR36&DlaI}geu#N^>qv+Yv&OBQJL>FGAs8DJ%{BxN-8#^q=MH+LqmjjW<4cG zB4LLuxJcw41ORJn>wwg z9P3;Y&W{pTPA`=UczGpnl(12fqse4KRWw_&ij53jT`uWs#dcB0xzz+8V|U-a2^Xwd z69O7Ri&}hsQI&)3k(};r(wWC$Vl!%NRu2BxHLl6Q@Q^$b3h|*q#+p5ZJ}zRf%QZ;b z=;8oF?u4^%$37Sr(@S|ag^8}W /library/calibre-web (WIP) + shell: | + if [ -f {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf ]; then + cat {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf >> {{ nginx_conf_dir }}/calibre-web-nginx.conf + ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web + fi + when: calibreweb_enabled + + - name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf file: - path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d + path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" state: absent when: not calibreweb_enabled +- name: If disabling, also remove symlink /library/www/html/calibre-web (WIP) + file: + path: "{{ doc_root }}/calibre-web" # /library/www/html + state: absent + when: not calibreweb_enabled + + - name: Restart 'nginx' systemd service systemd: name: nginx diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7f778a38f..7f6644980 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,10 +3,9 @@ register: df1 -- name: "Install packages: ffmpeg, imagemagick, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - - ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved! - imagemagick - python3-netifaces state: present @@ -57,7 +56,17 @@ dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing - version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 + version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 + +- name: If Calibre-Web is being enhanced with audio/video "books" too, install additional prereqs (CAN TAKE 3+ MINUTES, WIP) + shell: | + if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then + apt install ffmpeg pipx -y + pipx install xklb + ln -s /root/.local/bin/lb /usr/local/bin/lb + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper + chmod a+x /usr/local/bin/lb-wrapper + fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} pip: From 4714b06d119bc0e3eb4f6cddbdfcb9db465fd330 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Nov 2023 21:27:41 -0500 Subject: [PATCH 514/937] calibre-web/tasks/install.yml: Better xklb & yt-dlp symlinks --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7f6644980..453a7f8bd 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -63,7 +63,8 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y pipx install xklb - ln -s /root/.local/bin/lb /usr/local/bin/lb + ln -sf /root/.local/bin/lb /usr/local/bin/lb + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper chmod a+x /usr/local/bin/lb-wrapper fi From e705ad6cd454701a48aa805879bb5ceeeacb4e37 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Dec 2023 13:25:48 -0500 Subject: [PATCH 515/937] calibre-web/defaults/main.yml: Set 'calibreweb_venv_wipe: True' --- roles/calibre-web/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 250deeaf6..4512e4e53 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -17,6 +17,7 @@ calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 +calibreweb_venv_wipe: True calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" From 02471e9402efcce1658c01d2c57c1596651bacc4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Dec 2023 14:21:30 -0500 Subject: [PATCH 516/937] calibre-web/tasks/install.yml: Enact calibreweb_venv_wipe & clone as nec --- roles/calibre-web/tasks/install.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 453a7f8bd..4f6ce8f65 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -27,10 +27,16 @@ line: ' ' state: present -- name: Remove previous virtual environment {{ calibreweb_venv_path }} +- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" file: path: "{{ calibreweb_venv_path }}" state: absent + when: calibreweb_venv_wipe + +- name: Does {{ calibreweb_venv_path }} exist? + stat: + path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + register: calibreweb_venv - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: @@ -41,7 +47,7 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + - "{{ calibreweb_venv_path }}" # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -50,13 +56,14 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 + when: not calibreweb_venv.stat.exists - name: If Calibre-Web is being enhanced with audio/video "books" too, install additional prereqs (CAN TAKE 3+ MINUTES, WIP) shell: | From da785cb8c4f7c027f1a6a0b001ec4d183128acd7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Dec 2023 14:24:45 -0500 Subject: [PATCH 517/937] New default 'calibreweb_venv_wipe: False' for TDD! --- roles/calibre-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 4512e4e53..1ae41bef8 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -17,7 +17,7 @@ calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 -calibreweb_venv_wipe: True +calibreweb_venv_wipe: False # 2024-12-04: NEW default TDD (Test-Driven Dev!) calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" From 5feecc022ec59c4bdfd8515a935d8c7df6cc20c0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Dec 2023 15:06:18 -0500 Subject: [PATCH 518/937] calibre-web/tasks/install.yml: Auto-upgrade xklb & yt-dlp for TDD --- roles/calibre-web/tasks/install.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 4f6ce8f65..5bc947a99 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,13 +65,17 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install additional prereqs (CAN TAKE 3+ MINUTES, WIP) +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs (CAN TAKE 3+ MINUTES, WIP) shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y - pipx install xklb - ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if lb --version; then + pipx upgrade --include-injected xklb + else + pipx install xklb + ln -sf /root/.local/bin/lb /usr/local/bin/lb + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper chmod a+x /usr/local/bin/lb-wrapper fi From 47da9a9cbaaf1983a2f1e269ac6cd3396adaa456 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Dec 2023 15:28:58 -0500 Subject: [PATCH 519/937] calibre-web/defaults/main.yml: Fix typo "2023-12-04" --- roles/calibre-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 1ae41bef8..d4b2765a4 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -17,7 +17,7 @@ calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 -calibreweb_venv_wipe: False # 2024-12-04: NEW default TDD (Test-Driven Dev!) +calibreweb_venv_wipe: False # 2023-12-04: NEW default TDD (Test-Driven Dev!) calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" From a546c5132aef0f7a661a18b34e21327a6267527e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Dec 2023 16:54:05 -0500 Subject: [PATCH 520/937] Recommend ansible-core 2.16.1 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 48d337b19..0caaaef87 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.0] -GOOD_VER=2.16.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.1] +GOOD_VER=2.16.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From af9597d5b25e4f2b7322e830ffb0f856a71e8283 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Dec 2023 17:11:07 -0500 Subject: [PATCH 521/937] iiab-install: Set MIN_ANSIBLE_VER=2.14.12 (2.13 EOL on 2023-11-06) --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index bc887d659..e09527224 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 9f00b7b41b69efe80641944b2b24c0dbee393c8e Mon Sep 17 00:00:00 2001 From: root Date: Mon, 4 Dec 2023 18:01:55 -0500 Subject: [PATCH 522/937] validate_vars.yml: ansible-core 2.16.1 req 'loop' not 'with_items' w/ 'assert' templating --- roles/0-init/tasks/validate_vars.yml | 42 ++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 3617715dd..383f911a3 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -158,20 +158,38 @@ when: item != 'mysql' and item != 'postgresql' and item != 'mongodb' and item != 'nodejs' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" + +- name: Set vars_deprecated_list for 4+ vars ("XYZ_install") to be checked + set_fact: + vars_deprecated_list: + - dhcpd # Deprecated + - named # Deprecated + - wondershaper # Deprecated + - dansguardian # Deprecated + #- xo_services # Unmaintained + #- activity_server # Unmaintained + #- ejabberd_xs # Unmaintained + #- idmgr # Unmaintained + #- dokuwiki # Unmaintained + #- ejabberd # Unmaintained + #- elgg # Unmaintained + - name: 'DISALLOW "XYZ_install: True" if deprecated' assert: that: "{{ item }}_install is undefined or not {{ item }}_install" fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" quiet: yes - with_items: - - dhcpd # Deprecated - - named # Deprecated - - wondershaper # Deprecated - - dansguardian # Deprecated - #- xo_services # Unmaintained - #- activity_server # Unmaintained - #- ejabberd_xs # Unmaintained - #- idmgr # Unmaintained - #- dokuwiki # Unmaintained - #- ejabberd # Unmaintained - #- elgg # Unmaintained + loop: "{{ vars_deprecated_list }}" + # 2023-12-04: ansible-core 2.16.1 suddenly no longer allows 'assert' with + # 'with_items' below (whereas 'loop' construct above works!) BACKGROUND: + # + # 'due to mitigation of security issue CVE-2023-5764 in ansible-core 2.16.1, + # conditional expressions with embedded template blocks can fail with the + # message “Conditional is marked as unsafe, and cannot be evaluated.”' + # https://docs.ansible.com/ansible-core/2.16/porting_guides/porting_guide_core_2.16.html#playbook + # + # with_items: + # - dhcpd # Deprecated + # - named # Deprecated + # - wondershaper # Deprecated + # - dansguardian # Deprecated From a6bafe833a017db2e5e0c5b50039d12104410f35 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 5 Dec 2023 16:51:13 -0500 Subject: [PATCH 523/937] enable-or-disable.yml: Avoid NGINX symlink /library/www/html/calibre-web --- roles/calibre-web/tasks/enable-or-disable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/enable-or-disable.yml b/roles/calibre-web/tasks/enable-or-disable.yml index c15fda0da..493703dc7 100644 --- a/roles/calibre-web/tasks/enable-or-disable.yml +++ b/roles/calibre-web/tasks/enable-or-disable.yml @@ -27,7 +27,8 @@ shell: | if [ -f {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf ]; then cat {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf >> {{ nginx_conf_dir }}/calibre-web-nginx.conf - ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web + # 2023-12-05: Not needed as a result of PR iiab/calibre-web#57 + # ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web fi when: calibreweb_enabled From c2a1ad2e4685b446a7bb9f95d9cc02112dd22e0e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Dec 2023 22:59:18 -0500 Subject: [PATCH 524/937] Install /usr/local/bin/lb-wrapper.greedy for Calibre-Web testing --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5bc947a99..65d4ac69d 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -76,8 +76,8 @@ ln -sf /root/.local/bin/lb /usr/local/bin/lb ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi - cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper - chmod a+x /usr/local/bin/lb-wrapper + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ + chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From 1972f4763c54d7888676a8746a5af86dd98744ce Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Dec 2023 16:01:11 -0500 Subject: [PATCH 525/937] Recommend ansible-core 2.16.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0caaaef87..0a268c480 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.1] -GOOD_VER=2.16.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.2] +GOOD_VER=2.16.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 9bcbee3202b5596aba94cc757f23824d9f520185 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Dec 2023 16:02:51 -0500 Subject: [PATCH 526/937] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.13 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index e09527224..7b8738c4d 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From a4f9cba1bb7038bfa57ce77229a9397f1ce8f633 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 15 Dec 2023 16:58:17 -0500 Subject: [PATCH 527/937] nextcloud/tasks/install.yml: Mention Nextcloud 28.0.0 size/space --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 09b72749f..f8d47c6f5 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -125,7 +125,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~607 MB initially, sometimes ~643 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~652 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From c4738b007ed360a9f17fab9f9de231ce3943ffc3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 16 Dec 2023 00:29:08 -0500 Subject: [PATCH 528/937] nextcloud/tasks/install.yml: Clarify install & upgrade realities --- roles/nextcloud/tasks/install.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f8d47c6f5..963045f4e 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -61,12 +61,15 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. -# 2023-03-21 & 2023-06-15: Check latest required AND recommended prereqs below. -# e.g. Nextcloud 26 now works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0 +# December 2023: Check latest required AND recommended prereqs below! +# e.g. Nextcloud 26 works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0; Nextcloud 28 works with PHP 8.3 # https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/26/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html +# https://docs.nextcloud.com/server/28/admin_manual/installation/ +# 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN +# gets badly stuck if its web-based upgrade process is attempted :/ +# https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From d70b36533508632b6b166ca096a17f5002ae55f3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 16 Dec 2023 15:31:10 -0500 Subject: [PATCH 529/937] transmission/tasks/install.yml: Warn about 60+ min compile --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 20dc9a5f2..ae3c8cd72 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -37,7 +37,7 @@ force: yes # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - - name: Compile, install & remove detritus (CAN TAKE 50 MINUTES OR MORE ON A RASPBERRY PI 4!) + - name: Compile, install & remove detritus (CAN TAKE 60+ MINUTES ON RASPBERRY PI 4!) shell: | cd /opt/iiab/transmission git submodule update --init --recursive From c90c85acafd3f461b47b89b7051f7acb640555c7 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 Dec 2023 23:51:24 -0500 Subject: [PATCH 530/937] Use Wayland compositor's ~/.config/wayfire.ini to show pop-ups & browser on boot --- roles/iiab-admin/tasks/pwd-warnings.yml | 36 ++++++++-------- ...-iiab.sh.j2 => iiab-pwdwarn-profile.sh.j2} | 0 ...xde-iiab.sh.j2 => iiab-pwdwarn-wayfire.j2} | 0 roles/network/tasks/install.yml | 2 +- roles/network/tasks/netwarn.yml | 29 ++++++------- .../netwarn/{netwarn => iiab-netwarn} | 10 +++-- .../netwarn/netwarn-iiab-network.desktop | 2 +- roles/www_options/tasks/main.yml | 42 +++++++++++-------- 8 files changed, 67 insertions(+), 54 deletions(-) rename roles/iiab-admin/templates/{sshpwd-profile-iiab.sh.j2 => iiab-pwdwarn-profile.sh.j2} (100%) rename roles/iiab-admin/templates/{sshpwd-lxde-iiab.sh.j2 => iiab-pwdwarn-wayfire.j2} (100%) rename roles/network/templates/netwarn/{netwarn => iiab-netwarn} (72%) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index e63c8841b..c052c270c 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -2,34 +2,36 @@ # AND roles/network/tasks/netwarn.yml FOR iiab-network -- name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default +- name: Install /etc/profile.d/iiab-pwdwarn-profile.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default template: - src: sshpwd-profile-iiab.sh.j2 - dest: /etc/profile.d/sshpwd-profile-iiab.sh + src: iiab-pwdwarn-profile.sh.j2 + dest: /etc/profile.d/iiab-pwdwarn-profile.sh mode: '0644' -- name: Is /etc/xdg/lxsession/LXDE-pi a directory? +- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: - path: /etc/xdg/lxsession/LXDE-pi - register: lx + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini + register: wayfire_ini -- name: "If so, install from template: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh" +- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-wayfire" template: - src: sshpwd-lxde-iiab.sh.j2 - dest: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh + src: iiab-pwdwarn-wayfire.j2 + dest: /usr/local/sbin/iiab-pwdwarn-wayfire mode: '0755' - when: lx.stat.isdir is defined and lx.stat.isdir # and is_raspbian + when: wayfire_ini.stat.exists -# 2019-03-07: This popup (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) does +# 2019-03-07: This pop-up (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) did # not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop # (or pprompt.desktop as Raspbian has working since 2018-11-13!) Too bad as it -# would be really nice to standardize this popup across Ubermix & all distros.. +# would be really nice to standardize pop-ups across Ubermix & all distros... # Is this a permissions/security issue presumably? Official autostart spec is: # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /etc/xdg/lxsession/LXDE-pi/autostart to trigger popups - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - line: "@/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh" - when: lx.stat.isdir is defined and lx.stat.isdir # and is_raspbian +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger pop-ups + ini_file: + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin + section: autostart + option: iiab-pwdwarn-wayfire + value: /usr/local/sbin/iiab-pwdwarn-wayfire + when: wayfire_ini.stat.exists diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-profile.sh.j2 similarity index 100% rename from roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-profile.sh.j2 diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 similarity index 100% rename from roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index df473eae1..680b95233 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -99,7 +99,7 @@ - roles/network/templates/gateway/iiab-internet-on # Invoked by 1-prep (so full path needed) - roles/network/templates/gateway/iiab-internet-off # Invoked by 1-prep (so full path needed) -- name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' +- name: 'Install /usr/local/sbin/iiab-netwarn for pop-ups on boot, if iiab-network should be run' include_tasks: roles/network/tasks/netwarn.yml # Invoked by 1-prep (so full path needed) diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index c1f687e28..2ce6aaac0 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -1,21 +1,22 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/www_options/tasks/main.yml FOR browser -# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/netwarn but for -# ssh sessions (across all OS's/distros/window managers) might also make sense? +# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/iiab-netwarn but for +# shell / ssh logins (across all OS's/distros/window managers) might also make sense? -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? +- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_pi_autostart_present + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini + register: wayfire_ini -- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/local/sbin/netwarn$' - line: '/usr/local/sbin/netwarn' - when: lxde_pi_autostart_present.stat.exists +- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/wayfire.ini + ini_file: + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin + section: autostart + option: iiab-netwarn + value: /usr/local/sbin/iiab-netwarn + when: wayfire_ini.stat.exists # mate desktop detection based on 'register: nd_dir' in enable_services @@ -39,9 +40,9 @@ # (Let's insert those here if so, and refine the 'when:' line below.) -- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn' +- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/iiab-netwarn' template: - src: roles/network/templates/netwarn/netwarn # Invoked by 1-prep (so full path needed) + src: roles/network/templates/netwarn/iiab-netwarn # Invoked by 1-prep (so full path needed) dest: /usr/local/sbin/ mode: 0755 - when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir) + when: wayfire_ini.stat.exists or (mate_dir.stat.exists and mate_dir.stat.isdir) diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/iiab-netwarn similarity index 72% rename from roles/network/templates/netwarn/netwarn rename to roles/network/templates/netwarn/iiab-netwarn index a8f7a7916..617310646 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -1,8 +1,12 @@ #!/bin/bash -# CONFUSING BUT FYI: Commands below run *strictly sequentially* when this -# script (/usr/local/sbin/netwarn) is invoked by autostart during OS boot. -# This allows return codes to be meaningful, at each successive step. +# CONFUSING BUT FYI: Steps below run *strictly sequentially* when this script +# (/usr/local/sbin/iiab-netwarn) is run on boot, triggered by either autostart: +# https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html +# ...or by Wayland compositor Wayfire's ~/.config/wayfire.ini for RasPiOS 12+: +# https://github.com/WayfireWM/wayfire/wiki/Configuration#autostart +# +# This allows return codes ($rc) to be meaningful, at each successive step. # (As of July 2022, this is tested to work well with Ubuntu Mate and "Raspberry # Pi OS with desktop" on Raspberry Pi 4!) # diff --git a/roles/network/templates/netwarn/netwarn-iiab-network.desktop b/roles/network/templates/netwarn/netwarn-iiab-network.desktop index 35547ee41..f109f88b0 100644 --- a/roles/network/templates/netwarn/netwarn-iiab-network.desktop +++ b/roles/network/templates/netwarn/netwarn-iiab-network.desktop @@ -4,7 +4,7 @@ Comment[en_US]=iiab-network Name[en_CA]=iiab-network Comment[en_CA]=iiab-network Type=Application -Exec=/usr/local/sbin/netwarn +Exec=/usr/local/sbin/iiab-netwarn Hidden=false Name=iiab-network Comment=iiab-network diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index d41607982..1d5b642e0 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,29 +31,35 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) +- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_pi_autostart_present + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini + register: wayfire_ini -- name: Does /usr/bin/chromium exist? (check for browser filename change) +- name: Does /usr/bin/chromium-browser exist? stat: - path: /usr/bin/chromium - register: chromium_present + path: /usr/bin/chromium-browser + register: chromium_browser -- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium-browser' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: lxde_pi_autostart_present.stat.exists and not chromium_present.stat.exists +# - name: Does /usr/bin/chromium exist? (check for browser filename change) +# stat: +# path: /usr/bin/chromium +# register: chromium_present -- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium --disable-restore-session-state http://box/home' - when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists +- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini + ini_file: + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin + section: autostart + option: chromium-browser + value: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: wayfire_ini.stat.exists and chromium_browser.stat.exists + +# - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart +# lineinfile: +# path: /etc/xdg/lxsession/LXDE-pi/autostart +# regexp: '^/usr/bin/chromium' +# line: '/usr/bin/chromium --disable-restore-session-state http://box/home' +# when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists # 2022-12-29: php-settings.yml is ALSO attempted (on demand) by every From 16ef96f0f5e5a6d9e83bc76a1a216f1ad569ee43 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Dec 2023 00:42:18 -0500 Subject: [PATCH 531/937] nextcloud/tasks/install.yml: Clarify 655MB /library/www/nextcloud --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 963045f4e..a25dd59c1 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -128,7 +128,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~652 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~655 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 73f0fa6ff84d6007339d88a2aa5eb4d2d6c3f6e1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Dec 2023 07:16:59 -0500 Subject: [PATCH 532/937] Update iiab-netwarn explanation for PR #3685 --- roles/network/templates/netwarn/iiab-netwarn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/netwarn/iiab-netwarn b/roles/network/templates/netwarn/iiab-netwarn index 617310646..b20d18fc6 100755 --- a/roles/network/templates/netwarn/iiab-netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -11,8 +11,8 @@ # Pi OS with desktop" on Raspberry Pi 4!) # # IN CONTRAST: return codes below are NOT MEANINGFUL when this script is -# invoked from a regularly graphical desktop session -- so make sure to test -# during an actual OS boot-up, with autostart! +# invoked manually after boot from a regular graphical desktop session -- so +# make sure to test (either kind of) "autostart" during actual OS boot-up! if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then exit From 017e55a70aa450aca780b003b54de0de10fa9d7e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Dec 2023 12:29:53 -0500 Subject: [PATCH 533/937] moodle/tasks/install.yml: Update URL for cron doc --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index eb6ec62d5..19e53b9cc 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -174,7 +174,7 @@ # 2021-11-19: Resolves Moodle error https://github.com/iiab/iiab/issues/3024 - name: Set cron job to run /opt/iiab/moodle/admin/cli/cron.php every minute (* * * * *) in /var/spool/cron/crontabs/www-data -- per https://docs.moodle.org/310/en/Cron cron: - name: https://docs.moodle.org/310/en/Cron + name: https://docs.moodle.org/en/Cron user: www-data job: "/usr/bin/php /opt/iiab/moodle/admin/cli/cron.php >/dev/null" From 1a8fd72df684e35cf6a55a6a9c080f03bbdb14c9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Dec 2023 12:33:35 -0500 Subject: [PATCH 534/937] moodle/tasks/install.yml: Link to CLI upgrade instructions --- roles/moodle/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 19e53b9cc..343a8eb29 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -6,6 +6,9 @@ # 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini # (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) +# 2023-12-17: Upgrade instructions via CLI +# https://docs.moodle.org/en/Administration_via_command_line + - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: From a7b58da07944230d55f88a3d9f4473aee073407c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Dec 2023 12:40:23 -0500 Subject: [PATCH 535/937] moodle/tasks/install.yml: Concrete CLI upgrade example --- roles/moodle/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 343a8eb29..af1c25f81 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -8,6 +8,12 @@ # 2023-12-17: Upgrade instructions via CLI # https://docs.moodle.org/en/Administration_via_command_line +# +# cd /opt/iiab/moodle +# sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable +# git pull +# sudo -u www-data /usr/bin/php admin/cli/upgrade.php +# sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" From b0f1cccd372342f5a56678ac3ed25e7fbd2d01e1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Dec 2023 12:56:54 -0500 Subject: [PATCH 536/937] moodle/tasks/install.yml: Fix CLI upgrade example --- roles/moodle/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index af1c25f81..d9d25867f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -9,9 +9,10 @@ # 2023-12-17: Upgrade instructions via CLI # https://docs.moodle.org/en/Administration_via_command_line # +# EXAMPLE: # cd /opt/iiab/moodle # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull +# git pull https://github.com/moodle/moodle MOODLE_403_STABLE # sudo -u www-data /usr/bin/php admin/cli/upgrade.php # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From f8155c23afa0cf66590205bf47d983e1d6140efa Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Dec 2023 13:45:55 -0500 Subject: [PATCH 537/937] moodle/tasks/install.yml: Refine Moodle CLI upgrade tips --- roles/moodle/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index d9d25867f..4b2709c3e 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -11,8 +11,9 @@ # # EXAMPLE: # cd /opt/iiab/moodle +# cp -p config.php ~/config.php.MOODLE_BKP # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull https://github.com/moodle/moodle MOODLE_403_STABLE +# git pull # OR IF NEC: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # OR RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . # sudo -u www-data /usr/bin/php admin/cli/upgrade.php # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From b5d3a7658a7e5f1c6ef37a330fdfac59a4718222 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Dec 2023 15:11:01 -0500 Subject: [PATCH 538/937] moodle/tasks/install.yml: Clarify 'git pull' options for CLI upgrade --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4b2709c3e..f59be7a47 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -13,7 +13,7 @@ # cd /opt/iiab/moodle # cp -p config.php ~/config.php.MOODLE_BKP # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull # OR IF NEC: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # OR RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . +# git pull # Might fail due to original clone with '--depth 1' ? So this too may fail: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # IF SO, RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . # sudo -u www-data /usr/bin/php admin/cli/upgrade.php # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From 120a5701b9965e17c0533a9d424faaa7763640f7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Dec 2023 13:22:22 -0500 Subject: [PATCH 539/937] 1-prep/templates/iiab-expand-rootfs: Clarify partition shrinking/expanding --- roles/1-prep/templates/iiab-expand-rootfs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index f6c75b46e..89d2bd552 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -8,10 +8,16 @@ # Verifies that rootfs is the last partition. +# RELATED: +# 1. https://github.com/iiab/iiab-factory/blob/master/box/rpi/min-sd +# 2. https://github.com/iiab/iiab-factory/blob/master/box/rpi/cp-sd +# 3. https://github.com/iiab/iiab-factory/blob/master/box/rpi/xz-json-sd +# OR https://github.com/iiab/iiab-factory/blob/master/box/rpi/exp-sd + if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then echo "$0: Expanding rootfs partition" - if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS + if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS -- WARNING: their fdisk-centric approach of course FAILS with "Hybrid MBR" or GPT partition tables, as required by any drive > 2TB :/ # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config # 2023-10-05: Official new RPi instructions: @@ -35,7 +41,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then fi # Expand partition - growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? + growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk (assuming MBR). They really should transition to gdisk, as required by any drive > 2TB. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? rc=$? # Make Return Code visible, for 'bash -x' resize2fs $ROOT_PART rc=$? # Make RC visible (as above) From d46d5d12d799eadcd87bd7fb7bf2d3e57017a1a2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Dec 2023 10:31:13 -0500 Subject: [PATCH 540/937] moodle/tasks/install.yml: Clarify CLI-based Moodle upgrade tips --- roles/moodle/tasks/install.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index f59be7a47..7a33421ae 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -11,10 +11,13 @@ # # EXAMPLE: # cd /opt/iiab/moodle -# cp -p config.php ~/config.php.MOODLE_BKP # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull # Might fail due to original clone with '--depth 1' ? So this too may fail: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # IF SO, RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . -# sudo -u www-data /usr/bin/php admin/cli/upgrade.php +# cd /opt/iiab +# mv moodle moodle.bkp +# git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 # As a regular 'git pull' will likely fail, due to original clone's '--depth 1' -- but no worries: total clone download is just ~100 MB, which expands to ~400 MB +# cp moodle.bkp/config.php moodle/ +# cd moodle +# sudo -u www-data /usr/bin/php admin/cli/upgrade.php # Or later log in to Moodle, to complete the upgrade (i.e. click "Continue" 4-5 times) # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From a7ed9f7dcd152b185944ce24d14ba1805f1820f2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Dec 2023 11:28:38 -0500 Subject: [PATCH 541/937] www_options/tasks/php-settings.yml: Set 2 vars to 10000M when nginx_high_php_limits or moodle_install or nextcloud_install --- roles/www_options/tasks/php-settings.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 3cdd2b887..46955cf16 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -52,7 +52,7 @@ # And in the past it used: .../apache2/php.ini -- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -66,7 +66,7 @@ - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -81,28 +81,28 @@ when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install or nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } From d4846589eaf8411788a6b3c3bf47bbabd3501713 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Dec 2023 13:55:43 -0500 Subject: [PATCH 542/937] mediawiki/defaults/main.yml: New version 1.41.0 --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index ddad4f10c..77a233ac1 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 1 +mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 2261c6c9f0bf0efedb0a2225d76296f9ea2b771f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Dec 2023 05:17:45 -0500 Subject: [PATCH 543/937] nextcloud/tasks/install.yml: Clarify need for manual upgrade --- roles/nextcloud/tasks/install.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index a25dd59c1..0aafe7426 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -67,9 +67,12 @@ # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html # https://docs.nextcloud.com/server/28/admin_manual/installation/ + # 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN -# gets badly stuck if its web-based upgrade process is attempted :/ +# gets badly stuck (PHP timeouts, leading to FALSE instructions erroneously +# asking tou to wait) if its web-based upgrade process is attempted :/ # https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html + - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From f8748e12fb05e4edd3b26c8b38cb3fa59336398a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Dec 2023 08:40:02 -0500 Subject: [PATCH 544/937] pbx/README.adoc: Sadly PHP 7.4 still required --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 727118015..a69906f01 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,9 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of December 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) — this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) — sadly this remains true in December 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From efc3b2fa87003bf07f7e672d919dd775e069e605 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Dec 2023 09:49:58 -0500 Subject: [PATCH 545/937] nextcloud/tasks/install.yml: Typo in CLI upgrade tips --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0aafe7426..d82f040bb 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -70,7 +70,7 @@ # 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN # gets badly stuck (PHP timeouts, leading to FALSE instructions erroneously -# asking tou to wait) if its web-based upgrade process is attempted :/ +# asking you to wait) if its web-based upgrade process is attempted :/ # https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) From edc08173b3a1d7555bb4bed199df39f0bd3f2a9e Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Dec 2023 10:01:33 -0500 Subject: [PATCH 546/937] iiab-admin/tasks/pwd-warnings.yml: Clarify ~/.config/wayfire.ini --- roles/iiab-admin/tasks/pwd-warnings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index c052c270c..46d091bec 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -28,7 +28,7 @@ # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger pop-ups +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger iiab-pwdwarn-wayfire (& pop-up as nec) ini_file: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin section: autostart From 4c8baa3b170a584e92a15691ce557b60b8fa9420 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Dec 2023 15:25:44 -0500 Subject: [PATCH 547/937] calibre-web/README.rst --- roles/calibre-web/README.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index f947c4a02..f9993ae65 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,6 +25,10 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! +**NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web `_ +**then you can also add YouTube and Vimeo videos (ETC!) to your community's or +family's learning library!** + .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg 🍒 GURU TIPS 🍒 From a120f79ed54766c1ac56d933b1f4f4db8852366d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Dec 2023 15:29:49 -0500 Subject: [PATCH 548/937] calibre-web/README.rst: Link to new IIAB's DIY Video Library --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index f9993ae65..9aa3992ab 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -26,7 +26,7 @@ Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! **NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web `_ -**then you can also add YouTube and Vimeo videos (ETC!) to your community's or +**then you can also add YouTube and Vimeo videos (ETC) to your community's or family's learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 4ed99abf6e55746b05ab484ee4883e52e608a9d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Dec 2023 17:27:42 -0500 Subject: [PATCH 549/937] calibre-web/README.rst: Grammar fix --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9aa3992ab..807eba1b8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -26,7 +26,7 @@ Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! **NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web `_ -**then you can also add YouTube and Vimeo videos (ETC) to your community's or +**then you can also add YouTube and Vimeo videos (ETC) to your community or family's learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 1b4456377770ab0f9693a2787a1c52eb22841303 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 24 Dec 2023 09:05:30 -0500 Subject: [PATCH 550/937] calibre-web/tasks/install.yml: Disk footprints for /usr/local/calibre-web-py3 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 65d4ac69d..30e7bc288 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From 7b7e17491fa9bfa0216d83ecfc3bebeee827a6fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 27 Dec 2023 07:47:36 -0500 Subject: [PATCH 551/937] transmission/README.rst: Clarify we compile 4.0.5+ --- roles/transmission/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 944f3883f..9907c63d8 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -22,7 +22,7 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t 2023 Caution ------------ -In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ `_ as you install it, which unfortunately can take most of an hour. +In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.5+ `_ as you install it, which unfortunately can take most of an hour. Thankfully `Transmission 4.1+ `_ should once again install quickly, starting sometime soon in early 2024 (`#5585 `_, `PR #5866 `_). From 624827ea15abda5d35412519e3705c96a2170ffb Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Dec 2023 19:05:09 -0500 Subject: [PATCH 552/937] calibre-web/tasks/install.yml: Fix yt-dlp pipx path --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 30e7bc288..75474a33c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -74,7 +74,7 @@ else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy From a06ec8c88ef28d49ac638c6e62ee5cca26b11347 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 31 Dec 2023 19:25:04 -0500 Subject: [PATCH 553/937] transmission/README.rst: Transmission 4.x Preview (Optional) --- roles/transmission/README.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 9907c63d8..727197b56 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -19,14 +19,14 @@ Transmission is intended to download content like KA Lite to Internet-in-a-Box ( For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO -2023 Caution ------------- +Transmission 4.x Preview (Optional) +----------------------------------- -In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.5+ `_ as you install it, which unfortunately can take most of an hour. +2023-12-31: To make the `latest Transmission features `_ available to you, Internet-in-a-Box can compile the very latest (above and beyond `Transmission 4.x+ official releases `_). Just note this can take most of an hour, and is not without risk! -Thankfully `Transmission 4.1+ `_ should once again install quickly, starting sometime soon in early 2024 (`#5585 `_, `PR #5866 `_). +If you decide you want this, set ``transmission_compile_latest: True`` in `/etc/iiab/local_vars.yml `_ prior to installing Transmission, as explained below. -Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml `_ prior to installing. +NOTE: Later in 2024, fast auto-installation of `Transmission 4.1+ `_ should once again hopefully become mainline (`#5585 `_, `PR #5866 `_) just as in recent years with Transmission 3.0 (originally from May, 2020). .. Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") From 16d21c9d2d2cf7114c23d3a1ac34f1d37994cd3c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 31 Dec 2023 19:29:24 -0500 Subject: [PATCH 554/937] Change default to 'transmission_compile_latest: False' --- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 96fd188d4..ab6c3211b 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -1,7 +1,7 @@ # Transmission is a BitTorrent downloader for large Content Packs etc # transmission_install: False # transmission_enabled: False -# transmission_compile_latest: True +# transmission_compile_latest: False # transmission_username: Admin # transmission_password: changeme diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bfdd2eee3..bbfee1525 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -544,7 +544,7 @@ sugarizer_port: 8089 # Transmission is a BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False -transmission_compile_latest: True +transmission_compile_latest: False transmission_username: Admin transmission_password: changeme diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index d5e014e61..9059d9ca0 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -321,7 +321,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 21ba95409..dcf291dd1 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -321,7 +321,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 2df6b1655..88c2c2a89 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -321,7 +321,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 07367888e..5b82be988 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -321,7 +321,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: From ff3b23376b13c41eb4529a237415f183f6a30785 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 31 Dec 2023 20:23:44 -0500 Subject: [PATCH 555/937] Desupport Bullseye (Debian 11, RasPiOS 11) & Ubuntu 23.04 --- scripts/local_facts.fact | 10 +++++----- vars/{debian-11.yml => debian-11.yml.unused} | 0 vars/default_vars.yml | 12 ++++++------ vars/{raspbian-11.yml => raspbian-11.yml.unused} | 0 vars/{ubuntu-2304.yml => ubuntu-2304.yml.unused} | 0 5 files changed, 11 insertions(+), 11 deletions(-) rename vars/{debian-11.yml => debian-11.yml.unused} (100%) rename vars/{raspbian-11.yml => raspbian-11.yml.unused} (100%) rename vars/{ubuntu-2304.yml => ubuntu-2304.yml.unused} (100%) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index aab8e81a2..24a3f044e 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -63,6 +63,7 @@ OS_VER="$OS-$VERSION_ID" #"debian-8" | \ #"debian-9" | \ #"debian-10" | \ + #"debian-11" | \ #"ubuntu-16" | \ #"ubuntu-17" | \ #"ubuntu-18" | \ @@ -71,24 +72,23 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2104" | \ #"ubuntu-2110" | \ #"ubuntu-2210" | \ + #"ubuntu-2304" | \ #"linuxmint-20" | \ #"raspbian-8" | \ #"raspbian-9" | \ #"raspbian-10" | \ + #"raspbian-11" | \ -# 2021-09-27: With Debian 12 (Bookworm) pre-releases, please manually add -# this line to its /etc/os-release before installing IIAB: VERSION_ID="12" +# 2023-12-31: With Debian 13 (Trixie) pre-releases, please manually add +# this line to its /etc/os-release before installing IIAB: VERSION_ID="13" case $OS_VER in - "debian-11" | \ "debian-12" | \ "debian-13" | \ "ubuntu-2204" | \ - "ubuntu-2304" | \ "ubuntu-2310" | \ "ubuntu-2404" | \ "linuxmint-21" | \ - "raspbian-11" | \ "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install diff --git a/vars/debian-11.yml b/vars/debian-11.yml.unused similarity index 100% rename from vars/debian-11.yml rename to vars/debian-11.yml.unused diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bbfee1525..3654e2eee 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -777,12 +777,12 @@ is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS is_ubuntu: False # Covers: Ubuntu, Linux Mint is_ubuntu_2404: False is_ubuntu_2310: False -is_ubuntu_2304: False -is_ubuntu_2210: False +#is_ubuntu_2304: False +#is_ubuntu_2210: False is_ubuntu_2204: False #is_ubuntu_2110: False #is_ubuntu_2104: False -is_ubuntu_2004: False +#is_ubuntu_2004: False #is_ubuntu_19: False #is_ubuntu_18: False #is_ubuntu_17: False @@ -790,19 +790,19 @@ is_ubuntu_2004: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_21: False -is_linuxmint_20: False +#is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) is_debian_13: False is_debian_12: False -is_debian_11: False +#is_debian_11: False #is_debian_10: False #is_debian_9: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) is_raspbian_12: False -is_raspbian_11: False +#is_raspbian_11: False #is_raspbian_10: False #is_raspbian_9: False #is_raspbian_8: False diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml.unused similarity index 100% rename from vars/raspbian-11.yml rename to vars/raspbian-11.yml.unused diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml.unused similarity index 100% rename from vars/ubuntu-2304.yml rename to vars/ubuntu-2304.yml.unused From 3dd3d868ad94bd063caccb26dbb26398cb774c9a Mon Sep 17 00:00:00 2001 From: root Date: Sun, 31 Dec 2023 21:00:11 -0500 Subject: [PATCH 556/937] kalite/tasks/install.yml: Tough aging vars is_debian_11, is_ubuntu_2204 --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 7df40364d..bcf667d43 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -22,7 +22,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_debian_11 or is_ubuntu_2204 # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: (is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204) # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. @@ -37,7 +37,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: not ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 From 0b53b959211c47faff96aa4e35698aa4755d5ebf Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 31 Dec 2023 21:19:22 -0500 Subject: [PATCH 557/937] matomo/tasks/install.yml: "Download and Extract (~3 min)" --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 1df6c32b4..7de697f49 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -67,7 +67,7 @@ priv: "{{ matomo_db_name }}.*:ALL" #login_unix_socket: /var/run/mysqld/mysqld.sock -- name: Download and Extract Matomo (~1 min) +- name: Download and Extract Matomo (~3 min) unarchive: src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz dest: "{{ matomo_path }}" # e.g. /library/www From fcb17974136eada8f4843d6d031e2ccdb844a330 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 31 Dec 2023 21:39:27 -0500 Subject: [PATCH 558/937] LICENSING.md: Update date --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index 53bc9d1ef..33776a06e 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2022, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2024, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From aba3cde8e46dc605f5f73834e3f1205f939bc586 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 31 Dec 2023 22:56:48 -0500 Subject: [PATCH 559/937] default_vars.yml: Launch 8.2 release cycle --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3654e2eee..ff422e820 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.1 +iiab_base_ver: 8.2 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From ebf35d9680a633f4ddc39962b4aedef12e5859ad Mon Sep 17 00:00:00 2001 From: root Date: Sun, 31 Dec 2023 23:37:51 -0500 Subject: [PATCH 560/937] Calibre-Web w/ experimental support for video/audio/images --- roles/calibre-web/README.rst | 6 +++--- roles/calibre-web/defaults/main.yml | 2 +- roles/calibre-web/tasks/install.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 807eba1b8..a31e0b5ff 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,9 +25,9 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! -**NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web `_ -**then you can also add YouTube and Vimeo videos (ETC) to your community or -family's learning library!** +**NEW AS OF JANUARY 2024: `IIAB's experimental new version of Calibre-Web `_ +**also lets you add YouTube and Vimeo videos (and local videos, e.g. from +teachers' phones) for indigenous/local/family learning libraries!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index d4b2765a4..3e99725a9 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -14,7 +14,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -calibreweb_repo_url: https://github.com/janeczku/calibre-web +calibreweb_repo_url: https://github.com/iiab/calibre-web # Or use upstream: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 calibreweb_venv_wipe: False # 2023-12-04: NEW default TDD (Test-Driven Dev!) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 75474a33c..51968b469 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -58,7 +58,7 @@ - name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: - repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web + repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing From 7887e4f8cb9ceb575b4ef16bc7698f8dd4224e42 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 31 Dec 2023 23:57:58 -0500 Subject: [PATCH 561/937] Touch up calibre-web/README.rst --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index a31e0b5ff..42162c818 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,9 +25,9 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! -**NEW AS OF JANUARY 2024: `IIAB's experimental new version of Calibre-Web `_ +**NEW AS OF JANUARY 2024:** `IIAB's experimental new version of Calibre-Web `_ **also lets you add YouTube and Vimeo videos (and local videos, e.g. from -teachers' phones) for indigenous/local/family learning libraries!** +teachers' phones) to expand your indigenous/local/family learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 71220324f3b1e1947b82bac00e67f2dd6d2f2efa Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 1 Jan 2024 13:09:15 -0500 Subject: [PATCH 562/937] default_vars.yml: Install/enable Calibre-Web --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ff422e820..a2d202156 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -654,8 +654,8 @@ minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }} minetest_flat_world: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) From 0cbbd09db8bd2d80e5f54621fa6d432982cc56aa Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 1 Jan 2024 13:09:56 -0500 Subject: [PATCH 563/937] local_vars_small.yml: Install/enable Calibre-Web --- vars/local_vars_small.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 88c2c2a89..c55fb4cc7 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -393,8 +393,8 @@ minetest_install: False minetest_enabled: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) From 40c2c71f521d431d395a84cfe2ada2abaf45a2c2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Jan 2024 23:23:15 -0500 Subject: [PATCH 564/937] calibre-web/tasks/install.yml: lb-wrapper.greedy gone! --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 51968b469..6a960b1b0 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -76,8 +76,8 @@ ln -sf /root/.local/bin/lb /usr/local/bin/lb ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi - cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ - chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ + chmod a+x /usr/local/bin/lb-wrapper fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From cc9d791f6caa2c6b65e35ff6673035c1acb41fd0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Jan 2024 23:30:05 -0500 Subject: [PATCH 565/937] calibre-web/tasks/install.yml: Link to wiki explanation --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 6a960b1b0..4a68ae34f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,7 +65,7 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs (CAN TAKE 3+ MINUTES, WIP) +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y From 9570f8d117139d42d9cf40be2ac3240909c0bb97 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Jan 2024 23:38:21 -0500 Subject: [PATCH 566/937] calibre-web/tasks/install.yml: Clarify wiki for PR #3696 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 4a68ae34f..5f055d3e7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,7 +65,7 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- https://github.com/iiab/calibre-web/wiki +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y From 1c432530620d35df300ea41e76017b67292dee79 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jan 2024 14:20:40 -0500 Subject: [PATCH 567/937] iiab-diagnostics: Show Calibre-Web "version" i.e. ~50 recent commits --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index adbaa73ea..dc758a42a 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -228,6 +228,7 @@ cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' +cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From fea5f9ccba3a79f00a8e2035fbfa877ac5fec77a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jan 2024 14:31:32 -0500 Subject: [PATCH 568/937] iiab-diagnostics: Add 3 more "log files" for Calibre-Web --- scripts/iiab-diagnostics | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index dc758a42a..d499f541a 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,9 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'journalctl -u calibre-web | tail -50' 'Calibre-Web systemd log' +cat_tail /var/log/calibre-web.log 100 +cat_tail /var/log/xklb.log 100 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From bed26162cf2b2531ad7c19616cd79fd4329dff42 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jan 2024 14:37:00 -0500 Subject: [PATCH 569/937] iiab-diagnostics: Also include 'systemctl status calibre-web' --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d499f541a..f1a9881f1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,7 +229,8 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' -cat_cmd 'journalctl -u calibre-web | tail -50' 'Calibre-Web systemd log' +cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' +cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 cat_tail /var/log/xklb.log 100 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' From d932684a115671147408e0f1f6bf4c9f54f2d382 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jan 2024 18:12:15 -0500 Subject: [PATCH 570/937] iiab-diagnostics.README.md: Fix line number for PR #3697 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 7216e8feb..e2b0aef85 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-254 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 5a443993000371a9dea05479cfd91689f7f69c81 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Jan 2024 12:23:57 -0500 Subject: [PATCH 571/937] Update pbx/README.adoc w/ latest FreePBX 17 BETA tips / warning --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a69906f01..d4f831847 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,9 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of December 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) — sadly this remains true in December 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 4ae5991cb3c36398c655469a2f4730b86d739193 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Jan 2024 12:36:02 -0500 Subject: [PATCH 572/937] pbx/README.adoc: WARN re: PHP 7 danger & unsupported/old OS's --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index d4f831847..41d57eb96 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 524709f31a37574917c0c7f1139237e8b84238b9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 14 Jan 2024 23:55:38 -0500 Subject: [PATCH 573/937] iiab-diagnostics: 300 last lines of xklb.log for now --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f1a9881f1..2c11b25d2 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -232,7 +232,7 @@ cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | h cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 -cat_tail /var/log/xklb.log 100 +cat_tail /var/log/xklb.log 300 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From 595de4e7f235ecd1f2b22aa94d33e986b5c4077f Mon Sep 17 00:00:00 2001 From: root Date: Thu, 18 Jan 2024 22:35:58 -0500 Subject: [PATCH 574/937] Update (almost 10!) Calibre-Web app.db defaults --- roles/calibre-web/files/app.db | Bin 126976 -> 126976 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/roles/calibre-web/files/app.db b/roles/calibre-web/files/app.db index 01c0f038338a22ada9d7caaceb4b65880e84d183..3183544da1e04b9e5cb998dcbc2ea954dbfc8e9e 100644 GIT binary patch delta 659 zcmZ{g!Hd&S5QpC+scqc0uSHPA6>G)ILc+_-%WGZ{c7rF+)#IW`HeriN8*GsUS-L?y zc(a1`DtqwaDeED4T2CH5>|N=9V7ev7lpCQRm|hq%em5A6 zTfN;N3R{#C$~0nVhG-GmHF%d8x?m>ntadtGX6u{^L1_$2UFElqo5Z?r`JTosv+#Ld zpb28z8ez=mgn7cU{C|ALiqGmYu5&>m@38@8imMILvFqqkv3PuH|be5r(P6@Y#aUGV7>XiP* zH2?gp)1|by!R`?2D1lZE1WH6HqgpvjPpi_i$FuV>TmvcJh@k;8e3kQC1NaP5eUYUR z&i5wpoUGw}B-L|N&v7qH-_>b)8Jg(Qrj*{PHRTJnqM8+FC+-hMVG4v@>LiNw}RO1M^cfcyq!bi7cVWOMF0Q* delta 195 zcmZp8z~1nHeS$Qj$3z)tRu2Zfq6HgM7UXYcY50@BXoA3|4=e&e_Fw(&j0TLX1}q#5 zyc`=F|M4)jmQLr)Wt3-R+^(6+D8R_X#IW5akMSJi#>PDU?G^Qmod(;a Date: Sat, 20 Jan 2024 13:45:17 -0500 Subject: [PATCH 575/937] iiab-diagnostics: Pipe everything thru 'cat -v' so control chars visible --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 2c11b25d2..4a56837e5 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -49,11 +49,11 @@ function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail elif [ $# -eq 1 ]; then echo >> $outfile # Redact (mask) most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/*, /etc/NetworkManager/system-connections/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') - cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' "$1" | iconv -t UTF-8//IGNORE | cat -v >> $outfile else # e.g. last 100 lines, maximum echo " ...ITS LAST $2 LINES FOLLOW..." >> $outfile echo >> $outfile - tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE | cat -v >> $outfile fi echo >> $outfile elif [ -h "$1" ]; then From bd340aa6735af1054c6e3b47b4288a19508e29a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 20 Jan 2024 14:53:24 -0500 Subject: [PATCH 576/937] iiab-diagnostics: sudo git log for Calibre-Web version --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 4a56837e5..0b979fcd3 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -228,7 +228,7 @@ cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' -cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorate | head -50' 'Calibre-Web version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 From 961acf9454c77165d19303819528c96494ab1364 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Sun, 21 Jan 2024 10:46:33 -0500 Subject: [PATCH 577/937] another auto install of a pet project --- vars/local_vars_none.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 871068689..6b3876fe8 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -11,3 +11,5 @@ awstats_enabled: False matomo_install: False matomo_enabled: False captiveportal_install: False +calibreweb_install: False +calibreweb_enabled: False From 6776c1d4a56da74766fdebf6332e1f9173a421d3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 29 Jan 2024 15:57:24 -0500 Subject: [PATCH 578/937] Recommend ansible-core 2.16.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0a268c480..3ef87dddd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.2] -GOOD_VER=2.16.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.3] +GOOD_VER=2.16.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From a852541ad4400322b7a984957347013a1033fa6e Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 9 Feb 2024 08:48:23 -0500 Subject: [PATCH 579/937] 1-prep/tasks/hardware.yml: Comment out "NUC6" WiFi driver --- roles/1-prep/tasks/hardware.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 89efd2453..52ef34a97 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -7,17 +7,18 @@ when: first_run and rpi_model != "none" -- name: Check if the identifier for Intel's NUC6 built-in WiFi is present - shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" - register: usb_NUC6 - ignore_errors: True - -- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 - get_url: - url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages - dest: /lib/firmware - timeout: "{{ download_timeout }}" - when: usb_NUC6.stdout|int > 0 +# 2024-02-09: Code below appears stale for Shanti's #3707 hardware +#- name: Check if the identifier for Intel's NUC6 built-in WiFi is present +# shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" +# register: usb_NUC6 +# ignore_errors: True +# +#- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 +# get_url: +# url: "{{ iiab_download_url }}/Old/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages +# dest: /lib/firmware +# timeout: "{{ download_timeout }}" +# when: usb_NUC6.stdout|int > 0 - name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5" From 3455b6b848a951c82aee4b072c197aa437424db1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Feb 2024 16:48:30 -0500 Subject: [PATCH 580/937] kolibri/tasks/main.yml: New pre-release option (kolibri-deb-next) --- roles/kolibri/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index d1529fb60..9d0f786af 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,8 +26,10 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2022-07-30: UNCOMMENT THE FOLLOWING LINE TO TEST A PARTICULAR .deb INSTALL +# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +# 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 +# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next # 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release: # https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb # From efc9705b1ab10ab217cb6eebbbd36cb4cc2cfb13 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 16:19:27 -0500 Subject: [PATCH 581/937] 2 ugly hacks for FreePBX 17: ignore 'install -n' error code & bypass 'fwconsole reload' --- roles/pbx/tasks/freepbx.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 8ca2cd83f..6564a26fe 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -256,15 +256,17 @@ args: chdir: "{{ freepbx_src_dir }}" #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx + ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 of 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 - name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!) command: fwconsole ma downloadinstall framework -# ERROR IF RUN BELOW: "Unable to connect to remote asterisk" -- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 - command: fwconsole reload +# 2024-02-25: UGLY / TEMPORARY WORKAROUND #2 OF 2, to bypass... 'In DialplanHooks.class.php line 163: Undefined array key "DialplanHooks"' -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 +## ERROR IF RUN BELOW: "Unable to connect to remote asterisk" +#- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +# command: fwconsole reload # DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 # YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 From 7c24fcc69536d3c475750b2f7421c5740903cb39 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 16:21:20 -0500 Subject: [PATCH 582/937] freepbx.yml: Consistent uppercase, documenting 2 hack/workarounds --- roles/pbx/tasks/freepbx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 6564a26fe..d472e9610 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -256,7 +256,7 @@ args: chdir: "{{ freepbx_src_dir }}" #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx - ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 of 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 + ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 OF 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 From 98d51224040af179f372f28f12e3b08b031eaf07 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 17:23:31 -0500 Subject: [PATCH 583/937] 18+1 FreePBX modules appear unchanged since May 2022 --- roles/pbx/tasks/freepbx.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index d472e9610..1bba7773c 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -270,7 +270,8 @@ # DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 # YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 -- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! +# NOTHING CHANGED (?) FEB 2024: https://github.com/iiab/iiab/pull/3675#issuecomment-1963081323 +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-17.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail From 65d6f9255e1acc0f8d2b2d95bb7d44f4d5bc6c1b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 17:26:27 -0500 Subject: [PATCH 584/937] WARNING: FreePBX 17.0 branch is still in flux! --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f7173c2b3..f0cb38124 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -32,7 +32,7 @@ asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # STILL IN FLUX AS OF FEB 2024: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From b5f3f44e96d3a6bc79df95b4f69534ef5c9584f8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 18:03:58 -0500 Subject: [PATCH 585/937] pbx/README.adoc: Require PHP 8.x (desupport EOL'd PHP 7.4!) --- roles/pbx/README.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 41d57eb96..7c040d3f3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,11 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required. +//// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* +//// //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From e6bf0ef177214b42f4674a29e828a34121505a28 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 18:05:49 -0500 Subject: [PATCH 586/937] pbx/README.adoc: Link to PR #3675 (Asterisk 21 & FreePBX 17) --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7c040d3f3..d99f0df82 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required. +As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* From 7991d486143da462e38eb09109ebbb657ae7a5d4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:10:47 -0500 Subject: [PATCH 587/937] default_vars.yml: Update PBX tips --- vars/default_vars.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a2d202156..912a83de3 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -684,7 +684,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 731829f199a6f4455c8975b2f433f755a223257f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:11:25 -0500 Subject: [PATCH 588/937] local_vars_unittest.yml: Update PBX tips --- vars/local_vars_unittest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 5b82be988..19c47ca74 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 586364bd8921629789f4c95a4c16804deb90053b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:12:04 -0500 Subject: [PATCH 589/937] local_vars_small.yml: Update PBX tips --- vars/local_vars_small.