From 419ecbea415b82b950ec36cb04c9679f4b3d3f84 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 26 Dec 2021 17:14:43 -0500 Subject: [PATCH 0001/1758] local_facts.fact: Clean null byte from /proc/device-tree/model --- scripts/local_facts.fact | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 168aaf84a..16bf0104a 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -95,13 +95,13 @@ tmp=$(git rev-parse --verify HEAD) && #tmp=$(cat /proc/device-tree/mfg-data/MN) && # XO_MODEL=$tmp -tmp=$(grep -ai raspberry /proc/device-tree/model) && +tmp=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') && RPI_MODEL=$tmp # /proc/device-tree/model e.g. 'Parallels ARM Virtual Machine' identical to... # /sys/firmware/devicetree/base/model (also true on RPi hardware!) -tmp=$(cat /proc/device-tree/model) && +tmp=$(tr -d '\0' < /proc/device-tree/model) && DEVICETREE_MODEL=$tmp tmp=$(ansible --version) && From c63738989201f5349bec488920f4e90325b56aa7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 27 Dec 2021 19:58:42 -0500 Subject: [PATCH 0002/1758] local_facts.fact: Explain null byte cleanup PR #3086 --- scripts/local_facts.fact | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 16bf0104a..553896f73 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -101,6 +101,8 @@ tmp=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') && # /proc/device-tree/model e.g. 'Parallels ARM Virtual Machine' identical to... # /sys/firmware/devicetree/base/model (also true on RPi hardware!) +# tr -d '\0' ...strips out its null byte, for cleaner output (PR #3086) + tmp=$(tr -d '\0' < /proc/device-tree/model) && DEVICETREE_MODEL=$tmp From 27fe26f8de6952a714075cf450f569e92a71c366 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Dec 2021 13:12:46 -0500 Subject: [PATCH 0003/1758] iiab-test-wifi.j2: WiFi country code progress on arm64 OS's discussed on #3078 --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index a87dd003b..6757846d3 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -25,6 +25,7 @@ fi # covers netplan's bugs workaround # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 +# WiFi country code progress on arm64 OS's discussed on #3078 if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` From 918e99570cde528ba6f17b72f0908fc489b988bf Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 30 Dec 2021 15:12:40 -0500 Subject: [PATCH 0004/1758] Update roles/calibre-web/README.rst --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 84b5cadae..d44fb0f16 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -21,7 +21,7 @@ https://github.com/janeczku/calibre-web#about This Ansible role installs Calibre-Web as part of your Internet-in-a-Box (IIAB) as a possible alternative to Calibre. -*WARNING: Calibre-Web depends on Calibre's own /usr/bin/ebook-convert program, +*WARNING: Calibre-Web depends on Calibre's own* ``/usr/bin/ebook-convert`` *program, so we strongly recommend you also install Calibre during your IIAB installation!* @@ -153,7 +153,7 @@ Known Issues * |ss| Imagemagick policy prevents generating thumbnails for PDF's during upload: `#1530 `_ `janeczku/calibre-web#827 `_ |se| -* Upload of not supported file formats gives no feedback to the user: `janeczku/calibre-web#828 `_ +* |ss| Upload of not supported file formats gives no feedback to the user: `janeczku/calibre-web#828 `_ |se| |nbsp| Fixed by `361a124 `_ on 2019-02-27. * *Please assist us in reporting serious issues here:* https://github.com/janeczku/calibre-web/issues From d10c98e26b3e3b607b6ad209e5a8c6e7c0aabd74 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 30 Dec 2021 18:04:23 -0500 Subject: [PATCH 0005/1758] local_facts.fact: Stop supporting Ubuntu 21.04 --- scripts/local_facts.fact | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 553896f73..80b6a7068 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -62,6 +62,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-17" | \ #"ubuntu-18" | \ #"ubuntu-19" | \ + #"ubuntu-2104" | \ #"centos-7" | \ #"raspbian-8" | \ #"raspbian-9" | \ @@ -74,7 +75,6 @@ case $OS_VER in "debian-11" | \ "debian-12" | \ "ubuntu-2004" | \ - "ubuntu-2104" | \ "ubuntu-2110" | \ "ubuntu-2204" | \ "linuxmint-20" | \ From fbb7e5f5d0b90f6cb4882e945c686533eeb081c8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 30 Dec 2021 20:05:10 -0500 Subject: [PATCH 0006/1758] local_vars_medium.yml: let's give Kolibri a shot --- vars/local_vars_medium.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 52d710ca2..10ae8f042 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -260,8 +260,8 @@ kalite_install: True kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org -kolibri_install: False -kolibri_enabled: False +kolibri_install: True +kolibri_enabled: True kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From b0e989ab344c234a5ea772daa6a565da8ba86595 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Dec 2021 20:35:04 -0500 Subject: [PATCH 0007/1758] kiwix/defaults/main.yml: Try kiwix-tools 2022-01-01 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 2920d60b1..96a79c4b7 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-2021-12-24 -kiwix_version_linux64: kiwix-tools_linux-x86_64-2021-12-24 -kiwix_version_i686: kiwix-tools_linux-i586-2021-12-24 +kiwix_version_armhf: kiwix-tools_linux-armhf-2022-01-01 +kiwix_version_linux64: kiwix-tools_linux-x86_64-2022-01-01 +kiwix_version_i686: kiwix-tools_linux-i586-2022-01-01 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From b2b56668727f5a7b3043e00b3c5e14681044d6d0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Dec 2021 21:50:51 -0500 Subject: [PATCH 0008/1758] local_facts.fact: $RPI_MODEL should be "none" when not a Raspberry Pi --- scripts/local_facts.fact | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 80b6a7068..164efbb89 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -95,8 +95,8 @@ tmp=$(git rev-parse --verify HEAD) && #tmp=$(cat /proc/device-tree/mfg-data/MN) && # XO_MODEL=$tmp -tmp=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') && - RPI_MODEL=$tmp +grep -iq raspberry /proc/device-tree/model && + RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') # /proc/device-tree/model e.g. 'Parallels ARM Virtual Machine' identical to... # /sys/firmware/devicetree/base/model (also true on RPi hardware!) From 56ce56bfa8a9ff4fbeecf214c1410e639ac957fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Dec 2021 22:11:38 -0500 Subject: [PATCH 0009/1758] gitea/tasks/install.yml: Note /library/gitea/bin/gitea-1.15 is ~102MB --- roles/gitea/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index fa934c71b..39e9279f1 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -43,10 +43,10 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~104 MB) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~102 MB) get_url: url: "{{ gitea_download_url }}" - dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.14 + dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.15 mode: 0775 timeout: "{{ download_timeout }}" From 78cc7de44681f197baec83068126e11ce13cebc2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Dec 2021 22:21:08 -0500 Subject: [PATCH 0010/1758] nextcloud/tasks/install.yml: Nextcloud 23.0.0 latest.tar.bz2 is ~132MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 541029206..968dc8c08 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~139 MB) to {{ nextcloud_root_dir }} (~474 MB initially, 496+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~132 MB) to {{ nextcloud_root_dir }} (~474 MB initially, 496+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From a32473c1bf57b7bdf5478f634890f575f7d8cfb0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Jan 2022 14:43:14 -0500 Subject: [PATCH 0011/1758] www_base/tasks/php-stem.yml: x86 -> x64 typo bug --- roles/www_base/tasks/php-stem.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/tasks/php-stem.yml b/roles/www_base/tasks/php-stem.yml index fd8256066..8bce0fd08 100644 --- a/roles/www_base/tasks/php-stem.yml +++ b/roles/www_base/tasks/php-stem.yml @@ -47,7 +47,7 @@ armv6l: armhf armv7l: armhf aarch64: aarch64 - x86_64: x86 + x86_64: x64 - name: Set php_stem_arch to "{{ php_stem_arches[ansible_machine] }}" using php_stem_arches[ansible_machine is "{{ ansible_machine }}"] set_fact: From 436b9a2810c3d044cb47469ac47019f7f9d5e319 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Jan 2022 18:38:06 -0500 Subject: [PATCH 0012/1758] nginx/templates/server.conf.j2: client_max_body_size 1M -> 500M --- roles/nginx/templates/server.conf.j2 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 4760bce64..84413f4e7 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -7,6 +7,15 @@ server { index index.php index.html index.htm; + # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. + # So IIAB sets this to 500M, roughly aligning with similar settings... + # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: + # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 + # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 + # 2. 'client_max_body_size 512M;' is set in: + # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 + client_max_body_size 500M; + # let individual services drop location blocks in conf.d include {{ nginx_conf_dir }}/*; From f46892d274fa231fe957c73f0156eb3b6ac83810 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Jan 2022 10:26:23 -0500 Subject: [PATCH 0013/1758] kiwix/defaults/main.yml: Try kiwix-tools 2022-01-04 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 96a79c4b7..e34745120 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-2022-01-01 -kiwix_version_linux64: kiwix-tools_linux-x86_64-2022-01-01 -kiwix_version_i686: kiwix-tools_linux-i586-2022-01-01 +kiwix_version_armhf: kiwix-tools_linux-armhf-2022-01-04 +kiwix_version_linux64: kiwix-tools_linux-x86_64-2022-01-04 +kiwix_version_i686: kiwix-tools_linux-i586-2022-01-04 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From 75afa902a575c6b3e6860c44e16f9c914ffafd8c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Jan 2022 16:17:30 -0500 Subject: [PATCH 0014/1758] sugarizer/defaults/main.yml: 1.5.0 -> 1.6.0 --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 4ddd4a706..f43f85374 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -9,8 +9,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -sugarizer_dir_version: sugarizer-1.5.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0 -sugarizer_git_version: v1.5.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0 +sugarizer_dir_version: sugarizer-1.6.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0 +sugarizer_git_version: v1.6.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases sugarizer_server_dir_version: sugarizer-server-1.4.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0 From 64efea041df79ca1fa07a31f278edf21d03d0d04 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 7 Jan 2022 01:59:21 -0500 Subject: [PATCH 0015/1758] WIP: RPi WiFi firmware cleanup/options, espec for 3B+ & 4 --- roles/firmware/tasks/download.yml | 25 ++++---- roles/firmware/tasks/install.yml | 61 ++++++++++++++++++++ roles/firmware/templates/iiab-check-firmware | 40 ++++++------- vars/default_vars.yml | 27 +++++++-- vars/local_vars_large.yml | 31 +++++++--- vars/local_vars_medium.yml | 31 +++++++--- vars/local_vars_small.yml | 31 +++++++--- vars/local_vars_unittest.yml | 31 +++++++--- 8 files changed, 207 insertions(+), 70 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index d35147013..83a3438eb 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -1,22 +1,27 @@ -- name: Back up original e.g. OS-provided firmware (for RPi internal WiFi) +- name: Back up 4 OS-provided firmware files to .orig (for RPi internal WiFi) copy: - src: "/lib/firmware/brcm/{{ item }}" - dest: "/lib/firmware/brcm/{{ item }}.orig" + src: /lib/firmware/brcm/{{ item }} + dest: /lib/firmware/brcm/{{ item }}.orig with_items: - brcmfmac43430-sdio.bin + - brcmfmac43430-sdio.clm_blob - brcmfmac43455-sdio.bin - brcmfmac43455-sdio.clm_blob + ignore_errors: yes -- name: Download high-capacity older firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202) +- name: Download high-capacity firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202) get_url: - url: "{{ item.url }}" - dest: "{{ item.dest }}" + url: "{{ item }}" + dest: /lib/firmware/brcm/ timeout: "{{ download_timeout }}" with_items: - - { url: 'http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65', dest: '/lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab' } - - { url: 'http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65', dest: '/lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab' } - - { url: 'http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1', dest: '/lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab' } - - { url: 'http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi', dest: '/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab' } + - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin + - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 + - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob + - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 + - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi + - http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 + - http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 # RECORD firmware AS DOWNLOADED diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index ce7004ea2..3b3b78e9a 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -2,6 +2,67 @@ include_tasks: download.yml when: firmware_downloaded is undefined # SEE ALSO firmware_installed below + +# Set 2 symlinks for RPi 3 B+ and 4 + +- name: Populate rpi3bplus_rpi4_wifi_firmwares dictionary (lookup table for 43455 .bin and .clm_blob files in /lib/firmware/brcm) + set_fact: + rpi3bplus_rpi4_wifi_firmwares: # Dictionary keys (left side) are always strings, e.g. "19" + os: + - brcmfmac43455-sdio.bin.orig + - brcmfmac43455-sdio.clm_blob.orig + 19: + - brcmfmac43455-sdio.bin_2021-11-30_minimal + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi + 24: + - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi + 32: + - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 + - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi + +- name: Symlink brcmfmac43455-sdio.bin.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") + file: + src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }}" + path: /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab + state: link + force: yes + +- name: Symlink brcmfmac43455-sdio.clm_blob.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") + file: + src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }}" + path: /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab + state: link + force: yes + + +# Set 2 symlinks for RPi Zero W and 3 + +- name: Populate rpizerow_rpi3_wifi_firmwares dictionary (lookup table for 43430 .bin and .clm_blob files in /lib/firmware/brcm) + set_fact: + rpizerow_rpi3_wifi_firmwares: + os: + - brcmfmac43430-sdio.bin.orig + - brcmfmac43430-sdio.clm_blob.orig + 30: + - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 + - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 + +- name: Symlink brcmfmac43430-sdio.bin.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") + file: + src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }}" + path: /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab + state: link + force: yes + +- name: Symlink brcmfmac43430-sdio.clm_blob.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") + file: + src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }}" + path: /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab + state: link + force: yes + + - name: 'Install from template: /usr/bin/iiab-check-firmware, /etc/systemd/system/iiab-check-firmware.service & /etc/profile.d/iiab-firmware-warn.sh' template: src: "{{ item.src }}" diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index aeda2366e..024a074b7 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -1,6 +1,6 @@ #!/bin/bash -WARN=0 +WARN=false DATE=$(date +%F-%T) # 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml @@ -13,43 +13,41 @@ DATE=$(date +%F-%T) if grep -q '^wifi_hotspot_capacity_rpi_fix:\s\+[fF]alse\b' /etc/iiab/local_vars.yml ; then echo "'wifi_hotspot_capacity_rpi_fix: False' found in /etc/iiab/local_vars.yml" echo "...so WiFi firmware will NOT be checked or replaced." - exit 0 fi echo -e "'wifi_hotspot_capacity_rpi_fix: True' presumed..." echo -e "...in /etc/iiab/local_vars.yml (or /opt/iiab/iiab/vars/default_vars.yml ?)\n" -if ! $(diff -q /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin); then +if ! cmp -s /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin ; then mv /lib/firmware/brcm/brcmfmac43455-sdio.bin /lib/firmware/brcm/brcmfmac43455-sdio.bin.$DATE - cp /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin - echo "Replacing /lib/firmware/brcm/brcmfmac43455-sdio.bin" - WARN=1 + ln -sf brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin + echo "Replaced /lib/firmware/brcm/brcmfmac43455-sdio.bin" + WARN=true fi -if ! $(diff -q /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob); then +if ! cmp -s /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob ; then mv /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.$DATE - cp /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob - echo "Replacing /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob" - WARN=1 + ln -sf brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob + echo "Replaced /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob" + WARN=true fi -if ! $(diff -q /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin); then +if ! cmp -s /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin ; then mv /lib/firmware/brcm/brcmfmac43430-sdio.bin /lib/firmware/brcm/brcmfmac43430-sdio.bin.$DATE - cp /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin - cp /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob - echo "Replacing /lib/firmware/brcm/brcmfmac43430-sdio.bin" - WARN=1 + ln -sf brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin + echo "Replaced /lib/firmware/brcm/brcmfmac43430-sdio.bin" + WARN=true fi -if ! $(diff -q /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob); then +if ! cmp -s /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob ; then mv /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.$DATE - cp /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob - echo "Replacing /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob" - WARN=1 + ln -sf brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob + echo "Replaced /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob" + WARN=true fi -if [ "$WARN" = "1" ]; then +if $($WARN); then echo -e "\n \e[41;1mWiFi Firmware has been replaced, per iiab/iiab#823.\e[0m" echo -e " \e[41;1mReboot is required to activate.\e[0m\n" touch /.fw_replaced @@ -62,5 +60,3 @@ else rm /.fw_replaced fi fi - -# exit 0 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 128cb899b..db9fb8659 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -111,14 +111,29 @@ host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g host_channel: 6 -hostapd_secure: False # 2021-03-02 #2696 WiFi EAPOL fails if hotspot passwords, -hostapd_password: changeme # eg if firmware wifi_hotspot_capacity_rpi_fix: True +hostapd_secure: False # 2021-03-02 WiFi EAPOL fails if hotspot passwords, +hostapd_password: changeme # espec if WiFi firmware patched below? #2696 hostapd_install: True # 2020-01-21: this var MIGHT be implemented in future. hostapd_enabled: True -wifi_hotspot_capacity_rpi_fix: True # Restores the ability of RPi internal -# WiFi hotspots to service 30-to-32 client devices. Background explanation: -# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and PR #2472. -wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi + +# Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the +# internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or +# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# +#rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 +#rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! +#rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's +# +# BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# +# Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the +# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# +#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 + +wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). # Set True if client machines should have "passthrough" access to WAN/Internet: diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 6ca05ce25..cb86a0f81 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -1,7 +1,7 @@ # This is local_vars_large.yml -- copy it to /etc/iiab/local_vars.yml then... # modify variables below, to override /opt/iiab/iiab/vars/default_vars.yml -# PLZ READ http://wiki.laptop.org/go/IIAB/local_vars.yml AND http://FAQ.IIAB.IO +# READ "What is local_vars.yml and how do I customize it?" AT http://FAQ.IIAB.IO # Orig Idea: branch github.com/xsce/xsce-local for your deployment/community # IIAB does NOT currently support uninstalling apps! So: if any IIAB app is @@ -54,17 +54,32 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires Wi-Fi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g host_channel: 6 -hostapd_secure: False # 2021-03-02 #2696 WiFi EAPOL fails if hotspot passwords, -hostapd_password: changeme # eg if firmware wifi_hotspot_capacity_rpi_fix: True -wifi_hotspot_capacity_rpi_fix: True # Restores the ability of RPi internal -# WiFi hotspots to service 30-to-32 client devices. Background explanation: -# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and PR #2472. -wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi +hostapd_secure: False # 2021-03-02 WiFi EAPOL fails if hotspot passwords, +hostapd_password: changeme # espec if WiFi firmware patched below? #2696 + +# Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the +# internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or +# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# +#rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 +#rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! +#rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's +# +# BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# +# Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the +# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# +#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 + +wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). # Set True if client machines should have "passthrough" access to WAN/Internet: diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 10ae8f042..dfbfcfc2e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -1,7 +1,7 @@ # This is local_vars_medium.yml -- copy it to /etc/iiab/local_vars.yml then... # modify variables below, to override /opt/iiab/iiab/vars/default_vars.yml -# PLZ READ http://wiki.laptop.org/go/IIAB/local_vars.yml AND http://FAQ.IIAB.IO +# READ "What is local_vars.yml and how do I customize it?" AT http://FAQ.IIAB.IO # Orig Idea: branch github.com/xsce/xsce-local for your deployment/community # IIAB does NOT currently support uninstalling apps! So: if any IIAB app is @@ -54,17 +54,32 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires Wi-Fi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g host_channel: 6 -hostapd_secure: False # 2021-03-02 #2696 WiFi EAPOL fails if hotspot passwords, -hostapd_password: changeme # eg if firmware wifi_hotspot_capacity_rpi_fix: True -wifi_hotspot_capacity_rpi_fix: True # Restores the ability of RPi internal -# WiFi hotspots to service 30-to-32 client devices. Background explanation: -# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and PR #2472. -wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi +hostapd_secure: False # 2021-03-02 WiFi EAPOL fails if hotspot passwords, +hostapd_password: changeme # espec if WiFi firmware patched below? #2696 + +# Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the +# internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or +# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# +#rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 +#rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! +#rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's +# +# BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# +# Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the +# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# +#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 + +wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). # Set True if client machines should have "passthrough" access to WAN/Internet: diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index ffba2d848..79ac39b94 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -1,7 +1,7 @@ # This is local_vars_small.yml -- copy it to /etc/iiab/local_vars.yml then... # modify variables below, to override /opt/iiab/iiab/vars/default_vars.yml -# PLZ READ http://wiki.laptop.org/go/IIAB/local_vars.yml AND http://FAQ.IIAB.IO +# READ "What is local_vars.yml and how do I customize it?" AT http://FAQ.IIAB.IO # Orig Idea: branch github.com/xsce/xsce-local for your deployment/community # IIAB does NOT currently support uninstalling apps! So: if any IIAB app is @@ -54,17 +54,32 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires Wi-Fi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g host_channel: 6 -hostapd_secure: False # 2021-03-02 #2696 WiFi EAPOL fails if hotspot passwords, -hostapd_password: changeme # eg if firmware wifi_hotspot_capacity_rpi_fix: True -wifi_hotspot_capacity_rpi_fix: True # Restores the ability of RPi internal -# WiFi hotspots to service 30-to-32 client devices. Background explanation: -# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and PR #2472. -wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi +hostapd_secure: False # 2021-03-02 WiFi EAPOL fails if hotspot passwords, +hostapd_password: changeme # espec if WiFi firmware patched below? #2696 + +# Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the +# internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or +# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# +#rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 +#rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! +#rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's +# +# BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# +# Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the +# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# +#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 + +wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). # Set True if client machines should have "passthrough" access to WAN/Internet: diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 02e928c90..b54d575f1 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -1,7 +1,7 @@ # This is local_vars_unittest.yml -- copy it to /etc/iiab/local_vars.yml then... # modify variables below, to override /opt/iiab/iiab/vars/default_vars.yml -# PLZ READ http://wiki.laptop.org/go/IIAB/local_vars.yml AND http://FAQ.IIAB.IO +# READ "What is local_vars.yml and how do I customize it?" AT http://FAQ.IIAB.IO # Orig Idea: branch github.com/xsce/xsce-local for your deployment/community # IIAB does NOT currently support uninstalling apps! So: if any IIAB app is @@ -54,17 +54,32 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires Wi-Fi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: host_country_code: US host_ssid: unittest host_wifi_mode: g host_channel: 6 -hostapd_secure: False # 2021-03-02 #2696 WiFi EAPOL fails if hotspot passwords, -hostapd_password: changeme # eg if firmware wifi_hotspot_capacity_rpi_fix: True -wifi_hotspot_capacity_rpi_fix: True # Restores the ability of RPi internal -# WiFi hotspots to service 30-to-32 client devices. Background explanation: -# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and PR #2472. -wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi +hostapd_secure: False # 2021-03-02 WiFi EAPOL fails if hotspot passwords, +hostapd_password: changeme # espec if WiFi firmware patched below? #2696 + +# Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the +# internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or +# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# +#rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 +#rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! +#rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's +# +# BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# +# Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the +# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# +#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 + +wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). # Set True if client machines should have "passthrough" access to WAN/Internet: From 81790ba305f34ba6fad56dc41982f50cebfd1be0 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 7 Jan 2022 03:47:39 -0500 Subject: [PATCH 0016/1758] Clarify RPi WiFi firmware capacity options --- roles/firmware/tasks/install.yml | 16 ++-- roles/firmware/tasks/main.yml | 15 ++-- roles/firmware/templates/iiab-check-firmware | 78 +++++++------------ .../firmware/templates/iiab-firmware-warn.sh | 15 ++-- 4 files changed, 53 insertions(+), 71 deletions(-) diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 3b3b78e9a..c0fcfa532 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -3,9 +3,9 @@ when: firmware_downloaded is undefined # SEE ALSO firmware_installed below -# Set 2 symlinks for RPi 3 B+ and 4 +# Set 2 symlinks for RPi 3 B+ and 4 (43455) -- name: Populate rpi3bplus_rpi4_wifi_firmwares dictionary (lookup table for 43455 .bin and .clm_blob files in /lib/firmware/brcm) +- name: Populate rpi3bplus_rpi4_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/brcm) set_fact: rpi3bplus_rpi4_wifi_firmwares: # Dictionary keys (left side) are always strings, e.g. "19" os: @@ -21,14 +21,14 @@ - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi -- name: Symlink brcmfmac43455-sdio.bin.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") +- name: Symlink /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") file: src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }}" path: /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab state: link force: yes -- name: Symlink brcmfmac43455-sdio.clm_blob.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") +- name: Symlink /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") file: src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }}" path: /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab @@ -36,9 +36,9 @@ force: yes -# Set 2 symlinks for RPi Zero W and 3 +# Set 2 symlinks for RPi Zero W and 3 (43430) -- name: Populate rpizerow_rpi3_wifi_firmwares dictionary (lookup table for 43430 .bin and .clm_blob files in /lib/firmware/brcm) +- name: Populate rpizerow_rpi3_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/brcm) set_fact: rpizerow_rpi3_wifi_firmwares: os: @@ -48,14 +48,14 @@ - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 -- name: Symlink brcmfmac43430-sdio.bin.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") +- name: Symlink /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") file: src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }}" path: /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab state: link force: yes -- name: Symlink brcmfmac43430-sdio.clm_blob.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") +- name: Symlink /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") file: src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }}" path: /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index a199f2630..3543c5993 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -1,14 +1,17 @@ -# Please set 'wifi_hotspot_capacity_rpi_fix: True' in /etc/iiab/local_vars.yml -# to restore support for 30-32 WiFi client devices on most Raspberry Pis that -# have internal WiFi. This installs firmware 7.45.98.65 for Zero W and RPi 3 -# and firmware 7.45.18.0 for RPi 3 B+ and RPi 4. Capacity testing writeup: -# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# Please set 'rpi3bplus_rpi4_wifi_firmware' and 'rpizerow_rpi3_wifi_firmware' in +# /etc/iiab/local_vars.yml to increase (or modify) the number of student WiFi +# client devices that can access your Raspberry Pi's internal WiFi hotspot. + +# If IIAB's already installed, you should then run 'cd /opt/iiab/iiab' +# followed by 'sudo ./runrole firmware' + +# Background: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - name: Install firmware (for RPi internal WiFi) include_tasks: install.yml #when: firmware_installed is undefined -# Two variable are placed in /etc/iiab/iiab_state.yml: +# Two variables are placed in /etc/iiab/iiab_state.yml: # # - firmware_downloaded (set in download.yml) is used in install.yml # diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index 024a074b7..6b798ccf1 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -1,6 +1,5 @@ #!/bin/bash -WARN=false DATE=$(date +%F-%T) # 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml @@ -10,53 +9,36 @@ DATE=$(date +%F-%T) # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN -if grep -q '^wifi_hotspot_capacity_rpi_fix:\s\+[fF]alse\b' /etc/iiab/local_vars.yml ; then - echo "'wifi_hotspot_capacity_rpi_fix: False' found in /etc/iiab/local_vars.yml" - echo "...so WiFi firmware will NOT be checked or replaced." - exit 0 -fi +if ! grep -q '^rpi3bplus_rpi4_wifi_firmware:\s\+os\b' /etc/iiab/local_vars.yml ; then + if ! cmp -s /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin ; then + mv /lib/firmware/brcm/brcmfmac43455-sdio.bin /lib/firmware/brcm/brcmfmac43455-sdio.bin.$DATE + ln -sf brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin + echo "Replaced /lib/firmware/brcm/brcmfmac43455-sdio.bin" + touch /tmp/.fw_replaced + fi -echo -e "'wifi_hotspot_capacity_rpi_fix: True' presumed..." -echo -e "...in /etc/iiab/local_vars.yml (or /opt/iiab/iiab/vars/default_vars.yml ?)\n" - -if ! cmp -s /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin ; then - mv /lib/firmware/brcm/brcmfmac43455-sdio.bin /lib/firmware/brcm/brcmfmac43455-sdio.bin.$DATE - ln -sf brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin - echo "Replaced /lib/firmware/brcm/brcmfmac43455-sdio.bin" - WARN=true -fi - -if ! cmp -s /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob ; then - mv /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.$DATE - ln -sf brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob - echo "Replaced /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob" - WARN=true -fi - -if ! cmp -s /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin ; then - mv /lib/firmware/brcm/brcmfmac43430-sdio.bin /lib/firmware/brcm/brcmfmac43430-sdio.bin.$DATE - ln -sf brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin - echo "Replaced /lib/firmware/brcm/brcmfmac43430-sdio.bin" - WARN=true -fi - -if ! cmp -s /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob ; then - mv /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.$DATE - ln -sf brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob - echo "Replaced /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob" - WARN=true -fi - -if $($WARN); then - echo -e "\n \e[41;1mWiFi Firmware has been replaced, per iiab/iiab#823.\e[0m" - echo -e " \e[41;1mReboot is required to activate.\e[0m\n" - touch /.fw_replaced - #echo "rebooting..." - #reboot -else - echo -e " WiFi Firmware check \e[42;1mPASSED\e[0m, per iiab/iiab#823." # Or \e[92m for green on black - echo -e " (Assuming you've rebooted since it was replaced!)\n" - if [ -f /.fw_replaced ]; then - rm /.fw_replaced + if ! cmp -s /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob ; then + mv /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.$DATE + ln -sf brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob + echo "Replaced /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob" + touch /tmp/.fw_replaced fi fi + +if ! grep -q '^rpizerow_rpi3_wifi_firmware:\s\+os\b' /etc/iiab/local_vars.yml ; then + if ! cmp -s /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin ; then + mv /lib/firmware/brcm/brcmfmac43430-sdio.bin /lib/firmware/brcm/brcmfmac43430-sdio.bin.$DATE + ln -sf brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin + echo "Replaced /lib/firmware/brcm/brcmfmac43430-sdio.bin" + touch /tmp/.fw_replaced + fi + + if ! cmp -s /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob ; then + mv /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.$DATE + ln -sf brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob + echo "Replaced /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob" + touch /tmp/.fw_replaced + fi +fi + +bash < /etc/profile.d/iiab-firmware-warn.sh diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index 55120ffbd..4d4d1c965 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -1,12 +1,9 @@ #!/bin/bash -if [ -f /.fw_replaced ]; then - echo -e "\n \e[41;1mWiFi Firmware has been replaced, per iiab/iiab#823.\e[0m" - if grep -q '^wifi_hotspot_capacity_rpi_fix:\s\+[fF]alse\b' /etc/iiab/local_vars.yml ; then - echo -e " \e[100;1mIf you want these warnings to stop, run:\e[0m" - echo - echo -e " \e[100;1msudo rm /.fw_replaced\e[0m\n" - else - echo -e " \e[41;1mReboot is required to activate.\e[0m\n" - fi +if [ -f /tmp/.fw_replaced ]; then + echo -e "\n\e[41;1mWiFi Firmware has been replaced, per iiab/iiab#823.\e[0m" + echo -e "\e[41;1mReboot is required to activate.\e[0m" + echo + echo -e "\e[100;1mIf you want these warnings to stop, run:\e[0m" + echo -e "\e[100;1msudo rm /tmp/.fw_replaced\e[0m\n" fi From abeb97794fddc55a8b018dd14807e52dd0c4aa22 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 7 Jan 2022 05:29:54 -0500 Subject: [PATCH 0017/1758] Ansible indentation norm across 7-8 roles --- roles/calibre/tasks/main.yml | 24 ++++----- roles/kalite/tasks/main.yml | 24 ++++----- roles/kiwix/tasks/main.yml | 40 +++++++-------- roles/network/tasks/computed_network.yml | 28 +++++------ roles/network/tasks/detected_network.yml | 64 ++++++++++++------------ roles/openvpn/tasks/main.yml | 36 ++++++------- roles/remoteit/tasks/main.yml | 16 +++--- roles/sshd/tasks/main.yml | 20 ++++---- 8 files changed, 126 insertions(+), 126 deletions(-) diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index 2c05b42de..bedb960de 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -69,15 +69,15 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: name - value: Calibre - - option: description - value: '"Calibre is an extremely popular personal library system for e-books."' - - option: calibre_src_url - value: "{{ calibre_src_url }}" - - option: calibre_dbpath - value: "{{ calibre_dbpath }}" - - option: calibre_port - value: "{{ calibre_port }}" - - option: calibre_enabled - value: "{{ calibre_enabled }}" + - option: name + value: Calibre + - option: description + value: '"Calibre is an extremely popular personal library system for e-books."' + - option: calibre_src_url + value: "{{ calibre_src_url }}" + - option: calibre_dbpath + value: "{{ calibre_dbpath }}" + - option: calibre_port + value: "{{ calibre_port }}" + - option: calibre_enabled + value: "{{ calibre_enabled }}" diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 817895f07..35bea770c 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -47,15 +47,15 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: name - value: "KA Lite" - - option: description - value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' - - option: kalite_install - value: "{{ kalite_install }}" - - option: kalite_enabled - value: "{{ kalite_enabled }}" - - option: path - value: "{{ kalite_root }}" - - option: port - value: "{{ kalite_server_port }}" + - option: name + value: "KA Lite" + - option: description + value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' + - option: kalite_install + value: "{{ kalite_install }}" + - option: kalite_enabled + value: "{{ kalite_enabled }}" + - option: path + value: "{{ kalite_root }}" + - option: port + value: "{{ kalite_server_port }}" diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 742e698d9..045707f37 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -34,23 +34,23 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: name - value: Kiwix - - option: description - value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' - - option: kiwix_install - value: "{{ kiwix_install }}" - - option: kiwix_enabled - value: "{{ kiwix_enabled }}" - - option: kiwix_url - value: "{{ kiwix_url }}" - - option: kiwix_url_plus_slash - value: "{{ kiwix_url_plus_slash }}" - - option: kiwix_path - value: "{{ kiwix_path }}" - - option: kiwix_port - value: "{{ kiwix_port }}" - - option: iiab_zim_path - value: "{{ iiab_zim_path }}" - - option: kiwix_library_xml - value: "{{ kiwix_library_xml }}" + - option: name + value: Kiwix + - option: description + value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' + - option: kiwix_install + value: "{{ kiwix_install }}" + - option: kiwix_enabled + value: "{{ kiwix_enabled }}" + - option: kiwix_url + value: "{{ kiwix_url }}" + - option: kiwix_url_plus_slash + value: "{{ kiwix_url_plus_slash }}" + - option: kiwix_path + value: "{{ kiwix_path }}" + - option: kiwix_port + value: "{{ kiwix_port }}" + - option: iiab_zim_path + value: "{{ iiab_zim_path }}" + - option: kiwix_library_xml + value: "{{ kiwix_library_xml }}" diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 730274380..efe764642 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -158,17 +158,17 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: iiab_wan_enabled - value: "{{ iiab_wan_enabled }}" - - option: user_wan_iface - value: "{{ user_wan_iface }}" - - option: iiab_wan_iface - value: "{{ iiab_wan_iface }}" - - option: iiab_lan_enabled - value: "{{ iiab_lan_enabled }}" - - option: user_lan_iface - value: "{{ user_lan_iface }}" - - option: iiab_lan_iface - value: "{{ iiab_lan_iface }}" - - option: iiab_network_mode - value: "{{ iiab_network_mode }}" + - option: iiab_wan_enabled + value: "{{ iiab_wan_enabled }}" + - option: user_wan_iface + value: "{{ user_wan_iface }}" + - option: iiab_wan_iface + value: "{{ iiab_wan_iface }}" + - option: iiab_lan_enabled + value: "{{ iiab_lan_enabled }}" + - option: user_lan_iface + value: "{{ user_lan_iface }}" + - option: iiab_lan_iface + value: "{{ iiab_lan_iface }}" + - option: iiab_network_mode + value: "{{ iiab_network_mode }}" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index fec38c805..bc37a341b 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -228,38 +228,38 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: has_ifcfg_gw - value: "{{ has_ifcfg_gw }}" - - option: prior_gateway_device - value: "{{ prior_gw_device }}" - - option: dhcpcd_result - value: "{{ dhcpcd_result }}" - - option: network_manager_active - value: "{{ network_manager_active }}" - - option: systemd_networkd_active - value: "{{ systemd_networkd_active }}" - - option: wan_in_interfaces - value: "{{ wan_in_interfaces }}" - - option: wireless_list_1(wifi1) - value: "{{ wifi1 }}" - - option: wireless_list_2(wifi2) - value: "{{ wifi2 }}" - - option: num_wifi_interfaces - value: "{{ num_wifi_interfaces }}" - - option: discovered_wireless_iface - value: "{{ discovered_wireless_iface }}" - - option: discovered_wired_iface - value: "{{ discovered_wired_iface }}" - - option: 'exclude_devices' - value: "{{ exclude_devices }}" - - option: num_lan_interfaces - value: "{{ num_lan_interfaces }}" - - option: gui_static_wan - value: "{{ gui_static_wan }}" - - option: iiab_lan_iface - value: "{{ iiab_lan_iface }}" - - option: iiab_wan_iface - value: "{{ iiab_wan_iface }}" + - option: has_ifcfg_gw + value: "{{ has_ifcfg_gw }}" + - option: prior_gateway_device + value: "{{ prior_gw_device }}" + - option: dhcpcd_result + value: "{{ dhcpcd_result }}" + - option: network_manager_active + value: "{{ network_manager_active }}" + - option: systemd_networkd_active + value: "{{ systemd_networkd_active }}" + - option: wan_in_interfaces + value: "{{ wan_in_interfaces }}" + - option: wireless_list_1(wifi1) + value: "{{ wifi1 }}" + - option: wireless_list_2(wifi2) + value: "{{ wifi2 }}" + - option: num_wifi_interfaces + value: "{{ num_wifi_interfaces }}" + - option: discovered_wireless_iface + value: "{{ discovered_wireless_iface }}" + - option: discovered_wired_iface + value: "{{ discovered_wired_iface }}" + - option: 'exclude_devices' + value: "{{ exclude_devices }}" + - option: num_lan_interfaces + value: "{{ num_lan_interfaces }}" + - option: gui_static_wan + value: "{{ gui_static_wan }}" + - option: iiab_lan_iface + value: "{{ iiab_lan_iface }}" + - option: iiab_wan_iface + value: "{{ iiab_wan_iface }}" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 8c8577767..6e71e6374 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -56,21 +56,21 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: name - value: OpenVPN - - option: description - value: '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."' - - option: openvpn_install - value: "{{ openvpn_install }}" - - option: openvpn_enabled - value: "{{ openvpn_enabled }}" - - option: openvpn_handle - value: "{{ openvpn_handle }}" - - option: openvpn_cron_enabled - value: "{{ openvpn_cron_enabled }}" - - option: openvpn_server - value: "{{ openvpn_server }}" - - option: openvpn_server_virtual_ip - value: "{{ openvpn_server_virtual_ip }}" - - option: openvpn_server_port - value: "{{ openvpn_server_port }}" + - option: name + value: OpenVPN + - option: description + value: '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."' + - option: openvpn_install + value: "{{ openvpn_install }}" + - option: openvpn_enabled + value: "{{ openvpn_enabled }}" + - option: openvpn_handle + value: "{{ openvpn_handle }}" + - option: openvpn_cron_enabled + value: "{{ openvpn_cron_enabled }}" + - option: openvpn_server + value: "{{ openvpn_server }}" + - option: openvpn_server_virtual_ip + value: "{{ openvpn_server_virtual_ip }}" + - option: openvpn_server_port + value: "{{ openvpn_server_port }}" diff --git a/roles/remoteit/tasks/main.yml b/roles/remoteit/tasks/main.yml index bc5be64a2..c66cd921a 100644 --- a/roles/remoteit/tasks/main.yml +++ b/roles/remoteit/tasks/main.yml @@ -26,11 +26,11 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: name - value: remote.it - - option: description - value: '"https://remote.it can help you remotely maintain an IIAB. Some benefits include: crossing multiple NATs/firewalls using a single TCP port, without requiring router port forwarding, and reducing your network''s vulnerability."' - - option: remoteit_install - value: "{{ remoteit_install }}" - - option: remoteit_enabled - value: "{{ remoteit_enabled }}" + - option: name + value: remote.it + - option: description + value: '"https://remote.it can help you remotely maintain an IIAB. Some benefits include: crossing multiple NATs/firewalls using a single TCP port, without requiring router port forwarding, and reducing your network''s vulnerability."' + - option: remoteit_install + value: "{{ remoteit_install }}" + - option: remoteit_enabled + value: "{{ remoteit_enabled }}" diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index dccb4cd10..d6104353f 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -34,13 +34,13 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: name - value: sshd - - option: description - value: '"Secure Shell daemon (typically implemented by openssh-server) for remote login using the ''ssh'' low-level protocol."' - - option: sshd_install - value: "{{ sshd_install }}" - - option: sshd_enabled - value: "{{ sshd_enabled }}" - - option: sshd_port - value: "{{ sshd_port }}" + - option: name + value: sshd + - option: description + value: '"Secure Shell daemon (typically implemented by openssh-server) for remote login using the ''ssh'' low-level protocol."' + - option: sshd_install + value: "{{ sshd_install }}" + - option: sshd_enabled + value: "{{ sshd_enabled }}" + - option: sshd_port + value: "{{ sshd_port }}" From fbe585d75bf1e107537595f0923197ee9f27e309 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 7 Jan 2022 20:13:10 -0500 Subject: [PATCH 0018/1758] roles/firmware: code + UI cleanup (7.45.98.65 needs testing on RPi 3/W) --- roles/firmware/templates/iiab-check-firmware | 70 +++++++++++-------- .../firmware/templates/iiab-firmware-warn.sh | 10 +-- .../templates/gateway/iiab-gen-iptables | 2 +- roles/openvpn/templates/iiab-support | 2 +- vars/local_vars_large.yml | 6 +- vars/local_vars_medium.yml | 6 +- vars/local_vars_small.yml | 6 +- vars/local_vars_unittest.yml | 6 +- 8 files changed, 59 insertions(+), 49 deletions(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index 6b798ccf1..66451b05c 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -1,44 +1,54 @@ #!/bin/bash -DATE=$(date +%F-%T) - # 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab -# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L13 +# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN -if ! grep -q '^rpi3bplus_rpi4_wifi_firmware:\s\+os\b' /etc/iiab/local_vars.yml ; then - if ! cmp -s /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin ; then - mv /lib/firmware/brcm/brcmfmac43455-sdio.bin /lib/firmware/brcm/brcmfmac43455-sdio.bin.$DATE - ln -sf brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin - echo "Replaced /lib/firmware/brcm/brcmfmac43455-sdio.bin" - touch /tmp/.fw_replaced - fi +iiab_var_value() { + v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") + v2=$(grep "^$1:\s" /etc/iiab/local_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") + [ "$v2" != "" ] && echo $v2 || echo $v1 # [ "$v2" ] ALSO WORKS +} - if ! cmp -s /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob ; then - mv /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.$DATE - ln -sf brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob - echo "Replaced /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob" - touch /tmp/.fw_replaced +link_fw() { + if [[ $(readlink /lib/firmware/brcm/$1) != $1.iiab ]] ; then + echo + mv /lib/firmware/brcm/$1 /lib/firmware/brcm/$1.$(date +%F-%T) + ln -s $1.iiab /lib/firmware/brcm/$1 + echo -e "\e[1mSymlinked /lib/firmware/brcm/$1 -> $1.iiab\e[0m" + touch /tmp/.fw_modified fi +} + +if [[ $(iiab_var_value rpi3bplus_rpi4_wifi_firmware) != "os" ]] ; then + link_fw brcmfmac43455-sdio.bin + link_fw brcmfmac43455-sdio.clm_blob fi -if ! grep -q '^rpizerow_rpi3_wifi_firmware:\s\+os\b' /etc/iiab/local_vars.yml ; then - if ! cmp -s /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin ; then - mv /lib/firmware/brcm/brcmfmac43430-sdio.bin /lib/firmware/brcm/brcmfmac43430-sdio.bin.$DATE - ln -sf brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin - echo "Replaced /lib/firmware/brcm/brcmfmac43430-sdio.bin" - touch /tmp/.fw_replaced - fi - - if ! cmp -s /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob ; then - mv /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.$DATE - ln -sf brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob - echo "Replaced /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob" - touch /tmp/.fw_replaced - fi +if [[ $(iiab_var_value rpizerow_rpi3_wifi_firmware) != "os" ]] ; then + link_fw brcmfmac43430-sdio.bin + link_fw brcmfmac43430-sdio.clm_blob fi -bash < /etc/profile.d/iiab-firmware-warn.sh +if [ -f /tmp/.fw_modified ]; then + bash /etc/profile.d/iiab-firmware-warn.sh +else + echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/brcm appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" + echo + echo -e "\e[100;1m(No reboot appears necessary!)\e[0m" + echo + echo -e "NOTE: If you change rpi3bplus_rpi4_wifi_firmware or rpizerow_rpi3_wifi_firmware" + echo -e "settings in /etc/iiab/local_vars.yml, please then run:" + echo + echo -e " cd /opt/iiab/iiab" + echo -e " sudo ./iiab-network" + echo -e " sudo poweroff\n" + #echo + #echo -e "Disconnect your power cord before rebooting, for better WiFi firmware results.\n" +fi + +# \e[1m = bright white \e[100;1m = bright white, on gray \n\e[41;1m = bright white, on red +# \e[42;1m = bright white, on bright green \e[92m = green on black diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index 4d4d1c965..cbd0a77c9 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -1,9 +1,9 @@ #!/bin/bash -if [ -f /tmp/.fw_replaced ]; then - echo -e "\n\e[41;1mWiFi Firmware has been replaced, per iiab/iiab#823.\e[0m" - echo -e "\e[41;1mReboot is required to activate.\e[0m" +if [ -f /tmp/.fw_modified ]; then + echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" echo - echo -e "\e[100;1mIf you want these warnings to stop, run:\e[0m" - echo -e "\e[100;1msudo rm /tmp/.fw_replaced\e[0m\n" + echo -e "If you want these warnings to stop, run: sudo rm /tmp/.fw_modified\n" fi + +# \e[1m = bright white \e[100;1m = bright white, on gray \n\e[41;1m = bright white, on red diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 60f44774a..79a112b55 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -36,7 +36,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables # 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab -# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L13 +# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 352ad1677..4ba4d70a3 100755 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -12,7 +12,7 @@ INVENTORY="ansible_hosts" # 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab -# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L13 +# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index cb86a0f81..51dc1cd25 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -74,10 +74,10 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 # # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the -# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 -rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +#rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index dfbfcfc2e..74f0b3173 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -74,10 +74,10 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 # # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the -# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 -rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +#rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 79ac39b94..ae61b85a8 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -74,10 +74,10 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 # # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the -# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 -rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +#rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index b54d575f1..4e641311e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -74,10 +74,10 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 # # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the -# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 -rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +#rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). From 4ce556803a6e5a07598e5510a0a9a44208a9b51d Mon Sep 17 00:00:00 2001 From: root Date: Fri, 7 Jan 2022 20:51:45 -0500 Subject: [PATCH 0019/1758] TBD: Default RPi 3/W to ~10 connections (7.45.98.118) instead of 30 (7.45.98.65) ? --- vars/default_vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index db9fb8659..1ec6b81c9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -128,10 +128,10 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 # # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the -# internal WiFi hotspot. Or you can increase this to 30 student WiFi devices: +# internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -#rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 -rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +#rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). From 029e169be0a5b5627cc8fb9adc6e1582b16a619b Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 7 Jan 2022 21:14:22 -0500 Subject: [PATCH 0020/1758] firmware/tasks/download.yml: Touchup clarifs --- roles/firmware/tasks/download.