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index c55fb4cc7..a366e2863 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 5320b4e89164288963cb838747d1a9ee12920ff8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:12:43 -0500 Subject: [PATCH 590/937] local_vars_medium.yml: Update PBX tips --- vars/local_vars_medium.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index dcf291dd1..aa142dcc9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From ddfc2b003a998a4766979aff0d62d08ef139ddad Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:13:27 -0500 Subject: [PATCH 591/937] local_vars_large.yml: Update PBX tips --- vars/local_vars_large.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 9059d9ca0..3903530ed 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 7a6ca9673879022cb962a8b949a5fbc88537c8e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Feb 2024 09:36:24 -0500 Subject: [PATCH 592/937] runrole: Clarify/correct local_vars.yml warning --- runrole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runrole b/runrole index ad1387e2c..4e8657208 100755 --- a/runrole +++ b/runrole @@ -39,7 +39,7 @@ fi mkdir -p /etc/iiab # -p avoids errors, effectively like '|| true' if [ ! -f /etc/iiab/local_vars.yml ]; then - echo -e "\n\e[1mEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 + echo -e "\n\e[1mEXITING: /opt/iiab/iiab/runrole REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 From c3e7b4c10402a73d3cebfc35166e24e2975421e0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Feb 2024 16:53:58 -0500 Subject: [PATCH 593/937] Recommend ansible-core 2.16.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 3ef87dddd..898d57599 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.3] -GOOD_VER=2.16.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.4] +GOOD_VER=2.16.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 918758fbe9292ab50e1e966e0cff8752f72a14df Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 00:52:48 -0600 Subject: [PATCH 594/937] U2404 python2 --- scripts/U2404_python2.sh | 45 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 scripts/U2404_python2.sh diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh new file mode 100644 index 000000000..7721ccf01 --- /dev/null +++ b/scripts/U2404_python2.sh @@ -0,0 +1,45 @@ +!/bin/bash +export DEBIAN_FRONTEND=noninteractive + +cat << EOF > /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe +EOF + +apt update + +apt -y --allow-downgrades install python3.11=3.11.0~rc1-1~22.04 python3.11-minimal=3.11.0~rc1-1~22.04 libpython3.11-stdlib=3.11.0~rc1-1~22.04 libpython3.11-minimal=3.11.0~rc1-1~22.04 +apt-mark hold python3.11 python3.11-minimal libpython3.11-stdlib libpython3.11-minimal + +apt -y --allow-downgrades install python3-platformdirs=2.5.1-1 +apt-mark hold python3-platformdirs + +apt -y install python2 +apt -y install python2-pip-whl python2-setuptools-whl + +apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 +apt-mark hold python3-pip-whl + +apt -y --allow-downgrades install python3-virtualenv=20.13.0+ds-2 +apt-mark hold python3-virtualenv + +apt -y --allow-downgrades install virtualenv=20.13.0+ds-2 +apt-mark hold virtualenv + +virtualenv --always-copy --pip 20.3.4 --setuptools 44.1.1 --no-wheel -p python2.7 /usr/local/kalite/venv + +cd /usr/local/kalite/venv +source bin/activate +bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir +deactivate + +apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` +apt-mark unhold `apt-mark showhold` + +rm /etc/apt/sources.list.d/python2.list + +apt -y remove libmpdec3 python3-pip python3-wheel + +apt update +apt -y upgrade + From 3ae591a035a3877c7742c87e3de4a00a10d9fc8d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 00:55:09 -0600 Subject: [PATCH 595/937] U2404 python2 --- roles/kalite/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index bcf667d43..e2f44897b 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -48,6 +48,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" + when: ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) @@ -60,6 +61,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) + +- name: Use scripts/U2404_python2.sh to install python2 and virtualenv + command: "{{ iiab_dir }}/scripts/U2404_python2.sh" + when: (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: From 5fc495259539049c52bf61f41c0407200852ba22 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 01:28:11 -0600 Subject: [PATCH 596/937] U2404 python2 role --- scripts/U2404_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index 7721ccf01..9c6f6e4b1 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -1,4 +1,4 @@ -!/bin/bash +#!/bin/bash export DEBIAN_FRONTEND=noninteractive cat << EOF > /etc/apt/sources.list.d/python2.list From a737c8c05aad5eda76012a2ae422c732377315f3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 01:41:57 -0600 Subject: [PATCH 597/937] leave python2 packages --- scripts/U2404_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index 9c6f6e4b1..e9559cb85 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -33,7 +33,7 @@ source bin/activate bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate -apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` +#apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` apt-mark unhold `apt-mark showhold` rm /etc/apt/sources.list.d/python2.list From 66eb9862ee678d57fffcc69d21a02b6930396c84 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 01:46:43 -0600 Subject: [PATCH 598/937] exec bit not set in git --- roles/kalite/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index e2f44897b..c3a48ccb0 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -64,7 +64,7 @@ when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: Use scripts/U2404_python2.sh to install python2 and virtualenv - command: "{{ iiab_dir }}/scripts/U2404_python2.sh" + command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" when: (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" From f871683c2db3c1718d53bcc1b13fbc99e954bc41 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 5 Mar 2024 05:02:18 -0600 Subject: [PATCH 599/937] conditionals --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index c3a48ccb0..0954d0925 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -48,7 +48,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) @@ -65,7 +65,7 @@ - name: Use scripts/U2404_python2.sh to install python2 and virtualenv command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" - when: (is_ubuntu_2404 is defined and is_ubuntu_2404) + when: is_ubuntu_2404 is defined and is_ubuntu_2404 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: From 6819123fed4eec333613b999eb15c5ea70e33e46 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 5 Mar 2024 21:06:59 -0600 Subject: [PATCH 600/937] no compilers --- scripts/U2404_python2.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index e9559cb85..ea26a3640 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -20,6 +20,9 @@ apt -y install python2-pip-whl python2-setuptools-whl apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 apt-mark hold python3-pip-whl +apt -y --no-install-recommends install python3-pip=22.0.2+dfsg-1 +apt-mark hold python3-pip + apt -y --allow-downgrades install python3-virtualenv=20.13.0+ds-2 apt-mark hold python3-virtualenv From 73e94abe3f93240c1f1c5a8847ba71a2f7c4fd9b Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Mar 2024 13:26:47 -0500 Subject: [PATCH 601/937] Touch-ups for: scripts/install_python2_kalite-venv_u2404.sh --- roles/kalite/tasks/install.yml | 4 ++-- ...{U2404_python2.sh => install_python2_kalite-venv_u2404.sh} | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) rename scripts/{U2404_python2.sh => install_python2_kalite-venv_u2404.sh} (95%) mode change 100644 => 100755 diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 0954d0925..51350ec10 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -63,8 +63,8 @@ extra_args: "--no-cache-dir" when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) -- name: Use scripts/U2404_python2.sh to install python2 and virtualenv - command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" +- name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 + command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" when: is_ubuntu_2404 is defined and is_ubuntu_2404 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" diff --git a/scripts/U2404_python2.sh b/scripts/install_python2_kalite-venv_u2404.sh old mode 100644 new mode 100755 similarity index 95% rename from scripts/U2404_python2.sh rename to scripts/install_python2_kalite-venv_u2404.sh index ea26a3640..0841704df --- a/scripts/U2404_python2.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -33,7 +33,7 @@ virtualenv --always-copy --pip 20.3.4 --setuptools 44.1.1 --no-wheel -p python2. cd /usr/local/kalite/venv source bin/activate -bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir +bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate #apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` @@ -45,4 +45,3 @@ apt -y remove libmpdec3 python3-pip python3-wheel apt update apt -y upgrade - From f8fe9f0af9833d89fcf871634f716609b1e59aaa Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Mar 2024 19:57:05 -0500 Subject: [PATCH 602/937] Refine scripts/install_python2_kalite-venv_u2404.sh --- scripts/install_python2_kalite-venv_u2404.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2_kalite-venv_u2404.sh b/scripts/install_python2_kalite-venv_u2404.sh index 0841704df..1371b4b05 100755 --- a/scripts/install_python2_kalite-venv_u2404.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -14,8 +14,7 @@ apt-mark hold python3.11 python3.11-minimal libpython3.11-stdlib libpython3.11-m apt -y --allow-downgrades install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs -apt -y install python2 -apt -y install python2-pip-whl python2-setuptools-whl +apt -y install python2 python2-pip-whl python2-setuptools-whl apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 apt-mark hold python3-pip-whl @@ -37,11 +36,11 @@ bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate #apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` -apt-mark unhold `apt-mark showhold` +apt-mark unhold $(apt-mark showhold) || true rm /etc/apt/sources.list.d/python2.list apt -y remove libmpdec3 python3-pip python3-wheel apt update -apt -y upgrade +apt -y upgrade # Why 'apt upgrade' here? From f67660d30b58760352d5cfba5312b039e075547b Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Mar 2024 00:44:42 -0500 Subject: [PATCH 603/937] Tighten kalite/tasks/install.yml; Introduce is_linuxmint_22 --- roles/kalite/tasks/install.yml | 15 +++++---------- scripts/local_facts.fact | 1 + vars/debian-12.yml | 15 --------------- vars/default_vars.yml | 1 + vars/linuxmint-22.yml | 7 +++++++ vars/raspbian-12.yml | 15 --------------- 6 files changed, 14 insertions(+), 40 deletions(-) create mode 100644 vars/linuxmint-22.yml diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 51350ec10..0ebf1b38b 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -22,9 +22,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: (is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204) # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... - #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. + when: is_ubuntu_2204 is defined and is_ubuntu_2204 # Also covers is_linuxmint_21 #- name: Install Ubuntu keyrings on Debian # get_url: @@ -37,8 +35,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... - #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 + when: not (is_ubuntu_2204 is defined and is_ubuntu_2204) and not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_21 and is_linuxmint_22 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: @@ -48,9 +45,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) - # long form of (is_debian_11+ or is_ubuntu_20+) + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 - name: Use pip to install ka-lite-static to {{ kalite_venv }} pip: @@ -61,11 +56,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 - name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" - when: is_ubuntu_2404 is defined and is_ubuntu_2404 + when: is_ubuntu_2404 is defined and is_ubuntu_2404 # Also covers is_linuxmint_22 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 24a3f044e..b1e53b885 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -89,6 +89,7 @@ case $OS_VER in "ubuntu-2310" | \ "ubuntu-2404" | \ "linuxmint-21" | \ + "linuxmint-22" | \ "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 3b51e4478..d06a61285 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -3,18 +3,3 @@ is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_12: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: openssh-server -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 912a83de3..55af7c382 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -788,6 +788,7 @@ is_ubuntu_2204: False #is_ubuntu_16: False is_linuxmint: False # Subset of is_ubuntu +is_linuxmint_22: False is_linuxmint_21: False #is_linuxmint_20: False diff --git a/vars/linuxmint-22.yml b/vars/linuxmint-22.yml new file mode 100644 index 000000000..53af5a21c --- /dev/null +++ b/vars/linuxmint-22.yml @@ -0,0 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2404: True +is_linuxmint: True +is_linuxmint_22: True diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml index 9fa4b1e75..53858b6af 100644 --- a/vars/raspbian-12.yml +++ b/vars/raspbian-12.yml @@ -5,18 +5,3 @@ is_debian: True # Opposite of is_ubuntu for now is_debian_12: True is_raspbian: True is_raspbian_12: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: ssh -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" From a98d02248e7efa52ad64f7e6f7a98529e22ba4d6 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Mar 2024 02:03:29 -0500 Subject: [PATCH 604/937] kalite/tasks/install.yml: Cleaner OS conditions --- roles/kalite/tasks/install.yml | 48 +++++++--------------------------- 1 file changed, 10 insertions(+), 38 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 0ebf1b38b..d2c2da478 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -15,29 +15,20 @@ # ignore_errors: yes # when: is_raspbian -- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2)' +- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2) -- if Ubuntu 22.04 / Mint 21' package: name: - python2 - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_ubuntu_2204 is defined and is_ubuntu_2204 # Also covers is_linuxmint_21 + when: is_ubuntu_2204 # Also covers is_linuxmint_21 -#- name: Install Ubuntu keyrings on Debian -# get_url: -# url: -# dest: /etc/apt/keyrings/ -# mode: 0644 -# timeout: "{{ download_timeout }}" -# when: is_debian_12 - -# use key retrieval from mongodb -- name: Use scripts/install_python2.sh to install python2 and virtualenv +- name: Run scripts/install_python2.sh to install python2 and virtualenv -- if Debian 12 or RasPiOS 12 command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_ubuntu_2204 is defined and is_ubuntu_2204) and not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_21 and is_linuxmint_22 + when: is_debian_12 # Also covers is_raspbian_12 -- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12 pip: name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv @@ -45,9 +36,9 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 + when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 -- name: Use pip to install ka-lite-static to {{ kalite_venv }} +- name: Use pip to install ka-lite-static to {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12 pip: name: ka-lite-static version: "{{ kalite_version }}" @@ -56,11 +47,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 + when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 -- name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 +- name: Run scripts/install_python2_kalite-venv_u2404.sh -- if Ubuntu 24.04+ or Mint 22 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" - when: is_ubuntu_2404 is defined and is_ubuntu_2404 # Also covers is_linuxmint_22 + when: is_ubuntu and not is_linuxmint and os_ver is version('ubuntu-2404', '>=') or is_linuxmint_22 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: @@ -71,30 +62,11 @@ - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755' } - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644' } -# Useless stanza, for 2 reasons: (1) http://box/kalite was never made to work -# (2) /etc/apache2/sites-available does not exist on many IIAB's w/o Apache -# - name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)" -# template: -# src: kalite.conf -# dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu -# when: apache_installed is defined - - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 replace: path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' replace: 'a-zA-Z0-9\-' - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? - -# - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 -# replace: -# path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" -# regexp: 'a-zA-Z0-9' -# replace: 'a-zA-Z0-9\-' -# when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 -# # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Create dir {{ kalite_root }} file: From 1070a3e7299ac1ce70c2488a460751301786e021 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Mar 2024 03:09:21 -0500 Subject: [PATCH 605/937] install_python2_kalite-venv_u2404.sh: 'apt install python3-venv' (again) --- scripts/install_python2_kalite-venv_u2404.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/install_python2_kalite-venv_u2404.sh b/scripts/install_python2_kalite-venv_u2404.sh index 1371b4b05..cc40edcc2 100755 --- a/scripts/install_python2_kalite-venv_u2404.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -44,3 +44,8 @@ apt -y remove libmpdec3 python3-pip python3-wheel apt update apt -y upgrade # Why 'apt upgrade' here? + +# python3-venv is needed for other venv's like roles/jupyterhub, e.g. #3716. +# So we restore python3-venv originally installed by scripts/ansible -- this +# is nec b/c python3-pip-whl downgrade to 22.0.2 (line ~19 above) removes it: +apt -y install python3-venv From 4fb55f87c6570c302adb513830748eb54dcd389b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Mar 2024 04:04:05 -0500 Subject: [PATCH 606/937] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.14 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 7b8738c4d..c0dbdd854 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.14 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From b5e60c9875e3d6c7c031dac2a362bdd496d274ca Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Mar 2024 13:24:08 -0400 Subject: [PATCH 607/937] Interim stub to force Kolibri 0.16.0 for now, awaiting upstream #11892 --- roles/kolibri/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 9d0f786af..844d0b4ae 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,9 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL +# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting #11892 below... +kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb +# 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next From ea47f27b9dd01827051c62fb7dac57b75a5ded3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Mar 2024 13:31:28 -0400 Subject: [PATCH 608/937] kolibri/defaults/main.yml: Clarify 0.16.0 install hack/stub --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 844d0b4ae..fbb5b8409 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,7 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting #11892 below... +# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting upstream redirects etc, e.g. #11892 below... kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb # 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest From 9ce709e6e3b2d00431f4fbe35d93ed8e4ae24aad Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Mar 2024 15:47:52 -0400 Subject: [PATCH 609/937] Recommend ansible-core 2.16.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 898d57599..76af1ae59 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.4] -GOOD_VER=2.16.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.5] +GOOD_VER=2.16.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 133cc0682b1150dc536b8a062a8901c78272fc1a Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Mar 2024 15:49:14 -0400 Subject: [PATCH 610/937] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.15 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index c0dbdd854..dfca60227 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.14 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.15 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 837b4ccaff4282542b4b31f75a8e2e2a65e0a5a8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 28 Mar 2024 19:07:51 -0400 Subject: [PATCH 611/937] MediaWiki 1.41.1 (security and maintenance release) --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 77a233ac1..077d1a967 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 812b549d3348a3d2b221197e61a4a99e87a60626 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Apr 2024 11:48:53 -0400 Subject: [PATCH 612/937] Restore apt install of Kolibri 0.16.1+, thx to upstream changes --- roles/kolibri/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index fbb5b8409..02086f33a 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,9 +26,9 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting upstream redirects etc, e.g. #11892 below... -kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb -# 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL +# 2024-04-08: Kolibri 0.16.1 restores install via apt +# https://github.com/learningequality/kolibri/issues/11892#issuecomment-2043073998 +# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next From 824469e2805b02f0bfee4230deaf35eb6e83f762 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Apr 2024 11:54:59 -0400 Subject: [PATCH 613/937] kolibri/defaults/main.yml: Clarify apt for Kolibri 0.16.1+ --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 02086f33a..80eb0c352 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,7 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-04-08: Kolibri 0.16.1 restores install via apt +# 2024-04-08: Kolibri 0.16.1+ restores install via apt # https://github.com/learningequality/kolibri/issues/11892#issuecomment-2043073998 # 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest From d6c48123437949d0fed48e7d1bafde8e760e45b4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Apr 2024 16:04:04 -0400 Subject: [PATCH 614/937] Sugarizer 1.8.0 (upgrade from 1.7.0!) --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 925e087b6..ad5e48843 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -9,8 +9,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -sugarizer_dir_version: sugarizer-1.7.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0 -sugarizer_git_version: v1.7.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0 +sugarizer_dir_version: sugarizer-1.8.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0, sugarizer-1.7.0 +sugarizer_git_version: v1.8.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0, v1.7.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 From 8079ca9a4b7cb26387c7e7c7f0384778ea97f793 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Apr 2024 22:13:32 -0400 Subject: [PATCH 615/937] Recommend ansible-core 2.16.6 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 76af1ae59..0df85beb5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.5] -GOOD_VER=2.16.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.6] +GOOD_VER=2.16.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From e279be79dff1a3d293e5ba38a7d3ab30c40196b8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Apr 2024 22:17:51 -0400 Subject: [PATCH 616/937] iiab-install: MIN_ANSIBLE_VER=2.14.16 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index dfca60227..ebf301117 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.15 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.16 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 81be4dda9aff533c5413797bdd9c5a074ccf72b9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 24 Apr 2024 10:34:32 -0400 Subject: [PATCH 617/937] New Moodle 4.4 instead of 4.3 --- roles/moodle/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 4597665b1..b6c607027 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -11,8 +11,8 @@ # 2023-04-25: Currently testing Moodle's master branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_403_STABLE # Moodle 4.3 -#moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 +moodle_version: MOODLE_404_STABLE # Moodle 4.4 +#moodle_version: master # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From e6d5b6aa0732af27e04263880f850a0ed0950100 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 30 Apr 2024 18:22:34 -0400 Subject: [PATCH 618/937] Safer /usr/local/bin/yt-dlp symlink creation --- roles/calibre-web/tasks/install.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5f055d3e7..9ecf1c0ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -74,7 +74,13 @@ else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if [ -f /root/.local/share/pipx/venvs/xklb/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/xklb/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + else + echo "ERROR: yt-dlp NOT FOUND" + fi fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper From a771260ce94f8691bd5c3cb6e711d8aa05f1d890 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 30 Apr 2024 21:02:25 -0400 Subject: [PATCH 619/937] Bypass KA Lite install during initial install of IIAB, on recent OS's --- roles/7-edu-apps/tasks/main.yml | 2 +- roles/kalite/tasks/install.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index c5f15e117..570c4b3d1 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -6,7 +6,7 @@ - name: KALITE include_role: name: kalite - when: kalite_install + when: kalite_install and (is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12) # Also covers is_linuxmint_21 and is_raspbian_12 - name: KOLIBRI include_role: diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index d2c2da478..5738c7301 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -49,6 +49,9 @@ extra_args: "--no-cache-dir" when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 +# 2024-04-30: Sadly no longer works with Ubuntu 24.04 LTS final release (#3731). +# So roles/kalite is OS-restricted during initial install, SEE: roles/7-edu-apps/tasks/main.yml +# CLARIF: If install_python2_kalite-venv_u2404.sh proves no longer useful, it will deprecated in coming months. - name: Run scripts/install_python2_kalite-venv_u2404.sh -- if Ubuntu 24.04+ or Mint 22 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" when: is_ubuntu and not is_linuxmint and os_ver is version('ubuntu-2404', '>=') or is_linuxmint_22 From 4ea8690dd38a8184701592ce8d1a1ec8f36b4a77 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 1 May 2024 10:31:09 -0400 Subject: [PATCH 620/937] Welcome Ubuntu 24.10 (Oracular Oriole) pre-releases --- scripts/local_facts.fact | 1 + vars/default_vars.yml | 1 + vars/ubuntu-2410.yml | 5 +++++ 3 files changed, 7 insertions(+) create mode 100644 vars/ubuntu-2410.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index b1e53b885..e6c6ca0f5 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -88,6 +88,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2310" | \ "ubuntu-2404" | \ + "ubuntu-2410" | \ "linuxmint-21" | \ "linuxmint-22" | \ "raspbian-12") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 55af7c382..754cba561 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -774,6 +774,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2410: False is_ubuntu_2404: False is_ubuntu_2310: False #is_ubuntu_2304: False diff --git a/vars/ubuntu-2410.yml b/vars/ubuntu-2410.yml new file mode 100644 index 000000000..6120c89a9 --- /dev/null +++ b/vars/ubuntu-2410.yml @@ -0,0 +1,5 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2410: True From ebb0e079af196a1a52d700393ae72e713569fcc1 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 1 May 2024 15:52:06 -0400 Subject: [PATCH 621/937] 'echo Admin:changeme | chpasswd' for CUPS w/ ansible-core 2.17+ --- roles/cups/tasks/install.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index e4e2e04ed..5663528f0 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -58,15 +58,30 @@ AuthType Default Require user @SYSTEM -- name: "CUPS web administration: Create Linux username 'Admin' with password 'changeme' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)" +- name: "CUPS web administration: Create Linux username 'Admin' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)" user: name: Admin append: yes # Don't clobber other groups, that other IIAB Apps might need. groups: lpadmin - password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords + #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords create_home: no shell: /usr/sbin/nologin # Debian/Ubuntu norm -- instead of /sbin/nologin, /bin/false +# 2024-05-01: Above password-setting approach no longer works w/ Ansible 2.17 RC1 (#3727). +# Ansible STOPS with this error... +# +# "[DEPRECATION WARNING]: Encryption using the Python crypt module is deprecated. The Python crypt module is +# deprecated and will be removed from Python 3.13. Install the passlib library for continued encryption +# functionality. This feature will be removed in version 2.17. Deprecation warnings can be disabled by +# setting deprecation_warnings=False in ansible.cfg." +# +# ...so we instead use Linux's "chpasswd" command (below!) + +- name: Use chpasswd to set Linux username 'Admin' password to 'changeme' + command: chpasswd + args: + stdin: Admin:changeme + # - name: Add user '{{ iiab_admin_user }}' to Linux group 'lpadmin' -- for CUPS web administration (or modify default 'SystemGroup lpadmin' in /etc/cups/cups-files.conf -- in coordination with ~14 -> ~15 '@SYSTEM' lines in /etc/cups/cupsd.conf) # #command: "gpasswd -a {{ iiab_admin_user | quote }} lpadmin" # #command: "gpasswd -d {{ iiab_admin_user | quote }} lpadmin" From ff696899f3d1802f3ff8d458c881ad9092638886 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 1 May 2024 22:52:44 -0400 Subject: [PATCH 622/937] CUPS: Update Ansible password hashing link (#3735) --- roles/cups/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 5663528f0..55209a50b 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -63,7 +63,7 @@ name: Admin append: yes # Don't clobber other groups, that other IIAB Apps might need. groups: lpadmin - #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords + #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#hashing-and-encrypting-strings-and-passwords create_home: no shell: /usr/sbin/nologin # Debian/Ubuntu norm -- instead of /sbin/nologin, /bin/false From 673fff90e2e2eb92fadc1f97009eeb8795124f69 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 1 May 2024 23:29:00 -0400 Subject: [PATCH 623/937] Nextcloud 29: Update disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index d82f040bb..c43da3943 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~655 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~199 MB) to {{ nextcloud_root_dir }} (~689 MB initially, sometimes ~726 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From d4c97f45b093470385cecc25a4b96917152ebf08 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 3 May 2024 08:50:27 -0400 Subject: [PATCH 624/937] Node.js 22.x --- roles/internetarchive/tasks/install.yml | 6 +++--- vars/default_vars.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index b6df58f01..2821a9ffd 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 20.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 22.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('20.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 20.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('22.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 22.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 754cba561..3b233ca6c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -444,7 +444,7 @@ mosquitto_port: 1883 # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -nodejs_version: 20.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20 +nodejs_version: 22.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20, 20.x til 2024-05-03 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 9129644dff136f0aaddf71e831e1cee60eb02275 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 16 May 2024 17:23:47 -0400 Subject: [PATCH 625/937] Avoid initial install of Kolibri on Ubuntu 24.04+ (for now!) --- roles/7-edu-apps/tasks/main.yml | 2 +- scripts/ansible | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 570c4b3d1..56d21fd28 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install + when: kolibri_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also covers is_linuxmint_22. This is TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases. - name: KIWIX include_role: diff --git a/scripts/ansible b/scripts/ansible index 0df85beb5..1b8983975 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -305,7 +305,6 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " /usr/local/ansible/bin/pip3 show ansible-core" -echo -e " pip3 show ansible-core" echo -e ' apt -a list "ansible*"' echo -e " ansible-galaxy collection list\n" echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" From 2788f1062413f836e58e268826c09d72de236997 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 16 May 2024 18:01:17 -0400 Subject: [PATCH 626/937] Safer avoidance of Kolibri, if Python 3.12+ (for now!) --- roles/7-edu-apps/tasks/main.yml | 2 +- test.yml | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 56d21fd28..e4ac330bc 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also covers is_linuxmint_22. This is TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases. + when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases at the moment. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: diff --git a/test.yml b/test.yml index 8eb2e9be0..7afdab202 100644 --- a/test.yml +++ b/test.yml @@ -19,12 +19,17 @@ #- include_role: # name: 0-init - - debug: - msg: "{{ 'changeme' | password_hash('sha512') }}" + # 2024-05-16: ansible-core 2.17 RC2 still hasn't fixed this, as they migrate from Python's crypt library to passlib: + # https://github.com/iiab/iiab/blob/485a619bfa082716ec848b5b34893dd3046175a8/roles/cups/tasks/install.yml#L70-L78 + #- debug: + # msg: "{{ 'changeme' | password_hash('sha512') }}" # msg: "{{ 'changeme' | password_hash('yescrypt') }}" # crypt.crypt STILL doesn't support 'yescrypt' algorithm ? #- pause: + - debug: + var: "'3.12.3' is version('3.12', '<')" + - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini descriptions for azuracast, captiveportal, mosquitto, munin, nodejs, osm-vector-maps, sshd debug: msg: '"''"' # OR: '''' FAILS: '"\'"' From 583fa9a898b5f3bb0a7b29fdd64ecb64c1430aff Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 May 2024 18:19:42 -0400 Subject: [PATCH 627/937] Clarify Kolibri avoidance w/ Python 3.12+ during initial iiab-install --- roles/7-edu-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index e4ac330bc..dc1f7e49b 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases at the moment. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). + when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: From daafd615217997bcee90e56c37234c68ac49710d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 May 2024 14:51:21 -0400 Subject: [PATCH 628/937] Recommend ansible-core 2.17.0 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1b8983975..02fc9e23f 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.6] -GOOD_VER=2.16.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.0] +GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 6b80af6832561007e6df3888a283dbf6d12b2a81 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 May 2024 14:53:10 -0400 Subject: [PATCH 629/937] 2.14 EOL, MIN_ANSIBLE_VER=2.15.12 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index ebf301117..59c22129f 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.16 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.15.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From ec4a884c4c10e20190ff0580eaef86d5c42ee3ef Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 May 2024 15:17:55 -0400 Subject: [PATCH 630/937] ansible-core 2.17 docs for PR #3743 --- scripts/ansible | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 02fc9e23f..1cf6953a5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -34,6 +34,8 @@ GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.17 +# https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst # https://github.com/ansible/ansible/commits/stable-2.16 # https://github.com/ansible/ansible/blob/stable-2.16/changelogs/CHANGELOG-v2.16.rst # https://github.com/ansible/ansible/commits/stable-2.15 From ed9c8929464e081b5a8dc4a61ac88457c68987d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 27 May 2024 10:19:50 -0400 Subject: [PATCH 631/937] gitea/defaults/main.yml: gitea_version: "1.22" --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index c318acfd7..0032f1d3d 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: "1.21" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. +gitea_version: "1.22" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 9dc634f7de00cb7ec393e622fe1e5f19028a4ac3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 May 2024 00:27:54 -0400 Subject: [PATCH 632/937] calibre-web/tasks/install.yml: Refine venv tips --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 9ecf1c0ed..c3cbf6e94 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -99,8 +99,9 @@ # https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments # VIRTUALENV EXAMPLE COMMANDS: +# python3 -m venv /usr/local/calibre-web-py3 (create venv) # cd /usr/local/calibre-web-py3 -# source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) +# . bin/activate (or 'source bin/activate' -- this prepends '/usr/local/calibre-web-py3/bin' to yr PATH) # python3 -m pip list ('pip list' sufficient *IF* path set above!) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt From ddca185401acf3dd29e483dfb53dbb14141afb04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Jun 2024 10:20:02 -0400 Subject: [PATCH 633/937] iiab-diagnostics: try dpaste.com instead of sprunge.us --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 0b979fcd3..f0d47a52b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -272,12 +272,12 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023) + pastebinit -b dpaste.com < $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. + #pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins - #pastebinit -b dpaste.com < $outfile # Claims 1,000,000 character maximum pastebin size, but not reliable else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b sprunge.us < $outfile" + echo -e " pastebinit -b dpaste.com < $outfile" fi echo -e "\e[0m" From 17463eb8107baa37562f91e5111487d88e22d988 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Jun 2024 10:21:20 -0400 Subject: [PATCH 634/937] iiab-diagnostics.README.md: sprunge.us -> dpaste.com --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index e2b0aef85..a2295b830 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b dpaste.com /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From b6ab7bf733a305a64c698330fda7de45bdef82f9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 5 Jun 2024 09:18:32 -0400 Subject: [PATCH 635/937] iiab-summary: Strip RPi model null char for dpaste.com --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 75102048d..7551aad08 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -67,7 +67,7 @@ echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $ uname -nrvm echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) if [ -f /proc/device-tree/model ]; then - cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo + cat /proc/device-tree/model | tr -d '\000' ; echo # dpaste.com pastebin doesn't allow null chars! MORE RPi DETAIL: tail -4 /proc/cpuinfo fi if [ -f /sys/class/thermal/thermal_zone0/temp ]; then echo "Temperature(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp From 14d605c643a44592b258e4ffffc3ffd75a9bb9cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 5 Jun 2024 09:24:29 -0400 Subject: [PATCH 636/937] iiab-diagnostics: Make all odd chars visible (pastebins can be picky!) --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f0d47a52b..c8bb1f302 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -132,7 +132,7 @@ echo "This is: $outfile" >> $outfile echo >> $outfile echo -e "\n\n\n0. HW + SW Quick Summary" >> $outfile echo >> $outfile -/opt/iiab/iiab/scripts/iiab-summary >> $outfile +/opt/iiab/iiab/scripts/iiab-summary | iconv -t UTF-8//IGNORE | cat -v >> $outfile # Make odd chars visible, just in case (e.g. dpaste.com pastebin disallows null chars) if [ -f /etc/rpi-issue ]; then echo "stage2 = Raspberry Pi OS Lite" >> $outfile echo "stage4 = Raspberry Pi OS with desktop" >> $outfile From 27be239d9d0e5dc22c2e3de632a21fb6472ab0e0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 5 Jun 2024 12:09:57 -0400 Subject: [PATCH 637/937] iiab-diagnostics: Tweak pastebinit syntax for PR #3749 --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index c8bb1f302..a94b04f0c 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -272,9 +272,9 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b dpaste.com < $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. - #pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) - #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins + pastebinit -b dpaste.com $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. + #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) + #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins else echo -e "If you later decide to publish it, run:" echo From ddd09567e21e0ef820553f545d7caff2bfd88b6c Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Jun 2024 14:27:22 -0400 Subject: [PATCH 638/937] Kolibri on Python 3.12 OS's, during initial IIAB install --- roles/7-edu-apps/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index dc1f7e49b..69d1b0788 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,8 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). + when: kolibri_install + #when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: From 7020423b6e479197a598ea5c88b3ea94a2091a2b Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jun 2024 09:14:23 -0400 Subject: [PATCH 639/937] calibre-web/README.rst: Document xklb-metadata.db (for videos) --- roles/calibre-web/README.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 42162c818..9e5d3dee8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -108,6 +108,10 @@ Whereas your e-book metadata is stored in a Calibre-style database:: /library/calibre-web/metadata.db +Videos' metadata is stored in database:: + + /library/calibre-web/xklb-metadata.db + See also:: /library/calibre-web/metadata_db_prefs_backup.json From cc130d7e0fe27a2ae5b5fe4a55b6b541bbc796fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 15 Jun 2024 07:45:54 -0400 Subject: [PATCH 640/937] iiab-diagnostics: xklb & yt-dlp version visibility --- scripts/iiab-diagnostics | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a94b04f0c..6fe38407d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,8 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'sudo lb --version' 'xklb version' +cat_cmd 'sudo yt-dlp --version' 'yt-dlp version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 From 2f83e7f266eb893fbc0efc217f90cbd85255b053 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 15 Jun 2024 07:47:43 -0400 Subject: [PATCH 641/937] iiab-diagnostics.README.md: Fix line number --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index a2295b830..fa6c560e5 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-254 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-256 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From da3a69a885b4b1b8ecd977e37e3d3d0db29278b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 17 Jun 2024 14:48:43 -0400 Subject: [PATCH 642/937] Recommend ansible-core 2.17.1 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1cf6953a5..46ef74659 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.0] -GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.1] +GOOD_VER=2.17.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 2f4151ec2eac33950402e82841fdcebe7ffce0e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 11:55:31 -0400 Subject: [PATCH 643/937] Temp hard-coding of Kolibri 0.17 Alpha 0, if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f0a06d292..0da1d724a 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -121,6 +121,12 @@ # codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) # when: is_debian or is_linuxmint_20 + +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' + set_fact: + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and Debian 13 (which still uses Python 3.11 for now!?) PLEASE SEE: learningequality/kolibri#11316 + - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: name: kolibri From 641b31d80007c7a64bd8d05bf8aebcb9375e8502 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 12:56:33 -0400 Subject: [PATCH 644/937] Nextcloud 29.0.3: Update disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index c43da3943..529988437 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~199 MB) to {{ nextcloud_root_dir }} (~689 MB initially, sometimes ~726 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~197 MB) to {{ nextcloud_root_dir }} (~692 MB initially, sometimes ~730 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From f274f36050870a3d6db2ce45fbb631d7dafd026d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 13:10:01 -0400 Subject: [PATCH 645/937] Clarify doc explanation of PR #3751 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 0da1d724a..5f242b475 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,7 +125,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and Debian 13 (which still uses Python 3.11 for now!?) PLEASE SEE: learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From 2a5046cd84b82b734724e324cf001c2844cc4874 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 14:30:49 -0400 Subject: [PATCH 646/937] Update IIAB Calibre-Web disk footprint estimates --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index c3cbf6e94..6af37dcc7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From 199424d4705be1c50c614850f1d63389e4953310 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 25 Jun 2024 14:34:33 -0400 Subject: [PATCH 647/937] Support experimental install on RasPiOS 13 --- scripts/local_facts.fact | 3 ++- vars/default_vars.yml | 1 + vars/raspbian-13.yml | 7 +++++++ 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 vars/raspbian-13.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index e6c6ca0f5..a24a1a2da 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -91,7 +91,8 @@ case $OS_VER in "ubuntu-2410" | \ "linuxmint-21" | \ "linuxmint-22" | \ - "raspbian-12") + "raspbian-12" | \ + "raspbian-13") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install ;; diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3b233ca6c..c0e6e9f13 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -802,6 +802,7 @@ is_debian_12: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) +is_raspbian_13: False is_raspbian_12: False #is_raspbian_11: False #is_raspbian_10: False diff --git a/vars/raspbian-13.yml b/vars/raspbian-13.yml new file mode 100644 index 000000000..74c906488 --- /dev/null +++ b/vars/raspbian-13.yml @@ -0,0 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_13: True +is_raspbian: True +is_raspbian_13: True From 355ebbc65e6a4378c4ec29de608159e8fafcdad9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 18:25:23 -0400 Subject: [PATCH 648/937] Tighten up adding of Kolibri PPA --- roles/kolibri/tasks/install.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 5f242b475..7798e81f0 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -76,17 +76,20 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 -- name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) +# 2024-06-24: Strongly consider PPA "kolibri-proposed" in future... +# https://github.com/learningequality/kolibri/issues/11892 +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html +- name: Add signed Kolibri PPA 'jammy' apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 +# #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 -- name: Add signed Kolibri PPA 'focal' (if other/older OS's) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" - when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) - #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) +# - name: Add signed Kolibri PPA 'focal' (if other/older OS's) +# apt_repository: +# repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" +# when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) +# #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) # apt_repository: From d75d6a0cb28aa857e65ed2d6df4ca6f6f8051605 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 18:47:28 -0400 Subject: [PATCH 649/937] Fix date in comment re: kolibri-proposed --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 7798e81f0..0eb9f6e84 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -76,7 +76,7 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 -# 2024-06-24: Strongly consider PPA "kolibri-proposed" in future... +# 2024-06-25: Strongly consider PPA "kolibri-proposed" in future... # https://github.com/learningequality/kolibri/issues/11892 # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html - name: Add signed Kolibri PPA 'jammy' From a4a68604e1791830ed6b649722b264712c71ca78 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 Jun 2024 12:01:11 -0400 Subject: [PATCH 650/937] New MediaWiki 1.42.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 077d1a967..1787b2807 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero +mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" From 9d31afdc9f1f3785b4cfba69472fc4bcfe482fc7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Jul 2024 23:18:07 -0400 Subject: [PATCH 651/937] Install Kolibri 0.17b0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 0eb9f6e84..129756d9b 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta0/kolibri_0.17.0b0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From c6b0164cbe97934a1b333bea5b605f084e7bf6fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 9 Jul 2024 18:43:30 -0400 Subject: [PATCH 652/937] transmission/README.rst: Ubuntu timeout / crashing issue #3756 --- roles/transmission/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 727197b56..a851fe591 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -86,6 +86,8 @@ Known Issues * Random Ports: Currently it is not possible to use random ports in the range 49152-65535, as it's difficult to open multiple ports in IIAB's `iptables-based firewall `_. +* transmission-daemon (4.0.6 or 4.1-dev) install onto Ubuntu 24.04 or 24.10, but (1) its systemd service times out (fails to start) (2) rebooting kinda helps, but service then crashes on 1st visit to http://box:9091 `#3756 `_ + Troubleshooting --------------- From c1eea9d1a16b50df04c8eb8cdc69c88f35d31760 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Jul 2024 09:38:03 -0400 Subject: [PATCH 653/937] callbre-web/README.rst: Update issues reporting URL --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9e5d3dee8..da7045ee1 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -228,5 +228,5 @@ Known Issues * |ss| Upload of not supported file formats gives no feedback to the user: `janeczku/calibre-web#828 `_ |se| |nbsp| Fixed by `361a124 `_ on 2019-02-27. -* *Please assist us in reporting serious issues here:* - https://github.com/janeczku/calibre-web/issues +* *Please report serious issues here:* + https://github.com/iiab/calibre-web/issues From 924f5802778ff3309e86637affbe5540bbd0713c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jul 2024 12:54:38 -0400 Subject: [PATCH 654/937] Clarify current Moodle is 4.4 (or 4.5dev !) --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 7a33421ae..a313ae75c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -101,7 +101,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) + version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" @@ -109,7 +109,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023) + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From afb7ed18fde6c3f6df3d57d1acde75856f69f016 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jul 2024 13:12:49 -0400 Subject: [PATCH 655/937] Update Moodle 4.5dev disk footprint estimates --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a313ae75c..44ba40349 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -104,7 +104,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From 2250f507fd306f7372a09c14adbb2a84d5cad44c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jul 2024 19:18:26 -0400 Subject: [PATCH 656/937] Kolibri 0.17.0 Beta 1 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 129756d9b..ba7d16651 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta0/kolibri_0.17.0b0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta1/kolibri_0.17.0b1-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 7c7f145b1716db6a950b6ff9105a90549103aa58 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 12 Jul 2024 19:44:36 -0400 Subject: [PATCH 657/937] Kolibri 0.17.0 Beta 2 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index ba7d16651..209fb3586 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta1/kolibri_0.17.0b1-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta2/kolibri_0.17.0b2-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 3b41fbca62d8605886435c7aa8c3786cd34a7f03 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Jul 2024 16:12:49 -0400 Subject: [PATCH 658/937] Recommend ansible-core 2.17.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 46ef74659..93755a5f6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.1] -GOOD_VER=2.17.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.2] +GOOD_VER=2.17.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 89c3d7873934f534aafdc30d50dc9a45963daf8a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 16 Jul 2024 00:33:24 -0400 Subject: [PATCH 659/937] Kolibri 0.17.0 Beta 3 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 209fb3586..f02dfde2e 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta2/kolibri_0.17.0b2-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta3/kolibri_0.17.0b3-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From fadee4caea0bcc009a47d060f34b66a66ad1f6fa Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 17 Jul 2024 08:57:54 -0400 Subject: [PATCH 660/937] remote.it free/personal/non-commercial plan reconfirmed for 2024 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 051d3b7f5..910f55409 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [2024](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From e3d9a9a36e492107a9ebcc25138da2d4dc97dfe8 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 17 Jul 2024 22:26:11 -0400 Subject: [PATCH 661/937] Basic iiab-update command; also upgrades IIAB Calibre-Web --- roles/0-init/tasks/main.yml | 10 +++- scripts/ansible | 8 +-- scripts/iiab-update | 111 ++++++++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+), 5 deletions(-) create mode 100755 scripts/iiab-update diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 4c02c6ca5..8d423b8c6 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -34,15 +34,23 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ +- name: Copy iiab-update & iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ mode: '0755' with_items: + - iiab-update - iiab-summary - iiab-diagnostics +- name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update + file: + src: /usr/bin/iiab-update + path: /usr/bin/iiab-upgrade + state: link + force: yes + - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: state: directory diff --git a/scripts/ansible b/scripts/ansible index 93755a5f6..51cb3b689 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -99,8 +99,8 @@ echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'" #echo -e "(3) Remove all lines containing 'ansible' from..." #echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" -echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" -echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" +#echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" +#echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ") @@ -308,5 +308,5 @@ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " /usr/local/ansible/bin/pip3 show ansible-core" echo -e ' apt -a list "ansible*"' -echo -e " ansible-galaxy collection list\n" -echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" +echo -e " ansible-galaxy collection list\n\n" +#echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" diff --git a/scripts/iiab-update b/scripts/iiab-update new file mode 100755 index 000000000..8c498ff1e --- /dev/null +++ b/scripts/iiab-update @@ -0,0 +1,111 @@ +#!/bin/bash + +# Basic updating/upgrading of IIAB's core software (2 main repos) from GitHub. + +# With a focus on upgrading IIAB Calibre-Web, if that's installed: +# https://github.com/iiab/calibre-web/wiki + +if [[ $(id -un) != "root" ]]; then + echo -e "\nPlease run: sudo iiab-update\n" + exit 1 +fi + +if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" +else + echo -e "\n\n\e[44;1mBasic upgrade of IIAB core software (2 main repos) & Calibre-Web:\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y +fi + +cd /opt/iiab/iiab +if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 +fi +echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" +git pull https://github.com/iiab/iiab --no-rebase --no-edit +if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise Ansible (roles/0-init) does it below! + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin +fi + +if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" +else + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible +fi + +if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + echo + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + systemctl restart calibre-web + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + ./runrole --reinstall calibre-web + fi +fi + +# 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the +# time over 20 tests for me -- leading to 3+ different kinds of errors right +# after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the +# most common error -- once the error was "command not found" -- and another +# time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! +# +# Any chance this get_oer2go_catalog error ~15 lines up...might be related ? +# +# ... +# Finished writing to /etc/iiab/kiwix_catalog.json +# SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' +# php_parser = re.compile('\<\?php echo .+? \?>') +# Skipping module not needed by Internet in a Box 12 en-PhET +# ... +# [ ~15 lines ] +# ... +# (Restarting CMDSRV +# ... +# [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + +if [ -d /opt/admin ]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi +fi + +echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" From 4f98de9331eaa9c058cde34cfb628fb2f97163a9 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 17 Jul 2024 23:17:37 -0400 Subject: [PATCH 662/937] Untracked files in venv /usr/local/calibre-web-py3 should NOT block upgrade --- roles/0-init/tasks/main.yml | 2 +- scripts/iiab-update | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8d423b8c6..d6859c120 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -49,7 +49,7 @@ src: /usr/bin/iiab-update path: /usr/bin/iiab-upgrade state: link - force: yes + #force: yes - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: diff --git a/scripts/iiab-update b/scripts/iiab-update index 8c498ff1e..0c75dcc34 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -56,7 +56,7 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then yt-dlp --version echo cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi From 869ff84453c77e029c271fc2af8b6057c7feab09 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 00:25:50 -0400 Subject: [PATCH 663/937] iiab-update: Tiny code cleanup (Calibre-Web section) --- scripts/iiab-update | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 0c75dcc34..78b3cf859 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -54,13 +54,12 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then pipx install xklb echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo cd /usr/local/calibre-web-py3 if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi - echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/calibre-web --no-rebase --no-edit cd /opt/iiab/iiab if [[ $1 == "-f" || $1 == "--fast" ]]; then From 7d004495d3b79dc53be64e22874a8dea2bbeb9e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 01:15:10 -0400 Subject: [PATCH 664/937] iiab-update: Document yt-dlp "nightly" option --- scripts/iiab-update | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-update b/scripts/iiab-update index 78b3cf859..eafe6897e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -52,6 +52,8 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then pipx uninstall xklb echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version cd /usr/local/calibre-web-py3 From af4715df6aa8717eac3f1e61c6bf413ee75de673 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 01:32:16 -0400 Subject: [PATCH 665/937] Explain 'cp iiab-update iiab-summary iiab-diagnostics /usr/bin' --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index eafe6897e..4c785c702 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -31,7 +31,7 @@ if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != " fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit -if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise Ansible (roles/0-init) does it below! +if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole and ./install do it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" cp iiab-update iiab-summary iiab-diagnostics /usr/bin From 49f59830c8d575a2dcc466dac208c69022ac002e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 02:09:33 -0400 Subject: [PATCH 666/937] Strengthen yt-dlp upgrading + document "nightly" version --- roles/calibre-web/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 6af37dcc7..2fc8d4f74 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -70,7 +70,7 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx upgrade --include-injected xklb + pipx reinstall xklb else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb @@ -82,6 +82,8 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper fi From c6815a55f757785400da1f4483bb52a2f24e5046 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 02:19:52 -0400 Subject: [PATCH 667/937] calibre-web/tasks/install.yml: Links to NEW iiab-update approach --- roles/calibre-web/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 2fc8d4f74..369bc09c1 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,3 +1,8 @@ +# To upgrade IIAB Calibre-Web: +# https://github.com/iiab/calibre-web/wiki#upgrading +# https://github.com/iiab/iiab/blob/master/scripts/iiab-update + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 From 4150ce342efff605c641981b0f54db5d3eac5711 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 03:09:13 -0400 Subject: [PATCH 668/937] calibre-web/README.rst: Revise "Upgrading" section --- roles/calibre-web/README.rst | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index da7045ee1..ef9423d1d 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -157,26 +157,31 @@ as it contains your Calibre-Web content **and** configuration settings! Upgrading --------- -"Reinstalling" Calibre-Web automatically installs the latest version — if your -Internet-in-a-Box (IIAB) is online. +Please see our `new/automated upgrade technique (iiab-update) `_ +introduced in July 2024. -But first: back up your content **and** configuration settings, as explained above. +But first: back up your content **and** configuration settings, as outlined +above! -**Also move your /library/calibre-web/config/app.db AND/OR -/library/calibre-web/metadata.db out of the way — if you're sure you want to -fully reset your Calibre-Web settings (to install defaults) AND/OR remove all -e-book metadata! Then run, as root**:: +**Conversely if you're sure you want to fully reset your Calibre-Web settings, +and remove all existing e-book/video/media metadata — then move your +/library/calibre-web/config/app.db, /library/calibre-web/metadata.db and +/library/calibre-web/xklb-metadata.db out of the way.** + +RECAP: In general, "reinstalling" Calibre-Web automatically installs the latest +version — if your Internet-in-a-Box (IIAB) is online. Strongly consider the +new ``iiab-update`` technique described above. But if you must use the +older/manual technique, you would need to run, as root:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web -Or, if you just want to upgrade Calibre-Web code alone, prior to proceeding -manually:: +Or, if you want to try upgrading Calibre-Web code alone:: cd /usr/local/calibre-web-py3 git pull -This older way is *no longer recommended*:: +Finally, this much older way is *no longer recommended*:: cd /opt/iiab/iiab ./iiab-install --reinstall # OR: ./iiab-configure From 514f0ea71457e4921f007771d6e7756648decdcd Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 03:21:01 -0400 Subject: [PATCH 669/937] calibre-web/README.rst: Refine "Upgrading" grammar --- roles/calibre-web/README.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index ef9423d1d..a29896573 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -168,15 +168,15 @@ and remove all existing e-book/video/media metadata — then move your /library/calibre-web/config/app.db, /library/calibre-web/metadata.db and /library/calibre-web/xklb-metadata.db out of the way.** -RECAP: In general, "reinstalling" Calibre-Web automatically installs the latest -version — if your Internet-in-a-Box (IIAB) is online. Strongly consider the -new ``iiab-update`` technique described above. But if you must use the -older/manual technique, you would need to run, as root:: +RECAP: Either way, "reinstalling" Calibre-Web automatically installs the latest +version — so long as your Internet-in-a-Box (IIAB) is online. Most people +should stick with the new ``iiab-update`` technique above. However if you must +use the older/manual approach, you would need to run, as root:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web -Or, if you want to try upgrading Calibre-Web code alone:: +Or, if there's a need to try updating Calibre-Web's code alone:: cd /usr/local/calibre-web-py3 git pull From 3d6a11635278543680636e767f078e0acb61c7d2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 05:19:38 -0400 Subject: [PATCH 670/937] scripts/iiab-update: Clarify summary/purpose for PR #3768 --- scripts/iiab-update | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4c785c702..b5813075e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -1,8 +1,8 @@ #!/bin/bash -# Basic updating/upgrading of IIAB's core software (2 main repos) from GitHub. +# Upgrade IIAB core software (apt updates, Ansible, Admin Console, etc). -# With a focus on upgrading IIAB Calibre-Web, if that's installed: +# Also with a focus on upgrading IIAB Calibre-Web, if that's installed: # https://github.com/iiab/calibre-web/wiki if [[ $(id -un) != "root" ]]; then @@ -14,7 +14,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mBasic upgrade of IIAB core software (2 main repos) & Calibre-Web:\e[0m\n" + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" echo -e "\e[4mNow running: apt update\e[0m\n" apt update From 1e1998cb14568b60e3f2deceeebefafb06527a11 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 18 Jul 2024 13:37:24 -0400 Subject: [PATCH 671/937] Preload all of iiab-update (bash script) into RAM for safety --- scripts/iiab-update | 192 +++++++++++++++++++++++--------------------- 1 file changed, 101 insertions(+), 91 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index b5813075e..36190e270 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -5,108 +5,118 @@ # Also with a focus on upgrading IIAB Calibre-Web, if that's installed: # https://github.com/iiab/calibre-web/wiki -if [[ $(id -un) != "root" ]]; then - echo -e "\nPlease run: sudo iiab-update\n" - exit 1 -fi +# 2024-07-18 fixes underway, thanks to: +# https://stackoverflow.com/questions/21096478/overwrite-executing-bash-script-files +# https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run +# https://stackoverflow.com/questions/2336977/can-a-shell-script-indicate-that-its-lines-be-loaded-into-memory-initially -if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" - echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" -else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" - echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" - echo -e "\e[4mNow running: apt update\e[0m\n" - apt update - echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" - apt dist-upgrade -y - echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" - apt autoremove -y -fi - -cd /opt/iiab/iiab -if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 -fi -echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" -git pull https://github.com/iiab/iiab --no-rebase --no-edit -if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole and ./install do it below! (as Ansible runs roles/0-init) - cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin -fi - -if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" -else - echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" - scripts/ansible -fi - -if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" +{ + if [[ $(id -un) != "root" ]]; then + echo -e "\nPlease run: sudo iiab-update\n" exit 1 fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" - systemctl restart calibre-web + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" - ./runrole --reinstall calibre-web + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y fi -fi -# 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the -# time over 20 tests for me -- leading to 3+ different kinds of errors right -# after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the -# most common error -- once the error was "command not found" -- and another -# time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! -# -# Any chance this get_oer2go_catalog error ~15 lines up...might be related ? -# -# ... -# Finished writing to /etc/iiab/kiwix_catalog.json -# SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' -# php_parser = re.compile('\<\?php echo .+? \?>') -# Skipping module not needed by Internet in a Box 12 en-PhET -# ... -# [ ~15 lines ] -# ... -# (Restarting CMDSRV -# ... -# [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + cd /opt/iiab/iiab + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab --no-rebase --no-edit + if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin + fi -if [ -d /opt/admin ]; then if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" else - cd /opt/iiab/iiab-admin-console - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible + fi + + if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install + systemctl stop calibre-web + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + systemctl restart calibre-web + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + ./runrole --reinstall calibre-web + fi fi -fi -echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + # 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the + # time over 20 tests for me -- leading to 3+ different kinds of errors right + # after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the + # most common error -- once the error was "command not found" -- and another + # time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! + # + # Any chance this get_oer2go_catalog error ~15 lines up...might be related ? + # + # ... + # Finished writing to /etc/iiab/kiwix_catalog.json + # SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' + # php_parser = re.compile('\<\?php echo .+? \?>') + # Skipping module not needed by Internet in a Box 12 en-PhET + # ... + # [ ~15 lines ] + # ... + # (Restarting CMDSRV + # ... + # [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + + if [ -d /opt/admin ]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi + fi + + echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + + exit # https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run +} From 280cea8b9d53a6825d7076a36c3664c1f29b7836 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 18 Jul 2024 14:16:39 -0400 Subject: [PATCH 672/937] untabify iiab-update + 'systemctl stop calibre-web' output --- scripts/iiab-update | 115 ++++++++++++++++++++++---------------------- 1 file changed, 58 insertions(+), 57 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 36190e270..8f8ba2f94 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -12,72 +12,73 @@ { if [[ $(id -un) != "root" ]]; then - echo -e "\nPlease run: sudo iiab-update\n" - exit 1 + echo -e "\nPlease run: sudo iiab-update\n" + exit 1 fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" - echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" - echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" - echo -e "\e[4mNow running: apt update\e[0m\n" - apt update - echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" - apt dist-upgrade -y - echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" - apt autoremove -y + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y fi cd /opt/iiab/iiab if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) - cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" else - echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" - scripts/ansible + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - systemctl stop calibre-web - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: systemctl stop calibre-web\e[0m\n" + systemctl stop calibre-web + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" systemctl restart calibre-web - else - echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" ./runrole --reinstall calibre-web - fi + fi fi # 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the @@ -101,19 +102,19 @@ # [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] if [ -d /opt/admin ]; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" - else - cd /opt/iiab/iiab-admin-console - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install - fi + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi fi echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" From 291c049919185852724ef4584bdf2c059152e18e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 15:24:22 -0400 Subject: [PATCH 673/937] iiab-update: Try "bash -e" (exit on error) and "cp -u" (--update) --- scripts/iiab-update | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 8f8ba2f94..48a4f90ac 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/bash -e +# "-e" tries to exit right away on error. # Upgrade IIAB core software (apt updates, Ansible, Admin Console, etc). @@ -40,7 +41,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin + cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then From 732ddf80111ed6f47883fcc9a7798f8b55c14088 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 15:28:07 -0400 Subject: [PATCH 674/937] iiab-update: Clarify "cp -u" in live output too --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 48a4f90ac..eca416d60 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -40,7 +40,7 @@ git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin fi From cdd94f84d9f24224a70facd2c2bbad952a9e2604 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 16:28:14 -0400 Subject: [PATCH 675/937] iiab-update: Permit /opt/iiab/iiab untracked files like adm-run-roles-tmp.yml --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index eca416d60..f51532503 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -32,7 +32,7 @@ fi cd /opt/iiab/iiab - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit detritus, e.g. untracked files like adm-run-roles-tmp.yml echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi From af3660045ffc581bcac4f3bbfb5bfa70790e94a1 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 19 Jul 2024 01:19:00 -0400 Subject: [PATCH 676/937] iiab-update: Skip Admin Console ./install if already up-to-date --- scripts/iiab-update | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index f51532503..49cfdc939 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -111,10 +111,16 @@ echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi + GITHASH1=$(git rev-parse HEAD) echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install + GITHASH2=$(git rev-parse HEAD) + if [[ $GITHASH1 != $GITHASH2 ]]; then + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + else + echo -e "\n\e[33mSkipping Admin Console './install' — as it appears up-to-date!\e[0m" + fi fi fi From b1b9d49327d6429de7760e1559b9579c2456ddc3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 19 Jul 2024 04:34:16 -0400 Subject: [PATCH 677/937] Clean up RasPiOS Python/apt/pip doc links --- roles/calibre-web/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 369bc09c1..8b526d03e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -102,8 +102,9 @@ extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) -# https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi -# https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments +# https://www.raspberrypi.com/documentation/computers/os.html#use-python-on-a-raspberry-pi +# https://www.raspberrypi.com/documentation/computers/os.html#install-python-packages-using-apt +# https://www.raspberrypi.com/documentation/computers/os.html#install-python-libraries-using-pip # VIRTUALENV EXAMPLE COMMANDS: # python3 -m venv /usr/local/calibre-web-py3 (create venv) From 33ed99c030847daf4e32fce88aa3c4b82f3c6891 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 19 Jul 2024 06:26:19 -0400 Subject: [PATCH 678/937] iiab-update -f: Install CWeb requirements.txt + sharpen warning --- scripts/iiab-update | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 49cfdc939..91e0af9e1 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -21,7 +21,7 @@ echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\n\e[44;1mUpgrading IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" echo -e "\e[4mNow running: apt update\e[0m\n" apt update @@ -45,16 +45,13 @@ fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n\n" else echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" scripts/ansible fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" pipx uninstall xklb echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" @@ -72,11 +69,13 @@ systemctl stop calibre-web echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + echo -e "\n\e[4mNow running: bin/pip install -r requirements.txt --prefer-binary\e[0m\n" + bin/pip install -r requirements.txt --prefer-binary > /dev/null + echo -e "\e[4mNow running: systemctl restart calibre-web\e[0m\n" systemctl restart calibre-web else + cd /opt/iiab/iiab echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" ./runrole --reinstall calibre-web fi @@ -124,7 +123,12 @@ fi fi - echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\n\e[44;1m'iiab-update -f' COMPLETE!\e[0m\n" + echo -e "\e[44;1mIf Calibre-Web fails, please try 'iiab-update' WITHOUT '-f'\e[0m\n\n" # \e[7m == reverse video (e.g. black on white) + else + echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + fi exit # https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run } From 06a36706eb27dd4888464e4127a882ec35f14774 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 20 Jul 2024 11:52:53 -0400 Subject: [PATCH 679/937] iiab-update: Tighten up Calibre-Web upgrader (WIP: Ansible equiv soon) --- scripts/iiab-update | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 91e0af9e1..ec7a5d31e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -52,24 +52,25 @@ fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - echo -e "\n\e[4mNow running: systemctl stop calibre-web\e[0m\n" - systemctl stop calibre-web - echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\e[4mNow running: systemctl stop calibre-web\e[0m\n" + systemctl stop calibre-web + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit echo -e "\n\e[4mNow running: bin/pip install -r requirements.txt --prefer-binary\e[0m\n" bin/pip install -r requirements.txt --prefer-binary > /dev/null echo -e "\e[4mNow running: systemctl restart calibre-web\e[0m\n" From 37c6a7ef2950a659dbebcee2f7a09f895548631f Mon Sep 17 00:00:00 2001 From: root Date: Sat, 20 Jul 2024 13:43:35 -0400 Subject: [PATCH 680/937] Clarify yt-dlp "nightly" for better/experimental YouTube scraping --- scripts/iiab-update | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index ec7a5d31e..76095753f 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -59,13 +59,16 @@ pipx install xklb echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # + # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases + # https://pypi.org/project/yt-dlp/#history cd /usr/local/calibre-web-py3 if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 + echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 fi echo -e "\e[4mNow running: systemctl stop calibre-web\e[0m\n" systemctl stop calibre-web From 06dbdb178a6f2a171f609a23f9ecc159f7db525c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 21 Jul 2024 01:51:06 -0400 Subject: [PATCH 681/937] Allow Calibre-Web upgrades via Ansible too, much like 'iiab-update -f' --- roles/calibre-web/tasks/install.yml | 33 +++++++++++++++++++---------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 8b526d03e..bdcca21f5 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,6 +1,9 @@ -# To upgrade IIAB Calibre-Web: +# Or try 'iiab-update -f' for a more rapid upgrade of IIAB Calibre-Web: +# +# https://wiki.iiab.io/go/FAQ#Can_I_upgrade_IIAB_software%3F # https://github.com/iiab/calibre-web/wiki#upgrading # https://github.com/iiab/iiab/blob/master/scripts/iiab-update +# https://github.com/iiab/iiab/tree/master/roles/calibre-web#upgrading - name: Record (initial) disk space used @@ -8,6 +11,13 @@ register: df1 +- name: Stop 'calibre-web' systemd service for safety (RED ERROR CAN BE IGNORED!) + systemd: + name: calibre-web + state: stopped + ignore_errors: True # Shows red errors, and continue... + #failed_when: False # Hides red errors, and continue... + - name: "Install packages: imagemagick, python3-netifaces" package: name: @@ -38,10 +48,10 @@ state: absent when: calibreweb_venv_wipe -- name: Does {{ calibreweb_venv_path }} exist? - stat: - path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 - register: calibreweb_venv +# - name: Does {{ calibreweb_venv_path }} exist? +# stat: +# path: "{{ calibreweb_venv_path }}" +# register: calibreweb_venv - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: @@ -52,7 +62,7 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" + - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -61,14 +71,15 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" +#- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ MB later)" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" - force: yes - #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing - version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 - when: not calibreweb_venv.stat.exists + force: yes # "any modified files in the working repository will be discarded" + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing + version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 + #when: not calibreweb_venv.stat.exists - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | From 663a35f5ced6b8bcbe0a416c53015b4b22418d63 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 21 Jul 2024 02:31:21 -0400 Subject: [PATCH 682/937] Sharpen /usr/local/calibre-web-py3 disk usage estimates --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index bdcca21f5..d6320fb76 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -72,7 +72,7 @@ # https://github.com/janeczku/calibre-web/pull/1459 #- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" -- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ MB later)" +- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later)" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From ddfbbe7bf0e42eb5c2eda9c9cb68bf6190f26f85 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 21 Jul 2024 02:46:48 -0400 Subject: [PATCH 683/937] calibre-web/tasks/install.yml: Clarify yt-dlp "nightly" option --- roles/calibre-web/tasks/install.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index d6320fb76..816fa5ac7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -98,8 +98,11 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release:: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # + # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases + # https://pypi.org/project/yt-dlp/#history cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper fi From 220bea18dcd597fb33501cdabe4d09bb8799bbe2 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 21 Jul 2024 03:24:26 -0400 Subject: [PATCH 684/937] Explain yt-dlp 'nightly' releases, in Ansible output --- roles/calibre-web/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 816fa5ac7..34a89f211 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -81,6 +81,11 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 #when: not calibreweb_venv.stat.exists +- debug: + msg: + - "NEED BETTER/EXPERIMENTAL YouTube SCRAPING? RUN THE NEXT LINE -- for the latest yt-dlp 'nightly' release:" + - sudo pipx inject --pip-args='--upgrade --pre' -f xklb yt-dlp[default] + - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then @@ -98,7 +103,7 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi - # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release:: + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases From 46c1003f2c2c10a9487cc8974fe1ab402d701b87 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 21 Jul 2024 21:36:39 -0400 Subject: [PATCH 685/937] KA Lite dying: Time for Kolibri to become mainline --- vars/default_vars.yml | 8 ++++---- vars/local_vars_medical.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_none.yml | 4 ++-- vars/local_vars_small.yml | 8 ++++---- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c0e6e9f13..13291b20d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -476,14 +476,14 @@ wordpress_enabled: False # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False kalite_server_port: 8008 kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org -kolibri_install: False -kolibri_enabled: False +kolibri_install: True +kolibri_enabled: True kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri kolibri_user: kolibri # WARNING: https://github.com/learningequality/kolibri-installer-debian/issues/115 diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index f97113d63..66798cb05 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -1,7 +1,7 @@ # Default overrides kiwix_incl_apk: True -kalite_install: False -kalite_enabled: False +kolibri_install: False +kolibri_enabled: False captiveportal_install: True captiveportal_enabled: True mediawiki_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index aa142dcc9..40b960608 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -284,8 +284,8 @@ wordpress_enabled: True # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 6b3876fe8..a13c825ac 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -1,8 +1,8 @@ # turn off defaults remoteit_install: False openvpn_install: False -kalite_install: False -kalite_enabled: False +kolibri_install: False +kolibri_enabled: False kiwix_install: False kiwix_enabled: False osm_vector_maps_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index a366e2863..288395d69 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -284,12 +284,12 @@ wordpress_enabled: False # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org -kolibri_install: False -kolibri_enabled: False +kolibri_install: True +kolibri_enabled: True kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From 4cb61cf8b8c3f985d22cbeab8452f342a5f66596 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 22 Jul 2024 22:18:55 -0400 Subject: [PATCH 686/937] 'git pull' if upgrading Calibre-Web, bypassing Ansible --- roles/calibre-web/tasks/install.yml | 38 ++++++++++++++++------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 34a89f211..a6e8d4f56 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -42,17 +42,6 @@ line: ' ' state: present -- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" - file: - path: "{{ calibreweb_venv_path }}" - state: absent - when: calibreweb_venv_wipe - -# - name: Does {{ calibreweb_venv_path }} exist? -# stat: -# path: "{{ calibreweb_venv_path }}" -# register: calibreweb_venv - - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: state: directory @@ -62,7 +51,6 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -71,15 +59,31 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -#- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" -- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later)" +- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" + file: + path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + state: absent + when: calibreweb_venv_wipe + +- name: Does {{ calibreweb_venv_path }} exist? + stat: + path: "{{ calibreweb_venv_path }}" + register: calibreweb_venv + +- name: git clone Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later) -- if {{ calibreweb_venv_path }} doesns't exist git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" - force: yes # "any modified files in the working repository will be discarded" - #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing + #force: True # CLAIM: "If true, any modified files in the working repository will be discarded" -- REALITY: even if `force: no`, Ansible destructively reclones (also removing all test branch commits etc!) -- unless a git credential is provided to Ansible? + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 - #when: not calibreweb_venv.stat.exists + when: not calibreweb_venv.stat.exists + +- name: cd {{ calibreweb_venv_path }} ; git pull {{ calibreweb_repo_url }} {{ calibreweb_version }} --no-rebase --no-edit -- if {{ calibreweb_venv_path }} exists + command: git pull "{{ calibreweb_repo_url }}" "{{ calibreweb_version }}" --no-rebase --no-edit + args: + chdir: "{{ calibreweb_venv_path }}" + when: calibreweb_venv.stat.exists - debug: msg: From 078d896ef7cd5278ca730e4a28c400f18161f9ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 28 Jul 2024 14:34:51 -0400 Subject: [PATCH 687/937] pbx/README.adoc: Link to official FreePBX 17 install script --- roles/pbx/README.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index d99f0df82..9553cb8db 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -357,4 +357,8 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c * Ron Raikes' routine to install FreePBX from GitHub: https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +In 2024, see also the official: + +* FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install + Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 1116cbfb362a953358099f413160e2e3d73691d0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 28 Jul 2024 14:48:01 -0400 Subject: [PATCH 688/937] pbx/README.adoc: 2 more official FreePBX 17 install links --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 9553cb8db..2bbd70671 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -360,5 +360,7 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c In 2024, see also the official: * FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install +* FreePBX 17 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230326391/FreePBX+17+Installation +* Step By Step Debian 12 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/295403538/Step+By+Step+Debian+12+Installation Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 8f1a72e049cade6ffb55c7280af8170b823316dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 28 Jul 2024 15:03:00 -0400 Subject: [PATCH 689/937] pbx/README.adoc: Update FreePBX 17 pre-release news + link --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 2bbd70671..5d48feddf 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of July 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 pre-releases]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* @@ -359,7 +359,7 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c In 2024, see also the official: -* FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install +* https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install * FreePBX 17 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230326391/FreePBX+17+Installation * Step By Step Debian 12 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/295403538/Step+By+Step+Debian+12+Installation From 1ddbf01dfff87ce39973705aa1cee41d79f2ea93 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 30 Jul 2024 19:42:47 -0400 Subject: [PATCH 690/937] Kolibri 0.17 RC0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f02dfde2e..b0ea215bb 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta3/kolibri_0.17.0b3-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc0/kolibri_0.17.0rc0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From f20493cdc4dc8bad2edc1a218e827c3400b9a9f7 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 1 Aug 2024 11:10:37 -0400 Subject: [PATCH 691/937] Bypass initial install of Transmission on 24.04 & 24.10 & Mint 22 --- roles/8-mgmt-tools/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 8771b66a0..4d83e4422 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -6,7 +6,7 @@ - name: TRANSMISSION include_role: name: transmission - when: transmission_install + when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) - name: AWSTATS include_role: From cd7baf4b4f3e9a71f7737cc7bb2fc3dd0b593ea4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Aug 2024 14:19:53 -0400 Subject: [PATCH 692/937] Kolibri 0.17 RC2 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index b0ea215bb..ede1a64b6 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc0/kolibri_0.17.0rc0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc2/kolibri_0.17.0rc2-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From a0e789a11126b33b34066081dfdb83c248208e28 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 4 Aug 2024 09:20:47 -0400 Subject: [PATCH 693/937] pbx/README.adoc: FreePBX 17 links --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 5d48feddf..f19260023 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of July 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 pre-releases]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of August 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* From 01f87f5e38196a863bb431d5ce6045cb26011736 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Aug 2024 18:44:18 -0400 Subject: [PATCH 694/937] Kolibri 0.17 RC3 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index ede1a64b6..405beb896 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc2/kolibri_0.17.0rc2-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 0ab99a456ebef69c971d10154770365165704230 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Aug 2024 18:51:04 -0400 Subject: [PATCH 695/937] kolibri/tasks/install.yml: Clarify 4 OS's now using Python 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 405beb896..86281875a 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -128,7 +128,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From fd3ff958b16407deb6ae507be0dcc48a91206d88 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Aug 2024 19:29:48 -0400 Subject: [PATCH 696/937] Kolibri 0.17.0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 86281875a..e09616739 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,9 +125,9 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 6e51ecbdd6a29415fe9b5b3a601a87e8a9799899 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Aug 2024 19:37:56 -0400 Subject: [PATCH 697/937] Kolibri 0.17.x: Clean/Clarify Python 3.12+ OS's / context --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index e09616739..217d68d73 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,10 +125,10 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From cac1c873f40ce9d89e1a344c980646ac6c577311 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Aug 2024 01:03:29 -0400 Subject: [PATCH 698/937] scripts/iiab-root-login: Set + Enable sftp password, for FileZilla uploads --- roles/0-init/tasks/main.yml | 3 +- scripts/iiab-item-size.py | 0 scripts/iiab-network | 0 scripts/iiab-root-login | 60 +++++++++++++++++++++++++++++++++++++ scripts/iiab-size.py | 0 scripts/iiab-update | 2 +- 6 files changed, 63 insertions(+), 2 deletions(-) mode change 100644 => 100755 scripts/iiab-item-size.py mode change 100644 => 100755 scripts/iiab-network create mode 100755 scripts/iiab-root-login mode change 100644 => 100755 scripts/iiab-size.py diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index d6859c120..8eb1668eb 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -34,7 +34,7 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy iiab-update & iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ +- name: Copy iiab-update & iiab-summary & iiab-diagnostics & iiab-root-login from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ @@ -43,6 +43,7 @@ - iiab-update - iiab-summary - iiab-diagnostics + - iiab-root-login - name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update file: diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-network b/scripts/iiab-network old mode 100644 new mode 100755 diff --git a/scripts/iiab-root-login b/scripts/iiab-root-login new file mode 100755 index 000000000..2d968e857 --- /dev/null +++ b/scripts/iiab-root-login @@ -0,0 +1,60 @@ +#!/bin/bash -e +# "-e" tries to exit right away on error. + +# Enable (and set!) root login password for ssh and sftp. +# To help everyday IIAB implementers upload content with FileZilla: +# https://wiki.iiab.io/go/FAQ#How_do_I_add_my_own_content%3F + +# AT YOUR OWN RISK. If this absolutely must be run non-interactively, use: +# sudo iiab-root-login + +if [ ! -f /etc/ssh/sshd_config ]; then + echo -e '\n\e[41;1mERROR: /etc/ssh/sshd_config is missing (is openssh-server installed?)\e[0m\n' + exit 1 +fi + +if ! systemctl is-active ssh > /dev/null; then + echo -e "\n\e[41;1mERROR: ssh service is not active (run 'systemctl status ssh' ?)\e[0m\n" + exit 1 +fi + +if [ $# -eq 0 ]; then + echo -e '\n\e[1;33mPICK A STRONG PASSWORD TO PROTECT YOUR IIAB!\e[0m' + echo -en '\nWhat ssh and sftp password do you want for user "root" ? ' + read ans < /dev/tty +else + ans=$1 + echo +fi + +if [[ $ans == "" ]]; then + echo -e '\n\e[41;1mEXITING: User "root" cannot have an empty password.\e[0m\n' + exit 1 +else + echo root:"$ans" | chpasswd + echo -e 'Password changed, for user "root".\n' +fi + +# Comment out problematic line(s) in file(s) like... +# /etc/ssh/sshd_config.d/60-cloudimg-settings.conf +# ...that appear in Multipass VMs, etc: +sed -i 's/^PermitRootLogin[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true +sed -i 's/^PasswordAuthentication[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true + +if grep -q '^PermitRootLogin[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PermitRootLogin[[:blank:]].*/PermitRootLogin yes/' /etc/ssh/sshd_config +else + echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config +fi + +if grep -q '^PasswordAuthentication[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PasswordAuthentication[[:blank:]].*/PasswordAuthentication yes/' /etc/ssh/sshd_config +else + echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config +fi + +if systemctl reload ssh; then + echo -e '\e[44;1mUser "root" can now upload to IIAB using FileZilla!\e[0m\n' +else + echo -e '\e[41;1mERROR: Unable to reload ssh service.\e[0m\n' +fi diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-update b/scripts/iiab-update index 76095753f..689f715e0 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -41,7 +41,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin + cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then From 24def618bc41bcbff0acd55a112f4a034ce3f0b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 7 Aug 2024 03:34:02 -0400 Subject: [PATCH 699/937] roles/iiab-admin/README.rst: Update 2 links --- roles/iiab-admin/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index 5017e4186..c7c4ec5fc 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -58,14 +58,14 @@ Remote Support Tools The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN `_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. -Similarly, `access.yml `_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: +Similarly, `tasks/main.yml `_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: * `lynx `_ * `screen `_ *More great tools to help you jumpstart community action at a distance:* -* http://FAQ.IIAB.IO > "How can I remotely manage my Internet-in-a-Box?" +* `FAQ.IIAB.IO `_ > "How can I remotely manage my Internet-in-a-Box?" Admin Console ------------- From 49b574409a052a77c7629ca12fe928f54db58e4d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 7 Aug 2024 04:04:43 -0400 Subject: [PATCH 700/937] scripts/iiab-update: Touch up for PR #3784 --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 689f715e0..4e2fe7aff 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -40,7 +40,7 @@ git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi From 0d0772aac9eef7f8f990d5528fc9269a87f8a47c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 7 Aug 2024 23:34:30 -0400 Subject: [PATCH 701/937] Revert to installing Kolibri (i.e. 0.17.0+) via PPA, by default --- roles/kolibri/tasks/install.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 217d68d73..d95f36044 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,10 +125,13 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' - set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 +# 2024-08-07: Hack no longer needed! As Kolibri 0.17.0 now installs via "kolibri" PPA (https://launchpad.net/~learningequality/+archive/ubuntu/kolibri). +# Hopefully "kolibri-proposed" PPA will install 0.18 pre-releases soon, on Python 3.13 too! https://github.com/learningequality/kolibri/issues/11892 + +# - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +# set_fact: +# kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb +# when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From ee3781d38a66e353f45ff36ebda5f5815705f297 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Aug 2024 20:53:13 -0400 Subject: [PATCH 702/937] README.md: Fix link to FAQ app list / descriptions --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2fcb5085c..b3416aca2 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ You can build your own tiny, affordable server (an offline digital library) for Internet-in-a-Box gives you the DIY tools to: 1. Download then drag-and-drop to arrange the [very best of the World’s Free Knowledge](https://internet-in-a-box.org/#quality-content). -2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). +2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_%28IIAB_apps%29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). 3. Exchange local/indigenous knowledge with nearby communities, using our [Manage Content](https://github.com/iiab/iiab-admin-console/blob/master/roles/console/files/help/InstContent.rst#manage-content) interface and possible mesh networking. FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* From 608d05e24082463c7a27c671bea7ba7846d76d30 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 10 Aug 2024 21:41:15 -0400 Subject: [PATCH 703/937] iiab-diagnostics: Try paste.centos.org instead of dpaste.com --- scripts/iiab-diagnostics | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 6fe38407d..a872b88bb 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -273,13 +273,15 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b dpaste.com $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. - #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) - #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? + #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days! + #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) + #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) + #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b dpaste.com < $outfile" + echo -e " pastebinit -b paste.centos.org $outfile" fi echo -e "\e[0m" From 2c5398dfb29333e72563ee37234fa3b2e34c0b3f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 10 Aug 2024 21:48:10 -0400 Subject: [PATCH 704/937] iiab-diagnostics: Clarify termbin.com rudimentary/reliable option --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a872b88bb..198ad864e 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -275,7 +275,7 @@ echo -e "\e[1m" if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? - #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days! + #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days (rudimentary but reliable option if nec in future?!) #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins From e1eb26ba687503f1655e4665d21c20e4250b2d1c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 13 Aug 2024 00:15:30 -0400 Subject: [PATCH 705/937] Recommend ansible-core 2.17.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 51cb3b689..975acda62 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.2] -GOOD_VER=2.17.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.3] +GOOD_VER=2.17.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 86fa7bd49c9594f36b407eb5501ef0213326fd79 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 15 Aug 2024 10:00:56 -0400 Subject: [PATCH 706/937] test.yml: Tips to try ad hoc Ansible commands --- test.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/test.yml b/test.yml index 7afdab202..067b7cddd 100644 --- a/test.yml +++ b/test.yml @@ -1,6 +1,13 @@ # TEST ANSIBLE COMMANDS/MODULES IN SECONDS -- BY RUNNING: # ansible-playbook -i ansible_hosts test.yml --connection=local +# TEST A SINGLE ANSIBLE COMMAND/MODULE: +# ansible localhost -m ansible.builtin.setup | grep -e "ansible_machine\b" -e ansible_architecture +# ansible localhost -m ansible.builtin.shell -a 'echo $TERM' +# ansible localhost -m ansible.builtin.copy -a "src=/etc/hosts dest=/tmp/hosts" +# ansible localhost -m ansible.builtin.systemd -a "name=nginx state=restarted" +# https://docs.ansible.com/ansible/latest/command_guide/intro_adhoc.html + - hosts: all become: yes # Optional privilege escalation @@ -19,7 +26,9 @@ #- include_role: # name: 0-init - # 2024-05-16: ansible-core 2.17 RC2 still hasn't fixed this, as they migrate from Python's crypt library to passlib: + # 2024-08-15: Still not working with ansible-core 2.17.3 -- instead of + # migrating from Python's crypt library to passlib, Ansible is deprecating: + # https://github.com/ansible/ansible/issues/81949 # https://github.com/iiab/iiab/blob/485a619bfa082716ec848b5b34893dd3046175a8/roles/cups/tasks/install.yml#L70-L78 #- debug: # msg: "{{ 'changeme' | password_hash('sha512') }}" From 3bb74ec09a6048b0551c666c4232abbd5ae7982c Mon Sep 17 00:00:00 2001 From: root Date: Thu, 22 Aug 2024 21:32:24 -0400 Subject: [PATCH 707/937] Moodle dev branch renamed from 'master' to 'main' --- roles/moodle/defaults/main.yml | 4 ++-- roles/moodle/tasks/install.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index b6c607027..1e05a1a76 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2023-04-25: Currently testing Moodle's master branch is mandatory if your +# April 2024: Currently testing Moodle's main branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: moodle_version: MOODLE_404_STABLE # Moodle 4.4 -#moodle_version: master # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 +#moodle_version: main # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 44ba40349..840eeb4d9 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -104,12 +104,12 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From bea4aea7a0994e3fb97e84972aa9027f399f8b12 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 Sep 2024 15:45:33 -0400 Subject: [PATCH 708/937] Recommend ansible-core 2.17.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 975acda62..701b46107 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.3] -GOOD_VER=2.17.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.4] +GOOD_VER=2.17.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From c7000f330be9c736b9c84dda489e4da899877d2c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 15 Sep 2024 02:05:42 -0400 Subject: [PATCH 709/937] Introduce roles/tailscale w/ /usr/bin/iiab-vpn etc --- .../openvpn/defaults/main.yml | 0 .../openvpn/tasks/enable-or-disable.yml | 0 .../openvpn/tasks/install.yml | 0 .../openvpn/tasks/main.yml | 0 .../openvpn/templates/15-openvpn.unused | 0 .../openvpn/templates/announce | 0 .../openvpn/templates/announcer | 0 .../openvpn/templates/ca.crt | 0 .../openvpn/templates/client1.crt | 0 .../openvpn/templates/client1.key | 0 .../openvpn/templates/iiab-remote-off | 0 .../openvpn/templates/iiab-remote-on.j2 | 0 .../openvpn/templates/iiab-support | 0 .../openvpn/templates/iiab-support.older | 0 .../templates/openvpn_handle.j2.unused | 0 .../openvpn/templates/silence | 0 .../openvpn/templates/xscenet.conf.j2 | 0 roles/0-init/tasks/validate_vars.yml | 3 +- roles/1-prep/tasks/main.yml | 10 +- roles/4-server-options/tasks/main.yml | 5 - roles/iiab-admin/README.rst | 4 +- roles/iiab-admin/tasks/sudo-prereqs.yml | 2 +- roles/sshd/defaults/main.yml | 2 +- roles/tailscale/tasks/install.yml | 113 ++++++++++++++++++ roles/tailscale/tasks/main.yml | 47 ++++++++ roles/tailscale/templates/iiab-vpn | 54 +++++++++ roles/tailscale/templates/iiab-vpn-off | 7 ++ scripts/iiab-summary | 9 +- vars/default_vars.yml | 20 +--- vars/local_vars_large.yml | 13 +- vars/local_vars_medical.yml | 1 - vars/local_vars_medium.yml | 13 +- vars/local_vars_none.yml | 2 +- vars/local_vars_small.yml | 13 +- vars/local_vars_unittest.yml | 13 +- 35 files changed, 265 insertions(+), 66 deletions(-) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/defaults/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/enable-or-disable.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/install.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/15-openvpn.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/announce (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/announcer (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/ca.crt (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/client1.crt (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/client1.key (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-remote-off (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-remote-on.j2 (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-support (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-support.older (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/openvpn_handle.j2.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/silence (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/xscenet.conf.j2 (100%) create mode 100644 roles/tailscale/tasks/install.yml create mode 100644 roles/tailscale/tasks/main.yml create mode 100755 roles/tailscale/templates/iiab-vpn create mode 100755 roles/tailscale/templates/iiab-vpn-off diff --git a/roles/openvpn/defaults/main.yml b/roles/0-DEPRECATED-ROLES/openvpn/defaults/main.yml similarity index 100% rename from roles/openvpn/defaults/main.yml rename to roles/0-DEPRECATED-ROLES/openvpn/defaults/main.yml diff --git a/roles/openvpn/tasks/enable-or-disable.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/enable-or-disable.yml similarity index 100% rename from roles/openvpn/tasks/enable-or-disable.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/enable-or-disable.yml diff --git a/roles/openvpn/tasks/install.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/install.yml similarity index 100% rename from roles/openvpn/tasks/install.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/install.yml diff --git a/roles/openvpn/tasks/main.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/main.yml similarity index 100% rename from roles/openvpn/tasks/main.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/main.yml diff --git a/roles/openvpn/templates/15-openvpn.unused b/roles/0-DEPRECATED-ROLES/openvpn/templates/15-openvpn.unused similarity index 100% rename from roles/openvpn/templates/15-openvpn.unused rename to roles/0-DEPRECATED-ROLES/openvpn/templates/15-openvpn.unused diff --git a/roles/openvpn/templates/announce b/roles/0-DEPRECATED-ROLES/openvpn/templates/announce similarity index 100% rename from roles/openvpn/templates/announce rename to roles/0-DEPRECATED-ROLES/openvpn/templates/announce diff --git a/roles/openvpn/templates/announcer b/roles/0-DEPRECATED-ROLES/openvpn/templates/announcer similarity index 100% rename from roles/openvpn/templates/announcer rename to roles/0-DEPRECATED-ROLES/openvpn/templates/announcer diff --git a/roles/openvpn/templates/ca.crt b/roles/0-DEPRECATED-ROLES/openvpn/templates/ca.crt similarity index 100% rename from roles/openvpn/templates/ca.crt rename to roles/0-DEPRECATED-ROLES/openvpn/templates/ca.crt diff --git a/roles/openvpn/templates/client1.crt b/roles/0-DEPRECATED-ROLES/openvpn/templates/client1.crt similarity index 100% rename from roles/openvpn/templates/client1.crt rename to roles/0-DEPRECATED-ROLES/openvpn/templates/client1.crt diff --git a/roles/openvpn/templates/client1.key b/roles/0-DEPRECATED-ROLES/openvpn/templates/client1.key similarity index 100% rename from roles/openvpn/templates/client1.key rename to roles/0-DEPRECATED-ROLES/openvpn/templates/client1.key diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-off similarity index 100% rename from roles/openvpn/templates/iiab-remote-off rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-off diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-on.j2 similarity index 100% rename from roles/openvpn/templates/iiab-remote-on.j2 rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-on.j2 diff --git a/roles/openvpn/templates/iiab-support b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support similarity index 100% rename from roles/openvpn/templates/iiab-support rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support diff --git a/roles/openvpn/templates/iiab-support.older b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support.older similarity index 100% rename from roles/openvpn/templates/iiab-support.older rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support.older diff --git a/roles/openvpn/templates/openvpn_handle.j2.unused b/roles/0-DEPRECATED-ROLES/openvpn/templates/openvpn_handle.j2.unused similarity index 100% rename from roles/openvpn/templates/openvpn_handle.j2.unused rename to roles/0-DEPRECATED-ROLES/openvpn/templates/openvpn_handle.j2.unused diff --git a/roles/openvpn/templates/silence b/roles/0-DEPRECATED-ROLES/openvpn/templates/silence similarity index 100% rename from roles/openvpn/templates/silence rename to roles/0-DEPRECATED-ROLES/openvpn/templates/silence diff --git a/roles/openvpn/templates/xscenet.conf.j2 b/roles/0-DEPRECATED-ROLES/openvpn/templates/xscenet.conf.j2 similarity index 100% rename from roles/openvpn/templates/xscenet.conf.j2 rename to roles/0-DEPRECATED-ROLES/openvpn/templates/xscenet.conf.j2 diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 383f911a3..dee75addd 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -71,7 +71,8 @@ - dnsmasq - bluetooth - sshd - - openvpn + #- openvpn # Deprecated + - tailscale - remoteit - admin_console #- nginx # MANDATORY diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 929dd04da..16cf5976e 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,22 +3,22 @@ - name: ...IS BEGINNING ============================================ meta: noop -- name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml +- name: SSHD include_role: name: sshd when: sshd_install -- name: OPENVPN +- name: TAILSCALE (VPN) include_role: - name: openvpn - when: openvpn_install + name: tailscale + when: tailscale_install - name: REMOTE.IT include_role: name: remoteit when: remoteit_install -- name: IIAB-ADMIN -- includes roles/iiab-admin/tasks/access.yml +- name: IIAB-ADMIN -- includes {lynx, screen, sudo-prereqs.yml, admin-user.yml, pwd-warnings.yml} include_role: name: iiab-admin #when: iiab_admin_install # Flag might be created in future? diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 9bed4e5e8..583cb763d 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -19,11 +19,6 @@ #when: pylibs_installed is undefined #when: pylibs_install # Flag might be created in future? -- name: SSHD -- also run by roles/1-prep/tasks/main.yml as required by OpenVPN - include_role: - name: sshd - when: sshd_install - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index c7c4ec5fc..2dbadaa62 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -36,7 +36,7 @@ Security #. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml `_) #. ``sudo`` * Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md -* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security +* If your IIAB includes Tailscale (VPN), ``/root/.ssh/authorized_keys`` should be installed by `roles/tailscale/tasks/install.yml <../tailscale/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security * Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d `_ (and `/etc/xdg/lxsession/LXDE-pi `_ when it exists, i.e. on Raspberry Pi OS with desktop). Example @@ -56,7 +56,7 @@ Historical Notes Remote Support Tools -------------------- -The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN `_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. +The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `Tailscale (VPN) `_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. Similarly, `tasks/main.yml `_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: diff --git a/roles/iiab-admin/tasks/sudo-prereqs.yml b/roles/iiab-admin/tasks/sudo-prereqs.yml index 1b608fef1..9370666b2 100644 --- a/roles/iiab-admin/tasks/sudo-prereqs.yml +++ b/roles/iiab-admin/tasks/sudo-prereqs.yml @@ -1,6 +1,6 @@ - name: 'Install package: sudo' package: - name: sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) + name: sudo # (1) Should be installed prior to installing IIAB, (2) Can be installed by 1-prep's roles/tailscale/tasks/install.yml, (3) Can be installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) - name: Temporarily make file /etc/sudoers editable (0640) file: diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml index 5c9c5dc17..83a3cf36a 100644 --- a/roles/sshd/defaults/main.yml +++ b/roles/sshd/defaults/main.yml @@ -1,4 +1,4 @@ -# sshd_install: True # Required by OpenVPN +# sshd_install: True # sshd_enabled: True # sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml diff --git a/roles/tailscale/tasks/install.yml b/roles/tailscale/tasks/install.yml new file mode 100644 index 000000000..0e3bee8c1 --- /dev/null +++ b/roles/tailscale/tasks/install.yml @@ -0,0 +1,113 @@ +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 + register: df1 + + +- name: "Set up apt source (jammy) in /etc/apt/sources.list.d/tailscale.list and its key /usr/share/keyrings/tailscale-archive-keyring.gpg, to install Tailscale" + shell: | + curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg > /usr/share/keyrings/tailscale-archive-keyring.gpg + curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list > /etc/apt/sources.list.d/tailscale.list + +- name: "Install packages: jq, sudo, tailscale" + package: + name: + #- ncat # Newer versions of NMap do not include NCat, WAS needed to announce openvpn_handle (if Debian > 9 or Ubuntu > 18) + #- nmap + - jq # JSON parser used by /usr/bin/iiab-support == /usr/bin/iiab-vpn + - sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by 1-prep here, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) + - tailscale + update_cache: yes + +- name: Set up tab completion for 'tailscale' at the command-line + shell: tailscale completion bash > /etc/bash_completion.d/tailscale + +- name: "Install ssh public keys for remote support (only runs if 'tailscale_install: True')" + lineinfile: + line: "{{ item.pubkey }}" + regexp: "{{ item.regexp }}" + path: /root/.ssh/authorized_keys + with_items: + - regexp: "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" # Tim Moody + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhlQIh8ZPx4awdM0O6QNcPbx3qIZ39FHjF2YJ2SX3z7iLnYiz03Ek6Bux9P4HvaVAqlApiz2I68Vq8TfU2s/+LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=" + - regexp: "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxAmjU7VojyK+0Pjp2p8CCGTNBtE565A/L8IVbAT8MIucRE9LN1g5LjGnOHUShFJpwuTR1JLX2r9EDRMsf9MmyTgUAnuyP005giWVHXLPtjyjTzbsJ1DEtXRytulmF+GlCOaqPWNde6EOmReqPHbmjIQpRZ/Sc8hziS4jVSQuBA9EhaBmZ62CPqK33mPJvnpwMtdd6nHXAcXsZhStd3NhVDm27+B3sHI6mr2w7ExdBXE5DKiZL2po8n2y4hJYZreJopbjcQmv4oWdDWvPu5I92xDgYCsqcE7zSrv1um+tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal" + - regexp: "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApHPly+EA1M4bispl3AulTLjyYCjcJzh6s779K3epDkqh600a+fHsdIiddWCAfIonRq+9MJyOiaNQ+WYLOuajI1IiFZWFt45xDAiyCUnyuT+ytAX+IA3TgTwgTZPfzDOzI8rDRV9Sgl+LZLfPno7T3qxcGx2l51bRk+koRK+Txpph//M3jGvsFmTKhjvfxgEIUmMH9SkASxEdyqASr0+/+uLR92MnT+8CT1pOYYoJyZp9Lta5eGqJvbEmd3Dn7MXqD3vXE57o4rBJ0bR3q5LK59WVNxNQbulJ9z5V7aTJ4AbBFQWxm0fH0gBx+heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank" + +# CLARIF: plus signs (+) in public keys cause duplicate key additions (above) +# and failure during removal (below) as "+" has a special meaning as +# interpreted in a Python regexp, as implemented by Ansible's lineinfile module: +# https://docs.python.org/2/library/re.html + +# WORKAROUND: the tail end of each public key (after the last plus sign) is +# being used (instead of the full key) as an abbreviated regexp for now. +# A backslash in front of each plus sign (+) would also work. + +# - name: Remove those ssh public keys, if not tailscale_enabled +# lineinfile: +# regexp: "{{ item }}" +# path: /root/.ssh/authorized_keys +# state: absent +# with_items: +# - "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" +# - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" +# - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" +# when: not tailscale_enabled + +- name: Install /usr/bin/iiab-vpn & /usr/bin/iiab-vpn-off (BACKS UP FILES IF CHANGED) + template: + src: "{{ item }}" + dest: /usr/bin/ + mode: '0755' + backup: yes + with_items: + - iiab-vpn + - iiab-vpn-off + +- name: Symlink /usr/bin/iiab-vpn-on -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-vpn-on + state: link + +- name: Symlink /usr/bin/iiab-support -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-support + state: link + +- name: Symlink /usr/bin/iiab-support-on -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-support-on + state: link + +- name: Symlink /usr/bin/iiab-support-off -> /usr/bin/iiab-vpn-off + file: + src: /usr/bin/iiab-vpn-off + path: /usr/bin/iiab-support-off + state: link + + +# RECORD Tailscale AS INSTALLED + +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 + register: df2 + +- name: Add 'tailscale_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: tailscale + option: tailscale_disk_usage + value: "{{ df2.stdout|int - df1.stdout|int }}" + +- name: "Set 'tailscale_installed: True'" + set_fact: + tailscale_installed: True + +- name: "Add 'tailscale_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^tailscale_installed' + line: 'tailscale_installed: True' diff --git a/roles/tailscale/tasks/main.yml b/roles/tailscale/tasks/main.yml new file mode 100644 index 000000000..fc8af13e5 --- /dev/null +++ b/roles/tailscale/tasks/main.yml @@ -0,0 +1,47 @@ +# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" + + +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 + +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "tailscale_install is sameas true" (boolean not string etc) + assert: + that: tailscale_install is sameas true + fail_msg: "PLEASE SET 'tailscale_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "tailscale_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: tailscale_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'tailscale_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install Tailscale if 'tailscale_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: tailscale_installed is undefined + + +#- include_tasks: enable-or-disable.yml + + +- name: Add 'tailscale' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: tailscale + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Tailscale (VPN) + - option: description + value: '"Tailscale enables live/remote support by connecting machines anywhere on the Internet, using a software-defined mesh virtual private network (VPN), and optional web-based management service."' + - option: tailscale_install + value: "{{ tailscale_install }}" + - option: tailscale_enabled + value: "{{ tailscale_enabled }}" diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn new file mode 100755 index 000000000..05ae623f3 --- /dev/null +++ b/roles/tailscale/templates/iiab-vpn @@ -0,0 +1,54 @@ +#!/bin/bash + +# USEFUL DOC: https://tailscale.com/kb/1080/cli#status + +VPN_URL=https://iiab.net +VPN_KEY="$1" + +# if tailscale status > /dev/null; then # MANY IMPERFECT TESTS OF TAILNET CONNECTIVITY: tailscale0 CAN lose its IP address, as shown by 'ip a' and 'hostname -I' (testing 'systemctl is-active tailscaled' is likely no better!) Unclear if 'tailscale status --json | jq -r .Self.Online' is much better? Maybe explore 'tailscale debug --help' and 'tailscale debug prefs' for a cleaner/authoritative verdict? Or use + display string output of 'systemctl show tailscaled --property=StatusText' e.g. 'StatusText=Connected; iiab; 100.64.0.4' ? (OR JUST DON'T WORRY ABOUT IT, AS THE ~3 'tailscale up' COMMANDS BELOW ARE MORE PROACTIVE... AND APPEAR FAST + SAFE!) +# echo -e "\n\e[1;33mAlready connected to VPN!?\e[0m" +# else +# [NEST ~20 LINES OF IF STATEMENTS FURTHER BELOW?] + +# Check that current profile key still exists in /var/lib/tailscale/tailscaled.state ? (As 'tailscale logout' wipes it!) In the end, these are 3 lousy tests... +# if [ -f /var/lib/tailscale/tailscaled.state ] && [[ $(grep -c $(jq -r '."_current-profile"' /var/lib/tailscale/tailscaled.state) /var/lib/tailscale/tailscaled.state) > 1 ]]; then +# if ! [[ $(tailscale status | tr '[:upper:]' '[:lower:]') =~ "logged out" ]]; then +# if [[ $(tailscale status --json | jq -r .CurrentTailnet.Name) = "iiab.community" ]]; then + +# UX Optimization: {iiab-vpn, iiab-support} can be run WITHOUT key *IF* .BackendState is "Stopped" or "Running" *AND* .ControlURL is $VPN_URL (avoid their default, https://controlplane.tailscale.com !) +if [[ $(tailscale status --json | jq -r .BackendState) != "NeedsLogin" && $(tailscale debug prefs | jq -r .ControlURL) = $VPN_URL ]]; then + if ! tailscale up --login-server "$VPN_URL" --timeout 8s; then # (Re-)passing $VPN_URL is overkill on this line, but can't hurt! + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN\e[0m\n" + exit 1 + fi +elif [ -z $VPN_KEY ]; then + echo -e "\n\e[1;33mVPN key required!\e[0m\n\nEmail holt@unleashkids.org to explain your need?\n" + exit 1 +else + if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" + # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... + # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) + # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) + if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" + exit 1 + fi + fi +fi + +# jq 1.7 (2023-09-05) on new OS's also allows new syntax... jq -r .Node.Tags.[] +# Can also work: tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[]) +echo -e "\n\e[44;1mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\e[0m\n" +echo -e " hostname -I" +echo -e " tailscale ip" +echo -e " tailscale status" +echo -e " tailscale whois $(tailscale ip -1)" +echo -e " tailscale whois --json $(tailscale ip -1) | jq" +echo -e " tailscale ping [IP or HOSTNAME]" +echo -e " tailscale status --json | jq" +echo -e " systemctl status tailscaled\n" +echo -e "\e[4mTo disconnect from VPN:\e[0m\n" +echo -e " tailscale down\n" +echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" +echo -e " tailscale logout\n" diff --git a/roles/tailscale/templates/iiab-vpn-off b/roles/tailscale/templates/iiab-vpn-off new file mode 100755 index 000000000..75ea5c0f3 --- /dev/null +++ b/roles/tailscale/templates/iiab-vpn-off @@ -0,0 +1,7 @@ +#!/bin/bash + +tailscale down + +echo -e "\n\e[44;1mDisconnecting from VPN...\e[0m\n" +echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" # Expires machine node key, from /var/lib/tailscale/tailscaled.state +echo -e " tailscale logout\n" # ...as seen by 'tailscale status --json' (related: 'tailscale debug prefs') diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 7551aad08..80b6e521f 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -79,8 +79,13 @@ echo /opt/iiab/iiab/scripts/iiab-apps-to-be-installed > /dev/null echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(cat /tmp/iiab-apps-to-be-installed | wc -l)" echo +#grep "^openvpn_handle:" /etc/iiab/local_vars.yml +#grep "^tailscale_installed:" /etc/iiab/iiab_state.yml +if [[ $(command -v /usr/bin/tailscale) ]]; then + #echo "VPN: $(tailscale ip) $(tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[])" + echo "VPN: $(tailscale ip) $(tailscale status --json | jq -r .Self.Tags[])" +fi echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net -grep "^openvpn_enabled:" /etc/iiab/local_vars.yml -grep "^openvpn_handle:" /etc/iiab/local_vars.yml +echo $(echo $(hostname -A) $(hostname -a) | xargs -n1 | sort | uniq) hostname -I echo diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 13291b20d..68a520970 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -219,8 +219,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml @@ -232,17 +232,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -openvpn_handle: "" # Empty string on purpose since ~2016, for /etc/iiab/uuid -# SEE https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/main.yml#L5-L20 -# cron seemed necessary on CentOS: -openvpn_cron_enabled: False -# General OpenVPN settings -openvpn_server: xscenet.net -openvpn_server_real_ip: 3.89.148.185 -openvpn_server_virtual_ip: 10.8.0.1 -openvpn_server_port: 1194 +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo, @@ -289,8 +281,6 @@ nginx_log_dir: /var/log/nginx # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 3903530ed..7f0d398fe 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: LARGE - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 66798cb05..5df26eb52 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -12,7 +12,6 @@ munin_install: True munin_enabled: True vnstat_install: True vnstat_enabled: True -openvpn_handle: "MEDICAL - Put Your Name Here" usb_lib_umask0000_for_kolibri: False apache_allow_sudo: True # By default diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 40b960608..08afaab93 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: MEDIUM-sized - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index a13c825ac..1e5c03ead 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -1,6 +1,6 @@ # turn off defaults remoteit_install: False -openvpn_install: False +tailscale_install: False kolibri_install: False kolibri_enabled: False kiwix_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 288395d69..70206e9ec 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: SMALL - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 19c47ca74..026187075 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: True -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: UNITTEST - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) From f07832105d8a9af85086eeee0117256cc292950a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 15 Sep 2024 05:17:38 -0400 Subject: [PATCH 710/937] Add openvpn to unmaintained-roles.txt, per PR #3798 --- unmaintained-roles.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/unmaintained-roles.txt b/unmaintained-roles.txt index c30178fbc..3573e6f75 100644 --- a/unmaintained-roles.txt +++ b/unmaintained-roles.txt @@ -13,6 +13,7 @@ httpd-enable idmgr moodle-1.9 nodogsplash +openvpn osm owncloud pathagar From c88f1418adfb4540e526751c93e4d5445aa75ea5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 15 Sep 2024 05:48:08 -0400 Subject: [PATCH 711/937] nextcloud/README.md: Mention NEW Nextcloud 30 --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index e74518b32..c0eb0f9b3 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -42,7 +42,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre - https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- https://docs.nextcloud.com/server/30/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml ## Using It From 35bdd1181b5b16414f792d9658a3257d4fd24446 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 Sep 2024 08:22:46 -0400 Subject: [PATCH 712/937] iiab-vpn doc for #3798: tailscale ping --verbose [IP or HOSTNAME] --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 05ae623f3..2bdc964af 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -45,7 +45,7 @@ echo -e " tailscale ip" echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" echo -e " tailscale whois --json $(tailscale ip -1) | jq" -echo -e " tailscale ping [IP or HOSTNAME]" +echo -e " tailscale ping --verbose [IP or HOSTNAME]" echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" From d3d0b9767c29fc3108dc6510993a20532bd9be0e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 Sep 2024 09:39:44 -0400 Subject: [PATCH 713/937] iiab-vpn: Tailscale tips for Android, Mac/iOS, Windows --- roles/tailscale/templates/iiab-vpn | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 2bdc964af..2b02a7119 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -1,6 +1,10 @@ #!/bin/bash -# USEFUL DOC: https://tailscale.com/kb/1080/cli#status +# USEFUL DOCS: +# https://tailscale.com/kb/1080/cli#status +# https://headscale.net/android-client/ +# https://headscale.net/apple-client/ +# https://headscale.net/windows-client/ VPN_URL=https://iiab.net VPN_KEY="$1" From 5414eb3c384553728767e6b1b417ae2b2fc74ed3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Sep 2024 11:34:32 -0400 Subject: [PATCH 714/937] iiab-vpn tip: Show IPs tagged with usernames --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 2b02a7119..ad15f57c8 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -50,7 +50,7 @@ echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" echo -e " tailscale whois --json $(tailscale ip -1) | jq" echo -e " tailscale ping --verbose [IP or HOSTNAME]" -echo -e " tailscale status --json | jq" +echo -e " tailscale status --json | grep -B3 tag:" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" echo -e " tailscale down\n" From 71f6d0371b05edba0a0a72d2bed0576947e3e01e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Sep 2024 15:08:55 -0400 Subject: [PATCH 715/937] iiab-vpn shows status of each IP (+ better tips!) --- roles/tailscale/templates/iiab-vpn | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index ad15f57c8..41596b959 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -32,8 +32,8 @@ else if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... - # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) - # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) + # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) + # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" exit 1 @@ -48,11 +48,15 @@ echo -e " hostname -I" echo -e " tailscale ip" echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" -echo -e " tailscale whois --json $(tailscale ip -1) | jq" +echo -e " tailscale whois --json $(tailscale ip -1) | jq .Node.Endpoints,.Node.Hostinfo" echo -e " tailscale ping --verbose [IP or HOSTNAME]" -echo -e " tailscale status --json | grep -B3 tag:" +echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" echo -e " tailscale down\n" echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" + +# More useful output than 'tailscale status' +echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t From e98cd76ec00c1983aaabde49d5cc35fc4a07177e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Sep 2024 15:17:59 -0400 Subject: [PATCH 716/937] iiab-vpn: Trailing newline forgotten in PR #3800 --- roles/tailscale/templates/iiab-vpn | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 41596b959..a7ea67298 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -60,3 +60,4 @@ echo -e " tailscale logout\n" # More useful output than 'tailscale status' echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +echo From 086087b65bf1b28b3f0443b468b1a70416057893 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Sep 2024 19:51:15 -0400 Subject: [PATCH 717/937] iiab-vpn PR #3800 doc: Table of IPs/usernames/etc --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index a7ea67298..81cbe332c 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -57,7 +57,7 @@ echo -e " tailscale down\n" echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" -# More useful output than 'tailscale status' +# More useful table of IPs/usernames/etc than 'tailscale status' echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t echo From d72e60c87d62c1807732b9b88e0a22e956f3d8b3 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Sep 2024 19:19:35 -0400 Subject: [PATCH 718/937] Doc fixes for Tailscale PRs #3798 & #3800 --- roles/1-prep/README.adoc | 2 +- roles/2-common/tasks/packages.yml | 1 - roles/firmware/templates/iiab-check-firmware | 2 +- roles/network/templates/gateway/iiab-gen-iptables | 2 +- roles/nginx/README.md | 2 +- 5 files changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index 9d0154d73..997ec812b 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -6,7 +6,7 @@ https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible[stage] hardware, low-level OS quirks, and basic security: * SSHD -* OpenVPN if/as needed later for remote support +* Tailscale if/as needed later for remote support * https://github.com/iiab/iiab/tree/master/roles/iiab-admin#iiab-admin-readme[iiab-admin] username and group, to log into Admin Console * dnsmasq (install now, configure later!) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 95b227d95..681d8b83f 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -29,7 +29,6 @@ - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download - #- sudo # 991kB download: RasPiOS installs this regardless -- (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml - tar # 799kB download: RasPiOS installs this regardless - unzip # 151kB download: RasPiOS installs this regardless #- usbmount # 18kB download: Moved to roles/usb_lib/tasks/install.yml diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index a7a36a626..b2f7a1cce 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -19,7 +19,7 @@ # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 -# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN +# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN iiab_var_value() { v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 0a8b6a80e..77717a748 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -39,7 +39,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 -# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN +# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and # (2) Chops up Ansible vars containing multiple words w/o surrounding quotes. diff --git a/roles/nginx/README.md b/roles/nginx/README.md index dd2311a15..2c5f65590 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -52,11 +52,11 @@ * kalite (menu goes directly to ports 8006-8008) * minetest * mosquitto - * openvpn * pbx [FreePBX is usable with _both_ NGINX and Apache as of 2021-08-18, thanks to PR [#2954](https://github.com/iiab/iiab/pull/2954)] * phpmyadmin [*, requires Apache for now, as in Section iii.] * samba [*, [PR #2923](https://github.com/iiab/iiab/pull/2923)] * sshd + * tailscale * transmission * vnstat From 95986ae681c8324f8ea3f8f436311aa726dd9620 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Sep 2024 23:20:07 -0400 Subject: [PATCH 719/937] Refine iiab-vpn status table of Tailscale IPs/usernames/etc --- roles/tailscale/templates/iiab-vpn | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 81cbe332c..0157b02c4 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -58,6 +58,11 @@ echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' -echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +#echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +#tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " " + (.Online|tostring) + " " + .OS' | sort -V | column -t | \ + while read line; do + echo "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); + done echo From 13fcd0f9c57517df1964d8bfbb28b6bb94ca131a Mon Sep 17 00:00:00 2001 From: root Date: Mon, 23 Sep 2024 03:52:37 -0400 Subject: [PATCH 720/937] Tighten & brighten iiab-vpn status table --- roles/tailscale/templates/iiab-vpn | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 0157b02c4..4df98d273 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -60,9 +60,11 @@ echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' #echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t -echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " " + (.Online|tostring) + " " + .OS' | sort -V | column -t | \ - while read line; do - echo "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); +#echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' +echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ + while read l; do + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From c81e3629ff213350b3dae4a41a16b6def80e55b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 28 Sep 2024 11:11:22 -0400 Subject: [PATCH 721/937] `nodocs: True` in local_vars_unittest.yml --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 026187075..cbcf0d958 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -222,7 +222,7 @@ nginx_high_php_limits: False apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) -nodocs: False +nodocs: True # 5-XO-SERVICES From 278ec39f2c718236da05526289d106ecc1a665e1 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 29 Sep 2024 11:33:05 -0400 Subject: [PATCH 722/937] Internet access test..more relevant..for IIAB docs --- roles/www_options/tasks/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 1d5b642e0..b26256239 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -94,10 +94,12 @@ # 2022-06-30: internet_available var removed -- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' +- name: 'Test for Internet access, using: https://wiki.iiab.io' get_url: - url: "{{ iiab_download_url }}/heart-beat.txt" - dest: /tmp/heart-beat.txt + #url: "{{ iiab_download_url }}/heart-beat.txt" + url: https://wiki.iiab.io + #dest: /tmp/heart-beat.txt + dest: /tmp/internet_access_test.html #timeout: "{{ download_timeout }}" # @jvonau recommends: 100sec is too much (keep 10sec default) ignore_errors: True @@ -105,9 +107,9 @@ #poll: 2 register: internet_access_test -- name: Remove downloaded Internet test file /tmp/heart-beat.txt +- name: Remove downloaded Internet test file /tmp/internet_access_test.html file: - path: /tmp/heart-beat.txt + path: /tmp/internet_access_test.html state: absent - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml) From 90d6af32a782532c62aa15d07309d9d9596b27be Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 30 Sep 2024 09:45:55 -0400 Subject: [PATCH 723/937] Mention Calibre-Web's official upstream install instructions --- roles/calibre-web/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a6e8d4f56..1d738a8df 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -18,6 +18,9 @@ ignore_errors: True # Shows red errors, and continue... #failed_when: False # Hides red errors, and continue... +# Official upstream instructions: +# apt install python3-pip python3-venv +# https://github.com/janeczku/calibre-web/wiki/Manual-installation - name: "Install packages: imagemagick, python3-netifaces" package: name: From 08f2f2191ccb6675f564a1679bbdb45d5b5aaa88 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 30 Sep 2024 16:39:47 -0400 Subject: [PATCH 724/937] Cleaner columns in iiab-vpn output, when tag &/or relay missing --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 4df98d273..c79b1dccb 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -62,7 +62,7 @@ echo -e " tailscale logout\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t #echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ +tailscale status --json | jq -r '.Self,.Peer[] | (if .Tags[] == "" then "-" else .Tags[] end) + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); From d941a8ffbec9f44d6fa897f72ccfe72287afc39b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 30 Sep 2024 21:52:11 -0400 Subject: [PATCH 725/937] MediaWiki 1.42.3 (security & maintenance release) --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 1787b2807..4a7abf5de 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 1 +mediawiki_minor_version: 3 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 526dc22fb86a5678469adc7e83d13d3b0da2618f Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Tue, 1 Oct 2024 16:39:22 -0400 Subject: [PATCH 726/937] Make calibre-web role install cryptography --- roles/calibre-web/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1d738a8df..dae058820 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -24,6 +24,7 @@ - name: "Install packages: imagemagick, python3-netifaces" package: name: + - python3-cryptography - imagemagick - python3-netifaces state: present From 1f75537309cce53f5eeeef0801431c5c56685843 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Oct 2024 17:59:46 -0400 Subject: [PATCH 727/937] calibre-web/tasks/install.yml: Explain python3-cryptography --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index dae058820..3ed72cc9b 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,11 +21,11 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install packages: imagemagick, python3-cryptography, python3-netifaces" package: name: - - python3-cryptography - imagemagick + - python3-cryptography # Required on Raspberry Pi OS - python3-netifaces state: present From 23e92b585322c67696a5fef67179212c096f5b04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Oct 2024 18:52:20 -0400 Subject: [PATCH 728/937] calibre-web/tasks/install.yml: Mention iiab/calibre-web#260 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 3ed72cc9b..5e1f66933 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -25,7 +25,7 @@ package: name: - imagemagick - - python3-cryptography # Required on Raspberry Pi OS + - python3-cryptography # Required on Raspberry Pi OS (see iiab/calibre-web#260) - python3-netifaces state: present From c7b566418bc4d541ccabd16f99317ed17a6fbf3a Mon Sep 17 00:00:00 2001 From: root Date: Tue, 1 Oct 2024 19:58:33 -0400 Subject: [PATCH 729/937] scripts/iiab-update: Also update /usr/bin/iiab-vpn --- scripts/iiab-update | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4e2fe7aff..63f4a8a68 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -38,9 +38,14 @@ fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit + echo + if grep -q 'tailscale_installed: True' /etc/iiab/iiab_state.yml; then + echo -e "\e[4mNow running: cp -u roles/tailscale/templates/iiab-vpn /usr/bin\e[0m\n" + cp -u roles/tailscale/templates/iiab-vpn /usr/bin + fi if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" + echo -e "\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi From e7eb246a1d50369c02432099431767166de15b25 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Oct 2024 13:24:45 -0400 Subject: [PATCH 730/937] local_vars_unittest.yml: SKIP roles/network, for FASTER UNIT TESTING --- vars/local_vars_unittest.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index cbcf0d958..fe44a58ab 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -12,6 +12,12 @@ # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. +# We SKIP roles/network, for FASTER UNIT TESTING! (so IF an internal hotspot +# is later desired, change these two lines to 'True', then run 'iiab-network') +network_install: False +network_enabled: False + + # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 100 From 297afc3b728eb35b016b3415e2ee1b805e2d977a Mon Sep 17 00:00:00 2001 From: root Date: Wed, 2 Oct 2024 16:49:25 -0400 Subject: [PATCH 731/937] RIP apt package 'wireless-tools' (or Debian 13+ might keep it?) --- roles/network/tasks/install.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 680b95233..f7c1a5b9a 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -18,7 +18,7 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 12 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml @@ -32,10 +32,18 @@ - netmask # 25kB download: Handy utility -- helps determine network masks - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP state: present +# 2024-10-02: Legacy apt package 'wireless-tools' no longer offered by Ubuntu +# 24.10+ (#3805) but FYI: https://en.wikipedia.org/wiki/Wireless_tools_for_Linux +- name: "Install legacy apt package wireless-tools, if OS still supports it -- or intentionally show (HARMLESS!) red error -- helping to monitor Linux's evolution" + package: + name: wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions + state: present + ignore_errors: True # Intentionally show red error, and continue. + #failed_when: False # Hides red errors (stronger than 'ignore_errors: yes') + # 2021-08-17: Debian ignores this, according to 2013 post: # https://serverfault.com/questions/511099/debian-ignores-etc-network-if-pre-up-d-iptables # - name: Install /etc/network/if-pre-up.d/iptables from template (0755) From ccf87c8b90e79b82d40cabe2d91406a229806d64 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Oct 2024 21:07:50 -0400 Subject: [PATCH 732/937] iiab-diagnostics: Note https://temp.sh for pastebin-like large file xfer --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 198ad864e..47a1ae015 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -273,7 +273,7 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs. ASIDE: Quirky pastebin-like https://temp.sh can sometimes work (like a file transfer service) for larger files. pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days (rudimentary but reliable option if nec in future?!) #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) From 8e09f02bed723179ea67c6ac3f5d3aa39ec09ee8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Oct 2024 15:47:00 -0400 Subject: [PATCH 733/937] Recommend ansible-core 2.17.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 701b46107..b7c13abc7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.4] -GOOD_VER=2.17.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.5] +GOOD_VER=2.17.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From ab8c071374cb104e1afb6a7f2cea486964d037c9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2024 00:25:05 -0400 Subject: [PATCH 734/937] moodle/tasks/install.yml: Install 4.6dev if PHP >= 8.4 --- roles/moodle/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 840eeb4d9..9fd5aee8b 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -96,21 +96,21 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.3 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.4 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) - when: php_version is version('8.3', '<') + when: php_version is version('8.4', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.4" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) - when: php_version is version('8.3', '>=') + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 4.6dev in Oct 2024) + when: php_version is version('8.4', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 49d7160116b1b95cfdcabdeeb357c84559041ccc Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2024 00:27:55 -0400 Subject: [PATCH 735/937] moodle/defaults/main.yml: Install 4.5 LTS by default, or... --- roles/moodle/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 1e05a1a76..7f668865d 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# April 2024: Currently testing Moodle's main branch is mandatory if your -# OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your -# OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_404_STABLE # Moodle 4.4 -#moodle_version: main # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 +# October 2024: Currently testing Moodle's main branch is mandatory if your +# OS PHP >= 8.4, see moodle/tasks/install.yml for detail! OR, *IF* your +# OS PHP < 8.4, then {{ moodle_version }} will be attempted: +moodle_version: MOODLE_405_STABLE # Moodle 4.5 +#moodle_version: main # e.g. to try Moodle's "weekly" 4.6dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From 4be68d3ac1a6e0ed73a9b887f5cfcd3e4b38ee04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2024 00:51:57 -0400 Subject: [PATCH 736/937] moodle/tasks/install.yml: Revise disk footprint estimates --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 9fd5aee8b..5f42508bc 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -96,7 +96,7 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.4 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} < 8.4 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle @@ -104,7 +104,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.4', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.4" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} >= 8.4" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From d07ae98898c08068311d37c2709308d89fdf6f6e Mon Sep 17 00:00:00 2001 From: root Date: Fri, 11 Oct 2024 01:29:45 -0400 Subject: [PATCH 737/937] Ubuntu 25.04 pre-release testing; Discourage 3 old OS's --- scripts/local_facts.fact | 7 ++++--- vars/default_vars.yml | 3 ++- vars/{linuxmint-21.yml => linuxmint-21.yml.unused} | 0 vars/{ubuntu-2310.yml => ubuntu-2310.yml.unused} | 0 vars/ubuntu-2504.yml | 5 +++++ 5 files changed, 11 insertions(+), 4 deletions(-) rename vars/{linuxmint-21.yml => linuxmint-21.yml.unused} (100%) rename vars/{ubuntu-2310.yml => ubuntu-2310.yml.unused} (100%) create mode 100644 vars/ubuntu-2504.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index a24a1a2da..e9f1fdb19 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -72,8 +72,11 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2104" | \ #"ubuntu-2110" | \ #"ubuntu-2210" | \ + #"ubuntu-2204" | \ #"ubuntu-2304" | \ + #"ubuntu-2310" | \ #"linuxmint-20" | \ + #"linuxmint-21" | \ #"raspbian-8" | \ #"raspbian-9" | \ #"raspbian-10" | \ @@ -85,11 +88,9 @@ OS_VER="$OS-$VERSION_ID" case $OS_VER in "debian-12" | \ "debian-13" | \ - "ubuntu-2204" | \ - "ubuntu-2310" | \ "ubuntu-2404" | \ "ubuntu-2410" | \ - "linuxmint-21" | \ + "ubuntu-2504" | \ "linuxmint-22" | \ "raspbian-12" | \ "raspbian-13") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 68a520970..caa6fd774 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -764,6 +764,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2504: False is_ubuntu_2410: False is_ubuntu_2404: False is_ubuntu_2310: False @@ -780,7 +781,7 @@ is_ubuntu_2204: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_22: False -is_linuxmint_21: False +#is_linuxmint_21: False #is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml.unused similarity index 100% rename from vars/linuxmint-21.yml rename to vars/linuxmint-21.yml.unused diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml.unused similarity index 100% rename from vars/ubuntu-2310.yml rename to vars/ubuntu-2310.yml.unused diff --git a/vars/ubuntu-2504.yml b/vars/ubuntu-2504.yml new file mode 100644 index 000000000..a548ba9a1 --- /dev/null +++ b/vars/ubuntu-2504.yml @@ -0,0 +1,5 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2504: True From aedc893bd1a5af349b9ac44f7dfdcd497915fbee Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 11 Oct 2024 14:49:58 -0400 Subject: [PATCH 738/937] iiab-summary: Clean output, when tailscale has no IP --- scripts/iiab-summary | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 80b6e521f..73bcc9693 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -81,7 +81,8 @@ echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /l echo #grep "^openvpn_handle:" /etc/iiab/local_vars.yml #grep "^tailscale_installed:" /etc/iiab/iiab_state.yml -if [[ $(command -v /usr/bin/tailscale) ]]; then +#if [[ $(command -v /usr/bin/tailscale) ]]; then +if tailscale ip &> /dev/null; then #echo "VPN: $(tailscale ip) $(tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[])" echo "VPN: $(tailscale ip) $(tailscale status --json | jq -r .Self.Tags[])" fi From 194ac9b469c49fd234dcf1778862196f9bf4b61f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 12 Oct 2024 21:48:14 -0400 Subject: [PATCH 739/937] README.md: Mention 50+ FAQ.IIAB.IO questions + answers --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b3416aca2..2cabf030c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 50+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 75f9f613583a1b9d63181b06f1762471310d2179 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Oct 2024 21:35:47 -0400 Subject: [PATCH 740/937] moodle/defaults/main.yml: 4.6dev -> 5.0dev for #3826 --- roles/moodle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 7f668865d..a687dc4b4 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -12,7 +12,7 @@ # OS PHP >= 8.4, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.4, then {{ moodle_version }} will be attempted: moodle_version: MOODLE_405_STABLE # Moodle 4.5 -#moodle_version: main # e.g. to try Moodle's "weekly" 4.6dev pre-release *EVEN IF* OS PHP < 8.4 +#moodle_version: main # e.g. to try Moodle's "weekly" 5.0dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From ec348fcc022934baa8010e08c3f6209616300eff Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Oct 2024 21:36:33 -0400 Subject: [PATCH 741/937] moodle/defaults/install.yml: 4.6dev -> 5.0dev for #3826 --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 5f42508bc..00cf13066 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -109,7 +109,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 4.6dev in Oct 2024) + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 5.0dev in Oct 2024) when: php_version is version('8.4', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From f00f225e280f17cf8719654bf5aa21ef1016e2c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 17 Oct 2024 15:22:57 -0400 Subject: [PATCH 742/937] iiab-vpn: Fix PR #3813 output, when Tailscale tag is missing --- roles/tailscale/templates/iiab-vpn | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index c79b1dccb..bb9a32dc0 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -62,7 +62,8 @@ echo -e " tailscale logout\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t #echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | (if .Tags[] == "" then "-" else .Tags[] end) + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ +# (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null +tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); From 018b0d21b8d6d18744d7ab231f255cb18f9c0b20 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 18 Oct 2024 00:07:22 -0400 Subject: [PATCH 743/937] PR #3834: Tighten iiab-vpn output of online/offline --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index bb9a32dc0..438f627c1 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -65,7 +65,7 @@ echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + line=$(echo "$l" | sed 's/ XXXtrueXXX / ✅/ ; s/ XXXfalseXXX / ❌ /') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 759ebb48dd516a0c87415f22974bb0d7aec6a1d7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 18 Oct 2024 08:24:47 -0400 Subject: [PATCH 744/937] iiab-vpn: Revert 018b0d2, as online/offline colors failed on some terminals --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 438f627c1..bb9a32dc0 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -65,7 +65,7 @@ echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX / ✅/ ; s/ XXXfalseXXX / ❌ /') + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 965d4944124501bfb74622f0f2ce5dd5272a0084 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Wed, 23 Oct 2024 09:25:13 -0400 Subject: [PATCH 745/937] only support versioned zims if have YYYY-MM ending --- roles/pylibs/templates/iiab_lib.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/roles/pylibs/templates/iiab_lib.py b/roles/pylibs/templates/iiab_lib.py index ef9da7e82..13044c0c2 100644 --- a/roles/pylibs/templates/iiab_lib.py +++ b/roles/pylibs/templates/iiab_lib.py @@ -6,6 +6,7 @@ import os import json import subprocess import shlex +import re import xml.etree.ElementTree as ET import iiab.iiab_const as CONST @@ -46,11 +47,17 @@ def get_zim_list(path): if filename in CONST.old_zim_map: # handle old names that don't parse perma_ref = CONST.old_zim_map[filename] else: - ulpos = filename.rfind("_") - # but old gutenberg and some other names are not canonical - if filename.rfind("-") < 0: # non-canonical name - ulpos = filename[:ulpos].rfind("_") - perma_ref = filename[:ulpos] + # handle various zim name patterns: + # 1. canonical zim ending in _YYYY-MM + # as of 10/16/2024 it looks like all Kiwix zims fit this pattern + # 2. otherwise assume no versioning and perma_ref = filename + + match = re.search("_[0-5][0-9][0-5][0-9]-[0-5][0-9]$", filename) + if match: + perma_ref = filename[: match.span()[0]] + else: + perma_ref = filename + zim_info['file_name'] = filename zim_versions[perma_ref] = zim_info # if there are multiples, last should win return files_processed, zim_versions From ef868120a1ead3fb1276e6869b4db2f11004b7c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Oct 2024 10:19:18 -0600 Subject: [PATCH 746/937] Revert PR #3815: python3-cryptography no longer needed --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5e1f66933..a863f541e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,11 +21,11 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-cryptography, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - imagemagick - - python3-cryptography # Required on Raspberry Pi OS (see iiab/calibre-web#260) + #- python3-cryptography # Was needed on Raspberry Pi OS (SEE iiab/calibre-web#260, janeczku/calibre-web#3183) - python3-netifaces state: present From 0616e1c097f4c40abc40e36e6336500a60886366 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 28 Oct 2024 14:33:41 -0400 Subject: [PATCH 747/937] Fix tailscale tab completion (mkdir -p /etc/bash_completion.d) --- roles/tailscale/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/tasks/install.yml b/roles/tailscale/tasks/install.yml index 0e3bee8c1..97e939a84 100644 --- a/roles/tailscale/tasks/install.yml +++ b/roles/tailscale/tasks/install.yml @@ -19,7 +19,7 @@ update_cache: yes - name: Set up tab completion for 'tailscale' at the command-line - shell: tailscale completion bash > /etc/bash_completion.d/tailscale + shell: mkdir -p /etc/bash_completion.d && tailscale completion bash > /etc/bash_completion.d/tailscale - name: "Install ssh public keys for remote support (only runs if 'tailscale_install: True')" lineinfile: From 129f2842868c9c608b131a5d10d5a60e049b98e8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Nov 2024 15:42:08 -0500 Subject: [PATCH 748/937] 2.15 EOL November 2024, MIN_ANSIBLE_VER=2.16.13 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 59c22129f..17de8d2cb 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.15.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.16.13 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 8ff3c7c221fd62162248198f18527855e86fa83c Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Nov 2024 19:27:32 -0500 Subject: [PATCH 749/937] 10min-iiab-test-install.yml: Tmp GHA hack using ubuntu-24.04 --- .github/workflows/10min-iiab-test-install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 2e567f984..24dfc6c79 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." @@ -27,7 +27,7 @@ jobs: # GITHUB_CONTEXT: ${{ toJSON(github) }} # run: echo "$GITHUB_CONTEXT" - name: Check out repository code - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v4 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | From abe18950243e4db4d613855828e11b62650a6dcb Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Nov 2024 19:31:06 -0500 Subject: [PATCH 750/937] Recommend ansible-core 2.18.0 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b7c13abc7..c110e9a12 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.5] -GOOD_VER=2.17.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.0] +GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 6f7855f3d94b1b829f66283ea973b413d155f7cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:42:09 -0500 Subject: [PATCH 751/937] default_vars.yml: Mention that Lokole in UNMAINTAINED --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index caa6fd774..bcb038a53 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -412,7 +412,7 @@ jupyterhub_enabled: False jupyterhub_venv: /opt/iiab/jupyterhub jupyterhub_port: 8000 -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' From 1234d1163072e198c1754bb8bd276eb9b364ec25 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:42:28 -0500 Subject: [PATCH 752/937] local_vars_unittest.yml: Mention that Lokole in UNMAINTAINED --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index fe44a58ab..bd59f5bce 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -247,7 +247,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From 7b63f0b30e9f5b8c194a1b16af42314813acc3fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:42:49 -0500 Subject: [PATCH 753/937] local_vars_small.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_small.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 70206e9ec..55c50ee23 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -241,7 +241,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From aae672963201a3712e054fd157361e1c999342db Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:43:08 -0500 Subject: [PATCH 754/937] local_vars_medium.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 08afaab93..7707afba2 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -241,7 +241,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From a646a45aea81c2656093d20d6283a9c53814b1d6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:43:23 -0500 Subject: [PATCH 755/937] local_vars_large.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_large.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7f0d398fe..617ca9d93 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -241,7 +241,7 @@ gitea_enabled: True jupyterhub_install: True jupyterhub_enabled: True -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2023-09-06: wheel for mkwvconf still lokole_enabled: False # missing from Ubuntu 23.10 (#3572) From 13557b11729bf34bdd987f4ee607341e3a0fd1b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 16 Nov 2024 18:17:35 -0500 Subject: [PATCH 756/937] Defer install of Transmission on Ubuntu 25.04 too --- roles/8-mgmt-tools/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 4d83e4422..c6d497f15 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -6,7 +6,7 @@ - name: TRANSMISSION include_role: name: transmission - when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) + when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410 or is_ubuntu_2504) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) - name: AWSTATS include_role: From 750c15ade10f2e61f07a8617b49b9fad384b310c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Nov 2024 11:38:15 -0500 Subject: [PATCH 757/937] Update CONTRIBUTING.md link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8b4a07b84..36a45b7aa 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW
[github.com/iiab/iiab/wiki/Technical-Contributors-Guide](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) +# SEE THE NEW
[github.com/iiab/iiab/wiki/Contributors-Guide](https://github.com/iiab/iiab/wiki/Contributors-Guide) # THANKS! From 123a0cc5f130add3a9907118d279eddfc460f7ea Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Nov 2024 11:39:41 -0500 Subject: [PATCH 758/937] Update README.md link to RENAMED Contributors Guide --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2cabf030c..dd92224ff 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** -_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From defa139a34de2f46f2a29489b6e7cb3840dddedf Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Nov 2024 17:00:50 -0500 Subject: [PATCH 759/937] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 36a45b7aa..4ddde9b53 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW
[github.com/iiab/iiab/wiki/Contributors-Guide](https://github.com/iiab/iiab/wiki/Contributors-Guide) +# SEE THE NEW
[github.com/iiab/iiab/wiki/Contributors-Guide-(EN)](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN)) # THANKS! From 537c6a84c26a7cf797418cfccea790627061a968 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Nov 2024 17:04:54 -0500 Subject: [PATCH 760/937] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dd92224ff..fbfd30d35 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** -_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide) of all kinds!_ +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN)) ([versión en español](https://github.com/iiab/iiab/wiki/Gu%C3%ADa-para-Contribuidores-(ES))) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From 676f3eebeff5d690d27067501f4869c274744659 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 2 Dec 2024 12:58:02 -0500 Subject: [PATCH 761/937] Recommend ansible-core 2.18.1 --- scripts/ansible | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index c110e9a12..968819464 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.0] -GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.1] +GOOD_VER=2.18.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.18 +# https://github.com/ansible/ansible/blob/stable-2.18/changelogs/CHANGELOG-v2.18.rst # https://github.com/ansible/ansible/commits/stable-2.17 # https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst # https://github.com/ansible/ansible/commits/stable-2.16 From c16d76ac2907d78c414263b474442e94b57723c5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 2 Dec 2024 12:59:26 -0500 Subject: [PATCH 762/937] MIN_ANSIBLE_VER=2.16.14 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 17de8d2cb..45e637c2a 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.16.13 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.16.14 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 0e6836181465c09b9af8362209b380bc24ff2d21 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 8 Dec 2024 12:08:42 -0600 Subject: [PATCH 763/937] drop netifaces workaround - replaced with netifaces-plus --- roles/calibre-web/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a863f541e..70d85a666 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -26,7 +26,7 @@ name: - imagemagick #- python3-cryptography # Was needed on Raspberry Pi OS (SEE iiab/calibre-web#260, janeczku/calibre-web#3183) - - python3-netifaces + #- python3-netifaces state: present # https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 @@ -125,7 +125,8 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 #virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + #virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) From 01304ab1331c1da7eb68d57f2315685cba8fa903 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 Dec 2024 13:14:53 -0500 Subject: [PATCH 764/937] Nextcloud 30.0.4 disk footprint estimates --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 529988437..d0588aac9 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~197 MB) to {{ nextcloud_root_dir }} (~692 MB initially, sometimes ~730 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~180 MB) to {{ nextcloud_root_dir }} (~687 MB initially, sometimes ~721 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From adfc1cc6962e2d91ab8ecc943fadb6d3dd72b394 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 Dec 2024 13:44:56 -0500 Subject: [PATCH 765/937] RasPiOS compositor change (wayfire to labwc) so Chrome browser autostart needs work --- roles/www_options/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b26256239..ca1d7af16 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,6 +31,7 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network +# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so check for dir /home/{{ iiab_admin_user }}/.config/labwc/ instead? - name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini @@ -46,6 +47,7 @@ # path: /usr/bin/chromium # register: chromium_present +# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so try putting the line in NON-ini file /home/{{ iiab_admin_user }}/.config/labwc/autostart -- according to: https://forums.raspberrypi.com/viewtopic.php?t=379321 - name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini ini_file: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin From 7544b79285d48df48b48318afb98d778ff4c1c8a Mon Sep 17 00:00:00 2001 From: root Date: Thu, 12 Dec 2024 22:19:27 +0100 Subject: [PATCH 766/937] Enact Chrome browser autostart w/ compositor labwc (no longer wayfire) for RasPiOS --- roles/www_options/tasks/main.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index ca1d7af16..f55d43cb1 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,11 +31,11 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network -# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so check for dir /home/{{ iiab_admin_user }}/.config/labwc/ instead? -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +# 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir - name: Does /usr/bin/chromium-browser exist? stat: @@ -47,14 +47,14 @@ # path: /usr/bin/chromium # register: chromium_present -# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so try putting the line in NON-ini file /home/{{ iiab_admin_user }}/.config/labwc/autostart -- according to: https://forums.raspberrypi.com/viewtopic.php?t=379321 +# 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 - name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: chromium-browser - value: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: wayfire_ini.stat.exists and chromium_browser.stat.exists + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + regexp: '^/usr/bin/chromium' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: labwc_dir.stat.exists and labwc_dir.stat.isdir and chromium_browser.stat.exists # - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart # lineinfile: From ae40f78d23396f63cdb0e59b1439a23a621077e1 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 12 Dec 2024 22:54:44 +0100 Subject: [PATCH 767/937] Put iiab-netwarn & iiab-pwdwarn-labwc in ~/.config/labwc/autostart --- roles/iiab-admin/tasks/pwd-warnings.yml | 27 +++++++++---------- ...dwarn-wayfire.j2 => iiab-pwdwarn-labwc.j2} | 0 roles/network/tasks/netwarn.yml | 21 +++++++-------- roles/network/templates/netwarn/iiab-netwarn | 5 +++- 4 files changed, 27 insertions(+), 26 deletions(-) rename roles/iiab-admin/templates/{iiab-pwdwarn-wayfire.j2 => iiab-pwdwarn-labwc.j2} (100%) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index 46d091bec..200ff30ab 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -8,17 +8,17 @@ dest: /etc/profile.d/iiab-pwdwarn-profile.sh mode: '0644' -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir -- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-wayfire" +- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-labwc" template: - src: iiab-pwdwarn-wayfire.j2 - dest: /usr/local/sbin/iiab-pwdwarn-wayfire + src: iiab-pwdwarn-labwc.j2 + dest: /usr/local/sbin/iiab-pwdwarn-labwc mode: '0755' - when: wayfire_ini.stat.exists + when: labwc_dir.stat.exists and labwc_dir.stat.isdir # 2019-03-07: This pop-up (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) did # not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop @@ -28,10 +28,9 @@ # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger iiab-pwdwarn-wayfire (& pop-up as nec) - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: iiab-pwdwarn-wayfire - value: /usr/local/sbin/iiab-pwdwarn-wayfire - when: wayfire_ini.stat.exists +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/labwc/autostart to trigger iiab-pwdwarn-labwc (& pop-up as nec) + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + line: /usr/local/sbin/iiab-pwdwarn-labwc + when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-labwc.j2 similarity index 100% rename from roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-labwc.j2 diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 2ce6aaac0..67b717358 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -5,18 +5,17 @@ # shell / ssh logins (across all OS's/distros/window managers) might also make sense? -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir -- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/wayfire.ini - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: iiab-netwarn - value: /usr/local/sbin/iiab-netwarn - when: wayfire_ini.stat.exists +- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/labwc/autostart + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + line: /usr/local/sbin/iiab-netwarn + when: labwc_dir.stat.exists and labwc_dir.stat.isdir # mate desktop detection based on 'register: nd_dir' in enable_services @@ -45,4 +44,4 @@ src: roles/network/templates/netwarn/iiab-netwarn # Invoked by 1-prep (so full path needed) dest: /usr/local/sbin/ mode: 0755 - when: wayfire_ini.stat.exists or (mate_dir.stat.exists and mate_dir.stat.isdir) + when: (labwc_dir.stat.exists and labwc_dir.stat.isdir) or (mate_dir.stat.exists and mate_dir.stat.isdir) diff --git a/roles/network/templates/netwarn/iiab-netwarn b/roles/network/templates/netwarn/iiab-netwarn index b20d18fc6..87865e0f1 100755 --- a/roles/network/templates/netwarn/iiab-netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -3,7 +3,10 @@ # CONFUSING BUT FYI: Steps below run *strictly sequentially* when this script # (/usr/local/sbin/iiab-netwarn) is run on boot, triggered by either autostart: # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html -# ...or by Wayland compositor Wayfire's ~/.config/wayfire.ini for RasPiOS 12+: +# ...or by Wayland compositor's ~/.config/labwc/autostart in new RasPiOS 12+: +# https://forums.raspberrypi.com/viewtopic.php?t=379321 +# (Prior to Dec 2024, RasPiOS compositor Wayfire did the same...) +# https://github.com/iiab/iiab/pull/3685 # https://github.com/WayfireWM/wayfire/wiki/Configuration#autostart # # This allows return codes ($rc) to be meaningful, at each successive step. From 36a5cd458f9863d68f190e9c5fde014447963859 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 12 Dec 2024 23:51:09 +0100 Subject: [PATCH 768/937] Parallelize 3 autostart cmds in ~/.config/labwc/autostart --- roles/iiab-admin/tasks/pwd-warnings.yml | 2 +- roles/network/tasks/netwarn.yml | 4 ++-- roles/www_options/tasks/main.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index 200ff30ab..600a935bb 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -32,5 +32,5 @@ lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes - line: /usr/local/sbin/iiab-pwdwarn-labwc + line: '/usr/local/sbin/iiab-pwdwarn-labwc &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 67b717358..78aae19be 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -10,11 +10,11 @@ path: /home/{{ iiab_admin_user }}/.config/labwc/ register: labwc_dir -- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/labwc/autostart +- name: If so, add '/usr/local/sbin/iiab-netwarn &' to /home/{{ iiab_admin_user }}/.config/labwc/autostart lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes - line: /usr/local/sbin/iiab-netwarn + line: '/usr/local/sbin/iiab-netwarn &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index f55d43cb1..8b2907823 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -48,12 +48,12 @@ # register: chromium_present # 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 -- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini +- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home &' to /home/{{ iiab_admin_user }}/.config/labwc/autostart lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir and chromium_browser.stat.exists # - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart From e2d646ee182a604a1f083bfabfe065d83144afe4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 13 Dec 2024 18:48:37 -0500 Subject: [PATCH 769/937] calibre-web/tasks/install.yml: Rename xklb to library for pipx --- roles/calibre-web/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a863f541e..62cae7c56 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -92,27 +92,27 @@ - debug: msg: - "NEED BETTER/EXPERIMENTAL YouTube SCRAPING? RUN THE NEXT LINE -- for the latest yt-dlp 'nightly' release:" - - sudo pipx inject --pip-args='--upgrade --pre' -f xklb yt-dlp[default] + - sudo pipx inject --pip-args='--upgrade --pre' -f library yt-dlp[default] - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx reinstall xklb + pipx reinstall library else - pipx install xklb + pipx install library ln -sf /root/.local/bin/lb /usr/local/bin/lb - if [ -f /root/.local/share/pipx/venvs/xklb/bin/yt-dlp ]; then - ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp - elif [ -f /root/.local/pipx/venvs/xklb/bin/yt-dlp ]; then - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp else echo "ERROR: yt-dlp NOT FOUND" fi fi # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases # https://pypi.org/project/yt-dlp/#history From 9dfaccef74c780029462f641128508d726e95244 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 13 Dec 2024 18:50:35 -0500 Subject: [PATCH 770/937] scripts/iiab-update: Rename xklb to library for pipx --- scripts/iiab-update | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 63f4a8a68..dcf7d04f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -58,15 +58,15 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library + echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default]\e[0m\n' # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases # https://pypi.org/project/yt-dlp/#history From ad57789c65a730ebbfbbedfbb4f290c9b0378ee6 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Sun, 15 Dec 2024 21:00:30 -0500 Subject: [PATCH 771/937] Check if older version of 'library' (xklb) is installed --- scripts/iiab-update | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/iiab-update b/scripts/iiab-update index dcf7d04f3..4e5d82547 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -58,6 +58,11 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\e[4mChecking if an older version of 'library' (formerly 'xklb') exists...\e[0m" + if pipx list | grep -q 'xklb'; then + echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" + pipx uninstall xklb + fi echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" pipx uninstall library echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" From 577a8f171f5378ef276e9e82757f8f2872ac6189 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Sun, 15 Dec 2024 21:20:52 -0500 Subject: [PATCH 772/937] Ensure script continues even if 'library' is not installed --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4e5d82547..2e3f9e4f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -64,7 +64,7 @@ pipx uninstall xklb fi echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library + pipx uninstall library || true echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 59470cd13464ecd8d0e428f64e0eec7f53ce8559 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Sun, 15 Dec 2024 21:42:07 -0500 Subject: [PATCH 773/937] Update install.yml to check if older xklb is present --- roles/calibre-web/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62cae7c56..67b53766c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -99,7 +99,12 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx reinstall library + if pipx list | grep -q 'xklb'; then + pipx uninstall xklb + pipx install library + else + pipx reinstall library + fi else pipx install library ln -sf /root/.local/bin/lb /usr/local/bin/lb From 58c5e8e71f9b367168fbc1502675b5fdf0a3a060 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Sun, 15 Dec 2024 22:00:40 -0500 Subject: [PATCH 774/937] Enhance library existence check --- scripts/iiab-update | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 2e3f9e4f3..6a6eeee34 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -63,8 +63,12 @@ echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" pipx uninstall xklb fi - echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library || true + if pipx list | grep -q 'library'; then + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library + else + echo -e "\e[4m'library' not found. Skipping uninstall.\e[0m\n" + fi echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 7f37ccd8dbac10e1ee377e63636eebbe87d3328c Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Mon, 16 Dec 2024 07:25:06 -0500 Subject: [PATCH 775/937] Remove grep step --- scripts/iiab-update | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 6a6eeee34..2e3f9e4f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -63,12 +63,8 @@ echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" pipx uninstall xklb fi - if pipx list | grep -q 'library'; then - echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library - else - echo -e "\e[4m'library' not found. Skipping uninstall.\e[0m\n" - fi + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library || true echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 943dcccf7d1ddca7e542d0f7e340f6fc1cf574b8 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Mon, 16 Dec 2024 07:31:07 -0500 Subject: [PATCH 776/937] Make yt-dlp symlink failsafe --- roles/calibre-web/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 67b53766c..b678763ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -107,14 +107,14 @@ fi else pipx install library - ln -sf /root/.local/bin/lb /usr/local/bin/lb - if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then - ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp - elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then - ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp - else - echo "ERROR: yt-dlp NOT FOUND" - fi + fi + ln -sf /root/.local/bin/lb /usr/local/bin/lb + if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + else + echo "ERROR: yt-dlp NOT FOUND" fi # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] From 325d27a32ba97e0478228b9ab04e05870834f1d6 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 16 Dec 2024 18:37:47 -0500 Subject: [PATCH 777/937] Asterisk 22 (instead of 21, tested on Debian 13) --- roles/pbx/README.adoc | 2 +- roles/pbx/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f19260023..99791114e 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of August 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of December 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-22-0-0-now-available/[Asterisk 22] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f0cb38124..647ad700d 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,7 +26,7 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-21-current.tar.gz +asterisk_src_file: asterisk-22-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From 8b5ea641d4f447f48d9f852c78605233801c4319 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 Dec 2024 21:30:00 -0500 Subject: [PATCH 778/937] Bypass /etc/ImageMagick-6/policy.xml PDF surgery w/ ImageMagick 7+ --- roles/calibre-web/tasks/install.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62cae7c56..3bad3f9ae 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -38,6 +38,13 @@ # state: present # when: python_version is version('3.10', '>=') +- name: Does /etc/ImageMagick-6/policy.xml exist? + stat: + path: /etc/ImageMagick-6/policy.xml + register: imagemagick6_policy_xml + +# 2024-12-16: Debian 13 uses /etc/ImageMagick-7/policy.xml instead, which doesn't need this lineinfile surgery: +# https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -45,8 +52,9 @@ backrefs: yes line: ' ' state: present + when: imagemagick6_policy_xml.stat.exists -- name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" +- name: "Create 2 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_config }} (each set to {{ calibreweb_user }}:{{ apache_user }}, default to 0755)" file: state: directory path: "{{ item }}" From b8a868e231043dd217b162b2b1c3c1aa91bcfa94 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 Dec 2024 22:25:36 -0500 Subject: [PATCH 779/937] Fix Ansible comment RE: python3-netifaces (PR #3852) --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 229cd3d34..d293afe23 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,7 +21,7 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install package: imagemagick" package: name: - imagemagick From f722cd783e00e282fcdf938ac87034eb407beb7e Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 17 Dec 2024 00:04:20 -0500 Subject: [PATCH 780/937] rpi_debian.yml: rfkill unblock wifi --- roles/network/tasks/rpi_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index fc02dccd7..df9ddb7c3 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -55,7 +55,7 @@ # This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill - shell: rfkill unblock 0 + shell: rfkill unblock wifi ignore_errors: True - name: Copy the bridge script for RPi From 6a6d153034e90d05d817d5424873cf8035318b68 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 18 Dec 2024 08:47:43 -0600 Subject: [PATCH 781/937] deal with unblocking wifi while NM is active on newer RaspiOS --- roles/network/tasks/main.yml | 5 +++++ roles/network/tasks/rpi_debian.yml | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 7a1e6d5f5..30e1942d3 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -68,6 +68,11 @@ #### End services #### Start network layout + - name: Unblock WiFi on RaspiOS + shell: raspi-config nonint do_wifi_country {{ host_country_code }} + ignore_errors: True + when: is_raspbian + #- name: Redhat networking # include_tasks: ifcfg_mods.yml # when: is_redhat diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index df9ddb7c3..d2a15da5b 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -53,11 +53,6 @@ line: country={{ host_country_code }} when: country_code.stdout is defined and country_code.stdout | length == 0 -# This should go away, should only be unblocked by raspi-config -- name: Enable the WiFi with rfkill - shell: rfkill unblock wifi - ignore_errors: True - - name: Copy the bridge script for RPi template: dest: /etc/network/interfaces.d/iiab From 4a3e9517dcac8d3ee3b3a363d6635343cceeddd1 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 18 Dec 2024 19:55:14 -0500 Subject: [PATCH 782/937] Clarify 'raspi-config nonint do_wifi_country XX' --- roles/network/tasks/main.yml | 8 +++++--- roles/network/tasks/rpi_debian.yml | 6 ++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 30e1942d3..1f493067b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -68,10 +68,12 @@ #### End services #### Start network layout - - name: Unblock WiFi on RaspiOS - shell: raspi-config nonint do_wifi_country {{ host_country_code }} - ignore_errors: True + + # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml isn't enough, especially with NM (NetworkManager) + - name: Run 'raspi-config nonint do_wifi_country {{ host_country_code }}' (using var host_country_code) to unblock WiFi, if RasPiOS + command: raspi-config nonint do_wifi_country {{ host_country_code }} when: is_raspbian + #ignore_errors: True #- name: Redhat networking # include_tasks: ifcfg_mods.yml diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index d2a15da5b..e85c673dd 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -53,6 +53,12 @@ line: country={{ host_country_code }} when: country_code.stdout is defined and country_code.stdout | length == 0 +# 2024-12-18: SEE 'raspi-config nonint do_wifi_country {{ host_country_code }}' in roles/network/tasks/main.yml +# # This should go away, should only be unblocked by raspi-config +# - name: Enable the WiFi with rfkill +# shell: rfkill unblock wifi +# ignore_errors: True + - name: Copy the bridge script for RPi template: dest: /etc/network/interfaces.d/iiab From 1c9a784d2a1a61303c4e0d1c0f60d93797ef6255 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Dec 2024 22:59:25 -0500 Subject: [PATCH 783/937] WiFi unblock via "rpi_debian.yml wasn't enough, especially with NM" --- roles/network/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 1f493067b..7e2f1eabb 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -69,7 +69,7 @@ #### Start network layout - # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml isn't enough, especially with NM (NetworkManager) + # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml wasn't enough, especially with NM (NetworkManager) - name: Run 'raspi-config nonint do_wifi_country {{ host_country_code }}' (using var host_country_code) to unblock WiFi, if RasPiOS command: raspi-config nonint do_wifi_country {{ host_country_code }} when: is_raspbian From 3c32db26bdb0d34697afc8ef09be5479466b9115 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 19 Dec 2024 14:28:03 -0500 Subject: [PATCH 784/937] rename apache_allow_sudo and make True default --- roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml | 2 +- roles/www_options/tasks/main.yml | 6 +++--- roles/www_options/tasks/php-settings.yml | 2 +- vars/default_vars.yml | 6 +++--- vars/local_vars_large.yml | 6 +++--- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 6 +++--- vars/local_vars_small.yml | 6 +++--- vars/local_vars_unittest.yml | 6 +++--- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml index f728ffca8..e39bea703 100644 --- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml +++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml @@ -8,7 +8,7 @@ # apache_interface: 127.0.0.1 # Make this False to disable http://box/common/services/power_off.php button: -# apache_allow_sudo: True +# allow_www_data_sudo: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 8b2907823..2319c58f5 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -77,7 +77,7 @@ # COMPARE nginx_high_php_limits further above. -# 2020-03-08: DOES THE FLAG BELOW (apache_allow_sudo) PRESUMABLY WORK +# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_sudo) PRESUMABLY WORK # WITH NGINX TOO ? (The single-click poweroff button on IIAB's home # page certainly does still work with NGINX.) @@ -86,13 +86,13 @@ src: 020_apache_poweroff.j2 dest: /etc/sudoers.d/020_apache_poweroff mode: '0440' - when: apache_allow_sudo + when: allow_www_data_sudo - name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff file: path: /etc/sudoers.d/020_apache_poweroff state: absent - when: not apache_allow_sudo + when: not allow_www_data_sudo # 2022-06-30: internet_available var removed diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 46955cf16..184c07b21 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -207,4 +207,4 @@ # name: php{{ php_version }}-fpm # state: restarted -# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_sudo conditionals below. diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bcb038a53..1e84fd3e0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -274,7 +274,7 @@ nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # roles/www_base runs here (mandatory) @@ -340,8 +340,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True apache_service: apache2 apache_user: www-data # Admin Console uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 617ca9d93..ac2e78128 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 5df26eb52..45d6db53f 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -13,7 +13,7 @@ munin_enabled: True vnstat_install: True vnstat_enabled: True usb_lib_umask0000_for_kolibri: False -apache_allow_sudo: True +allow_www_data_sudo: True # By default # kiwix # awstats diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 7707afba2..c12fcb04f 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 55c50ee23..88253e035 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index bd59f5bce..39d8cf05c 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -178,7 +178,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -224,8 +224,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: True From 6b9608505079d5d78baefbaec14b4b6dfe1582d6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 19 Dec 2024 23:26:00 -0500 Subject: [PATCH 785/937] iiab-vpn: Update 3 Headscale doc URLs (Android, Apple, Windows) --- roles/tailscale/templates/iiab-vpn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index bb9a32dc0..14508809e 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -2,9 +2,9 @@ # USEFUL DOCS: # https://tailscale.com/kb/1080/cli#status -# https://headscale.net/android-client/ -# https://headscale.net/apple-client/ -# https://headscale.net/windows-client/ +# https://headscale.net/stable/usage/connect/android/ +# https://headscale.net/stable/usage/connect/apple/ +# https://headscale.net/stable/usage/connect/windows/ VPN_URL=https://iiab.net VPN_KEY="$1" From 079c7f5fa27983c2e0af8e2181b825023497e635 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 21 Dec 2024 10:11:53 -0500 Subject: [PATCH 786/937] New MediaWiki 1.42.4 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 4a7abf5de..ce95ff076 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 3 +mediawiki_minor_version: 4 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From afa8ae0eeba6a876ebdb14ff1f4c84f5826e2690 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 22 Dec 2024 13:44:30 -0500 Subject: [PATCH 787/937] roles/usb_lib/README.rst: Fix 2 URLs --- roles/usb_lib/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index c27dc0e53..22fd711d2 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -2,7 +2,7 @@ usb_lib README ============== -**PLEASE SEE "Can teachers display their own content?" WITHIN http://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** +**PLEASE SEE "Can teachers display their own content?" WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** This role implements functionality similar to LibraryBox, to mount "teacher content" from USB drives. @@ -22,7 +22,7 @@ USB drives must be formatted with one of the filesystems listed under "FILESYSTE IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). -Official `usbmount 0.0.22 (2011-08-08) `_ documentation: +Official `usbmount 0.0.22 (2011-08-08) `_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) * https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) From 1950a5ba6d97f4b129490170c3359e0bcf7d8a86 Mon Sep 17 00:00:00 2001 From: Avni Khatri/Fein Date: Sat, 28 Dec 2024 15:59:56 -0500 Subject: [PATCH 788/937] Update iiab-vpn to fix ANSI color codes on OSX and change text color on blue bg. - Update iiab-vpn to fix ANSI color codes on OSX by using \033 instead of \e - Change text color to light gray when using blue bg --- roles/tailscale/templates/iiab-vpn | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 14508809e..77e8c13be 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -10,7 +10,7 @@ VPN_URL=https://iiab.net VPN_KEY="$1" # if tailscale status > /dev/null; then # MANY IMPERFECT TESTS OF TAILNET CONNECTIVITY: tailscale0 CAN lose its IP address, as shown by 'ip a' and 'hostname -I' (testing 'systemctl is-active tailscaled' is likely no better!) Unclear if 'tailscale status --json | jq -r .Self.Online' is much better? Maybe explore 'tailscale debug --help' and 'tailscale debug prefs' for a cleaner/authoritative verdict? Or use + display string output of 'systemctl show tailscaled --property=StatusText' e.g. 'StatusText=Connected; iiab; 100.64.0.4' ? (OR JUST DON'T WORRY ABOUT IT, AS THE ~3 'tailscale up' COMMANDS BELOW ARE MORE PROACTIVE... AND APPEAR FAST + SAFE!) -# echo -e "\n\e[1;33mAlready connected to VPN!?\e[0m" +# echo -e "\n\033[1;33mAlready connected to VPN!?\033[0m" # else # [NEST ~20 LINES OF IF STATEMENTS FURTHER BELOW?] @@ -22,20 +22,20 @@ VPN_KEY="$1" # UX Optimization: {iiab-vpn, iiab-support} can be run WITHOUT key *IF* .BackendState is "Stopped" or "Running" *AND* .ControlURL is $VPN_URL (avoid their default, https://controlplane.tailscale.com !) if [[ $(tailscale status --json | jq -r .BackendState) != "NeedsLogin" && $(tailscale debug prefs | jq -r .ControlURL) = $VPN_URL ]]; then if ! tailscale up --login-server "$VPN_URL" --timeout 8s; then # (Re-)passing $VPN_URL is overkill on this line, but can't hurt! - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN\033[0m\n" exit 1 fi elif [ -z $VPN_KEY ]; then - echo -e "\n\e[1;33mVPN key required!\e[0m\n\nEmail holt@unleashkids.org to explain your need?\n" + echo -e "\n\033[1;33mVPN key required!\033[0m\n\nEmail holt@unleashkids.org to explain your need?\n" exit 1 else if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\033[0m\n" # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\033[0m\n" exit 1 fi fi @@ -43,7 +43,7 @@ fi # jq 1.7 (2023-09-05) on new OS's also allows new syntax... jq -r .Node.Tags.[] # Can also work: tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[]) -echo -e "\n\e[44;1mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\e[0m\n" +echo -e "\n\033[44;37mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\033[0m\n" echo -e " hostname -I" echo -e " tailscale ip" echo -e " tailscale status" @@ -52,20 +52,20 @@ echo -e " tailscale whois --json $(tailscale ip -1) | jq .Node.Endpoints,.Nod echo -e " tailscale ping --verbose [IP or HOSTNAME]" echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" -echo -e "\e[4mTo disconnect from VPN:\e[0m\n" +echo -e "\033[4mTo disconnect from VPN:\033[0m\n" echo -e " tailscale down\n" -echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" +echo -e "\033[4mTo permanently log out of VPN:\033[0m\n" echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' -#echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +#echo -e "\033[44;37mVPN peers: (rightmost column = online/offline)\033[0m\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t -#echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' -echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' +#echo -e '\033[44;37mVPN peers: ("true" in 6th column means online)\033[0m\n' +echo -e '\033[44;37mVPN peers: (6th column = online/offline)\033[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\033[0;32m ✅\\033[0m/ ; s/ XXXfalseXXX /\\033[0;31m ❌ \\033[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 3ebf210c991b35ccc612c43c17df5b4457d862f2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 31 Dec 2024 21:56:16 -0500 Subject: [PATCH 789/937] New MediaWiki 1.43.0 LTS --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index ce95ff076..5c37610af 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 4 +mediawiki_major_version: "1.43" # "1.40" quotes nec if trailing zero +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 59956f2a913e9912432536c2b8b94e7916ffe968 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 31 Dec 2024 22:20:48 -0500 Subject: [PATCH 790/937] default_vars.yml: Launch 8.3 Release Cycle --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1e84fd3e0..4e61819a2 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.2 +iiab_base_ver: 8.3 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From 8d0f45bd4d674e7583f39fbe29317d6bc2ee4020 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 5 Jan 2025 16:35:38 -0500 Subject: [PATCH 791/937] Initial commit(x3) of Upload2USB stick app: 3 *.php files + UK logo --- roles/usb_lib/files/upload2usb/index.php | 50 +++++++++++++ roles/usb_lib/files/upload2usb/uk-swing.png | Bin 0 -> 4880 bytes .../usb_lib/files/upload2usb/upload-file.php | 70 ++++++++++++++++++ roles/usb_lib/files/upload2usb/upload2usb.php | 68 +++++++++++++++++ 4 files changed, 188 insertions(+) create mode 100644 roles/usb_lib/files/upload2usb/index.php create mode 100644 roles/usb_lib/files/upload2usb/uk-swing.png create mode 100644 roles/usb_lib/files/upload2usb/upload-file.php create mode 100644 roles/usb_lib/files/upload2usb/upload2usb.php diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload2usb/index.php new file mode 100644 index 000000000..ad4156876 --- /dev/null +++ b/roles/usb_lib/files/upload2usb/index.php @@ -0,0 +1,50 @@ + + + + + + + IIAB Homework Submission App + + + + + + + + + + +