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 83a3438eb..e5af22961 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -1,4 +1,4 @@ -- name: Back up 4 OS-provided firmware files to .orig (for RPi internal WiFi) +- name: Back up 4 OS-provided WiFi firmware files (or symlinks) to /lib/firmware/brcm/*.orig copy: src: /lib/firmware/brcm/{{ item }} dest: /lib/firmware/brcm/{{ item }}.orig @@ -9,7 +9,7 @@ - brcmfmac43455-sdio.clm_blob ignore_errors: yes -- name: Download high-capacity firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202) +- name: Download higher-capacity firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: url: "{{ item }}" dest: /lib/firmware/brcm/ From 6c31a2a4a5478370b894b48163e9b39c03e136f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 7 Jan 2022 21:42:07 -0500 Subject: [PATCH 0021/1758] firmware/tasks/download.yml: Clarify firmware origins --- roles/firmware/tasks/download.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index e5af22961..6b5f83f8b 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -16,11 +16,11 @@ timeout: "{{ download_timeout }}" with_items: - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 + - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 + - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi - - http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 + - http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 From 4cb5a30317175fa1dcec8099c6a920dc4eed09ea Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 7 Jan 2022 21:57:54 -0500 Subject: [PATCH 0022/1758] /usr/bin/iiab-check-firmware: Instructions (WIP!) --- roles/firmware/templates/iiab-check-firmware | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index 66451b05c..9e66b6462 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -43,9 +43,11 @@ else echo -e "NOTE: If you change rpi3bplus_rpi4_wifi_firmware or rpizerow_rpi3_wifi_firmware" echo -e "settings in /etc/iiab/local_vars.yml, please then run:" echo - echo -e " cd /opt/iiab/iiab" - echo -e " sudo ./iiab-network" - echo -e " sudo poweroff\n" + echo -e " cd /opt/iiab/iiab" + echo -e " sudo iiab-hotspot-off # Sometimes nec, eg to restore 'wifi_up_down: True'" + echo -e " sudo ./iiab-network # Or, 'sudo ./runrole firmware' is SOMETIMES enough" + echo -e " sudo iiab-hotspot-on # Sometimes nec, eg to restore 'wifi_up_down: True'" + echo -e " sudo poweroff\n" #echo #echo -e "Disconnect your power cord before rebooting, for better WiFi firmware results.\n" fi From 8b07f87f3d53e1ac5415f93f97ca667a084fa0fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 7 Jan 2022 22:15:06 -0500 Subject: [PATCH 0023/1758] firmware/tasks/main.yml: Context + clarifs --- roles/firmware/tasks/main.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index 3543c5993..34b69a399 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -1,11 +1,16 @@ -# Please set 'rpi3bplus_rpi4_wifi_firmware' and 'rpizerow_rpi3_wifi_firmware' in +# Plz set 'rpi3bplus_rpi4_wifi_firmware' and 'rpizerow_rpi3_wifi_firmware' in # /etc/iiab/local_vars.yml to increase (or modify) the number of student WiFi # client devices that can access your Raspberry Pi's internal WiFi hotspot. -# If IIAB's already installed, you should then run 'cd /opt/iiab/iiab' -# followed by 'sudo ./runrole firmware' +# If IIAB's already installed, you should then run 'cd /opt/iiab/iiab' and +# then 'sudo ./runrole firmware' (do run iiab-check-firmware for more tips!) -# Background: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# BACKGROUND AS OF 2022-01-07: +# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# https://github.com/iiab/iiab/issues/2853 +# https://github.com/RPi-Distro/firmware-nonfree/tree/bullseye/debian/config/brcm80211 (brcm, cypress) +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 - name: Install firmware (for RPi internal WiFi) include_tasks: install.yml From 9ec670b42f9c5e56af17f8fa7888a497d71602ed Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 8 Jan 2022 23:40:05 -0500 Subject: [PATCH 0024/1758] firmware/tasks/main.yml: Mention USB 3.0 collision w/ 2.4 GHz WiFi --- roles/firmware/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index 34b69a399..ab0740aae 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -12,6 +12,9 @@ # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 +# RISK: What USB 3.0 stick/drive patterns degrade a Raspberry Pi's 2.4GHz WiFi? +# https://github.com/iiab/iiab/issues/2638 + - name: Install firmware (for RPi internal WiFi) include_tasks: install.yml #when: firmware_installed is undefined From 14e249e4528c66c474b0cc6ad540a3002abe3c6c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Jan 2022 21:07:43 -0500 Subject: [PATCH 0025/1758] scripts/iiab-diagnostics: List *43430* and *43455* in /lib/firmware/brcm --- scripts/iiab-diagnostics | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 1368a58a8..72d549a0c 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -183,6 +183,8 @@ cat_dir /etc/NetworkManager/system-connections cat_dir /etc/netplan # Redacts most passwords above #cat_dir /etc/sysconfig/network-scripts/if-cfg* # No longer common #cat_dir /etc/network # Above file /etc/network/interfaces suffices +cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' echo -e "\n 4. Output of Commands:\n" echo -e "\n\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile From a85ce3c4945537d7735edd91ed8f355bbdc75ba0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Jan 2022 21:08:22 -0500 Subject: [PATCH 0026/1758] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 837418609..21c103426 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 110-231 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 110-233 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From dd2bf3838f1c99b729893ebeb1958642fe2f3fde Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 10 Jan 2022 09:49:44 -0500 Subject: [PATCH 0027/1758] firmware/templates/iiab-firmware-warn.sh: Clarify /tmp/.fw_modified warning --- roles/firmware/templates/iiab-firmware-warn.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index cbd0a77c9..03e98ba2e 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -3,7 +3,7 @@ if [ -f /tmp/.fw_modified ]; then echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" echo - echo -e "If you want these warnings to stop, run: sudo rm /tmp/.fw_modified\n" + echo -e "If you want this warning to stop, run: sudo rm /tmp/.fw_modified\n" fi # \e[1m = bright white \e[100;1m = bright white, on gray \n\e[41;1m = bright white, on red From 3059572fa92a8de0fa248172131b688da2b8e75e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 10 Jan 2022 14:55:20 -0500 Subject: [PATCH 0028/1758] firmware/tasks/main.yml: Explain context @ #2853 & #3103 --- roles/firmware/tasks/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index ab0740aae..edbd27da2 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -5,9 +5,10 @@ # If IIAB's already installed, you should then run 'cd /opt/iiab/iiab' and # then 'sudo ./runrole firmware' (do run iiab-check-firmware for more tips!) -# BACKGROUND AS OF 2022-01-07: +# BACKGROUND AS OF 2022-01-10: # https://github.com/iiab/iiab/issues/823#issuecomment-662285202 -# https://github.com/iiab/iiab/issues/2853 +# https://github.com/iiab/iiab/issues/2853#issuecomment-957836892 +# https://github.com/iiab/iiab/pull/3103 # https://github.com/RPi-Distro/firmware-nonfree/tree/bullseye/debian/config/brcm80211 (brcm, cypress) # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 From 59066d05a788d33adf6f8b580970c53b3be83710 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 12:46:12 -0500 Subject: [PATCH 0029/1758] default_vars.yml: apache_allow_sudo: False --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1ec6b81c9..20f76f514 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -324,8 +324,8 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this False to disable http://box/common/services/power_off.php button: -apache_allow_sudo: True +# Make this True to enable http://box/common/services/power_off.php button: +apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False From 455c9140fc947df6b1ae4603baeba6e5e94842b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 12:48:49 -0500 Subject: [PATCH 0030/1758] local_vars_unittest.yml: apache_allow_sudo: False --- vars/local_vars_unittest.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 4e641311e..87e24f1a0 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -204,8 +204,8 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this False to disable http://box/common/services/power_off.php button: -apache_allow_sudo: True +# Make this True to enable http://box/common/services/power_off.php button: +apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False From 68b1bc3cf1273532aa190f903ea7ee487da83449 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 12:53:33 -0500 Subject: [PATCH 0031/1758] local_vars_small.yml: apache_allow_sudo: False --- vars/local_vars_small.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index ae61b85a8..5cae9f110 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -204,8 +204,8 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this False to disable http://box/common/services/power_off.php button: -apache_allow_sudo: True +# Make this True to enable http://box/common/services/power_off.php button: +apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False From 09b218799553936a459cfadfa5f2bded493df624 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 12:53:40 -0500 Subject: [PATCH 0032/1758] local_vars_medium.yml: apache_allow_sudo: False --- vars/local_vars_medium.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 74f0b3173..a06f30562 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -204,8 +204,8 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this False to disable http://box/common/services/power_off.php button: -apache_allow_sudo: True +# Make this True to enable http://box/common/services/power_off.php button: +apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False From 57a615d090b58a914bf7f623b5cb35a7ea5635fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 12:53:47 -0500 Subject: [PATCH 0033/1758] local_vars_large.yml: apache_allow_sudo: False --- vars/local_vars_large.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 51dc1cd25..e7f994d9b 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -204,8 +204,8 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this False to disable http://box/common/services/power_off.php button: -apache_allow_sudo: True +# Make this True to enable http://box/common/services/power_off.php button: +apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False From e366901fa6584fb187b6af7007fbe436f2e9e428 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 12:53:56 -0500 Subject: [PATCH 0034/1758] local_vars_medical.yml: apache_allow_sudo: True --- vars/local_vars_medical.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index cd1dd354b..f97113d63 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -14,6 +14,7 @@ vnstat_install: True vnstat_enabled: True openvpn_handle: "MEDICAL - Put Your Name Here" usb_lib_umask0000_for_kolibri: False +apache_allow_sudo: True # By default # kiwix # awstats From b2907700cab892d499f6dde6a9cb101ef5728679 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 17:21:52 -0500 Subject: [PATCH 0035/1758] default_vars.yml: Update power_off.php URL --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 20f76f514..82167d933 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -324,7 +324,7 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this True to enable http://box/common/services/power_off.php button: +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) From 34cf89e3a8f05f18c45f0f269a5fa1849a4925cf Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 17:22:03 -0500 Subject: [PATCH 0036/1758] local_vars_unittest.yml: Update power_off.php URL --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 87e24f1a0..57430e3f4 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -204,7 +204,7 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this True to enable http://box/common/services/power_off.php button: +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) From 44ef068221425c5c3875607eef663178bee57472 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 17:22:11 -0500 Subject: [PATCH 0037/1758] local_vars_small.yml: Update power_off.php URL --- vars/local_vars_small.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 5cae9f110..20f6748cc 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -204,7 +204,7 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this True to enable http://box/common/services/power_off.php button: +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) From c2b15628b0e7af16a04254316bd51eadd6c9cfb4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 17:22:20 -0500 Subject: [PATCH 0038/1758] local_vars_medium.yml: Update power_off.php URL --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a06f30562..713d0a135 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -204,7 +204,7 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this True to enable http://box/common/services/power_off.php button: +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) From 861b9b1b61cb7da517fc072136081f5ffbbc5398 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jan 2022 17:22:26 -0500 Subject: [PATCH 0039/1758] local_vars_large.yml: Update power_off.php URL --- vars/local_vars_large.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index e7f994d9b..c37efd2bf 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -204,7 +204,7 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this True to enable http://box/common/services/power_off.php button: +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) From bae34eefdf559d23e41e5855b1eddf3d7a547e99 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 20 Jan 2022 09:57:44 -0500 Subject: [PATCH 0040/1758] kiwix/defaults/main.yml: Try kiwix-tools 3.2.0 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index e34745120..5743a221e 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-2022-01-04 -kiwix_version_linux64: kiwix-tools_linux-x86_64-2022-01-04 -kiwix_version_i686: kiwix-tools_linux-i586-2022-01-04 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0 +kiwix_version_i686: kiwix-tools_linux-i586-3.2.0 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From ba0edce6bfbd330cb0194e7b661cebdfb16b99db Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Jan 2022 08:25:01 -0500 Subject: [PATCH 0041/1758] phpmyadmin/defaults/main.yml: 5.1.1 -> 5.1.2 --- roles/phpmyadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index f9977c71e..c2c86d150 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.1.1 +phpmyadmin_version: 5.1.2 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" From 0b4892b9152f7e24404c1ae84954351488a74c95 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 30 Jan 2022 18:38:26 -0500 Subject: [PATCH 0042/1758] gitea/defaults/main.yml: gitea_version: 1.16 --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 20164beb2..d438312de 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.15 # 2021-03-07: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. +gitea_version: 1.16 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. iset_suffixes: i386: 386 x86_64: amd64 From 954f57ab5492395f1d5df5dccf69f602cf8b436a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Feb 2022 09:55:19 -0500 Subject: [PATCH 0043/1758] Recommend ansible-core 2.12.2 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 82f9bbde4..6f33f449e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.12.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.12.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 27757f283fd727e02dcd3781b202ffaa68eeaca3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Feb 2022 22:54:19 -0500 Subject: [PATCH 0044/1758] default_vars.yml: iiab_base_ver: 8.0 (PRE-)release --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 82167d933..e6c50c8d7 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 7.2 +iiab_base_ver: 8.0 iiab_revision: 0 iiab_etc_path: /etc/iiab From 6e421888b9f9bf4c84b561d8bccd1d48b12e6881 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 3 Feb 2022 08:50:44 -0500 Subject: [PATCH 0045/1758] kiwix/defaults/main.yml: Try kiwix-tools 3.2.0-1 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 5743a221e..92b52eb1b 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0 -kiwix_version_i686: kiwix-tools_linux-i586-3.2.0 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-1 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-1 +kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-1 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From 10e67cceb3eca80c6a3b4ec7772d82cf5b50b8d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 3 Feb 2022 11:17:09 -0500 Subject: [PATCH 0046/1758] remoteit/defaults/main.yml: 4.13.6 -> 4.13.7 --- roles/remoteit/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index 09e3a9de9..4b4b95439 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -6,7 +6,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -remoteit_version: 4.13.6 +# This should (generally) be the latest from https://remote.it/download/ +remoteit_version: 4.13.7 # See https://docs.remote.it/device-package/installation to refine URL below: device_suffixes: From e7d292af253a2071767978fdb2637b4f466c65b3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 3 Feb 2022 11:35:14 -0500 Subject: [PATCH 0047/1758] remoteit/defaults/main.yml: Clarify 4 available .deb "Device Packages" --- roles/remoteit/defaults/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index 4b4b95439..3017ecb2f 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -6,7 +6,12 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# This should (generally) be the latest from https://remote.it/download/ +# This should (generally) be the latest from https://remote.it/download/ -- as +# of Feb 2022 there are 4 such "Device Package" .deb files that may be useful: +# - Debian Linux (ARM64) +# - Debian Linux (x86_64) +# - Pi OS (ARM) +# - Pi OS (ARM64) remoteit_version: 4.13.7 # See https://docs.remote.it/device-package/installation to refine URL below: From ad9b21f039b4eb1a81b8580ecefd07fce7768949 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Fri, 4 Feb 2022 05:37:38 +0000 Subject: [PATCH 0048/1758] point to timmoody for catalog and use ghunt test branch --- roles/osm-vector-maps/defaults/main.yml | 13 ++++++++----- roles/osm-vector-maps/tasks/install.yml | 18 +++++++++--------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 5c8f219ba..ae4f6121c 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -8,12 +8,15 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # The following soft coded variables allow testing, before pulling PR's into master -osm_repo_url: https://raw.githubusercontent.com/iiab/maps -#osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps -maps_branch: 'master' # Quotes not required -#maps_branch: '7.2-maps' +# osm_repo_url: https://raw.githubusercontent.com/iiab/maps +osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps +#maps_branch: 'master' # Quotes not required +maps_branch: 'jupyter' # soft code sources archive_org_url: https://archive.org/download -map_catalog_url: http://download.iiab.io/content/OSM/vector-tiles +#map_catalog_url: http://download.iiab.io/content/OSM/vector-tiles +map_catalog_url: http://timmoody.com/iiab-files/maps satellite_version: satellite_z0-z9_v3.mbtiles # 2021-12-20: Var unused, but hard-coded in 11 places within https://github.com/iiab/iiab-admin-console -- #3077 discusses map-catalog.json & adm-map-catalog.json +installer_planet: planet_z0-z6_2020.mbtiles +installer_satellite: satellite_z0-z6_v3.mbtiles diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index c57a07700..3bb9e5176 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -85,27 +85,27 @@ - searchapi.php - tileserver.php -- name: Download 34MB {{ map_catalog_url }}/planet_z0-z6_2019.mbtiles to {{ vector_map_path }}/installer/ -- for map installer +- name: Download 34MB {{ map_catalog_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer get_url: - url: "{{ map_catalog_url }}/planet_z0-z6_2019.mbtiles" + url: "{{ map_catalog_url }}/{{ installer_planet }}" dest: "{{ vector_map_path }}/installer/" timeout: "{{ download_timeout }}" -- name: Symlink {{ vector_map_path }}/installer/detail.mbtiles -> {{ vector_map_path }}/installer/planet_z0-z6_2019.mbtiles +- name: Symlink {{ vector_map_path }}/installer/detail.mbtiles -> {{ vector_map_path }}/installer/{{ installer_planet }} file: - src: "{{ vector_map_path }}/installer/planet_z0-z6_2019.mbtiles" + src: "{{ vector_map_path }}/installer/{{ installer_planet }}" path: "{{ vector_map_path }}/installer/detail.mbtiles" state: link -- name: Symlink {{ vector_map_path }}/viewer/tiles/planet_z0-z6_2019.mbtiles -> {{ vector_map_path }}/installer/planet_z0-z6_2019.mbtiles +- name: Symlink {{ vector_map_path }}/viewer/tiles/{{ installer_planet }} -> {{ vector_map_path }}/installer/{{ installer_planet }} file: - src: "{{ vector_map_path }}/installer/planet_z0-z6_2019.mbtiles" - path: "{{ vector_map_path }}/viewer/tiles/planet_z0-z6_2019.mbtiles" + src: "{{ vector_map_path }}/installer/{{ installer_planet }}" + path: "{{ vector_map_path }}/viewer/tiles/{{ installer_planet }}" state: link -- name: Download abbreviated satellite images from {{ map_catalog_url }}/satellite_z0-z6_v3.mbtiles to {{ vector_map_path }}/viewer/tiles/ +- name: Download abbreviated satellite images from {{ map_catalog_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ get_url: - url: "{{ map_catalog_url }}/satellite_z0-z6_v3.mbtiles" + url: "{{ map_catalog_url }}/{{ installer_satellite }}" dest: "{{ vector_map_path }}/viewer/tiles/" timeout: "{{ download_timeout }}" From 9a9867f40cacc1f18c010925f7f71d1ba1d8fe2c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Feb 2022 18:38:26 -0500 Subject: [PATCH 0049/1758] roles/transmission/README.rst: How to change password --- roles/transmission/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 2de521963..7cc3d2701 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -38,7 +38,9 @@ Log in to Transmission's web interface http://box:9091 using administrative acco Username: Admin Password: changeme -If you prefer the command-line, you can instead run `transmission-remote `_ commands. +Change the above password by editing ``rpc-password`` in ``/etc/transmission-daemon/settings.json`` (your plaintext will be hashed to conceal it, the next time Transmission is started). + +Finally if you prefer the command-line, you can instead run `transmission-remote `_ commands. Configuration ------------- From 9110f7f9dad39d04165f416247c867f10f800524 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 11 Feb 2022 07:13:10 -0500 Subject: [PATCH 0050/1758] phpmyadmin/defaults/main.yml: 5.1.2 -> 5.1.3 --- roles/phpmyadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index c2c86d150..00c694aef 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.1.2 +phpmyadmin_version: 5.1.3 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" From 32ad3c31c153bdcb514d85a7ff3b1b8ede1ebc12 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 13 Feb 2022 00:08:17 +0000 Subject: [PATCH 0051/1758] change satellite installer filename --- roles/osm-vector-maps/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index ae4f6121c..40b8dc9f3 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -19,4 +19,4 @@ archive_org_url: https://archive.org/download map_catalog_url: http://timmoody.com/iiab-files/maps satellite_version: satellite_z0-z9_v3.mbtiles # 2021-12-20: Var unused, but hard-coded in 11 places within https://github.com/iiab/iiab-admin-console -- #3077 discusses map-catalog.json & adm-map-catalog.json installer_planet: planet_z0-z6_2020.mbtiles -installer_satellite: satellite_z0-z6_v3.mbtiles +installer_satellite: satellite_z0-z6_2020.mbtiles From 41817764ab76db59ec76e4cb0aca81c6e8a7d4b4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Feb 2022 23:55:25 -0500 Subject: [PATCH 0052/1758] roles/calibre-web/README.rst: Fix path /usr/local/calibre-web-py3 --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d44fb0f16..70ad84d14 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -105,7 +105,7 @@ Or, to reinstall all of IIAB:: Or, if you just want to upgrade Calibre-Web code alone, prior to proceeding manually:: - cd /opt/iiab/calibre-web + cd /usr/local/calibre-web-py3 git pull Known Issues From 2c6902e8ae34471165f5e577e8daae766742845b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 17 Feb 2022 16:48:49 -0500 Subject: [PATCH 0053/1758] Use 'raspi-config --expand-rootfs' in 1-prep/templates/iiab-rpi-max-rootfs.sh --- roles/1-prep/templates/iiab-rpi-max-rootfs.sh | 44 ++++++++++++------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh b/roles/1-prep/templates/iiab-rpi-max-rootfs.sh index d24788602..aa221bcf0 100644 --- a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh +++ b/roles/1-prep/templates/iiab-rpi-max-rootfs.sh @@ -1,20 +1,32 @@ #!/bin/bash -x -# Resize rootfs and its partition on the rpi SD card to maximum size -# To be used by systemd service on boot -# Only resizes if /.resize-rootfs exists -# Assumes root is last partition -# Only works on F22 + where resizepart command exists -# Assumes sd card style partition name like p -if [ -f /.resize-rootfs ];then - echo "$0: maximizing rootfs partion" - # Calculate root partition - root_part=`lsblk -aP -o NAME,MOUNTPOINT|grep 'MOUNTPOINT="/"' |awk -F\" '{ print $2 }'` - root_dev=${root_part:0:-2} - root_part_no=${root_part: (-1)} +# Resize rootfs and its partition on the rpi SD card (or external USB +# disk if possible, e.g. with Raspberry Pi OS) to maximum size. - # Resize partition - growpart /dev/$root_dev $root_part_no - resize2fs /dev/$root_part - rm /.resize-rootfs +# To be used by /etc/systemd/system/iiab-rpi-root-resize.service on boot. +# Only resizes if /.resize-rootfs exists. +# Assumes root is last partition. + +if [ -f /.resize-rootfs ]; then + echo "$0: maximizing rootfs partion" + + if [ -x /usr/bin/raspi-config ]; then + # 2022-02-17: Works in many more situations, e.g. with USB disks (not + # just microSD cards). IF ONLY THIS ALSO WORKED ON Ubuntu/Mint/etc ! + raspi-config --expand-rootfs + else + # Assumes sd card style partition name like p + # Only works on F22 + where resizepart command exists + + # Calculate root partition + root_part=`lsblk -aP -o NAME,MOUNTPOINT | grep 'MOUNTPOINT="/"' | awk -F\" '{ print $2 }'` + root_dev=${root_part:0:-2} + root_part_no=${root_part: (-1)} + + # Resize partition + growpart /dev/$root_dev $root_part_no + resize2fs /dev/$root_part + fi + + rm /.resize-rootfs fi From 38eb8868e3237039451ac73ad7e5a7a7cd03ace5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 18 Feb 2022 10:03:23 -0500 Subject: [PATCH 0054/1758] Clarify & Clean 1-prep/templates/iiab-rpi-max-rootfs.sh for PR #3121 --- roles/1-prep/templates/iiab-rpi-max-rootfs.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh b/roles/1-prep/templates/iiab-rpi-max-rootfs.sh index aa221bcf0..6c91ac9f6 100644 --- a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh +++ b/roles/1-prep/templates/iiab-rpi-max-rootfs.sh @@ -1,6 +1,6 @@ #!/bin/bash -x -# Resize rootfs and its partition on the rpi SD card (or external USB +# Resize rootfs and its partition on the RPi SD card (or external USB # disk if possible, e.g. with Raspberry Pi OS) to maximum size. # To be used by /etc/systemd/system/iiab-rpi-root-resize.service on boot. @@ -15,13 +15,18 @@ if [ -f /.resize-rootfs ]; then # just microSD cards). IF ONLY THIS ALSO WORKED ON Ubuntu/Mint/etc ! raspi-config --expand-rootfs else - # Assumes sd card style partition name like p + # 2022-02-17 PR #3121: This 2-line explanation appears stale... + # Assumes SD card style partition name like p # Only works on F22 + where resizepart command exists # Calculate root partition - root_part=`lsblk -aP -o NAME,MOUNTPOINT | grep 'MOUNTPOINT="/"' | awk -F\" '{ print $2 }'` + root_part=`lsblk -aP -o NAME,MOUNTPOINT | grep 'MOUNTPOINT="/"' | awk -F\" '{ print $2 }'` root_dev=${root_part:0:-2} - root_part_no=${root_part: (-1)} + # bash substring expansion: "negative offset [below, but not above] + # must be separated from the colon by at least one space to avoid + # being confused with the ‘:-’ expansion" + # https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html + root_part_no=${root_part: -1} # Resize partition growpart /dev/$root_dev $root_part_no From e7b201e84cc5852fef6123a49999c2053cc5b877 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 18 Feb 2022 13:46:46 -0500 Subject: [PATCH 0055/1758] Further clarify 1-prep/templates/iiab-rpi-max-rootfs.sh --- roles/1-prep/templates/iiab-rpi-max-rootfs.sh | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh b/roles/1-prep/templates/iiab-rpi-max-rootfs.sh index 6c91ac9f6..034b653eb 100644 --- a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh +++ b/roles/1-prep/templates/iiab-rpi-max-rootfs.sh @@ -13,20 +13,24 @@ if [ -f /.resize-rootfs ]; then if [ -x /usr/bin/raspi-config ]; then # 2022-02-17: Works in many more situations, e.g. with USB disks (not # just microSD cards). IF ONLY THIS ALSO WORKED ON Ubuntu/Mint/etc ! + + # Uses do_expand_rootfs() from: + # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config raspi-config --expand-rootfs else - # 2022-02-17 PR #3121: This 2-line explanation appears stale... - # Assumes SD card style partition name like p - # Only works on F22 + where resizepart command exists + # ASSUMES SD CARD STYLE PARTITION NAME LIKE p + # e.g. /dev/mmcblk0p2 mounts at / (typical RasPiOS microSD) + # BUT /dev/sda2 mounts at /media/usb1 (typical RasPiOS USB boot + # disk WON'T WORK BELOW!) # Calculate root partition - root_part=`lsblk -aP -o NAME,MOUNTPOINT | grep 'MOUNTPOINT="/"' | awk -F\" '{ print $2 }'` - root_dev=${root_part:0:-2} + root_part=`lsblk -aP -o NAME,MOUNTPOINT | grep 'MOUNTPOINT="/"' | awk -F\" '{ print $2 }'` # e.g. mmcblk0p2 + root_dev=${root_part:0:-2} # e.g. mmcblk0 # bash substring expansion: "negative offset [below, but not above] # must be separated from the colon by at least one space to avoid # being confused with the ‘:-’ expansion" # https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html - root_part_no=${root_part: -1} + root_part_no=${root_part: -1} # e.g. 2 # Resize partition growpart /dev/$root_dev $root_part_no From bd71b9484bad2f168ea88ac15f5823d0a91860f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 18 Feb 2022 13:56:57 -0500 Subject: [PATCH 0056/1758] 1-prep/templates/iiab-rpi-max-rootfs.sh: Explain & link to PR #3121 --- roles/1-prep/templates/iiab-rpi-max-rootfs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh b/roles/1-prep/templates/iiab-rpi-max-rootfs.sh index 034b653eb..8405727b4 100644 --- a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh +++ b/roles/1-prep/templates/iiab-rpi-max-rootfs.sh @@ -20,8 +20,8 @@ if [ -f /.resize-rootfs ]; then else # ASSUMES SD CARD STYLE PARTITION NAME LIKE p # e.g. /dev/mmcblk0p2 mounts at / (typical RasPiOS microSD) - # BUT /dev/sda2 mounts at /media/usb1 (typical RasPiOS USB boot - # disk WON'T WORK BELOW!) + # BUT /dev/sda2 mounts at /media/usb1 (RasPiOS USB boot disk... + # ...WON'T WORK BELOW; recap @ PR #3121) # Calculate root partition root_part=`lsblk -aP -o NAME,MOUNTPOINT | grep 'MOUNTPOINT="/"' | awk -F\" '{ print $2 }'` # e.g. mmcblk0p2 From 100db44d5abe8411c4acf3e0e41c01f75025de05 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Mar 2022 09:29:49 -0500 Subject: [PATCH 0057/1758] scripts/ansible: Recommend ansible-core 2.12.3 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 6f33f449e..9b9ae68a0 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.12.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.12.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 2a149d4945490d7bcdc4c2fc48d0488cae82b044 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Fri, 4 Mar 2022 04:01:40 +0000 Subject: [PATCH 0058/1758] change maps branch to maps7.3 --- roles/osm-vector-maps/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 40b8dc9f3..e32bc6a1c 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -11,7 +11,7 @@ # osm_repo_url: https://raw.githubusercontent.com/iiab/maps osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps #maps_branch: 'master' # Quotes not required -maps_branch: 'jupyter' +maps_branch: 'maps7.3' # soft code sources archive_org_url: https://archive.org/download From 19c88bad51741e33b1240087a3c43d42c2d63040 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 4 Mar 2022 17:22:41 -0500 Subject: [PATCH 0059/1758] remoteit/defaults/main.yml: remoteit_version: 4.13.7 -> 4.14.1 --- roles/remoteit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index 3017ecb2f..cd7c060c4 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -12,7 +12,7 @@ # - Debian Linux (x86_64) # - Pi OS (ARM) # - Pi OS (ARM64) -remoteit_version: 4.13.7 +remoteit_version: 4.14.1 # See https://docs.remote.it/device-package/installation to refine URL below: device_suffixes: From 1d0c14a4a5e51ca0ec6814a9e9b5be765aa370d1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 08:44:28 -0500 Subject: [PATCH 0060/1758] Refine roles/calibre-web/README.rst upgrade tips --- roles/calibre-web/README.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 70ad84d14..fa39c3c9c 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -90,9 +90,10 @@ Internet-in-a-Box (IIAB) is online. But first: back up your content **and** settings, as explained above. -**Then move your /library/calibre-web/metadata.db out of the way, if you're -sure you want to (re)install bare/minimal metadata, and force all Calibre-Web -settings to the default. Then run**:: +**Also move your /library/calibre-web/config/app.db and +/library/calibre-web/metadata.db out of the way — if you're sure to want to +fully reset your Calibre-Web settings (to install defaults) and remove all +e-book metadata! Then run**:: cd /opt/iiab/iiab ./runrole calibre-web From af88232071f80de6a58ea18d322f528ef5641ecb Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 08:52:00 -0500 Subject: [PATCH 0061/1758] Fix calibre-web/README.rst upgrade instructions --- roles/calibre-web/README.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index fa39c3c9c..03494d504 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -96,12 +96,7 @@ fully reset your Calibre-Web settings (to install defaults) and remove all e-book metadata! Then run**:: cd /opt/iiab/iiab - ./runrole calibre-web - -Or, to reinstall all of IIAB:: - - cd /opt/iiab/iiab - ./iiab-install --reinstall + ./runrole calibre-web --reinstall Or, if you just want to upgrade Calibre-Web code alone, prior to proceeding manually:: @@ -109,6 +104,11 @@ manually:: cd /usr/local/calibre-web-py3 git pull +This older way *is no longer recommended*:: + + cd /opt/iiab/iiab + ./iiab-install --reinstall + Known Issues ------------ From b482018b1a6d9fc569164faa360b744e0fcf46f0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 09:22:46 -0500 Subject: [PATCH 0062/1758] Fix stale comment: /usr/local/calibre-web is now /usr/local/calibre-web-py3 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7d82f6677..801b273c0 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -29,7 +29,7 @@ - name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: repo: https://github.com/janeczku/calibre-web.git - dest: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web + dest: "{{ calibreweb_venv_path }}" force: yes depth: 1 version: "{{ calibreweb_version }}" # e.g. master, 0.6.5 From 567020ba00561bd392ea7efb4285d2ca93e99a72 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 09:43:41 -0500 Subject: [PATCH 0063/1758] Install /library/calibre-web/config/app.db (Calibre-Web settings) IFF missing --- roles/calibre-web/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 801b273c0..73f945746 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -19,7 +19,6 @@ path: "{{ item }}" owner: "{{ calibreweb_user }}" # root group: "{{ apache_user }}" # www-data on debuntu - #mode: '0755' with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config @@ -32,7 +31,7 @@ dest: "{{ calibreweb_venv_path }}" force: yes depth: 1 - version: "{{ calibreweb_version }}" # e.g. master, 0.6.5 + version: "{{ calibreweb_version }}" # e.g. master, 0.6.17 ## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) #- name: Download calibre-web dependencies into vendor subdirectory. @@ -66,24 +65,25 @@ dest: "{{ calibreweb_home }}" # /library/calibre-web owner: "{{ calibreweb_user }}" # root group: "{{ apache_user }}" # www-data on debuntu - #mode: '0644' backup: yes with_items: - roles/calibre-web/files/metadata.db - roles/calibre-web/files/metadata_db_prefs_backup.json when: not metadatadb.stat.exists - #when: calibreweb_provision -- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist +- name: Does /library/calibre-web/config/app.db exist? + stat: + path: /library/calibre-web/config/app.db + register: appdb + +- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF it did not exist copy: src: roles/calibre-web/files/app.db dest: "{{ calibreweb_config }}" # /library/calibre-web/config owner: "{{ calibreweb_user }}" # root group: "{{ apache_user }}" # www-data on debuntu - #mode: '0644' backup: yes - when: not metadatadb.stat.exists - #when: calibreweb_provision + when: not appdb.stat.exists # RECORD Calibre-Web AS INSTALLED From c7683ae65186cb76a5021851e190efce150292ed Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 09:51:20 -0500 Subject: [PATCH 0064/1758] Record calibreweb_settings_database NOT calibreweb_database to /etc/iiab/iiab.ini --- roles/calibre-web/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 40515eb57..e8be74274 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -70,5 +70,5 @@ value: "{{ calibreweb_home }}" - option: calibreweb_port value: "{{ calibreweb_port }}" - - option: calibreweb_database - value: "{{ calibreweb_database }}" + - option: calibreweb_settings_database + value: "{{ calibreweb_settings_database }}" From 4ef451007e5315501d383396bc6fd050abdcc1fa Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 10:03:25 -0500 Subject: [PATCH 0065/1758] Clean up calibre-web/defaults/main.yml --- roles/calibre-web/defaults/main.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 903b3b6e5..7abab0bd8 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -19,18 +19,19 @@ calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" -# Config files put in: +# Config files (in reality just app.db) put in: calibreweb_config: "{{ calibreweb_home }}/config" -# Calibre-Web will be provisioned with default administrative account, -# metadata.db and language if /library/calibre-web/metadata.db does not exist. -# NOT CURRENTLY IN USE: calibreweb_provision: True -calibreweb_settings_database: app.db -calibreweb_database: metadata.db +# 2022-03-07: Calibre-Web will be reset to default settings if (re)installed +# when /library/calibre-web/config/app.db doesn't exist: +calibreweb_settings_database: app.db # /library/calibre-web/config/app.db + +# UNUSED var as of 2022-03-07: +# calibreweb_database: metadata.db # /library/calibre-web/metadata.db # Files owned by: calibreweb_user: root -# UNUSED variables, as of March 2019: +# UNUSED vars, as of March 2019: # calibreweb_admin_user: Admin # calibreweb_admin_password: changeme From c9e511103d168c0b8d5fbcd95f27097eacbe06ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 10:24:42 -0500 Subject: [PATCH 0066/1758] calibre-web/README.rst: Revise upgrade instructions --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 03494d504..d5d97e2c5 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -90,9 +90,9 @@ Internet-in-a-Box (IIAB) is online. But first: back up your content **and** settings, as explained above. -**Also move your /library/calibre-web/config/app.db and +**Also move your /library/calibre-web/config/app.db AND/OR /library/calibre-web/metadata.db out of the way — if you're sure to want to -fully reset your Calibre-Web settings (to install defaults) and remove all +fully reset your Calibre-Web settings (to install defaults) AND/OR remove all e-book metadata! Then run**:: cd /opt/iiab/iiab From 9b0146e59fc57a197d27af1dc0d0e7b7c9eeb8b7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 10:26:22 -0500 Subject: [PATCH 0067/1758] calibre-web/README.rst: Fix grammar typo --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d5d97e2c5..d3b35d1ce 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -91,7 +91,7 @@ Internet-in-a-Box (IIAB) is online. But first: back up your content **and** settings, as explained above. **Also move your /library/calibre-web/config/app.db AND/OR -/library/calibre-web/metadata.db out of the way — if you're sure to want to +/library/calibre-web/metadata.db out of the way — if you're sure you want to fully reset your Calibre-Web settings (to install defaults) AND/OR remove all e-book metadata! Then run**:: From a060d95ec8976f46bc2d948fe193ce91f29a908a Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 10:34:36 -0500 Subject: [PATCH 0068/1758] calibre-web/README.rst: Fix explanation to './runrole --reinstall calibre-web' --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d3b35d1ce..038992256 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -96,7 +96,7 @@ fully reset your Calibre-Web settings (to install defaults) AND/OR remove all e-book metadata! Then run**:: cd /opt/iiab/iiab - ./runrole calibre-web --reinstall + ./runrole --reinstall calibre-web Or, if you just want to upgrade Calibre-Web code alone, prior to proceeding manually:: From df5f951e13694524ddcf81edaae567361d8aa4d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Mar 2022 22:20:26 -0500 Subject: [PATCH 0069/1758] calibre-web/README.rst: Link to Calibre-Web FAQ+docs --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 038992256..44df76aa4 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -74,7 +74,7 @@ See also:: /library/calibre-web/metadata_db_prefs_backup.json -See the official docs on Calibre-Web's `Runtime Configuration Options `_. +Finally, take note of Calibre-Web's `FAQ `_ and official docs on its `Runtime Configuration Options `_ and `Command Line Interface `_. Back Up Everything ------------------ @@ -107,7 +107,7 @@ manually:: This older way *is no longer recommended*:: cd /opt/iiab/iiab - ./iiab-install --reinstall + ./iiab-install --reinstall # OR: ./iiab-configure Known Issues ------------ From bd1742dcc6c5c0a855cd0d9536e5f9a8bd310a4e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 10 Mar 2022 20:51:46 -0500 Subject: [PATCH 0070/1758] nextcloud/tasks/install.yml: Update Nextcloud 23.0.2 footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 968dc8c08..31fbe97d6 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~132 MB) to {{ nextcloud_root_dir }} (~474 MB initially, 496+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~132 MB) to {{ nextcloud_root_dir }} (~475 MB initially, 498+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 19f768a397ccc4355afb0aec538fc18d698512ea Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 10 Mar 2022 21:26:39 -0500 Subject: [PATCH 0071/1758] sugarizer/tasks/install.yml: Update dir sizes for latest Sugarizer/Server --- roles/sugarizer/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index bf0e37252..08fabac93 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -29,7 +29,7 @@ # 2. DOWNLOAD+LINK /opt/iiab/sugarizer -- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~717 MB) +- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~740 MB) git: repo: https://github.com/llaske/sugarizer dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}" @@ -61,7 +61,7 @@ # CLARIF: during repeat runs of "./runrole sugarizer", this git sync shows # "changed" (whereas above git sync shows "ok"). Reason: "npm install" # (below) modifies /opt/iiab/sugarizer-server/node_modules -- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~9 MB initially, ~193+ MB later) +- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~9 MB initially, ~195+ MB later) git: repo: https://github.com/llaske/sugarizer-server dest: "{{ iiab_base }}/{{ sugarizer_server_dir_version }}" From 9970307121a5fd436699e4c2cd1942b8afcea755 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 13 Mar 2022 20:33:45 -0400 Subject: [PATCH 0072/1758] vars/local_vars_large.yml: Don't install Lokole due to #3132 --- vars/local_vars_large.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c37efd2bf..a8cab61ca 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -232,8 +232,8 @@ jupyterhub_install: True jupyterhub_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: True -lokole_enabled: True +lokole_install: False # 2022-03-13: Needs work with Python 3.9+ +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: True From 7f41fa077f7c5926d4326e19fc0638637ce1c054 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 13 Mar 2022 20:42:48 -0400 Subject: [PATCH 0073/1758] roles/lokole/README.rst: Better link to Lokole issues --- roles/lokole/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/README.rst b/roles/lokole/README.rst index cb9ebc8d7..95da4397c 100644 --- a/roles/lokole/README.rst +++ b/roles/lokole/README.rst @@ -95,4 +95,4 @@ For further usage information and troubleshooting, refer to the `Lokole user man Known Issues ------------ -For an up-to-date list of open issues, please see the `Lokole project's issue tracker `_. See also `IIAB's issue tracker `_. +For an up-to-date list of open issues, please see the `Lokole project's issue tracker `_. See also `IIAB's issue tracker `_. From 398854da601416f5d99a6f87a3dc3d52a3d5c490 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 14 Mar 2022 15:51:30 -0400 Subject: [PATCH 0074/1758] PR #3035: Clarify Lokole in vars/local_vars_medium.yml --- vars/local_vars_medium.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 713d0a135..27675e830 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -232,8 +232,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False -lokole_enabled: False +lokole_install: False # 2022-03-13: Needs work with Python 3.9+ +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False From 66666f147d9e63dd8e186ba776ab93d45dd6fe52 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 14 Mar 2022 15:51:36 -0400 Subject: [PATCH 0075/1758] PR #3035: Clarify Lokole in vars/local_vars_small.yml --- vars/local_vars_small.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 20f6748cc..4bc7e4a37 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -232,8 +232,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False -lokole_enabled: False +lokole_install: False # 2022-03-13: Needs work with Python 3.9+ +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False From 35427981a0b8a869e52d21e1cef1ac929729a5b0 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 10:24:30 -0400 Subject: [PATCH 0076/1758] iiab-expand-rootfs for more HW/OS's, per raspi-config's do_expand_rootfs() --- roles/1-prep/README.adoc | 3 +- roles/1-prep/tasks/hardware.yml | 25 +++++++- roles/1-prep/tasks/raspberry_pi.yml | 37 ++++-------- roles/1-prep/templates/iiab-expand-rootfs | 57 +++++++++++++++++++ ...ize.service => iiab-expand-rootfs.service} | 0 roles/1-prep/templates/iiab-rpi-max-rootfs.sh | 41 ------------- 6 files changed, 93 insertions(+), 70 deletions(-) create mode 100644 roles/1-prep/templates/iiab-expand-rootfs rename roles/1-prep/templates/{iiab-rpi-root-resize.service => iiab-expand-rootfs.service} (100%) delete mode 100644 roles/1-prep/templates/iiab-rpi-max-rootfs.sh diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index cdbd75142..04bf41db0 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -14,6 +14,7 @@ username and group, to log into Admin Console * Ubermix (distro) needs /etc/tmpfiles.d/iiab.conf to create essential /var/log subdirs on each boot * *_Hardware actions:_* + ** Install https://github.com/iiab/iiab/blob/master/roles/1-prep/templates/iiab-expand-rootfs[iiab-expand-rootfs] ** link:tasks/raspberry_pi.yml[*_raspberry_pi.yml_*]: *** RTC (real-time clock): install udev rule, configure, enable *** *_Install packages related to:_* @@ -22,8 +23,6 @@ username and group, to log into Admin Console **** fake-hwclock (as RTC is often missing or dead!) **** Wi-Fi *** Increase swap file size - *** https://github.com/iiab/iiab/blob/master/roles/1-prep/templates/iiab-rpi-max-rootfs.sh[rootfs - auto-resizing] ** NUC 6 Wi-Fi firmware Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 2650c7217..c7557da5e 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -1,17 +1,38 @@ +- name: Install package 'cloud-guest-utils' so growpart is available for expanding rootfs partition during boot + package: + name: cloud-guest-utils # 2022-03-15: For RasPiOS especially. Ubuntu has still pre-installed, for use with cloud-init. + state: present + +- name: "Install from templates: /usr/sbin/iiab-expand-rootfs, /etc/systemd/system/iiab-expand-rootfs.service" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: 'iiab-expand-rootfs', dest: '/usr/sbin/', mode: '0755' } + - { src: 'iiab-expand-rootfs.service', dest: '/etc/systemd/system/', mode: '0644' } + +- name: Enable /etc/systemd/system/iiab-expand-rootfs.service + systemd: + name: iiab-expand-rootfs + enabled: yes + + ## DISCOVER PLATFORMS ###### # Put conditional actions for hardware platforms here - include_tasks: raspberry_pi.yml when: first_run and rpi_model != "none" + - name: Check if the identifier for Intel's NUC6 built-in WiFi is present shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" register: usb_NUC6 ignore_errors: True -- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages +- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 get_url: - url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" + url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # http://download.iiab.io/packages dest: /lib/firmware timeout: "{{ download_timeout }}" when: usb_NUC6.stdout|int > 0 diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml index bc54f58af..aa71ff426 100644 --- a/roles/1-prep/tasks/raspberry_pi.yml +++ b/roles/1-prep/tasks/raspberry_pi.yml @@ -39,21 +39,25 @@ meta: noop # 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools) -# are provided by RaspiOS. Ubuntu|Debian on the other hand are hit or miss: +# are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: # desktops might have some/all 3 preinstalled, while servers tend not to have # these present at all, but are needed to be installed if you want to take full # advantage of WiFi on Ubuntu and friends -- but it's only enforced on RPi # hardware where we know in advance of the likelihood of WiFi being present. -- name: 'Install packages: cloud-guest-utils, dphys-swapfile, fake-hwclock, iw, rfkill, wireless-tools' +# 2022-03-15: This section is effectively now useless on RasPiOS (but apparently +# serves a purpose on Ubuntu on RPi, where it installs dphys-swapfile and +# fake-hwclock). Still: @jvonau's above explanation of other OS's / other HW +# suggest this code should possibly move in future, to helps others too? + +- name: 'Install packages: dphys-swapfile, fake-hwclock, iw, rfkill, wireless-tools' package: name: - - cloud-guest-utils # Contains 'growpart' for resizing a partition during boot, which is normally done with the aid of cloud-init - - dphys-swapfile # 2021-07-27: RaspiOS installs this regardless -- autogenerate and use a swap file - - fake-hwclock # 2021-07-27: RaspiOS installs this regardless -- save/restore system clock on machines without working RTC hardware - - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - - rfkill # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices - - wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions + - dphys-swapfile # 2021-03-15: For Ubuntu on RPi? RasPiOS installs this regardless -- autogenerate and use a swap file + - fake-hwclock # 2021-03-15: For Ubuntu on RPi? RasPiOS installs this regardless -- save/restore system clock on machines without working RTC hardware + - iw # 2021-07-27: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 + - rfkill # 2021-07-27: RasPiOS installs this regardless -- enable & disable wireless devices + - wireless-tools # 2021-07-27: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions state: present @@ -68,20 +72,3 @@ systemd: # Had been...a rare/legacy service that was NOT systemd name: dphys-swapfile state: restarted - - -- name: Install RPi rootfs resizing (/usr/sbin/iiab-rpi-max-rootfs.sh) and its systemd service (/etc/systemd/system/iiab-rpi-root-resize.service), from templates (root:root by default) - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - #owner: root - #group: root - mode: "{{ item.mode }}" - with_items: - - { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/', mode: '0755' } - - { src: 'iiab-rpi-root-resize.service', dest: '/etc/systemd/system/', mode: '0644' } - -- name: Enable RPi rootfs resizing (systemd service iiab-rpi-root-resize.service) - systemd: - name: iiab-rpi-root-resize - enabled: yes diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs new file mode 100644 index 000000000..baa4623dd --- /dev/null +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -0,0 +1,57 @@ +#!