+
+
+ + + +

Internet in a Box Homework Submission

+ + +

+ + +
+ homework files have been submitted today! + +
+
+
+ + + diff --git a/roles/usb_lib/files/upload2usb/uk-swing.png b/roles/usb_lib/files/upload2usb/uk-swing.png new file mode 100644 index 0000000000000000000000000000000000000000..c5470365e784b58dde5eb8e9f2a1975621b700fc GIT binary patch literal 4880 zcma)A2UJtb77azv(4>hEDWQl6LJA550#fBsLJ2`ak(wa+kYW-bQ~^JHW{%acQBfuafYPTD+npdB#?%Xm1SqlWod6CtApplVg!KooK>_S6 zTZ(nTqVWLEZ{q-fHLC^aV@V!3khM37MxuI?$RI=8BOs)^C!V<72LL#-*naV3vH$c% zXL0FDszuk4 z{f5wD+1tZlSB!1%2m1N@p_4%V8Hh;zkrgXHFx{ODhN?oq|G^1~{O@iA!ryvQX(-&U%>FhY z6&*;%fl)Xr$&ccRW5MPAP67?@^&fb)XTB@{R@m?PB3P@VWk|uf(?}FFiR7#MUmpzw z_}}5bD!0vqL~0q~D0qJy_85gk_*P=FJB5ndR<0xahxDIo@0Q zwjVw%7KF77?%Uf>7m5J?W$XtY0p8x5f7+|x4}x!_tdl?&$STwyr;0A{*3HBv)^XWn zYNU^*voX{7Xy{haw&6qa5pFHf@|`c$VhYj593?TayBjRl3#GHN3+y8H_z3E>Qqeb6 zUNP3}4poO8KJI<%nXD{9a2GpUtf243LLHCSqj3~8yA7woPSev{)AfF<)66%_(a^{C zGif(c?@?!-rf+&JytubW2sy(o&@evpvCGF_9_doyVO(KDOyv6w_F5^vn{BQs*SqTZ zQx0x^Ut+7n+u+rOWji!l0@$iOH^?xIKDUEsj|4w6psKTBuD_rlF**5YZ%+?omyCa2 zZm#pnh)w@^*brr*3d9x-UfM7g@URuD$3&6LMFoUM9a+svz0W^!bS{a~wY#I8dx?zK22Tow&cj=Rp`5}g1VH4t{x z;p~P<^$biuPHx;cLe9Rn?;u*($ibEuXO|r#UF>|1lC$*S9G~|24YHg3GelO&5;Pb2 zsh%y&$8(nId}TxlU0ue?9Sjq`XR^g9#YL-h@rjs%@p4|?&^u8a@IBZiXpHK`n4ibdyRTrf^f!RgJL zQJu0%i9T<3_;x{Ey7r9c_?dr<+vGR zHsze5PQv$mi>HLLADcYn(7XaWjPgElVoZ~3Hnm;fmmbQhBV$^9Ek;pQBAH!7OjOh_ z=65Wi5pbnTz4|nkU zGMz`N#Qku`0d@Px@E+be*Jht<^_K2HTsbwuqKy0O>E;Zb;IQcWh8tJI0&J)J<_C)Q zY*;bgM!(V$5IF^r((|?53BAXG^T3Y|w>C&icIRD@;JQ z&=k!AiM$4zm*7R=dfL?r^&0MC@@`-%q?=F53CyUyqxA5pxiHfN#`ZR4rl(6*(NR9C5j?#nLJUGqiy>Rx8Gm)sVFwr>S%-Fn+%0CD> z-+~TOQr7e>RX}D_M+qR;%du(6v(3eyQ^+n`U%xmxzQ1|9HY|o$P0^)_G||vMJf3et zR*z1Vvo$*XQ6^XDf@$a5y`u$>`rox-afUib3;F@~x?{Ss_vMn`pA)CkU^<3wp1kpH#bQ89|8t!EMax_p5u$Yis-n#*u-nN z-*!htBl89Go-*1WL(;9|JxME?;4eW}Xwe53>Y|6h>ba zXs1bVEz;}^7j#*oo_$0d+R+>ppS~N0A>9NpC&CK?6`kO(zXHDK%}>aYa;+C$1uku= z^^CTxN)IGAPn{_)F7_*ahabQRaZREKoMqZ|3oEs4s}B_d_Al~Q-ClZcD29LL^!wDU z5v767zP0j~77D)VbK+}k)_|cA1#c&4?5S{e)$3K&V+6%lClngS5f^|wJm<3l6IM#~ zAibx>l~*dP+cHm3lJuA4=qK2aT7l$g8~zmm6+L@k*{Z=Qmur#-(P!im=i2NlVMJ^; z3EDj4U8@^O&M6U&G9i)kYGZo?B)`z?Bm^+_134*N!+m;vp_w$bYkHqz5MAMV!NR9A z4#cU$9Y`3abkW5q#YwXs`|QMMEVl!GhLP47xp|2%5K%}8>9@&eztG+%dErR!j((vh zU7G%ecQ!t_jV!s9W(|oc7BG#e1%*0-9Tf&8XBd-nlVP~lHizUJR8jTMeD7Z}<~-dl z_S!D*y~?gAM_raBUN}c6&qK* z`we{Qryl(lEVu&W9Ei9Y^YBGTYDmv$sokyPwr+Hu$)QKlJF}Li8jE~ z`G_~|i=gSkT)MbhKTxO4N<~LXobFn1Hb(Rc`^^jzuXJmQ#81qt$94~g)8S(gwf{Kz zi8&gue2#A)|9wf!7um7Iw55Trla0bH^8Gc}g@NgDnVW^WAIM5&k|q5IhP-(VLhySx zj#ebRNJs zwnhYt*$)FHj|bIfT)EPFnWtmbq2ocyEelkWGi=K%H8s^<#j$D@H`jEr*S=BDqi33T z34Tq2V_N;{*aom%YmKe}xQkrHR!MWy>xkr#|@lLB}3&L$2qpaYk&_Shvz4*}Hc68y*`XoWR@~k( zt2g)xta!tSw|TX`?rj!DoMHw()T}A(Bgr*Js(%Q)+d4EMe>CRBNM3|UvOz1GNr>FA zjviv+T;h;GPv}@zNemHspevMieviuhx=d@C&HVlW(cD-+DebxY{SrDdx7^=8FIjvU zU(kZ?Etoo(-Z{Uqdwq~2IKnKr^d2{yKT(D` zHPr7Ib?;(WTO4XDGPEvA7}K2Op|ItI^{Gm4cI^cA`wPftTTO)bbI>2?r4CCaZfPQT zpu+Z^3i)hS2iH7=6s;Jy`JT(x`2hB>n1xmV?p>qx&2?a0;mnA&Dd5y8eFehAOJ9GIhJ|9h?&z zynplN&Az5Q!Hazy=dXvn;H)f%*5=U@Vs3bOwq+PV&h{hBmrkE6Q8KCPco=-B{)rPG z?Y7KUkviS@9;M{$q778xU6AX}C%mEEIOgJAU1Meax@8ro>UUEe=4&sP%wkLg^%V%C z8Y$hU<*K-Q-?f)POtpr2&a{(wQbllkMBH~MGdcJJTynoit!N8I zU`i#W%&wQ~_v;4B-P|dkB%(}nwev(*fYBC$D<6}uc%=9P6%`fNI786Wm`$0jtB*9Q zp69#i$k=y-?kWI>GWdq>RmU%rA_q)A7VN$_1A}@#yJ=TZTIEH_DbJx)h=2mJqt9OO z(>M@1utN|kKaD*`^j;H_SY7IG1J7#n&+>Z1YL9M)WBNSmuIgE9Bv~@5){<{^c6R0q zZ%V}Oil1<9RT`KpoiH}dfBu>q4?ZdO`AW34@W@1|#9R4y^qQ8JrGEPDmOHg~aM^QM zVjUiFX69L$4_D?_XWBM@GCu5zvVVL3bB}INSAVVF+ggkZR6EsZcJD3~^CHM0wx`6% z_o^d{92v`fCy54JCS9fzANCYcip-0yBrH6k*uKeXpD>ZtN?J0pWB9IH4K>uRm{mMS zx2z=D_efn&vGi2V!9Kq{pEPI`+oq(ozcp206%ZE^xp7F9(=HpH(Pv|?*lE_$-F-U# zGryZoXZ^{p>qpEF1_$1Xtk>vp79A%CJh~%wnyheF;!99jT}@3*pTpfP+jJ4}HR%}G Wk%K$rjbygJ8krhf8kHKjMg9{3Sx(si literal 0 HcmV?d00001 diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php new file mode 100644 index 000000000..e2053864e --- /dev/null +++ b/roles/usb_lib/files/upload2usb/upload-file.php @@ -0,0 +1,70 @@ + + + + + + + IIAB Homework Submission App + + + + + + + + + + +
+
+
+ + +

Internet in a Box Homework Submission

+
+ homework files have been submitted today! + +
+
+
+ + + + diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php new file mode 100644 index 000000000..20b98e162 --- /dev/null +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -0,0 +1,68 @@ + 5000000) { +// $upload_msg = "Your file is too large."; +// $upload_ok = 0; +// } + +?> From 8d167ab98192454479c481d738d8b621412dcff9 Mon Sep 17 00:00:00 2001 From: avni Date: Mon, 6 Jan 2025 01:12:24 +0100 Subject: [PATCH 792/937] roles/usb_lib/tasks/install.yml: Add yaml to copy upload2usb app files to local_content folder --- roles/usb_lib/tasks/install.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e0699a652..c26746a61 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,6 +76,18 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } +# 2025-01-05: Copy upload2usb app files (#3875) to local_content +- name: 'Copy upload2usb app files from files/upload2usb/' + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: "0755" + with_fileglob: + - upload2usb/* + + # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 From 2706381a382c8e7326adcf1ab41769f350b0b380 Mon Sep 17 00:00:00 2001 From: avni Date: Mon, 6 Jan 2025 04:46:28 +0100 Subject: [PATCH 793/937] usb_lib/tasks/install.yml: Fixing yaml so upload2usb directory is created before files are copied --- roles/usb_lib/tasks/install.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index c26746a61..e05eeefc0 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,14 +76,19 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -# 2025-01-05: Copy upload2usb app files (#3875) to local_content -- name: 'Copy upload2usb app files from files/upload2usb/' +- name: '2025-01-05: Add upload2usb directory to local_content' + file: + state: directory + path: "{{ doc_root }}/local_content/upload2usb" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: 0755 + + +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload2usb/ to local_content' copy: src: "{{ item }}" dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - mode: "0755" with_fileglob: - upload2usb/* From 99ff433a90f8d49d559d57a1540221766bb350a0 Mon Sep 17 00:00:00 2001 From: avni Date: Mon, 6 Jan 2025 04:48:19 +0100 Subject: [PATCH 794/937] usb_lib/files/upload2usb/*: renaming app to Upload To USB instead of HW Submission, other minor cleanup/styling --- roles/usb_lib/files/upload2usb/index.php | 14 +++++++------- roles/usb_lib/files/upload2usb/upload-file.php | 16 ++++++++-------- roles/usb_lib/files/upload2usb/upload2usb.php | 16 +++------------- 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload2usb/index.php index ad4156876..8151458b4 100644 --- a/roles/usb_lib/files/upload2usb/index.php +++ b/roles/usb_lib/files/upload2usb/index.php @@ -16,7 +16,7 @@ $file_count = getFileCount(getTargetFolderPath(0)); - IIAB Homework Submission App + IIAB Upload to USB App @@ -31,16 +31,16 @@ $file_count = getFileCount(getTargetFolderPath(0));
-
- -

Internet in a Box Homework Submission

+ + +

Internet in a Box Upload to USB

- -

+ +


- homework files have been submitted today! + files have been uploaded today!
diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php index e2053864e..ef23713ab 100644 --- a/roles/usb_lib/files/upload2usb/upload-file.php +++ b/roles/usb_lib/files/upload2usb/upload-file.php @@ -6,13 +6,13 @@ include("upload2usb.php"); -//get folder path where homework will be stored +//get folder path where file will be stored $target_folder_path = getTargetFolderPath(1); -$target_file = $target_folder_path . "/" . basename($_FILES["hw_submission"]["name"]); +$target_file = $target_folder_path . "/" . basename($_FILES["uploaded_file"]["name"]); $upload_ok = 1; $upload_msg = ""; -if(!isset($_POST["submit"]) || empty(basename($_FILES["hw_submission"]["name"]))) { +if(!isset($_POST["submit"]) || empty(basename($_FILES["uploaded_file"]["name"]))) { $upload_msg = "No file submitted."; $upload_ok = 0; } elseif (file_exists($target_file)) { @@ -26,8 +26,8 @@ if ($upload_ok == 0) { // if everything is ok, try to upload file } else { - if (move_uploaded_file($_FILES["hw_submission"]["tmp_name"], $target_file)) { - $upload_msg = "😊 ✅ Your homework file ". htmlspecialchars( basename( $_FILES["hw_submission"]["name"])). " was successfully uploaded!"; + if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { + $upload_msg = "😊 ✅ Your file ". htmlspecialchars( basename( $_FILES["uploaded_file"]["name"])). " was successfully uploaded!"; } else { $upload_msg = "❌ There was an error uploading your file. " . $upload_msg; } @@ -41,7 +41,7 @@ $file_count = getFileCount($target_folder_path) - IIAB Homework Submission App + IIAB Upload to USB App @@ -57,9 +57,9 @@ $file_count = getFileCount($target_folder_path)
-

Internet in a Box Homework Submission

+

Internet in a Box Upload to USB


- homework files have been submitted today! + files have been submitted today!
diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 20b98e162..15a94290d 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -16,19 +16,14 @@ function getTargetUSBDriveLocation () { if (empty($removable_usb_path)) { return "/library/www/html/local_content/"; } else { - return $removable_usb_path . "/"; } - } -//returns folder path where homework will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist +//returns folder path where file will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist function getTargetFolderPath ($create_folder_p) { $parent_dir = getTargetUSBDriveLocation(); - - -error_log("PARENTDIR: " . $parent_dir); - +// error_log("PARENTDIR: " . $parent_dir); $today_folder_name = "UPLOADS." . date("Y-m-d"); $target_folder_path = $parent_dir . $today_folder_name; @@ -36,9 +31,7 @@ error_log("PARENTDIR: " . $parent_dir); mkdir($target_folder_path, 0777); } - return $target_folder_path; - } //return number of files within a specified folder @@ -48,19 +41,16 @@ function getFileCount ($folder_path) { //*** TODO *** check file content to see if it's unique or not function isFileContentUnique ($file) { - - } //*** TODO **** check if file exists based on file name and return unique name if does function getUniqueFileName ($filename) { - } // Check file size - we are not going to check file size for now. -// elseif ($_FILES["hw_submission"]["size"] > 5000000) { +// elseif ($_FILES["uploaded_file"]["size"] > 5000000) { // $upload_msg = "Your file is too large."; // $upload_ok = 0; // } From 8fb56561893419e08e592f954a69f4444d3c118e Mon Sep 17 00:00:00 2001 From: root Date: Sun, 5 Jan 2025 23:43:52 -0500 Subject: [PATCH 795/937] usb_lib/templates/content_dir.conf.unused: rename unused file --- .../templates/{content_dir.conf => content_dir.conf.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/usb_lib/templates/{content_dir.conf => content_dir.conf.unused} (100%) diff --git a/roles/usb_lib/templates/content_dir.conf b/roles/usb_lib/templates/content_dir.conf.unused similarity index 100% rename from roles/usb_lib/templates/content_dir.conf rename to roles/usb_lib/templates/content_dir.conf.unused From 1da4d45509868e5fe0fc5c6bf0ed71bf1fd9b8a1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Jan 2025 00:29:57 -0500 Subject: [PATCH 796/937] Update LICENSING.md --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index 33776a06e..77c1ed0b9 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2024, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2025, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From 956257f6cb57a7382b2bcfc2c92ebba41238a454 Mon Sep 17 00:00:00 2001 From: avni Date: Wed, 8 Jan 2025 11:45:00 +0100 Subject: [PATCH 797/937] usb_lib/upload/*.php, usb_lib/tasks/install.yml: Moving app from upload2usb/ to upload/; Fixing UK image on upload-file page; Minor formatting changes --- .../usb_lib/files/{upload2usb => upload}/index.php | 2 +- .../files/{upload2usb => upload}/uk-swing.png | Bin .../files/{upload2usb => upload}/upload-file.php | 2 +- .../files/{upload2usb => upload}/upload2usb.php | 1 + roles/usb_lib/tasks/install.yml | 10 +++++----- 5 files changed, 8 insertions(+), 7 deletions(-) rename roles/usb_lib/files/{upload2usb => upload}/index.php (96%) rename roles/usb_lib/files/{upload2usb => upload}/uk-swing.png (100%) rename roles/usb_lib/files/{upload2usb => upload}/upload-file.php (96%) rename roles/usb_lib/files/{upload2usb => upload}/upload2usb.php (96%) diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload/index.php similarity index 96% rename from roles/usb_lib/files/upload2usb/index.php rename to roles/usb_lib/files/upload/index.php index 8151458b4..0287e44f2 100644 --- a/roles/usb_lib/files/upload2usb/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -35,7 +35,7 @@ $file_count = getFileCount(getTargetFolderPath(0));

Internet in a Box Upload to USB

- +


diff --git a/roles/usb_lib/files/upload2usb/uk-swing.png b/roles/usb_lib/files/upload/uk-swing.png similarity index 100% rename from roles/usb_lib/files/upload2usb/uk-swing.png rename to roles/usb_lib/files/upload/uk-swing.png diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload/upload-file.php similarity index 96% rename from roles/usb_lib/files/upload2usb/upload-file.php rename to roles/usb_lib/files/upload/upload-file.php index ef23713ab..684372823 100644 --- a/roles/usb_lib/files/upload2usb/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -56,7 +56,7 @@ $file_count = getFileCount($target_folder_path)
- +

Internet in a Box Upload to USB


files have been submitted today! diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php similarity index 96% rename from roles/usb_lib/files/upload2usb/upload2usb.php rename to roles/usb_lib/files/upload/upload2usb.php index 15a94290d..bd13d1f6b 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -16,6 +16,7 @@ function getTargetUSBDriveLocation () { if (empty($removable_usb_path)) { return "/library/www/html/local_content/"; } else { +// error_log ("REMOVABLE USB PATH: " . $removable_usb_path); return $removable_usb_path . "/"; } } diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e05eeefc0..de16e83a7 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,21 +76,21 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb directory to local_content' +- name: '2025-01-05: Add upload2usb app directory to local_content' file: state: directory - path: "{{ doc_root }}/local_content/upload2usb" + path: "{{ doc_root }}/local_content/upload" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload2usb/ to local_content' +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html + dest: "{{ doc_root }}/local_content/upload" # /library/www/html with_fileglob: - - upload2usb/* + - upload/* # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ From 30f940a5f4c8f13e94fbcef8591747035273a014 Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 12 Jan 2025 12:04:47 +0100 Subject: [PATCH 798/937] error.php, header.php, footer.php - Add custom exception handling, header, footer; index.php, upload-file.php, upload-2-usb.php - Require exactly 1 USB stick to be inserted, allow same file name but different content (using incremental numbering), reject duplicate content, restrict file types --- roles/usb_lib/files/upload/error.php | 16 +++++ roles/usb_lib/files/upload/footer.php | 14 +++++ roles/usb_lib/files/upload/header.php | 32 ++++++++++ roles/usb_lib/files/upload/index.php | 34 ++--------- roles/usb_lib/files/upload/upload-file.php | 56 +++++++----------- roles/usb_lib/files/upload/upload2usb.php | 68 ++++++++++++++++++---- 6 files changed, 142 insertions(+), 78 deletions(-) create mode 100644 roles/usb_lib/files/upload/error.php create mode 100644 roles/usb_lib/files/upload/footer.php create mode 100644 roles/usb_lib/files/upload/header.php diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php new file mode 100644 index 000000000..75d4f5a2d --- /dev/null +++ b/roles/usb_lib/files/upload/error.php @@ -0,0 +1,16 @@ + + +AN ERROR occurred! Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Reach out to TK for help if you have any questions or continue having trouble with the setup. +

+ +Share the below error message with IIAB developers at TK for debugging: +
+ + + diff --git a/roles/usb_lib/files/upload/footer.php b/roles/usb_lib/files/upload/footer.php new file mode 100644 index 000000000..2e1fef0f7 --- /dev/null +++ b/roles/usb_lib/files/upload/footer.php @@ -0,0 +1,14 @@ + + +
+
+ + + + diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload/header.php new file mode 100644 index 000000000..78592e86d --- /dev/null +++ b/roles/usb_lib/files/upload/header.php @@ -0,0 +1,32 @@ + + + + + + + <?php echo $title ?> + + + + + + + + + + +
+
+
+ + +

diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index 0287e44f2..670d8499e 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -4,47 +4,21 @@ * Upload2USB App Index Page */ -include("upload2usb.php"); +$title = "IIAB Upload to USB"; +include("header.php"); //Check if folder for today exists, and get file count if it does - $file_count = getFileCount(getTargetFolderPath(0)); ?> - - - - - IIAB Upload to USB App - - - - - - - - - - -
-
-
-
- -

Internet in a Box Upload to USB

-



- files have been uploaded today! + files have been uploaded today! -
-
-
- - + \ No newline at end of file diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 684372823..d86f9aa60 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -4,20 +4,29 @@ * Upload2USB App - Process Submission */ -include("upload2usb.php"); +$title = "IIAB Upload to USB App Results"; +include("header.php"); //get folder path where file will be stored $target_folder_path = getTargetFolderPath(1); -$target_file = $target_folder_path . "/" . basename($_FILES["uploaded_file"]["name"]); +$uploaded_filename = basename($_FILES["uploaded_file"]["name"]); +$target_file = $target_folder_path . "/" . $uploaded_filename; $upload_ok = 1; $upload_msg = ""; -if(!isset($_POST["submit"]) || empty(basename($_FILES["uploaded_file"]["name"]))) { - $upload_msg = "No file submitted."; +if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_name'])) { + $upload_msg = "No file submitted!"; + $upload_ok = 0; +} elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; + $upload_ok = 0; +} elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "This file already exists!"; $upload_ok = 0; } elseif (file_exists($target_file)) { - $upload_msg = "This file already exists."; - $upload_ok = 0; + // rename file so name is unique + $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); + $target_file = $target_folder_path . "/" . $new_filename; } // Check if $upload_ok is set to 0 by an error @@ -27,44 +36,19 @@ if ($upload_ok == 0) { // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { - $upload_msg = "😊 ✅ Your file ". htmlspecialchars( basename( $_FILES["uploaded_file"]["name"])). " was successfully uploaded!"; + $upload_msg = "😊 ✅ Your file ". htmlspecialchars( $uploaded_filename ). " was successfully uploaded!"; } else { - $upload_msg = "❌ There was an error uploading your file. " . $upload_msg; + $upload_msg = "❌ There was an error uploading your file. " . $_FILES["upload_file"]["error"] . $upload_msg; } } -$file_count = getFileCount($target_folder_path) +$file_count = getFileCount($target_folder_path); ?> - - - - - IIAB Upload to USB App - - - - - - - - - - -
-
-
- - -

Internet in a Box Upload to USB


files have been submitted today! -
-
-
- - - + + diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index bd13d1f6b..3de51297d 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -4,6 +4,12 @@ * Upload2USB App Helper Functions */ +set_exception_handler(function (Throwable $exception) { + error_log('UPLOAD2USB ERROR: ' . (string)$exception); + + include ("error.php"); +}); + //return the first removable USB drive location function getTargetUSBDriveLocation () { @@ -11,26 +17,32 @@ function getTargetUSBDriveLocation () { // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 - $removable_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + # error if 1<>usb sticks are installed + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); + if ($rmv_usb_path_count == 0) { + throw new RuntimeException('0 USB sticks found

'); + } elseif ($rmv_usb_path_count > 1) { + throw new RuntimeException('More than 1 USB sticks installed

'); + } - if (empty($removable_usb_path)) { - return "/library/www/html/local_content/"; + $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + + if (empty($rmv_usb_path)) { + throw new RuntimeException('Not able to find USB stick

'); } else { -// error_log ("REMOVABLE USB PATH: " . $removable_usb_path); - return $removable_usb_path . "/"; + return $rmv_usb_path . "/"; } } //returns folder path where file will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist function getTargetFolderPath ($create_folder_p) { $parent_dir = getTargetUSBDriveLocation(); -// error_log("PARENTDIR: " . $parent_dir); + $today_folder_name = "UPLOADS." . date("Y-m-d"); $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777); - + mkdir($target_folder_path, 0777); } return $target_folder_path; } @@ -40,15 +52,45 @@ function getFileCount ($folder_path) { return count(glob($folder_path . "/*")); } -//*** TODO *** check file content to see if it's unique or not -function isFileContentUnique ($file) { +//check if file mimetype is acceptable for upload +function isFileMimeTypeAcceptable ($file) { + $mimetype = strtolower(mime_content_type($file)); + $invalid_mimetypes_str = array ("compress", "octet", "xml", "zip"); + foreach ($invalid_mimetypes_str as $invalid_mt_str) { + if (str_contains($mimetype, $invalid_mt_str)) { + return false; + } + } + return true; } +//check file content to see if it's unique or not +function isFileContentUnique ($target_folder_path, $file) { + $file_to_upload_md5 = md5_file($file); + $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); + foreach ($usb_dir as $dir_file) { + $dir_file = $target_folder_path . "/" . $dir_file; -//*** TODO **** check if file exists based on file name and return unique name if does -function getUniqueFileName ($filename) { + if (!is_dir($dir_file)) { + $dir_file_md5 = md5_file($dir_file); + if ($file_to_upload_md5 == $dir_file_md5) { + return false; + } + } + } + return true; } +//return unique filename +function getUniqueFileName ($target_folder_path, $filename) { + $new_filename = $filename; + $counter = 1; + while (file_exists($target_folder_path . "/" . $new_filename)) { + $counter++; + $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); + } + return $new_filename; +} // Check file size - we are not going to check file size for now. // elseif ($_FILES["uploaded_file"]["size"] > 5000000) { @@ -56,4 +98,6 @@ function getUniqueFileName ($filename) { // $upload_ok = 0; // } + + ?> From 312ddce9ecbeda749e70e9e66cc2cc5ab33363e9 Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 12 Jan 2025 12:07:37 +0100 Subject: [PATCH 799/937] Adding PR number to beginning of upload2usb block --- roles/usb_lib/tasks/install.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index de16e83a7..670c2f61a 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,7 +76,7 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app directory to local_content' +- name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' file: state: directory path: "{{ doc_root }}/local_content/upload" @@ -84,7 +84,6 @@ group: "{{ apache_user }}" mode: 0755 - - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" @@ -92,7 +91,6 @@ with_fileglob: - upload/* - # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 From 917c6840d69e43d16155cb0035cd91e4fcdc69a2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 8 Jan 2025 19:26:27 -0600 Subject: [PATCH 800/937] better visual feedback when running --- roles/network/tasks/hostapd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 4d64bf843..afc3d701c 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -3,7 +3,7 @@ hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap -- name: Disable the Access Point 'hostapd' service +- name: Disable the Access Point 'hostapd' service hostapd_enabled False systemd: name: hostapd enabled: no @@ -15,7 +15,7 @@ ignore_errors: True when: wifi_up_down and can_be_ap and has_wifi_gateway is defined -- name: Set Wifi Region country code for hostapd when present +- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 From 9391d37f40944de7a61efffa68c76b51b246e19f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 9 Jan 2025 16:43:01 -0600 Subject: [PATCH 801/937] move country code detection --- roles/network/tasks/detected_network.yml | 13 +++++++++++++ roles/network/tasks/hostapd.yml | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 0fe997598..34c5ade8d 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -239,6 +239,17 @@ iiab_lan_iface: "{{ iiab_wireless_lan_iface }}" when: iiab_wireless_lan_iface is defined and nobridge is defined +- name: Detect WiFi country code in use + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -295,6 +306,8 @@ value: "{{ iiab_wan_iface }}" - option: can_be_ap value: "{{ can_be_ap }}" + - option: host_country_code_found + value: "{{ host_country_code }}" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index afc3d701c..ac5df14d9 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,17 +9,6 @@ enabled: no when: not hostapd_enabled -- name: Detect WiFi country code in use - shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" - register: REG_DOM - ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - -- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present - set_fact: - host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel From fa8cc5637e044f4cf46ebf96c0db51e96cbf356b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 12 Jan 2025 10:26:51 -0600 Subject: [PATCH 802/937] move channel detection also --- roles/network/tasks/detected_network.yml | 16 ++++++++++++++++ roles/network/tasks/hostapd.yml | 16 ---------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 34c5ade8d..aaaf06a7e 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -250,6 +250,11 @@ host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 +- name: Detect current Wifi channel + shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 + register: current_client_channel + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -309,6 +314,17 @@ - option: host_country_code_found value: "{{ host_country_code }}" +- name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: client_wifi_channel_found + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined + # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired - name: I'm not guessing declare gateway please diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index ac5df14d9..67e04f798 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,11 +9,6 @@ enabled: no when: not hostapd_enabled -- name: Detect current Wifi channel - shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 - register: current_client_channel - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: host_channel: "{{ current_client_channel.stdout }}" @@ -120,14 +115,3 @@ value: "{{ host_country_code }}" - option: host_channel value: "{{ host_channel }}" - -- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} - ini_file: - dest: "{{ iiab_ini_file }}" - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined From a9c916e2199988c63faf2c4d51449d627d0dc108 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 8 Jan 2025 19:26:32 -0600 Subject: [PATCH 803/937] dont start hostapd when no_net_restart is True --- roles/network/tasks/restart.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index ec1dda7b6..9220e2d92 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -28,12 +28,12 @@ state: restarted when: wifi_up_down and can_be_ap and ansible_ap0 is undefined -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd state: restarted daemon_reload: yes - when: hostapd_enabled and (wifi_up_down or not no_net_restart) + when: hostapd_enabled and not no_net_restart # 2022-07-22: @jvonau suggests commenting this out as: "we really don't touch # any of the config files... netplan.yml renames one file if it's a container @@ -107,7 +107,7 @@ systemd: name: hostapd state: restarted - when: hostapd_enabled and wifi_slave.stdout is defined and wifi_slave.stdout == 0 + when: hostapd_enabled and not no_net_restart and wifi_slave.stdout is defined and wifi_slave.stdout == 0 #both interfaces.d and systemd-networkd should have br0 available and Appliance lacks br0 #keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address From fb008640ef031e476f8b11262e8a724b4a027880 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 8 Jan 2025 23:49:37 -0600 Subject: [PATCH 804/937] deal with tailscale0 --- roles/network/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 82de51aff..6b81d5a58 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -55,7 +55,7 @@ strict_networking: False iiab_demo_mode: False gui_static_wan: False wan_cidr: "" -virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" +virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e tailscale0" # Set defaults for discovery process as strings wifi1: "not found-1" From e75a8e5449e58b672fa776202411ea2755406af4 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Mon, 13 Jan 2025 19:43:02 -0500 Subject: [PATCH 805/937] set www_data poweroff false with rename --- roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml | 2 +- roles/www_options/tasks/main.yml | 16 ++++++++-------- roles/www_options/tasks/php-settings.yml | 2 +- ...ache_poweroff.j2 => 020_www_data_poweroff.j2} | 0 vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- 10 files changed, 21 insertions(+), 21 deletions(-) rename roles/www_options/templates/{020_apache_poweroff.j2 => 020_www_data_poweroff.j2} (100%) diff --git a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml index e39bea703..a28c2da61 100644 --- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml +++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml @@ -8,7 +8,7 @@ # apache_interface: 127.0.0.1 # Make this False to disable http://box/common/services/power_off.php button: -# allow_www_data_sudo: True +# allow_www_data_poweroff: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 2319c58f5..5795ea7e6 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -77,22 +77,22 @@ # COMPARE nginx_high_php_limits further above. -# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_sudo) PRESUMABLY WORK +# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_poweroff) PRESUMABLY WORK # WITH NGINX TOO ? (The single-click poweroff button on IIAB's home # page certainly does still work with NGINX.) -- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template +- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_www_data_poweroff from template template: - src: 020_apache_poweroff.j2 - dest: /etc/sudoers.d/020_apache_poweroff + src: 020_www_data_poweroff.j2 + dest: /etc/sudoers.d/020_www_data_poweroff mode: '0440' - when: allow_www_data_sudo + when: allow_www_data_poweroff -- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff +- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_www_data_poweroff file: - path: /etc/sudoers.d/020_apache_poweroff + path: /etc/sudoers.d/020_www_data_poweroff state: absent - when: not allow_www_data_sudo + when: not allow_www_data_poweroff # 2022-06-30: internet_available var removed diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 184c07b21..23c85d24b 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -207,4 +207,4 @@ # name: php{{ php_version }}-fpm # state: restarted -# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_sudo conditionals below. +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_poweroff conditionals below. diff --git a/roles/www_options/templates/020_apache_poweroff.j2 b/roles/www_options/templates/020_www_data_poweroff.j2 similarity index 100% rename from roles/www_options/templates/020_apache_poweroff.j2 rename to roles/www_options/templates/020_www_data_poweroff.j2 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4e61819a2..4494cbd72 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -274,7 +274,7 @@ nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # roles/www_base runs here (mandatory) @@ -341,7 +341,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False apache_service: apache2 apache_user: www-data # Admin Console uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index ac2e78128..920cf7ba1 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 45d6db53f..d997362a4 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -13,7 +13,7 @@ munin_enabled: True vnstat_install: True vnstat_enabled: True usb_lib_umask0000_for_kolibri: False -allow_www_data_sudo: True +allow_www_data_poweroff: False # By default # kiwix # awstats diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index c12fcb04f..a554dc34b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 88253e035..8689b3ae9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 39d8cf05c..30720a49e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -178,7 +178,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -225,7 +225,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: True From 2981a7deaa5df95dfc5064e68c84901ac2a4a1c0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2025 22:19:43 -0500 Subject: [PATCH 806/937] hostapd.yml: "Disable the Access Point 'hostapd' service if hostapd_enabled False" --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 67e04f798..c845bd637 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -3,7 +3,7 @@ hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap -- name: Disable the Access Point 'hostapd' service hostapd_enabled False +- name: Disable the Access Point 'hostapd' service if hostapd_enabled False systemd: name: hostapd enabled: no From a16be49be576b2f059a384c895c32ae3bd02b9dd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 15 Jan 2025 03:16:16 -0600 Subject: [PATCH 807/937] add recording of firmware selection and force wifi_up_down false when required --- roles/network/tasks/detected_network.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index aaaf06a7e..bd657010b 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -255,6 +255,11 @@ register: current_client_channel when: wifi_up_down and can_be_ap and has_wifi_gateway is defined +- name: Forcing wifi_up_down to False based on firmware selection "24" + set_fact: + wifi_up_down: False + when: rpi3bplus_rpi4_wifi_firmware == "24" + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -313,6 +318,10 @@ value: "{{ can_be_ap }}" - option: host_country_code_found value: "{{ host_country_code }}" + - option: firmware_option_1 + value: "{{ rpi3bplus_rpi4_wifi_firmware }}" + - option: firmware_option_2 + value: "{{ rpizerow_rpi3_wifi_firmware }}" - name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} ini_file: From 3bb41e2e07fbc0d40027e1b2e0eabd38640549d1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 15 Jan 2025 03:17:01 -0600 Subject: [PATCH 808/937] move firmware replacement --- roles/network/tasks/main.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 7e2f1eabb..221ea61b6 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,8 +1,3 @@ -- name: Select RPi firmware mode - include_role: - name: firmware - when: rpi_model != "none" - - name: detected_network include_tasks: detected_network.yml @@ -108,6 +103,10 @@ # end block when: network_installed is defined and network_enabled +- name: Select RPi firmware mode + include_role: + name: firmware + when: rpi_model != "none" - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: From d52fe013cd07b8bef45d070237c535ec72861f37 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 16 Jan 2025 07:07:51 -0600 Subject: [PATCH 809/937] don't restart wpa_supplicant when network_manager_active is set --- roles/network/tasks/restart.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 9220e2d92..5902f5d50 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -12,7 +12,7 @@ state: restarted with_items: - wpa_supplicant - when: wifi_up_down and hostapd_enabled + when: wifi_up_down and hostapd_enabled and not network_manager_active - name: Enable & Restart networkd-dispatcher.service systemd: From ca22622c7d30b4981f4ebfe679bbd6d8d1aac777 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 Jan 2025 09:51:32 -0500 Subject: [PATCH 810/937] detected_network.yml: Record WiFi firmware vars (43430 & 43455) --- roles/network/tasks/detected_network.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index bd657010b..ba104f5d6 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -318,10 +318,10 @@ value: "{{ can_be_ap }}" - option: host_country_code_found value: "{{ host_country_code }}" - - option: firmware_option_1 - value: "{{ rpi3bplus_rpi4_wifi_firmware }}" - - option: firmware_option_2 - value: "{{ rpizerow_rpi3_wifi_firmware }}" + - option: wifi_firmware_43430 + value: "{{ rpizerow_rpi3_wifi_firmware }}" + - option: wifi_firmware_43455 + value: "{{ rpi3bplus_rpi4_wifi_firmware }}" - name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} ini_file: From a5e90f65111f11d2976a861bcf43e44499460643 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 Jan 2025 09:54:44 -0500 Subject: [PATCH 811/937] network/tasks/main.yml: Blank line --- roles/network/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 221ea61b6..bb05482f5 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -108,6 +108,7 @@ name: firmware when: rpi_model != "none" + - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" From f8b743dafc003cecb57043eea42295ddf12649d3 Mon Sep 17 00:00:00 2001 From: avni Date: Fri, 17 Jan 2025 09:34:15 +0100 Subject: [PATCH 812/937] error.php, index.php, upload-file.php, upload2usb.php: Updating error message to refer to FAQs, titles to be more succinct, adding exception when directory can't be created. --- roles/usb_lib/files/upload/error.php | 4 ++-- roles/usb_lib/files/upload/index.php | 2 +- roles/usb_lib/files/upload/upload-file.php | 2 +- roles/usb_lib/files/upload/upload2usb.php | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index 75d4f5a2d..c5210d229 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -6,10 +6,10 @@ ?> -AN ERROR occurred! Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Reach out to TK for help if you have any questions or continue having trouble with the setup. +ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQs for additional support: FAQ #4 - Can teachers display their own content?, FAQ #49 - What are the best places for community support?. +

-Share the below error message with IIAB developers at TK for debugging:
diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index 670d8499e..e77b079ff 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -4,7 +4,7 @@ * Upload2USB App Index Page */ -$title = "IIAB Upload to USB"; +$title = "Upload to USB"; include("header.php"); //Check if folder for today exists, and get file count if it does diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index d86f9aa60..0d132d1d3 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -4,7 +4,7 @@ * Upload2USB App - Process Submission */ -$title = "IIAB Upload to USB App Results"; +$title = "Upload to USB Results"; include("header.php"); //get folder path where file will be stored diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index 3de51297d..31623ea6f 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -20,15 +20,15 @@ function getTargetUSBDriveLocation () { # error if 1<>usb sticks are installed $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); if ($rmv_usb_path_count == 0) { - throw new RuntimeException('0 USB sticks found

'); + throw new RuntimeException('0 USB sticks found.

'); } elseif ($rmv_usb_path_count > 1) { - throw new RuntimeException('More than 1 USB sticks installed

'); + throw new RuntimeException('More than 1 USB sticks installed.

'); } $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); if (empty($rmv_usb_path)) { - throw new RuntimeException('Not able to find USB stick

'); + throw new RuntimeException('Not able to find USB stick.

'); } else { return $rmv_usb_path . "/"; } @@ -42,7 +42,7 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777); + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_umask0000_for_kolibri' is set to 'True'.

"); } return $target_folder_path; } From ebbe9c066e8bb5e45cea30cca956c0eb82efaf96 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jan 2025 10:16:37 -0500 Subject: [PATCH 813/937] iiab-diagnostics: wpa_supplicant, NetworkManager, dmesg | grep Firmware --- scripts/iiab-diagnostics | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 47a1ae015..248cbb70d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -219,11 +219,14 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' +cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' +cat_cmd 'journalctl -b | grep NetworkManager' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' -cat_cmd 'lspci -nn' 'Devices on PCI buses' +cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' From 59f1d1b090e11e8c9c0bdecc31fcd7de551d56ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jan 2025 10:23:36 -0500 Subject: [PATCH 814/937] iiab-diagnostics: rpi-eeprom-update to show bootloader version --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 248cbb70d..d1e6e0b2b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -195,6 +195,7 @@ echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' +cat_cmd 'rpi-eeprom-update' 'RPi Bootloader EEPROM' cat_cmd 'df -h' 'Disk usage' cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' From 720e328ab6c35167b7cbbd02b528a75fd9ef61c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jan 2025 10:55:43 -0500 Subject: [PATCH 815/937] iiab-diagnostics: Cap NetworkManager logging at 100 lines for now --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d1e6e0b2b..51063f9f7 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -221,7 +221,7 @@ cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' -cat_cmd 'journalctl -b | grep NetworkManager' 'NetworkManager log since boot' +cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' From d09842245b16b2baa8d64e02c5aaabb8d2693e78 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jan 2025 13:09:48 -0500 Subject: [PATCH 816/937] iiab-diagnostics: Clarify RPi WiFi firmware / HW models --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 51063f9f7..273bdd495 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -224,8 +224,8 @@ cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' -cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' -cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' +cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'WiFi firmware for: RPi 3 B+, 4, 5 & 500' cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' From 271da50114dfc80f983d513cb3597c4e12f683ea Mon Sep 17 00:00:00 2001 From: avni Date: Fri, 17 Jan 2025 23:03:01 +0100 Subject: [PATCH 817/937] upload-file.php: Allow upload of redundant files --- roles/usb_lib/files/upload/upload-file.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 0d132d1d3..0b92ee4e5 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -20,15 +20,17 @@ if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_n } elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; $upload_ok = 0; -} elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { - $upload_msg = "This file already exists!"; - $upload_ok = 0; } elseif (file_exists($target_file)) { // rename file so name is unique $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); $target_file = $target_folder_path . "/" . $new_filename; } +#elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { +# $upload_msg = "This file already exists!"; +# $upload_ok = 0; +#} + // Check if $upload_ok is set to 0 by an error if ($upload_ok == 0) { $upload_msg = "❌ Your file was not uploaded. " . $upload_msg; From a81856db5d3f056c781478cacd09e6157627c6bc Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 00:09:09 -0500 Subject: [PATCH 818/937] iiab-diagnostics: Cleaner output if COMMAND NOT FOUND --- scripts/iiab-diagnostics | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 273bdd495..eae728eac 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -101,10 +101,18 @@ function cat_cmd() { # $1 = command + params, $2 = explanation spc_params=$(echo "$1" | sed 's/^\s*\S\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim #spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) - if [[ $2 == "" ]]; then - echo "COMMAND: $path_cmd$spc_params" >> $outfile + if [[ $path_cmd == "" ]]; then + if [[ $2 == "" ]]; then + echo "COMMAND: $1" >> $outfile + else + echo "COMMAND: $1 # $2" >> $outfile + fi else - echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile + if [[ $2 == "" ]]; then + echo "COMMAND: $path_cmd$spc_params" >> $outfile + else + echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile + fi fi echo >> $outfile if [[ $path_cmd == "" ]]; then From 803197e8179774ebf67a21b3680af29fccf4862e Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 00:23:47 -0500 Subject: [PATCH 819/937] iiab-diagnostics.README.md: Update key line numbers --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index fa6c560e5..8e60124a3 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-256 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-268 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From d6b7114afc168989202e18f02d6a16c2b3ebd2c5 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 01:35:36 -0500 Subject: [PATCH 820/937] CI: Revert ARM tests to run on Ubuntu 22.04 for now --- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- ...aspios.yml => 30min-iiab-test-install-raspios-on-zero2w.yml} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{30min-iiab-test-install-raspios.yml => 30min-iiab-test-install-raspios-on-zero2w.yml} (99%) diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index 9940b2781..403b1e7a7 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: matrix: arch: [debian12] diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml similarity index 99% rename from .github/workflows/30min-iiab-test-install-raspios.yml rename to .github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index ea89758ed..9a51536ab 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: matrix: arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] From 66fd7fad394c5fee13e4572647fb029823179bc8 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 01:46:50 -0500 Subject: [PATCH 821/937] Cleaner 30min-iiab-test-install-raspios-on-zero2w.yml --- .../30min-iiab-test-install-raspios-on-zero2w.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index 9a51536ab..63105bd68 100644 --- a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install raspios' +name: '"30 min" IIAB test install raspios on zero2w' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html @@ -65,13 +65,13 @@ jobs: uname -a # uname -srm whoami # Typically 'root' instead of 'runner' pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} - sudo apt-get update -y --allow-releaseinfo-change - sudo apt-get install --no-install-recommends -y git + apt-get update -y --allow-releaseinfo-change + apt-get install --no-install-recommends -y git ls /opt/iiab/iiab - sudo mkdir /etc/iiab - sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml - sudo /opt/iiab/iiab/scripts/ansible - sudo ./iiab-install + mkdir /etc/iiab + cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + /opt/iiab/iiab/scripts/ansible + ./iiab-install cd /opt/iiab/iiab iiab-summary cat /etc/iiab/iiab_state.yml From 6f63de16223a3bcae3003972c664f120de103221 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 02:42:28 -0500 Subject: [PATCH 822/937] Clarify & tighten up all 3 GHA workflow names (titles) --- .github/workflows/10min-iiab-test-install.yml | 2 +- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- .github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 24dfc6c79..d2b8bd056 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -1,4 +1,4 @@ -name: '"10 min" IIAB test install' +name: '"10 min" IIAB on Ubuntu 24.04 on x86-64' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index 403b1e7a7..a8703346e 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install deb12 on rpi3' +name: '"30 min" IIAB on Debian 12 on RPi 3' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html diff --git a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index 63105bd68..9b521fee6 100644 --- a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install raspios on zero2w' +name: '"30 min" IIAB on RasPiOS on Zero 2 W' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html From f60a61ea4bfa1f83ef74d6fdd43e1303f1763303 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 18 Jan 2025 14:04:33 -0600 Subject: [PATCH 823/937] replace is_raspbian with dhcpcd_result == enabled --- roles/network/templates/hostapd/iiab-hotspot-off | 4 ++-- roles/network/templates/hostapd/iiab-hotspot-on | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 25a5053be..fb45603a6 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -14,7 +14,7 @@ echo " IIAB hotspot access point Disabled" #exit 0 {% else %} echo " IIAB hotspot access point Disabled" -{% if is_raspbian %} +{% if dhcpcd_result == "enabled" %} # hotspot-off before ap0_updown sed -i "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf #systemctl disable dnsmasq @@ -37,7 +37,7 @@ fi echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" #exit 0 {% endif %} -#is_raspbian +#if dhcpcd_result == "enabled" {% endif %} #wifi_up_down {% endif %} diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 03ca2d4ae..35ccc7adf 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -16,7 +16,7 @@ systemctl enable hostapd systemctl enable iiab-wifi-test.service #exit 0 {% else %} -{% if is_raspbian %} +{% if dhcpcd_result == "enabled" %} # just do what we have always done in hotspot-on cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf @@ -44,7 +44,7 @@ fi systemctl enable hostapd #exit 0 {% endif %} -#is_raspbian +#if dhcpcd_result == "enabled" {% endif %} #wifi_up_down {% endif %} From 9426e6ac98802ebbfdd8a2c74d964a9a6f0b5293 Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 19 Jan 2025 08:21:27 +0100 Subject: [PATCH 824/937] upload-file.php: throw error when user uploads a file that has the same content and name as an already uploaded file on the same day. --- roles/usb_lib/files/upload/upload-file.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 0b92ee4e5..510a308ab 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -21,15 +21,16 @@ if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_n $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; $upload_ok = 0; } elseif (file_exists($target_file)) { - // rename file so name is unique - $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); - $target_file = $target_folder_path . "/" . $new_filename; -} -#elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { -# $upload_msg = "This file already exists!"; -# $upload_ok = 0; -#} + if (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "This file already exists!"; + $upload_ok = 0; + } else { + // rename file so name is unique + $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); + $target_file = $target_folder_path . "/" . $new_filename; + } +} // Check if $upload_ok is set to 0 by an error if ($upload_ok == 0) { From e4bdc4ddabc50ef89bfafe6c112c367076b5956f Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 19 Jan 2025 09:04:01 +0100 Subject: [PATCH 825/937] install.yml: add comment that usb_lib_umask0000_for_kolibri must be set to true in order to write to USB sticks. --- roles/usb_lib/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 670c2f61a..94d9b5e9a 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,6 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) +# usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 0994a5786d87b96f56cfdd4461725caa1a29108d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 20 Jan 2025 08:27:49 -0600 Subject: [PATCH 826/937] detect Firmware rejected country setting --- roles/network/defaults/main.yml | 1 + roles/network/tasks/detected_network.yml | 26 +++++++++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 6b81d5a58..100b1f6ff 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -71,6 +71,7 @@ iiab_lan_iface: none discovered_lan_iface: none discovered_wired_iface: none discovered_wireless_iface: none +host_country_code_found: unset # Red Hat #iiab_wired_lan_iface: "none" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index ba104f5d6..f75ad3f06 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -243,12 +243,16 @@ shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set host_country_code_found + set_fact: + host_country_code_found: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 and wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 @@ -260,6 +264,11 @@ wifi_up_down: False when: rpi3bplus_rpi4_wifi_firmware == "24" +- name: Detect "Firmware rejected country setting" in dmesg + shell: dmesg | grep ieee80211 | grep "Firmware rejected country setting" + register: FW_rejected_country + ignore_errors: True + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -317,7 +326,7 @@ - option: can_be_ap value: "{{ can_be_ap }}" - option: host_country_code_found - value: "{{ host_country_code }}" + value: "{{ host_country_code_found }}" - option: wifi_firmware_43430 value: "{{ rpizerow_rpi3_wifi_firmware }}" - option: wifi_firmware_43455 @@ -334,6 +343,17 @@ value: "{{ current_client_channel.stdout }}" when: current_client_channel.stdout is defined +- name: Add 'detected_network' variable 'FW_rejected_country' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: FW_rejected_country + value: "{{ host_country_code_found }}" + when: FW_rejected_country.stdout is defined + # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired - name: I'm not guessing declare gateway please From f15a50610ee446ed966eeb95c65f5678d5eaf9a2 Mon Sep 17 00:00:00 2001 From: avni Date: Wed, 22 Jan 2025 05:18:41 +0100 Subject: [PATCH 827/937] install.yml: Adding instructions on how to unmount and mount drive manually if writing to the USB stick still doesn't work. --- roles/usb_lib/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 94d9b5e9a..181bd8819 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -8,6 +8,7 @@ # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) # usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 0caa16491df4df543e94813bad138e48ed65aac6 Mon Sep 17 00:00:00 2001 From: Avni Khatri/Fein Date: Tue, 21 Jan 2025 23:27:45 -0500 Subject: [PATCH 828/937] install.yml: adding e.g. to make clear that variable doesn't have to be in local_vars.yml" roles/usb_lib/tasks/install.yml Co-authored-by: A Holt --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 94d9b5e9a..f5172b190 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,7 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_umask0000_for_kolibri (e.g. in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From f79a43e305675ae2178266921573f72be0d98f98 Mon Sep 17 00:00:00 2001 From: avni Date: Wed, 22 Jan 2025 10:16:21 +0100 Subject: [PATCH 829/937] install.yml: merging comments related to usb_lib_umask0000_for_kolibri --- roles/usb_lib/tasks/install.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index afc36e4f8..e435719dc 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,8 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) - -# usb_lib_umask0000_for_kolibri (e.g. in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_umask0000_for_kolibri (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks # If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). From 335d8ad4c1551db1725b0532b815f387e3899177 Mon Sep 17 00:00:00 2001 From: avni Date: Wed, 22 Jan 2025 10:22:38 +0100 Subject: [PATCH 830/937] nginx/templates/iiab.conf.j2, usb_lib/files/upload/button.html: Adding button to upload2usb app on every usb/ directory listing page. --- roles/nginx/templates/iiab.conf.j2 | 2 ++ roles/usb_lib/files/upload/button.html | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 roles/usb_lib/files/upload/button.html diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index df2fc6a94..e25a2b08c 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,10 +5,12 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; + add_before_body /usb/upload/button.html; } location /local_content/ { fancyindex on; # autoindex on; + add_before_body /usb/upload/button.html; } location /info { diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html new file mode 100644 index 000000000..276baa839 --- /dev/null +++ b/roles/usb_lib/files/upload/button.html @@ -0,0 +1,19 @@ + +Upload to USB From 01baaa661a7e274c451198ab80b3bacdb3bb1411 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 Jan 2025 16:53:44 -0500 Subject: [PATCH 831/937] iiab-diagnostics: Refine 3+ 'sudo dmesg | grep ...' cmds --- scripts/iiab-diagnostics | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index eae728eac..6f93f0359 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -201,6 +201,7 @@ cat_dir /etc/netplan # Redacts most passwords above echo -e "\n 4. Output of Commands:\n" echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' +cat_cmd 'sudo dmesg | grep -i "command line:"' 'Kernel boot parameters' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' cat_cmd 'rpi-eeprom-update' 'RPi Bootloader EEPROM' @@ -230,11 +231,11 @@ cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' -#cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' +#cat_cmd 'sudo dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +cat_cmd 'sudo dmesg | grep Firmware:' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'WiFi firmware for: RPi 3 B+, 4, 5 & 500' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'sudo dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' From 765e1cd4b1060d787e7b580e2368e3701eac9c98 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 Jan 2025 17:42:56 -0500 Subject: [PATCH 832/937] iiab-diagnostics: Use sudo with journalctl (in all 6 cases_ --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 6f93f0359..ca1ee4d67 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,8 +229,8 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' -cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' -cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' +cat_cmd 'sudo journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' +cat_cmd 'sudo journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'sudo dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'sudo dmesg | grep Firmware:' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' @@ -245,10 +245,10 @@ cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorat cat_cmd 'sudo lb --version' 'xklb version' cat_cmd 'sudo yt-dlp --version' 'yt-dlp version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' -cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' +cat_cmd 'sudo journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 cat_tail /var/log/xklb.log 300 -cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' +cat_cmd 'sudo journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" From 89a06d6e5e5706a81faf5345acc7cb8bef785a84 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 Jan 2025 18:26:43 -0500 Subject: [PATCH 833/937] Update iiab-diagnostics.README.md for PR #3909 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 8e60124a3..f766e922e 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-268 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-269 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From ad175fb3caf50a66935afbcef7616ea18affff56 Mon Sep 17 00:00:00 2001 From: avni Date: Thu, 23 Jan 2025 06:19:13 +0100 Subject: [PATCH 834/937] index.php, upload-file.php: change 'submit' to 'upload' in user-facing text --- roles/usb_lib/files/upload/index.php | 2 +- roles/usb_lib/files/upload/upload-file.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index e77b079ff..6eab98dbf 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -15,7 +15,7 @@ $file_count = getFileCount(getTargetFolderPath(0));



- +

files have been uploaded today! diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 510a308ab..a3c6e9674 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -15,10 +15,10 @@ $upload_ok = 1; $upload_msg = ""; if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_name'])) { - $upload_msg = "No file submitted!"; + $upload_msg = "No file uploaded!"; $upload_ok = 0; } elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { - $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; + $upload_msg = "You cannot upload zips, executables, xml, or binary files!"; $upload_ok = 0; } elseif (file_exists($target_file)) { @@ -50,7 +50,7 @@ $file_count = getFileCount($target_folder_path); ?>
- files have been submitted today! + files have been uploaded today! From 91533f5fb3eb4a4e2eda0d807cfacbb6cec8b7a1 Mon Sep 17 00:00:00 2001 From: avni Date: Thu, 23 Jan 2025 06:19:25 +0100 Subject: [PATCH 835/937] iiab.conf.j2: modify config to route /usb/upload/*.php to the upload2usb app! --- roles/nginx/templates/iiab.conf.j2 | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index e25a2b08c..e3fdee774 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,7 +5,20 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /usb/upload/button.html; +} + +location ~ ^/usb/upload/(.*)\.php$ { + alias /library/www/html/local_content/upload/$1.php; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + include fastcgi_params; } location /local_content/ { From 68dafdbc399bd493bee8cd5b2c6a55cb707e9846 Mon Sep 17 00:00:00 2001 From: avni Date: Thu, 23 Jan 2025 06:27:32 +0100 Subject: [PATCH 836/937] button.html: change button href to point to /usb/upload instead of /local_content/upload --- roles/usb_lib/files/upload/button.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html index 276baa839..658f74fb2 100644 --- a/roles/usb_lib/files/upload/button.html +++ b/roles/usb_lib/files/upload/button.html @@ -16,4 +16,4 @@ color: #ddd; } -Upload to USB +Upload to USB From 6dfda009e424dbdcb4531433c2d752364cd2edf7 Mon Sep 17 00:00:00 2001 From: avni Date: Thu, 23 Jan 2025 06:51:43 +0100 Subject: [PATCH 837/937] upload2usb.php: allow all word files, be more specific about xml mimetypes; log error message if user uploads invalid mimetype --- roles/usb_lib/files/upload/upload2usb.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index 31623ea6f..f2b3aa883 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -55,9 +55,10 @@ function getFileCount ($folder_path) { //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "octet", "xml", "zip"); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml", "zip"); foreach ($invalid_mimetypes_str as $invalid_mt_str) { if (str_contains($mimetype, $invalid_mt_str)) { + error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); return false; } } From 0cc63d8895dd6b07dcee71a61db2c3dbd8304151 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 23 Jan 2025 02:38:56 -0600 Subject: [PATCH 838/937] detect cmdline country code passed --- roles/network/tasks/detected_network.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index f75ad3f06..5e95182d3 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -269,6 +269,11 @@ register: FW_rejected_country ignore_errors: True +- name: Detect country code passed from cmdline + shell: dmesg | awk -F cfg80211.ieee80211_regdom= '{print $2}' + register: cmdline_country_code + ignore_errors: True + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -351,7 +356,7 @@ value: "{{ item.value | string }}" with_items: - option: FW_rejected_country - value: "{{ host_country_code_found }}" + value: "{{ cmdline_country_code }}" when: FW_rejected_country.stdout is defined # well if there ever was a point to tell the user things are FUBAR this is it. From eb21c8654aa4a24d6be41e9dab43f35609c5ba03 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 23 Jan 2025 06:45:38 -0600 Subject: [PATCH 839/937] UNSET --- roles/network/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 100b1f6ff..593f14922 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -71,7 +71,8 @@ iiab_lan_iface: none discovered_lan_iface: none discovered_wired_iface: none discovered_wireless_iface: none -host_country_code_found: unset +# use the same case as what `iw reg get` would return with 00 present +host_country_code_found: UNSET # Red Hat #iiab_wired_lan_iface: "none" From 999127339102c443a6d2ed9a7612f5ea2a552b73 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 23 Jan 2025 12:36:55 -0600 Subject: [PATCH 840/937] grep & stdout --- roles/network/tasks/detected_network.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 5e95182d3..e4ec63bd8 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -269,8 +269,8 @@ register: FW_rejected_country ignore_errors: True -- name: Detect country code passed from cmdline - shell: dmesg | awk -F cfg80211.ieee80211_regdom= '{print $2}' +- name: Detect country code passed from cmdline in dmesg + shell: dmesg | grep ieee80211 | awk -F cfg80211.ieee80211_regdom= '{print $2}' register: cmdline_country_code ignore_errors: True @@ -356,7 +356,7 @@ value: "{{ item.value | string }}" with_items: - option: FW_rejected_country - value: "{{ cmdline_country_code }}" + value: "{{ cmdline_country_code.stdout }}" when: FW_rejected_country.stdout is defined # well if there ever was a point to tell the user things are FUBAR this is it. From dcc9862527f92153ba90affaabdfdc436eb7722f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 23 Jan 2025 15:36:19 -0600 Subject: [PATCH 841/937] use systemd-udev-trigger.service --- roles/usb_lib/templates/usbmount@.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 34d75d9f3..52da18ba5 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -1,7 +1,7 @@ [Unit] BindTo=%i.device After=%i.device -After=rc-local.service +After=systemd-udev-trigger.service [Service] #Type=oneshot From e319b394e87177ccf440d62077c9baab2fee735f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 24 Jan 2025 08:14:42 -0600 Subject: [PATCH 842/937] Update roles/network/tasks/detected_network.yml future proof Co-authored-by: A Holt --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index e4ec63bd8..a5fc5eaf0 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -270,7 +270,7 @@ ignore_errors: True - name: Detect country code passed from cmdline in dmesg - shell: dmesg | grep ieee80211 | awk -F cfg80211.ieee80211_regdom= '{print $2}' + shell: dmesg | grep -m1 'cfg80211\.ieee80211_regdom=' | awk -F 'cfg80211\.ieee80211_regdom=' '{print $2}' register: cmdline_country_code ignore_errors: True From eecf6f83064c3eda3c5574711720b2d28fd6a4d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 24 Jan 2025 10:06:30 -0500 Subject: [PATCH 843/937] Wifi Country Code might in the middle of dmesg line (not on the right) --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index a5fc5eaf0..1663f8c39 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -270,7 +270,7 @@ ignore_errors: True - name: Detect country code passed from cmdline in dmesg - shell: dmesg | grep -m1 'cfg80211\.ieee80211_regdom=' | awk -F 'cfg80211\.ieee80211_regdom=' '{print $2}' + shell: dmesg | grep -om1 'cfg80211\.ieee80211_regdom=\S*' | cut -d= -f2 register: cmdline_country_code ignore_errors: True From 3b9edfdfc0282cb2218bdcb3a3147302991b50a7 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 07:13:09 +0100 Subject: [PATCH 844/937] multiple files in vars/ and usb_lib/: rename usb_lib_umask0000_for_kolibri to usb_lib_writable_sticks so it is more generally applicable --- roles/usb_lib/README.rst | 2 +- roles/usb_lib/defaults/main.yml | 4 ++-- roles/usb_lib/files/upload/upload2usb.php | 2 +- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/tasks/main.yml | 14 +++++++------- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 2 +- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 22fd711d2..54d9714ca 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri and other app exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) `_ documentation: diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index 2a4b19308..c53591f8f 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -5,8 +5,8 @@ # iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -# usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# usb_lib_writable_sticks: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index f2b3aa883..cfd87775f 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -42,7 +42,7 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_umask0000_for_kolibri' is set to 'True'.

"); + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_writable_sticks' is set to 'True'.

"); } return $target_folder_path; } diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..4e40a99eb 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,7 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_umask0000_for_kolibri (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks # If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 7836f2d3a..52d192da8 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -32,28 +32,28 @@ # If setup.yml becomes the norm in future, put the 2-3 stanzas below in there: -- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri exports work" +- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"' path: /etc/usbmount/usbmount.conf - when: usb_lib_umask0000_for_kolibri + when: usb_lib_writable_sticks # Setting 'umask=0000' for all filesystems: (much the same thing as above, as # the mount command does not use this umask setting for filesystems like ext4) -#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work" +#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" # lineinfile: # regexp: '^MOUNTOPTIONS=.*' # line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"' # path: /etc/usbmount/usbmount.conf -# when: usb_lib_umask0000_for_kolibri +# when: usb_lib_writable_sticks - name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole path: /etc/usbmount/usbmount.conf - when: not usb_lib_umask0000_for_kolibri + when: not usb_lib_writable_sticks - name: Enable/Disable/Restart NGINX @@ -88,5 +88,5 @@ value: "{{ usb_lib_install }}" - option: usb_lib_enabled value: "{{ usb_lib_enabled }}" - - option: usb_lib_umask0000_for_kolibri - value: "{{ usb_lib_umask0000_for_kolibri }}" + - option: usb_lib_writable_sticks + value: "{{ usb_lib_writable_sticks }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4494cbd72..11ed238a7 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -310,8 +310,8 @@ usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True systemd_location: /lib/systemd/system # 2-common iiab-startup also uses # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 920cf7ba1..91b744051 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: True diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index d997362a4..445c9bb2f 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -12,7 +12,7 @@ munin_install: True munin_enabled: True vnstat_install: True vnstat_enabled: True -usb_lib_umask0000_for_kolibri: False +usb_lib_writable_sticks: False allow_www_data_poweroff: False # By default # kiwix diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a554dc34b..f55dd8ce8 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8689b3ae9..5cfa34bec 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 30720a49e..89accf217 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -202,7 +202,7 @@ bluetooth_term_enabled: False iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False From 286890b0d097e84ab404e8f40dc25432f3009d6d Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 08:14:44 +0100 Subject: [PATCH 845/937] error.php: updating FAQ reference to refer to new upload2usb-specific FAQ. --- roles/usb_lib/files/upload/error.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index c5210d229..2e51003e0 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -5,8 +5,7 @@ */ ?> - -ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQs for additional support: FAQ #4 - Can teachers display their own content?, FAQ #49 - What are the best places for community support?. +ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, Can students upload their own work?, for additional support.