/bin/bash -x + +# Expand rootfs partition to its maximum size, if /.expand-rootfs exists. +# Used by /etc/systemd/system/iiab-expand-rootfs.service on IIAB boot. + +# Should work with most Linux OS's, regardless whether Raspberry Pi SD cards +# or external USB boot disks, etc. Verifies that rootfs is the last partition. + +if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then + echo "$0: Expanding rootfs partition" + + if [ -x /usr/bin/raspi-config ]; then + # 2022-02-17: Works in many more situations, e.g. with USB disks (not + # just microSD cards). IF ONLY THIS ALSO WORKED ON Ubuntu/Mint/etc ! + + # Uses do_expand_rootfs() from: + # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config + raspi-config --expand-rootfs + else + # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() + ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 + ROOT_DEV="/dev/$(lsblk -no pkname "$ROOT_PART")" # e.g. /dev/sda or /dev/mmcblk0 + + ROOT_PART_NUM="$(echo "$ROOT_PART" | grep -o "[[:digit:]]*$")" # e.g. 2 + # SLOW (~10 seconds) but it works! + LAST_PART_NUM=$(parted "$ROOT_DEV" -ms unit s p | tail -n 1 | cut -f 1 -d:) + + if [ $ROOT_PART_NUM -ne $LAST_PART_NUM ]; then + echo "ERROR: $ROOT_PART partition ($ROOT_PART_NUM) is not the last partition ($LAST_PART_NUM). Don't know how to expand." + return 0 + fi + + # Expand partition + growpart $ROOT_DEV $ROOT_PART_NUM + resize2fs $ROOT_PART + + # # ASSUMES SD CARD STYLE PARTITION NAME LIKE p + # # e.g. /dev/mmcblk0p2 mounts at / (typical RasPiOS microSD) + # # BUT /dev/sda2 mounts at /media/usb1 (RasPiOS USB boot disk... + # # ...WON'T WORK BELOW; recap @ PR #3121) + + # # Calculate root partition + # root_part=`lsblk -aP -o NAME,MOUNTPOINT | grep 'MOUNTPOINT="/"' | awk -F\" '{ print $2 }'` # e.g. mmcblk0p2 + # root_dev=${root_part:0:-2} # e.g. mmcblk0 + # # bash substring expansion: "negative offset [below, but not above] + # # must be separated from the colon by at least one space to avoid + # # being confused with the ‘:-’ expansion" + # # https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html + # root_part_no=${root_part: -1} # e.g. 2 + + # # Resize partition + # growpart /dev/$root_dev $root_part_no + # resize2fs /dev/$root_part + fi + + rm -f /.expand-rootfs /.resize-rootfs +fi diff --git a/roles/1-prep/templates/iiab-rpi-root-resize.service b/roles/1-prep/templates/iiab-expand-rootfs.service similarity index 100% rename from roles/1-prep/templates/iiab-rpi-root-resize.service rename to roles/1-prep/templates/iiab-expand-rootfs.service diff --git a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh b/roles/1-prep/templates/iiab-rpi-max-rootfs.sh deleted file mode 100644 index 8405727b4..000000000 --- a/roles/1-prep/templates/iiab-rpi-max-rootfs.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -x - -# Resize rootfs and its partition on the RPi SD card (or external USB -# disk if possible, e.g. with Raspberry Pi OS) to maximum size. - -# To be used by /etc/systemd/system/iiab-rpi-root-resize.service on boot. -# Only resizes if /.resize-rootfs exists. -# Assumes root is last partition. - -if [ -f /.resize-rootfs ]; then - echo "$0: maximizing rootfs partion" - - if [ -x /usr/bin/raspi-config ]; then - # 2022-02-17: Works in many more situations, e.g. with USB disks (not - # just microSD cards). IF ONLY THIS ALSO WORKED ON Ubuntu/Mint/etc ! - - # Uses do_expand_rootfs() from: - # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config - raspi-config --expand-rootfs - else - # ASSUMES SD CARD STYLE PARTITION NAME LIKE p - # e.g. /dev/mmcblk0p2 mounts at / (typical RasPiOS microSD) - # BUT /dev/sda2 mounts at /media/usb1 (RasPiOS USB boot disk... - # ...WON'T WORK BELOW; recap @ PR #3121) - - # Calculate root partition - root_part=`lsblk -aP -o NAME,MOUNTPOINT | grep 'MOUNTPOINT="/"' | awk -F\" '{ print $2 }'` # e.g. mmcblk0p2 - root_dev=${root_part:0:-2} # e.g. mmcblk0 - # bash substring expansion: "negative offset [below, but not above] - # must be separated from the colon by at least one space to avoid - # being confused with the ‘:-’ expansion" - # https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html - root_part_no=${root_part: -1} # e.g. 2 - - # Resize partition - growpart /dev/$root_dev $root_part_no - resize2fs /dev/$root_part - fi - - rm /.resize-rootfs -fi From 334c7089f0ac08898d4d7a78b7b0e886b7f8450e Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 11:00:07 -0400 Subject: [PATCH 0077/1758] roles/1-prep/README.adoc: hardware.yml & raspberry_pi.yml packages/context --- roles/1-prep/README.adoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index 04bf41db0..0d275473b 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -14,15 +14,15 @@ username and group, to log into Admin Console * Ubermix (distro) needs /etc/tmpfiles.d/iiab.conf to create essential /var/log subdirs on each boot * *_Hardware actions:_* - ** Install https://github.com/iiab/iiab/blob/master/roles/1-prep/templates/iiab-expand-rootfs[iiab-expand-rootfs] + ** Install package cloud-guest-utils for growpart + ** Install https://github.com/iiab/iiab/blob/master/roles/1-prep/templates/iiab-expand-rootfs[iiab-expand-rootfs] that acts on flag `/.expand-rootfs` at boot ** link:tasks/raspberry_pi.yml[*_raspberry_pi.yml_*]: *** RTC (real-time clock): install udev rule, configure, enable - *** *_Install packages related to:_* - **** growpart - **** swapfile + *** *_Install packages:_* + **** dphys-swapfile (for swapfile) **** fake-hwclock (as RTC is often missing or dead!) - **** Wi-Fi - *** Increase swap file size + **** iw, rfkill, wireless-tools (for internal Wi-Fi) + *** Increase swap file size (to `pi_swap_file_size`) ** NUC 6 Wi-Fi firmware Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and From cc9a55f13e24d42754e573e6b2eb658fcf383cfe Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 11:05:55 -0400 Subject: [PATCH 0078/1758] roles/1-prep/README.adoc: Offline hyperlink to templates/iiab-expand-rootfs --- roles/1-prep/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index 0d275473b..fca0f26a6 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -15,7 +15,7 @@ username and group, to log into Admin Console /var/log subdirs on each boot * *_Hardware actions:_* ** Install package cloud-guest-utils for growpart - ** Install https://github.com/iiab/iiab/blob/master/roles/1-prep/templates/iiab-expand-rootfs[iiab-expand-rootfs] that acts on flag `/.expand-rootfs` at boot + ** Install link:templates/iiab-expand-rootfs[iiab-expand-rootfs] that acts on flag `/.expand-rootfs` at boot ** link:tasks/raspberry_pi.yml[*_raspberry_pi.yml_*]: *** RTC (real-time clock): install udev rule, configure, enable *** *_Install packages:_* From ee765e41d4b2f3977a35de0e9c4f4020039bd9d8 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 11:15:22 -0400 Subject: [PATCH 0079/1758] 1-prep/templates/iiab-expand-rootfs.service: Fix name iiab-expand-rootfs --- roles/1-prep/templates/iiab-expand-rootfs.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index 2cd33ec11..ffc9bbd9b 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -4,7 +4,7 @@ Description=Root Filesystem Auto-Resizer [Service] Environment=TERM=linux Type=oneshot -ExecStart=/usr/sbin/iiab-rpi-max-rootfs.sh +ExecStart=/usr/sbin/iiab-expand-rootfs StandardError=syslog RemainAfterExit=no From baab78197714a686009d3dc5fa8ef3bfd1ff59e6 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 11:47:09 -0400 Subject: [PATCH 0080/1758] 1-prep/templates/iiab-expand-rootfs: 'exit 1' if partition's not the last --- roles/1-prep/templates/iiab-expand-rootfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index baa4623dd..3ea6e51ad 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -27,7 +27,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then if [ $ROOT_PART_NUM -ne $LAST_PART_NUM ]; then echo "ERROR: $ROOT_PART partition ($ROOT_PART_NUM) is not the last partition ($LAST_PART_NUM). Don't know how to expand." - return 0 + exit 1 fi # Expand partition From 85eb059addc47b002c4c1c6a8c7d03ace49eaaa1 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 12:17:51 -0400 Subject: [PATCH 0081/1758] Doc iiab-expand-rootfs + Explicit deps in 1-prep/tasks/hardware.yml --- roles/1-prep/tasks/hardware.yml | 6 ++++-- roles/1-prep/templates/iiab-expand-rootfs | 11 +++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index c7557da5e..77469e6d4 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -1,6 +1,8 @@ -- name: Install package 'cloud-guest-utils' so growpart is available for expanding rootfs partition during boot +- name: Install packages 'parted' and 'cloud-guest-utils' (so /usr/bin/growpart is available for expanding rootfs partition during boot) package: - name: cloud-guest-utils # 2022-03-15: For RasPiOS especially. Ubuntu has still pre-installed, for use with cloud-init. + name: + - parted # 2022-03-15: RasPiOS and Ubuntu install this regardless -- so rarely nec but just in case. + - cloud-guest-utils # 2022-03-15: For growpart command, on RasPiOS especially. Ubuntu has this pre-installed, for use with cloud-init. state: present - name: "Install from templates: /usr/sbin/iiab-expand-rootfs, /etc/systemd/system/iiab-expand-rootfs.service" diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 3ea6e51ad..8a208a078 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -9,14 +9,11 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then echo "$0: Expanding rootfs partition" - if [ -x /usr/bin/raspi-config ]; then - # 2022-02-17: Works in many more situations, e.g. with USB disks (not - # just microSD cards). IF ONLY THIS ALSO WORKED ON Ubuntu/Mint/etc ! - - # Uses do_expand_rootfs() from: + if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS + # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config raspi-config --expand-rootfs - else + else # Other Linux OS's # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 ROOT_DEV="/dev/$(lsblk -no pkname "$ROOT_PART")" # e.g. /dev/sda or /dev/mmcblk0 @@ -34,6 +31,8 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then growpart $ROOT_DEV $ROOT_PART_NUM resize2fs $ROOT_PART + # 2022-03-15: Legacy code below for microSD cards but NOT USB boot disks + # # ASSUMES SD CARD STYLE PARTITION NAME LIKE p # # e.g. /dev/mmcblk0p2 mounts at / (typical RasPiOS microSD) # # BUT /dev/sda2 mounts at /media/usb1 (RasPiOS USB boot disk... From fc032efe8a37ac9740e082a6130003a97344b173 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 12:50:59 -0400 Subject: [PATCH 0082/1758] iiab-expand-rootfs: ALL kinds of boot disks should work! --- roles/1-prep/templates/iiab-expand-rootfs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 8a208a078..48c8872ba 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -3,8 +3,10 @@ # Expand rootfs partition to its maximum size, if /.expand-rootfs exists. # Used by /etc/systemd/system/iiab-expand-rootfs.service on IIAB boot. -# Should work with most Linux OS's, regardless whether Raspberry Pi SD cards -# or external USB boot disks, etc. Verifies that rootfs is the last partition. +# Should work with all Linux OS's boot disks -- regardless whether Raspberry Pi +# microSD cards, external USB drives, internal spinning disks or SSD's, etc. + +# Verifies that rootfs is the last partition. if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then echo "$0: Expanding rootfs partition" From a9fe5902da864352a51a7daccf34b82910f6c7e8 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 12:59:31 -0400 Subject: [PATCH 0083/1758] iiab-expand-rootfs: Clarify legacy code shortcoming --- roles/1-prep/templates/iiab-expand-rootfs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 48c8872ba..b28838cd0 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -33,7 +33,8 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then growpart $ROOT_DEV $ROOT_PART_NUM resize2fs $ROOT_PART - # 2022-03-15: Legacy code below for microSD cards but NOT USB boot disks + # 2022-03-15: Legacy code below worked with Raspberry Pi microSD cards + # but *not* with USB boot drives, internal spinning disks/SSD's, etc. # # ASSUMES SD CARD STYLE PARTITION NAME LIKE p # # e.g. /dev/mmcblk0p2 mounts at / (typical RasPiOS microSD) From 52252044f100b9aaa7df7e84e225c9c36f8bf9c4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 15 Mar 2022 12:47:39 -0500 Subject: [PATCH 0084/1758] generalize wifi dependencies based on hardware present --- roles/1-prep/tasks/hardware.yml | 16 ++++++++++++++++ roles/1-prep/tasks/raspberry_pi.yml | 12 +----------- roles/1-prep/tasks/wifi.yml | 14 ++++++++++++++ roles/2-common/tasks/network.yml | 3 +-- 4 files changed, 32 insertions(+), 13 deletions(-) create mode 100644 roles/1-prep/tasks/wifi.yml diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 2650c7217..7b3f6fa5a 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -1,6 +1,22 @@ ## DISCOVER PLATFORMS ###### # Put conditional actions for hardware platforms here +- name: Look for any wireless devices present + shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}'" + register: has_wifi_device + ignore_errors: True + changed_when: False + +- name: Set has_wireless, if found + set_fact: + has_wireless: True + when: has_wifi_device.stdout is defined and item|trim != "" + with_items: + - "{{ has_wifi_device.stdout_lines }}" + +- include_tasks: wifi.yml + when: has_wireless is defined + - include_tasks: raspberry_pi.yml when: first_run and rpi_model != "none" diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml index bc54f58af..745ce60b9 100644 --- a/roles/1-prep/tasks/raspberry_pi.yml +++ b/roles/1-prep/tasks/raspberry_pi.yml @@ -38,22 +38,12 @@ - name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml' meta: noop -# 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools) -# are provided by RaspiOS. Ubuntu|Debian on the other hand are hit or miss: -# desktops might have some/all 3 preinstalled, while servers tend not to have -# these present at all, but are needed to be installed if you want to take full -# advantage of WiFi on Ubuntu and friends -- but it's only enforced on RPi -# hardware where we know in advance of the likelihood of WiFi being present. - -- name: 'Install packages: cloud-guest-utils, dphys-swapfile, fake-hwclock, iw, rfkill, wireless-tools' +- name: 'Install packages: cloud-guest-utils, dphys-swapfile, fake-hwclock' package: name: - cloud-guest-utils # Contains 'growpart' for resizing a partition during boot, which is normally done with the aid of cloud-init - dphys-swapfile # 2021-07-27: RaspiOS installs this regardless -- autogenerate and use a swap file - fake-hwclock # 2021-07-27: RaspiOS installs this regardless -- save/restore system clock on machines without working RTC hardware - - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - - rfkill # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices - - wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions state: present diff --git a/roles/1-prep/tasks/wifi.yml b/roles/1-prep/tasks/wifi.yml new file mode 100644 index 000000000..718376ab4 --- /dev/null +++ b/roles/1-prep/tasks/wifi.yml @@ -0,0 +1,14 @@ +# 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools) +# are provided by RaspiOS. Ubuntu|Debian on the other hand are hit or miss: +# desktops might have some/all 3 preinstalled, while servers tend not to have +# these present at all, but are needed to be installed if you want to take full +# advantage of WiFi on Ubuntu and friends + +- name: 'Install packages: hostapd, iw, rfkill, wireless-tools' + package: + name: + - hostapd # IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired + - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 + - rfkill # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices + - wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions + state: present diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index 435c0bb1f..faff74dde 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -10,10 +10,9 @@ state: present when: not is_raspbian -- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install network packages: iproute2, iptables-persistent, netmask -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - - hostapd # IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired - iproute2 # 2021-07-27: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools - iptables-persistent # Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it! - netmask # Handy utility -- helps determine network masks From f32b9cec36462dbf647206a92867fd1e99683e47 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 14:38:42 -0400 Subject: [PATCH 0085/1758] 1-prep/tasks/hardware.yml: Clarify cloud-guest-utils isn't used on RasPiOS --- roles/1-prep/tasks/hardware.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 77469e6d4..edf9bb284 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -2,7 +2,7 @@ package: name: - parted # 2022-03-15: RasPiOS and Ubuntu install this regardless -- so rarely nec but just in case. - - cloud-guest-utils # 2022-03-15: For growpart command, on RasPiOS especially. Ubuntu has this pre-installed, for use with cloud-init. + - cloud-guest-utils # 2022-03-15: For growpart command -- though RasPiOS currently doesn't need this, as raspi-config's do_expand_rootfs() instead uses fdisk. Ubuntu pre-installs cloud-guest-utils, for use with cloud-init. state: present - name: "Install from templates: /usr/sbin/iiab-expand-rootfs, /etc/systemd/system/iiab-expand-rootfs.service" From 212d1fa765887ba3830099dd6bb8f7ffc289f5b1 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 14:52:46 -0400 Subject: [PATCH 0086/1758] iiab-expand-rootfs: raspi-config uses fdisk instead of growpart --- roles/1-prep/templates/iiab-expand-rootfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index b28838cd0..bc81bd302 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -30,7 +30,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then fi # Expand partition - growpart $ROOT_DEV $ROOT_PART_NUM + growpart $ROOT_DEV $ROOT_PART_NUM # raspi-config instead uses fdisk resize2fs $ROOT_PART # 2022-03-15: Legacy code below worked with Raspberry Pi microSD cards From 03a630b199ad43731e9be7be8aeed106f13ed910 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 15 Mar 2022 14:01:02 -0500 Subject: [PATCH 0087/1758] leave hostapd as was - has an unconditional systemd call in hostapd.yml --- roles/1-prep/tasks/wifi.yml | 3 +-- roles/2-common/tasks/network.yml | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/1-prep/tasks/wifi.yml b/roles/1-prep/tasks/wifi.yml index 718376ab4..f246fbea0 100644 --- a/roles/1-prep/tasks/wifi.yml +++ b/roles/1-prep/tasks/wifi.yml @@ -4,10 +4,9 @@ # these present at all, but are needed to be installed if you want to take full # advantage of WiFi on Ubuntu and friends -- name: 'Install packages: hostapd, iw, rfkill, wireless-tools' +- name: 'Install packages: iw, rfkill, wireless-tools' package: name: - - hostapd # IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - rfkill # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index faff74dde..435c0bb1f 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -10,9 +10,10 @@ state: present when: not is_raspbian -- name: 'Install network packages: iproute2, iptables-persistent, netmask -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: + - hostapd # IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired - iproute2 # 2021-07-27: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools - iptables-persistent # Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it! - netmask # Handy utility -- helps determine network masks From 99247671bbf90cdffb9ff9023632196990f82ff5 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 15:15:21 -0400 Subject: [PATCH 0088/1758] 1-prep/templates/iiab-expand-rootfs.service: Update name --- roles/1-prep/templates/iiab-expand-rootfs.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index ffc9bbd9b..4ac36fa42 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -1,5 +1,5 @@ [Unit] -Description=Root Filesystem Auto-Resizer +Description=Root Filesystem Auto-Expander [Service] Environment=TERM=linux From cb62a64df6473dcfb48a75d48e620aabe8035f63 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Mar 2022 15:57:56 -0400 Subject: [PATCH 0089/1758] 1-prep/README.adoc: Mention PR #3137 package 'parted' --- roles/1-prep/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index fca0f26a6..484ab98d4 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -14,7 +14,7 @@ username and group, to log into Admin Console * Ubermix (distro) needs /etc/tmpfiles.d/iiab.conf to create essential /var/log subdirs on each boot * *_Hardware actions:_* - ** Install package cloud-guest-utils for growpart + ** Install packages parted and cloud-guest-utils (for growpart) ** Install link:templates/iiab-expand-rootfs[iiab-expand-rootfs] that acts on flag `/.expand-rootfs` at boot ** link:tasks/raspberry_pi.yml[*_raspberry_pi.yml_*]: *** RTC (real-time clock): install udev rule, configure, enable From 4a1e5a89ab80ac2c8ddbe6c6d72477978371bba3 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 18:30:19 -0400 Subject: [PATCH 0090/1758] 1-prep/tasks/hardware.yml: Cleaner modularization & assoc fixups --- roles/1-prep/tasks/hardware.yml | 40 ++----------------- roles/1-prep/tasks/install-expand-rootfs.yml | 20 ++++++++++ roles/1-prep/tasks/internal-wifi.yml | 33 +++++++++++++++ roles/1-prep/tasks/raspberry_pi.yml | 35 +++++----------- roles/1-prep/tasks/wifi.yml | 13 ------ .../templates/iiab-expand-rootfs.service | 4 +- roles/2-common/tasks/network.yml | 2 +- roles/2-common/tasks/packages.yml | 2 +- roles/iiab-admin/tasks/access.yml | 6 --- roles/iiab-admin/tasks/access.yml.unused | 6 +++ roles/iiab-admin/tasks/main.yml | 8 +++- 11 files changed, 84 insertions(+), 85 deletions(-) create mode 100644 roles/1-prep/tasks/install-expand-rootfs.yml create mode 100644 roles/1-prep/tasks/internal-wifi.yml delete mode 100644 roles/1-prep/tasks/wifi.yml delete mode 100644 roles/iiab-admin/tasks/access.yml create mode 100644 roles/iiab-admin/tasks/access.yml.unused diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index c397223e2..b28623884 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -1,43 +1,9 @@ -- name: Install packages 'parted' and 'cloud-guest-utils' (so /usr/bin/growpart is available for expanding rootfs partition during boot) - package: - name: - - parted # 2022-03-15: RasPiOS and Ubuntu install this regardless -- so rarely nec but just in case. - - cloud-guest-utils # 2022-03-15: For growpart command -- though RasPiOS currently doesn't need this, as raspi-config's do_expand_rootfs() instead uses fdisk. Ubuntu pre-installs cloud-guest-utils, for use with cloud-init. - state: present - -- name: "Install from templates: /usr/sbin/iiab-expand-rootfs, /etc/systemd/system/iiab-expand-rootfs.service" - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: 'iiab-expand-rootfs', dest: '/usr/sbin/', mode: '0755' } - - { src: 'iiab-expand-rootfs.service', dest: '/etc/systemd/system/', mode: '0644' } - -- name: Enable /etc/systemd/system/iiab-expand-rootfs.service - systemd: - name: iiab-expand-rootfs - enabled: yes +- include_tasks: install-expand-rootfs.yml -## DISCOVER PLATFORMS ###### -# Put conditional actions for hardware platforms here +# Conditional hardware actions below: -- name: Look for any wireless devices present - shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}'" - register: has_wifi_device - ignore_errors: True - changed_when: False - -- name: Set has_wireless, if found - set_fact: - has_wireless: True - when: has_wifi_device.stdout is defined and item|trim != "" - with_items: - - "{{ has_wifi_device.stdout_lines }}" - -- include_tasks: wifi.yml - when: has_wireless is defined +- include_tasks: internal-wifi.yml - include_tasks: raspberry_pi.yml when: first_run and rpi_model != "none" diff --git a/roles/1-prep/tasks/install-expand-rootfs.yml b/roles/1-prep/tasks/install-expand-rootfs.yml new file mode 100644 index 000000000..a2f2d5aa9 --- /dev/null +++ b/roles/1-prep/tasks/install-expand-rootfs.yml @@ -0,0 +1,20 @@ +- name: Install packages 'parted' and 'cloud-guest-utils' (so /usr/bin/growpart is available for expanding rootfs partition during boot) + package: + name: + - parted # 2022-03-15: RasPiOS and Ubuntu install this regardless -- so rarely nec but just in case. + - cloud-guest-utils # 2022-03-15: For growpart command -- though RasPiOS currently doesn't need this, as raspi-config's do_expand_rootfs() instead uses fdisk. Ubuntu pre-installs cloud-guest-utils, for use with cloud-init. + state: present + +- name: "Install from templates: /usr/sbin/iiab-expand-rootfs, /etc/systemd/system/iiab-expand-rootfs.service" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: 'iiab-expand-rootfs', dest: '/usr/sbin/', mode: '0755' } + - { src: 'iiab-expand-rootfs.service', dest: '/etc/systemd/system/', mode: '0644' } + +- name: Enable /etc/systemd/system/iiab-expand-rootfs.service + systemd: + name: iiab-expand-rootfs + enabled: yes diff --git a/roles/1-prep/tasks/internal-wifi.yml b/roles/1-prep/tasks/internal-wifi.yml new file mode 100644 index 000000000..24422d36b --- /dev/null +++ b/roles/1-prep/tasks/internal-wifi.yml @@ -0,0 +1,33 @@ +- name: Look for any wireless devices present + shell: "ls -la /sys/class/net/*/phy80211 | cut -d/ -f5" + register: has_wifi_device + ignore_errors: True + changed_when: False + +- name: Set internal_wifi, if found + set_fact: + internal_wifi: True + when: has_wifi_device.stdout is defined and item|trim != "" + with_items: + - "{{ has_wifi_device.stdout_lines }}" + +# 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools) +# are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: +# desktops might have some/all 3 preinstalled, while servers tend not to have +# these present at all, but are needed to be installed if you want to take full +# advantage of WiFi on Ubuntu and friends. + +- name: 'Install packages: iw, rfkill, wireless-tools' + package: + name: + - iw # 2021-07-27: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 + - rfkill # 2021-07-27: RasPiOS installs this regardless -- enable & disable wireless devices + - wireless-tools # 2021-07-27: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions + state: present + when: internal_wifi is defined + +- name: '2021-07-27: SEE ALSO ~4 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml' + meta: noop + +- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml' + meta: noop diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml index 90a312521..fbc8cc784 100644 --- a/roles/1-prep/tasks/raspberry_pi.yml +++ b/roles/1-prep/tasks/raspberry_pi.yml @@ -4,9 +4,6 @@ template: src: 92-rtc-i2c.rules dest: /etc/udev/rules.d/92-rtc-i2c.rules - #owner: root - #group: root - #mode: 0644 when: rtc_id is defined and rtc_id != "none" # RTC requires a change to the device tree (and reboot) @@ -24,30 +21,12 @@ state: present when: rtc_id is defined and rtc_id != "none" and is_ubuntu # CLARIF: Ubuntu runs increasingly well on RPi hardware, starting in 2020 especially -#- name: Enable bluetooth in /boot/firmware/syscfg.txt on Ubuntu (needs reboot) -# lineinfile: -# path: /boot/firmware/syscfg.txt -# regexp: '^include*' -# line: 'include btcfg.txt' -# when: is_ubuntu - -- name: '2021-07-27: SEE ALSO ~4 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml' - meta: noop - -- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml' - meta: noop - -# 2022-03-15: This section is effectively now useless on RasPiOS (but apparently -# serves a purpose on Ubuntu on RPi, where it installs dphys-swapfile and -# fake-hwclock). Still: @jvonau's above explanation of other OS's / other HW -# suggest this code should possibly move in future, to helps others too? - -- name: 'Install packages: dphys-swapfile, fake-hwclock' +- name: 'Install packages: fake-hwclock, dphys-swapfile' package: name: - - dphys-swapfile # 2021-03-15: For Ubuntu on RPi? RasPiOS installs this regardless -- autogenerate and use a swap file - - fake-hwclock # 2021-03-15: For Ubuntu on RPi? RasPiOS installs this regardless -- save/restore system clock on machines without working RTC hardware + - fake-hwclock # 2021-03-15: Missing on Ubuntu etc. RasPiOS installs this regardless -- to save/restore system clock on machines w/o working RTC (above). + - dphys-swapfile # 2021-03-15: Missing on Ubuntu etc. RasPiOS installs this regardless -- to autogenerate and use a swap file (below). state: present - name: Increase swap file size (to CONF_SWAPSIZE={{ pi_swap_file_size }} in /etc/dphys-swapfile) as kalite pip download fails @@ -61,3 +40,11 @@ systemd: # Had been...a rare/legacy service that was NOT systemd name: dphys-swapfile state: restarted + + +#- name: Enable bluetooth in /boot/firmware/syscfg.txt on Ubuntu (needs reboot) +# lineinfile: +# path: /boot/firmware/syscfg.txt +# regexp: '^include*' +# line: 'include btcfg.txt' +# when: is_ubuntu diff --git a/roles/1-prep/tasks/wifi.yml b/roles/1-prep/tasks/wifi.yml deleted file mode 100644 index f246fbea0..000000000 --- a/roles/1-prep/tasks/wifi.yml +++ /dev/null @@ -1,13 +0,0 @@ -# 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools) -# are provided by RaspiOS. Ubuntu|Debian on the other hand are hit or miss: -# desktops might have some/all 3 preinstalled, while servers tend not to have -# these present at all, but are needed to be installed if you want to take full -# advantage of WiFi on Ubuntu and friends - -- name: 'Install packages: iw, rfkill, wireless-tools' - package: - name: - - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - - rfkill # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices - - wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions - state: present diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index 4ac36fa42..f7f68402c 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -5,7 +5,9 @@ Description=Root Filesystem Auto-Expander Environment=TERM=linux Type=oneshot ExecStart=/usr/sbin/iiab-expand-rootfs -StandardError=syslog +# "Standard output type syslog is obsolete" +# StandardError=syslog +# WHEREAS StandardError=journal is the default, per https://www.freedesktop.org/software/systemd/man/systemd.exec.html#StandardOutput= RemainAfterExit=no [Install] diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index 435c0bb1f..f7c560f8b 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -1,4 +1,4 @@ -- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/raspberry_pi.yml' +- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/internal-wifi.yml' meta: noop - name: '2021-07-27: SEE ALSO ~4 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml' diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 81bc35c94..2f5694d31 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,4 +1,4 @@ -- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/raspberry_pi.yml' +- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/internal-wifi.yml' meta: noop - name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml' diff --git a/roles/iiab-admin/tasks/access.yml b/roles/iiab-admin/tasks/access.yml deleted file mode 100644 index e7281c4dc..000000000 --- a/roles/iiab-admin/tasks/access.yml +++ /dev/null @@ -1,6 +0,0 @@ -- name: "Install text mode packages, useful during remote access: screen, lynx" - package: - name: - - lynx - - screen - state: present diff --git a/roles/iiab-admin/tasks/access.yml.unused b/roles/iiab-admin/tasks/access.yml.unused new file mode 100644 index 000000000..639a3d8a6 --- /dev/null +++ b/roles/iiab-admin/tasks/access.yml.unused @@ -0,0 +1,6 @@ +- name: "Install text-mode packages, useful during remote access: lynx, screen" + package: + name: + - lynx + - screen + state: present diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index ce4451003..f2a048e33 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -2,8 +2,12 @@ # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst -- name: Install lynx, screen - include_tasks: access.yml +- name: "Install text-mode packages, useful during remote access: lynx, screen" + package: + name: + - lynx + - screen + state: present - name: Install sudo & /etc/sudoers with logging to /var/log/sudo.log include_tasks: sudo-prereqs.yml From 566bef36c8c5e1966b3f450ec979fd477c180497 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 19:45:29 -0400 Subject: [PATCH 0091/1758] 1-prep/tasks/internal-wifi.yml: Ansible code touch-ups --- roles/1-prep/tasks/internal-wifi.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/1-prep/tasks/internal-wifi.yml b/roles/1-prep/tasks/internal-wifi.yml index 24422d36b..2751dfd13 100644 --- a/roles/1-prep/tasks/internal-wifi.yml +++ b/roles/1-prep/tasks/internal-wifi.yml @@ -1,5 +1,5 @@ - name: Look for any wireless devices present - shell: "ls -la /sys/class/net/*/phy80211 | cut -d/ -f5" + shell: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5 register: has_wifi_device ignore_errors: True changed_when: False @@ -7,9 +7,7 @@ - name: Set internal_wifi, if found set_fact: internal_wifi: True - when: has_wifi_device.stdout is defined and item|trim != "" - with_items: - - "{{ has_wifi_device.stdout_lines }}" + when: has_wifi_device is defined and has_wifi_device.stdout | trim != "" # 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools) # are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: From 67ebb0b2a114ea355868d649d64797887ffe8422 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2022 22:17:36 -0400 Subject: [PATCH 0092/1758] Cleaner internal-wifi.yml + install-expand-rootfs.yml --- roles/1-prep/tasks/install-expand-rootfs.yml | 6 +++--- roles/1-prep/tasks/internal-wifi.yml | 11 ++++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/1-prep/tasks/install-expand-rootfs.yml b/roles/1-prep/tasks/install-expand-rootfs.yml index a2f2d5aa9..54d77c55b 100644 --- a/roles/1-prep/tasks/install-expand-rootfs.yml +++ b/roles/1-prep/tasks/install-expand-rootfs.yml @@ -1,7 +1,7 @@ -- name: Install packages 'parted' and 'cloud-guest-utils' (so /usr/bin/growpart is available for expanding rootfs partition during boot) +- name: Install packages 'parted' and 'cloud-guest-utils' (for /usr/bin/growpart, though raspi-config uses fdisk) package: name: - - parted # 2022-03-15: RasPiOS and Ubuntu install this regardless -- so rarely nec but just in case. + - parted # 2022-03-15: RasPiOS and Ubuntu install this regardless -- so rarely nec, but just in case. - cloud-guest-utils # 2022-03-15: For growpart command -- though RasPiOS currently doesn't need this, as raspi-config's do_expand_rootfs() instead uses fdisk. Ubuntu pre-installs cloud-guest-utils, for use with cloud-init. state: present @@ -14,7 +14,7 @@ - { src: 'iiab-expand-rootfs', dest: '/usr/sbin/', mode: '0755' } - { src: 'iiab-expand-rootfs.service', dest: '/etc/systemd/system/', mode: '0644' } -- name: Enable /etc/systemd/system/iiab-expand-rootfs.service +- name: Enable iiab-expand-rootfs.service systemd: name: iiab-expand-rootfs enabled: yes diff --git a/roles/1-prep/tasks/internal-wifi.yml b/roles/1-prep/tasks/internal-wifi.yml index 2751dfd13..62527a678 100644 --- a/roles/1-prep/tasks/internal-wifi.yml +++ b/roles/1-prep/tasks/internal-wifi.yml @@ -1,13 +1,14 @@ -- name: Look for any wireless devices present +- name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5" shell: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5 - register: has_wifi_device + register: wifi_devices ignore_errors: True changed_when: False -- name: Set internal_wifi, if found +- name: "Set internal_wifi: True, if output (from above) shows device(s) here: {{ wifi_devices.stdout_lines }}" set_fact: internal_wifi: True - when: has_wifi_device is defined and has_wifi_device.stdout | trim != "" + when: wifi_devices is defined and wifi_devices.stdout_lines | length > 0 + # when: wifi_devices is defined and wifi_devices.stdout | trim != "" # 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools) # are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: @@ -15,7 +16,7 @@ # these present at all, but are needed to be installed if you want to take full # advantage of WiFi on Ubuntu and friends. -- name: 'Install packages: iw, rfkill, wireless-tools' +- name: Install packages {iw, rfkill, wireless-tools} if internal_wifi ({{ internal_wifi }}) is defined package: name: - iw # 2021-07-27: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 From 0ef3a5c9d3c155ed44d11bb3bafa748cfa6ea759 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Mar 2022 22:35:50 -0400 Subject: [PATCH 0093/1758] 1-prep/tasks/main.yml: Clarify hardware.yml subroutines (PR #3139) --- roles/1-prep/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0732c6dd8..6043b99dc 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -29,7 +29,9 @@ - include_tasks: uuid.yml - include_tasks: ubermix.yml -- include_tasks: hardware.yml # Can run raspberry_pi.yml + +# Runs install-expand-rootfs.yml, internal-wifi.yml & if nec: raspberry_pi.yml +- include_tasks: hardware.yml # Debian 10 "Buster" is apparently enabling AppArmor in 2019: From afb9c0e8752196a61679be9bad99a535af6aebb9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Mar 2022 23:40:05 -0400 Subject: [PATCH 0094/1758] 2-common/tasks/main.yml & network.html: Mention 1-prep/tasks/internal-wifi.yml --- roles/2-common/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index a89928992..ad5d29499 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,7 +8,7 @@ - include_tasks: packages.yml -- name: "Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml" +- name: "Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/internal-wifi.yml" include_tasks: network.yml - include_tasks: iiab-startup.yml From db1531eef57091083dd40f9612c309b7af64019e Mon Sep 17 00:00:00 2001 From: root Date: Wed, 16 Mar 2022 14:35:58 -0400 Subject: [PATCH 0095/1758] 1-prep -> 2-common: Consolidate/Clarify packages.yml + network.yml --- roles/1-prep/README.adoc | 8 ++-- roles/1-prep/tasks/hardware.yml | 18 ++++++- roles/1-prep/tasks/internal-wifi.yml | 32 ------------- roles/1-prep/tasks/main.yml | 4 +- roles/2-common/tasks/main.yml | 2 +- roles/2-common/tasks/network.yml | 38 ++++++++++----- roles/2-common/tasks/packages.yml | 71 ++++++++++++---------------- 7 files changed, 81 insertions(+), 92 deletions(-) delete mode 100644 roles/1-prep/tasks/internal-wifi.yml diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index 484ab98d4..66c894248 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -14,16 +14,18 @@ username and group, to log into Admin Console * Ubermix (distro) needs /etc/tmpfiles.d/iiab.conf to create essential /var/log subdirs on each boot * *_Hardware actions:_* - ** Install packages parted and cloud-guest-utils (for growpart) - ** Install link:templates/iiab-expand-rootfs[iiab-expand-rootfs] that acts on flag `/.expand-rootfs` at boot + ** link:tasks/install-expand-rootfs.yml[*_install-expand-rootfs.yml_*]: + *** Install packages parted and cloud-guest-utils (for growpart) + *** Install link:templates/iiab-expand-rootfs[/usr/sbin/iiab-expand-rootfs] that acts on flag flag `/.expand-rootfs` + *** Enable iiab-expand-rootfs.service so this can happen during any future boot-up ** link:tasks/raspberry_pi.yml[*_raspberry_pi.yml_*]: *** RTC (real-time clock): install udev rule, configure, enable *** *_Install packages:_* **** dphys-swapfile (for swapfile) **** fake-hwclock (as RTC is often missing or dead!) - **** iw, rfkill, wireless-tools (for internal Wi-Fi) *** Increase swap file size (to `pi_swap_file_size`) ** NUC 6 Wi-Fi firmware + ** Check for WiFi devices (if so, set `has_wifi_device`) Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and 5-xo-services — this 1st stage installs core server infra (that is not diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index b28623884..4c50c0d8a 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -3,8 +3,6 @@ # Conditional hardware actions below: -- include_tasks: internal-wifi.yml - - include_tasks: raspberry_pi.yml when: first_run and rpi_model != "none" @@ -20,3 +18,19 @@ dest: /lib/firmware timeout: "{{ download_timeout }}" when: usb_NUC6.stdout|int > 0 + + +- name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5" + shell: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5 + register: wifi_devices + ignore_errors: True + changed_when: False + +- name: "Set has_wifi_device: True, if output (from above) shows device(s) here: {{ wifi_devices.stdout_lines }}" + set_fact: + has_wifi_device: True + when: wifi_devices is defined and wifi_devices.stdout_lines | length > 0 + # when: wifi_devices is defined and wifi_devices.stdout | trim != "" + +- debug: + var: has_wifi_device diff --git a/roles/1-prep/tasks/internal-wifi.yml b/roles/1-prep/tasks/internal-wifi.yml deleted file mode 100644 index 62527a678..000000000 --- a/roles/1-prep/tasks/internal-wifi.yml +++ /dev/null @@ -1,32 +0,0 @@ -- name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5" - shell: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5 - register: wifi_devices - ignore_errors: True - changed_when: False - -- name: "Set internal_wifi: True, if output (from above) shows device(s) here: {{ wifi_devices.stdout_lines }}" - set_fact: - internal_wifi: True - when: wifi_devices is defined and wifi_devices.stdout_lines | length > 0 - # when: wifi_devices is defined and wifi_devices.stdout | trim != "" - -# 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools) -# are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: -# desktops might have some/all 3 preinstalled, while servers tend not to have -# these present at all, but are needed to be installed if you want to take full -# advantage of WiFi on Ubuntu and friends. - -- name: Install packages {iw, rfkill, wireless-tools} if internal_wifi ({{ internal_wifi }}) is defined - package: - name: - - iw # 2021-07-27: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - - rfkill # 2021-07-27: RasPiOS installs this regardless -- enable & disable wireless devices - - wireless-tools # 2021-07-27: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - state: present - when: internal_wifi is defined - -- name: '2021-07-27: SEE ALSO ~4 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml' - meta: noop - -- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml' - meta: noop diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 6043b99dc..9f44befc8 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -30,8 +30,8 @@ - include_tasks: uuid.yml - include_tasks: ubermix.yml -# Runs install-expand-rootfs.yml, internal-wifi.yml & if nec: raspberry_pi.yml -- include_tasks: hardware.yml +- name: install-expand-rootfs.yml, raspberry_pi.yml, NUC6 WiFi firmware, check for WiFi devices + include_tasks: hardware.yml # Debian 10 "Buster" is apparently enabling AppArmor in 2019: diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index ad5d29499..9ed8ff007 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,7 +8,7 @@ - include_tasks: packages.yml -- name: "Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/internal-wifi.yml" +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) include_tasks: network.yml - include_tasks: iiab-startup.yml diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index f7c560f8b..c043a0bc3 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -1,22 +1,37 @@ -- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/internal-wifi.yml' - meta: noop - -- name: '2021-07-27: SEE ALSO ~4 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml' - meta: noop +# 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. - name: Install package networkd-dispatcher (OS's other than RaspiOS) package: - name: networkd-dispatcher # Dispatcher service for systemd-networkd connection status changes + name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present when: not is_raspbian -- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +# 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools) +# are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: +# desktops might have some/all 3 preinstalled, while servers tend not to have +# these present at all, but need to be installed if you want to take full +# advantage of WiFi on Ubuntu and friends. +# +# 2022-03-16 update: Let's make these 3 mandatory as they're only 300kB (grand +# total download size) and they can help IIAB field operators with BOTH +# (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. + +- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - - hostapd # IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired - - iproute2 # 2021-07-27: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools - - iptables-persistent # Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it! - - netmask # Handy utility -- helps determine network masks + - avahi-daemon # 97kB download: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml + #- avahi-discover # 46kB download: 2021-07-27: Commented out long ago + - hostapd # 764kB download: IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired + #- inetutils-syslogd # 240kB download: 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros + - iproute2 # 902kB download: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools + - iptables-persistent # 12kB download: Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it! + - iw # 97kB download: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 + - libnss-mdns # 27kB download: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi + - netmask # 25kB download: Handy utility -- helps determine network masks + - net-tools # 248kB download: RaspiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? + - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices + - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions + - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP state: present # 2021-08-17: Debian ignores this, according to 2013 post: @@ -27,6 +42,7 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' + # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: - name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 2f5694d31..d731b25fc 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,47 +1,36 @@ -- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/internal-wifi.yml' - meta: noop +# 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml' - meta: noop - -- name: "Install 20 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget, wpasupplicant" +- name: "Install 16 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, mlocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - - acpid # Daemon for ACPI (power mgmt) events - - avahi-daemon # 2021-07-27: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml - #- avahi-discover # 2021-07-27: Commented out long ago - - bzip2 # 2021-04-26: Prob not used, but can't hurt? - - curl # Used to install roles/nodejs and roles/nodered - #- etckeeper # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146 - #- exfat-fuse # 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out - #- exfat-utils # Ditto! See also 'ntfs-3g' below - - gawk - - htop - - i2c-tools # Low-level bus/chip/register/EEPROM tools e.g. for RTC - #- inetutils-syslogd # 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros - #- iproute2 # Installed by roles/2-common/tasks/network.yml - - logrotate - - libnss-mdns # 2021-07-27: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - #- lynx # Installed by 1-prep's roles/iiab-admin/tasks/access.yml - #- make # 2021-07-27: Currently used by roles/pbx and no other roles - - mlocate - - net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - #- ntfs-3g # 2021-07-31: RaspiOS installs this regardless -- but this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 - #- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml - - pandoc # For /usr/bin/iiab-refresh-wiki-docs - - pastebinit # For /usr/bin/iiab-diagnostics - #- python3-pip # 2021-07-29: Already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc - #- python3-venv # 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 do not. - - rsync - #- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml - - sqlite3 - #- sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml - - tar - - unzip - #- usbmount # Moved to roles/usb_lib/tasks/install.yml - - usbutils # 2021-07-27: RaspiOS installs this regardless -- move to roles/usb_lib/tasks/install.yml ? - - wget - - wpasupplicant # 2021-07-27: RaspiOS installs this regardless -- client library for connections to a WiFi AP + - acpid # 55kB download: Daemon for ACPI (power mgmt) events + - bzip2 # 47kB download: RasPiOS installs this regardless -- 2021-04-26: Prob not used, but can't hurt? + - curl # 254kB download: RasPiOS installs this regardless -- Used to install roles/nodejs and roles/nodered + #- etckeeper # 54kB download: "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146 + #- exfat-fuse # 28kB download: 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out + #- exfat-utils # 41kB download: Ditto! See also 'ntfs-3g' below + - gawk # 533kB download + - htop # 109kB download: RasPiOS installs this regardless + - i2c-tools # 78kB download: RasPiOS installs this regardless -- Low-level bus/chip/register/EEPROM tools e.g. for RTC + - logrotate # 67kB download: RasPiOS installs this regardless + #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml + #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles + - mlocate # 92kB download + #- ntfs-3g # 379kB download: RaspiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 + #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's + - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs + - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics + #- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc + #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 did not. + - rsync # 351kB download: RasPiOS installs this regardless + #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml + - sqlite3 # 1054kB download + #- sudo # 991kB download: RasPiOS installs this regardless -- (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml + - tar # 799kB download: RasPiOS installs this regardless + - unzip # 151kB download: RasPiOS installs this regardless + #- usbmount # 18kB download: Moved to roles/usb_lib/tasks/install.yml + - usbutils # 67kB download: RasPiOS installs this regardless -- 2021-07-27: move to roles/usb_lib/tasks/install.yml ? + - wget # 922kB download: RasPiOS installs this regardless state: present #- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" From f2fb975371be968f7715aeb3b6bb80a8aada99f1 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 16 Mar 2022 15:36:48 -0400 Subject: [PATCH 0096/1758] 1-prep & 2-common: Clean README.adoc intro docs --- roles/1-prep/README.adoc | 6 ++---- roles/2-common/README.adoc | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index 66c894248..9d0154d73 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -15,14 +15,12 @@ username and group, to log into Admin Console /var/log subdirs on each boot * *_Hardware actions:_* ** link:tasks/install-expand-rootfs.yml[*_install-expand-rootfs.yml_*]: - *** Install packages parted and cloud-guest-utils (for growpart) + *** Install https://en.wikipedia.org/wiki/APT_(software)[apt] packages parted (reveals last partition) and cloud-guest-utils (for growpart) *** Install link:templates/iiab-expand-rootfs[/usr/sbin/iiab-expand-rootfs] that acts on flag flag `/.expand-rootfs` *** Enable iiab-expand-rootfs.service so this can happen during any future boot-up ** link:tasks/raspberry_pi.yml[*_raspberry_pi.yml_*]: *** RTC (real-time clock): install udev rule, configure, enable - *** *_Install packages:_* - **** dphys-swapfile (for swapfile) - **** fake-hwclock (as RTC is often missing or dead!) + *** Install apt packages fake-hwclock (as above RTC is often missing or dead!) and dphys-swapfile (for swap file below) *** Increase swap file size (to `pi_swap_file_size`) ** NUC 6 Wi-Fi firmware ** Check for WiFi devices (if so, set `has_wifi_device`) diff --git a/roles/2-common/README.adoc b/roles/2-common/README.adoc index 83943e761..3397bf2a3 100644 --- a/roles/2-common/README.adoc +++ b/roles/2-common/README.adoc @@ -9,10 +9,8 @@ https://internet-in-a-box.org/[Internet-in-a-Box (IIAB)] server. These are (partially) put in place: * IIAB directory structure (link:tasks/fl.yml[file layout]) -* Common https://en.wikipedia.org/wiki/APT_(software)[apt] software -packages -* Networking (including the -https://en.wikipedia.org/wiki/Iptables[iptables] firewall) +* Common https://en.wikipedia.org/wiki/APT_(software)[apt] software packages +* Networking apt packages (including many WiFi tools, and also iptables-persistent for the https://en.wikipedia.org/wiki/Iptables[iptables] firewall) * link:tasks/iiab-startup.yml[/usr/libexec/iiab-startup.sh] similar to AUTOEXEC.BAT and /etc/rc.local, in order to run jobs on boot From 8c6ac64aaa6596f2fa155e79cc1da9c2964d87aa Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 17 Mar 2022 00:56:33 -0400 Subject: [PATCH 0097/1758] scripts/iiab-diagnostics.README.md: Mention /usr/bin/raspinfo (very similar!) --- scripts/iiab-diagnostics.README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 21c103426..715d99b14 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -1,10 +1,10 @@ ## Objective -To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable small file, that can be easily circulated online AND offline. +To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable small file, that can be easily circulated online AND offline. Just FYI Raspberry Pi OS's [/usr/bin/raspinfo](https://github.com/raspberrypi/utils/blob/master/raspinfo/raspinfo) serves a very similar purpose, but we do not include that program's 700-to-800 line output at present. Passwords (including Wi-Fi passwords) are auto-redacted from this file, to protect your community confidentiality. -The ``pastebinit`` command can then be used to auto-upload this file, creating a short URL that makes it much easier to circulate among [volunteers](http://internet-in-a-box.org/pages/contributing.html). +Finally, the ``pastebinit`` command can then be used to auto-upload this file, creating a short URL that makes it much easier to circulate among [volunteers](http://internet-in-a-box.org/pages/contributing.html). But first off, the file is compiled by harvesting 1 + 6 kinds of things: From 5056d0373c3a723305af99ed2d847e7385b05f14 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 17 Mar 2022 02:00:20 -0400 Subject: [PATCH 0098/1758] Beware "client_max_body_size 500M;" in /etc/nginx/server.conf --- vars/default_vars.yml | 1 + vars/local_vars_large.yml | 1 + vars/local_vars_medium.yml | 1 + vars/local_vars_small.yml | 1 + 4 files changed, 4 insertions(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e6c50c8d7..50a976851 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -323,6 +323,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini +# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index a8cab61ca..ca5870c64 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -203,6 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini +# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 27675e830..03dfaeffd 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -203,6 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini +# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 4bc7e4a37..9d547b31a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -203,6 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini +# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False From 658b4156c5453d14922f4c73910c2511d09a4198 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 21 Mar 2022 11:00:00 -0400 Subject: [PATCH 0099/1758] nextcloud/tasks/install.yml: Update Nextcloud 23.0.3 footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 31fbe97d6..f1896a263 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~132 MB) to {{ nextcloud_root_dir }} (~475 MB initially, 498+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~133 MB) to {{ nextcloud_root_dir }} (~476 MB initially, 498+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 63f01d0476dc05f55b1a0a139d3e4521875b3db2 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Wed, 23 Mar 2022 05:03:52 +0000 Subject: [PATCH 0100/1758] how to upgrade maps --- roles/osm-vector-maps/README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index e5acf736e..1aff222c9 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -23,6 +23,18 @@ 5. **Drag-and-Drop Map Overlays** — try this by dragging and dropping any relevant GeoJSON file onto the IIAB Maps (http://box/maps) in your browser! For example try this GeoJSON file, to explore the shape of gerrymandered US Congressional districts: https://eric.clst.org/assets/wiki/uploads/Stuff/gz_2010_us_500_11_20m.json -6. Similarly but separately: Students can _Right-Click_ on IIAB Maps (http://box/maps) to **add descriptions and photos** of local points of interest. Choose "Add Data Point" after right-clicking, and then later "Export Points" to share with others. [CAN ANYBODY SUGGEST STUDENT/TEACHER OUTDOOR EXPLORATION / GEOSPATIAL ADVENTURE TIPS THAT WORK WELL WITH STUDENT PHONES?] #### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps + +#### Notes on upgrading from maps 7.2 to maps 7.3 + +The format of the map-catalog.json has changed. And the programs need to be updated also. This can be accomplished by the following: +``` + cd /library/www/ + rm -rf osm-vector-maps/ + vim /etc/iiab/iiab_state.yml (and delete the line osm-vector-maps) + git remote add ghunt git@github.com:/georgejhunt/iiab + git fetch --all + git checkout -b maps7.3 ghunt/maps7.3 + ./runroles osm-vector-maps +``` From 323fc2714659e70ccfc1e642d03e2bdc0f54159d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 23 Mar 2022 09:01:56 -0500 Subject: [PATCH 0101/1758] test change --- roles/internetarchive/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index d44586042..338c321ca 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -43,7 +43,7 @@ path: "{{ internetarchive_dir }}/node_modules" - name: Run 'yarn add @internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~5 MINUTES) - shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror + shell: yarn config set child-concurrency 1 && yarn add https://github.com/internetarchive/dweb-mirror args: chdir: "{{ internetarchive_dir }}" creates: "{{ internetarchive_dir }}/node_modules/@internetarchive/dweb-mirror/internetarchive" From 663e739978547bea47e908e8853f4dd06ddd5a9a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Mar 2022 12:20:38 -0400 Subject: [PATCH 0102/1758] Clarify fix: 'yarn add https://github.com/internetarchive/dweb-mirror' --- roles/internetarchive/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 338c321ca..2e3af8194 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -42,7 +42,7 @@ state: absent path: "{{ internetarchive_dir }}/node_modules" -- name: Run 'yarn add @internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~5 MINUTES) +- name: Run 'yarn add https://github.com/internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~5 MINUTES) shell: yarn config set child-concurrency 1 && yarn add https://github.com/internetarchive/dweb-mirror args: chdir: "{{ internetarchive_dir }}" From 70c3e1fe82b383e83195f3ced130c040189c2a2e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Mar 2022 21:47:04 -0400 Subject: [PATCH 0103/1758] PR #3142 Addendum: vars/local_vars_unittest.yml --- vars/local_vars_unittest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 57430e3f4..9b2c2a2ac 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -203,6 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini +# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False From 75c67162f1ffd67367bce26e7517e3401dcf24eb Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 24 Mar 2022 15:31:50 -0400 Subject: [PATCH 0104/1758] kiwix-tools 3.2.0-2: kiwix-serve security fix --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 92b52eb1b..582c2f902 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-1 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-1 -kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-1 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-2 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-2 +kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-2 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From cb38c04cb54fe38f2a8b8c329b2886ddcfae96ad Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Mar 2022 20:07:59 -0400 Subject: [PATCH 0105/1758] Remove 500M restriction on file uploads. Use 10G instead. --- roles/moodle/templates/moodle-nginx.conf.j2 | 2 +- .../nextcloud/templates/nextcloud-nginx.conf.j2 | 2 +- roles/nginx/templates/server.conf.j2 | 6 +++--- roles/www_options/tasks/main.yml | 16 ++++++++-------- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 135096c5b..f6077f50c 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -29,7 +29,7 @@ location ~ ^/moodle(.*)\.php(.*)$ { # Uncomment to override /etc/php//fpm/php.ini -- FYI Stage 4's # roles/www_options/tasks/main.yml FORCES these same settings and more # (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True' - #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; + #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=10000M\n post_max_size=10000M\n max_input_vars=5000"; } location ~ ^/moodle { diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 index a1d1a53b3..ab726c69d 100644 --- a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 +++ b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 @@ -59,7 +59,7 @@ location ^~ {{ nextcloud_url }} { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10000M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..5cb5cffd7 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -8,13 +8,13 @@ server { index index.php index.html index.htm; # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. - # So IIAB sets this to 500M, roughly aligning with similar settings... - # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: + # So IIAB sets this to 10000M, roughly aligning with similar settings... + # 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in: # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 # 2. 'client_max_body_size 512M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 - client_max_body_size 500M; + client_max_body_size 10000M; # let individual services drop location blocks in conf.d include {{ nginx_conf_dir }}/*; diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b2c1afbc5..03c1a11db 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -57,7 +57,7 @@ # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -71,7 +71,7 @@ - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -97,28 +97,28 @@ # regular operation it uses: .../fpm/php.ini # And in the past it used: .../apache2/php.ini - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 50a976851..2622aa833 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -323,7 +323,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index ca5870c64..a97d24d2b 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 03dfaeffd..8334247a3 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 9d547b31a..6d32bc85b 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 9b2c2a2ac..b4413c8c9 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False From 9c0e24ac5c6b4c01f23020786fcd24010a27c182 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Mar 2022 20:13:52 -0400 Subject: [PATCH 0106/1758] nginx/templates/server.conf.j2: Clarify nextcloud-nginx.conf.j2 --- roles/nginx/templates/server.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 5cb5cffd7..13cbefcd4 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -12,7 +12,7 @@ server { # 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in: # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 - # 2. 'client_max_body_size 512M;' is set in: + # 2. 'client_max_body_size 10000M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 client_max_body_size 10000M; From d64c4dc60c8a2f04b3b1dc4b54207bd7cceeb9c6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Mar 2022 03:50:36 -0500 Subject: [PATCH 0107/1758] pin version of itsdangerous to 2.0.1 https://itsmycode.com/importerror-cannot-import-name-json-from-itsdangerous/ --- roles/lokole/tasks/install.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 04098dce7..901356c91 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -23,6 +23,14 @@ - wvdial state: present +- name: "workaround for itsdangerous from https://itsmycode.com/importerror-cannot-import-name-json-from-itsdangerous/" + pip: + name: itsdangerous + version: 2.0.1 + virtualenv: "{{ lokole_venv }}" + virtualenv_command: python3 -m venv "{{ lokole_venv }}" + extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ + # For development purposes -- To install Lokole from a given commit, add the # following line to roles/lokole/defaults/main.yml: # lokole_commit: From 96f577ad2059fdfb6ea8fb5bc41e675b870c3dbd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Mar 2022 04:14:40 -0500 Subject: [PATCH 0108/1758] pin Jinja2 to version '3.0.3' https://github.com/pallets/flask/issues/4494 --- roles/lokole/tasks/install.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 901356c91..d194b4deb 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -25,11 +25,15 @@ - name: "workaround for itsdangerous from https://itsmycode.com/importerror-cannot-import-name-json-from-itsdangerous/" pip: - name: itsdangerous - version: 2.0.1 + name: "{{ item.name }}" + version: "{{ item.version }}" virtualenv: "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}" extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ + with_items: + - { name: 'itsdangerous', version: '2.0.1' } + - { name: 'Jinja2', version: '3.0.3' } + # For development purposes -- To install Lokole from a given commit, add the # following line to roles/lokole/defaults/main.yml: From 4ede465c232c94862370e39bd8d875535a24e071 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Mar 2022 04:18:50 -0500 Subject: [PATCH 0109/1758] discription --- roles/lokole/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index d194b4deb..776014396 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -23,7 +23,7 @@ - wvdial state: present -- name: "workaround for itsdangerous from https://itsmycode.com/importerror-cannot-import-name-json-from-itsdangerous/" +- name: "workarounds for older flask version used" pip: name: "{{ item.name }}" version: "{{ item.version }}" From 7113f87f32e368949a6821cd36a2201315d488ea Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 17 Dec 2021 04:10:31 -0600 Subject: [PATCH 0110/1758] Detect, recored if wifi can be AP and suppress installing supporting files --- roles/network/defaults/main.yml | 1 + roles/network/tasks/detected_network.yml | 12 ++++++++++++ roles/network/tasks/hostapd.yml | 16 +++++++++------- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index f647af6ec..8fb1226d6 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -59,6 +59,7 @@ virtual_network_devices: "-e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 # Set defaults for discovery process as strings wifi1: "not found-1" wifi2: "not found-2" +can_be_ap: False exclude_devices: none device_gw: none prior_gw_device: unset diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index bc37a341b..5a9bfcca9 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -101,6 +101,16 @@ set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" +- name: Check for Access Point capablility with 'iw list' + command: iw list | grep AP | wc -l + register: look_for_ap + when: discovered_wireless_iface != "none" + +- name: Setting can_be_ap + set_fact: + can_be_ap: True + when: look_for_ap|int != "0" + - name: Detect wifi gateway active shell: ip r | grep default | grep {{ discovered_wireless_iface }} | wc -l register: wifi_gateway_found @@ -260,6 +270,8 @@ value: "{{ iiab_lan_iface }}" - option: iiab_wan_iface value: "{{ iiab_wan_iface }}" + - option: can_be_ap + value: "{{ can_be_ap }}" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 33e0a6468..205b659c4 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -4,10 +4,10 @@ enabled: no masked: no -- name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present +- name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected set_fact: hostapd_enabled: False - when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" + when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 @@ -29,7 +29,7 @@ with_items: - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } - when: discovered_wireless_iface != "none" + when: can_be_ap - name: Generate new random mac address for ap0 shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' @@ -51,7 +51,7 @@ - { src: 'hostapd/iiab-clone-wifi.service.j2', dest: '/etc/systemd/system/iiab-clone-wifi.service', mode: '0644' } - { src: 'hostapd/iiab-wifi-test.service.j2', dest: '/etc/systemd/system/iiab-wifi-test.service', mode: '0644'} - { src: 'hostapd/iiab-test-wifi.j2', dest: '/usr/sbin/iiab-test-wifi', mode: '0755' } - when: discovered_wireless_iface != "none" + when: can_be_ap - name: Use custom 'hostapd' systemd service unit file for {{ discovered_wireless_iface }} when not wifi_up_down template: @@ -60,23 +60,25 @@ owner: root group: root mode: 0644 - when: discovered_wireless_iface != "none" and not wifi_up_down + when: not wifi_up_down and can_be_ap -- name: Create /usr/bin/iiab-hotspot-on from template +- name: Create /usr/bin/iiab-hotspot-on from template when hardware supports AP template: src: network/iiab-hotspot-on dest: /usr/bin/iiab-hotspot-on owner: root group: root mode: 0755 + when: can_be_ap -- name: Create /usr/bin/iiab-hotspot-off from template +- name: Create /usr/bin/iiab-hotspot-off from template when hardware supports AP template: src: network/iiab-hotspot-off dest: /usr/bin/iiab-hotspot-off owner: root group: root mode: 0755 + when: can_be_ap - name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True template: From 438cdf552ccdc67e6b9aaca88b47fd24b4195109 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 17 Dec 2021 04:45:22 -0600 Subject: [PATCH 0111/1758] tweak regexp for entries in Supported TX RX - forgot stdout --- roles/network/tasks/detected_network.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 5a9bfcca9..e03c47130 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -102,14 +102,14 @@ num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" - name: Check for Access Point capablility with 'iw list' - command: iw list | grep AP | wc -l + command: iw list | grep -v AP: | grep AP | wc -l register: look_for_ap when: discovered_wireless_iface != "none" - name: Setting can_be_ap set_fact: can_be_ap: True - when: look_for_ap|int != "0" + when: look_for_ap.stdout|int != 0 - name: Detect wifi gateway active shell: ip r | grep default | grep {{ discovered_wireless_iface }} | wc -l From 883f300b4e6b4640bf5b9e2c1384ca158efa3d36 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 29 Mar 2022 13:00:20 -0400 Subject: [PATCH 0112/1758] Recommend ansible-core 2.12.4 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 9b9ae68a0..1ab8b42f5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.12.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.12.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 74098ffc7a3a1bfea7fd7aab4d3bab19e14f489f Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 29 Mar 2022 20:10:18 -0400 Subject: [PATCH 0113/1758] 9-local-addons: Do not install php-pear --- roles/9-local-addons/tasks/main.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 54420a743..d63d5b8c1 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -37,12 +37,6 @@ name: pbx when: pbx_install -- name: "2021-06-27 TEMPORARY CODE TO INSTALL 'php-pear' UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19" - package: - name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (also installed by MediaWiki, Nextcloud, roles/pbx's FreePBX, WordPress) AND 'php{{ php_version }}-cgi' (also installed by roles/pbx's FreePBX) - state: present - when: admin_console_install - - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" From bcd8e78bad6df738339a0af7f050bd0430a0cfdb Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 29 Mar 2022 21:11:37 -0400 Subject: [PATCH 0114/1758] awstats/tasks/install.yml: 'command' safer than 'shell' --- roles/awstats/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 905ef68e7..f88e7174c 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -83,7 +83,7 @@ # when: awstats_enabled and not is_debuntu - name: "Summarize logs up to now: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update" - shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update + command: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update - name: Install /etc/nginx/cgi-bin.php from template template: From f58801770751d1689971223980680cc7d2499144 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Mar 2022 14:23:54 -0400 Subject: [PATCH 0115/1758] mediawiki/defaults/main.yml: Security release 1.37.2 https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/5FGCLGPOTRWEJOCTPZ7BF3X6SV43WVXM/ --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 93259de73..b49ce8a83 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.37 # "1.35" also works -mediawiki_minor_version: 1 +mediawiki_minor_version: 2 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From a827be122c0b4b34f6b356f27c38c08897eeb70a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Mar 2022 18:37:54 -0400 Subject: [PATCH 0116/1758] roles/remoteit/README.md: Version update --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index b7ea389d6..0bf5e17b7 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -34,7 +34,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag If not used before then, here is an *example (version & architecture can change in the .deb filename below!)* to re-run this installation command, to get a new claim code: ``` - sudo apt reinstall /opt/iiab/downloads/remoteit-4.13.6.armhf.rpi.deb + sudo apt reinstall /opt/iiab/downloads/remoteit-4.14.1.armhf.rpi.deb ``` 4. After you've installed the https://remote.it client software onto a separate computer or device (e.g. your own laptop) click on the '+' icon, then enter the remote.it claim code (for the IIAB that you need to connect to). From 779a5053277338dafae895f80fb4516674147129 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Mar 2022 19:49:25 -0400 Subject: [PATCH 0117/1758] remoteit/README.md: New explanation on adding services (link was broken) --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 0bf5e17b7..7db384687 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -46,7 +46,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag 1. Log into the https://remote.it Web Portal, or open its desktop application. 2. Add Devices (e.g. your IIAB). 3. Understand that each Device will need to contain one or more remote.it Services. - - Add a remote.it Service (e.g. HTTP and/or others) to your Device:
https://support.remote.it/hc/en-us/articles/360050732092-Add-a-remote-it-Service-to-your-Device + - Add a remote.it Service (e.g. HTTP, SSH and/or others) to your Device:
https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop Summary of remote.it Services: https://support.remote.it/hc/en-us/articles/360060992631-Services From 0aa1efd6085fc9a6e64f8eeb1ffbb0a86731f024 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Mar 2022 19:57:03 -0400 Subject: [PATCH 0118/1758] remoteit/README.md: remote.it recommends 'apt install' instead of 'apt reinstall' --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 7db384687..5e2765105 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -34,7 +34,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag If not used before then, here is an *example (version & architecture can change in the .deb filename below!)* to re-run this installation command, to get a new claim code: ``` - sudo apt reinstall /opt/iiab/downloads/remoteit-4.14.1.armhf.rpi.deb + sudo apt install /opt/iiab/downloads/remoteit-4.14.1.armhf.rpi.deb ``` 4. After you've installed the https://remote.it client software onto a separate computer or device (e.g. your own laptop) click on the '+' icon, then enter the remote.it claim code (for the IIAB that you need to connect to). From 5bbcaa85eab97c8aadcdf0af25d032ac2a7cedfe Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Mar 2022 20:08:31 -0400 Subject: [PATCH 0119/1758] remoteit/README.md: Remove 2 more broken links (support.remote.it doc changes) --- roles/remoteit/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 5e2765105..04375e2af 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -58,8 +58,8 @@ For "auto-registration" of remote.it, and other more advanced configuration opti - https://docs.remote.it - https://support.remote.it -- https://support.remote.it/hc/en-us/articles/360044424612-1-Create-an-Auto-Registration -- https://support.remote.it/hc/en-us/articles/360044424672-1-Device-Setup-for-Auto-Bulk-Registration + ## Known Issues From 72949d39b1988c9029a7a9547fda534882be6a0a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 00:41:35 -0400 Subject: [PATCH 0120/1758] remoteit/README.md: Clean up explanations + links --- roles/remoteit/README.md | 43 +++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 04375e2af..91b39a9a2 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -1,6 +1,6 @@ # Remote support of an Internet-in-a-Box using https://remote.it -Remote.it can be a great way to remotely support an Internet-in-a-Box (IIAB). +Remote.it can be a great way to remotely support an Internet-in-a-Box (IIAB). For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" @@ -8,22 +8,28 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag ### Create a remote.it account -1. Go to the [https://remote.it](https://remote.it) website and sign up for an account. -2. OPTIONAL: Download [remote.it's desktop application](https://remote.it/download/) e.g. for Windows, macOS or Linux. +1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account. + +2. Download [remote.it's desktop application](https://remote.it/download/) e.g. for Windows, macOS or Linux to your own laptop/computer — if you prefer this over the https://remote.it Web Portal. + + COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage ### Install remote.it onto an IIAB 1. Set `remoteit_install` and `remoteit_enabled` to `True` in your IIAB's [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) -2. Install and enable it (remote.it) on your IIAB, by running: +2. Install and enable remote.it (its [device package](https://docs.remote.it/software/device-package)) on your IIAB, by running: ``` cd /opt/iiab/iiab sudo ./runrole remoteit ``` + + While rarely needed, FYI the above also installs the _optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli). + -3. To obtain this IIAB's 8-character remote.it claim code, allowing you to make a remote connection to this IIAB, run: +3. To obtain this IIAB's 8-character remote.it claim code (allowing you to make a remote connection to this IIAB) run: ``` sudo grep claim /etc/remoteit/config.json @@ -31,37 +37,34 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag *The claim code must be used within 24 hours, per:* https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install - If not used before then, here is an *example (version & architecture can change in the .deb filename below!)* to re-run this installation command, to get a new claim code: + If necessary, run this command to get a new claim code: *(adjust version & architecture in the .deb filename as appropriate!)* ``` sudo apt install /opt/iiab/downloads/remoteit-4.14.1.armhf.rpi.deb ``` -4. After you've installed the https://remote.it client software onto a separate computer or device (e.g. your own laptop) click on the '+' icon, then enter the remote.it claim code (for the IIAB that you need to connect to). +4. Submit the claim code at https://remote.it (log into the Web Portal), or within the remote.it desktop application if you installed that on your own laptop/computer. + + Either way, click on the '+' icon to enter the remote.it claim code (to register the IIAB device to your account) as shown in this screenshot: https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device - As shown in the screenshot here: https://docs.remote.it/device-package/installation#3.-claim-and-register-the-device +5. Set up services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these screenshots: https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device -### Usage Summary + SUMMARY: One or more remote.it "Services" need to be set up (registered) to allow remote access to your IIAB device: https://support.remote.it/hc/en-us/articles/360060992631-Services -1. Log into the https://remote.it Web Portal, or open its desktop application. -2. Add Devices (e.g. your IIAB). -3. Understand that each Device will need to contain one or more remote.it Services. - - Add a remote.it Service (e.g. HTTP, SSH and/or others) to your Device:
https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop + EXAMPLES: SSH (port 22) and/or http (port 80): https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop -Summary of remote.it Services: https://support.remote.it/hc/en-us/articles/360060992631-Services +## Docs -For more info, please see remote.it's [Getting Started pages](https://support.remote.it/hc/en-us/categories/360003417511-Getting-Started). - -## Advanced - -For "auto-registration" of remote.it, and other more advanced configuration options, please review: + - https://docs.remote.it + - https://docs.remote.it/developer-tools/cli-usage - https://support.remote.it + - https://support.remote.it/hc/en-us/categories/360003417511-Getting-Started ## Known Issues -- 2021-10-27: This needs to be enhanced rather urgently, so remote.it also works when IIAB is installed on Raspberry Pi OS 11 (Bullseye), Ubuntu, Mint and Debian: [#3006](https://github.com/iiab/iiab/issues/3006) +- 2021-10-27: This needs to be enhanced rather urgently, so remote.it also works when IIAB is installed on Raspberry Pi OS 11 (Bullseye), Ubuntu, Mint and Debian: [#3006](https://github.com/iiab/iiab/issues/3006) - 2021-10-29: The above OS issues should be resolved by [PR #3007](https://github.com/iiab/iiab/pull/3007), [PR #3009](https://github.com/iiab/iiab/pull/3009) and [PR #3010](https://github.com/iiab/iiab/pull/3010) — but this needs final testing! (Initial testing occurred on [1] 32-bit Raspberry Pi OS Lite on Raspberry Pi 4 and [2] Ubuntu Server 20.04 on x86_64 VM.) From 061f7166f4e4e1cc447a313a47ad9ab2636c46e5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 00:48:11 -0400 Subject: [PATCH 0121/1758] remoteit/README.md: Tweak capitalization --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 91b39a9a2..a1adce13b 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -51,7 +51,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag SUMMARY: One or more remote.it "Services" need to be set up (registered) to allow remote access to your IIAB device: https://support.remote.it/hc/en-us/articles/360060992631-Services - EXAMPLES: SSH (port 22) and/or http (port 80): https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop + EXAMPLES: SSH (port 22) and/or HTTP (port 80): https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop ## Docs From 14003554aaf5792dd988ceaa97f31697b9acc25c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 00:59:12 -0400 Subject: [PATCH 0122/1758] remoteit/README.md: Blog post on orgs sharing devices (for #3154) --- roles/remoteit/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index a1adce13b..4326f5b8e 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -61,6 +61,8 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag - https://docs.remote.it/developer-tools/cli-usage - https://support.remote.it - https://support.remote.it/hc/en-us/categories/360003417511-Getting-Started +- https://remote.it/resources/ + - https://remote.it/resources/blog/managing-device-access-with-remote-it/ From 97519618c1086c4dd6f49d739b8c31fe699bb3a3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 01:15:22 -0400 Subject: [PATCH 0123/1758] remoteit/README.md: Headings more complete (for #3154) --- roles/remoteit/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 4326f5b8e..9cf0afc44 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -6,7 +6,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag ## Getting Started -### Create a remote.it account +### Create a remote.it account + consider its desktop application 1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account. @@ -14,7 +14,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage -### Install remote.it onto an IIAB +### Install remote.it onto an IIAB + register it + authorize services/ports 1. Set `remoteit_install` and `remoteit_enabled` to `True` in your IIAB's [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) @@ -47,9 +47,9 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag Either way, click on the '+' icon to enter the remote.it claim code (to register the IIAB device to your account) as shown in this screenshot: https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device -5. Set up services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these screenshots: https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device +5. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these screenshots: https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device - SUMMARY: One or more remote.it "Services" need to be set up (registered) to allow remote access to your IIAB device: https://support.remote.it/hc/en-us/articles/360060992631-Services + SUMMARY: One or more remote.it "Services" need to be authorized (registered) to allow remote access to your IIAB device: https://support.remote.it/hc/en-us/articles/360060992631-Services EXAMPLES: SSH (port 22) and/or HTTP (port 80): https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop From 1aea8efa7591f54069042947241416157a2ea1a5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 01:21:34 -0400 Subject: [PATCH 0124/1758] remoteit/README.md: Link to succinct summary (for #3154) --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 9cf0afc44..eb52ecfae 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -1,6 +1,6 @@ # Remote support of an Internet-in-a-Box using https://remote.it -Remote.it can be a great way to remotely support an Internet-in-a-Box (IIAB). +Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" From bcb09652d09a565afd0d3da95ad2acd3695f028a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 01:23:39 -0400 Subject: [PATCH 0125/1758] remoteit/README.md: Grammar cleanup (for #3154) --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index eb52ecfae..22e0838ce 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -10,7 +10,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag 1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account. -2. Download [remote.it's desktop application](https://remote.it/download/) e.g. for Windows, macOS or Linux to your own laptop/computer — if you prefer this over the https://remote.it Web Portal. +2. Download the [remote.it desktop application](https://remote.it/download/) e.g. for Windows, macOS or Linux to your own laptop/computer — if you prefer this over the https://remote.it Web Portal. COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage From 8b3699a788612bc7a50cd1cecfe05afc08803e21 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 01:32:36 -0400 Subject: [PATCH 0126/1758] remoteit/README.md: Mention mobile apps (for #3154) --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 22e0838ce..1d2ab6cf1 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -10,7 +10,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag 1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account. -2. Download the [remote.it desktop application](https://remote.it/download/) e.g. for Windows, macOS or Linux to your own laptop/computer — if you prefer this over the https://remote.it Web Portal. +2. Download the [remote.it desktop application](https://remote.it/download/) e.g. for Windows, macOS or Linux to your own laptop/computer — if you prefer this over the https://remote.it Web Portal and its [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages). COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage From a761e9ee4bcf106f42b261650d36a89edab6545f Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 08:30:59 -0400 Subject: [PATCH 0127/1758] remoteit/README.md: Link to the company's pricing --- roles/remoteit/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 1d2ab6cf1..b92611c37 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,6 +2,8 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). +As of [March 2022](https://remote.it/pricing/), 5 IIAB devices can be managed for free, and an unlimited number can be managed for $6/month. + For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" ## Getting Started From 5754ecd61d74e0dc0f7057fd8f683611524f85d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 10:01:14 -0400 Subject: [PATCH 0128/1758] Clarify remoteit/README.md: Step 2. can sometimes be skipped --- roles/remoteit/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index b92611c37..36e79b1a8 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -20,6 +20,8 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag 1. Set `remoteit_install` and `remoteit_enabled` to `True` in your IIAB's [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) + (If possible, do that prior to [installing IIAB](https://download.iiab.io/), then install IIAB using `sudo iiab`, and when that's complete go directly to Step 3. below.) + 2. Install and enable remote.it (its [device package](https://docs.remote.it/software/device-package)) on your IIAB, by running: ``` From 3ddb32de29b6d4e7e862dfeebd7b2c2852ebc551 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 13:55:32 -0400 Subject: [PATCH 0129/1758] usb_lib/tasks/install.yml: 'apt install usbmount_0.0.22_all.deb' on Ubuntu too --- roles/usb_lib/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index c34042781..fbf284d04 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -34,18 +34,18 @@ state: restarted when: udev_unit.stat.exists is defined and udev_unit.stat.exists -#http://raspbian.raspberrypi.org/raspbian/pool/main/u/usbmount/usbmount_0.0.22_all.deb -- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, missing from Debian +# http://raspbian.raspberrypi.org/raspbian/pool/main/u/usbmount/usbmount_0.0.22_all.deb +- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS,Debian, Ubuntu} apt: deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" - when: is_debian + # when: is_debian # check status of usbmount on mintlinux - should be ok Ubuntu variant -- name: Install usbmount from OS repo for Ubuntu variants - package: - name: usbmount - state: present - when: is_ubuntu +# - name: Install usbmount from OS repo for Ubuntu variants +# package: +# name: usbmount +# state: present +# when: is_ubuntu - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) file: From cab05d891aa16913086d5f8aee65818288dcb596 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 31 Mar 2022 13:58:01 -0400 Subject: [PATCH 0130/1758] usb_lib/tasks/install.yml: Fix typo in explanation --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index fbf284d04..9d5e71fc9 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -35,7 +35,7 @@ when: udev_unit.stat.exists is defined and udev_unit.stat.exists # http://raspbian.raspberrypi.org/raspbian/pool/main/u/usbmount/usbmount_0.0.22_all.deb -- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS,Debian, Ubuntu} +- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS, Debian, Ubuntu} apt: deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # when: is_debian From c359c11c14f0ab345f6b9c9abc45b071c2c1abc8 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 1 Apr 2022 00:18:32 -0400 Subject: [PATCH 0131/1758] Install latest remote.it Device Package (don't hard-code version) --- roles/remoteit/defaults/main.yml | 37 ++++++++++++++++++++------------ roles/remoteit/tasks/install.yml | 37 +++++++++++++++++--------------- 2 files changed, 43 insertions(+), 31 deletions(-) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index cd7c060c4..d57b64887 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -6,15 +6,14 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# This should (generally) be the latest from https://remote.it/download/ -- as -# of Feb 2022 there are 4 such "Device Package" .deb files that may be useful: -# - Debian Linux (ARM64) -# - Debian Linux (x86_64) -# - Pi OS (ARM) -# - Pi OS (ARM64) -remoteit_version: 4.14.1 -# See https://docs.remote.it/device-package/installation to refine URL below: +# 2022-03-31: https://remote.it/download/ offers 4 relevant "Device Packages" +# 1) Raspberry Pi (ARM) = armhf.rpi +# 2) Raspberry Pi (ARM64) = arm64.rpi +# 3) Debian Linux (ARM64) = arm64 +# 4) Debian Linux (x86_64) = amd64 + +# See https://docs.remote.it/software/device-package/installation to refine URL below: device_suffixes: armv6: armhf.rpi armv6l: armhf.rpi @@ -24,11 +23,22 @@ device_suffixes: aarch64: arm64 x86_64: amd64 remoteit_device_suffix: "{{ device_suffixes[ansible_architecture] | default('unknown') }}" -remoteit_deb: remoteit-{{ remoteit_version }}.{{ remoteit_device_suffix }}.deb -remoteit_device_url: https://downloads.remote.it/remoteit/v{{ remoteit_version }}/{{ remoteit_deb }} -# Example... https://downloads.remote.it/remoteit/v4.13.5/remoteit-4.13.5.armhf.rpi.deb +remoteit_device_url: https://downloads.remote.it/remoteit/latest/remoteit.{{ remoteit_device_suffix }}.deb -# See https://docs.remote.it/cli/overview to refine URL below: +# 2022-03-31: Use "latest" above, instead of ever-changing version below +# remoteit_version: 4.14.1 +# remoteit_deb: remoteit-{{ remoteit_version }}.{{ remoteit_device_suffix }}.deb +# remoteit_device_url: https://downloads.remote.it/remoteit/v{{ remoteit_version }}/{{ remoteit_deb }} +# # Example... https://downloads.remote.it/remoteit/v4.14.1/remoteit-4.14.1.armhf.rpi.deb + + +# 2022-03-31: https://remote.it/download/ offers 4 relevant "CLI" installs: +# 1) Debian Linux (ARM v6) OR Raspberry Pi (ARM) = armv6 +# 2) Debian Linux (ARM v7) = armv7 +# 3) Debian Linux (ARM64) OR Raspberry Pi (ARM64) = arm64 +# 4) Debian Linux (x86_64) = x86_64 + +# See https://docs.remote.it/software/cli/overview to refine URL below: cli_suffixes: armv6: armv6 armv6l: armv6 @@ -36,7 +46,6 @@ cli_suffixes: armv7l: armv7 armv8: arm64 aarch64: arm64 - x86_64: amd64 + x86_64: x86_64 remoteit_cli_suffix: "{{ cli_suffixes[ansible_architecture] | default('unknown') }}" remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit_linux_{{ remoteit_cli_suffix }} -# Example... https://downloads.remote.it/cli/latest/remoteit_linux_armv7 diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index b0156663f..7e1190a18 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -1,30 +1,33 @@ - name: Fail if architecture remoteit_device_suffix == "unknown" fail: - msg: "Could not find a remote.it device apt package for CPU architecture \"{{ ansible_architecture }}\"" + msg: "Could not find a remote.it Device Package (.deb) for CPU architecture \"{{ ansible_architecture }}\"" when: remoteit_device_suffix == "unknown" -- name: mkdir {{ downloads_dir }} # As roles/2-common/tasks/fl.yml has not run yet - file: - path: "{{ downloads_dir }}" # /opt/iiab/downloads - state: directory +# - name: mkdir {{ downloads_dir }} # As roles/2-common/tasks/fl.yml has not run yet +# file: +# path: "{{ downloads_dir }}" # /opt/iiab/downloads +# state: directory -- name: Download {{ remoteit_device_url }} (device) for arch {{ remoteit_device_suffix }} into {{ downloads_dir }}/ - get_url: - url: "{{ remoteit_device_url }}" - dest: "{{ downloads_dir }}/" - force: yes - timeout: "{{ download_timeout }}" +# - name: Download {{ remoteit_device_url }} (Device Package) for arch {{ remoteit_device_suffix }} into {{ downloads_dir }}/ +# get_url: +# url: "{{ remoteit_device_url }}" +# dest: "{{ downloads_dir }}/" +# force: yes +# timeout: "{{ download_timeout }}" -- name: Uninstall previously installed 'remoteit*' device apt package(s) +- name: Uninstall previously installed 'remoteit*' Device Package(s) apt: name: remoteit* state: absent ignore_errors: yes -- name: Install device apt package {{ downloads_dir }}/{{ remoteit_deb }} +# - name: "Install Device Package: {{ downloads_dir }}/{{ remoteit_deb }}" +# apt: +# deb: "{{ downloads_dir }}/{{ remoteit_deb }}" + +- name: "Install Device Package: {{ remoteit_device_url }}" apt: - deb: "{{ downloads_dir }}/{{ remoteit_deb }}" - state: present + deb: "{{ remoteit_device_url }}" - name: Fail if architecture remoteit_cli_suffix == "unknown" @@ -32,7 +35,7 @@ msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" when: remoteit_cli_suffix == "unknown" -- name: Download {{ remoteit_cli_url }} (CLI) for arch {{ remoteit_cli_suffix }} to /usr/bin/remoteit (755) +- name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) get_url: url: "{{ remoteit_cli_url }}" dest: /usr/bin/remoteit @@ -41,7 +44,7 @@ timeout: "{{ download_timeout }}" -# RECORD remoteit AS INSTALLED +# RECORD remote.it AS INSTALLED - name: "Set 'remoteit_installed: True'" set_fact: From 33e917f9efa94de34ad38cd96137f98e1b727d81 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Apr 2022 01:53:07 -0400 Subject: [PATCH 0132/1758] 2-common/tasks/fl.yml: Fix comment, due to remote.it PR #3156 --- roles/2-common/tasks/fl.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/fl.yml b/roles/2-common/tasks/fl.yml index 0235c2522..30c8266e7 100644 --- a/roles/2-common/tasks/fl.yml +++ b/roles/2-common/tasks/fl.yml @@ -12,7 +12,7 @@ - "{{ py3_dist_path }}/iiab" # /usr/lib/python3/dist-packages - "{{ yum_packages_dir }}" # /opt/iiab/yum-packages - "{{ pip_packages_dir }}" # /opt/iiab/pip-packages - - "{{ downloads_dir }}" # /opt/iiab/downloads -- generally already done by Stage 1's roles/remoteit/tasks/install.yml + - "{{ downloads_dir }}" # /opt/iiab/downloads #- "{{ content_base }}/downloads" # /library/downloads auto-created just below - "{{ content_base }}/downloads/zims" - "{{ content_base }}/downloads/maps" From 9fe211ca13f414d00b14f31435bddeb925d129ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Apr 2022 08:45:03 -0400 Subject: [PATCH 0133/1758] remoteit/README.md: Clarify its optional CLI --- roles/remoteit/README.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 36e79b1a8..0c98614f6 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -22,14 +22,21 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag (If possible, do that prior to [installing IIAB](https://download.iiab.io/), then install IIAB using `sudo iiab`, and when that's complete go directly to Step 3. below.) -2. Install and enable remote.it (its [device package](https://docs.remote.it/software/device-package)) on your IIAB, by running: +2. Install and enable remote.it (its [Device Package](https://docs.remote.it/software/device-package)) on your IIAB, by running: ``` cd /opt/iiab/iiab sudo ./runrole remoteit ``` - While rarely needed, FYI the above also installs the _optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli). + Or if necessary reinstall the latest, by running: + + ``` + cd /opt/iiab/iiab + sudo ./runrole --reinstall remoteit + ``` + + (While rarely needed, both above also install the _optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), which offers [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package.) From 86307047d5f75cc4f2877937e4ff2fc0e6e593b8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Apr 2022 08:55:12 -0400 Subject: [PATCH 0134/1758] remoteit/README.md: Legit way to get a new claim code --- roles/remoteit/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 0c98614f6..64dd4418d 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -48,11 +48,13 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag *The claim code must be used within 24 hours, per:* https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install - If necessary, run this command to get a new claim code: *(adjust version & architecture in the .deb filename as appropriate!)* + _If your claim code has expired, please reinstall the latest remoteit (in Step 2. above!)_ + + 4. Submit the claim code at https://remote.it (log into the Web Portal), or within the remote.it desktop application if you installed that on your own laptop/computer. From 773e147b11f299eaaf2ab2a2db6c95bec7c56f28 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Apr 2022 08:57:54 -0400 Subject: [PATCH 0135/1758] remoteit/README.md: Emphasize Step 2. requires Internet --- roles/remoteit/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 64dd4418d..689608d26 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -22,7 +22,9 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag (If possible, do that prior to [installing IIAB](https://download.iiab.io/), then install IIAB using `sudo iiab`, and when that's complete go directly to Step 3. below.) -2. Install and enable remote.it (its [Device Package](https://docs.remote.it/software/device-package)) on your IIAB, by running: +2. Make sure your IIAB is connected to the Internet. + + Then install and enable remote.it (its [Device Package](https://docs.remote.it/software/device-package)) on your IIAB, by running: ``` cd /opt/iiab/iiab From e9b25e68c8d5e1a854b9acabf201310157a9a871 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Apr 2022 10:07:54 -0400 Subject: [PATCH 0136/1758] remoteit/README.md: Clarify 8-character remote.it claim code (Step 3.) --- roles/remoteit/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 689608d26..63264cc38 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -42,7 +42,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag -3. To obtain this IIAB's 8-character remote.it claim code (allowing you to make a remote connection to this IIAB) run: +3. To obtain your IIAB's 8-character remote.it claim code (allowing you to make a remote connection to this IIAB device) run: ``` sudo grep claim /etc/remoteit/config.json @@ -50,7 +50,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag *The claim code must be used within 24 hours, per:* https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install - _If your claim code has expired, please reinstall the latest remoteit (in Step 2. above!)_ + _If your claim code has expired, please reinstall the latest remote.it (in Step 2. above!)_ - https://remote.it/resources/ - https://remote.it/resources/blog/managing-device-access-with-remote-it/ - +- https://remote.it/legal/ + - https://remote.it/legal/fair-use-policy/ ## Known Issues From 4e2e4c8efff1da08979c3173431f11de17576159 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 2 Apr 2022 14:11:30 -0400 Subject: [PATCH 0146/1758] 1-prep/tasks/install-expand-rootfs.yml: Clarify growpart install --- roles/1-prep/tasks/install-expand-rootfs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/install-expand-rootfs.yml b/roles/1-prep/tasks/install-expand-rootfs.yml index 54d77c55b..b5296e5c1 100644 --- a/roles/1-prep/tasks/install-expand-rootfs.yml +++ b/roles/1-prep/tasks/install-expand-rootfs.yml @@ -2,7 +2,7 @@ package: name: - parted # 2022-03-15: RasPiOS and Ubuntu install this regardless -- so rarely nec, but just in case. - - cloud-guest-utils # 2022-03-15: For growpart command -- though RasPiOS currently doesn't need this, as raspi-config's do_expand_rootfs() instead uses fdisk. Ubuntu pre-installs cloud-guest-utils, for use with cloud-init. + - cloud-guest-utils # 2022-04-02: For growpart command -- whereas RasPiOS's 'raspi-config --expand-rootfs' instead uses fdisk (requiring a reboot, see do_expand_rootfs() in https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config). FYI Ubuntu pre-installs cloud-guest-utils, for use with cloud-init. state: present - name: "Install from templates: /usr/sbin/iiab-expand-rootfs, /etc/systemd/system/iiab-expand-rootfs.service" From 5854ab7c619b3c01446951f925c5f27eb37ed077 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 2 Apr 2022 23:41:49 -0400 Subject: [PATCH 0147/1758] /usr/bin/iiab-remoteit to quickly obtain a new claim code --- roles/remoteit/README.md | 30 +++++++++------ roles/remoteit/defaults/main.yml | 42 ++++++++++----------- roles/remoteit/tasks/install.yml | 27 ++++++++++---- roles/remoteit/templates/iiab-remoteit | 51 ++++++++++++++++++++++++++ 4 files changed, 110 insertions(+), 40 deletions(-) create mode 100755 roles/remoteit/templates/iiab-remoteit diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index f6e657d03..a34613b9b 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -18,11 +18,15 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag ### Install remote.it onto an IIAB + register it + authorize services/ports -1. Set `remoteit_install` and `remoteit_enabled` to `True` in your IIAB's [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) +1. Connect your IIAB device to the Internet. - (If possible, do that prior to [installing IIAB](https://download.iiab.io/), then install IIAB using `sudo iiab`, and when that's complete go directly to Step 3. below.) +2. If your IIAB software is already installed, run `sudo iiab-remoteit` then skip to Step 5. below. -2. Make sure your IIAB is connected to the Internet. +3. If your IIAB software isn't yet installed, set `remoteit_install` and `remoteit_enabled` to `True` in its [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F). + + Install [IIAB software](https://download.iiab.io/) e.g. by running `sudo iiab` then follow any on-screen instructions — until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. + + - (While rarely needed, both above also install the _optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), which offers [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package.) + (This installs and enables the remote.it [Device Package](https://docs.remote.it/software/device-package) for your CPU and OS. This approach also installs the _optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), which offers [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package.) - - -3. To obtain your IIAB's 8-character remote.it claim code (allowing you to make a remote connection to this IIAB device) run: +4. To obtain your IIAB's 8-character remote.it claim code (allowing you to make a remote connection to this IIAB device) run: ``` sudo grep claim /etc/remoteit/config.json @@ -50,7 +52,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag *The claim code must be used within 24 hours, per:* https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install - _If your claim code has expired, please reinstall the latest remote.it (in Step 2. above!)_ + _If your claim code has expired, please run `sudo iiab-remoteit` just as in Step 2._ -4. Submit the claim code at https://remote.it (log into the Web Portal), or within the remote.it desktop application if you installed that on your own laptop/computer. +5. Submit the claim code at https://remote.it (log into their Web Portal), or within the remote.it [desktop application](https://remote.it/download/) on your own laptop/computer. Either way, click on the '+' icon to enter the remote.it claim code (to register the IIAB device to your account) as shown in this screenshot: https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device -5. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these screenshots: https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device +6. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these screenshots: https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device SUMMARY: One or more remote.it "Services" need to be authorized (registered) to allow remote access to your IIAB device: https://support.remote.it/hc/en-us/articles/360060992631-Services EXAMPLES: SSH (port 22) and/or HTTP (port 80): https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop +### How to I disable remote.it on my IIAB? + +1. Run `sudo nano /etc/iiab/local_vars.yml` to set `remoteit_enabled: False` + +2. Run `cd /opt/iiab/iiab` and then `sudo ./runrole remoteit` + ## Docs diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index d57b64887..e4ea3fc46 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -7,29 +7,29 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2022-03-31: https://remote.it/download/ offers 4 relevant "Device Packages" -# 1) Raspberry Pi (ARM) = armhf.rpi -# 2) Raspberry Pi (ARM64) = arm64.rpi -# 3) Debian Linux (ARM64) = arm64 -# 4) Debian Linux (x86_64) = amd64 +# # 2022-03-31: https://remote.it/download/ offers 4 relevant "Device Packages" +# # 1) Raspberry Pi (ARM) = armhf.rpi +# # 2) Raspberry Pi (ARM64) = arm64.rpi +# # 3) Debian Linux (ARM64) = arm64 +# # 4) Debian Linux (x86_64) = amd64 -# See https://docs.remote.it/software/device-package/installation to refine URL below: -device_suffixes: - armv6: armhf.rpi - armv6l: armhf.rpi - armv7: armhf.rpi - armv7l: armhf.rpi - armv8: arm64.rpi - aarch64: arm64 - x86_64: amd64 -remoteit_device_suffix: "{{ device_suffixes[ansible_architecture] | default('unknown') }}" -remoteit_device_url: https://downloads.remote.it/remoteit/latest/remoteit.{{ remoteit_device_suffix }}.deb +# # See https://docs.remote.it/software/device-package/installation to refine URL below: +# device_suffixes: +# armv6: armhf.rpi +# armv6l: armhf.rpi +# armv7: armhf.rpi +# armv7l: armhf.rpi +# armv8: arm64.rpi +# aarch64: arm64 +# x86_64: amd64 +# remoteit_device_suffix: "{{ device_suffixes[ansible_architecture] | default('unknown') }}" +# remoteit_device_url: https://downloads.remote.it/remoteit/latest/remoteit.