From 44e2772ccc4eec963ed610f0b94cde422a990b71 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 09:44:02 -0500 Subject: [PATCH 846/937] Update README to clarify Kolibri exports --- roles/usb_lib/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 54d9714ca..bb8b82e4e 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri and other app exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) `_ documentation: From 7c2f0c9c6ef42ef2ffe44f230d8245555d7de979 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 21:30:36 +0100 Subject: [PATCH 847/937] usb_lib/*, vars/*: prevent Cheating (Copying) of homeworks, when teacher creates 'PUBLIC' folder on their USB stick --- roles/usb_lib/files/upload/error.php | 2 +- roles/usb_lib/tasks/install.yml | 6 +- roles/usb_lib/tasks/main.yml | 11 +-- roles/usb_lib/tasks/nginx.yml | 32 +++++---- roles/usb_lib/templates/iiab-clean-usb.sh | 4 +- ...l-off => iiab-usb_lib-show-all-off.unused} | 0 ...all-on => iiab-usb_lib-show-all-on.unused} | 0 .../usb_lib/templates/mount.d/70-usb-library | 72 ------------------- .../templates/mount.d/70-usb-library.j2 | 45 ++++++++++++ .../70-usb-library | 4 +- vars/default_vars.yml | 3 +- vars/local_vars_large.yml | 3 +- vars/local_vars_medium.yml | 3 +- vars/local_vars_small.yml | 3 +- vars/local_vars_unittest.yml | 3 +- 15 files changed, 85 insertions(+), 106 deletions(-) rename roles/usb_lib/templates/{iiab-usb_lib-show-all-off => iiab-usb_lib-show-all-off.unused} (100%) rename roles/usb_lib/templates/{iiab-usb_lib-show-all-on => iiab-usb_lib-show-all-on.unused} (100%) delete mode 100644 roles/usb_lib/templates/mount.d/70-usb-library create mode 100644 roles/usb_lib/templates/mount.d/70-usb-library.j2 rename roles/usb_lib/templates/{umount.d => umount.d.unused}/70-usb-library (75%) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index 2e51003e0..46dd0e667 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -5,7 +5,7 @@ */ ?> -ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, Can students upload their own work?, for additional support. +ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, "Can students upload their own work?", for additional support.

diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..f4c5d671e 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -75,8 +75,6 @@ with_items: - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - - { src: 'iiab-usb_lib-show-all-on', dest: '/usr/bin/', mode: '0755' } - - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } - name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' @@ -90,7 +88,7 @@ - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload" # /library/www/html + dest: "{{ doc_root }}/local_content/upload/" # /library/www/html with_fileglob: - upload/* diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 7836f2d3a..af9d22790 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,11 +66,12 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -- name: Put variable in iiab.env that enables display of content at root of USB - lineinfile: - path: "{{ iiab_env_file }}" - regexp: "^IIAB_USB_LIB_SHOW_ALL.*" - line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +#- name: Put variable in iiab.env that enables display of content at root of USB +# lineinfile: +# path: "{{ iiab_env_file }}" +# regexp: "^IIAB_USB_LIB_SHOW_ALL.*" +# line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} diff --git a/roles/usb_lib/tasks/nginx.yml b/roles/usb_lib/tasks/nginx.yml index 7e572142a..1e6be6d21 100644 --- a/roles/usb_lib/tasks/nginx.yml +++ b/roles/usb_lib/tasks/nginx.yml @@ -1,20 +1,21 @@ - name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled template: - src: mount.d/70-usb-library - dest: /etc/usbmount/mount.d/ + src: mount.d/70-usb-library.j2 + dest: /etc/usbmount/mount.d/70-usb-library owner: root group: root mode: '0751' when: usb_lib_enabled -- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled - template: - src: umount.d/70-usb-library - dest: /etc/usbmount/umount.d - owner: root - group: root - mode: '0751' - when: usb_lib_enabled +# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh +# - name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled +# template: +# src: umount.d/70-usb-library +# dest: /etc/usbmount/umount.d +# owner: root +# group: root +# mode: '0751' +# when: usb_lib_enabled - name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled file: @@ -22,11 +23,12 @@ state: absent when: not usb_lib_enabled -- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled - file: - path: /etc/usbmount/umount.d/70-usb-library - state: absent - when: not usb_lib_enabled +# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh +# - name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled +# file: +# path: /etc/usbmount/umount.d/70-usb-library +# state: absent +# when: not usb_lib_enabled - name: Restart 'nginx' systemd service systemd: diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index a1876551c..56d63292d 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -5,10 +5,10 @@ DEVICE=`echo $@ | sed -s 's|-|/|'` MNT_POINT=`findmnt -n /$DEVICE | awk '{print $1}'` CONTENT_LINK_USB=`basename $MNT_POINT | awk '{print toupper($0)}'` CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usbmount" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK - logger -p user.notice -t "usbmount" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed." fi diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-off b/roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused similarity index 100% rename from roles/usb_lib/templates/iiab-usb_lib-show-all-off rename to roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-on b/roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused similarity index 100% rename from roles/usb_lib/templates/iiab-usb_lib-show-all-on rename to roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused diff --git a/roles/usb_lib/templates/mount.d/70-usb-library b/roles/usb_lib/templates/mount.d/70-usb-library deleted file mode 100644 index 5b9cfefe8..000000000 --- a/roles/usb_lib/templates/mount.d/70-usb-library +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -# Create symlink in DocumentRoot/content to autmounted usb drive -# -# based on a similar script in the xs-rsync package -# by Martin Langhoff -# -# and the adaptation for xs-activity-server by Douglas Bagnall -# -# -# by Tim Moody tim@timmoody.com - -source {{ iiab_env_file }} -case $IIAB_USB_LIB_SHOW_ALL in -'True'|'true'|'TRUE') - logger -p user.notice -t "70-usb-library" -- "Display entire USB drive is True. Checking for rootfs or /library on $UM_MOUNTPOINT." - # regularize the variable - IIAB_USB_LIB_SHOW_ALL=True - ;; -*) - logger -p user.notice -t "70-usb-library" -- "Looking for /share, /Share, /Piratebox/Share, /USB, or /usb on $UM_MOUNTPOINT." - ;; -esac - -VERBOSE=yes - -SHARE_DIR="" -# Only show content if in these directories - -if [ -d $UM_MOUNTPOINT/share ]; then - SHARE_DIR="$UM_MOUNTPOINT/share" -fi -if [ -d $UM_MOUNTPOINT/Share ]; then - SHARE_DIR="$UM_MOUNTPOINT/Share" -fi -if [ -d $UM_MOUNTPOINT/Piratebox/Share ]; then - SHARE_DIR="$UM_MOUNTPOINT/Piratebox/Share" -fi -if [ -d $UM_MOUNTPOINT/USB ]; then - SHARE_DIR="$UM_MOUNTPOINT/USB" -fi -if [ -d $UM_MOUNTPOINT/usb ]; then - SHARE_DIR="$UM_MOUNTPOINT/usb" -fi - -if [ "$IIAB_USB_LIB_SHOW_ALL" == "True" ]; then - UM_DEV=`findmnt $UM_MOUNTPOINT | grep / | awk '{print $2}'` - LIB_DEV=`findmnt /library | grep / | awk '{print $2}' |awk -F '[' '{print $1}'` - ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` - if [ "$UM_DEV" == "$LIB_DEV" ]; then - logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing /library" - #echo "lib on dev" - elif [ "$UM_DEV" == "$ROOT_DEV" ]; then - logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing rootfs" - #echo "rootfs on dev" - else - SHARE_DIR="$UM_MOUNTPOINT" - fi -fi - -if [ ! -z "$SHARE_DIR" ]; then - logger -p user.notice -t "70-usb-library" -- "Found Share Directory $SHARE_DIR." -else - logger -p user.notice -t "70-usb-library" -- "did not find /share, /Share, /Piratebox/Share, /USB, or /usb on USB" -fi - - -if [ "$SHARE_DIR" != "" ];then - CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` - CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" - logger -p user.notice -t "70-usb-library" -- "Creating link to $CONTENT_LINK." - ln -s $SHARE_DIR $CONTENT_LINK -fi diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 new file mode 100644 index 000000000..d124e79c0 --- /dev/null +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -0,0 +1,45 @@ +#!/bin/bash +# Create symlink in DocumentRoot/content to automounted usb drive +# +# based on a similar script in the xs-rsync package +# by Martin Langhoff +# +# and the adaptation for xs-activity-server by Douglas Bagnall +# +# +# by Tim Moody tim@timmoody.com + +VERBOSE=yes + +# UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +SHARE_DIR=$UM_MOUNTPOINT +if [ -d $UM_MOUNTPOINT/PUBLIC ]; then + SHARE_DIR="$UM_MOUNTPOINT/PUBLIC" + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" +else + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" +fi + +LIB_DEV=`findmnt /library | grep / | awk '{print $2}' | awk -F '[' '{print $1}'` +ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` +BOOT_DEV=`findmnt /boot | grep / | awk '{print $2}'` +BOOTFW_DEV=`findmnt /boot/firmware | grep / | awk '{print $2}'` +if [ "$UM_DEVICE" == "$LIB_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" + exit +elif [ "$UM_DEVICE" == "$ROOT_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" + exit +elif [ "$UM_DEVICE" == "$BOOT_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" + exit +elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" + exit +fi + +CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` +CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" +ln -s $SHARE_DIR $CONTENT_LINK + diff --git a/roles/usb_lib/templates/umount.d/70-usb-library b/roles/usb_lib/templates/umount.d.unused/70-usb-library similarity index 75% rename from roles/usb_lib/templates/umount.d/70-usb-library rename to roles/usb_lib/templates/umount.d.unused/70-usb-library index 5af914c01..d8e095008 100644 --- a/roles/usb_lib/templates/umount.d/70-usb-library +++ b/roles/usb_lib/templates/umount.d.unused/70-usb-library @@ -12,7 +12,7 @@ CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "70-usb-library" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Attempting to remove link $CONTENT_LINK." if [ -L $CONTENT_LINK ]; then {% if is_debuntu %} @@ -20,5 +20,5 @@ if [ -L $CONTENT_LINK ]; then {% else %} /usr/bin/rm -f $CONTENT_LINK {% endif %} - logger -p user.notice -t "70-usb-library" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (70-usb-library)" -- "$CONTENT_LINK removed." fi diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4494cbd72..c42a4ca99 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -308,7 +308,8 @@ bluetooth_term_enabled: False usb_lib_install: True usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 920cf7ba1..c84b30736 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a554dc34b..ff46f8a9b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8689b3ae9..1190ec377 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 30720a49e..744148cc0 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -199,7 +199,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True From fe633b2cd72d55b0266c19e37cb3253033185fe7 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Jan 2025 15:36:05 -0500 Subject: [PATCH 848/937] Upload2USB initial doc cleanup --- roles/usb_lib/README.rst | 32 +++++++++++++++----------------- roles/usb_lib/defaults/main.yml | 4 ++-- roles/usb_lib/tasks/main.yml | 4 ++-- vars/default_vars.yml | 6 ++---- vars/local_vars_large.yml | 6 ++---- vars/local_vars_medium.yml | 6 ++---- vars/local_vars_small.yml | 6 ++---- vars/local_vars_unittest.yml | 6 ++---- 8 files changed, 29 insertions(+), 41 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index bb8b82e4e..33d93e2dc 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -2,30 +2,28 @@ usb_lib README ============== -**PLEASE SEE "Can teachers display their own content?" WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** +**PLEASE SEE** `"Can teachers display their own content?" `_ **AND** `"Can students upload their own work?" `_ **WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION!** -This role implements functionality similar to LibraryBox, to mount "teacher content" from USB drives. +This role (1) implements functionality similar to LibraryBox, to mount "teacher content" from USB sticks / drives for students, and (2) allows students to upload their work to the teacher's USB stick / drive: -Users should have nearly immediate access to this "teacher content" (on all inserted USB drives) by browsing to http://box/usb +#. Students should have nearly immediate access to "teacher content" (on all inserted USB sticks) by browsing to http://box/usb. +#. Students can also click the "Upload to USB" button on top of this same page (http://box/usb), to upload their work to the teacher's USB stick. (FYI student uploads appear in folders like ``UPLOADS.YYYY-MM-DD`` within the root of the teacher's USB stick). -Automount is handled by usbmount, and scripts in this role look in the root of the mounted drive for... +As of January 2025, automount is handled by usbmount: (`devmon included with udevil `_ might be considered in future) -* /usb -* /USB -* /share -* /Share -* /Piratebox/Share +* A script in this role (/etc/usbmount/mount.d/70-usb-library) looks in the root of the mounted USB stick for folder /PUBLIC and if found, creates a symlink of the form /library/www/html/local_content/USBn pointing to /media/usbn/PUBLIC — where n is generally one of {0, 1, 2, 3, 4, 5, 6, 7}. *RESULT: Only documents within /PUBLIC are browsable by students.* This option is very useful to **prevent students from copying uploaded homework!** +* If however folder /PUBLIC is not found, the symlink is created to the root of the mounted USB stick. *RESULT: EVERYTHING on the USB stick is browsable by students — just like with a traditional community bulletin board.* This option is very useful when students are uploading artwork, photo essays, personal audio recordings and **science projects that are intended to be shared!** -...and if found, creates a symlink of the form /library/www/html/local_content/USBn pointing to /media/usbn — where n is generally one of {0, 1, 2, 3, 4, 5, 6, 7}. +Technical Details: -USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 100 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). +* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` -Official `usbmount 0.0.22 (2011-08-08) `_ documentation: +* Official `usbmount 0.0.22 (2011-08-08) `_ documentation: -* https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) -* https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) -* https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) + * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) + * https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) + * https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -Legacy warning: There is also a patch for problems with automount on Fedora 21+. Please note that as of 4.1.8-200.fc22.x86_64 not all USB drives will mount, even with this patch. +* Dev Notes at the top of: https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index c53591f8f..427a26ea7 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -4,8 +4,8 @@ # Show entire contents of USB sticks/drives (at http://box/usb) # iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) # usb_lib_writable_sticks: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 52d192da8..ab6f0f19e 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -32,7 +32,7 @@ # If setup.yml becomes the norm in future, put the 2-3 stanzas below in there: -- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" +- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf -- for Kolibri exports AND student uploads to teacher's USB stick (using http://box/usb)" lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"' @@ -41,7 +41,7 @@ # Setting 'umask=0000' for all filesystems: (much the same thing as above, as # the mount command does not use this umask setting for filesystems like ext4) -#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" +#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work" # lineinfile: # regexp: '^MOUNTOPTIONS=.*' # line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"' diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 11ed238a7..a45384e1e 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -307,10 +307,8 @@ bluetooth_term_enabled: False # USB_LIB usb_lib_install: True usb_lib_enabled: True -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True systemd_location: /lib/systemd/system # 2-common iiab-startup also uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 91b744051..7228bb506 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f55dd8ce8..153401d26 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 5cfa34bec..b17fcc9ae 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 89accf217..840d0d9b8 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -198,10 +198,8 @@ bluetooth_install: False bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) From d15493b399553f519a55beed5d11848e8907af83 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Jan 2025 15:47:56 -0500 Subject: [PATCH 849/937] Begin to remove iiab_usb_lib_show_all and IIAB_USB_LIB_SHOW_ALL --- roles/usb_lib/defaults/main.yml | 3 --- roles/usb_lib/tasks/main.yml | 6 ------ 2 files changed, 9 deletions(-) diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index 427a26ea7..f7cbf10b6 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -1,9 +1,6 @@ # usb_lib_install: True # usb_lib_enabled: True -# Show entire contents of USB sticks/drives (at http://box/usb) -# iiab_usb_lib_show_all: True - # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for # Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) # usb_lib_writable_sticks: True diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index ab6f0f19e..023b714a7 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,12 +66,6 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -- name: Put variable in iiab.env that enables display of content at root of USB - lineinfile: - path: "{{ iiab_env_file }}" - regexp: "^IIAB_USB_LIB_SHOW_ALL.*" - line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} ini_file: From 6562a4a12d4067858b962802aaad696af5fd8e41 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 16:02:01 -0500 Subject: [PATCH 850/937] 70-usb-library.j2: remove blank at EOF Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index d124e79c0..7e52c0329 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -42,4 +42,3 @@ CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" ln -s $SHARE_DIR $CONTENT_LINK - From 13f5227824fd15bd4ed95e08f1d48b7a9de495e4 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 22:39:00 +0100 Subject: [PATCH 851/937] vars/local_vars*, vars/default_vars.yml, roles/usb_lib/tasks/main.yml: reverting comment of iiab_usb_lib_show_all --- roles/usb_lib/tasks/main.yml | 11 +++++------ vars/default_vars.yml | 3 +-- vars/local_vars_large.yml | 3 +-- vars/local_vars_medium.yml | 3 +-- vars/local_vars_small.yml | 3 +-- vars/local_vars_unittest.yml | 3 +-- 6 files changed, 10 insertions(+), 16 deletions(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index af9d22790..7836f2d3a 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,12 +66,11 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -#- name: Put variable in iiab.env that enables display of content at root of USB -# lineinfile: -# path: "{{ iiab_env_file }}" -# regexp: "^IIAB_USB_LIB_SHOW_ALL.*" -# line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" +- name: Put variable in iiab.env that enables display of content at root of USB + lineinfile: + path: "{{ iiab_env_file }}" + regexp: "^IIAB_USB_LIB_SHOW_ALL.*" + line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c42a4ca99..4494cbd72 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -308,8 +308,7 @@ bluetooth_term_enabled: False usb_lib_install: True usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c84b30736..920cf7ba1 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index ff46f8a9b..a554dc34b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 1190ec377..8689b3ae9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 744148cc0..30720a49e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -199,8 +199,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True From f9538a48340fe97ee373dd30418eeec2cdc132b5 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:04:46 -0500 Subject: [PATCH 852/937] mount.d/70-usb-library.j2: move lib/root/boot check above check for PUBLIC dir Co-authored-by: A Holt --- .../templates/mount.d/70-usb-library.j2 | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 7e52c0329..f0d41f22d 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -12,18 +12,11 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts -SHARE_DIR=$UM_MOUNTPOINT -if [ -d $UM_MOUNTPOINT/PUBLIC ]; then - SHARE_DIR="$UM_MOUNTPOINT/PUBLIC" - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" -else - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" -fi -LIB_DEV=`findmnt /library | grep / | awk '{print $2}' | awk -F '[' '{print $1}'` -ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` -BOOT_DEV=`findmnt /boot | grep / | awk '{print $2}'` -BOOTFW_DEV=`findmnt /boot/firmware | grep / | awk '{print $2}'` +LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) +ROOT_DEV=$(findmnt -no source /) +BOOT_DEV=$(findmnt -no source /boot) +BOOTFW_DEV=$(findmnt -no source /boot/firmware) if [ "$UM_DEVICE" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit @@ -38,6 +31,14 @@ elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then exit fi +if [ -d $UM_MOUNTPOINT/PUBLIC ]; then + SHARE_DIR=$UM_MOUNTPOINT/PUBLIC + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" +else + SHARE_DIR=$UM_MOUNTPOINT + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" +fi + CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" From 18c5fe711d147fff379d5823e03698117e4838d4 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:30:14 -0500 Subject: [PATCH 853/937] Update roles/usb_lib/templates/mount.d/70-usb-library.j2 Add thanks and reference to PR #3254 Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index f0d41f22d..6e167656c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,6 +13,8 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# 2022-06-16 better security thanks to @tim-moody and @jvonau: +# https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) From 64756b6772d64ae7465ad292b2cde93f068a647e Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:35:43 -0500 Subject: [PATCH 854/937] Update roles/usb_lib/templates/mount.d/70-usb-library.j2 Add thanks and reference to PR #3254 Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 6e167656c..2d77abceb 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,6 +13,8 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# 2022-06-16 better security thanks to @tim-moody and @jvonau: +# https://github.com/iiab/iiab/pull/3254 # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) From 2462bba6f5ad2745bb56deb4d69487d5df3dceb2 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:45:11 -0500 Subject: [PATCH 855/937] 70-usb-library.j2: Fix symlink from/to in comment Thank you! Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 2d77abceb..1c05f001c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -45,5 +45,5 @@ fi CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" ln -s $SHARE_DIR $CONTENT_LINK From 427dc57ed0b9563b52ae8d4c1b14649d769fe8bc Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:45:54 -0500 Subject: [PATCH 856/937] 70-usb-library.j2: revert duplicate comment Revert duplicate comment Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 1c05f001c..850693a1c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,8 +13,6 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts -# 2022-06-16 better security thanks to @tim-moody and @jvonau: -# https://github.com/iiab/iiab/pull/3254 # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) From d0a00da60127fddb52aaa6715e9d6df09dcde8e8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 25 Jan 2025 20:08:37 -0500 Subject: [PATCH 857/937] usb_lib/README.rst: Clarify usbmount supported filesystems line --- roles/usb_lib/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 33d93e2dc..e51db625a 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -16,7 +16,7 @@ As of January 2025, automount is handled by usbmount: (`devmon included with ude Technical Details: -* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 100 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` From 2401ff3d60aa2ee14c9c6f7deceb8dd287072c78 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 20:49:12 -0500 Subject: [PATCH 858/937] 70-usb-library.j2: Add additional logging of lib/root/boot mount points Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 850693a1c..7f63f3ea5 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -19,6 +19,12 @@ LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) BOOTFW_DEV=$(findmnt -no source /boot/firmware) +# Verbose logging to illuminate occasional boot bugginess: +logger -t "usb_lib (70-usb-library)" "UM_DEVICE is: $UM_DEVICE" +logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV" +logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" +logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" +logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEVICE" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit From cd160da6799c7bc425e2088d94285c75b8e98246 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 20:52:04 -0500 Subject: [PATCH 859/937] 70-usb-library.j2: syntax change to CONTENT_LINK_USB var Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 7f63f3ea5..3f29c7f45 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -47,7 +47,7 @@ else logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" fi -CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` +CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" ln -s $SHARE_DIR $CONTENT_LINK From 425cbf494cf79c59c9518e341dc5cd86f3c19f59 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 25 Jan 2025 20:54:32 -0500 Subject: [PATCH 860/937] iiab-clean-usb.sh: $() instead of `` for command substitution --- roles/usb_lib/templates/iiab-clean-usb.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index 56d63292d..dcdf987d3 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -1,9 +1,9 @@ #!/bin/bash # Remove symlink in /library/content to automounted usb drive # -DEVICE=`echo $@ | sed -s 's|-|/|'` -MNT_POINT=`findmnt -n /$DEVICE | awk '{print $1}'` -CONTENT_LINK_USB=`basename $MNT_POINT | awk '{print toupper($0)}'` +DEVICE=$(echo $@ | sed -s 's|-|/|') +MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') +CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." From 27e286b8aeff45f9b564e9e72fa236bd47e4ab00 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 20:55:13 -0500 Subject: [PATCH 861/937] 70-usb-library.j2: comm Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 3f29c7f45..8b54568c6 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -9,7 +9,8 @@ # # by Tim Moody tim@timmoody.com -VERBOSE=yes +# Better to set this in /etc/usbmount/usbmount.conf +# VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts From 920235d54ccbb5219898bc2bbf47712d5131c36e Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 26 Jan 2025 04:41:10 +0100 Subject: [PATCH 862/937] 70-usb-library.j2: use findmnt instead of UM_DEVICE from usbmount to find device given the missing leading /; adding comment about public folder --- .../usb_lib/templates/mount.d/70-usb-library.j2 | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 8b54568c6..164d66598 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -12,7 +12,8 @@ # Better to set this in /etc/usbmount/usbmount.conf # VERBOSE=yes -# UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# UM_MOUNTPOINT is documented at: https://github.com/rbrito/usbmount#hook-scripts +UM_DEV=$(findmnt -no source $UM_MOUNTPOINT) # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 @@ -20,26 +21,29 @@ LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) BOOTFW_DEV=$(findmnt -no source /boot/firmware) + # Verbose logging to illuminate occasional boot bugginess: -logger -t "usb_lib (70-usb-library)" "UM_DEVICE is: $UM_DEVICE" +logger -t "usb_lib (70-usb-library)" "UM_DEV is: $UM_DEV" logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV" logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" -if [ "$UM_DEVICE" == "$LIB_DEV" ]; then + +if [ "$UM_DEV" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit -elif [ "$UM_DEVICE" == "$ROOT_DEV" ]; then +elif [ "$UM_DEV" == "$ROOT_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" exit -elif [ "$UM_DEVICE" == "$BOOT_DEV" ]; then +elif [ "$UM_DEV" == "$BOOT_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" exit -elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then +elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" exit fi +# 2025-01-25: check for existence of PUBLIC folder on USB stick to determine if all stick content is public or private if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" From 5663a84d276c26ea1b8644133b9f9e0bd3bc69cb Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 23:57:27 -0500 Subject: [PATCH 863/937] 70-usb-library.j2: update comment explaining PUBLIC folder better (from @holta) Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 164d66598..803313f7e 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -43,7 +43,9 @@ elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then exit fi -# 2025-01-25: check for existence of PUBLIC folder on USB stick to determine if all stick content is public or private +# 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable. +# Teachers can set their stick for 1 of 2 two "personalities" — students can either upload "confidential homework" or +# "public artwork" — as summarized here: https://github.com/iiab/iiab/blob/master/roles/usb_lib/README.rst if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" From d4e66748f34f2932588ad14e31857658c47f01c0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Jan 2025 00:42:32 -0500 Subject: [PATCH 864/937] usb_lib/install.yml: Clarify usb_lib_writable_sticks and umask=0000 --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 4e40a99eb..2fb9bd2a6 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,8 +7,8 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks -# If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). +# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. +# If you are still not able to write to a mounted USB stick, try unmounting the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). - name: Record (initial) disk space used From cea4cac7f23f9a2edb673f46b5f78c8ffd7a1e3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Jan 2025 09:28:48 -0500 Subject: [PATCH 865/937] Clarify reset of FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, if usb_lib_writable_sticks False --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 023b714a7..fdd7a2751 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -48,7 +48,7 @@ # path: /etc/usbmount/usbmount.conf # when: usb_lib_writable_sticks -- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used' +- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. Kolibri exports AND student uploads to teacher's USB stick are not needed' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole From 7812edfed0ce091cdf1ac99eeed73707fb29df90 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Jan 2025 09:32:49 -0500 Subject: [PATCH 866/937] Fix 2 typos (explanation of when: not usb_lib_writable_sticks) --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index fdd7a2751..4def69c4f 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -48,7 +48,7 @@ # path: /etc/usbmount/usbmount.conf # when: usb_lib_writable_sticks -- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. Kolibri exports AND student uploads to teacher's USB stick are not needed' +- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. if Kolibri exports AND student uploads to teacher USB stick are not needed' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole From 1795276b20694af9eb69d784570c775890add10c Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 26 Jan 2025 16:36:43 +0100 Subject: [PATCH 867/937] upload/upload-file.php: fix var name bug and add better error handling --- roles/usb_lib/files/upload/upload-file.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index a3c6e9674..8c81c731d 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -41,7 +41,8 @@ if ($upload_ok == 0) { if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { $upload_msg = "😊 ✅ Your file ". htmlspecialchars( $uploaded_filename ). " was successfully uploaded!"; } else { - $upload_msg = "❌ There was an error uploading your file. " . $_FILES["upload_file"]["error"] . $upload_msg; + $upload_ok = 0; + throw new RuntimeException('There was an error uploading your file.

'); } } From fb07b9e3e531915bc6f84c47092d63e7e2fd14a4 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 26 Jan 2025 21:18:30 -0500 Subject: [PATCH 868/937] nginx/templates/iiab.conf.j2, usb_lib/files/upload/header.php, usb_lib/tasks/install.yml: move app out of local_content and into /library/www/html/ --- roles/nginx/templates/iiab.conf.j2 | 8 ++++---- roles/usb_lib/files/upload/button.html | 2 +- roles/usb_lib/tasks/install.yml | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index e3fdee774..20773967f 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,11 +5,11 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /upload2usb/button.html; } -location ~ ^/usb/upload/(.*)\.php$ { - alias /library/www/html/local_content/upload/$1.php; +location ~ ^/upload2usb/(.*)\.php$ { + alias /library/www/html/upload2usb/$1.php; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; @@ -23,7 +23,7 @@ location ~ ^/usb/upload/(.*)\.php$ { location /local_content/ { fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /upload2usb/button.html; } location /info { diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html index 658f74fb2..52cc493ce 100644 --- a/roles/usb_lib/files/upload/button.html +++ b/roles/usb_lib/files/upload/button.html @@ -16,4 +16,4 @@ color: #ddd; } -Upload to USB +Upload to USB diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..98606005f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -79,18 +79,18 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' +- name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' file: state: directory - path: "{{ doc_root }}/local_content/upload" + path: "{{ doc_root }}/upload2usb" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to upload2usb' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload" # /library/www/html + dest: "{{ doc_root }}/upload2usb" # /library/www/html with_fileglob: - upload/* From 48f4fc56f8bb2913746c00c861716ea81bd2bd1e Mon Sep 17 00:00:00 2001 From: root Date: Sun, 26 Jan 2025 21:20:12 -0500 Subject: [PATCH 869/937] usb_lib/files/upload/header.php: link swing image back to upload2usb main page --- roles/usb_lib/files/upload/header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload/header.php index 78592e86d..fc8218800 100644 --- a/roles/usb_lib/files/upload/header.php +++ b/roles/usb_lib/files/upload/header.php @@ -28,5 +28,5 @@ include("upload2usb.php");
- +

From c49c7b0d8d6f8b4c86161f1497894852e4df89e8 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 26 Jan 2025 21:26:16 -0500 Subject: [PATCH 870/937] usb_lib/files/upload/upload2usb.php: allow zip files given some MacOS files, e.g., Pages files, have a mimetype of application/aip --- roles/usb_lib/files/upload/upload2usb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index f2b3aa883..b1ce329fc 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -55,7 +55,7 @@ function getFileCount ($folder_path) { //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml", "zip"); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); foreach ($invalid_mimetypes_str as $invalid_mt_str) { if (str_contains($mimetype, $invalid_mt_str)) { error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); From 765d7854c3d9ab0c26f7d5c585065c834b28a2ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 27 Jan 2025 15:45:34 -0500 Subject: [PATCH 871/937] Recommend ansible-core 2.18.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 968819464..c5ab3e074 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.1] -GOOD_VER=2.18.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.2] +GOOD_VER=2.18.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 00d45099eada43798be62125ec497f05ded1f000 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 28 Jan 2025 11:23:29 -0600 Subject: [PATCH 872/937] 1520 --- roles/network/tasks/NM-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 9cb2cf1db..a0af7adcc 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -78,7 +78,7 @@ - name: Reload systemd systemd: daemon_reload: yes - when: not iiab_lan_iface == "br0" + when: not no_net_restart or not iiab_lan_iface == "br0" - name: Restart the NetworkManager service systemd: From 16b745d7341451482488bc19ae7be95ba93979fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 00:42:08 -0500 Subject: [PATCH 873/937] iiab-diagnostics: 3 commands to record locale info --- scripts/iiab-diagnostics | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ca1ee4d67..51a7d6797 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -162,17 +162,20 @@ for f in "$@"; do done if [ $# -eq 0 ]; then - echo -e " 2. Regular Files:\n" + echo -e " 2. Regular Files etc:\n" else - echo -e "\n 2. Regular Files:\n" + echo -e "\n 2. Regular Files etc:\n" fi -echo -e "\n\n\n2. REGULAR FILES\n" >> $outfile +echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /dev/sda # Device "file" test #cat_file /nonsense # Non-existence test #cat_file /opt/iiab/iiab # Directory test #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image +cat_file /etc/default/locale +cat_cmd 'localectl' 'Locale settings' +cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini cat_file /etc/iiab/local_vars.yml # Redacts most passwords above From 18efafc23e19aaedc6b273bc878749c12e772c76 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 00:53:18 -0500 Subject: [PATCH 874/937] iiab-diagnostics.README.md: Update lines numbers --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index f766e922e..d11c13720 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-269 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-272 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 957cf6976ae773a907c5849f150c74b14831dd3f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 01:20:22 -0500 Subject: [PATCH 875/937] PHP defaults TOO LOW, so run www_options/tasks/php-settings.yml every time --- roles/www_options/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 5795ea7e6..f157abb26 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -69,7 +69,8 @@ # WordPress) so './runrole ' and similar are fully self-sufficient! - name: "Run php-settings.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" include_tasks: php-settings.yml - when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + # 2025-01-29: PHP's own defaults (presumably from the 1990s?) were Way Too Low -- for usb-lib's upload2usb, and in general -- so let's run php-settings.yml every time! + # when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From 668d57cb977fada20e6535aa07e111c80faa27dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 02:26:49 -0500 Subject: [PATCH 876/937] php-settings.yml; Fix typo in TZ explanation (PR #3927, GHA) --- roles/www_options/tasks/php-settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 23c85d24b..de8326d67 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -21,7 +21,7 @@ # # This takes care of essentially everything (e.g. output "America/New_York") # by checking (1) symlink /etc/localtime then (2) text file /etc/timezone if -# nec, then (3) if neither exist, "UTC" is declated (correctly!) Potential +# nec, then (3) if neither exist, "UTC" is declared (correctly!) Potential # drawback: timedatectl is not easily usable within chroot environments. - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) From 4da759a84b9913a04186c97c4e30c73cbf4784a8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 03:43:03 -0500 Subject: [PATCH 877/937] php-settings.yml: Note lack of systemd on chroot GHA runners for RPi --- roles/www_options/tasks/php-settings.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index de8326d67..adedee11b 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -24,6 +24,12 @@ # nec, then (3) if neither exist, "UTC" is declared (correctly!) Potential # drawback: timedatectl is not easily usable within chroot environments. +# 2025-01-29: Current GitHub Actions chroot environments for RPi (using guyot/arm-runner-action@v2) surface this error, after PR #3927 mainlined php-settings.yml... +# "System has not been booted with systemd as init system (PID 1). Can't operate.\nFailed to connect to bus: Host is down" +# ...which might be mitigated in 2 ways: +# 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true +# 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' + - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) command: timedatectl show -p Timezone --value register: tz_cli From 519daacc2af19bf3848c9f7926fec241400bbe85 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 11:05:07 -0500 Subject: [PATCH 878/937] iiab-network: Run Ansible with --extra-vars "{\"skip_role_on_error\":false}" --- iiab-network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-network b/iiab-network index 5dc831b8e..c888c27bf 100755 --- a/iiab-network +++ b/iiab-network @@ -42,7 +42,7 @@ fi echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log" Start=`date` ansible -m setup -i ansible_hosts localhost --connection=local | grep python -ansible-playbook -i ansible_hosts iiab-network.yml --connection=local +ansible-playbook -i ansible_hosts iiab-network.yml --extra-vars "{\"skip_role_on_error\":false}" --connection=local End=`date` From 4e7541fc1ea055487faac67336bcc04a05af79b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 14:00:56 -0500 Subject: [PATCH 879/937] usb_lib/README.rst: Punctuation cleanup & link to PR #3916 WIP --- roles/usb_lib/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index e51db625a..da2564f36 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -18,7 +18,7 @@ Technical Details: * USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ -* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` +* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` * Official `usbmount 0.0.22 (2011-08-08) `_ documentation: @@ -27,3 +27,5 @@ Technical Details: * https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) * Dev Notes at the top of: https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml + + * January 2025 work to improve automount reliability during boot: `PR #3916 `_ From 6c5b4c35ecf7cf2601004f49aabf158de591c705 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 12:24:44 -0600 Subject: [PATCH 880/937] delay hostapd to allow ap0 to stabilize --- roles/network/tasks/restart.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 5902f5d50..d5de9e27d 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -28,6 +28,10 @@ state: restarted when: wifi_up_down and can_be_ap and ansible_ap0 is undefined +- name: Waiting {{ hostapd_wait }} seconds for network to stabilize for ap0 + shell: sleep {{ hostapd_wait }} + when: ansible_ap0 is undefined + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd From 57fa6bb08f6ba6a392351556a8c91eae9a8d64da Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 14:53:50 -0600 Subject: [PATCH 881/937] Files from usbmount_0.0.22_all.deb --- roles/usb_lib/files/usbmount/copyright | 17 ++ roles/usb_lib/files/usbmount/usbmount | 210 +++++++++++++++++++++ roles/usb_lib/files/usbmount/usbmount.conf | 53 ++++++ roles/usb_lib/tasks/install.yml | 15 +- roles/usb_lib/templates/usbmount.rules.j2 | 6 +- 5 files changed, 295 insertions(+), 6 deletions(-) create mode 100644 roles/usb_lib/files/usbmount/copyright create mode 100644 roles/usb_lib/files/usbmount/usbmount create mode 100644 roles/usb_lib/files/usbmount/usbmount.conf diff --git a/roles/usb_lib/files/usbmount/copyright b/roles/usb_lib/files/usbmount/copyright new file mode 100644 index 000000000..75fae2dde --- /dev/null +++ b/roles/usb_lib/files/usbmount/copyright @@ -0,0 +1,17 @@ +Format: http://dep.debian.net/deps/dep5/ +Upstream-Name: usbmount +Upstream-Contact: Martin Dickopp , Rogério Brito +Source: git://git.debian.org/usbmount/usbmount.git + +Files: * +Copyright: 2004-2007, Martin Dickopp + 2008-2011, Rogério Brito +License: BSD-2 + This package is free software; the copyright holder gives unlimited + permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY, to the extent permitted by law; without + even the implied warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount new file mode 100644 index 000000000..75f249ab6 --- /dev/null +++ b/roles/usb_lib/files/usbmount/usbmount @@ -0,0 +1,210 @@ +#!/bin/sh +# This script mounts USB mass storage devices when they are plugged in +# and unmounts them when they are removed. +# Copyright © 2004, 2005 Martin Dickopp +# Copyright © 2008, 2009, 2010 Rogério Theodoro de Brito +# +# This file is free software; the copyright holder gives unlimited +# permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. +# +set -e +exec > /dev/null 2>&1 + +###################################################################### +# Auxiliary functions + +# Log a string via the syslog facility. +log() +{ + if [ $1 != debug ] || expr "$VERBOSE" : "[yY]" > /dev/null; then + logger -p user.$1 -t "usbmount[$$]" -- "$2" + fi +} + + +# Test if the first parameter is in the list given by the second +# parameter. +in_list() +{ + for v in $2; do + [ "$1" != "$v" ] || return 0 + done + return 1 +} + + +###################################################################### +# Main program + +# Default values for configuration variables. +ENABLED=1 +MOUNTPOINTS= +FILESYSTEMS= +MOUNTOPTIONS= +FS_MOUNTOPTIONS= +VERBOSE=no + +if [ -r /etc/usbmount/usbmount.conf ]; then + . /etc/usbmount/usbmount.conf + log debug "loaded usbmount configurations" +fi + +if [ "${ENABLED:-1}" -eq 0 ]; then + log info "usbmount is disabled, see /etc/usbmount/usbmount.conf" + exit 0 +fi + +if [ ! -x /sbin/blkid ]; then + log err "cannot execute /sbin/blkid" + exit 1 +fi + +# Per Policy 9.3.2, directories under /var/run have to be created +# after every reboot. +if [ ! -e /var/run/usbmount ]; then + mkdir -p /var/run/usbmount + log debug "creating /var/run/usbmount directory" +fi + +umask 022 + + +if [ "$1" = add ]; then + + # Acquire lock. + log debug "trying to acquire lock /var/run/usbmount/.mount.lock" + lockfile-create --retry 3 /var/run/usbmount/.mount || \ + { log err "cannot acquire lock /var/run/usbmount/.mount.lock"; exit 1; } + trap '( lockfile-remove /var/run/usbmount/.mount )' 0 + log debug "acquired lock /var/run/usbmount/.mount.lock" + + # Grab device information from device and "divide it" + # FIXME: improvement: implement mounting by label (notice that labels + # can contain spaces, which makes things a little bit less comfortable). + DEVINFO=$(/sbin/blkid -p $DEVNAME) + FSTYPE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]TYPE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + UUID=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]UUID="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + + if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then + log info "$DEVNAME does not contain a filesystem or disklabel" + exit 1 + fi + + # Try to use specifications in /etc/fstab first. + if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then + log info "executing command: mount $DEVNAME" + mount $DEVNAME || log err "mount by DEVNAME with $DEVNAME wasn't successful; return code $?" + + elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then + log info "executing command: mount -U $UUID" + mount -U $UUID || log err "mount by UUID with $UUID wasn't successful; return code $?" + + else + log debug "$DEVNAME contains filesystem type $FSTYPE" + + fstype=$FSTYPE + # Test if the filesystem type is in the list of filesystem + # types to mount. + if in_list "$fstype" "$FILESYSTEMS"; then + # Search an available mountpoint. + for v in $MOUNTPOINTS; do + if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then + mountpoint="$v" + log debug "mountpoint $mountpoint is available for $DEVNAME" + break + fi + done + if [ -n "$mountpoint" ]; then + # Determine mount options. + options= + for v in $FS_MOUNTOPTIONS; do + if expr "$v" : "-fstype=$fstype,."; then + options="$(echo "$v" | sed 's/^[^,]*,//')" + break + fi + done + if [ -n "$MOUNTOPTIONS" ]; then + options="$MOUNTOPTIONS${options:+,$options}" + fi + + # Mount the filesystem. + log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" + mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" + + # Determine vendor and model. + vendor= + if [ -r "/sys$DEVPATH/device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/device/vendor\"`" + elif [ -r "/sys$DEVPATH/../device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" + elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" + elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" + fi + vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + + model= + if [ -r "/sys$DEVPATH/device/model" ]; then + model="`cat \"/sys$DEVPATH/device/model\"`" + elif [ -r "/sys$DEVPATH/../device/model" ]; then + model="`cat \"/sys$DEVPATH/../device/model\"`" + elif [ -r "/sys$DEVPATH/device/../product" ]; then + model="`cat \"/sys$DEVPATH/device/../product\"`" + elif [ -r "/sys$DEVPATH/../device/../product" ]; then + model="`cat \"/sys$DEVPATH/../device/../product\"`" + fi + model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + export UM_MOUNTOPTIONS="$options" + export UM_VENDOR="$vendor" + export UM_MODEL="$model" + log info "executing command: run-parts /etc/usbmount/mount.d" + run-parts /etc/usbmount/mount.d || : + else + # No suitable mount point found. + log warning "no mountpoint found for $DEVNAME" + exit 1 + fi + fi + fi +elif [ "$1" = remove ]; then + + # A block or partition device has been removed. + # Test if it is mounted. + while read device mountpoint fstype remainder; do + if [ "$DEVNAME" = "$device" ]; then + # If the mountpoint and filesystem type are maintained by + # this script, unmount the filesystem. + if in_list "$mountpoint" "$MOUNTPOINTS" && + in_list "$fstype" "$FILESYSTEMS"; then + log info "executing command: umount -l $mountpoint" + umount -l "$mountpoint" + + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + log info "executing command: run-parts /etc/usbmount/umount.d" + run-parts /etc/usbmount/umount.d || : + fi + break + fi + done < /proc/mounts +else + log err "unexpected: action '$1'" + exit 1 +fi + +log debug "usbmount execution finished" diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf new file mode 100644 index 000000000..97f7ccc20 --- /dev/null +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -0,0 +1,53 @@ +# Configuration file for the usbmount package, which mounts removable +# storage devices when they are plugged in and unmounts them when they +# are removed. + +# Change to zero to disable usbmount +ENABLED=1 + +# Mountpoints: These directories are eligible as mointpoints for +# removable storage devices. A newly plugged in device is mounted on +# the first directory in this list that exists and on which nothing is +# mounted yet. +MOUNTPOINTS="/media/usb0 /media/usb1 /media/usb2 /media/usb3 + /media/usb4 /media/usb5 /media/usb6 /media/usb7" + +# Filesystem types: removable storage devices are only mounted if they +# contain a filesystem type which is in this list. +FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus" + +############################################################################# +# WARNING! # +# # +# The "sync" option may not be a good choice to use with flash drives, as # +# it forces a greater amount of writing operating on the drive. This makes # +# the writing speed considerably lower and also leads to a faster wear out # +# of the disk. # +# # +# If you omit it, don't forget to use the command "sync" to synchronize the # +# data on your disk before removing the drive or you may experience data # +# loss. # +# # +# It is highly recommended that you use the pumount command (as a regular # +# user) before unplugging the device. It makes calling the "sync" command # +# and mounting with the sync option unnecessary---this is similar to other # +# operating system's "safely disconnect the device" option. # +############################################################################# +# Mount options: Options passed to the mount command with the -o flag. +# See the warning above regarding removing "sync" from the options. +MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime" + +# Filesystem type specific mount options: This variable contains a space +# separated list of strings, each which the form "-fstype=TYPE,OPTIONS". +# +# If a filesystem with a type listed here is mounted, the corresponding +# options are appended to those specificed in the MOUNTOPTIONS variable. +# +# For example, "-fstype=vfat,gid=floppy,dmask=0007,fmask=0117" would add +# the options "gid=floppy,dmask=0007,fmask=0117" when a vfat filesystem +# is mounted. +FS_MOUNTOPTIONS="" + +# If set to "yes", more information will be logged via the syslog +# facility. +VERBOSE=no diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index ba8b3a164..d8a13e945 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,18 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' +- name: Setup directories for usbmount + file: + path: "{{ item }}" + # owner: root + # group: root + # mode: '0755' + state: directory + with_items: + - /etc/usbmount/mount.d + - /etc/usbmount/umount.d + +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -82,7 +93,7 @@ state: directory path: "{{ doc_root }}/upload2usb" owner: "{{ apache_user }}" - group: "{{ apache_user }}" + group: "{{ apache_user }}" mode: 0755 - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ into {{ doc_root }}/upload2usb/' diff --git a/roles/usb_lib/templates/usbmount.rules.j2 b/roles/usb_lib/templates/usbmount.rules.j2 index 564186c5a..939a31041 100644 --- a/roles/usb_lib/templates/usbmount.rules.j2 +++ b/roles/usb_lib/templates/usbmount.rules.j2 @@ -1,5 +1,3 @@ -KERNEL=="sd*", DRIVERS=="sbp2", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="ub*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="remove", PROGRAM="/usr/share/usbmount/usbmount remove" +ACTION=="add", SUBSYSTEMS=="usb", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem" PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" +ACTION=="remove", SUBSYSTEMS=="usb", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem" PROGRAM="/bin/systemd-escape -p /usr/share/usbmount/usbmount remove" From 229a913ba4f370cc78bbbefa1abb4f61b8f8df79 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 15:29:35 -0600 Subject: [PATCH 882/937] filesystems supported --- roles/usb_lib/files/usbmount/usbmount.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf index 97f7ccc20..c92ced73d 100644 --- a/roles/usb_lib/files/usbmount/usbmount.conf +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -14,7 +14,7 @@ MOUNTPOINTS="/media/usb0 /media/usb1 /media/usb2 /media/usb3 # Filesystem types: removable storage devices are only mounted if they # contain a filesystem type which is in this list. -FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus" +FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs" ############################################################################# # WARNING! # From 36485a109d167465f7f38b996d94749d8a661de0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 15:30:36 -0600 Subject: [PATCH 883/937] turn on debug --- roles/usb_lib/files/usbmount/usbmount.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf index c92ced73d..7bd194873 100644 --- a/roles/usb_lib/files/usbmount/usbmount.conf +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -50,4 +50,4 @@ FS_MOUNTOPTIONS="" # If set to "yes", more information will be logged via the syslog # facility. -VERBOSE=no +VERBOSE=yes From a5af8c89d4370a83891de10a647a128ea6a941a6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 15:36:56 -0600 Subject: [PATCH 884/937] move mkdir and copyright --- roles/usb_lib/files/usbmount/usbmount | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 75f249ab6..e144c46d3 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -3,6 +3,7 @@ # and unmounts them when they are removed. # Copyright © 2004, 2005 Martin Dickopp # Copyright © 2008, 2009, 2010 Rogério Theodoro de Brito +# Copyright © 2025, Jerry Vonau # # This file is free software; the copyright holder gives unlimited # permission to copy and/or distribute it, with or without @@ -12,7 +13,7 @@ # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# +# Add web link to copyright notice help in iiab on github set -e exec > /dev/null 2>&1 @@ -65,18 +66,19 @@ if [ ! -x /sbin/blkid ]; then exit 1 fi -# Per Policy 9.3.2, directories under /var/run have to be created -# after every reboot. -if [ ! -e /var/run/usbmount ]; then - mkdir -p /var/run/usbmount - log debug "creating /var/run/usbmount directory" -fi - -umask 022 - - if [ "$1" = add ]; then + # Per Policy 9.3.2, directories under /var/run have to be created + # after every reboot. + if [ ! -e /var/run/usbmount ]; then + mkdir -p /var/run/usbmount + log debug "creating /var/run/usbmount directory" + else + log debug "/var/run/usbmount exists" + fi + + umask 022 + # Acquire lock. log debug "trying to acquire lock /var/run/usbmount/.mount.lock" lockfile-create --retry 3 /var/run/usbmount/.mount || \ From f58ef267681da61f52eb3df0263802cc2934fa9b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 15:39:08 -0600 Subject: [PATCH 885/937] just exit to quite down systemd logging of umount failed on stuff we don't care about --- roles/usb_lib/files/usbmount/usbmount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index e144c46d3..cd4d50ae6 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,7 +96,7 @@ if [ "$1" = add ]; then if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then log info "$DEVNAME does not contain a filesystem or disklabel" - exit 1 + exit fi # Try to use specifications in /etc/fstab first. From 60ca24d63a820d4e36b7b16853e3c451d7e5a93e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 16:37:22 -0600 Subject: [PATCH 886/937] replace deb with local files --- roles/usb_lib/tasks/install.yml | 36 +++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index d8a13e945..02e55b36b 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -47,10 +47,10 @@ when: udev_unit.stat.exists is defined and udev_unit.stat.exists # http://raspbian.raspberrypi.org/raspbian/pool/main/u/usbmount/usbmount_0.0.22_all.deb -- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS, Debian, Ubuntu} - apt: - deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" - # when: is_debian +#- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS, Debian, Ubuntu} +# apt: +# deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" +# # when: is_debian # check status of usbmount on mintlinux - should be ok Ubuntu variant # - name: Install usbmount from OS repo for Ubuntu variants @@ -73,11 +73,21 @@ # owner: root # group: root # mode: '0755' + mode: 0644 state: directory with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d +- name: '2025-01-25: Copy files from files/usbmount to filesystem' + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } + - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } + - name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" @@ -106,16 +116,16 @@ # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 -- name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf - lineinfile: - regexp: '^FILESYSTEMS=.*' - line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' - path: /etc/usbmount/usbmount.conf +#- name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf +# lineinfile: +# regexp: '^FILESYSTEMS=.*' +# line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' +# path: /etc/usbmount/usbmount.conf -- name: Remove /etc/usbmount/mount.d/00_create_model_symlink - file: - path: /etc/usbmount/mount.d/00_create_model_symlink - state: absent +#- name: Remove /etc/usbmount/mount.d/00_create_model_symlink +# file: +# path: /etc/usbmount/mount.d/00_create_model_symlink +# state: absent # RECORD 'USB_LIB' AS INSTALLED From 257dc008ec6502f5c355e484f24c54d277093bfd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 16:56:21 -0600 Subject: [PATCH 887/937] bump number of lock tries --- roles/usb_lib/files/usbmount/usbmount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index cd4d50ae6..b1abf49cb 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -81,7 +81,7 @@ if [ "$1" = add ]; then # Acquire lock. log debug "trying to acquire lock /var/run/usbmount/.mount.lock" - lockfile-create --retry 3 /var/run/usbmount/.mount || \ + lockfile-create --retry 6 /var/run/usbmount/.mount || \ { log err "cannot acquire lock /var/run/usbmount/.mount.lock"; exit 1; } trap '( lockfile-remove /var/run/usbmount/.mount )' 0 log debug "acquired lock /var/run/usbmount/.mount.lock" From 640ab00d26d73d3e825098713ddfe402d8edbdcd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 17:05:03 -0600 Subject: [PATCH 888/937] update iiab-clean-usb.sh --- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/templates/usbmount@.service.j2 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 02e55b36b..daf0fcc96 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -96,7 +96,7 @@ with_items: - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } + - { src: 'iiab-clean-usb.sh', dest: '/usr/local/sbin/', mode: '0755' } - name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' file: diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 52da18ba5..0671ce296 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -7,8 +7,8 @@ After=systemd-udev-trigger.service #Type=oneshot TimeoutStartSec=0 Environment=DEVNAME=%I -ExecStart=/usr/share/usbmount/usbmount add -ExecStop=/usr/sbin/iiab-clean-usb.sh %I +ExecStart=/usr/local/sbin/usbmount add +ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes From 34b4a8a7ad74a26a5cfca397a0ed94dcd325bd7f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 17:17:04 -0600 Subject: [PATCH 889/937] ConditionPathExists=/var/run --- roles/usb_lib/templates/usbmount@.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 0671ce296..dca318ac7 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -2,6 +2,7 @@ BindTo=%i.device After=%i.device After=systemd-udev-trigger.service +ConditionPathExists=/var/run [Service] #Type=oneshot From e6051088fcebfff891c2b1bab7c5be8620759406 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 26 Jan 2025 08:34:46 -0600 Subject: [PATCH 890/937] RuntimeDirectory=usbmount --- roles/usb_lib/templates/usbmount@.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index dca318ac7..2dc0177c0 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -12,4 +12,5 @@ ExecStart=/usr/local/sbin/usbmount add ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes +RuntimeDirectory=usbmount From 76d5b5fc1780322bf6db0aba217e59de795f99e5 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jan 2025 06:00:07 -0500 Subject: [PATCH 891/937] usb_lib: Minor whitespace typos --- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/templates/usbmount@.service.j2 | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index daf0fcc96..6c7660748 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -59,7 +59,7 @@ # state: present # when: is_ubuntu -- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) +- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory path: "{{ doc_root }}/local_content" diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 2dc0177c0..6cf1f990b 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -13,4 +13,3 @@ ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes RuntimeDirectory=usbmount - From 190d66409f0265c81548584e9b52c28a5f6d1c48 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jan 2025 08:59:24 -0600 Subject: [PATCH 892/937] Update roles/usb_lib/templates/iiab-clean-usb.sh to restore previous search-ability Co-authored-by: A Holt --- roles/usb_lib/templates/iiab-clean-usb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index dcdf987d3..2223c15a5 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -5,7 +5,7 @@ DEVICE=$(echo $@ | sed -s 's|-|/|') MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK, as auto-created earlier by usbmount." if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK From daa3deb034c661000025321efcd07eb01983a67f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jan 2025 08:59:49 -0600 Subject: [PATCH 893/937] Update roles/usb_lib/templates/iiab-clean-usb.sh to restore previous search-ability Co-authored-by: A Holt --- roles/usb_lib/templates/iiab-clean-usb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index 2223c15a5..c04c8c5f7 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -9,6 +9,6 @@ logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK - logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed, as auto-created earlier by usbmount." fi From eca12605b91148c8c0f109b39ee8833e083eb8ce Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 03:19:31 -0600 Subject: [PATCH 894/937] forgot the dependencies --- roles/usb_lib/tasks/install.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 6c7660748..a4f608698 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -52,12 +52,12 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -# check status of usbmount on mintlinux - should be ok Ubuntu variant -# - name: Install usbmount from OS repo for Ubuntu variants -# package: -# name: usbmount -# state: present -# when: is_ubuntu +- name: Install lockfile-progs util-linux for usbmount from OS repo + package: + name: + - lockfile-progs + - util-linux + state: present - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: From 0dec3fe8108f52832b9398e329119920a3ba5a96 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 09:52:41 -0600 Subject: [PATCH 895/937] indent --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index a4f608698..ac444d05f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -55,8 +55,8 @@ - name: Install lockfile-progs util-linux for usbmount from OS repo package: name: - - lockfile-progs - - util-linux + - lockfile-progs + - util-linux state: present - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} From 78924e84bab6118d2333995b403058adb9b9209a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 11:59:15 -0600 Subject: [PATCH 896/937] create /media/usb0-7 --- roles/usb_lib/tasks/install.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index ac444d05f..bd4d4ab7f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: Setup directories for usbmount +- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, and /media/usb0-7 file: path: "{{ item }}" # owner: root @@ -78,6 +78,14 @@ with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d + - /media/usb0 + - /media/usb1 + - /media/usb2 + - /media/usb3 + - /media/usb4 + - /media/usb5 + - /media/usb6 + - /media/usb7 - name: '2025-01-25: Copy files from files/usbmount to filesystem' copy: From 97eeae48455c6950b01bccb35859990306c02eac Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 14:07:51 -0600 Subject: [PATCH 897/937] wording --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index bd4d4ab7f..2993865fd 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, and /media/usb0-7 +- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, /media/usb0-7 file: path: "{{ item }}" # owner: root @@ -96,7 +96,7 @@ - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 80bdfc677e6845aa6f86b1e0adbcbf4642da2186 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 14:13:26 -0600 Subject: [PATCH 898/937] Update roles/usb_lib/tasks/install.yml missed during rebase Co-authored-by: A Holt --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 2993865fd..77abac259 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -96,7 +96,7 @@ - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/local/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 6b4b94dae2081ffab88339479d3a147faf83071e Mon Sep 17 00:00:00 2001 From: root Date: Fri, 31 Jan 2025 01:41:23 -0500 Subject: [PATCH 899/937] usb_lib / usbmount: Refine, lint, clarify --- .../files/{upload => upload2usb}/button.html | 0 .../files/{upload => upload2usb}/error.php | 0 .../files/{upload => upload2usb}/footer.php | 0 .../files/{upload => upload2usb}/header.php | 0 .../files/{upload => upload2usb}/index.php | 0 .../files/{upload => upload2usb}/uk-swing.png | Bin .../{upload => upload2usb}/upload-file.php | 0 .../{upload => upload2usb}/upload2usb.php | 0 roles/usb_lib/tasks/install.yml | 23 ++++++++---------- roles/usb_lib/templates/iiab-clean-usb.sh | 16 ++++++------ .../templates/mount.d/70-usb-library.j2 | 16 ++++++------ 11 files changed, 26 insertions(+), 29 deletions(-) rename roles/usb_lib/files/{upload => upload2usb}/button.html (100%) rename roles/usb_lib/files/{upload => upload2usb}/error.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/footer.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/header.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/index.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/uk-swing.png (100%) rename roles/usb_lib/files/{upload => upload2usb}/upload-file.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/upload2usb.php (100%) diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload2usb/button.html similarity index 100% rename from roles/usb_lib/files/upload/button.html rename to roles/usb_lib/files/upload2usb/button.html diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload2usb/error.php similarity index 100% rename from roles/usb_lib/files/upload/error.php rename to roles/usb_lib/files/upload2usb/error.php diff --git a/roles/usb_lib/files/upload/footer.php b/roles/usb_lib/files/upload2usb/footer.php similarity index 100% rename from roles/usb_lib/files/upload/footer.php rename to roles/usb_lib/files/upload2usb/footer.php diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload2usb/header.php similarity index 100% rename from roles/usb_lib/files/upload/header.php rename to roles/usb_lib/files/upload2usb/header.php diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload2usb/index.php similarity index 100% rename from roles/usb_lib/files/upload/index.php rename to roles/usb_lib/files/upload2usb/index.php diff --git a/roles/usb_lib/files/upload/uk-swing.png b/roles/usb_lib/files/upload2usb/uk-swing.png similarity index 100% rename from roles/usb_lib/files/upload/uk-swing.png rename to roles/usb_lib/files/upload2usb/uk-swing.png diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php similarity index 100% rename from roles/usb_lib/files/upload/upload-file.php rename to roles/usb_lib/files/upload2usb/upload-file.php diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php similarity index 100% rename from roles/usb_lib/files/upload/upload2usb.php rename to roles/usb_lib/files/upload2usb/upload2usb.php diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 77abac259..107ae9a4c 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -52,7 +52,7 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -- name: Install lockfile-progs util-linux for usbmount from OS repo +- name: Install lockfile-progs and util-linux for usbmount from OS repo package: name: - lockfile-progs @@ -62,19 +62,16 @@ - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory - path: "{{ doc_root }}/local_content" - owner: "{{ apache_user }}" + path: "{{ doc_root }}/local_content" # /library/www/html + owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 - name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, /media/usb0-7 file: - path: "{{ item }}" - # owner: root - # group: root - # mode: '0755' - mode: 0644 state: directory + path: "{{ item }}" + mode: 0755 with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d @@ -87,7 +84,7 @@ - /media/usb6 - /media/usb7 -- name: '2025-01-25: Copy files from files/usbmount to filesystem' +- name: Copy files from files/usbmount to filesystem copy: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -106,7 +103,7 @@ - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - { src: 'iiab-clean-usb.sh', dest: '/usr/local/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' +- name: Add dir {{ doc_root }}/upload2usb (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory path: "{{ doc_root }}/upload2usb" @@ -114,12 +111,12 @@ group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ into {{ doc_root }}/upload2usb/' +- name: Copy files from files/upload2usb/ into {{ doc_root }}/upload2usb/ copy: src: "{{ item }}" - dest: "{{ doc_root }}/upload2usb/" # /library/www/html + dest: "{{ doc_root }}/upload2usb/" with_fileglob: - - upload/* + - upload2usb/* # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index c04c8c5f7..360d737f4 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -1,14 +1,14 @@ #!/bin/bash -# Remove symlink in /library/content to automounted usb drive -# -DEVICE=$(echo $@ | sed -s 's|-|/|') -MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') +# Remove symlink in /library/www/html/local_content to automounted USB drive + +DEVICE="/$(echo $1 | sed 's|-|/|')" +MNT_POINT=$(findmnt -no target $DEVICE) CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK, as auto-created earlier by usbmount." + +logger -t "usb_lib (iiab-clean-usb.sh)" "Attempting to remove symlink $CONTENT_LINK, as auto-created earlier by usbmount." if [ -L $CONTENT_LINK ]; then - /bin/rm $CONTENT_LINK - logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed, as auto-created earlier by usbmount." + /usr/bin/rm $CONTENT_LINK + logger -t "usb_lib (iiab-clean-usb.sh)" "Symlink $CONTENT_LINK removed, as auto-created earlier by usbmount." fi - diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 803313f7e..62d15b27a 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -30,16 +30,16 @@ logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEV" == "$LIB_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /library" exit elif [ "$UM_DEV" == "$ROOT_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" exit elif [ "$UM_DEV" == "$BOOT_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" exit elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" exit fi @@ -48,13 +48,13 @@ fi # "public artwork" — as summarized here: https://github.com/iiab/iiab/blob/master/roles/usb_lib/README.rst if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" + logger -t "usb_lib (70-usb-library)" "Found /PUBLIC on $UM_MOUNTPOINT" else SHARE_DIR=$UM_MOUNTPOINT - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" + logger -t "usb_lib (70-usb-library)" "Did not find /PUBLIC on $UM_MOUNTPOINT" fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" -ln -s $SHARE_DIR $CONTENT_LINK +logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" +ln -sf $SHARE_DIR $CONTENT_LINK From 3077a39cd607c9d4b034aa6802c2ebbd7bd3ecb6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 31 Jan 2025 03:45:23 -0500 Subject: [PATCH 900/937] Invert rejected country red error; Clarify 3 channel/country vars for iiab.ini --- roles/network/tasks/detected_network.yml | 34 +++++++++++++----------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 1663f8c39..c72028d53 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -264,8 +264,8 @@ wifi_up_down: False when: rpi3bplus_rpi4_wifi_firmware == "24" -- name: Detect "Firmware rejected country setting" in dmesg - shell: dmesg | grep ieee80211 | grep "Firmware rejected country setting" +- name: Detect "Firmware rejected country setting" in dmesg (invert return code, for intentional red error) + shell: '! dmesg | grep ieee80211 | grep "Firmware rejected country setting"' register: FW_rejected_country ignore_errors: True @@ -337,27 +337,29 @@ - option: wifi_firmware_43455 value: "{{ rpi3bplus_rpi4_wifi_firmware }}" -- name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} +- name: Add 'detected_network' variable 'current_client_channel_found' stdout value ({{ current_client_channel.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: detected_network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel_found - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined + option: client_wifi_channel_found + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined and current_client_channel.stdout != "" -- name: Add 'detected_network' variable 'FW_rejected_country' value if defined, to {{ iiab_ini_file }} +- name: Add 'detected_network' variable 'FW_rejected_country' stdout value ({{ FW_rejected_country.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: detected_network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: FW_rejected_country - value: "{{ cmdline_country_code.stdout }}" - when: FW_rejected_country.stdout is defined + option: FW_rejected_country + value: "{{ FW_rejected_country.stdout }}" + when: FW_rejected_country.stdout is defined and FW_rejected_country.stdout != "" + +- name: Add 'detected_network' variable 'cmdline_country_code' stdout value ({{ cmdline_country_code.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: cmdline_country_code + value: "{{ cmdline_country_code.stdout }}" + when: cmdline_country_code.stdout is defined and cmdline_country_code.stdout != "" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired From b6b2f3a0d771a0e84bf931f2aec6341985b30caa Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Jan 2025 04:24:07 -0500 Subject: [PATCH 901/937] usbmount copyright URL clarifs for PR #3929 --- roles/usb_lib/files/usbmount/usbmount | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index b1abf49cb..7541b5335 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -13,7 +13,8 @@ # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# Add web link to copyright notice help in iiab on github +# https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/copyright +# https://github.com/rbrito/usbmount/blob/master/debian/copyright set -e exec > /dev/null 2>&1 From c975dd21fce3227e7d54413eecb91b198caa178d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Feb 2025 00:35:54 -0500 Subject: [PATCH 902/937] php-settings.yml: TZ hack that avoids systemd, for GHA --- roles/www_options/tasks/php-settings.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index adedee11b..4693db885 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -30,8 +30,10 @@ # 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true # 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' -- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) - command: timedatectl show -p Timezone --value +#- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) +# command: timedatectl show -p Timezone --value +- name: Extract Time Zone from symlink /etc/localtime, or declare UTC + shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || echo UTC register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From f22ba85c49f9cfa7b890db9a362e1ad21511d481 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Feb 2025 00:54:47 -0500 Subject: [PATCH 903/937] php-settings.yml: More complete shell hack, equiv to timedatectl --- roles/www_options/tasks/php-settings.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 4693db885..7109ccfeb 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -30,10 +30,10 @@ # 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true # 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' -#- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) -# command: timedatectl show -p Timezone --value -- name: Extract Time Zone from symlink /etc/localtime, or declare UTC - shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || echo UTC +- name: Extract Time Zone from symlink /etc/localtime, text file /etc/timezone, or if all else fails declare Etc/UTC + # command: timedatectl show -p Timezone --value + # 2025-02-01: "guyot/arm-runner-action@v2" GHA workflows don't seem to work with "use_systemd_nspawn: true", so hack in the equivalent of timedatectl... + shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || cat /etc/timezone || echo Etc/UTC register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From fb787e0649cd1817d0e4bef0e2025e6353a91906 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Feb 2025 01:24:47 -0500 Subject: [PATCH 904/937] Update USB_LIB description for iiab.ini --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 4def69c4f..4d2710874 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -77,7 +77,7 @@ - option: name value: USB_LIB - option: description - value: '"USB_LIB automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"' + value: '"USB_LIB automounts Teacher Content on USB sticks to /library/www/html/local_content, so students can browse the USB AND upload their work to the USB, all at http://box/usb"' - option: usb_lib_install value: "{{ usb_lib_install }}" - option: usb_lib_enabled From 8eed5e3face334dca474063043b07fbd63915f8c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 2 Feb 2025 20:44:02 +0000 Subject: [PATCH 905/937] usb_lib/README.rst, usb_lib/tasks/install.yml: Add docs on how to disable Desktop auto-mount functionality on RPi Desktop; other minor doc cleanup --- roles/usb_lib/README.rst | 3 +++ roles/usb_lib/tasks/install.yml | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index da2564f36..aa5409d90 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,6 +20,9 @@ Technical Details: * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` +* If you are using a Desktop install of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the auto-mount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the auto-mount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". + + * Official `usbmount 0.0.22 (2011-08-08) `_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 107ae9a4c..35f533652 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,9 +7,10 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. -# If you are still not able to write to a mounted USB stick, try unmounting the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). - +# The variable, usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml), must be set to true +# in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. +# If you are still not able to write to a mounted USB stick, try unmounting the drive +# (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 38a860d3c5734b361f2a898e74809fcd84b7a3e4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Feb 2025 16:12:11 -0500 Subject: [PATCH 906/937] Update usb_lib/README.rst --- roles/usb_lib/README.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index aa5409d90..e874e9525 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -16,13 +16,12 @@ As of January 2025, automount is handled by usbmount: (`devmon included with ude Technical Details: -* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 17 of: `/opt/iiab/iiab/roles/usb_lib/files/usbmount/usbmount.conf `_ + +* If you are using a Graphical Desktop version of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the automount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` -* If you are using a Desktop install of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the auto-mount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the auto-mount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". - - * Official `usbmount 0.0.22 (2011-08-08) `_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) From 3596963d5cfdf547f8c777e161d320eaf7ef90b7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Feb 2025 16:22:38 -0500 Subject: [PATCH 907/937] Further update usb_lib/README.rst --- roles/usb_lib/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index e874e9525..b7536387c 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -18,7 +18,9 @@ Technical Details: * USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 17 of: `/opt/iiab/iiab/roles/usb_lib/files/usbmount/usbmount.conf `_ -* If you are using a Graphical Desktop version of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the automount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". +* If your IIAB was built on a Graphical Desktop OS (instead of a headless OS, like Raspberry Pi OS Lite), USB sticks will problematically be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. + + * EXAMPLE: To disable Desktop automount within "Raspberry Pi OS with desktop", go to File Manager (pcmanfm) → Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` From c2c36b178edc71d103b34e1f991c9cf75af7f667 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 6 Feb 2025 08:07:00 -0600 Subject: [PATCH 908/937] iiab-check-firmware: Mention 'sudo iiab-network' --- roles/firmware/templates/iiab-check-firmware | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index b2f7a1cce..f10cd752b 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -60,7 +60,7 @@ else echo -e " cd /opt/iiab/iiab" echo -e " sudo iiab-hotspot-off # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo ./runrole --reinstall firmware" - echo -e " sudo ./iiab-network # SOMETIMES NECESSARY" + echo -e " sudo iiab-network # SOMETIMES NECESSARY" echo -e " sudo iiab-hotspot-on # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo reboot\n" #echo From 2398313918991a755c25c4d8789aacf48bfa3aae Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Feb 2025 03:13:51 -0500 Subject: [PATCH 909/937] 70-usb-library.j2: Forcibly delete e.g. stale /library/www/html/local_content/USB0 --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 62d15b27a..441cebb74 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -57,4 +57,7 @@ fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" -ln -sf $SHARE_DIR $CONTENT_LINK +# 'rm -rf' even stronger than 'ln -nsf' and 'ln -Tsf' +# https://serverfault.com/questions/147787/how-to-update-a-symbolic-link-target-ln-f-s-not-working/522483#522483 +rm -rf $CONTENT_LINK +ln -s $SHARE_DIR $CONTENT_LINK From 94ca58aa0cad87225ee39bf55bdc3de298521700 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Feb 2025 03:45:52 -0500 Subject: [PATCH 910/937] 70-usb-library.j2: Cleaner logging & error handling (e.g. exit code 1) --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 441cebb74..89dfea840 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -31,16 +31,16 @@ logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEV" == "$LIB_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /library" - exit + exit 1 elif [ "$UM_DEV" == "$ROOT_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" - exit + exit 1 elif [ "$UM_DEV" == "$BOOT_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" - exit + exit 1 elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" - exit + exit 1 fi # 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable. @@ -55,9 +55,13 @@ else fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') +if [ -z "$CONTENT_LINK_USB" ]; then + logger -t "usb_lib (70-usb-library)" "ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" might be dangerous!)" + exit 1 +fi CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" # 'rm -rf' even stronger than 'ln -nsf' and 'ln -Tsf' # https://serverfault.com/questions/147787/how-to-update-a-symbolic-link-target-ln-f-s-not-working/522483#522483 +logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" rm -rf $CONTENT_LINK ln -s $SHARE_DIR $CONTENT_LINK From 1ec743a65428cd307b0fb951e5525b5d2a805cee Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Feb 2025 10:42:05 -0500 Subject: [PATCH 911/937] 70-usb-library.j2: Fix logger string quotation marks --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 89dfea840..8263bde1f 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -56,7 +56,7 @@ fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') if [ -z "$CONTENT_LINK_USB" ]; then - logger -t "usb_lib (70-usb-library)" "ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" might be dangerous!)" + logger -t "usb_lib (70-usb-library)" 'ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" would be dangerous!)' exit 1 fi CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" From 9bc2006ba3ea40dead77090d40808dc680474447 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Feb 2025 16:25:06 -0600 Subject: [PATCH 912/937] exclude usb based device that host usbbooted filesytems --- roles/usb_lib/files/usbmount/usbmount | 39 ++++++++++++++++++++------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 7541b5335..284069a19 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,22 +96,41 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log info "$DEVNAME does not contain a filesystem or disklabel" + log info "/$DEVNAME does not contain a filesystem or disklabel" exit fi - # Try to use specifications in /etc/fstab first. + log debug "DEVNAME /$DEVNAME" + BOOTFW_DEV=$(/usr/bin/findmnt -no source /boot/firmware) + log debug "BOOTFW_DEV $BOOTFW_DEV" + if [ $BOOTFW_DEV = /$DEVNAME ]; then + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + exit + fi + ROOT_DEV=$(/usr/bin/findmnt -no source /) + log debug "ROOT_DEV $ROOT_DEV" + if [ $ROOT_DEV = /$DEVNAME ]; then + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + exit + fi + BOOT_DEV=$(/usr/bin/findmnt -no source /boot) + log debug "BOOT_DEV $BOOT_DEV" + if [ $BOOT_DEV = /$DEVNAME ]; then + log debug "skipping BOOTFS_DEV $BOOT_DEV mount as /boot" + exit + fi + + # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then - log info "executing command: mount $DEVNAME" - mount $DEVNAME || log err "mount by DEVNAME with $DEVNAME wasn't successful; return code $?" - + log debug "skipping /$DEVNAME exit" + exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then - log info "executing command: mount -U $UUID" - mount -U $UUID || log err "mount by UUID with $UUID wasn't successful; return code $?" - + log debug "skipping $UUID" + exit else - log debug "$DEVNAME contains filesystem type $FSTYPE" - + log debug "/$DEVNAME contains filesystem type $FSTYPE" fstype=$FSTYPE # Test if the filesystem type is in the list of filesystem # types to mount. From fda19ad7f95a25acb8d369e39a4c1ed742422a7b Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2025 02:18:16 -0500 Subject: [PATCH 913/937] upload2usb/header.php: update swing logo to point to /usb/ instead of /upload2usb/ --- roles/usb_lib/files/upload2usb/header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload2usb/header.php b/roles/usb_lib/files/upload2usb/header.php index fc8218800..ef75c2c01 100644 --- a/roles/usb_lib/files/upload2usb/header.php +++ b/roles/usb_lib/files/upload2usb/header.php @@ -28,5 +28,5 @@ include("upload2usb.php");
- +

From 759126414edeb21a6cd0445f1d5d3237db1efffe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 10:26:21 -0600 Subject: [PATCH 914/937] #set -e, lockfile-remove, typo, missing debug line --- roles/usb_lib/files/usbmount/usbmount | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 284069a19..3a4e26c29 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -15,7 +15,7 @@ # PARTICULAR PURPOSE. # https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/copyright # https://github.com/rbrito/usbmount/blob/master/debian/copyright -set -e +#set -e exec > /dev/null 2>&1 ###################################################################### @@ -106,6 +106,7 @@ if [ "$1" = add ]; then if [ $BOOTFW_DEV = /$DEVNAME ]; then log debug "/$DEVNAME contains filesystem type $FSTYPE" log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + lockfile-remove /var/run/usbmount/.mount exit fi ROOT_DEV=$(/usr/bin/findmnt -no source /) @@ -113,12 +114,15 @@ if [ "$1" = add ]; then if [ $ROOT_DEV = /$DEVNAME ]; then log debug "/$DEVNAME contains filesystem type $FSTYPE" log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + lockfile-remove /var/run/usbmount/.mount exit fi BOOT_DEV=$(/usr/bin/findmnt -no source /boot) log debug "BOOT_DEV $BOOT_DEV" if [ $BOOT_DEV = /$DEVNAME ]; then - log debug "skipping BOOTFS_DEV $BOOT_DEV mount as /boot" + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" + lockfile-remove /var/run/usbmount/.mount exit fi From 9a95a046c4bd16c88ea29b092e49917d120cc95e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 10:36:22 -0600 Subject: [PATCH 915/937] lockfile-remove for fstab check --- roles/usb_lib/files/usbmount/usbmount | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 3a4e26c29..939a76c45 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -129,9 +129,11 @@ if [ "$1" = add ]; then # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then log debug "skipping /$DEVNAME exit" + lockfile-remove /var/run/usbmount/.mount exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then log debug "skipping $UUID" + lockfile-remove /var/run/usbmount/.mount exit else log debug "/$DEVNAME contains filesystem type $FSTYPE" From 52da42c14638e2ab2816a6af958e0f7bf981cb31 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 11:19:54 -0600 Subject: [PATCH 916/937] touchups and ordering --- roles/usb_lib/files/usbmount/usbmount | 36 ++++++++++++--------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 939a76c45..08b9e81c3 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,34 +96,30 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log info "/$DEVNAME does not contain a filesystem or disklabel" + log debug "/$DEVNAME does not contain a filesystem or disklabel" exit fi - log debug "DEVNAME /$DEVNAME" + log debug "/$DEVNAME contains filesystem type $FSTYPE" BOOTFW_DEV=$(/usr/bin/findmnt -no source /boot/firmware) log debug "BOOTFW_DEV $BOOTFW_DEV" - if [ $BOOTFW_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" - lockfile-remove /var/run/usbmount/.mount - exit - fi ROOT_DEV=$(/usr/bin/findmnt -no source /) log debug "ROOT_DEV $ROOT_DEV" - if [ $ROOT_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" - lockfile-remove /var/run/usbmount/.mount - exit - fi BOOT_DEV=$(/usr/bin/findmnt -no source /boot) log debug "BOOT_DEV $BOOT_DEV" - if [ $BOOT_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" - lockfile-remove /var/run/usbmount/.mount - exit + + if [ $BOOTFW_DEV = /$DEVNAME ]; then + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + lockfile-remove /var/run/usbmount/.mount + exit + elif [ $ROOT_DEV = /$DEVNAME ]; then + log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + lockfile-remove /var/run/usbmount/.mount + exit + elif [ $BOOT_DEV = /$DEVNAME ]; then + log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" + lockfile-remove /var/run/usbmount/.mount + exit fi # Try to use specifications in /etc/fstab to skip. @@ -145,7 +141,7 @@ if [ "$1" = add ]; then for v in $MOUNTPOINTS; do if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then mountpoint="$v" - log debug "mountpoint $mountpoint is available for $DEVNAME" + log debug "mountpoint $mountpoint is available for /$DEVNAME" break fi done From bd8c131ef667fd7e9c8eec674ad051872862c328 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 11:45:04 -0600 Subject: [PATCH 917/937] clearer dependencies --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 35f533652..660df7eb2 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -53,7 +53,7 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -- name: Install lockfile-progs and util-linux for usbmount from OS repo +- name: Install lockfile-progs and util-linux (findmnt blkid) for usbmount from OS repo package: name: - lockfile-progs From ebceb4a6ac970c00a22a2a4255e927695f158f52 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 13:28:05 -0600 Subject: [PATCH 918/937] upload2usb.php add 'grep media' to device filter --- roles/usb_lib/files/upload2usb/upload2usb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 38b5e0c86..643a46ed4 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -18,7 +18,7 @@ function getTargetUSBDriveLocation () { // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 # error if 1<>usb sticks are installed - $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | grep media | wc -l'); if ($rmv_usb_path_count == 0) { throw new RuntimeException('0 USB sticks found.

'); } elseif ($rmv_usb_path_count > 1) { From a96b46c22320876021ec336efb991f3c91576304 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Feb 2025 15:50:02 -0500 Subject: [PATCH 919/937] upload2usb/upload2usb.php: using existence of /media to determine if a USB stick is mounted or not for both count and upload location; changing tabs to spaces for the whole file --- roles/usb_lib/files/upload2usb/upload2usb.php | 91 +++++++++---------- 1 file changed, 44 insertions(+), 47 deletions(-) diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 643a46ed4..555a40f5a 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -10,27 +10,25 @@ set_exception_handler(function (Throwable $exception) { include ("error.php"); }); - //return the first removable USB drive location function getTargetUSBDriveLocation () { - // Get the first removal USB drive using - // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 - // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 + // Get the count of storage mounted at /media, and error if there is <>1 otherwise return upload path - # error if 1<>usb sticks are installed - $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | grep media | wc -l'); - if ($rmv_usb_path_count == 0) { - throw new RuntimeException('0 USB sticks found.

'); - } elseif ($rmv_usb_path_count > 1) { - throw new RuntimeException('More than 1 USB sticks installed.

'); - } + # error if 1<>usb sticks are installed + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs | cut -d " " -f 4 | grep "^MOUNTPOINT=\"/media" | wc -l'); - $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + if ($rmv_usb_path_count == 0) { + throw new RuntimeException('0 USB sticks found.

'); + } elseif ($rmv_usb_path_count > 1) { + throw new RuntimeException('More than 1 USB sticks installed.

'); + } + + $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs | cut -d " " -f 4 | grep "^MOUNTPOINT=\"/media" | cut -d "=" -f 2'))); if (empty($rmv_usb_path)) { - throw new RuntimeException('Not able to find USB stick.

'); + throw new RuntimeException('Not able to find USB stick.

'); } else { - return $rmv_usb_path . "/"; + return $rmv_usb_path . "/"; } } @@ -42,55 +40,55 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_writable_sticks' is set to 'True'.

"); - } - return $target_folder_path; + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_writable_sticks' is set to 'True'.

"); + } + return $target_folder_path; } //return number of files within a specified folder function getFileCount ($folder_path) { - return count(glob($folder_path . "/*")); + return count(glob($folder_path . "/*")); } //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { - $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); - foreach ($invalid_mimetypes_str as $invalid_mt_str) { - if (str_contains($mimetype, $invalid_mt_str)) { - error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); - return false; - } - } - return true; + $mimetype = strtolower(mime_content_type($file)); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); + foreach ($invalid_mimetypes_str as $invalid_mt_str) { + if (str_contains($mimetype, $invalid_mt_str)) { + error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); + return false; + } + } + return true; } //check file content to see if it's unique or not function isFileContentUnique ($target_folder_path, $file) { - $file_to_upload_md5 = md5_file($file); - $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); - foreach ($usb_dir as $dir_file) { - $dir_file = $target_folder_path . "/" . $dir_file; + $file_to_upload_md5 = md5_file($file); + $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); + foreach ($usb_dir as $dir_file) { + $dir_file = $target_folder_path . "/" . $dir_file; - if (!is_dir($dir_file)) { - $dir_file_md5 = md5_file($dir_file); - if ($file_to_upload_md5 == $dir_file_md5) { - return false; - } - } - } - return true; + if (!is_dir($dir_file)) { + $dir_file_md5 = md5_file($dir_file); + if ($file_to_upload_md5 == $dir_file_md5) { + return false; + } + } + } + return true; } //return unique filename function getUniqueFileName ($target_folder_path, $filename) { - $new_filename = $filename; - $counter = 1; - while (file_exists($target_folder_path . "/" . $new_filename)) { - $counter++; - $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); - } - return $new_filename; + $new_filename = $filename; + $counter = 1; + while (file_exists($target_folder_path . "/" . $new_filename)) { + $counter++; + $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); + } + return $new_filename; } // Check file size - we are not going to check file size for now. @@ -100,5 +98,4 @@ function getUniqueFileName ($target_folder_path, $filename) { // } - ?> From fe6516b2e953682b59a2c7bb0940b0ebff8bc44a Mon Sep 17 00:00:00 2001 From: avni Date: Fri, 14 Feb 2025 15:56:09 -0500 Subject: [PATCH 920/937] Add lockfile removal before exit in usbmount script per Jerry's recommendation. Add lockfile removal before exit in usbmount script per Jerry's recommendation. Also adjusted spacing! Read up on file locking a bit: - https://www.baeldung.com/linux/file-locking - https://linux.die.net/man/1/lockfile-create --- roles/usb_lib/files/usbmount/usbmount | 175 +++++++++++++------------- 1 file changed, 88 insertions(+), 87 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 08b9e81c3..8104564e7 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,8 +96,9 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log debug "/$DEVNAME does not contain a filesystem or disklabel" - exit + log debug "/$DEVNAME does not contain a filesystem or disklabel" + lockfile-remove /var/run/usbmount/.mount + exit fi log debug "/$DEVNAME contains filesystem type $FSTYPE" @@ -109,7 +110,7 @@ if [ "$1" = add ]; then log debug "BOOT_DEV $BOOT_DEV" if [ $BOOTFW_DEV = /$DEVNAME ]; then - log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" lockfile-remove /var/run/usbmount/.mount exit elif [ $ROOT_DEV = /$DEVNAME ]; then @@ -124,107 +125,107 @@ if [ "$1" = add ]; then # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then - log debug "skipping /$DEVNAME exit" - lockfile-remove /var/run/usbmount/.mount - exit + log debug "skipping /$DEVNAME exit" + lockfile-remove /var/run/usbmount/.mount + exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then - log debug "skipping $UUID" - lockfile-remove /var/run/usbmount/.mount + log debug "skipping $UUID" + lockfile-remove /var/run/usbmount/.mount exit else - log debug "/$DEVNAME contains filesystem type $FSTYPE" - fstype=$FSTYPE - # Test if the filesystem type is in the list of filesystem - # types to mount. - if in_list "$fstype" "$FILESYSTEMS"; then - # Search an available mountpoint. - for v in $MOUNTPOINTS; do - if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then - mountpoint="$v" - log debug "mountpoint $mountpoint is available for /$DEVNAME" - break - fi - done - if [ -n "$mountpoint" ]; then - # Determine mount options. - options= - for v in $FS_MOUNTOPTIONS; do - if expr "$v" : "-fstype=$fstype,."; then - options="$(echo "$v" | sed 's/^[^,]*,//')" - break - fi - done - if [ -n "$MOUNTOPTIONS" ]; then - options="$MOUNTOPTIONS${options:+,$options}" - fi + log debug "/$DEVNAME contains filesystem type $FSTYPE" + fstype=$FSTYPE + # Test if the filesystem type is in the list of filesystem + # types to mount. + if in_list "$fstype" "$FILESYSTEMS"; then + # Search an available mountpoint. + for v in $MOUNTPOINTS; do + if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then + mountpoint="$v" + log debug "mountpoint $mountpoint is available for /$DEVNAME" + break + fi + done + if [ -n "$mountpoint" ]; then + # Determine mount options. + options= + for v in $FS_MOUNTOPTIONS; do + if expr "$v" : "-fstype=$fstype,."; then + options="$(echo "$v" | sed 's/^[^,]*,//')" + break + fi + done + if [ -n "$MOUNTOPTIONS" ]; then + options="$MOUNTOPTIONS${options:+,$options}" + fi - # Mount the filesystem. - log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" - mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" + # Mount the filesystem. + log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" + mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" - # Determine vendor and model. - vendor= - if [ -r "/sys$DEVPATH/device/vendor" ]; then - vendor="`cat \"/sys$DEVPATH/device/vendor\"`" - elif [ -r "/sys$DEVPATH/../device/vendor" ]; then - vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" - elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then - vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" - elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then - vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" - fi - vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + # Determine vendor and model. + vendor= + if [ -r "/sys$DEVPATH/device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/device/vendor\"`" + elif [ -r "/sys$DEVPATH/../device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" + elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" + elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" + fi + vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" - model= - if [ -r "/sys$DEVPATH/device/model" ]; then - model="`cat \"/sys$DEVPATH/device/model\"`" - elif [ -r "/sys$DEVPATH/../device/model" ]; then - model="`cat \"/sys$DEVPATH/../device/model\"`" - elif [ -r "/sys$DEVPATH/device/../product" ]; then - model="`cat \"/sys$DEVPATH/device/../product\"`" - elif [ -r "/sys$DEVPATH/../device/../product" ]; then - model="`cat \"/sys$DEVPATH/../device/../product\"`" - fi - model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + model= + if [ -r "/sys$DEVPATH/device/model" ]; then + model="`cat \"/sys$DEVPATH/device/model\"`" + elif [ -r "/sys$DEVPATH/../device/model" ]; then + model="`cat \"/sys$DEVPATH/../device/model\"`" + elif [ -r "/sys$DEVPATH/device/../product" ]; then + model="`cat \"/sys$DEVPATH/device/../product\"`" + elif [ -r "/sys$DEVPATH/../device/../product" ]; then + model="`cat \"/sys$DEVPATH/../device/../product\"`" + fi + model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" - # Run hook scripts; ignore errors. - export UM_DEVICE="$DEVNAME" - export UM_MOUNTPOINT="$mountpoint" - export UM_FILESYSTEM="$fstype" - export UM_MOUNTOPTIONS="$options" - export UM_VENDOR="$vendor" - export UM_MODEL="$model" - log info "executing command: run-parts /etc/usbmount/mount.d" - run-parts /etc/usbmount/mount.d || : - else - # No suitable mount point found. - log warning "no mountpoint found for $DEVNAME" - exit 1 - fi + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + export UM_MOUNTOPTIONS="$options" + export UM_VENDOR="$vendor" + export UM_MODEL="$model" + log info "executing command: run-parts /etc/usbmount/mount.d" + run-parts /etc/usbmount/mount.d || : + else + # No suitable mount point found. + log warning "no mountpoint found for $DEVNAME" + exit 1 + fi fi - fi +fi elif [ "$1" = remove ]; then # A block or partition device has been removed. # Test if it is mounted. while read device mountpoint fstype remainder; do - if [ "$DEVNAME" = "$device" ]; then + if [ "$DEVNAME" = "$device" ]; then # If the mountpoint and filesystem type are maintained by # this script, unmount the filesystem. if in_list "$mountpoint" "$MOUNTPOINTS" && - in_list "$fstype" "$FILESYSTEMS"; then - log info "executing command: umount -l $mountpoint" - umount -l "$mountpoint" + in_list "$fstype" "$FILESYSTEMS"; then + log info "executing command: umount -l $mountpoint" + umount -l "$mountpoint" - # Run hook scripts; ignore errors. - export UM_DEVICE="$DEVNAME" - export UM_MOUNTPOINT="$mountpoint" - export UM_FILESYSTEM="$fstype" - log info "executing command: run-parts /etc/usbmount/umount.d" - run-parts /etc/usbmount/umount.d || : - fi - break - fi + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + log info "executing command: run-parts /etc/usbmount/umount.d" + run-parts /etc/usbmount/umount.d || : + fi + break + fi done < /proc/mounts else log err "unexpected: action '$1'" From f52b3908218f38e2b4b62d05e7ececb74c133eda Mon Sep 17 00:00:00 2001 From: root Date: Sat, 15 Feb 2025 18:36:28 +0000 Subject: [PATCH 921/937] usb_lib/tasks/main.yml: updating USB_LIB description to be more clear about the two-way information/data exchange between teachers and students --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 4d2710874..0c4e3c1c4 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -77,7 +77,7 @@ - option: name value: USB_LIB - option: description - value: '"USB_LIB automounts Teacher Content on USB sticks to /library/www/html/local_content, so students can browse the USB AND upload their work to the USB, all at http://box/usb"' + value: '"USB_LIB (1) automounts teacher content on USB sticks to /library/www/html/local_content, so students can browse the USB; AND (2) allows students to upload their work to USB sticks / drives, all from http://box/usb"' - option: usb_lib_install value: "{{ usb_lib_install }}" - option: usb_lib_enabled From e80b912eeab2c0173f16e6f85229ccc73b4990af Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 15 Feb 2025 15:12:20 -0500 Subject: [PATCH 922/937] usb_lib/tasks/main.yml: Tiny comment update RE: iiab.conf.j2 --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 0c4e3c1c4..ee4bd18ea 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -1,7 +1,7 @@ # TO DO: (2020-02-13) # - Look at analogous NGINX logic for http://box/usb in # nginx/templates/iiab.conf.j2 and make that visually meaningful for teachers: -# https://github.com/iiab/iiab/blob/master/roles/nginx/templates/iiab.conf.j2#L5-L8 +# https://github.com/iiab/iiab/blob/master/roles/nginx/templates/iiab.conf.j2#L5-L9 # "How do i fail a task in Ansible if the variable contains a boolean value? From 66a35ee9508925ac11bf3aa0b47ebb2a3811d165 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Feb 2025 02:42:17 -0600 Subject: [PATCH 923/937] jupyterhub drop --system-site-packages --- roles/jupyterhub/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 4e23f9ccc..d4d9d99e8 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -51,7 +51,8 @@ - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 + #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --prefer-binary" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 @@ -68,7 +69,8 @@ - ipywidgets virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 + #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" From 2ef96ad0ff6601d80d16c3da494d690e5fc2517f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Feb 2025 02:49:09 -0600 Subject: [PATCH 924/937] jupyterhub drop python3-psutil --- roles/jupyterhub/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d4d9d99e8..d55fdf696 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -17,11 +17,11 @@ shell: df -B1 --output=used / | tail -1 register: df1 - -- name: "Install package: python3-psutil" - package: - name: python3-psutil - state: present +# 2025-02-16 +#- name: "Install package: python3-psutil" +# package: +# name: python3-psutil +# state: present - name: Remove previous virtual environment {{ jupyterhub_venv }} file: From bbdd45365d1c457f709e30bbac47f397b3f809a1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Feb 2025 12:36:27 -0600 Subject: [PATCH 925/937] update ansible.cfg for use with python3.13 --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index 4030a931e..deb5328ed 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -5,4 +5,4 @@ # Disallowed by Ansible 2.11+ -- see https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.7.html#using-a-loop-on-a-package-module-via-squash-actions #squash_actions = apk, apt, dnf, homebrew, openbsd_pkg, pacman, pkgng, yum, zypper, package [defaults] -interpreter_python=/usr/bin/python3 +interpreter_python=/usr/local/ansible/bin/python3 From f16bd2a6b5674027f9262a100a639cccc2aed5d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 16 Feb 2025 15:02:50 -0500 Subject: [PATCH 926/937] jupyterhub/tasks/install.yml touchup: Comment out `virtualenv_site_packages: no` as tested on PR #3948 --- roles/jupyterhub/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d55fdf696..b6f6c4c83 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -50,7 +50,7 @@ - wheel - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) @@ -68,7 +68,7 @@ - jupyterhub-systemdspawner - ipywidgets virtualenv: "{{ jupyterhub_venv }}" - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 From d1dd071c814f560e5bee73784a2b45e7c893372f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 16 Feb 2025 22:02:54 -0500 Subject: [PATCH 927/937] jupyterhub/tasks/install.yml: Mention disk footprint is ~316 MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index b6f6c4c83..57a503014 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -43,7 +43,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~326 MB total, after 2 Ansible calls)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~316 MB total, after 2 Ansible calls)" pip: name: - pip From 957a89d67ca182ce0c2660b0ce14d8aa32527a1d Mon Sep 17 00:00:00 2001 From: root Date: Mon, 17 Feb 2025 01:59:15 -0500 Subject: [PATCH 928/937] pip install {pymysql,psycopg,passlib} to Ansible venv, on demand --- roles/munin/tasks/install.yml | 10 ++++++++-- roles/mysql/tasks/install.yml | 10 ++++++++-- roles/postgresql/tasks/install.yml | 10 ++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 3895b7bf9..89fe254cf 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -9,7 +9,7 @@ name: net.ipv6.conf.all.disable_ipv6 value: 0 -- name: "Install 5 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra, python3-passlib" +- name: "Install 4 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra" package: name: #- libapache2-mod-fcgid @@ -17,9 +17,15 @@ - munin - munin-node - munin-plugins-extra - - python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below + #- python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below state: present +- name: pip install 'passlib' into venv /usr/local/ansible -- for Ansible module 'htpasswd' in Ansible collection community.general -- used just below + pip: + name: passlib + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + # SEE ALSO roles/network/tasks/install.yml - name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 sysctl: diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 87bcd9c1a..5bcfbb9bd 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -3,16 +3,22 @@ register: df1 -- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql, python3-pymysql' +- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql' package: name: - mariadb-server - mariadb-client #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx.yml, wordpress/tasks/install.yml - - python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} + #- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} state: present +- name: pip install 'pymysql' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} + pip: + name: pymysql + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + # 2020-07-11: 10 PHP package installs moved to roles/www_base/tasks/main.yml # php{{ php_version }}-sqlite3 install moved to roles/osm-vector-maps/tasks/install.yml diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index f07cf943d..04c6c41d2 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -3,14 +3,20 @@ register: df1 -- name: 'Install packages: postgresql, postgresql-client, python3-psycopg2' +- name: 'Install packages: postgresql, postgresql-client' package: name: - postgresql - postgresql-client - - python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml + #- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present +- name: pip install 'psycopg' into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml + pip: + name: psycopg + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + - name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s) shell: pg_config --version | sed 's/^[^0-9]*//; s/[^0-9].*//' register: pg_config_version From 36e43227752d9d013a6f2a04f36dee2fe9d27ff3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 17 Feb 2025 03:56:40 -0500 Subject: [PATCH 929/937] mysql/tasks/install.yml: Respect original typography 'PyMySQL' --- roles/mysql/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 5bcfbb9bd..1b8a04388 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -13,9 +13,9 @@ #- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} state: present -- name: pip install 'pymysql' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} +- name: pip install 'PyMySQL' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} pip: - name: pymysql + name: PyMySQL virtualenv: /usr/local/ansible extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 From 96324233d8b33afcf03ef93b219d755472113f29 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 17 Feb 2025 04:21:44 -0500 Subject: [PATCH 930/937] Clarify PR #3950: 'pip install psycopg' is NEW "Psycopg 3" for PostgreSQL --- roles/postgresql/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 04c6c41d2..ce14600c5 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -11,7 +11,7 @@ #- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present -- name: pip install 'psycopg' into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml +- name: pip install 'psycopg' (NEW Psycopg 3) into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml pip: name: psycopg virtualenv: /usr/local/ansible From 1308fb86708c00b4f7ac49c24e8cd1f515dfc4dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Feb 2025 15:21:00 -0500 Subject: [PATCH 931/937] Update Nextcloud 30.0.6 disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index d0588aac9..2fae98551 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~180 MB) to {{ nextcloud_root_dir }} (~687 MB initially, sometimes ~721 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~183 MB) to {{ nextcloud_root_dir }} (~707 MB initially, sometimes ~741 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 6d5fcdbcc288c68da89821441253393f869ed0aa Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 Feb 2025 18:25:07 -0600 Subject: [PATCH 932/937] Recommend ansible-core 2.18.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index c5ab3e074..22c8cbacd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.2] -GOOD_VER=2.18.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.3] +GOOD_VER=2.18.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 89b1487dc2849dd70fd01e7bf68067a4c777e5e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 Feb 2025 15:40:39 -0500 Subject: [PATCH 933/937] Update Nextcloud 31.0.0 disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 2fae98551..37429ea0e 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~183 MB) to {{ nextcloud_root_dir }} (~707 MB initially, sometimes ~741 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~216 MB) to {{ nextcloud_root_dir }} (~844 MB initially, sometimes ~878 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 2461a8fde39fcf4d399f40c6ef342d34d0ceb6c4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Mar 2025 11:41:34 -0500 Subject: [PATCH 934/937] iiab-diagnostics: Also record /etc/locale.conf --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 51a7d6797..383f714e9 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -173,7 +173,8 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image -cat_file /etc/default/locale +cat_file /etc/default/locale 'e.g. on Debian 12' +cat_file /etc/locale.conf 'e.g. on Debian 13' cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env From ac12c6db0b2da14247bde6d2859a4ca6347b73d0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Mar 2025 11:42:37 -0500 Subject: [PATCH 935/937] iiab-diagnostics.README.md: Update line number --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index d11c13720..7c064b757 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-272 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-273 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From cb42942699f2b4cfe6485ea5a0bbc8c853abd412 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Mar 2025 11:46:21 -0500 Subject: [PATCH 936/937] iiab-diagnostics: Clarify that Ubuntu too uses /etc/locale.conf --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 383f714e9..ae7376648 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -174,7 +174,7 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image cat_file /etc/default/locale 'e.g. on Debian 12' -cat_file /etc/locale.conf 'e.g. on Debian 13' +cat_file /etc/locale.conf 'e.g. on Debian 13+ and Ubuntu' cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env From 96ddd6620d8601c54d0d729c7d07c9725b2442d0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Mar 2025 11:51:09 -0500 Subject: [PATCH 937/937] iiab-diagnostics: Fix comments --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ae7376648..193ba4fc7 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -173,13 +173,13 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image -cat_file /etc/default/locale 'e.g. on Debian 12' -cat_file /etc/locale.conf 'e.g. on Debian 13+ and Ubuntu' +cat_file /etc/default/locale # e.g. on Debian 12 +cat_file /etc/locale.conf # e.g. on Debian 13+ and Ubuntu cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini -cat_file /etc/iiab/local_vars.yml # Redacts most passwords above +cat_file /etc/iiab/local_vars.yml # Redacts most passwords above cat_file /etc/iiab/iiab_state.yml cat_file /etc/resolv.conf cat_file /etc/network/interfaces