{{ remoteit_device_suffix }}.deb -# 2022-03-31: Use "latest" above, instead of ever-changing version below -# remoteit_version: 4.14.1 -# remoteit_deb: remoteit-{{ remoteit_version }}.{{ remoteit_device_suffix }}.deb -# remoteit_device_url: https://downloads.remote.it/remoteit/v{{ remoteit_version }}/{{ remoteit_deb }} -# # Example... https://downloads.remote.it/remoteit/v4.14.1/remoteit-4.14.1.armhf.rpi.deb +# # 2022-03-31: Use "latest" above, instead of ever-changing version below +# # remoteit_version: 4.14.1 +# # remoteit_deb: remoteit-{{ remoteit_version }}.{{ remoteit_device_suffix }}.deb +# # remoteit_device_url: https://downloads.remote.it/remoteit/v{{ remoteit_version }}/{{ remoteit_deb }} +# # # Example... https://downloads.remote.it/remoteit/v4.14.1/remoteit-4.14.1.armhf.rpi.deb # 2022-03-31: https://remote.it/download/ offers 4 relevant "CLI" installs: diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 7e1190a18..557a963a1 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -1,7 +1,7 @@ -- name: Fail if architecture remoteit_device_suffix == "unknown" - fail: - msg: "Could not find a remote.it Device Package (.deb) for CPU architecture \"{{ ansible_architecture }}\"" - when: remoteit_device_suffix == "unknown" +# - name: Fail if architecture remoteit_device_suffix == "unknown" +# fail: +# msg: "Could not find a remote.it Device Package (.deb) for CPU architecture \"{{ ansible_architecture }}\"" +# when: remoteit_device_suffix == "unknown" # - name: mkdir {{ downloads_dir }} # As roles/2-common/tasks/fl.yml has not run yet # file: @@ -15,19 +15,30 @@ # force: yes # timeout: "{{ download_timeout }}" -- name: Uninstall previously installed 'remoteit*' Device Package(s) +- name: Purge previously installed 'remoteit*' Device Package(s) apt: name: remoteit* state: absent + purge: yes ignore_errors: yes # - name: "Install Device Package: {{ downloads_dir }}/{{ remoteit_deb }}" # apt: # deb: "{{ downloads_dir }}/{{ remoteit_deb }}" -- name: "Install Device Package: {{ remoteit_device_url }}" - apt: - deb: "{{ remoteit_device_url }}" +# - name: "Install Device Package: {{ remoteit_device_url }}" +# apt: +# deb: "{{ remoteit_device_url }}" + +- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh + shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh + + +- name: "Install from template /usr/bin/iiab-remoteit to quickly obtain a new remote.it claim code, if later nec (much like the above 2 steps)" + template: + src: iiab-remoteit + dest: /usr/bin + mode: 0755 - name: Fail if architecture remoteit_cli_suffix == "unknown" diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit new file mode 100755 index 000000000..79163e81a --- /dev/null +++ b/roles/remoteit/templates/iiab-remoteit @@ -0,0 +1,51 @@ +#!/bin/bash -e + +# Run 'sudo iiab-remoteit' to (re)install & enable remote.it -- GENERAL TIPS: +# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" + +# /usr/bin/remoteit CLI is already be installed by: +# https://github.com/iiab/iiab/blob/master/roles/remoteit/tasks/install.yml + +echo -e "\nhttps://remote.it can help you remotely manage this IIAB:" +echo -e "https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md\n" + +echo -en "\e[1mInstall remote.it Device Package after purging all prior versions? [Y/n]\e[0m " +read ans < /dev/tty # Strips outer whitespace, whether we like it or not! +echo +[ "$ans" = "n" ] || [ "$ans" = "N" ] && exit 1 + +if grep -q '^remoteit_install:' /etc/iiab/local_vars.yml; then + sed -i "s/^remoteit_install:.*/remoteit_install: True/" /etc/iiab/local_vars.yml +else + echo "remoteit_install: True" >> /etc/iiab/local_vars.yml +fi + +if grep -q '^remoteit_enabled:' /etc/iiab/local_vars.yml; then + sed -i "s/^remoteit_enabled:.*/remoteit_enabled: True/" /etc/iiab/local_vars.yml +else + echo "remoteit_enabled: True" >> /etc/iiab/local_vars.yml +fi + +# 2022-04-02: Full Path Avoids problematic /usr/local/bin/apt on Linux Mint +/usr/bin/apt -y purge remoteit* + +# Why the brutal purge? Even 'apt -y reinstall remoteit.*.deb' is much stronger +# than 'install -y' in install_agent.sh below, but still insufficient. Maybe in +# future years their /usr/bin/remoteit CLI might seed a new claim code when nec? + +# apt install & enable "latest" remote.it Device Package for your CPU/OS +curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh + +if grep -q '^remoteit_installed:' /etc/iiab/iiab_state.yml; then + sed -i "s/^remoteit_installed:.*/remoteit_installed: True/" /etc/iiab/iiab_state.yml +else + echo "remoteit_installed: True" >> /etc/iiab/iiab_state.yml +fi + +echo -e "\e[44;1mNEXT STEPS...\e[0m\n" + +echo -e "\e[1m1) Install the remote.it Desktop Application on your own laptop/computer:" +echo -e " https://remote.it/download/\n" + +echo -e "2) Use the above 8-character claim code within 24h as shown here:" +echo -e " https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device\e[0m\n" From 4111837fbd8054c2920ad30fbecd163c3a364eee Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 3 Apr 2022 00:18:32 -0400 Subject: [PATCH 0148/1758] Polish introductory doc remoteit/README.md --- roles/remoteit/README.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index a34613b9b..7e9ad2c47 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -12,7 +12,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag 1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account. -2. Download the [remote.it desktop application](https://remote.it/download/) e.g. for Windows, macOS or Linux to your own laptop/computer — if you prefer this over the https://remote.it Web Portal and its [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages). +2. Download the [remote.it desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) to your own laptop/computer — if you prefer this over the https://remote.it Web Portal and its [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages). COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage @@ -22,7 +22,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag 2. If your IIAB software is already installed, run `sudo iiab-remoteit` then skip to Step 5. below. -3. If your IIAB software isn't yet installed, set `remoteit_install` and `remoteit_enabled` to `True` in its [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F). +3. If your IIAB software isn't yet installed, set `remoteit_install` and `remoteit_enabled` to `True` in its [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) Install [IIAB software](https://download.iiab.io/) e.g. by running `sudo iiab` then follow any on-screen instructions — until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. @@ -42,7 +42,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag sudo ./runrole --reinstall remoteit ``` --> - (This installs and enables the remote.it [Device Package](https://docs.remote.it/software/device-package) for your CPU and OS. This approach also installs the _optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), which offers [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package.) + (This installs and enables the remote.it [Device Package](https://docs.remote.it/software/device-package) for your CPU and OS. This also installs the _optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), which offers [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package.) 4. To obtain your IIAB's 8-character remote.it claim code (allowing you to make a remote connection to this IIAB device) run: @@ -52,7 +52,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag *The claim code must be used within 24 hours, per:* https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install - _If your claim code has expired, please run `sudo iiab-remoteit` just as in Step 2._ + _If your claim code has expired, please run_ `sudo iiab-remoteit` _just as in Step 2._ -5. Submit the claim code at https://remote.it (log into their Web Portal), or within the remote.it [desktop application](https://remote.it/download/) on your own laptop/computer. +5. Submit the claim code within the remote.it [desktop application](https://remote.it/download/) on your own laptop/computer. Or if you prefer, do that by logging into their Web Portal at https://remote.it Either way, click on the '+' icon to enter the remote.it claim code (to register the IIAB device to your account) as shown in this screenshot: https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device @@ -74,7 +74,12 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag 1. Run `sudo nano /etc/iiab/local_vars.yml` to set `remoteit_enabled: False` -2. Run `cd /opt/iiab/iiab` and then `sudo ./runrole remoteit` +2. Then run: + + ``` + cd /opt/iiab/iiab + sudo ./runrole remoteit + ``` ## Docs From a77b95af20ee8a5670ab6b8535316eff1f78db48 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 3 Apr 2022 00:57:47 -0400 Subject: [PATCH 0149/1758] remoteit/tasks/enable-or-disable.yml: 'schannel' systemd ON/OFF, like 'connectd' --- roles/remoteit/tasks/enable-or-disable.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 2e1ddb36f..a29f26090 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -1,17 +1,23 @@ -- name: Enable & (Re)Start remote.it's connectd daemon which calls home +- name: Enable & (Re)Start remote.it's daemons {connectd, schannel} systemd: - name: connectd + name: "{{ item }}" daemon_reload: yes enabled: yes state: restarted + with_items: + - connectd + - schannel when: remoteit_enabled -- name: Disable & Stop remote.it's connectd daemon +- name: Disable & Stop remote.it's daemons {connectd, schannel} systemd: - name: connectd + name: "{{ item }}" enabled: no state: stopped + with_items: + - connectd + - schannel when: not remoteit_enabled - name: Identify remoteit service (connector) unit file name, including uuid From a40183fd2e45af79220cb447fa45aaaa3ff0985a Mon Sep 17 00:00:00 2001 From: root Date: Sun, 3 Apr 2022 21:57:23 -0400 Subject: [PATCH 0150/1758] Fast /usr/bin/iiab-remoteit generates new claim code + optionally upgrades --- roles/remoteit/README.md | 38 +++++++++--- roles/remoteit/tasks/install.yml | 4 +- roles/remoteit/templates/iiab-remoteit | 70 +++++++++++++--------- roles/remoteit/templates/iiab-remoteit.old | 51 ++++++++++++++++ 4 files changed, 126 insertions(+), 37 deletions(-) create mode 100755 roles/remoteit/templates/iiab-remoteit.old diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 7e9ad2c47..dbaa5251d 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -8,16 +8,26 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag ## Getting Started -### Create a remote.it account + consider its desktop application +### Create a remote.it account + install its desktop application 1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account. -2. Download the [remote.it desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) to your own laptop/computer — if you prefer this over the https://remote.it Web Portal and its [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages). +2. Download and install the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes possible, but less functional. COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage -### Install remote.it onto an IIAB + register it + authorize services/ports + +### Generate a remote.it claim code for your IIAB + register it + authorize services/ports +Prerequisite: Find an IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml`. + +1. Run `sudo iiab-remoteit` + + Hit `[Enter]` twice if you want to quickly generate a new claim code for your IIAB. + + The claim code is stored in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install). + + - (This installs and enables the remote.it [Device Package](https://docs.remote.it/software/device-package) for your CPU and OS. This also installs the _optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), which offers [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package.) + -5. Submit the claim code within the remote.it [desktop application](https://remote.it/download/) on your own laptop/computer. Or if you prefer, do that by logging into their Web Portal at https://remote.it +2. Submit the claim code within the remote.it [desktop application](https://remote.it/download/) on your own laptop/computer. Or if you prefer, do that by logging into their Web Portal at: https://remote.it - Either way, click on the '+' icon to enter the remote.it claim code (to register the IIAB device to your account) as shown in this screenshot: https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device + Either way, click on the '+' icon to enter the remote.it claim code (to register the IIAB device to your account) as shown in this [screenshot](https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device). -6. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these screenshots: https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device +3. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these [screenshots](https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device). - SUMMARY: One or more remote.it "Services" need to be authorized (registered) to allow remote access to your IIAB device: https://support.remote.it/hc/en-us/articles/360060992631-Services + SUMMARY: One or more remote.it "Services" need to be authorized (registered) to allow remote access to your IIAB device:
https://support.remote.it/hc/en-us/articles/360060992631-Services - EXAMPLES: SSH (port 22) and/or HTTP (port 80): https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop + EXAMPLES: SSH (port 22) and/or HTTP (port 80):
https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop ### How to I disable remote.it on my IIAB? @@ -81,6 +94,13 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag sudo ./runrole remoteit ``` +3. If want to completely remove the remote.it software and its settings, also run: + + ``` + sudo apt purge "remoteit*" + sudo rm /usr/bin/remoteit + ``` + ## Docs diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 557a963a1..88ca82640 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -15,6 +15,8 @@ # force: yes # timeout: "{{ download_timeout }}" +# 2022-04-03: Unfort still necessary, as their install_agent.sh below uses apt +# with 'install -y' instead of '-y reinstall' or '-y --reinstall install' - name: Purge previously installed 'remoteit*' Device Package(s) apt: name: remoteit* @@ -34,7 +36,7 @@ shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh -- name: "Install from template /usr/bin/iiab-remoteit to quickly obtain a new remote.it claim code, if later nec (much like the above 2 steps)" +- name: "Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly generate a new remote.it claim code (in /etc/remoteit/config.json) AND enable remoteit's 3 systemd services -- optionally downloading + installing the very latest Device Package (like the 2 steps above)" template: src: iiab-remoteit dest: /usr/bin diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index 79163e81a..ee346d070 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -3,21 +3,52 @@ # Run 'sudo iiab-remoteit' to (re)install & enable remote.it -- GENERAL TIPS: # http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" -# /usr/bin/remoteit CLI is already be installed by: +# 'remoteit' Device Package AND /usr/bin/remoteit CLI already installed by: # https://github.com/iiab/iiab/blob/master/roles/remoteit/tasks/install.yml -echo -e "\nhttps://remote.it can help you remotely manage this IIAB:" +# 2022-04-03: SEE ALSO roles/remoteit/templates/iiab-remote.old + +echo -e "\nhttps://remote.it can help you remotely manage this IIAB. Summary:\n" + echo -e "https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md\n" -echo -en "\e[1mInstall remote.it Device Package after purging all prior versions? [Y/n]\e[0m " +echo -en "\e[1mTo proceed we will delete /etc/remoteit/config.json, Ok? [Y/n]\e[0m " read ans < /dev/tty # Strips outer whitespace, whether we like it or not! echo -[ "$ans" = "n" ] || [ "$ans" = "N" ] && exit 1 +[[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1 -if grep -q '^remoteit_install:' /etc/iiab/local_vars.yml; then - sed -i "s/^remoteit_install:.*/remoteit_install: True/" /etc/iiab/local_vars.yml +echo -e "\nThis IIAB must be online to begin!\n" + +echo -en "\e[1mOptionally download + install latest remote.it Device Package? [y/N]\e[0m " +read ans < /dev/tty # Strips outer whitespace, whether we like it or not! +echo + +if [[ $ans = "y" ]] || [[ $ans = "Y" ]]; then + # 2022-04-02: Full Path Avoids problematic /usr/local/bin/apt on Linux Mint + /usr/bin/apt -y purge "remoteit*" || true + + # Why the brutal purge? Even 'apt -y reinstall remoteit.*.deb' is stronger + # than 'install -y' in install_agent.sh, but still sometimes insufficient! + + # apt install & enable "latest" remote.it Device Package for your CPU/OS + curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh else - echo "remoteit_install: True" >> /etc/iiab/local_vars.yml + # '|| true' overrides 'bash -e' so script continues if config.json missing + mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) || true + + echo -e "In just a few seconds, all 3 services should be enabled + started.\n" + + systemctl restart connectd # Claim Code logic + kickstarts 2 svcs below + systemctl enable connectd # 3 enable lines, like enable-or-disable.yml + + # "Remote tcp command service" started above + systemctl enable schannel # 3 enable lines, like enable-or-disable.yml + + # "Remote tcp connection service" appears a few seconds after connectd is + # started above. It's also auto-enabled by above, so this may be overkill: + systemctl enable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@) # 3 enable lines, like enable-or-disable.yml + # Its systemd service name (e.g. remoteit@80:00:01:7F:7E:00:56:36.service) + # changes when a new claim code is generated. fi if grep -q '^remoteit_enabled:' /etc/iiab/local_vars.yml; then @@ -26,26 +57,11 @@ else echo "remoteit_enabled: True" >> /etc/iiab/local_vars.yml fi -# 2022-04-02: Full Path Avoids problematic /usr/local/bin/apt on Linux Mint -/usr/bin/apt -y purge remoteit* +claim_code=$(grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev) +echo -e "\nYour new claim code is \e[44;1m${claim_code}\e[0m -- YOUR NEXT STEPS ARE...\n" -# Why the brutal purge? Even 'apt -y reinstall remoteit.*.deb' is much stronger -# than 'install -y' in install_agent.sh below, but still insufficient. Maybe in -# future years their /usr/bin/remoteit CLI might seed a new claim code when nec? - -# apt install & enable "latest" remote.it Device Package for your CPU/OS -curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh - -if grep -q '^remoteit_installed:' /etc/iiab/iiab_state.yml; then - sed -i "s/^remoteit_installed:.*/remoteit_installed: True/" /etc/iiab/iiab_state.yml -else - echo "remoteit_installed: True" >> /etc/iiab/iiab_state.yml -fi - -echo -e "\e[44;1mNEXT STEPS...\e[0m\n" - -echo -e "\e[1m1) Install the remote.it Desktop Application on your own laptop/computer:" +echo -e "\e[1m1) Install the remote.it Desktop Application on your own laptop/computer:\e[0m" echo -e " https://remote.it/download/\n" -echo -e "2) Use the above 8-character claim code within 24h as shown here:" -echo -e " https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device\e[0m\n" +echo -e "\e[1m2) Use the above 8-character claim code WITHIN 24H as shown here:\e[0m" +echo -e " https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device\n" diff --git a/roles/remoteit/templates/iiab-remoteit.old b/roles/remoteit/templates/iiab-remoteit.old new file mode 100755 index 000000000..79163e81a --- /dev/null +++ b/roles/remoteit/templates/iiab-remoteit.old @@ -0,0 +1,51 @@ +#!/bin/bash -e + +# Run 'sudo iiab-remoteit' to (re)install & enable remote.it -- GENERAL TIPS: +# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" + +# /usr/bin/remoteit CLI is already be installed by: +# https://github.com/iiab/iiab/blob/master/roles/remoteit/tasks/install.yml + +echo -e "\nhttps://remote.it can help you remotely manage this IIAB:" +echo -e "https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md\n" + +echo -en "\e[1mInstall remote.it Device Package after purging all prior versions? [Y/n]\e[0m " +read ans < /dev/tty # Strips outer whitespace, whether we like it or not! +echo +[ "$ans" = "n" ] || [ "$ans" = "N" ] && exit 1 + +if grep -q '^remoteit_install:' /etc/iiab/local_vars.yml; then + sed -i "s/^remoteit_install:.*/remoteit_install: True/" /etc/iiab/local_vars.yml +else + echo "remoteit_install: True" >> /etc/iiab/local_vars.yml +fi + +if grep -q '^remoteit_enabled:' /etc/iiab/local_vars.yml; then + sed -i "s/^remoteit_enabled:.*/remoteit_enabled: True/" /etc/iiab/local_vars.yml +else + echo "remoteit_enabled: True" >> /etc/iiab/local_vars.yml +fi + +# 2022-04-02: Full Path Avoids problematic /usr/local/bin/apt on Linux Mint +/usr/bin/apt -y purge remoteit* + +# Why the brutal purge? Even 'apt -y reinstall remoteit.*.deb' is much stronger +# than 'install -y' in install_agent.sh below, but still insufficient. Maybe in +# future years their /usr/bin/remoteit CLI might seed a new claim code when nec? + +# apt install & enable "latest" remote.it Device Package for your CPU/OS +curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh + +if grep -q '^remoteit_installed:' /etc/iiab/iiab_state.yml; then + sed -i "s/^remoteit_installed:.*/remoteit_installed: True/" /etc/iiab/iiab_state.yml +else + echo "remoteit_installed: True" >> /etc/iiab/iiab_state.yml +fi + +echo -e "\e[44;1mNEXT STEPS...\e[0m\n" + +echo -e "\e[1m1) Install the remote.it Desktop Application on your own laptop/computer:" +echo -e " https://remote.it/download/\n" + +echo -e "2) Use the above 8-character claim code within 24h as shown here:" +echo -e " https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device\e[0m\n" From dd3bf7381aad64323dfcdfb9c01d32705c643146 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 3 Apr 2022 22:58:28 -0400 Subject: [PATCH 0151/1758] Explain roles/remoteit + avoid contention among its 3 services --- roles/remoteit/README.md | 14 +++++++------- roles/remoteit/tasks/enable-or-disable.yml | 22 +++++++++++++--------- roles/remoteit/templates/iiab-remoteit | 14 +++++++------- 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index dbaa5251d..bb8e8d622 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -12,20 +12,20 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag 1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account. -2. Download and install the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes possible, but less functional. +2. Download and install the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage ### Generate a remote.it claim code for your IIAB + register it + authorize services/ports -Prerequisite: Find an IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml`. +Prerequisite: Find an IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` 1. Run `sudo iiab-remoteit` Hit `[Enter]` twice if you want to quickly generate a new claim code for your IIAB. - The claim code is stored in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install). + The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install). ### Generate a remote.it claim code for your IIAB + register it + authorize services/ports -Prerequisite: Find an IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` +Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) 1. Run `sudo iiab-remoteit` @@ -87,7 +87,7 @@ Prerequisite: Find an IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_st 1. Run `sudo iiab-remoteit-off` -2. If want to completely remove all remote.it software and its settings, also run: +2. If you want to completely remove all remote.it software and its settings, also run: ``` sudo apt purge "remoteit*" From 462d39c26019ecf349dbd52b310253a529ee8949 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Apr 2022 00:54:34 -0400 Subject: [PATCH 0156/1758] enable-or-disable.yml: Consistent grep, like /usr/bin/iiab-remoteit-off (for PR #3161) --- roles/remoteit/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index b8c719ac7..94857b31f 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -25,7 +25,7 @@ when: not remoteit_enabled - name: Identify remoteit "Remote tcp connection service" unit file name, including uuid, e.g. remoteit@80:00:01:7F:7E:00:56:36.service - shell: ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit + shell: ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@ register: remoteit_service ignore_errors: yes From 68e1ca955cd74e0074b656c6628d78b5576550fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Apr 2022 09:35:00 -0400 Subject: [PATCH 0157/1758] /use/bin/iiab-remoteit: Safer bounce of services, while deleting config.json --- roles/remoteit/templates/iiab-remoteit | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index 1a23d4e46..4103476e7 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -34,16 +34,18 @@ if [[ $ans = "y" ]] || [[ $ans = "Y" ]]; then # apt install & enable "latest" remote.it Device Package for your CPU/OS curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh else + echo -e "In a few secs, all 3 svcs {connectd, schannel, remoteit@...} should be back!\n" + + systemctl stop connectd # Safer! + # '|| true' overrides 'bash -e' so script continues if config.json missing mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) || true - echo -e "In just a few seconds, all 3 services should be enabled/started.\n" - - systemctl restart connectd # Claim Code logic + kickstarts 2 svcs below - systemctl enable connectd # 2 enable lines, like enable-or-disable.yml + systemctl start connectd # Claim Code logic + kickstarts 2 svcs below + systemctl enable connectd # 2 enable lines, like enable-or-disable.yml # schannel = "Remote tcp command service" started by connectd above if nec - systemctl enable schannel # 2 enable lines, like enable-or-disable.yml + systemctl enable schannel # 2 enable lines, like enable-or-disable.yml # "Remote tcp connection service" appears a few seconds after connectd is # started above. Auto-enabled when spawned by connectd, SO NOT NEC HERE: From a9c04d08dc8b53cb43786efee2ce9b623d6eec72 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Apr 2022 09:43:10 -0400 Subject: [PATCH 0158/1758] /use/bin/iiab-remoteit: Clarify stop/delete/bounce "official" URL --- roles/remoteit/templates/iiab-remoteit | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index 4103476e7..eb371dc0f 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -34,6 +34,9 @@ if [[ $ans = "y" ]] || [[ $ans = "Y" ]]; then # apt install & enable "latest" remote.it Device Package for your CPU/OS curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh else + # 2022-04-04: Stop/Delete/Bounce sequence follows official suggestion here: + # https://support.remote.it/hc/en-us/articles/360061228252-Oops-I-cloned-an-SD-card- + echo -e "In a few secs, all 3 svcs {connectd, schannel, remoteit@...} should be back!\n" systemctl stop connectd # Safer! From 36ca9c6701fcc36c173fce3329080037f6b180f9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Apr 2022 10:11:51 -0400 Subject: [PATCH 0159/1758] Generally gratuitous, as connectd's already exited (#3162) --- roles/remoteit/templates/iiab-remoteit | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index eb371dc0f..2be0d6add 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -39,7 +39,7 @@ else echo -e "In a few secs, all 3 svcs {connectd, schannel, remoteit@...} should be back!\n" - systemctl stop connectd # Safer! + systemctl stop connectd # "Safer" (though it's generally exited already!) # '|| true' overrides 'bash -e' so script continues if config.json missing mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) || true From 272d23d908083b610dbe0dc3b1db67bdf19659d8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Apr 2022 12:19:04 -0400 Subject: [PATCH 0160/1758] iiab-diagnostics: /opt/iiab/kiwix/bin/kiwix-serve --version --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 72d549a0c..42a3ca703 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -162,7 +162,6 @@ cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini cat_file /etc/iiab/local_vars.yml # Redacts most passwords above cat_file /etc/iiab/iiab_state.yml -#cat_file /etc/iiab/config_vars.yml # No longer common cat_file /etc/resolv.conf cat_file /etc/network/interfaces cat_file /etc/hostapd/hostapd.conf # Redacts most passwords above @@ -183,8 +182,6 @@ cat_dir /etc/NetworkManager/system-connections cat_dir /etc/netplan # Redacts most passwords above #cat_dir /etc/sysconfig/network-scripts/if-cfg* # No longer common #cat_dir /etc/network # Above file /etc/network/interfaces suffices -cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' -cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' echo -e "\n 4. Output of Commands:\n" echo -e "\n\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile @@ -214,6 +211,9 @@ cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'lspci -nn' 'Devices on PCI buses' +cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'env' 'Environment variables' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From 48e75a15a3b394c89d74a3d8e73dc4b4b7bc0c86 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 4 Apr 2022 19:06:28 -0400 Subject: [PATCH 0161/1758] Fix 5 typos: /etc/iiab/iiab_state.yml -> /etc/iiab/iiab.ini --- roles/gitea/tasks/main.yml | 2 +- roles/lokole/tasks/main.yml | 2 +- roles/nodejs/tasks/main.yml | 2 +- roles/postgresql/tasks/main.yml | 2 +- roles/yarn/tasks/main.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 265532558..578c1e590 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -45,7 +45,7 @@ - name: Add 'gitea' to list of services at {{ iiab_ini_file }} ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab_state.yml + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: gitea option: "{{ item.option }}" value: "{{ item.value | string }}" diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index 5d4bdc72b..75cc0cc53 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -49,7 +49,7 @@ - name: Add 'lokole' variable values to {{ iiab_ini_file }} ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab_state.yml + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: lokole option: "{{ item.option }}" value: "{{ item.value | string }}" diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index e13c68934..99250321b 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -42,7 +42,7 @@ - name: Add 'nodejs' variable values to {{ iiab_ini_file }} ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab_state.yml + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nodejs option: "{{ item.option }}" value: "{{ item.value | string }}" diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 2043e2427..c69396d29 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -49,7 +49,7 @@ - name: Add 'postgresql' variable values to {{ iiab_ini_file }} ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab_state.yml + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: postgresql option: "{{ item.option }}" value: "{{ item.value | string }}" diff --git a/roles/yarn/tasks/main.yml b/roles/yarn/tasks/main.yml index fc1255729..5d8844ab9 100644 --- a/roles/yarn/tasks/main.yml +++ b/roles/yarn/tasks/main.yml @@ -33,7 +33,7 @@ - name: Add 'yarn' variable values to {{ iiab_ini_file }} ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab_state.yml + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: yarn option: "{{ item.option }}" value: "{{ item.value | string }}" From 60b0063012392e9ff72d4eb8ed588ed8f78467d6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Apr 2022 21:48:25 -0400 Subject: [PATCH 0162/1758] remoteit/README.md: Add context, clarify, link to Desktop App changelog --- roles/remoteit/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 4472eb220..b8d158142 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -19,13 +19,13 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag ### Generate a remote.it claim code for your IIAB + register it + authorize services/ports -Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) +Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) It means the remote.it [Device Package](https://docs.remote.it/software/device-package) is installed on your IIAB, most important! It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. -1. Run `sudo iiab-remoteit` +1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB. Hit `[Enter]` twice if you want to quickly generate a new claim code for your IIAB. - The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install). + (The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install).) ### Generate a remote.it claim code for your IIAB + register it + authorize services/ports -Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) It means the remote.it [Device Package](https://docs.remote.it/software/device-package) is installed on your IIAB, most important! It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. +Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) It means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. 1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB. @@ -87,7 +87,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 1. Run `sudo iiab-remoteit-off` -2. If you want to completely remove all remote.it software and its settings, also run: +2. If you also want to completely remove all remote.it software and its settings, run: ``` sudo apt purge "remoteit*" From 3b8a6c0e07b00a9531e711be4f10a0d54648c4e3 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 5 Apr 2022 22:59:14 -0400 Subject: [PATCH 0166/1758] Fix explanations in iiab-remoteit(-off) for #3167 --- roles/remoteit/templates/iiab-remoteit | 9 +++++---- roles/remoteit/templates/iiab-remoteit-off | 6 +++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index 2be0d6add..cf324c988 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -37,7 +37,7 @@ else # 2022-04-04: Stop/Delete/Bounce sequence follows official suggestion here: # https://support.remote.it/hc/en-us/articles/360061228252-Oops-I-cloned-an-SD-card- - echo -e "In a few secs, all 3 svcs {connectd, schannel, remoteit@...} should be back!\n" + echo -e "In a few seconds, all 3 {connectd, schannel, remoteit@...} should be enabled!\n" systemctl stop connectd # "Safer" (though it's generally exited already!) @@ -52,9 +52,10 @@ else # "Remote tcp connection service" appears a few seconds after connectd is # started above. Auto-enabled when spawned by connectd, SO NOT NEC HERE: - # systemctl enable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@) - # Its systemd service name (e.g. remoteit@80:00:01:7F:7E:00:56:36.service) - # changes when a new claim code is generated! + # systemctl enable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) + # These systemd service names e.g. remoteit@80:00:01:7F:7E:00:56:36.service + # change, e.g. when a new claim code is generated, and more arise when the + # IIAB device is registered to a remote.it account (#3166), etc. fi if grep -q '^remoteit_enabled:' /etc/iiab/local_vars.yml; then diff --git a/roles/remoteit/templates/iiab-remoteit-off b/roles/remoteit/templates/iiab-remoteit-off index daf92b5db..55eef88c0 100755 --- a/roles/remoteit/templates/iiab-remoteit-off +++ b/roles/remoteit/templates/iiab-remoteit-off @@ -28,6 +28,6 @@ systemctl disable schannel # "Remote tcp connection service" systemctl stop $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) || true systemctl disable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) || true -# FYI these systemd service names e.g. remoteit@80:00:01:7F:7E:00:56:36.service -# change, and arise when a new claim code is generated, when the IIAB device is -# registed, etc. 2022-04-05 Example: https://github.com/iiab/iiab/issues/3166 +# These systemd service names e.g. remoteit@80:00:01:7F:7E:00:56:36.service +# change, e.g. when a new claim code is generated, and more arise when the +# IIAB device is registered to a remote.it account (#3166), etc. From 9b650fa8775890c57456af054cc7b6c99636db1a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 5 Apr 2022 23:14:42 -0400 Subject: [PATCH 0167/1758] Better explain /usr/bin/iiab-remoteit-off --- roles/remoteit/templates/iiab-remoteit-off | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/templates/iiab-remoteit-off b/roles/remoteit/templates/iiab-remoteit-off index 55eef88c0..80207f8be 100755 --- a/roles/remoteit/templates/iiab-remoteit-off +++ b/roles/remoteit/templates/iiab-remoteit-off @@ -25,7 +25,7 @@ systemctl disable connectd systemctl stop schannel systemctl disable schannel -# "Remote tcp connection service" +# "Remote tcp connection service" (typically 1-3 of these) systemctl stop $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) || true systemctl disable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) || true # These systemd service names e.g. remoteit@80:00:01:7F:7E:00:56:36.service From 9c3520775dfea06c6111f8914c7a88e0d79f8cfe Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 5 Apr 2022 23:19:43 -0400 Subject: [PATCH 0168/1758] Explain remoteit/tasks/enable-or-disable.yml for #3167 #3168 --- roles/remoteit/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 41abf0286..d2891abd6 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -24,7 +24,7 @@ - schannel when: not remoteit_enabled -- name: Stop & Disable any remoteit@* services found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service +- name: Stop & Disable remoteit@* "Remote tcp connection services" (typically 1-3 of these) found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service shell: | systemctl stop $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) systemctl disable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) From f826d1842785db67a1fc8d74a778cccbc08975be Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 5 Apr 2022 23:30:29 -0400 Subject: [PATCH 0169/1758] remoteit/tasks/enable-or-disable.yml: Explain disable or remote@* --- roles/remoteit/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index d2891abd6..576e3632d 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -24,7 +24,7 @@ - schannel when: not remoteit_enabled -- name: Stop & Disable remoteit@* "Remote tcp connection services" (typically 1-3 of these) found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service +- name: Stop & Disable "Remote tcp connection services" remoteit@* found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service shell: | systemctl stop $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) systemctl disable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) From 853cd445f97857dd3d763974753a43351fa49a20 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 5 Apr 2022 22:44:13 -0500 Subject: [PATCH 0170/1758] visual feedback and record in iiab.ini --- roles/remoteit/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/remoteit/tasks/main.yml b/roles/remoteit/tasks/main.yml index c66cd921a..f152c6b52 100644 --- a/roles/remoteit/tasks/main.yml +++ b/roles/remoteit/tasks/main.yml @@ -18,6 +18,9 @@ - include_tasks: enable-or-disable.yml +- name: Find the claim code if blank the machine was registrated + shell: grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev + register: remoteit_claim - name: Add 'remoteit' variable values to {{ iiab_ini_file }} ini_file: @@ -34,3 +37,5 @@ value: "{{ remoteit_install }}" - option: remoteit_enabled value: "{{ remoteit_enabled }}" + - option: remoteit_claim_code + value: "{{ remoteit_claim.stdout }}" From ee4930d570518588611b5597be82846f90e1e12b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Apr 2022 08:12:23 -0400 Subject: [PATCH 0171/1758] remoteit/tasks/install.yml: Clarify 3 core install steps --- roles/remoteit/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 0747b558e..37d53c170 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -32,17 +32,17 @@ # apt: # deb: "{{ remoteit_device_url }}" -- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh +- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh -- name: "Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly enable remote.it AND generate a new remote.it claim code (in /etc/remoteit/config.json) -- optionally downloading + installing the very latest Device Package (like the 2 steps above)" +- name: Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly enable remote.it AND generate a new remote.it claim code (in /etc/remoteit/config.json) -- optionally downloading + installing the very latest Device Package (like the 2 steps above) template: src: iiab-remoteit dest: /usr/bin mode: 0755 -- name: "Install /usr/bin/iiab-remoteit-off from template -- so IIAB operators can quickly turn off AND disable remote.it services on this IIAB" +- name: Install /usr/bin/iiab-remoteit-off from template -- so IIAB operators can quickly turn off AND disable remote.it services on this IIAB template: src: iiab-remoteit-off dest: /usr/bin From 3756fe63da8859d6f413088e57480f308ff9b262 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Apr 2022 11:42:10 -0400 Subject: [PATCH 0172/1758] Clarify /etc/squid/squid.conf <- roles/network/templates/squid/squid.conf.j2 --- roles/network/templates/squid/squid.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/network/templates/squid/squid.conf.j2 b/roles/network/templates/squid/squid.conf.j2 index 666a6a677..05a2e8f84 100644 --- a/roles/network/templates/squid/squid.conf.j2 +++ b/roles/network/templates/squid/squid.conf.j2 @@ -1,3 +1,5 @@ +# This is /etc/squid/squid.conf <- roles/network/templates/squid/squid.conf.j2 + # 2021-08-16 IIAB PR #2948 - April 2007 OLPC School Server legacy moved to: # https://github.com/iiab/iiab/blob/master/roles/network/templates/squid/squid-iiab.conf.j2.unused From 3df09c73f0d071f10b93f9d68798c2d9bb26e5c5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Apr 2022 11:45:16 -0400 Subject: [PATCH 0173/1758] network/tasks/squid.yml: Doc @ network/templates/squid/squid.conf.j2#L12-L32 --- roles/network/tasks/squid.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index 1f6acc39d..a84facb03 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -34,7 +34,7 @@ # Squid auto-creation of cache_dir (or the old way, 'squid -z') both fail: # "FATAL: Failed to make swap directory /library/cache: (13) Permission denied" # -# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/network/templates/squid/squid.conf.j2#L10-L30 +# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/network/templates/squid/squid.conf.j2#L12-L32 - name: Create Squid directory /library/cache ({{ proxy_user }}:{{ proxy_user }}, 0750) file: From 1472d9945d928b7fac56fb2a82c07b7eec7284b3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Apr 2022 13:32:45 -0400 Subject: [PATCH 0174/1758] remoteit/README.md: Long-form doc equiv to "Oops, I cloned an SD card!" --- roles/remoteit/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index ed1a47700..9dc1b9712 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -100,6 +100,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s - https://docs.remote.it - https://docs.remote.it/developer-tools/cli-usage + - https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account - https://support.remote.it - https://support.remote.it/hc/en-us/categories/360003417511-Getting-Started - https://support.remote.it/hc/en-us/articles/360061228252-Oops-I-cloned-an-SD-card- From 296e8c20326e16708cddea4359822ec2529c7b44 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 6 Apr 2022 11:34:03 -0500 Subject: [PATCH 0175/1758] REGISTRATION_CODE based on https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account --- roles/remoteit/defaults/main.yml | 1 + roles/remoteit/tasks/enable-or-disable.yml | 8 ++++++++ roles/remoteit/tasks/install.yml | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index e4ea3fc46..a98ed97f5 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -49,3 +49,4 @@ cli_suffixes: x86_64: x86_64 remoteit_cli_suffix: "{{ cli_suffixes[ansible_architecture] | default('unknown') }}" remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit_linux_{{ remoteit_cli_suffix }} +remoteit_REGISTRATION_CODE: none #eg "592AA9BB-68C8-520A-AACA-6E27654C3DF6" generated in the desktop or web portal diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 41abf0286..a11286463 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -1,3 +1,7 @@ +- name: Using pre-created REGISTRATION_CODE from desktop or web portal + shell: echo {{ remoteit_REGISTRATION_CODE }} > /etc/remoteit/registration + when: remoteit_REGISTRATION_CODE is not none + - name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below systemd: name: connectd @@ -31,6 +35,10 @@ ignore_errors: yes when: not remoteit_enabled +- name: Clean up REGISTRATION_CODE from {{ iiab_local_vars_file }} if used + shell: sed -i '/remoteit_REGISTRATION_CODE/d' {{ iiab_local_vars_file }} + when: remoteit_REGISTRATION_CODE is not none + # - name: Identify remoteit "Remote tcp connection service" unit file name, including uuid, e.g. remoteit@80:00:01:7F:7E:00:56:36.service # shell: ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@ # register: remoteit_service diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 0747b558e..adc2c2b4e 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -32,6 +32,10 @@ # apt: # deb: "{{ remoteit_device_url }}" +- name: Going to use pre-created REGISTRATION_CODE from desktop or web portal + shell: mkdir /etc/remoteit || true && touch /etc/remoteit/registration + when: remoteit_REGISTRATION_CODE is not none + - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh From 5110147551ab51f996783aadbe543faba57e441c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Apr 2022 13:46:30 -0400 Subject: [PATCH 0176/1758] remoteit/templates/iiab-remoteit: Document /usr/share/remoteit/refresh.sh --- roles/remoteit/templates/iiab-remoteit | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index cf324c988..d529be39b 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -45,6 +45,9 @@ else mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) || true systemctl start connectd # Claim Code logic + kickstarts 2 svcs below + # /usr/share/remoteit/refresh.sh does the same thing (or close) as per: + # https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account + systemctl enable connectd # 2 enable lines, like enable-or-disable.yml # schannel = "Remote tcp command service" started by connectd above if nec From d1b95d68f627acc46deb0d1938ad5f426e134905 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Apr 2022 14:43:55 -0400 Subject: [PATCH 0177/1758] remoteit/README.md: Link to "Subscriptions and Licensing" --- roles/remoteit/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 9dc1b9712..822d22286 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -104,6 +104,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s - https://support.remote.it - https://support.remote.it/hc/en-us/categories/360003417511-Getting-Started - https://support.remote.it/hc/en-us/articles/360061228252-Oops-I-cloned-an-SD-card- + - https://support.remote.it/hc/en-us/articles/4404156674445-Subscriptions-and-Licensing - https://support.remote.it/hc/en-us/articles/360041590951-Why-does-the-address-time-out- - https://support.remote.it/hc/en-us/articles/360047705691-Desktop-Application-Release-Notes - https://support.remote.it/hc/en-us/articles/4492289672973-Two-ways-of-using-remote-it-Connections From dcc6615d7209feadef7568fab56bc3aa60df7b3b Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Apr 2022 18:13:05 -0400 Subject: [PATCH 0178/1758] Allow remote.it license key to be pasted into local_vars.yml --- roles/remoteit/README.md | 31 +++++++++++++++++++++- roles/remoteit/defaults/main.yml | 13 ++++++++- roles/remoteit/tasks/enable-or-disable.yml | 24 ++++++++++++----- roles/remoteit/tasks/install.yml | 22 ++++++++++++--- roles/remoteit/tasks/main.yml | 10 +++---- 5 files changed, 82 insertions(+), 18 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 822d22286..83eb10f60 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -17,7 +17,7 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage -### Generate a remote.it claim code for your IIAB + register it + authorize services/ports +### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) It means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. @@ -83,6 +83,35 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s EXAMPLES: Add an SSH Service on port 22 and/or add an HTTP Service on port 80 ([screenshot guide](https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop)). +### OPTION #2: Paste your remote.it license key to IIAB + enable it + authorize services/ports + +1. Copy your remote.it account _license key_ from their Desktop Application (https://remote.it/download/) (or from their https://remote.it Web Portal) as shown in this [screenshot](https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account#3.-user-receives-the-device-and-registers-his-account). + + Paste it into your IIAB's [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) as in this example: + + ``` + remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 + ``` + +2. Also set `remoteit_enabled: True` in /etc/iiab/local_vars.yml + +3. If your [IIAB software](https://download.iiab.io/) is not yet installed, do that e.g. by running `sudo iiab` and following any on-screen instructions — until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. + + When that's complete, skip to Step 5. + +4. If your IIAB software is already installed, make sure your IIAB is online, and then run: + + ``` + cd /opt/iiab/iiab + sudo ./runrole remoteit + ``` + +5. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these [screenshots](https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device). + + SUMMARY: One or more [remote.it "Services"](https://support.remote.it/hc/en-us/articles/360060992631-Services) needs to be authorized (registered) to allow remote access to your IIAB device. + + EXAMPLES: Add an SSH Service on port 22 and/or add an HTTP Service on port 80 ([screenshot guide](https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop)). + ### How to I disable remote.it on my IIAB? 1. Run `sudo iiab-remoteit-off` diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index a98ed97f5..48a7f0304 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -49,4 +49,15 @@ cli_suffixes: x86_64: x86_64 remoteit_cli_suffix: "{{ cli_suffixes[ansible_architecture] | default('unknown') }}" remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit_linux_{{ remoteit_cli_suffix }} -remoteit_REGISTRATION_CODE: none #eg "592AA9BB-68C8-520A-AACA-6E27654C3DF6" generated in the desktop or web portal + +# OPTION #1: Run 'sudo iiab-remoteit' after IIAB is installed. + +# OPTION #2: Pre-populate your remote.it account "license key" (a.k.a. +# R3_REGISTRATION_CODE) in /etc/iiab/local_vars.yml -- e.g. prior to installing +# IIAB -- by using a line like: +# +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 +# +# BACKGROUND: You can obtain a license key at https://remote.it or by using +# their Desktop Application (https://remote.it/download/) as shown here: +# https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account#3.-user-receives-the-device-and-registers-his-account diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index db828ec56..6e762952a 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -1,6 +1,20 @@ -- name: Using pre-created REGISTRATION_CODE from desktop or web portal - shell: echo {{ remoteit_REGISTRATION_CODE }} > /etc/remoteit/registration - when: remoteit_REGISTRATION_CODE is not none +- name: Copy OPTIONAL remoteit_license_key, e.g. from /etc/iiab/local_vars.yml to /etc/remoteit/registration, if remoteit_enabled and remoteit_license_key is defined + # shell: echo {{ remoteit_license_key }} > /etc/remoteit/registration + template: + src: registration.j2 + dest: /etc/remoteit/registration + when: remoteit_enabled and remoteit_license_key is defined + +- name: Redact OPTIONAL remoteit_license_key from /etc/iiab/local_vars.yml, if remoteit_enabled and remoteit_license_key is defined + # shell: sed -i '/^remoteit_license_key:/d' {{ iiab_local_vars_file }} + lineinfile: + path: "{{ iiab_local_vars_file }}" + regexp: '^remoteit_license_key:.*' + state: absent + when: remoteit_enabled and remoteit_license_key is defined + +# 2022-04-06 QUESTION: Does connectd (below) delete /etc/remoteit/registration, +# but only after confirming online that the license key is valid? - name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below systemd: @@ -35,10 +49,6 @@ ignore_errors: yes when: not remoteit_enabled -- name: Clean up REGISTRATION_CODE from {{ iiab_local_vars_file }} if used - shell: sed -i '/remoteit_REGISTRATION_CODE/d' {{ iiab_local_vars_file }} - when: remoteit_REGISTRATION_CODE is not none - # - name: Identify remoteit "Remote tcp connection service" unit file name, including uuid, e.g. remoteit@80:00:01:7F:7E:00:56:36.service # shell: ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@ # register: remoteit_service diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 636af2088..3b9df9556 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -24,6 +24,23 @@ purge: yes ignore_errors: yes + +# Speeds things up a bit, deferring online claim code generation if not nec: +# https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account + +- name: "'mkdir /etc/remoteit' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" + file: + state: directory + path: /etc/remoteit + when: remoteit_license_key is defined + +- name: "'touch /etc/remoteit/registration' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" + file: + state: touch + path: /etc/remoteit/registration + when: remoteit_license_key is defined + + # - name: "Install Device Package: {{ downloads_dir }}/{{ remoteit_deb }}" # apt: # deb: "{{ downloads_dir }}/{{ remoteit_deb }}" @@ -32,13 +49,10 @@ # apt: # deb: "{{ remoteit_device_url }}" -- name: Going to use pre-created REGISTRATION_CODE from desktop or web portal - shell: mkdir /etc/remoteit || true && touch /etc/remoteit/registration - when: remoteit_REGISTRATION_CODE is not none - - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh + - name: Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly enable remote.it AND generate a new remote.it claim code (in /etc/remoteit/config.json) -- optionally downloading + installing the very latest Device Package (like the 2 steps above) template: src: iiab-remoteit diff --git a/roles/remoteit/tasks/main.yml b/roles/remoteit/tasks/main.yml index f152c6b52..1e1c85230 100644 --- a/roles/remoteit/tasks/main.yml +++ b/roles/remoteit/tasks/main.yml @@ -18,9 +18,9 @@ - include_tasks: enable-or-disable.yml -- name: Find the claim code if blank the machine was registrated - shell: grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev - register: remoteit_claim +# - name: Extract claim code from /etc/remoteit/config.json if it exists +# shell: grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev +# register: remoteit_claim_code - name: Add 'remoteit' variable values to {{ iiab_ini_file }} ini_file: @@ -37,5 +37,5 @@ value: "{{ remoteit_install }}" - option: remoteit_enabled value: "{{ remoteit_enabled }}" - - option: remoteit_claim_code - value: "{{ remoteit_claim.stdout }}" + # - option: remoteit_claim_code + # value: "{{ remoteit_claim_code.stdout }}" From a8a6b0318e626c554d23ddacb65d50e37eb340ca Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Apr 2022 18:34:33 -0400 Subject: [PATCH 0179/1758] remoteit/README.md: Clarify OPTION #2 license key approach --- roles/remoteit/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 83eb10f60..6c480f98f 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -85,7 +85,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s ### OPTION #2: Paste your remote.it license key to IIAB + enable it + authorize services/ports -1. Copy your remote.it account _license key_ from their Desktop Application (https://remote.it/download/) (or from their https://remote.it Web Portal) as shown in this [screenshot](https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account#3.-user-receives-the-device-and-registers-his-account). +1. Copy your remote.it account _license key_ from their Desktop Application (https://remote.it/download/) or from their Web Portal (https://remote.it) — as shown in this [screenshot](https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account#3.-user-receives-the-device-and-registers-his-account). Paste it into your IIAB's [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) as in this example: @@ -95,6 +95,8 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 2. Also set `remoteit_enabled: True` in /etc/iiab/local_vars.yml + (And verify that `remoteit_install: True` is set.) + 3. If your [IIAB software](https://download.iiab.io/) is not yet installed, do that e.g. by running `sudo iiab` and following any on-screen instructions — until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. When that's complete, skip to Step 5. From 2b217b0534087e215dca24a7250e5d18c2bc5450 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Apr 2022 18:51:12 -0400 Subject: [PATCH 0180/1758] remoteit/README.md: Clarify 'sudo ./runrole remoteit' context & options --- roles/remoteit/README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 6c480f98f..ee1b2c8e7 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -101,13 +101,22 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s When that's complete, skip to Step 5. -4. If your IIAB software is already installed, make sure your IIAB is online, and then run: +4. If your IIAB software is already installed, make sure your IIAB is online. + + Now register your IIAB to your remote.it account (while enabling remote.it on your IIAB device) by running: ``` cd /opt/iiab/iiab sudo ./runrole remoteit ``` + If you also want to reinstall the (latest) remote.it Device Package on your IIAB, you can instead run: + + ``` + cd /opt/iiab/iiab + sudo ./runrole --reinstall remoteit + ``` + 5. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these [screenshots](https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device). SUMMARY: One or more [remote.it "Services"](https://support.remote.it/hc/en-us/articles/360060992631-Services) needs to be authorized (registered) to allow remote access to your IIAB device. From 9e0ffcf5a7b06c3b407d3e740e46910f37f30dea Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Apr 2022 10:17:35 -0400 Subject: [PATCH 0181/1758] Fancier & dancier roles/remoteit --- roles/remoteit/README.md | 2 +- roles/remoteit/tasks/install.yml | 30 ++++++++++++++--- roles/remoteit/templates/iiab-remoteit | 41 ++++++++++++++++++++---- roles/remoteit/templates/registration.j2 | 1 + vars/default_vars.yml | 2 ++ vars/local_vars_large.yml | 2 ++ vars/local_vars_medium.yml | 2 ++ vars/local_vars_small.yml | 2 ++ vars/local_vars_unittest.yml | 2 ++ 9 files changed, 71 insertions(+), 13 deletions(-) create mode 100644 roles/remoteit/templates/registration.j2 diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index ee1b2c8e7..8bba5ee40 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -23,7 +23,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB. - Hit `[Enter]` twice if you want to quickly generate a new claim code for your IIAB. + Hit `[Enter]` (repeatedly if necessary, to accept all defaults) if you want to quickly generate a new claim code for your IIAB. (The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install).) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 3b9df9556..da9c1a594 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -17,6 +17,8 @@ # 2022-04-03: Unfort still necessary, as their install_agent.sh below uses apt # with 'install -y' instead of '-y reinstall' or '-y --reinstall install' +# FWIW: Some remoteit.*.deb installers also work with '-y --allow-downgrades install' +# (e.g. *.amd64.deb) but others (e.g. both *.rpi.deb) do not. - name: Purge previously installed 'remoteit*' Device Package(s) apt: name: remoteit* @@ -28,17 +30,27 @@ # Speeds things up a bit, deferring online claim code generation if not nec: # https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account -- name: "'mkdir /etc/remoteit' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" +# - name: "'mkdir /etc/remoteit' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" +# file: +# state: directory +# path: /etc/remoteit +# when: remoteit_license_key is defined + +# - name: "'touch /etc/remoteit/registration' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" +# file: +# state: touch +# path: /etc/remoteit/registration +# when: remoteit_license_key is defined + +- name: "'mkdir /etc/remoteit'" file: state: directory path: /etc/remoteit - when: remoteit_license_key is defined -- name: "'touch /etc/remoteit/registration' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" +- name: "'touch /etc/remoteit/registration' to block generation of claim code below, also speeding things up a bit" file: state: touch path: /etc/remoteit/registration - when: remoteit_license_key is defined # - name: "Install Device Package: {{ downloads_dir }}/{{ remoteit_deb }}" @@ -49,10 +61,18 @@ # apt: # deb: "{{ remoteit_device_url }}" -- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h +# - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h +- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh +- name: "'rm /etc/remoteit/registration' (empty file used just above)" + file: + state: absent + path: /etc/remoteit/registration + ignore_errors: yes # In case a future version of install_agent.sh deletes it for us + + - name: Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly enable remote.it AND generate a new remote.it claim code (in /etc/remoteit/config.json) -- optionally downloading + installing the very latest Device Package (like the 2 steps above) template: src: iiab-remoteit diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index d529be39b..816d43f6c 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -9,14 +9,26 @@ # 2022-04-03: SEE ALSO roles/remoteit/templates/iiab-remote.old -echo -e "\nhttps://remote.it can help you remotely manage this IIAB. Summary:\n" +echo -e "\nhttps://remote.it can help you remotely manage this IIAB.\n" + +echo -e "Let's generate a claim code and enable it. Documentation:\n" echo -e "https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md\n" -echo -en "\e[1mTo proceed we will delete /etc/remoteit/config.json, Ok? [Y/n]\e[0m " -read ans < /dev/tty # Strips outer whitespace, whether we like it or not! -echo -[[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1 +if [ -f /etc/remoteit/config.json ]; then + echo -en "\e[1mTo proceed we will delete /etc/remoteit/config.json, Ok? [Y/n]\e[0m " + read ans < /dev/tty # Strips outer whitespace, whether we like it or not! + echo + [[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1 +fi + +# Explanation below, on lines 65-72 +if [ -f /etc/remoteit/registration ]; then + echo -en "\e[1mTo proceed we will delete /etc/remoteit/registration, Ok? [Y/n]\e[0m " + read ans < /dev/tty # Strips outer whitespace, whether we like it or not! + echo + [[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1 +fi echo -e "\nThis IIAB must be online to begin!\n" @@ -41,8 +53,23 @@ else systemctl stop connectd # "Safer" (though it's generally exited already!) - # '|| true' overrides 'bash -e' so script continues if config.json missing - mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) || true + # If someone manually deleted the dir, this blocks generation of claim code + [ ! -d /etc/remoteit ] && + mkdir /etc/remoteit + + [ -f /etc/remoteit/config.json ] && + mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) + [ -f /etc/remoteit/registration ] && + mv /etc/remoteit/registration /etc/remoteit/registration.$(date +%F_%T_%Z) + + # /etc/remoteit/registration is deleted above, but just FYI if it existed: + # + # 1) If /etc/remoteit/registration exists and is empty, connectd (below) + # will not create /etc/remoteit/config.json + # 2) If /etc/remoteit/registration contains an invalid license key, connectd + # (below) will create /etc/remoteit/config.json WITH a claim code. + # 3) If /etc/remoteit/registration contains a valid license key, connectd + # (below) will create /etc/remoteit/config.json WITHOUT a claim code. systemctl start connectd # Claim Code logic + kickstarts 2 svcs below # /usr/share/remoteit/refresh.sh does the same thing (or close) as per: diff --git a/roles/remoteit/templates/registration.j2 b/roles/remoteit/templates/registration.j2 new file mode 100644 index 000000000..774abae03 --- /dev/null +++ b/roles/remoteit/templates/registration.j2 @@ -0,0 +1 @@ +{{ remoteit_license_key }} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 80808c308..a617b4ae5 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -213,6 +213,8 @@ sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1135c715b..6478638c3 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -128,6 +128,8 @@ sshd_enabled: True # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index fde1c39a5..6c56bf89e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -128,6 +128,8 @@ sshd_enabled: True # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 50d8b0d79..a3c7ed0bc 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -128,6 +128,8 @@ sshd_enabled: True # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 7808c109a..48226893a 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -128,6 +128,8 @@ sshd_enabled: True # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True From 9181a4e04d014ed6f73d1780bf470d644de21ec8 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Apr 2022 11:43:32 -0400 Subject: [PATCH 0182/1758] enable-or-disable.yml: Clarify connectd doesn't delete /etc/remoteit/registration --- roles/remoteit/tasks/enable-or-disable.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 6e762952a..c32e79b9a 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -13,8 +13,7 @@ state: absent when: remoteit_enabled and remoteit_license_key is defined -# 2022-04-06 QUESTION: Does connectd (below) delete /etc/remoteit/registration, -# but only after confirming online that the license key is valid? +# 2022-04-07 FYI: connectd (below) never deletes /etc/remoteit/registration - name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below systemd: From 1df563d2a99002f151302a922b7bc04cee1a0fbc Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Apr 2022 23:44:00 -0400 Subject: [PATCH 0183/1758] /usr/bin/iiab-remoteit tries license key first; claim code if nec --- roles/remoteit/README.md | 19 ++- roles/remoteit/tasks/enable-or-disable.yml | 5 +- roles/remoteit/templates/iiab-remoteit | 143 ++++++++++++++------- 3 files changed, 112 insertions(+), 55 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 8bba5ee40..681e25b29 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -8,25 +8,30 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag ## Getting Started -### Create a remote.it account + install its desktop application +### Create a remote.it account + consider its desktop application 1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account. -2. Download and install the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. +2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports + -Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) It means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. +Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. 1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB. - Hit `[Enter]` (repeatedly if necessary, to accept all defaults) if you want to quickly generate a new claim code for your IIAB. + Hit `[Enter]` if this is a fresh install, to quickly generate a claim code for your IIAB. (The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install).) + NOTE: If a remote.it license key is found in `/etc/iiab/local_vars.yml` or `/etc/remoteit/registration`, that will be tried first (prior to generating a claim code). + + *If the license key works, you will not get a claim code, as the IIAB device auto-registers to your remote.it account (skip to Step 3. below).* + -Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. +Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is already installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. 1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB. @@ -98,15 +98,17 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 ``` + _FYI to protect your credential, the above line will promptly be redacted (removed) from your /etc/iiab/local_vars.yml — after the key is copied to_ `/etc/remoteit/registration` _in Step 3. or 4. below._ + 2. Also set `remoteit_enabled: True` in /etc/iiab/local_vars.yml (And verify that `remoteit_install: True` is set.) -3. If your [IIAB software](https://download.iiab.io/) is not yet installed, do that e.g. by running `sudo iiab` and following any on-screen instructions — until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. +3. If your [IIAB software](https://download.iiab.io/) is _not_ yet installed, do that e.g. by running `sudo iiab` and following any on-screen instructions — until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. When that's complete, skip to Step 5. -4. If your IIAB software is already installed, make sure your IIAB is online. +4. If your IIAB software _is_ already installed, make sure your IIAB is online. Now register the IIAB device to your remote.it account, by running `sudo iiab-remoteit` (this also enables remote.it on your IIAB). From 0e14f1c83823ce183dd4dc9a00e517170e0c65b5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Apr 2022 11:21:06 -0400 Subject: [PATCH 0190/1758] remoteit/README.md: Grammar tweaks --- roles/remoteit/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 444e60d91..62cf4c12e 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -84,7 +84,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 3. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these [screenshots](https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device). - SUMMARY: One or more [remote.it "Services"](https://support.remote.it/hc/en-us/articles/360060992631-Services) needs to be authorized (registered) to allow remote access to your IIAB device. + SUMMARY: One or more [remote.it "Services"](https://support.remote.it/hc/en-us/articles/360060992631-Services) need to be authorized (registered) to allow remote access to your IIAB device. EXAMPLES: Add an SSH Service on port 22 and/or add an HTTP Service on port 80 ([screenshot guide](https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop)). @@ -128,7 +128,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 5. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these [screenshots](https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device). - SUMMARY: One or more [remote.it "Services"](https://support.remote.it/hc/en-us/articles/360060992631-Services) needs to be authorized (registered) to allow remote access to your IIAB device. + SUMMARY: One or more [remote.it "Services"](https://support.remote.it/hc/en-us/articles/360060992631-Services) need to be authorized (registered) to allow remote access to your IIAB device. EXAMPLES: Add an SSH Service on port 22 and/or add an HTTP Service on port 80 ([screenshot guide](https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop)). From 1a9025050085f394cce9d8f1caaaaf523da52a33 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Apr 2022 23:46:13 -0400 Subject: [PATCH 0191/1758] remoteit/README.md: Clear(er) Instructions --- roles/remoteit/README.md | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 62cf4c12e..489af24fb 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -22,15 +22,17 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is already installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. -1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB. +1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB: - Hit `[Enter]` if this is a fresh install, to quickly generate a claim code for your IIAB. + - Hit [Enter] if this is a fresh install, to quickly generate a claim code for your IIAB. - (The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install).) + The claim code must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install) (Step 2., below). - NOTE: If a remote.it license key is found in `/etc/iiab/local_vars.yml` or `/etc/remoteit/registration`, that will be tried first (prior to generating a claim code). + Just FYI a copy is also put in: `/etc/remoteit/config.json` - *If the license key works, you will not get a claim code (as the IIAB device auto-registers to your remote.it account) and you can skip to Step 3.* + - EXCEPTION: If a remote.it license key happens to be found in `/etc/iiab/local_vars.yml` or `/etc/remoteit/registration`, that will be tried first (prior to, and instead of generating a claim code). + + *If the license key works, you will not get a claim code (as the IIAB device auto-registers to your remote.it account) so jump to Step 5. in OPTION #2.* if this is a fresh install, to quickly generate a claim code for your IIAB. + - Hit [Enter] (repeatedly if necessary, to accept all defaults) to quickly generate a claim code for your IIAB. The claim code must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install) (Step 2., below). Just FYI a copy is also put in: `/etc/remoteit/config.json` - - EXCEPTION: If a remote.it license key happens to be found in `/etc/iiab/local_vars.yml` or `/etc/remoteit/registration`, that will be tried first (prior to, and instead of generating a claim code). + - EXCEPTION #1: If a remote.it license key happens to be found in `/etc/iiab/local_vars.yml` or `/etc/remoteit/registration`, that will be tried first (prior to, and instead of generating a claim code). *If the license key works, you will not get a claim code (as the IIAB device auto-registers to your remote.it account) so jump to Step 5. in OPTION #2.* + - EXCEPTION #2: If you have an existing `/etc/remoteit/config.json` you will be given the option to try that (e.g. if you already registered the IIAB device to your remote.it account). + + *Verify that by jumping to Step 5. in OPTION #2.* + "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. @@ -29,18 +29,18 @@ See our [Tech Docs Wiki](https://github.com/iiab/iiab/wiki) for more about the u After you've installed the software, you should [add content](https://github.com/iiab/iiab/wiki/IIAB-Installation#add-content), which can of course take time when downloading multi-gigabyte Content Packs! -Finally, you can [customize your Internet-in-a-Box home page](http://FAQ.IIAB.IO#How_do_I_customize_my_Internet-in-a-Box_home_page.3F) (typically http://box or http://box.lan) using our **drag-and-drop** Admin Console (http://box.lan/admin) — to arrange Content Packs and IIAB Apps (services) for your local community's needs. +Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab.io/go/FAQ#How_do_I_customize_my_Internet-in-a-Box_home_page.3F) (typically http://box or http://box.lan) using our **drag-and-drop** Admin Console (http://box.lan/admin) — to arrange Content Packs and IIAB Apps (services) for your local community's needs. ## Community Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds! -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](http://FAQ.IIAB.IO#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO) +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](http://FAQ.IIAB.IO#What_technical_documentation_exists.3F)" -FYI we use [Ansible](http://FAQ.IIAB.IO#What_is_Ansible_and_what_version_should_I_use.3F) to install, deploy, configure and manage the various software components. +To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists.3F)" +FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) to install, deploy, configure and manage the various software components. *Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* From 20758b8fe419a2adf7f35127f868c05720dff43b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Apr 2022 21:20:40 -0400 Subject: [PATCH 0201/1758] remoteit/README.md: Clarify OPTION #2 steps (i.e. license key approach) --- roles/remoteit/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 2479f8384..ff109a44c 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -110,11 +110,11 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s (And verify that `remoteit_install: True` is set.) -3. If your [IIAB software](https://download.iiab.io/) is _not_ yet installed, do that e.g. by running `sudo iiab` and following any on-screen instructions — until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. +3. If your [IIAB software](https://download.iiab.io/) is _not yet installed,_ do that e.g. by running `sudo iiab` and following any on-screen instructions — until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. When that's complete, skip to Step 5. -4. If your IIAB software _is_ already installed, make sure your IIAB is online. +4. If your IIAB software is _already installed,_ make sure your IIAB is online. Now register the IIAB device to your remote.it account, by running `sudo iiab-remoteit` (this also enables remote.it on your IIAB). From e3dde121306348d6f31d78948457167a559d87ed Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Apr 2022 22:18:30 -0400 Subject: [PATCH 0202/1758] moodle/defaults/main.yml: 'moodle_version: 40' --- roles/moodle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 23be708e0..87087e48e 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -7,7 +7,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -moodle_version: 311 +moodle_version: 40 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From 79428f0061d74fe3cca885473dfa04dea1bae1b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Apr 2022 22:39:08 -0400 Subject: [PATCH 0203/1758] New branch name+numbering scheme: MOODLE_400_STABLE --- roles/moodle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 87087e48e..d04d05006 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -7,7 +7,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -moodle_version: 40 +moodle_version: 400 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From b4495f1ee21882914b7b870627a7650d57d8b532 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Apr 2022 23:19:46 -0400 Subject: [PATCH 0204/1758] Mention Moodle 4.0's new larger size for /opt/iiab/moodle --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index b90c55017..a58598793 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -43,7 +43,7 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~356 MB initially, ~376 MB later) +- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~370 MB initially, ~390 MB later) git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle From 9dae05f4f00fa745aa91b9634e15300e6520e285 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Apr 2022 17:47:24 -0400 Subject: [PATCH 0205/1758] default_vars.yml: 'nodejs_version: 18.x' --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a617b4ae5..41c1fe523 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -420,7 +420,7 @@ mosquitto_port: 1883 # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17 +nodejs_version: 18.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-XX-YY # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 7d97c56ef20e4652ba9721b7955f6274436290a3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Apr 2022 17:47:39 -0400 Subject: [PATCH 0206/1758] nodejs/defaults/main.yml: 'nodejs_version: 18.x' --- roles/nodejs/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodejs/defaults/main.yml b/roles/nodejs/defaults/main.yml index 6bda8c2d4..c3240f310 100644 --- a/roles/nodejs/defaults/main.yml +++ b/roles/nodejs/defaults/main.yml @@ -5,7 +5,7 @@ # nodejs_install: False # nodejs_enabled: False -# nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17 +# nodejs_version: 18.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-XX-YY # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From 909bb37680d1197b4f6e9b5c662b52232e054587 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Apr 2022 11:02:24 -0400 Subject: [PATCH 0207/1758] gitea/tasks/install.yml: Note /library/gitea/bin/gitea-1.16 is ~103MB --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 39e9279f1..2d7463afb 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -43,7 +43,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~102 MB) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~103 MB) get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.15 From 7386419cf463c33c79729ec721f0f18ffe652021 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Apr 2022 11:30:51 -0400 Subject: [PATCH 0208/1758] gitea/tasks/install.yml: Clarify symlink /library/gitea/gitea --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 2d7463afb..427d14e46 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -65,7 +65,7 @@ - name: Symlink {{ gitea_link_path }} -> {{ gitea_install_path }} file: src: "{{ gitea_install_path }}" - path: "{{ gitea_link_path }}" + path: "{{ gitea_link_path }}" # /library/gitea/gitea owner: gitea group: gitea state: link From abfc5e4c75b91936222b92d2ffa39a0cadb8ad65 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Apr 2022 14:16:41 -0400 Subject: [PATCH 0209/1758] FreePBX 16 now officially works with Asterisk 19 (so remove temp patch) --- roles/pbx/tasks/freepbx.yml | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 8e4497618..9a7f34a5a 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -96,17 +96,22 @@ extra_opts: [--strip-components=1] creates: "{{ freepbx_src_dir }}/install" -- name: "FreePBX - 2021-11-06: TEMPORARILY force FreePBX 16 to work with Asterisk 19 - patch /opt/iiab/freepbx/install.php" - replace: - path: /opt/iiab/freepbx/install.php - regexp: 'version_compare\(\$astversion, "19", "ge"\)\) \{$' - replace: 'version_compare($astversion, "20", "ge")) {' - -- name: "FreePBX - 2021-11-06: TEMPORARILY force FreePBX 16 to work with Asterisk 19 - patch /opt/iiab/freepbx/installlib/installcommand.class.php" - replace: - path: /opt/iiab/freepbx/installlib/installcommand.class.php - regexp: 'version_compare\(\$matches\[1\], "19", "ge"\)\) \{$' - replace: 'version_compare($matches[1], "20", "ge")) {' +# No longer needed since approx 2022-01-31 / 2022-02-14, as confirmed by: +# https://github.com/FreePBX/framework/blob/release/16.0/install.php#L27 +# https://github.com/FreePBX/framework/blob/release/16.0/installlib/installcommand.class.php#L300 +# https://community.freepbx.org/t/asterisk-19-working-with-freepbx16/80965/14 +# +# - name: "FreePBX - 2021-11-06: TEMPORARILY force FreePBX 16 to work with Asterisk 19 - patch /opt/iiab/freepbx/install.php" +# replace: +# path: /opt/iiab/freepbx/install.php +# regexp: 'version_compare\(\$astversion, "19", "ge"\)\) \{$' +# replace: 'version_compare($astversion, "20", "ge")) {' +# +# - name: "FreePBX - 2021-11-06: TEMPORARILY force FreePBX 16 to work with Asterisk 19 - patch /opt/iiab/freepbx/installlib/installcommand.class.php" +# replace: +# path: /opt/iiab/freepbx/installlib/installcommand.class.php +# regexp: 'version_compare\(\$matches\[1\], "19", "ge"\)\) \{$' +# replace: 'version_compare($matches[1], "20", "ge")) {' # 2021-08-04: FreePBX 16 no longer needs this FreePBX 15 patch # - name: FreePBX - Patch FreePBX source - IIAB Bug 1685 From e4f793fb3cb567995ed679c23e937f7686ca02a0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Apr 2022 14:35:43 -0400 Subject: [PATCH 0210/1758] pbx/README.adoc: Make Asterisk 19 + FreePBX 16 official, w/ PHP 7.4 --- roles/pbx/README.adoc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index b63d33412..6a3d643f6 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,6 +4,11 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. +As of April 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. + +PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11, or Raspberry Pi OS 11 "Bullseye"]. + +//// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. _PLEASE UNDERSTAND THIS MEANS THAT: IIAB no longer supports FreePBX 15 (Linux with PHP < 7.4, e.g. Raspberry Pi OS 10 "Buster"). Thank you for your understanding, as we look to the future together!_ @@ -11,7 +16,7 @@ _PLEASE UNDERSTAND THIS MEANS THAT: IIAB no longer supports FreePBX 15 (Linux wi _Upcoming:_ IIAB will consider supporting Asterisk 19, on or around its 2021-09-28 expected release date (https://github.com/iiab/iiab/issues/2934[#2934]). _Historical:_ Back in February 2019, IIAB had installed Asterisk 16 and FreePBX 15, e.g. for Ubuntu 18.04, Debian 9 "Stretch" and experimentally, Raspberry Pi (https://github.com/iiab/iiab/issues/1467[#1467]). - +//// == What Asterisk & FreePBX do From 86858fcecfcb1e1b398e52d90d1d5e5186db4d2a Mon Sep 17 00:00:00 2001 From: root Date: Wed, 20 Apr 2022 18:53:18 +0000 Subject: [PATCH 0211/1758] internetarchive/tasks/install.yml: Enforce Node.js <= 18.x --- roles/internetarchive/tasks/install.yml | 6 +++--- roles/nodejs/defaults/main.yml | 2 +- vars/default_vars.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 2e3af8194..4ed845706 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 16.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 18.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('16.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 16.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('18.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 18.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" diff --git a/roles/nodejs/defaults/main.yml b/roles/nodejs/defaults/main.yml index c3240f310..69785399a 100644 --- a/roles/nodejs/defaults/main.yml +++ b/roles/nodejs/defaults/main.yml @@ -5,7 +5,7 @@ # nodejs_install: False # nodejs_enabled: False -# nodejs_version: 18.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-XX-YY +# nodejs_version: 18.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 41c1fe523..ca4fc9d98 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -420,7 +420,7 @@ mosquitto_port: 1883 # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -nodejs_version: 18.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-XX-YY +nodejs_version: 18.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 1fb41333cee4b85bba530ca5435667b73ccba7b5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Apr 2022 16:00:18 -0400 Subject: [PATCH 0212/1758] gitea/tasks/install.yml: Mention current release branch (1.16) --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 427d14e46..820e44868 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -46,7 +46,7 @@ - name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~103 MB) get_url: url: "{{ gitea_download_url }}" - dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.15 + dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16 mode: 0775 timeout: "{{ download_timeout }}" From b2e142224036f3be226c851c13e4c061fde0c1f9 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Apr 2022 04:04:06 +0000 Subject: [PATCH 0213/1758] Stage 6/7 bypass of apps not yet compatible w/ Ubuntu 22.04 (Nextcloud, Kolibri, Moodle, Sugarizer) --- roles/6-generic-apps/tasks/main.yml | 2 +- roles/7-edu-apps/tasks/main.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index f241095f6..152ff6358 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -59,7 +59,7 @@ - name: NEXTCLOUD include_role: name: nextcloud - when: nextcloud_install + when: nextcloud_install and not is_ubuntu_2204 # TEMPORARY - name: WORDPRESS include_role: diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 8f223b1fd..ba3ac6911 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install + when: kolibri_install and not is_ubuntu_2204 # TEMPORARY - name: KIWIX include_role: @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install + when: moodle_install and not is_ubuntu_2204 # TEMPORARY - name: OSM-VECTOR-MAPS include_role: @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install + when: sugarizer_install and not is_ubuntu_2204 # TEMPORARY - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: From a4e72ce7edde494e12a9226d0d992c46d589cddb Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Apr 2022 23:11:59 -0400 Subject: [PATCH 0214/1758] nodejs/tasks/install.yml: Document manual install option (to test freshly released OS's) --- roles/nodejs/tasks/install.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index f2843bc47..f7ce7002d 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -67,6 +67,10 @@ # state: absent # when: internet_available and is_debuntu +# MANUAL INSTALL OPTION "IMMEDIATELY" AFTER ANY OS RELEASE: (e.g. Ubuntu 22.04) +# wget https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/nodejs_18.0.0-deb-1nodesource1_amd64.deb +# apt install ./nodejs_18.0.0-deb-1nodesource1_amd64.deb + - name: Run 'curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - #args: From 2293c9a7b2bb8d1cf9c5c1a089438defced4abdd Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Apr 2022 00:56:15 -0400 Subject: [PATCH 0215/1758] nodejs/tasks/install.yml: Clarify manual install (if nec right after new OS releases) --- roles/nodejs/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index f7ce7002d..b9cdcffa1 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -70,6 +70,7 @@ # MANUAL INSTALL OPTION "IMMEDIATELY" AFTER ANY OS RELEASE: (e.g. Ubuntu 22.04) # wget https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/nodejs_18.0.0-deb-1nodesource1_amd64.deb # apt install ./nodejs_18.0.0-deb-1nodesource1_amd64.deb +# echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml - name: Run 'curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - From 051c2d0fcb824ad8d205aacceafc48e72037ab60 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Apr 2022 12:44:56 -0400 Subject: [PATCH 0216/1758] Recommend ansible-core 2.12.5 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1ab8b42f5..cb5ec6a5f 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.12.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.12.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 9910805f06246530f6730ad28adc962d50cd9c5b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 25 Apr 2022 12:22:01 -0500 Subject: [PATCH 0217/1758] swing git repo back to iiab/master --- roles/osm-vector-maps/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index e32bc6a1c..a0fd7a8be 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -8,10 +8,10 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # The following soft coded variables allow testing, before pulling PR's into master -# osm_repo_url: https://raw.githubusercontent.com/iiab/maps -osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps -#maps_branch: 'master' # Quotes not required -maps_branch: 'maps7.3' +osm_repo_url: https://raw.githubusercontent.com/iiab/maps +maps_branch: 'master' # Quotes not required +#osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps +#maps_branch: 'maps7.3' # soft code sources archive_org_url: https://archive.org/download From 8cd11af3d5d260da39f9df8f50b93d5a0e74facb Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 25 Apr 2022 12:46:14 -0500 Subject: [PATCH 0218/1758] swing regions.json to iiab/master --- roles/osm-vector-maps/tasks/install.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 3bb9e5176..5632c4083 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -16,12 +16,6 @@ dest: "{{ iiab_etc_path }}" # /etc/iiab timeout: "{{ download_timeout }}" -- name: Download {{ iiab_map_url }}/assets/regions.json to {{ iiab_etc_path }} - get_url: - url: "{{ iiab_map_url }}/assets/regions.json" # http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden - dest: "{{ iiab_etc_path }}" - timeout: "{{ download_timeout }}" - # - name: Does 26M cities database {{ vector_map_path }}/viewer/cities1000.sqlite exist? # stat: # path: "{{ vector_map_path }}/viewer/cities1000.sqlite" @@ -35,6 +29,13 @@ timeout: "{{ download_timeout }}" # when: not cities_installed.stat.exists +# At this point, fetches from github.com/georgejhunt/maps from test branch +- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} + get_url: + url: "{{ osm_repo_url }}/master/resources/regions.json" + dest: "{{ iiab_etc_path }}" + timeout: "{{ download_timeout }}" + - name: Symlink {{ doc_root }}/common/assets/map-catalog.json -> /etc/iiab/map-catalog.json file: src: /etc/iiab/map-catalog.json @@ -53,7 +54,6 @@ path: "{{ vector_map_path }}/maplist/assets/regions.json" state: link -# At this point, fetches from github.com/georgejhunt/maps from test branch - name: Download OpenLayers test page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/* to {{ vector_map_path }}/test-page/ -- for test page http://box/osm-vector-maps/installer/ get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/{{ item }}" # https://raw.githubusercontent.com/iiab/maps / master From 17ce6e4fb4ea7adf06a8370266487fcbbf064c30 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 25 Apr 2022 13:51:40 -0500 Subject: [PATCH 0219/1758] notes & to be fixed --- roles/osm-vector-maps/tasks/install.yml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 5632c4083..8f4c863fe 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -10,12 +10,6 @@ - "{{ vector_map_path }}/viewer/tiles" - "{{ vector_map_path }}/installer" -- name: Download {{ map_catalog_url }}/map-catalog.json to {{ iiab_etc_path }} - get_url: - url: "{{ map_catalog_url }}/map-catalog.json" # http://download.iiab.io/content/OSM/vector-tiles - dest: "{{ iiab_etc_path }}" # /etc/iiab - timeout: "{{ download_timeout }}" - # - name: Does 26M cities database {{ vector_map_path }}/viewer/cities1000.sqlite exist? # stat: # path: "{{ vector_map_path }}/viewer/cities1000.sqlite" @@ -29,11 +23,10 @@ timeout: "{{ download_timeout }}" # when: not cities_installed.stat.exists -# At this point, fetches from github.com/georgejhunt/maps from test branch -- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} +- name: Download {{ map_catalog_url }}/map-catalog.json to {{ iiab_etc_path }} get_url: - url: "{{ osm_repo_url }}/master/resources/regions.json" - dest: "{{ iiab_etc_path }}" + url: "{{ map_catalog_url }}/map-catalog.json" # http://timmoody.com/iiab-files/maps + dest: "{{ iiab_etc_path }}" # /etc/iiab timeout: "{{ download_timeout }}" - name: Symlink {{ doc_root }}/common/assets/map-catalog.json -> /etc/iiab/map-catalog.json @@ -48,12 +41,23 @@ path: "{{ vector_map_path }}/test-page/assets/map-catalog.json" state: link +# regions.json is out of sync atm.. +#- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} +# get_url: {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json + +- name: Download {{ iiab_map_url }}/assets/regions.json to {{ iiab_etc_path }} + get_url: + url: "{{ iiab_map_url }}/assets/regions.json" + dest: "{{ iiab_etc_path }}" + timeout: "{{ download_timeout }}" + - name: Symlink {{ vector_map_path }}/maplist/assets/regions.json -> /etc/iiab/regions.json file: src: /etc/iiab/regions.json path: "{{ vector_map_path }}/maplist/assets/regions.json" state: link +# At this point, fetches from github.com/'REPO'/maps from maps_branch - name: Download OpenLayers test page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/* to {{ vector_map_path }}/test-page/ -- for test page http://box/osm-vector-maps/installer/ get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/{{ item }}" # https://raw.githubusercontent.com/iiab/maps / master From 6a8d50aabcc6f701b88dc11bff652fe71c677806 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 25 Apr 2022 22:52:44 -0500 Subject: [PATCH 0220/1758] move apt install --- roles/osm-vector-maps/tasks/install.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 8f4c863fe..b14c58630 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -10,6 +10,16 @@ - "{{ vector_map_path }}/viewer/tiles" - "{{ vector_map_path }}/installer" +- name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" + package: + state: present + name: + - python3-geojson + - python3-pil + - python3-wget + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-sqlite3 + # - name: Does 26M cities database {{ vector_map_path }}/viewer/cities1000.sqlite exist? # stat: # path: "{{ vector_map_path }}/viewer/cities1000.sqlite" @@ -187,16 +197,6 @@ force: yes timeout: "{{ download_timeout }}" -- name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" - package: - state: present - name: - - python3-geojson - - python3-pil - - python3-wget - #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-sqlite3 - - name: Copy 6 scripts to /usr/bin, for downloading tiles (0755) get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/scripts/{{ item }}" From 73d912fb4c4868bcee66039a98153e4f922e43e6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 25 Apr 2022 23:29:51 -0500 Subject: [PATCH 0221/1758] swing to osm_repo_url --- roles/osm-vector-maps/tasks/install.yml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index b14c58630..61c3c7e25 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -26,16 +26,16 @@ # register: cities_installed # - name: If not, download {{ iiab_map_url }}/regional-resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ -- name: Download 26M {{ iiab_map_url }}/regional-resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ +- name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: - url: "{{ iiab_map_url }}/regional-resources/cities1000.sqlite" + url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/cities1000.sqlite" dest: "{{ vector_map_path }}/viewer/" timeout: "{{ download_timeout }}" # when: not cities_installed.stat.exists -- name: Download {{ map_catalog_url }}/map-catalog.json to {{ iiab_etc_path }} +- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/map-catalog.json to {{ iiab_etc_path }} get_url: - url: "{{ map_catalog_url }}/map-catalog.json" # http://timmoody.com/iiab-files/maps + url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/map-catalog.json" dest: "{{ iiab_etc_path }}" # /etc/iiab timeout: "{{ download_timeout }}" @@ -51,13 +51,9 @@ path: "{{ vector_map_path }}/test-page/assets/map-catalog.json" state: link -# regions.json is out of sync atm.. -#- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} -# get_url: {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json - -- name: Download {{ iiab_map_url }}/assets/regions.json to {{ iiab_etc_path }} +- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} get_url: - url: "{{ iiab_map_url }}/assets/regions.json" + url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json" dest: "{{ iiab_etc_path }}" timeout: "{{ download_timeout }}" From 4ea85bc52526e262f5d3f972cb9c5b32be0c06f6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 26 Apr 2022 00:03:15 -0500 Subject: [PATCH 0222/1758] swing note --- roles/osm-vector-maps/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 61c3c7e25..028d98518 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -26,6 +26,7 @@ # register: cities_installed # - name: If not, download {{ iiab_map_url }}/regional-resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ +# At this point, fetches from github.com/'REPO'/maps from maps_branch - name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/cities1000.sqlite" @@ -63,7 +64,6 @@ path: "{{ vector_map_path }}/maplist/assets/regions.json" state: link -# At this point, fetches from github.com/'REPO'/maps from maps_branch - name: Download OpenLayers test page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/* to {{ vector_map_path }}/test-page/ -- for test page http://box/osm-vector-maps/installer/ get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/{{ item }}" # https://raw.githubusercontent.com/iiab/maps / master From 0c5e477653890f0c79c547d68c2bfc6ba498a61e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 26 Apr 2022 00:13:04 -0500 Subject: [PATCH 0223/1758] default_vars --- roles/osm-vector-maps/defaults/main.yml | 1 + vars/default_vars.yml | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index a0fd7a8be..5046e2162 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -15,6 +15,7 @@ maps_branch: 'master' # Quotes not required # soft code sources archive_org_url: https://archive.org/download +iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden #map_catalog_url: http://download.iiab.io/content/OSM/vector-tiles map_catalog_url: http://timmoody.com/iiab-files/maps satellite_version: satellite_z0-z9_v3.mbtiles # 2021-12-20: Var unused, but hard-coded in 11 places within https://github.com/iiab/iiab-admin-console -- #3077 discusses map-catalog.json & adm-map-catalog.json diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ca4fc9d98..5956a325d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -488,7 +488,9 @@ osm_vector_maps_install: True osm_vector_maps_enabled: False # Set to "True" to download .mbtiles files from Archive.org (might be slow!) maps_from_internet_archive: False -iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden +osm_repo_url: https://raw.githubusercontent.com/iiab/maps +maps_branch: master # Quotes not required + vector_map_path: "{{ content_base }}/www/osm-vector-maps" # /library/www/osm-vector-maps # MongoDB (/library/dbdata/mongodb) greatly enhances the Sugarizer experience. From 2df70d5555dfe4a10102896644da3536c4b11766 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 26 Apr 2022 00:20:32 -0500 Subject: [PATCH 0224/1758] s/b disabled --- roles/osm-vector-maps/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 5046e2162..5801e0773 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -15,7 +15,7 @@ maps_branch: 'master' # Quotes not required # soft code sources archive_org_url: https://archive.org/download -iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden +#iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden #map_catalog_url: http://download.iiab.io/content/OSM/vector-tiles map_catalog_url: http://timmoody.com/iiab-files/maps satellite_version: satellite_z0-z9_v3.mbtiles # 2021-12-20: Var unused, but hard-coded in 11 places within https://github.com/iiab/iiab-admin-console -- #3077 discusses map-catalog.json & adm-map-catalog.json From be07caca707a79d1def686b0c7ae581d7593735f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 26 Apr 2022 13:56:16 -0500 Subject: [PATCH 0225/1758] regions.json went away https://github.com/iiab/maps/issues/55#issuecomment-1110136033 --- roles/osm-vector-maps/tasks/install.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 028d98518..ffe026695 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -52,17 +52,17 @@ path: "{{ vector_map_path }}/test-page/assets/map-catalog.json" state: link -- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} - get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json" - dest: "{{ iiab_etc_path }}" - timeout: "{{ download_timeout }}" +#- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} +# get_url: +# url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json" +# dest: "{{ iiab_etc_path }}" +# timeout: "{{ download_timeout }}" -- name: Symlink {{ vector_map_path }}/maplist/assets/regions.json -> /etc/iiab/regions.json - file: - src: /etc/iiab/regions.json - path: "{{ vector_map_path }}/maplist/assets/regions.json" - state: link +#- name: Symlink {{ vector_map_path }}/maplist/assets/regions.json -> /etc/iiab/regions.json +# file: +# src: /etc/iiab/regions.json +# path: "{{ vector_map_path }}/maplist/assets/regions.json" +# state: link - name: Download OpenLayers test page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/* to {{ vector_map_path }}/test-page/ -- for test page http://box/osm-vector-maps/installer/ get_url: From 6e657d593aadfa9eb3e9c5d809c890e3e451692a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 27 Apr 2022 12:21:39 -0500 Subject: [PATCH 0226/1758] use new path --- roles/osm-vector-maps/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index ffe026695..f20a99a7f 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -27,16 +27,16 @@ # - name: If not, download {{ iiab_map_url }}/regional-resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ # At this point, fetches from github.com/'REPO'/maps from maps_branch -- name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ +- name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/2022/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/cities1000.sqlite" + url: "{{ osm_repo_url }}/{{ maps_branch }}/2022/cities1000.sqlite" dest: "{{ vector_map_path }}/viewer/" timeout: "{{ download_timeout }}" # when: not cities_installed.stat.exists -- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/map-catalog.json to {{ iiab_etc_path }} +- name: Download {{ osm_repo_url }}/{{ maps_branch }}/2022/map-catalog.json to {{ iiab_etc_path }} get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/map-catalog.json" + url: "{{ osm_repo_url }}/{{ maps_branch }}/2022/map-catalog.json" dest: "{{ iiab_etc_path }}" # /etc/iiab timeout: "{{ download_timeout }}" From 1049d94d4c35875974d84b32f8eafc67a532e7e3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Apr 2022 06:24:42 -0500 Subject: [PATCH 0227/1758] use new path2 --- roles/osm-vector-maps/tasks/install.yml | 8 ++++---- vars/default_vars.yml | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index f20a99a7f..9c304c88c 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -27,16 +27,16 @@ # - name: If not, download {{ iiab_map_url }}/regional-resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ # At this point, fetches from github.com/'REPO'/maps from maps_branch -- name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/2022/cities1000.sqlite to {{ vector_map_path }}/viewer/ +- name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2022/cities1000.sqlite" + url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" dest: "{{ vector_map_path }}/viewer/" timeout: "{{ download_timeout }}" # when: not cities_installed.stat.exists -- name: Download {{ osm_repo_url }}/{{ maps_branch }}/2022/map-catalog.json to {{ iiab_etc_path }} +- name: Download {{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json to {{ iiab_etc_path }} get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2022/map-catalog.json" + url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json" dest: "{{ iiab_etc_path }}" # /etc/iiab timeout: "{{ download_timeout }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 5956a325d..bba0ad763 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -488,9 +488,6 @@ osm_vector_maps_install: True osm_vector_maps_enabled: False # Set to "True" to download .mbtiles files from Archive.org (might be slow!) maps_from_internet_archive: False -osm_repo_url: https://raw.githubusercontent.com/iiab/maps -maps_branch: master # Quotes not required - vector_map_path: "{{ content_base }}/www/osm-vector-maps" # /library/www/osm-vector-maps # MongoDB (/library/dbdata/mongodb) greatly enhances the Sugarizer experience. From a784d5ec2758518e052b70d7d7e05e7546912063 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Apr 2022 08:57:38 -0500 Subject: [PATCH 0228/1758] install fonts to '/viewer/assets/' --- roles/osm-vector-maps/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 9c304c88c..0989ead7f 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -176,10 +176,10 @@ state: link force: yes -- name: Copy fonts (16 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) +- name: Copy fonts (16 files) to {{ vector_map_path }}/viewer/assets/ for the general purpose map viewer (root:root, 0644 by default) copy: src: "{{ item }}" - dest: "{{ doc_root }}/common/fonts/" + dest: "{{ vector_map_path }}/viewer/assets/" # mode: 0644 # owner: root # group: root From 11c8c0df13ee5484bf3a0535bd1d2c25d975ee7b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Apr 2022 12:01:25 -0500 Subject: [PATCH 0229/1758] Revert "install fonts to '/viewer/assets/'" This reverts commit a784d5ec2758518e052b70d7d7e05e7546912063. --- roles/osm-vector-maps/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 0989ead7f..9c304c88c 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -176,10 +176,10 @@ state: link force: yes -- name: Copy fonts (16 files) to {{ vector_map_path }}/viewer/assets/ for the general purpose map viewer (root:root, 0644 by default) +- name: Copy fonts (16 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) copy: src: "{{ item }}" - dest: "{{ vector_map_path }}/viewer/assets/" + dest: "{{ doc_root }}/common/fonts/" # mode: 0644 # owner: root # group: root From 3c928c04a7093da61724d4f14892ce0c996f7a55 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Apr 2022 13:40:16 -0500 Subject: [PATCH 0230/1758] upstream fonts.css does not have mapping to 'common' --- roles/osm-vector-maps/tasks/install.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 9c304c88c..d10220ea0 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -149,7 +149,6 @@ - bboxes.geojson - center.png - countries.json - - fonts.css - ol-layerswitcher.css - ol-contextmenu.css - pin_drop.png @@ -186,6 +185,13 @@ with_fileglob: - fonts/* +- name: Force Symlink {{ doc_root }}/common/fonts/fonts.css -> {{ vector_map_path }}/viewer/assets/fonts.css + file: + src: "{{ doc_root }}/common/fonts/fonts.css" + path: "{{ vector_map_path }}/viewer/assets/fonts.css" + state: link + force: yes + - name: Force Download redirect {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/installer-index.redirect to test page {{ vector_map_path }}/maplist/index.html get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/installer-index.redirect" From 8995a59239beb499f72f9065847cf60639c6ab55 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Apr 2022 14:11:16 -0500 Subject: [PATCH 0231/1758] Update roles/osm-vector-maps/tasks/install.yml Co-authored-by: A Holt --- roles/osm-vector-maps/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index d10220ea0..01aa1c58d 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -185,7 +185,7 @@ with_fileglob: - fonts/* -- name: Force Symlink {{ doc_root }}/common/fonts/fonts.css -> {{ vector_map_path }}/viewer/assets/fonts.css +- name: Force Symlink {{ vector_map_path }}/viewer/assets/fonts.css -> {{ doc_root }}/common/fonts/fonts.css file: src: "{{ doc_root }}/common/fonts/fonts.css" path: "{{ vector_map_path }}/viewer/assets/fonts.css" From cd0777b8b6f05fd2546c1b00db7a583bf0b8be48 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 28 Apr 2022 18:04:37 -0400 Subject: [PATCH 0232/1758] Revert "upstream fonts.css does not have mapping to 'common'" --- roles/osm-vector-maps/tasks/install.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 01aa1c58d..9c304c88c 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -149,6 +149,7 @@ - bboxes.geojson - center.png - countries.json + - fonts.css - ol-layerswitcher.css - ol-contextmenu.css - pin_drop.png @@ -185,13 +186,6 @@ with_fileglob: - fonts/* -- name: Force Symlink {{ vector_map_path }}/viewer/assets/fonts.css -> {{ doc_root }}/common/fonts/fonts.css - file: - src: "{{ doc_root }}/common/fonts/fonts.css" - path: "{{ vector_map_path }}/viewer/assets/fonts.css" - state: link - force: yes - - name: Force Download redirect {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/installer-index.redirect to test page {{ vector_map_path }}/maplist/index.html get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/installer-index.redirect" From 9addfd2564d8ed6391229ee55b35eb270d85c7cf Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 28 Apr 2022 22:53:26 -0400 Subject: [PATCH 0233/1758] calibre-web/tasks/install.yml: venv context refresher course --- roles/calibre-web/tasks/install.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 73f945746..8616674e6 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -48,6 +48,14 @@ virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv_site_packages: no virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} +# VIRTUALENV EXAMPLE COMMANDS: +# cd /usr/local/calibre-web-py3 +# source bin/activate +# python3 -m pip list +# python3 -m pip freeze > /tmp/requirements.txt +# python3 -m pip install -r requirements.txt +# deactivate +# https://pip.pypa.io/en/latest/user_guide/#requirements-files - name: Install /etc/systemd/system/calibre-web.service from template template: From e189db998c57badb798c8c4036faaec060aa45b5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 29 Apr 2022 13:53:31 -0400 Subject: [PATCH 0234/1758] vars/local_vars_unittest.yml: 'download_timeout: 100' (not 200) --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 48226893a..585277444 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -13,7 +13,7 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails -download_timeout: 200 +download_timeout: 100 # Real-time clock: set RTC chip family here. Future auto-detection plausible? rtc_id: none # Or ds3231 ? From dea315627d260df6ecf50366d21c9185bd2f12cb Mon Sep 17 00:00:00 2001 From: root Date: Fri, 29 Apr 2022 15:35:23 -0400 Subject: [PATCH 0235/1758] Workaround to induce remote.it install on Linux Mint --- roles/remoteit/tasks/install.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index da9c1a594..cf741ccf0 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -61,6 +61,14 @@ # apt: # deb: "{{ remoteit_device_url }}" +# 2022-04-29: https://downloads.remote.it/remoteit/install_agent.sh refuses to +# install on Mint as "ID_LIKE=ubuntu" in /etc/os-release is lowercase. So we +# add a tag with the word 'Ubuntu' containing an uppercase 'U' as a workaround. +# (This hack can later be removed, if remote.it adjusts install_agent.sh above) +- name: If Linux Mint, add "IIAB_LIKE=Ubuntu" to /etc/os-release to force install of remote.it + shell: echo "IIAB_LIKE=Ubuntu" >> /etc/os-release + when: is_linuxmint + # - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh From 2dd7a54ae78f1f5501c297264a5e19a2d442b089 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 29 Apr 2022 16:00:28 -0400 Subject: [PATCH 0236/1758] remoteit/tasks/install.yml: Refine PR #3201 using Ansible not bash --- roles/remoteit/tasks/install.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index cf741ccf0..ee838b9d3 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -66,7 +66,10 @@ # add a tag with the word 'Ubuntu' containing an uppercase 'U' as a workaround. # (This hack can later be removed, if remote.it adjusts install_agent.sh above) - name: If Linux Mint, add "IIAB_LIKE=Ubuntu" to /etc/os-release to force install of remote.it - shell: echo "IIAB_LIKE=Ubuntu" >> /etc/os-release + # shell: echo "IIAB_LIKE=Ubuntu" >> /etc/os-release + lineinfile: + path: /etc/os-release + line: IIAB_LIKE=Ubuntu when: is_linuxmint # - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h From df84c45b28784b83951fe50b1d99c5613978a5f6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 29 Apr 2022 17:20:43 -0400 Subject: [PATCH 0237/1758] roles/remoteit/README.md: Faster URL for FAQ.IIAB.IO --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index ff109a44c..11b2d281b 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -4,7 +4,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/r As of [April 2022](https://remote.it/pricing/), 5 IIAB devices can be managed for free, and an unlimited number can be managed for $6/month. -For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" +For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" ## Getting Started From 784c9d111af93d94da52ecd89239a23779e8d097 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Fri, 29 Apr 2022 20:45:38 -0400 Subject: [PATCH 0238/1758] copy fonts.css to maps assets --- roles/osm-vector-maps/tasks/install.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 9c304c88c..556be53a2 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -149,7 +149,7 @@ - bboxes.geojson - center.png - countries.json - - fonts.css + # - fonts.css - ol-layerswitcher.css - ol-contextmenu.css - pin_drop.png @@ -176,7 +176,7 @@ state: link force: yes -- name: Copy fonts (16 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) +- name: Copy noto-sans fonts (15 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) copy: src: "{{ item }}" dest: "{{ doc_root }}/common/fonts/" @@ -184,7 +184,12 @@ # owner: root # group: root with_fileglob: - - fonts/* + - fonts/noto-sans* + +- name: copy fonts.css to {{ vector_map_path }}/viewer/assets + copy: + src: fonts/fonts.css + dest: "{{ vector_map_path }}/viewer/assets/fonts.css" - name: Force Download redirect {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/installer-index.redirect to test page {{ vector_map_path }}/maplist/index.html get_url: From 748f9ec110966f98326e116b3f40651b6fcd8c83 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sat, 30 Apr 2022 07:07:09 -0400 Subject: [PATCH 0239/1758] Add initial draft of Matomo role --- roles/matomo/tasks/install.yml | 137 +++++++++++++++++++++++++++++++++ roles/matomo/tasks/main.yml | 9 +++ 2 files changed, 146 insertions(+) create mode 100644 roles/matomo/tasks/install.yml create mode 100644 roles/matomo/tasks/main.yml diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml new file mode 100644 index 000000000..53b2838f1 --- /dev/null +++ b/roles/matomo/tasks/install.yml @@ -0,0 +1,137 @@ +- name: Start MariaDB + action: service name=mysql state=started +- name: Create MariaDB Database for Matomo + community.mysql.mysql_db: + name: "{{ mdb_dbname }}" + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock +- name: Add Admin User to MariaDB Database + community.mysql.mysql_user: + name: "{{ mdb_username }}" + password: "{{ mdb_password }}" + host: localhost + state: present + update_password: on_create + priv: "{{ mdb_dbname }}.*:ALL" + login_unix_socket: /var/run/mysqld/mysqld.sock +- name: Download and Extract Matomo + unarchive: + src: https://builds.matomo.org/matomo.zip + dest: /var/www/html + remote_src: yes + creates: /var/www/html/matomo +- name: Set Matomo Directory Permissions + file: + path: /var/www/html/matomo + recurse: yes + owner: www-data + group: www-data +- name: HTTP Get Welcome + uri: + url: "{{ matomo_url }}index.php?action=welcome" + method: GET + status_code: 200 + register: matomo_welcome +- name: Set a variable for the MATOMO_SESSID cookie + set_fact: + matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" + when: cookie.key == "MATOMO_SESSID" + loop: "{{ matomo_welcome.cookies | dict2items }}" + loop_control: + loop_var: cookie +- name: Get Matomo System Check + uri: + url: "{{matomo_url}}index.php?action=systemCheck" + method: GET + headers: + Cookie: "{{ matomo_session_cookie }}" + return_content: true + timeout: 120 + status_code: 200 + register: matomo_system_check +- name: Matomo Database Setup + uri: + url: "{{ matomo_url }}index.php?action=databaseSetup" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + username: "{{ mdb_username }}" + password: "{{ mdb_password }}" + dbname: "{{ mdb_dbname }}" + adapter: "PDO\\MYSQL" + body_format: form-urlencoded + status_code: 302 + register: matomo_database_setup +- name: Matomo Table Creation + uri: + url: "{{ matomo_url }}index.php?action=tablesCreation&module=Installation" + method: GET + status_code: 200 + register: matomo_table_creation +- name: Matomo User Setup + uri: + url: "{{ matomo_url }}index.php?action=setupSuperUser&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + login: "{{ mdb_username }}" + password: "{{ mdb_password }}" + password_bis: "{{ mdb_password }}" + e-mail: "nobody@dev.null" + subscribe_newsletter_piwikorg: 0 + subscribe_newsletter_professionalservices: 0 + body_format: form-urlencoded + status_code: 302 + register: matomo_setup_superuser +- name: Configure Matomo to track IIAB + uri: + url: "{{ matomo_url }}index.php?action=firstWebsiteSetup&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + name: "IIAB" + url: "host_url" + timezone: "Europe/London" + ecommerce: 0 + body_format: form-urlencoded + status_code: 302 + register: matomo_first_website_setup +- name: Matomo Tracking Code + uri: + url: "{{ matomo_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name=http://10.0.0.72" + method: GET + headers: + Cookie: "{{ matomo_session_cookie }}" + return_content: true + status_code: 200 + register: matomo_tracking_code +- name: Finish Matomo Setup + uri: + url: "{{ matomo_url }}index.php?action=finished&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + do_not_track: 1 + anonymise_ip: 1 + submit: "Continue to Matomo" + body_format: form-urlencoded + status_code: 302 +- name: Start Collecting Matomo Data + cron: + name: "MatomoDataIngestionOnReboot" + special_time: reboot + job: "{{ matomo_cronjob }}" + user: root + cron_file: "matomo_reboot" +- name: Run Daily Job Collecting Matomo Data + cron: + name: "DailyMatomoDataIngestion" + minute: "0" + hour: "0" + job: "{{ matomo_cronjob }}" + user: root + cron_file: "matomo_daily" diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml new file mode 100644 index 000000000..a11d20b5f --- /dev/null +++ b/roles/matomo/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Install Matomo main + include_tasks: install.yml + vars: + mdb_dbname: "matomodb" + mdb_username: "mariadb_admin" + mdb_password: "pw_set_by_ansible" + host_url: "http://{{ ansible_default_ipv4.address}}" + matomo_url: "{{ host_url }}/matomo/" + matomo_cronjob: "sudo python3 /library/www/html/matomo/misc/log-analytics/import_logs.py --url={{ matomo_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log" From 74250b9dc8bb66ea7b08b0d3bdd4f9afe4ba3719 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 30 Apr 2022 11:48:47 -0400 Subject: [PATCH 0240/1758] osm-vector-maps: Lint + clarify for readability e.g. map_installer_url --- roles/osm-vector-maps/defaults/main.yml | 35 +++++++++----- roles/osm-vector-maps/tasks/install.yml | 63 +++++++++---------------- 2 files changed, 44 insertions(+), 54 deletions(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 5801e0773..984009c6e 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -1,23 +1,32 @@ # osm_vector_maps_install: True # osm_vector_maps_enabled: True -# iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden -# vector_map_path: "{{ content_base }}/www/osm-vector-maps" +# maps_from_internet_archive: False +# vector_map_path: "{{ content_base }}/www/osm-vector-maps" # /library/www/osm-vector-maps # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# The following soft coded variables allow testing, before pulling PR's into master -osm_repo_url: https://raw.githubusercontent.com/iiab/maps -maps_branch: 'master' # Quotes not required -#osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps -#maps_branch: 'maps7.3' -# soft code sources -archive_org_url: https://archive.org/download -#iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden -#map_catalog_url: http://download.iiab.io/content/OSM/vector-tiles -map_catalog_url: http://timmoody.com/iiab-files/maps -satellite_version: satellite_z0-z9_v3.mbtiles # 2021-12-20: Var unused, but hard-coded in 11 places within https://github.com/iiab/iiab-admin-console -- #3077 discusses map-catalog.json & adm-map-catalog.json +# Pulls in ~38 files thx to @jvonau's #3192 -- change these 2 during testing: +osm_repo_url: https://raw.githubusercontent.com/iiab/maps +maps_branch: master # Quotes not required +#osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps +#maps_branch: maps7.3 + +# 2022-04-30 -- Bluehost (timmoody.com) has become extremely slow! +#map_installer_url: http://timmoody.com/iiab-files/maps +map_installer_url: http://download.iiab.io/content/OSM/vector-tiles + installer_planet: planet_z0-z6_2020.mbtiles installer_satellite: satellite_z0-z6_2020.mbtiles + + +# 2022-04-30 WIP -- CLI approach to installing larger .mbtiles OSM "continents" a.k.a. regions: +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region +# 2022-04-30 WIP -- This var might be used in future: (with boolean var maps_from_internet_archive) +archive_org_url: https://archive.org/download + + +# 2022-04-30 -- Unused, but URL illustrates legacy approach: +#iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 556be53a2..c42473a21 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -1,3 +1,13 @@ +- name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" + package: + state: present + name: + - python3-geojson + - python3-pil + - python3-wget + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-sqlite3 + - name: Make 5 directories (0755 by default) file: path: "{{ item }}" @@ -10,29 +20,12 @@ - "{{ vector_map_path }}/viewer/tiles" - "{{ vector_map_path }}/installer" -- name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" - package: - state: present - name: - - python3-geojson - - python3-pil - - python3-wget - #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-sqlite3 - -# - name: Does 26M cities database {{ vector_map_path }}/viewer/cities1000.sqlite exist? -# stat: -# path: "{{ vector_map_path }}/viewer/cities1000.sqlite" -# register: cities_installed - -# - name: If not, download {{ iiab_map_url }}/regional-resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ -# At this point, fetches from github.com/'REPO'/maps from maps_branch - name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" + url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" # e.g. https://raw.githubusercontent.com/iiab/maps + / + master + ... dest: "{{ vector_map_path }}/viewer/" timeout: "{{ download_timeout }}" -# when: not cities_installed.stat.exists + - name: Download {{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json to {{ iiab_etc_path }} get_url: @@ -52,17 +45,6 @@ path: "{{ vector_map_path }}/test-page/assets/map-catalog.json" state: link -#- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} -# get_url: -# url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json" -# dest: "{{ iiab_etc_path }}" -# timeout: "{{ download_timeout }}" - -#- name: Symlink {{ vector_map_path }}/maplist/assets/regions.json -> /etc/iiab/regions.json -# file: -# src: /etc/iiab/regions.json -# path: "{{ vector_map_path }}/maplist/assets/regions.json" -# state: link - name: Download OpenLayers test page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/* to {{ vector_map_path }}/test-page/ -- for test page http://box/osm-vector-maps/installer/ get_url: @@ -74,7 +56,6 @@ - index.html - name: Download OpenLayers viewer page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/build/* to {{ vector_map_path }}/viewer/ -# At this point, fetches from github.com/iiab/maps from {{ maps_branch }} branch get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/build/{{ item }}" dest: "{{ vector_map_path }}/viewer/" @@ -95,9 +76,10 @@ - searchapi.php - tileserver.php -- name: Download 34MB {{ map_catalog_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer + +- name: Download 48MB {{ map_installer_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer get_url: - url: "{{ map_catalog_url }}/{{ installer_planet }}" + url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. http://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/installer/" timeout: "{{ download_timeout }}" @@ -113,12 +95,13 @@ path: "{{ vector_map_path }}/viewer/tiles/{{ installer_planet }}" state: link -- name: Download abbreviated satellite images from {{ map_catalog_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ +- name: Download 25MB {{ map_installer_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ -- basic satellite photos get_url: - url: "{{ map_catalog_url }}/{{ installer_satellite }}" + url: "{{ map_installer_url }}/{{ installer_satellite }}" # e.g. satellite_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/viewer/tiles/" timeout: "{{ download_timeout }}" + - name: Download {index.html, installer-bundle.js} from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/installer/build/* to {{ vector_map_path }}/installer/ -- for map installer get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/installer/build/{{ item }}" @@ -139,7 +122,6 @@ - installer-functions.js - tileserver.php -# the following was changed to grab from the iiab/maps repo - name: Download 15 common assets from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/assets/* to {{ vector_map_path }}/viewer/assets/ -- for the general purpose map viewer get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/assets/{{ item }}" @@ -176,20 +158,19 @@ state: link force: yes + - name: Copy noto-sans fonts (15 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) copy: src: "{{ item }}" dest: "{{ doc_root }}/common/fonts/" - # mode: 0644 - # owner: root - # group: root with_fileglob: - fonts/noto-sans* -- name: copy fonts.css to {{ vector_map_path }}/viewer/assets +- name: Copy fonts.css to {{ vector_map_path }}/viewer/assets/ copy: src: fonts/fonts.css - dest: "{{ vector_map_path }}/viewer/assets/fonts.css" + dest: "{{ vector_map_path }}/viewer/assets/" + - name: Force Download redirect {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/installer-index.redirect to test page {{ vector_map_path }}/maplist/index.html get_url: From 763dea95573303c01743db5f8442693d3878bf0b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 12:16:39 -0400 Subject: [PATCH 0241/1758] Avoid comment repetition of e.g. {{ osm_repo_url }}/{{ maps_branch }} for PR #3204 --- roles/osm-vector-maps/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index c42473a21..65b261718 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -48,7 +48,7 @@ - name: Download OpenLayers test page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/* to {{ vector_map_path }}/test-page/ -- for test page http://box/osm-vector-maps/installer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/{{ item }}" # https://raw.githubusercontent.com/iiab/maps / master + url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/{{ item }}" dest: "{{ vector_map_path }}/test-page/" timeout: "{{ download_timeout }}" with_items: From f13d98a404cbacf676fb7992098fe99ca2f73e3e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 21:03:20 -0400 Subject: [PATCH 0242/1758] Begin updating osm-vector-maps/README.md e.g. "How to upgrade IIAB Maps" (ENTIRELY AT YOUR OWN RISK) --- roles/osm-vector-maps/README.md | 48 ++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 1aff222c9..816f8cbbb 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -1,13 +1,13 @@ -## What's New with IIAB Maps in IIAB 7.2? +## What's New with IIAB Maps? -1. If you install [IIAB 7.2](https://github.com/iiab/iiab/wiki/IIAB-7.2-Release-Notes) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps), a new **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-72-), separate from IIAB's Admin Console: +1. If you install [IIAB 8.0](https://github.com/iiab/iiab/wiki/IIAB-8.0-Release-Notes) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps), an **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-72-), separate from IIAB's Admin Console: 1. This [very visual page](https://user-images.githubusercontent.com/2458907/94740848-46c4eb00-0341-11eb-93ea-e3e4758dce48.png) facilitates selecting/downloading/installing of Map Pack(s) for your favorite "continent(s)". (SEE 2. BELOW) 2. If you've installed at least one Map Pack, you can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) 3. All these downloads can now happen 10X to 100X faster, thanks to [PR #38](https://github.com/iiab/maps/pull/38) ! 2. **Map Packs** no longer bundle both data and program in a .zip file. All Map Packs are really now just a collection of 3 .mbtiles files: 1. The main focus of a Map Pack remains Hi-Res Vector Map data from OpenStreetMap, for your selected "continent" — but Lo-Res vector map tiles (1.74GB .mbtiles) and Lo-Res satellite photos (932MB .mbtiles) are also included for the entire planet. Read more at: https://github.com/iiab/iiab/wiki/IIAB-Maps - 2. Every Map Pack's OSM vector tile data (originally from 2017) was updated to [September 2019](https://archive.org/details/osm-vector-mbtiles). + 2. Every Map Pack's OSM vector tile data (originally from 2017, and then September 2019) was updated to [November 2020](https://archive.org/details/osm-vector-mbtiles). 3. The world view (planetwide OSM vector maps included with all Map Packs) increased zoom levels from 0-9 to 0-10 (1.74GB osm-planet_z0-z10_2019.mbtiles) so that city search is successful more of the time. 4. Multiple Map Packs can be downloaded/installed (one "continent" at a time). However this can waste disk space with duplicate data, and potentially cause rendering slowness in areas where Map Packs overlap ("continent" bounding boxes have been designed to overlap on purpose, so multiple Map Packs are rarely necessary!) @@ -17,8 +17,8 @@ 3. Multiple Hi-Res Satellite Photo Regions can be downloaded/installed (one "square" region at a time, thankfully duplicate disk space is avoided when such "squares" overlap!) 4. Some variables have newer meanings: - 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) means install the map program and 7 levels of zoom (about 40MB ?) - 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) is once again standardized, solving #2484 install delays. + 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) means install the map program and 7 basic levels of zoom (48MB for OSM + 25 MB for satellite photos). + 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) is once again standardized, solving #2484 install delays. 3. `osm_vector_maps_installed` in `/etc/iiab/iiab_state.yml` means a functioning world map with 7 levels of zoom (z0-z6) has been installed — i.e. a preview of IIAB's mapping system that helps you select Maps Pack(s) and Hi-Res Satellite Photo Region(s) to download and install on your IIAB. (SEE 1. ABOVE) 5. **Drag-and-Drop Map Overlays** — try this by dragging and dropping any relevant GeoJSON file onto the IIAB Maps (http://box/maps) in your browser! For example try this GeoJSON file, to explore the shape of gerrymandered US Congressional districts: https://eric.clst.org/assets/wiki/uploads/Stuff/gz_2010_us_500_11_20m.json @@ -26,15 +26,31 @@ #### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps -#### Notes on upgrading from maps 7.2 to maps 7.3 +#### How to upgrade IIAB Maps + -The format of the map-catalog.json has changed. And the programs need to be updated also. This can be accomplished by the following: -``` - cd /library/www/ - rm -rf osm-vector-maps/ - vim /etc/iiab/iiab_state.yml (and delete the line osm-vector-maps) - git remote add ghunt git@github.com:/georgejhunt/iiab - git fetch --all - git checkout -b maps7.3 ghunt/maps7.3 - ./runroles osm-vector-maps -``` +In April 2022, IIAB revised `/etc/iiab/map-catalog.json`, `/library/www/html/common/assets/adm-map-catalog.json`, associated programs, and OSM continent/region `.mbtiles` files. + +_It's best to start fresh with a new install of IIAB if you want the latest maps!_ + +Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run the following — to attempt to delete your existing maps — and then add new IIAB Maps: + + ``` + sudo rm -rf /library/www/osm-vector-maps + cd /opt/iiab/iiab + sudo git pull + sudo ./runrole --reinstall osm-vector-maps + sudo iiab-install-map-region .mbtiles + ``` + +Where `.mbtiles` is one of the major region files (with "2020" in its filename) that you choose from: http://timmoody.com/iiab-files/maps/ + + From c7ebf5752f3b0372e8599f4b78a98c23c6b82e28 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 22:03:54 -0400 Subject: [PATCH 0243/1758] osm-vector-maps/README.md: Update 1.2G + 2.0G filenames/sizes, outline d/l speedup options, etc --- roles/osm-vector-maps/README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 816f8cbbb..8c07295d4 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -2,18 +2,19 @@ 1. If you install [IIAB 8.0](https://github.com/iiab/iiab/wiki/IIAB-8.0-Release-Notes) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps), an **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-72-), separate from IIAB's Admin Console: 1. This [very visual page](https://user-images.githubusercontent.com/2458907/94740848-46c4eb00-0341-11eb-93ea-e3e4758dce48.png) facilitates selecting/downloading/installing of Map Pack(s) for your favorite "continent(s)". (SEE 2. BELOW) - 2. If you've installed at least one Map Pack, you can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) - 3. All these downloads can now happen 10X to 100X faster, thanks to [PR #38](https://github.com/iiab/maps/pull/38) ! + 2. You can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) + 3. All these downloads can now happen 10X to 100X faster, thanks to PR's [iiab/maps#38](https://github.com/iiab/maps/pull/38), [iiab/maps#58](https://github.com/iiab/maps/pull/58) and [iiab/iiab-admin-console#478](https://github.com/iiab/iiab-admin-console/pull/478) ! + 4. _When installing OpenStreetMap "continents" (a.k.a. regions), consider either the command-line ([/usr/bin/iiab-install-map-region](https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region)) or the visual alternative provided by IIAB's Admin Console: http://box.lan/admin > Install Content > Get Map Regions._ 2. **Map Packs** no longer bundle both data and program in a .zip file. All Map Packs are really now just a collection of 3 .mbtiles files: - 1. The main focus of a Map Pack remains Hi-Res Vector Map data from OpenStreetMap, for your selected "continent" — but Lo-Res vector map tiles (1.74GB .mbtiles) and Lo-Res satellite photos (932MB .mbtiles) are also included for the entire planet. Read more at: https://github.com/iiab/iiab/wiki/IIAB-Maps + 1. The main focus of a Map Pack remains Hi-Res Vector Map data from OpenStreetMap, for your selected "continent" — but Lo-Res vector map tiles (2.0 GB .mbtiles) and Lo-Res satellite photos (1.2 GB .mbtiles) are also included for the entire planet. Read more at: https://github.com/iiab/iiab/wiki/IIAB-Maps 2. Every Map Pack's OSM vector tile data (originally from 2017, and then September 2019) was updated to [November 2020](https://archive.org/details/osm-vector-mbtiles). - 3. The world view (planetwide OSM vector maps included with all Map Packs) increased zoom levels from 0-9 to 0-10 (1.74GB osm-planet_z0-z10_2019.mbtiles) so that city search is successful more of the time. + 3. The world view (planetwide OSM vector maps included with all Map Packs) increased zoom levels from 0-9 to 0-10 (2.0 GB osm-planet_z0-z10_2020.mbtiles) so that city search is successful more of the time. 4. Multiple Map Packs can be downloaded/installed (one "continent" at a time). However this can waste disk space with duplicate data, and potentially cause rendering slowness in areas where Map Packs overlap ("continent" bounding boxes have been designed to overlap on purpose, so multiple Map Packs are rarely necessary!) 3. **Hi-Res Satellite Photos** can be downloaded/installed for any 100 x 100 km, 300 x 300 km, or 1000 x 1000 km square region (around any map point that you click!) 1. These new Hi-Res Satellite Photo Regions are "squares" with 4 additional levels of satellite photo zoom (i.e. zoom levels 10-13) giving you 16X the resolution (i.e. 19 x 19 m pixels) and 256X more photographic information density. - 2. As compared to Lo-Res Satellite Photos i.e. zoom levels 0-9 (305 x 305 m pixels) everywhere else on the planet (932MB satellite_z0-z9_v3.mbtiles is included with all Map Packs). (SEE 2. ABOVE) + 2. As compared to Lo-Res Satellite Photos i.e. zoom levels 0-9 (305 x 305 m pixels) everywhere else on the planet (1.2 GB satellite_z0-z9_2020.mbtiles is included with all Map Packs). (SEE 2. ABOVE) 3. Multiple Hi-Res Satellite Photo Regions can be downloaded/installed (one "square" region at a time, thankfully duplicate disk space is avoided when such "squares" overlap!) 4. Some variables have newer meanings: From bf4d4cfa85b0db889e12940dede8493571523483 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 22:19:56 -0400 Subject: [PATCH 0244/1758] osm-vector-maps/README.md: Fix top-line link and IIAB install tip --- roles/osm-vector-maps/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 8c07295d4..43e8c1b37 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -1,6 +1,6 @@ ## What's New with IIAB Maps? -1. If you install [IIAB 8.0](https://github.com/iiab/iiab/wiki/IIAB-8.0-Release-Notes) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps), an **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-72-), separate from IIAB's Admin Console: +1. If you install [IIAB 8.0+](https://github.com/iiab/iiab/wiki/IIAB-8.0-Release-Notes) (a pre-release is fine!) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps) an **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-80-), separate from IIAB's Admin Console: 1. This [very visual page](https://user-images.githubusercontent.com/2458907/94740848-46c4eb00-0341-11eb-93ea-e3e4758dce48.png) facilitates selecting/downloading/installing of Map Pack(s) for your favorite "continent(s)". (SEE 2. BELOW) 2. You can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) 3. All these downloads can now happen 10X to 100X faster, thanks to PR's [iiab/maps#38](https://github.com/iiab/maps/pull/38), [iiab/maps#58](https://github.com/iiab/maps/pull/58) and [iiab/iiab-admin-console#478](https://github.com/iiab/iiab-admin-console/pull/478) ! From 76cbe7e5b065f5e2d62d0125efe46c765e7a3f5e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Apr 2022 22:40:55 -0400 Subject: [PATCH 0245/1758] osm-vector-maps/README.md: "How to (wipe and) upgrade IIAB Maps" for PR #3205 --- roles/osm-vector-maps/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 43e8c1b37..4c1ed43cf 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -27,7 +27,7 @@ #### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps -#### How to upgrade IIAB Maps +#### How to (wipe and) upgrade IIAB Maps In April 2022, IIAB revised `/etc/iiab/map-catalog.json`, `/library/www/html/common/assets/adm-map-catalog.json`, associated programs, and OSM continent/region `.mbtiles` files. From 37e750417d0a4d873a8924cfa707564382a78c28 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sun, 1 May 2022 06:09:49 -0400 Subject: [PATCH 0246/1758] Add citation for website interaction section. --- roles/matomo/tasks/install.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 53b2838f1..06fdaa9ed 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -1,3 +1,7 @@ +# The sections of code interacting with the Matomo website are modified from code found at https://git.coop/webarch/matomo/. This code is distributed under +# Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running +# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 29 through 126. + - name: Start MariaDB action: service name=mysql state=started - name: Create MariaDB Database for Matomo From 1f2bd60002d74070d68d19ea1411bb7571a0ae50 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sun, 1 May 2022 06:10:39 -0400 Subject: [PATCH 0247/1758] Update password to IIAB default. --- roles/matomo/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index a11d20b5f..77442e50e 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -2,8 +2,8 @@ include_tasks: install.yml vars: mdb_dbname: "matomodb" - mdb_username: "mariadb_admin" - mdb_password: "pw_set_by_ansible" + mdb_username: "iiab-admin" + mdb_password: "g0adm1n" host_url: "http://{{ ansible_default_ipv4.address}}" matomo_url: "{{ host_url }}/matomo/" matomo_cronjob: "sudo python3 /library/www/html/matomo/misc/log-analytics/import_logs.py --url={{ matomo_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log" From 6eddfd3c90e975611bcc644b5e3c37e533307496 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 May 2022 13:39:40 -0400 Subject: [PATCH 0248/1758] osm-vector-maps/README.md: Catalog links/details for PR #3205 --- roles/osm-vector-maps/README.md | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 4c1ed43cf..5f0f5947f 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -24,15 +24,12 @@ 5. **Drag-and-Drop Map Overlays** — try this by dragging and dropping any relevant GeoJSON file onto the IIAB Maps (http://box/maps) in your browser! For example try this GeoJSON file, to explore the shape of gerrymandered US Congressional districts: https://eric.clst.org/assets/wiki/uploads/Stuff/gz_2010_us_500_11_20m.json - -#### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps - -#### How to (wipe and) upgrade IIAB Maps +#### How to (Wipe and) Upgrade IIAB Maps -In April 2022, IIAB revised `/etc/iiab/map-catalog.json`, `/library/www/html/common/assets/adm-map-catalog.json`, associated programs, and OSM continent/region `.mbtiles` files. +In April 2022, IIAB revised our legacy catalog [/etc/iiab/map-catalog.json](https://github.com/iiab/maps/blob/master/2020/map-catalog.json), our new catalog [/library/www/html/common/assets/adm-map-catalog.json](https://github.com/iiab/iiab-admin-console/blob/master/roles/common/files/map/adm-map-catalog.json), associated programs — and the dozen core [OSM continent/region .mbtiles files](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored) listed in our catalog. -_It's best to start fresh with a new install of IIAB if you want the latest maps!_ +_It's always best to start fresh with a new install of IIAB if you want the latest maps!_ Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run the following — to attempt to delete your existing maps — and then add new IIAB Maps: @@ -41,17 +38,17 @@ Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run th cd /opt/iiab/iiab sudo git pull sudo ./runrole --reinstall osm-vector-maps - sudo iiab-install-map-region .mbtiles + sudo iiab-install-map-region .mbtiles ``` -Where `.mbtiles` is one of the major region files (with "2020" in its filename) that you choose from: http://timmoody.com/iiab-files/maps/ +Where `.mbtiles` is one of the major region files (with "2020" in its filename) that you choose from IIAB's [map catalog](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored). - + ~cd /library/www/
+ rm -rf osm-vector-maps/
+ nano /etc/iiab/iiab_state.yml # Delete line 'osm_vector_maps_installed: True'
+ git remote add ghunt git@github.com:/georgejhunt/iiab
+ git fetch --all
+ git checkout -b maps7.3 ghunt/maps7.3
+ ./runroles osm-vector-maps~ + +#### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps From 24bae0a24ee146dc08bb4a6b9338c0cbb34b61c3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 May 2022 23:32:25 -0400 Subject: [PATCH 0249/1758] osm-vector-maps/README.md: Link to d.iiab.io for PR #3205 --- roles/osm-vector-maps/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 5f0f5947f..b8549ac69 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -29,7 +29,7 @@ In April 2022, IIAB revised our legacy catalog [/etc/iiab/map-catalog.json](https://github.com/iiab/maps/blob/master/2020/map-catalog.json), our new catalog [/library/www/html/common/assets/adm-map-catalog.json](https://github.com/iiab/iiab-admin-console/blob/master/roles/common/files/map/adm-map-catalog.json), associated programs — and the dozen core [OSM continent/region .mbtiles files](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored) listed in our catalog. -_It's always best to start fresh with a new install of IIAB if you want the latest maps!_ +_It's always best to start fresh with a [new install of IIAB](https://download.iiab.io) if you want the latest maps!_ Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run the following — to attempt to delete your existing maps — and then add new IIAB Maps: From 46c947f7bfef42a70fc114f83edb6f0ad4d1b577 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 May 2022 23:49:01 -0400 Subject: [PATCH 0250/1758] osm-vector-maps/README.md: Link to ~12 "2020" regions + catalog for #3205 --- roles/osm-vector-maps/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index b8549ac69..b87a11dd1 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -41,7 +41,7 @@ Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run th sudo iiab-install-map-region .mbtiles ``` -Where `.mbtiles` is one of the major region files (with "2020" in its filename) that you choose from IIAB's [map catalog](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored). +Where `.mbtiles` is one of the [major region files](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored) (e.g. with "2020" in its filename) that you choose from IIAB's [map catalog](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-upgrade-an-iiab-map-pack). ~cd /library/www/
rm -rf osm-vector-maps/
From 30620a803409e76a14f5a72b7f909fbc97cb58da Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Mon, 2 May 2022 06:24:50 -0400 Subject: [PATCH 0251/1758] changes to Matomo role to record state --- roles/matomo/tasks/install.yml | 8 ++++++++ roles/matomo/tasks/main.yml | 1 + 2 files changed, 9 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 06fdaa9ed..fdf8fa823 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -139,3 +139,11 @@ job: "{{ matomo_cronjob }}" user: root cron_file: "matomo_daily" +- name: Set Matomo state variable + set_fact: + matomo_installed: True +- name: Set Matomo state variable in IIAB state file + lineinfile: + path: "{{ iiab_state_file }}" + regexp: '^matomo_installed' + line: 'matomo_installed: True' diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 77442e50e..36272833a 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -1,5 +1,6 @@ - name: Install Matomo main include_tasks: install.yml + when: matomo_installed is undefined vars: mdb_dbname: "matomodb" mdb_username: "iiab-admin" From c4abc856bc4186e67d940825fb0d8eab5978ca20 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 2 May 2022 22:04:53 -0400 Subject: [PATCH 0252/1758] Nextcloud 24.0.0 work w/ PHP 8.1 on Ubuntu 22.04 --- roles/6-generic-apps/tasks/main.yml | 2 +- roles/nextcloud/tasks/install.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 152ff6358..f241095f6 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -59,7 +59,7 @@ - name: NEXTCLOUD include_role: name: nextcloud - when: nextcloud_install and not is_ubuntu_2204 # TEMPORARY + when: nextcloud_install - name: WORDPRESS include_role: diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f1896a263..babd9e1b7 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~133 MB) to {{ nextcloud_root_dir }} (~476 MB initially, 498+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~118 MB) to {{ nextcloud_root_dir }} (~406 MB initially, 428+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From ccff8a793ce3aa0fc1f2b648a35f95ae7c267177 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 2 May 2022 22:14:16 -0400 Subject: [PATCH 0253/1758] nextcloud/tasks/install.yml: Link to official/evolving Nextcloud 24 reqs --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index babd9e1b7..1f7b0b649 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -43,7 +43,7 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From 04fbec1f4b2da564b503d048c1617271676ba678 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Mon, 2 May 2022 06:26:55 -0400 Subject: [PATCH 0254/1758] changes for matomo in mgmt tools --- roles/8-mgmt-tools/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index e75f97e23..d9ea58dc1 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -13,6 +13,11 @@ name: awstats when: awstats_install +- name: MATOMO + include_role: + name: matomo + when: matomo_install + - name: MONIT include_role: name: monit From ba33825d6ad7d7a114e171b26b220eeaecf49e7e Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Tue, 3 May 2022 06:03:03 -0400 Subject: [PATCH 0255/1758] changes for matomo in validate vars --- roles/0-init/tasks/validate_vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f29525daf..2ccd77860 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -111,6 +111,7 @@ - osm_vector_maps - transmission - awstats + - matomo - monit - munin - phpmyadmin From 45e1fd2c0efeb67fb1f9bddf6255a54eeb500488 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Tue, 3 May 2022 06:33:15 -0400 Subject: [PATCH 0256/1758] correct matomo path and move to variable --- roles/matomo/tasks/install.yml | 4 ++-- roles/matomo/tasks/main.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index fdf8fa823..1fa5ab147 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -23,10 +23,10 @@ src: https://builds.matomo.org/matomo.zip dest: /var/www/html remote_src: yes - creates: /var/www/html/matomo + creates: "{{ matomo_nginx_loc }}" - name: Set Matomo Directory Permissions file: - path: /var/www/html/matomo + path: "{{ matomo_nginx_loc }}" recurse: yes owner: www-data group: www-data diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 36272833a..b926afc3f 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -2,6 +2,7 @@ include_tasks: install.yml when: matomo_installed is undefined vars: + matomo_nginx_loc: "/library/www/html/matomo" mdb_dbname: "matomodb" mdb_username: "iiab-admin" mdb_password: "g0adm1n" From 6e93095e1e6311ff04177bb53459f9cb27e712e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 3 May 2022 15:12:12 -0400 Subject: [PATCH 0257/1758] scripts/iiab-diagnostics: Redact wep-key[0-3]=PASSWORD --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 42a3ca703..d67a21f29 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -38,12 +38,12 @@ function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail echo "FILE EXISTS BUT IS EMPTY!" >> $outfile elif [ $# -eq 1 ]; then echo >> $outfile - # Redact most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') - cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + # Redact (mask) most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/*, /etc/NetworkManager/system-connections/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') + cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile else # e.g. last 100 lines, maximum echo " ...ITS LAST $2 LINES FOLLOW..." >> $outfile echo >> $outfile - tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile fi echo >> $outfile elif [ -h "$1" ]; then @@ -178,7 +178,7 @@ echo -e "\n 3. Content of Directories: (1-level deep)\n" echo -e "\n\n\n\n3. CONTENT OF DIRECTORIES (1-LEVEL DEEP)\n" >> $outfile cat_dir /etc/network/interfaces.d cat_dir /etc/systemd/network -cat_dir /etc/NetworkManager/system-connections +cat_dir /etc/NetworkManager/system-connections # Redacts most passwords above cat_dir /etc/netplan # Redacts most passwords above #cat_dir /etc/sysconfig/network-scripts/if-cfg* # No longer common #cat_dir /etc/network # Above file /etc/network/interfaces suffices From bd989dbbe2e6e2a18bd6e0d44e7696ee3057af40 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Wed, 4 May 2022 06:25:16 -0400 Subject: [PATCH 0258/1758] Fix some bugs in paths/URLs --- roles/matomo/tasks/install.yml | 9 ++++----- roles/matomo/tasks/main.yml | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 1fa5ab147..5d8240905 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -21,12 +21,11 @@ - name: Download and Extract Matomo unarchive: src: https://builds.matomo.org/matomo.zip - dest: /var/www/html + dest: "{{ nginx_loc }}" remote_src: yes - creates: "{{ matomo_nginx_loc }}" - name: Set Matomo Directory Permissions file: - path: "{{ matomo_nginx_loc }}" + path: "{{ nginx_loc }}/matomo" recurse: yes owner: www-data group: www-data @@ -97,7 +96,7 @@ Cookie: "{{ matomo_session_cookie }}" body: name: "IIAB" - url: "host_url" + url: "{{ host_url }}" timezone: "Europe/London" ecommerce: 0 body_format: form-urlencoded @@ -105,7 +104,7 @@ register: matomo_first_website_setup - name: Matomo Tracking Code uri: - url: "{{ matomo_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name=http://10.0.0.72" + url: "{{ matomo_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name={{ host_url }}" method: GET headers: Cookie: "{{ matomo_session_cookie }}" diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index b926afc3f..799b171cf 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -2,7 +2,7 @@ include_tasks: install.yml when: matomo_installed is undefined vars: - matomo_nginx_loc: "/library/www/html/matomo" + nginx_loc: "/library/www/html" mdb_dbname: "matomodb" mdb_username: "iiab-admin" mdb_password: "g0adm1n" From d456ec3b919a0cde303ae8350c66780b982d603e Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Wed, 4 May 2022 06:29:21 -0400 Subject: [PATCH 0259/1758] revert breaking change in 0-init role --- roles/0-init/tasks/validate_vars.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 2ccd77860..f29525daf 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -111,7 +111,6 @@ - osm_vector_maps - transmission - awstats - - matomo - monit - munin - phpmyadmin From 6a445bd4d826e229b45aa5e738a583edca3aca58 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 10:54:25 -0400 Subject: [PATCH 0260/1758] Try wget workaround (Ansible's get_url can be blocked by WordPress.org) --- roles/wordpress/tasks/install.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index f0af250be..521c133c5 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -39,10 +39,16 @@ # when: php_version is version('8.0', '<') - name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }} - get_url: - url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" - dest: "{{ downloads_dir }}" - timeout: "{{ download_timeout }}" + command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -P {{ downloads_dir }} + # 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429 + # (Too Many Requests) b/c Ansible's User-Agent string? Affecting 1 user in + # England and another user in Scotland, but not affecting many other + # countries/ISP's apparently? WordPress must have recently changed their + # hosting arrangements for https://wordpress.org/latest.tar.gz + # get_url: + # url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" + # dest: "{{ downloads_dir }}" + # timeout: "{{ download_timeout }}" register: wp_download_output - name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }} From 2499e28ac125c13328fc0c26cd6c60238e2b60e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 11:11:06 -0400 Subject: [PATCH 0261/1758] 'wget -P' inadequate, so try: wget -O /opt/iiab/downloads/wordpress.tar.gz --- roles/wordpress/tasks/install.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 521c133c5..a64758d63 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -38,8 +38,8 @@ # state: present # when: php_version is version('8.0', '<') -- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }} - command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -P {{ downloads_dir }} +- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz + command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -O {{ downloads_dir }}/wordpress.tar.gz # 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429 # (Too Many Requests) b/c Ansible's User-Agent string? Affecting 1 user in # England and another user in Scotland, but not affecting many other @@ -49,14 +49,14 @@ # url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" # dest: "{{ downloads_dir }}" # timeout: "{{ download_timeout }}" - register: wp_download_output +# register: wp_download_output -- name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }} - file: - src: "{{ wp_download_output.dest }}" - path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads - state: link - when: wp_download_output.dest is defined +# - name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }} +# file: +# src: "{{ wp_download_output.dest }}" +# path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads +# state: link +# when: wp_download_output.dest is defined - name: Does {{ downloads_dir }}/wordpress.tar.gz link exist? stat: From 87ef66bdee910272329a7080816ca6efc99f587c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 11:33:49 -0400 Subject: [PATCH 0262/1758] Generally safer to delete prior /opt/iiab/downloads/wordpress.tar.gz --- roles/wordpress/tasks/install.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index a64758d63..fb56f886b 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -38,6 +38,11 @@ # state: present # when: php_version is version('8.0', '<') +- name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists + file: + path: "{{ downloads_dir }}"/wordpress.tar.gz + state: absent + - name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -O {{ downloads_dir }}/wordpress.tar.gz # 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429 @@ -58,15 +63,15 @@ # state: link # when: wp_download_output.dest is defined -- name: Does {{ downloads_dir }}/wordpress.tar.gz link exist? +- name: Does {{ downloads_dir }}/wordpress.tar.gz exist? stat: path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads - register: wp_link + register: wp_tar_gz - name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist fail: msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress." - when: not wp_link.stat.exists + when: not wp_tar_gz.stat.exists - name: "Unpack {{ downloads_dir }}/wordpress.tar.gz to permanent location {{ wp_install_path }}/wordpress - owner: root, group: {{ apache_user }}, mode: '0664', keep_newer: yes" unarchive: From 79052db75b1e3bdad3085e4c6ad9d803593690d3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 11:39:51 -0400 Subject: [PATCH 0263/1758] wordpress/tasks/install.yml: "{{ downloads_dir }}/wordpress.tar.gz" --- roles/wordpress/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index fb56f886b..a22710438 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -40,7 +40,7 @@ - name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists file: - path: "{{ downloads_dir }}"/wordpress.tar.gz + path: "{{ downloads_dir }}/wordpress.tar.gz" state: absent - name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz From 5f33849fcac998dba31dc346bcf81a614e6d6c62 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 May 2022 17:42:59 -0400 Subject: [PATCH 0264/1758] Revise /opt/iiab/jupyterhub size estimate to ~217 MB (was ~229 MB) --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 38f98b370..ffb4aabcf 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~229 MB)" +- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~217 MB)" pip: name: - pip From 17960e2b206ba14ad28717affaf2482a0e065c82 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 5 May 2022 21:45:16 -0400 Subject: [PATCH 0265/1758] kiwix/tasks/kiwix-apk.yml: Update comments --- roles/kiwix/tasks/kiwix-apk.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kiwix/tasks/kiwix-apk.yml b/roles/kiwix/tasks/kiwix-apk.yml index 667a45fa8..e81711013 100644 --- a/roles/kiwix/tasks/kiwix-apk.yml +++ b/roles/kiwix/tasks/kiwix-apk.yml @@ -6,12 +6,12 @@ - name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }} get_url: - url: "{{ kiwix_apk_src }}" # https://download.kiwix.org/release/kiwix-android/kiwix.apk + url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix.apk dest: "{{ doc_root }}{{ kiwix_apk_url }}" timeout: "{{ download_timeout }}" - name: Symlink {{ doc_root }}{{ kiwix_apk_url }}/zims -> {{ iiab_zim_path }}/content file: src: "{{ iiab_zim_path }}/content" # /library/zims/content - path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/softare/kiwix/zims + path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/software/kiwix/zims state: link From 890cb94af27d3c63fd8dcb6fcac69ba2b11835f0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 7 May 2022 07:44:17 -0400 Subject: [PATCH 0266/1758] kiwix-tools 3.2.0-4: fixes for diacritics (accents) etc --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 074e593dc..caf4b318b 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-3 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-3 -kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-3 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-4 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-4 +kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-4 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From bd870a0e26967504862c08ff76d6ed4cac6edf8a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 7 May 2022 13:22:21 -0400 Subject: [PATCH 0267/1758] default_vars.yml: 'kiwix_apk_src: [full URL]/kiwix-android/kiwix-3.4.5.apk' for now --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bba0ad763..6b731bcba 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -470,7 +470,7 @@ kiwix_port: 3000 iiab_zim_path: "{{ content_base }}/zims" # /library/zims kiwix_incl_apk: False kiwix_apk_url: /software/kiwix -kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk +kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix-3.4.5.apk # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as PostgreSQL is installed on # demand as a dependency -- by Moodle &/or Pathagar From 6695a22d53451d09e2b4cdeb2d59d86c67bbfdd6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 8 May 2022 09:43:14 -0400 Subject: [PATCH 0268/1758] mongodb/tasks/install.yml: Try 5.0.x (was 4.4.x) on all 4 64-bit OS's --- roles/mongodb/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 061a27751..6218c0cea 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -66,7 +66,7 @@ - block: - name: Add mongodb.org signing key (only 64-bit support available) - shell: wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add - + shell: wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add - args: warn: false @@ -75,7 +75,7 @@ # 2020-10-28: http://repo.mongodb.org/apt/debian/dists/ supports only # {buster 10, stretch 9, jessie 8, wheezy 7} # so Debian 11 "Bullseye" (testing branch) can revert to buster for now: - repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main + repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org @@ -84,14 +84,14 @@ # Debian 10 aarch64 might work below but is blocked in main.yml - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse + repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse state: present filename: mongodb-org when: is_raspbian and (ansible_architecture == "aarch64") - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse + repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse state: present filename: mongodb-org when: is_linuxmint @@ -101,7 +101,7 @@ # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse + repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse state: present filename: mongodb-org From 0a7327afd7ca1e9f7dc979c1b6de85906003b0f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 May 2022 07:35:22 -0400 Subject: [PATCH 0269/1758] nextcloud/README.md: Warn about Nextcloud News app's 32-bit requirement --- roles/nextcloud/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index da5ab374f..99cdc4b02 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -48,6 +48,10 @@ Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://17 Username: Admin Password: changeme +## Known Issues + +Do not install the [Nextcloud News](https://apps.nextcloud.com/apps/news) app (an RSS/Atom Feed reader) if your OS is 32-bits: [#3069](https://github.com/iiab/iiab/issues/3069) + ## Future Directions Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? @@ -56,4 +60,4 @@ Going forward, should Internet-in-a-Box consider integrating optimizations (or m - https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ - https://github.com/nextcloud/nextcloudpi -Please [contact us](http://internet-in-a-box.org/pages/contributing.html) if you can help! +Please [contact us](https://internet-in-a-box.org/contributing.html) if you can help! From 454edfbe020ff818ecbd15c7d9c8de27b874d70e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 May 2022 19:40:53 -0400 Subject: [PATCH 0270/1758] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 622024750..3994a938d 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds! -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From 9bcbbc135a126e584e87cad7d8c0ea6d42a40f7f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 May 2022 13:01:40 -0400 Subject: [PATCH 0271/1758] phpMyAdmin 5.2.0 --- roles/phpmyadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index 00c694aef..ff6343c56 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.1.3 +phpmyadmin_version: 5.2.0 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" From c03e8dfa82330dd0bf05d571064cf150e7be27f9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 12 May 2022 14:00:00 -0400 Subject: [PATCH 0272/1758] iiab-diagnostics: journalctl -t IIAB-CMDSRV --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d67a21f29..277b40802 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -213,8 +213,9 @@ cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' -cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'env' 'Environment variables' +cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' +cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV commands' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" From 6565171e31d5168f988ffbad6b0f4e296cbefd7d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 12 May 2022 16:05:15 -0400 Subject: [PATCH 0273/1758] iiab-diagnostics: 'Admin Console CMDSRV log' --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 277b40802..633d467df 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -215,7 +215,7 @@ cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' cat_cmd 'env' 'Environment variables' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' -cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV commands' +cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" From 3e9541ab7e937d6ec3917ec9dd3face0aca2944b Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sat, 14 May 2022 14:19:14 -0400 Subject: [PATCH 0274/1758] Add missing field in Matomo cURL command --- roles/matomo/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 5d8240905..0a5684f4b 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -62,6 +62,7 @@ username: "{{ mdb_username }}" password: "{{ mdb_password }}" dbname: "{{ mdb_dbname }}" + tables_prefix: "matomo_" adapter: "PDO\\MYSQL" body_format: form-urlencoded status_code: 302 From 4b6a3a02e5ff4938e4010239f4a402905b00b7b5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 May 2022 13:16:04 -0400 Subject: [PATCH 0275/1758] Recommend ansible-core 2.13.0 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index cb5ec6a5f..e02e59b7d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.12.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From e70d408488ddeb251114547666adac0d03391ab7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 May 2022 13:30:57 -0400 Subject: [PATCH 0276/1758] Clarify CURR_VER (Ansible version you have installed) e.g. [core 2.13.0] --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index e02e59b7d..564a262dd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,7 +7,7 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you currently have installed +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] GOOD_VER=2.13.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and From f45b3574edb81136a889831c374bc1137a05d287 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 17 May 2022 07:33:22 -0400 Subject: [PATCH 0277/1758] scripts/ansible: Mention ansible-base 2.10.17 for #3220 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 564a262dd..7d8d16617 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -59,9 +59,9 @@ GOOD_VER=2.13.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) #pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works #ansible-galaxy collection install -r collections.yml -# TEMPORARILY USE ansible-base 2.10.16 (REMOVE W/ "pip3 uninstall ansible-base") +# TEMPORARILY USE ansible-base 2.10.17 (REMOVE W/ "pip3 uninstall ansible-base") #apt install python3-pip -#pip3 install ansible-base==2.10.16 # Start new shell, so /usr/local/bin works +#pip3 install ansible-base==2.10.17 # Start new shell, so /usr/local/bin works # TEMPORARILY USE ANSIBLE 2.9.27 (REMOVE IT WITH "pip3 uninstall ansible") #apt install python3-pip From a6edf6d6798fc4d79046eca8be70046675b982c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 May 2022 07:03:39 -0400 Subject: [PATCH 0278/1758] Try kiwix-tools 3.2.0-5 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index caf4b318b..100999da2 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-4 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-4 -kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-4 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-5 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-5 +kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-5 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From 91b0f9ceedc69c59c381fa65f962787537be940a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 May 2022 08:12:53 -0400 Subject: [PATCH 0279/1758] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3994a938d..b87a4a25e 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,9 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. ## Community -Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds! +Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** + +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From 4d5143e2de59c3926350e1f48cf9a938395f7506 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 18 May 2022 23:48:54 -0400 Subject: [PATCH 0280/1758] network/tasks/detected_network.yml: Refine AP detection --- roles/network/tasks/detected_network.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index e03c47130..a3a3b7854 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -101,15 +101,16 @@ set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" -- name: Check for Access Point capablility with 'iw list' - command: iw list | grep -v AP: | grep AP | wc -l +- name: Run 'iw list' to check for Access Point capability + #command: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc + shell: iw list | grep '^[[:space:]]*\* AP$' register: look_for_ap when: discovered_wireless_iface != "none" -- name: Setting can_be_ap +- name: Set can_be_ap if 'iw list' output contains suitable '* AP' set_fact: can_be_ap: True - when: look_for_ap.stdout|int != 0 + when: look_for_ap is defined and not look_for_ap.failed - name: Detect wifi gateway active shell: ip r | grep default | grep {{ discovered_wireless_iface }} | wc -l From 1df026328171be6eaa7c62c0dfe06591b5330e19 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 00:04:57 -0400 Subject: [PATCH 0281/1758] detected_network.yml: 'when: look_for_ap.failed is defined and...' --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index a3a3b7854..531eb4f65 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -110,7 +110,7 @@ - name: Set can_be_ap if 'iw list' output contains suitable '* AP' set_fact: can_be_ap: True - when: look_for_ap is defined and not look_for_ap.failed + when: look_for_ap.failed is defined and not look_for_ap.failed - name: Detect wifi gateway active shell: ip r | grep default | grep {{ discovered_wireless_iface }} | wc -l From 739bfd59f3577e883f8df070130e3dedf8a8a432 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 09:35:35 -0400 Subject: [PATCH 0282/1758] Tolerate Ubuntu 22.10 Kinetic Kudu to help with testing --- scripts/local_facts.fact | 1 + vars/default_vars.yml | 1 + vars/ubuntu-2210.yml | 29 +++++++++++++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 vars/ubuntu-2210.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 164efbb89..bf1833340 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -77,6 +77,7 @@ case $OS_VER in "ubuntu-2004" | \ "ubuntu-2110" | \ "ubuntu-2204" | \ + "ubuntu-2210" | \ "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 6b731bcba..3dcce06d0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -735,6 +735,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2210: False is_ubuntu_2204: False is_ubuntu_2110: False is_ubuntu_2104: False diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml new file mode 100644 index 000000000..bdcd73967 --- /dev/null +++ b/vars/ubuntu-2210.yml @@ -0,0 +1,29 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2210: True + +# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True +# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) +dns_service: bind9 +dns_user: bind +dhcp_service: isc-dhcp-server + +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_user: www-data +apache_conf_dir: apache2/sites-available +apache_log_dir: /var/log/apache2 +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +mysql_service: mariadb +apache_log: /var/log/apache2/access.log +sshd_package: openssh-server +sshd_service: ssh +php_version: 8.1 +postgresql_version: 14 +systemd_location: /lib/systemd/system +python_ver: 3.10 From 7f50ad8365df8f5bdbb9dbcfeb8ebbabe6e49c50 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 19 May 2022 11:20:24 -0400 Subject: [PATCH 0283/1758] network/tasks/hostapd.yml: Install /usr/bin/iiab-hotspot-{on|off} in all cases! --- roles/network/tasks/hostapd.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 205b659c4..daf190211 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -69,7 +69,6 @@ owner: root group: root mode: 0755 - when: can_be_ap - name: Create /usr/bin/iiab-hotspot-off from template when hardware supports AP template: @@ -78,7 +77,6 @@ owner: root group: root mode: 0755 - when: can_be_ap - name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True template: From 9bf4404e50d2a45514b5e36635c849c961fd4182 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 19 May 2022 11:25:00 -0400 Subject: [PATCH 0284/1758] hostapd.yml: Clean up Ansible output re: iiab-hotspot-{on|off} --- roles/network/tasks/hostapd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index daf190211..537f58980 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -62,7 +62,7 @@ mode: 0644 when: not wifi_up_down and can_be_ap -- name: Create /usr/bin/iiab-hotspot-on from template when hardware supports AP +- name: Create /usr/bin/iiab-hotspot-on from template template: src: network/iiab-hotspot-on dest: /usr/bin/iiab-hotspot-on @@ -70,7 +70,7 @@ group: root mode: 0755 -- name: Create /usr/bin/iiab-hotspot-off from template when hardware supports AP +- name: Create /usr/bin/iiab-hotspot-off from template template: src: network/iiab-hotspot-off dest: /usr/bin/iiab-hotspot-off From fb26c42c766c450861395e4c1f85c00b36a6ffb3 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 13:17:17 -0400 Subject: [PATCH 0285/1758] 7-edu-apps: TEMPORARY 'and not is_ubuntu_2210' for #3189 --- roles/7-edu-apps/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index ba3ac6911..327b1ca3f 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and not is_ubuntu_2204 # TEMPORARY + when: kolibri_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: KIWIX include_role: @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install and not is_ubuntu_2204 # TEMPORARY + when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: OSM-VECTOR-MAPS include_role: @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install and not is_ubuntu_2204 # TEMPORARY + when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: From 422b1c0197c714262e1c6b7c5a75b735d088c8dc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Apr 2022 08:21:41 -0500 Subject: [PATCH 0286/1758] set 'host_country_code' to value found in wpa_supplicant.conf host_country_code becomes a fallback value if undetected --- roles/network/tasks/rpi_debian.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 1887a7d15..48497cfd0 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -25,6 +25,11 @@ register: country_code ignore_errors: True +- name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf + set_fact: + host_country_code: "{{ country_code.stdout }}" + when: country_code is defined and country_code.stdout != "" + - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf From 4a30d7e15d906219b5ec2071468e6f60594d8653 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Apr 2022 09:09:27 -0500 Subject: [PATCH 0287/1758] supply hostapd template later to pickup changed fact --- roles/network/tasks/hostapd.yml | 12 ------------ roles/network/tasks/restart.yml | 18 ++++++++++++++++++ roles/network/tasks/rpi_debian.yml | 6 ------ roles/network/tasks/sysd-netd-debian.yml | 6 ------ 4 files changed, 18 insertions(+), 24 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 537f58980..fdf6438d9 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -19,18 +19,6 @@ host_channel: "{{ current_client_channel.stdout }}" when: current_client_channel.stdout is defined and current_client_channel.stdout != "" and current_client_channel.stdout|int <= 13 -- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template - template: - owner: root - group: root - mode: 0644 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } - when: can_be_ap - - name: Generate new random mac address for ap0 shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' register: ap0_mac diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index d286e987c..83e67ce55 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -6,6 +6,24 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled +- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed + template: + owner: root + group: root + mode: 0644 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } + when: can_be_ap + +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False + systemd: + name: hostapd + state: restarted + when: hostapd_enabled and (wifi_up_down or not no_net_restart) + - name: Reload netplan for Wifi gateway on Ubuntu 18+ shell: netplan apply when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 48497cfd0..96ba180e4 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -76,12 +76,6 @@ state: restarted when: iiab_wired_lan_iface is defined -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False - systemd: - name: hostapd - state: restarted - when: hostapd_enabled and (wifi_up_down or not no_net_restart) - #- name: Stop wpa_supplicant on Raspbian # shell: killall wpa_supplicant diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 4b3048256..c32b966a1 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -70,9 +70,3 @@ state: restarted enabled: yes masked: no - -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False - systemd: - name: hostapd - state: restarted - when: hostapd_enabled and (wifi_up_down or not no_net_restart) From dfb9eea05d5d5f7b13117a15e3737ff6d6fa86d7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 15 Apr 2022 19:21:53 -0500 Subject: [PATCH 0288/1758] isolate returned value --- roles/network/tasks/rpi_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 96ba180e4..6582d278d 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -21,7 +21,7 @@ src: network/dhcpcd.conf.j2 - name: New Raspbian requires country code -- check for it - shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf + shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' register: country_code ignore_errors: True From 9f699d19fec038bbd71b9314b084b860323827f0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 15 Apr 2022 19:28:58 -0500 Subject: [PATCH 0289/1758] should be a drop-in replacement --- roles/network/tasks/rpi_debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 6582d278d..cfdddfef8 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -28,14 +28,14 @@ - name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf set_fact: host_country_code: "{{ country_code.stdout }}" - when: country_code is defined and country_code.stdout != "" + when: country_code is defined and country_code.stdout | length > 0 - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} - when: country_code is defined and country_code.stdout == "" + when: country_code is defined and country_code.stdout | length = 0 - name: Enable the WiFi with rfkill shell: rfkill unblock 0 From 6e2493a2d4d59f0d45d76b71a03ff6a152080cc3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 15 Apr 2022 19:32:14 -0500 Subject: [PATCH 0290/1758] think that was a bug report in the past --- roles/network/tasks/rpi_debian.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index cfdddfef8..d0427bcd1 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -65,9 +65,7 @@ systemd: name: iiab-clone-wifi state: started - when: discovered_wireless_iface != "none" - # Whereas sysd-netd-debian.yml uses... - # when: wifi_up_down and discovered_wireless_iface != "none" + when: wifi_up_down and discovered_wireless_iface != "none" - name: Restart the networking service if appropriate systemd: From 8924b6668c350ce6f4da759ca8f72ab13ac731cd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 15 Apr 2022 19:57:18 -0500 Subject: [PATCH 0291/1758] reload might be needed to register the new templates if they changed --- roles/network/tasks/restart.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 83e67ce55..0dda30a6f 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -22,6 +22,7 @@ systemd: name: hostapd state: restarted + daemon_reload: yes when: hostapd_enabled and (wifi_up_down or not no_net_restart) - name: Reload netplan for Wifi gateway on Ubuntu 18+ From ed2a0f3027d1cd61e0fa201108599fe43342b80b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 20 Apr 2022 07:50:40 -0500 Subject: [PATCH 0292/1758] wip on the fly --- roles/network/templates/hostapd/50-hostapd | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/network/templates/hostapd/50-hostapd b/roles/network/templates/hostapd/50-hostapd index 37a363b72..a59f787ee 100644 --- a/roles/network/templates/hostapd/50-hostapd +++ b/roles/network/templates/hostapd/50-hostapd @@ -12,6 +12,9 @@ if [ "$interface" = "wlan0" ]; then # FREQ=`iw wlan0 info|grep channel|cut -d' ' -f9` FREQ=`iw wlan0 info|grep channel|cut -d' ' -f2` FREQ2="" + WPA=`grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}'` + AP=`grep country_code /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` + for result in $FREQ; do echo "frequency is $result for carrier" if [ $result -lt 13 ]; then @@ -32,6 +35,15 @@ if [ "$interface" = "wlan0" ]; then syslog info "THIS MACHINE SHOULD BE REBOOTED" # systemctl restart hostapd fi + if ! [ "$WPA" = "$AP" ]; then + sed -i -e "s/^country_code.*/country_code=$WPA /" /etc/hostapd/hostapd.conf + echo "50-iiab set country_code $WPA" + syslog info "50-iiab set country_code $WPA" + echo "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED" +# systemctl restart hostapd + fi + fi # spams the logging #syslog info "50-iiab set ap0 spam $REASON" From c01c6ac73bb708f03446b97bb508d4fcb1ee0828 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 13:27:40 -0400 Subject: [PATCH 0293/1758] network/tasks/rpi_debian.yml: 'country_code.stdout | length == 0' --- roles/network/tasks/rpi_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index d0427bcd1..9c245a5f6 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -35,7 +35,7 @@ path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} - when: country_code is defined and country_code.stdout | length = 0 + when: country_code is defined and country_code.stdout | length == 0 - name: Enable the WiFi with rfkill shell: rfkill unblock 0 From 743d8f260157178faa588870efda4f215a1ad153 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 May 2022 13:02:15 -0400 Subject: [PATCH 0294/1758] wpa_supplicant.conf country code authoritative, espec for RasPiOS --- vars/default_vars.yml | 12 +++++++++++- vars/local_vars_large.yml | 12 +++++++++++- vars/local_vars_medium.yml | 12 +++++++++++- vars/local_vars_small.yml | 12 +++++++++++- vars/local_vars_unittest.yml | 12 +++++++++++- 5 files changed, 55 insertions(+), 5 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3dcce06d0..7851b6cac 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -106,7 +106,17 @@ lan_netmask: 255.255.224.0 # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country -- SET THIS IN /etc/iiab/local_vars.yml +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 6478638c3..9681208c9 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 6c56bf89e..5c2f667d9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index a3c7ed0bc..8098f8bfb 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 585277444..0fcc6aaa4 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: unittest host_wifi_mode: g From a8ca92a9b3bacda715b8a8514fe1897364807d17 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 19 May 2022 13:01:02 -0500 Subject: [PATCH 0295/1758] move country_code - replace '' with $() --- roles/network/templates/hostapd/50-hostapd | 25 +++++++++++----------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/roles/network/templates/hostapd/50-hostapd b/roles/network/templates/hostapd/50-hostapd index a59f787ee..b1bccaaaa 100644 --- a/roles/network/templates/hostapd/50-hostapd +++ b/roles/network/templates/hostapd/50-hostapd @@ -1,4 +1,14 @@ if [ "$interface" = "br0" ] && [ $if_up = "true" ]; then + WPA=$(grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}') + AP=$(grep country_code /etc/hostapd/hostapd.conf | awk -F = '{print $2}') + if ! [ "$WPA" = "$AP" ]; then + sed -i -e "s/^country_code.*/country_code=$WPA /" /etc/hostapd/hostapd.conf + echo "50-iiab set country_code $WPA" + syslog info "50-iiab set country_code $WPA" + echo "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED" +# systemctl restart hostapd + fi syslog info "50-iiab IF_UP br0 restarting dnsmasq - kicking ap0" ip link set ap0 up systemctl --no-block restart dnsmasq @@ -10,10 +20,8 @@ if [ "$interface" = "wlan0" ]; then syslog info "50-iiab CARRIER change wlan0" # wpa_supplicant wants MHz for frequency= while hostapd wants channel..... whatever # FREQ=`iw wlan0 info|grep channel|cut -d' ' -f9` - FREQ=`iw wlan0 info|grep channel|cut -d' ' -f2` + FREQ=$(iw wlan0 info|grep channel|cut -d' ' -f2) FREQ2="" - WPA=`grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}'` - AP=`grep country_code /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` for result in $FREQ; do echo "frequency is $result for carrier" @@ -25,7 +33,7 @@ if [ "$interface" = "wlan0" ]; then done echo "Using $FREQ2 for carrier" syslog info "50-iiab set channel $FREQ2" - HOSTAPD=`grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` + HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" if [ $FREQ2 -ne $HOSTAPD ] && [ ! -z $FREQ2 ]; then echo "Editing Hostapd for channel $FREQ2" @@ -35,15 +43,6 @@ if [ "$interface" = "wlan0" ]; then syslog info "THIS MACHINE SHOULD BE REBOOTED" # systemctl restart hostapd fi - if ! [ "$WPA" = "$AP" ]; then - sed -i -e "s/^country_code.*/country_code=$WPA /" /etc/hostapd/hostapd.conf - echo "50-iiab set country_code $WPA" - syslog info "50-iiab set country_code $WPA" - echo "THIS MACHINE SHOULD BE REBOOTED" - syslog info "THIS MACHINE SHOULD BE REBOOTED" -# systemctl restart hostapd - fi - fi # spams the logging #syslog info "50-iiab set ap0 spam $REASON" From 39bf6fe32cbd48290087bf7bc86ddb5392956b41 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 19 May 2022 14:01:25 -0500 Subject: [PATCH 0296/1758] feedback --- roles/network/templates/hostapd/50-hostapd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/50-hostapd b/roles/network/templates/hostapd/50-hostapd index b1bccaaaa..5b13b14b5 100644 --- a/roles/network/templates/hostapd/50-hostapd +++ b/roles/network/templates/hostapd/50-hostapd @@ -6,7 +6,7 @@ if [ "$interface" = "br0" ] && [ $if_up = "true" ]; then echo "50-iiab set country_code $WPA" syslog info "50-iiab set country_code $WPA" echo "THIS MACHINE SHOULD BE REBOOTED" - syslog info "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED 50-iiab country_code" # systemctl restart hostapd fi syslog info "50-iiab IF_UP br0 restarting dnsmasq - kicking ap0" @@ -40,7 +40,7 @@ if [ "$interface" = "wlan0" ]; then cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$FREQ /" /etc/hostapd/hostapd.conf echo "THIS MACHINE SHOULD BE REBOOTED" - syslog info "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED 50-iiab channel" # systemctl restart hostapd fi fi From 7c72b2f983e24009428dc68bb17febf3d28f6020 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 19 May 2022 14:05:21 -0500 Subject: [PATCH 0297/1758] move iiab-hotspot-on|off - can_be_ap in template --- roles/network/tasks/hostapd.yml | 4 ++-- roles/network/templates/{network => hostapd}/iiab-hotspot-off | 0 roles/network/templates/{network => hostapd}/iiab-hotspot-on | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) rename roles/network/templates/{network => hostapd}/iiab-hotspot-off (100%) rename roles/network/templates/{network => hostapd}/iiab-hotspot-on (91%) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index fdf6438d9..07e534b66 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -52,7 +52,7 @@ - name: Create /usr/bin/iiab-hotspot-on from template template: - src: network/iiab-hotspot-on + src: hostapd/iiab-hotspot-on dest: /usr/bin/iiab-hotspot-on owner: root group: root @@ -60,7 +60,7 @@ - name: Create /usr/bin/iiab-hotspot-off from template template: - src: network/iiab-hotspot-off + src: hostapd/iiab-hotspot-off dest: /usr/bin/iiab-hotspot-off owner: root group: root diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off similarity index 100% rename from roles/network/templates/network/iiab-hotspot-off rename to roles/network/templates/hostapd/iiab-hotspot-off diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on similarity index 91% rename from roles/network/templates/network/iiab-hotspot-on rename to roles/network/templates/hostapd/iiab-hotspot-on index d92cb5f21..055915fef 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -1,4 +1,7 @@ #!/bin/bash +{% if not can_be_ap %} +AP support was not detected please see https://github.com/iiab/iiab/pull/3179 +{% else %} sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} systemctl enable iiab-clone-wifi.service @@ -38,3 +41,4 @@ exit 0 {% endif %} #wifi_up_down {% endif %} +{% endif %} From 35750850ac3c387b3a356371440ff48138f64123 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 19 May 2022 15:11:58 -0500 Subject: [PATCH 0298/1758] From @holta user facing feedback Co-authored-by: A Holt --- roles/network/templates/hostapd/iiab-hotspot-on | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 055915fef..41b5357a7 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -1,6 +1,9 @@ #!/bin/bash {% if not can_be_ap %} -AP support was not detected please see https://github.com/iiab/iiab/pull/3179 +echo -e "\nUH-OH: Your Wi-Fi firmware doesn't support AP mode, according to 'iw list'\n" +echo -e "If you add Wi-Fi hardware, run 'cd /opt/iiab/iiab' then 'sudo ./iiab-network'\n" +echo -e "For details, see: https://github.com/iiab/iiab/pull/3179\n" +exit 1 {% else %} sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} From 215624d14729596d5722c7557a26cc069e2f4d90 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 19 May 2022 19:45:42 -0400 Subject: [PATCH 0299/1758] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b87a4a25e..92b7d9d3d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Install Internet-in-a-Box (IIAB) from [download.iiab.io](https://download.iiab.i Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). -- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. +- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. Our [HOW-TO videos](https://www.youtube.com/channel/UC0cBGCxr_WPBPa3IqPVEe3g) can be very helpful and the [Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) wiki page has more intricate details e.g. if you're trying to install Internet-in-a-Box (IIAB) onto a [another Linux](https://github.com/iiab/iiab/wiki/IIAB-Platforms) that has not yet been tried. From 319b5a2342566c310842af96c925afe33f4f021d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 23 May 2022 19:51:01 -0400 Subject: [PATCH 0300/1758] Lint www_options/tasks/main.yml --- roles/www_options/tasks/main.yml | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b2c1afbc5..90f5cc6b6 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -25,29 +25,27 @@ - name: Make home page autostart on localhost (the server's console) if session manager is LXDE (rpi) stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart + path: /etc/xdg/lxsession/LXDE-pi/autostart register: lxde_present - name: Check for Chromium name change stat: - path: /usr/bin/chromium + path: /usr/bin/chromium register: chromium_present - name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium-browser' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: - lxde_present.stat.exists and not chromium_present.stat.exists + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/bin/chromium-browser' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: lxde_present.stat.exists and not chromium_present.stat.exists - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium --disable-restore-session-state http://box/home' - when: - lxde_present.stat.exists and chromium_present.stat.exists + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/bin/chromium' + line: '/usr/bin/chromium --disable-restore-session-state http://box/home' + when: lxde_present.stat.exists and chromium_present.stat.exists - debug: From fb326651a001b592dc04f6a035200a16922c128d Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Wed, 25 May 2022 06:51:24 -0400 Subject: [PATCH 0301/1758] Add section for cookie resetting --- roles/matomo/tasks/install.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 0a5684f4b..5c2303519 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -89,6 +89,16 @@ body_format: form-urlencoded status_code: 302 register: matomo_setup_superuser +- name: Set a variable for the MATOMO_SESSID cookie + set_fact: + matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" + when: + - matomo_table_creation.cookies is defined + - matomo_table_creation.cookies | length > 0 + - cookie.key == "MATOMO_SESSID" + loop: "{{ matomo_table_creation.cookies | dict2items }}" + loop_control: + loop_var: cookie - name: Configure Matomo to track IIAB uri: url: "{{ matomo_url }}index.php?action=firstWebsiteSetup&module=Installation" From ee20486ea5f9cad725dd7f6b550e057324b63dd8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 13:36:31 -0400 Subject: [PATCH 0302/1758] nextcloud/tasks/install.yml: Clarify /library/www/nextcloud is 405MB initially --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 1f7b0b649..c576daf13 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~118 MB) to {{ nextcloud_root_dir }} (~406 MB initially, 428+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~118 MB) to {{ nextcloud_root_dir }} (~405 MB initially, 428+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 50fd06d0a8fed5b13e4803d8db2b767278647778 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 15:34:17 -0400 Subject: [PATCH 0303/1758] #3228 interim/manual workaround as freepbx-16.0-latest.tgz is NOT the latest --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 3767f690e..35944bae0 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -23,7 +23,7 @@ asterisk_src_file: asterisk-19-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 -freepbx_src_file: freepbx-16.0-latest.tgz # Beta as of 2021-06-21 but looking great! Does NOT support PHP < 7.4 (you've been warned!) Please review https://github.com/iiab/iiab/blob/master/roles/pbx/README.rst +freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25: Filename is bogus (as it's not really the latest!) but manually unpacking the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx does appear to work -- instead of https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 -- until a proper fix arrive (#3228). FYI PHP 7.4 IS MANDATORY FOR NOW (you've been warned!) Please also review https://github.com/iiab/iiab/tree/master/roles/pbx#readme freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From 1d0d6bd753bd8a6aff68d93ea2ddbf72c6c83845 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 15:36:00 -0400 Subject: [PATCH 0304/1758] pbx/defaults/main.yml: Fix typo explaining #3228 --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 35944bae0..6213f29cc 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -23,7 +23,7 @@ asterisk_src_file: asterisk-19-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 -freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25: Filename is bogus (as it's not really the latest!) but manually unpacking the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx does appear to work -- instead of https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 -- until a proper fix arrive (#3228). FYI PHP 7.4 IS MANDATORY FOR NOW (you've been warned!) Please also review https://github.com/iiab/iiab/tree/master/roles/pbx#readme +freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25: Filename is bogus (as it's not really the latest!) but manually unpacking the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx does appear to work -- instead of https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 -- until a proper fix arrives (#3228). FYI PHP 7.4 IS MANDATORY FOR NOW (you've been warned!) Please also review https://github.com/iiab/iiab/tree/master/roles/pbx#readme freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From a3734201c1adbc6ac632307a4ea1f884f2a5ab1e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 15:48:20 -0400 Subject: [PATCH 0305/1758] pbx/README.adoc: Explain #3228 in the Known Issues section --- roles/pbx/README.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 6a3d643f6..4ba6c887f 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -291,6 +291,9 @@ _If there's a bug or serious problem with IIAB, please do https://internet-in-a- . As of 2021-11-05, FreePBX 16 needed 2 lines to be manually patched in order to work with the new Asterisk 19 (https://github.com/iiab/iiab/issues/2934#issuecomment-962137815[#2934]). + As of 2021-11-06, these 2 lines are live-patched (automatically) by IIAB when installing FreePBX (https://github.com/iiab/iiab/pull/3019[PR #3019]). We hope that this workaround becomes unnecessary in coming weeks, thanks to subsequent https://github.com/FreePBX/framework/tags[FreePBX 16 point releases]. ++ +As of 2022-05-25, this issue remains (despite https://github.com/iiab/iiab/pull/3187[PR #3187]) and unnecessarily so as their `freepbx-16.0-latest.tgz` installer filename is unfortunately bogus (it's not really the latest, rather it's an earlier version of FreePBX from September 2021!) So a manual workaround is to unpack the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to `/opt/iiab/freepbx` — _instead of_ https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 — until a proper fix arrive (https://github.com/iiab/iiab/issues/3228[#3228]). + . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + From fc87110d6174f3ace4d3a9d6139a086e21599d0e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 15:50:52 -0400 Subject: [PATCH 0306/1758] pbx/README.adoc: Make #3228 warning *bold* --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 4ba6c887f..7bc3b2302 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -292,7 +292,7 @@ _If there's a bug or serious problem with IIAB, please do https://internet-in-a- + As of 2021-11-06, these 2 lines are live-patched (automatically) by IIAB when installing FreePBX (https://github.com/iiab/iiab/pull/3019[PR #3019]). We hope that this workaround becomes unnecessary in coming weeks, thanks to subsequent https://github.com/FreePBX/framework/tags[FreePBX 16 point releases]. + -As of 2022-05-25, this issue remains (despite https://github.com/iiab/iiab/pull/3187[PR #3187]) and unnecessarily so as their `freepbx-16.0-latest.tgz` installer filename is unfortunately bogus (it's not really the latest, rather it's an earlier version of FreePBX from September 2021!) So a manual workaround is to unpack the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to `/opt/iiab/freepbx` — _instead of_ https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 — until a proper fix arrive (https://github.com/iiab/iiab/issues/3228[#3228]). +*As of 2022-05-25, this issue remains (despite https://github.com/iiab/iiab/pull/3187[PR #3187]) and unnecessarily so as their `freepbx-16.0-latest.tgz` installer filename is unfortunately bogus (it's not really the latest, rather it's an earlier version of FreePBX from September 2021!) So a manual workaround is to unpack the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to `/opt/iiab/freepbx` — _instead of_ https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 — until a proper fix arrive (https://github.com/iiab/iiab/issues/3228[#3228]).* . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? From c96844ec5f38999f59828e05746e005d051cd915 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 17:59:13 -0400 Subject: [PATCH 0307/1758] pbx/README.adoc: asterisk -rx "core show version" --- roles/pbx/README.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7bc3b2302..495ade871 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -238,6 +238,7 @@ sudo fwconsole reload * Exit the Asterisk CLI, and try Linux commands like: + ---- +asterisk -rx "core show version" asterisk -rx "pjsip show endpoints" asterisk -rx "cdr show status" ---- From a81def476c582706617fa012e89f60246e7cf893 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 25 May 2022 20:06:06 -0400 Subject: [PATCH 0308/1758] freepbx-16.0-latest.tgz STALE so git clone to /opt/iiab/freepbx --- roles/pbx/README.adoc | 11 ++----- roles/pbx/defaults/main.yml | 11 +++++-- roles/pbx/tasks/asterisk.yml | 4 +-- roles/pbx/tasks/freepbx.yml | 64 ++++++++++++++++++++---------------- roles/pbx/tasks/install.yml | 2 +- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 10 files changed, 54 insertions(+), 48 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 495ade871..5673041f9 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -289,18 +289,11 @@ Please also check the "Known Issues" at the bottom of https://github.com/iiab/ii _If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/pages/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ -. As of 2021-11-05, FreePBX 16 needed 2 lines to be manually patched in order to work with the new Asterisk 19 (https://github.com/iiab/iiab/issues/2934#issuecomment-962137815[#2934]). -+ -As of 2021-11-06, these 2 lines are live-patched (automatically) by IIAB when installing FreePBX (https://github.com/iiab/iiab/pull/3019[PR #3019]). We hope that this workaround becomes unnecessary in coming weeks, thanks to subsequent https://github.com/FreePBX/framework/tags[FreePBX 16 point releases]. -+ -*As of 2022-05-25, this issue remains (despite https://github.com/iiab/iiab/pull/3187[PR #3187]) and unnecessarily so as their `freepbx-16.0-latest.tgz` installer filename is unfortunately bogus (it's not really the latest, rather it's an earlier version of FreePBX from September 2021!) So a manual workaround is to unpack the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to `/opt/iiab/freepbx` — _instead of_ https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 — until a proper fix arrive (https://github.com/iiab/iiab/issues/3228[#3228]).* - - . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + -If not, the https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L151-L163[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` +If not, the https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L174-L186[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` -. The https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L208-L211[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? +. The https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L213-L220[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? + See the output of `asterisk -rx "cdr show status"` as mentioned at https://github.com/iiab/iiab/pull/2938#issuecomment-898693126[#2938] and https://github.com/iiab/iiab/pull/2942[PR #2942]. diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 6213f29cc..d66575a83 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -1,6 +1,9 @@ # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# 2019: Worked on Ubuntu 18.04, Debian 9 w/ Node.js 10.x, and seemingly RPi 3+. +# +# 2022-05-25: PHP 7.4 REQUIRED -- PLEASE READ: +# https://github.com/iiab/iiab/tree/master/roles/pbx#readme # 2021-08-03: Attempts FreePBX 16 Beta -- as required w/ PHP 7.4 OS's for #2897 +# 2019: Worked on Ubuntu 18.04, Debian 9 w/ Node.js 10.x, and seemingly RPi 3+. # pbx_install: False # pbx_enabled: False @@ -22,8 +25,10 @@ asterisk_url: http://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-19-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab -freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 -freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25: Filename is bogus (as it's not really the latest!) but manually unpacking the latest FreePBX 16.x .tar.gz from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx does appear to work -- instead of https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L69-L97 -- until a proper fix arrives (#3228). FYI PHP 7.4 IS MANDATORY FOR NOW (you've been warned!) Please also review https://github.com/iiab/iiab/tree/master/roles/pbx#readme +# freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 +# freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. +freepbx_git_url: https://github.com/FreePBX/framework +freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 56ece2541..f79b360c5 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -1,5 +1,5 @@ -# 2021-08-16 README.adoc, with screenshots: -# https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# 2022-05-25 README.adoc, with screenshots: +# https://github.com/iiab/iiab/tree/master/roles/pbx#readme # 2021-08-05: Asterisk's own install_prereq (below) handles essentially all of these diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 9a7f34a5a..12e6fd7b5 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -1,5 +1,5 @@ -# 2021-08-16 README.adoc, with screenshots: -# https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# 2022-05-25 README.adoc, with screenshots: +# https://github.com/iiab/iiab/tree/master/roles/pbx#readme # 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via @@ -66,35 +66,43 @@ include_tasks: apache.yml when: pbx_use_apache -- name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} - get_url: - url: "{{ freepbx_url }}/{{ freepbx_src_file }}" - dest: "{{ downloads_dir }}" # e.g. /opt/iiab/downloads/freepbx-16.0-latest.tgz - timeout: "{{ download_timeout }}" +# - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} +# get_url: +# url: "{{ freepbx_url }}/{{ freepbx_src_file }}" +# dest: "{{ downloads_dir }}" # e.g. /opt/iiab/downloads/freepbx-16.0-latest.tgz +# timeout: "{{ download_timeout }}" -- name: FreePBX - Check for {{ downloads_dir }}/{{ freepbx_src_file }} - stat: - path: "{{ downloads_dir }}/{{ freepbx_src_file }}" - register: freepbx_src +# - name: FreePBX - Check for {{ downloads_dir }}/{{ freepbx_src_file }} +# stat: +# path: "{{ downloads_dir }}/{{ freepbx_src_file }}" +# register: freepbx_src -- name: FreePBX - FAIL (force Ansible to exit) IF {{ downloads_dir }}/{{ freepbx_src_file }} doesn't exist - fail: - msg: "{{ downloads_dir }}/{{ freepbx_src_file }} is REQUIRED to install FreePBX." - when: not freepbx_src.stat.exists +# - name: FreePBX - FAIL (force Ansible to exit) IF {{ downloads_dir }}/{{ freepbx_src_file }} doesn't exist +# fail: +# msg: "{{ downloads_dir }}/{{ freepbx_src_file }} is REQUIRED to install FreePBX." +# when: not freepbx_src.stat.exists -- name: FreePBX - Create source dir {{ freepbx_src_dir }} - file: - path: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx - state: directory +# - name: FreePBX - Create source dir {{ freepbx_src_dir }} +# file: +# path: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx +# state: directory -- name: FreePBX - Extract to source dir (root:root) - unarchive: - src: "{{ downloads_dir }}/{{ freepbx_src_file }}" - dest: "{{ freepbx_src_dir }}" - owner: root - group: root - extra_opts: [--strip-components=1] - creates: "{{ freepbx_src_dir }}/install" +# - name: FreePBX - Extract to source dir (root:root) +# unarchive: +# src: "{{ downloads_dir }}/{{ freepbx_src_file }}" +# dest: "{{ freepbx_src_dir }}" +# owner: root +# group: root +# extra_opts: [--strip-components=1] +# creates: "{{ freepbx_src_dir }}/install" + +- name: FreePBX - git clone {{ freepbx_git_url }} -b {{ freepbx_git_branch }} --depth 1 {{ freepbx_src_dir }} (force) + git: + repo: "{{ freepbx_git_url }}" # https://github.com/FreePBX/framework + dest: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx + version: "{{ freepbx_git_branch }}" # e.g. release/16.0 + depth: 1 + force: yes # No longer needed since approx 2022-01-31 / 2022-02-14, as confirmed by: # https://github.com/FreePBX/framework/blob/release/16.0/install.php#L27 @@ -190,7 +198,7 @@ create: yes -- name: FreePBX - git clone https://github.com/mariadb-corporation/mariadb-connector-odbc to /usr/src/mariadb-connector-odbc +- name: FreePBX - git clone https://github.com/mariadb-corporation/mariadb-connector-odbc --depth 1 /usr/src/mariadb-connector-odbc (force) git: repo: https://github.com/mariadb-corporation/mariadb-connector-odbc dest: /usr/src/mariadb-connector-odbc diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index eb3163fe4..474ddb58d 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "ONLY PHP 7.4 IS SUPPORTED AS OF AUG 2021 -- PLEASE READ: https://github.com/iiab/iiab/tree/master/roles/pbx/#pbx-readme" +- name: "ONLY PHP 7.4 IS SUPPORTED AS OF MAY 2022 -- PLEASE READ: https://github.com/iiab/iiab/tree/master/roles/pbx#readme" meta: noop diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 7851b6cac..17b614453 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -657,7 +657,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 9681208c9..c5cda1688 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -408,7 +408,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 5c2f667d9..0958e1470 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -408,7 +408,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8098f8bfb..dc2e25bcb 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -408,7 +408,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 0fcc6aaa4..14e90b185 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -408,7 +408,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False From e7f8d57b9647f8777ca042109ad4e42def0c2bd4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 20:16:12 -0400 Subject: [PATCH 0309/1758] pbx/README.adoc: Update 2 stale URL's --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 5673041f9..f4a3876b7 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -285,9 +285,9 @@ image::files/password_change.jpg[] == Known Issues -Please also check the "Known Issues" at the bottom of https://github.com/iiab/iiab/wiki#our-evolution[IIAB's latest release notes]. +Please also check the "Known Issues" at the bottom of https://github.com/iiab/iiab/wiki#past-releases[IIAB's latest release notes]. -_If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/pages/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ +_If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + From 47bd30d480f874f1a733f617fbd4507b060e4f9a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 25 May 2022 20:31:12 -0400 Subject: [PATCH 0310/1758] Update pbx/README.adoc & use relative URL's (so readable offline) --- roles/pbx/README.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f4a3876b7..51625fd7e 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of April 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11, or Raspberry Pi OS 11 "Bullseye"]. @@ -55,7 +55,7 @@ Or, if you want to use FreePBX with Apache alone (http://box:83/freepbx), option pbx_use_nginx: False ---- + -If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/php/X.Y/cli/php.ini` and/or `/etc/php/X.Y/nginx/php.ini` (where `X.Y` is typically 7.4) as outlined within https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L88-L131[/opt/iiab/iiab/roles/www_options/tasks/main.yml] — some of which happens automatically if you also set: +If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/php/X.Y/cli/php.ini` and/or `/etc/php/X.Y/nginx/php.ini` (where `X.Y` is typically 7.4) as outlined within link:../www_options/tasks/main.yml#L86-L129[/opt/iiab/iiab/roles/www_options/tasks/main.yml] — some of which happens automatically if you also set: + ---- nginx_high_php_limits: True @@ -291,15 +291,15 @@ _If there's a bug or serious problem with IIAB, please do https://internet-in-a- . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + -If not, the https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L174-L186[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` +If not, the link:tasks/freepbx.yml#L175-L187[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` -. The https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L213-L220[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? +. The link:tasks/freepbx.yml#L214-L221[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? + See the output of `asterisk -rx "cdr show status"` as mentioned at https://github.com/iiab/iiab/pull/2938#issuecomment-898693126[#2938] and https://github.com/iiab/iiab/pull/2942[PR #2942]. . Raspberry Pi Zero W Warning + -Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then (https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards[attempt!]) to https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml[install Node.js] _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at https://github.com/iiab/iiab/issues/2082#issuecomment-569344617[#2082]). You might also need `apt install npm`. Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer. https://github.com/iiab/iiab/issues/1799[#1799] +Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then (https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards[attempt!]) to link:../nodejs/tasks/main.yml[install Node.js] _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at https://github.com/iiab/iiab/issues/2082#issuecomment-569344617[#2082]). You might also need `apt install npm`. Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer. https://github.com/iiab/iiab/issues/1799[#1799] //// From 8c0a9819676b14e44fd1bfb2fc6f81f50824f858 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 25 May 2022 22:54:43 -0400 Subject: [PATCH 0311/1758] freepbx.yml: Install official versions of 1 + 15 FreePBX modules --- roles/pbx/tasks/freepbx.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 12e6fd7b5..a94c30681 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -273,8 +273,18 @@ dest: /etc/systemd/system/ # Default module list https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 -- name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! - command: fwconsole ma upgradeall +# - name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! +# command: fwconsole ma upgradeall + +# 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 +- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help the ~15 modules below to install!) + command: fwconsole ma downloadinstall framework + +- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 + command: fwconsole reload + +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - NOTE THIS CAN TAKE SEVERAL MINUTES + command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail # - name: FreePBX - Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_use_nginx" # lineinfile: From 75b5e6d91f3287df5d759d7abaaece2a1b0f4cc1 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 May 2022 01:12:29 -0400 Subject: [PATCH 0312/1758] freepbx.yml: Skip 'fwconsole reload' for now (requires Asterisk live) --- roles/pbx/tasks/asterisk.yml | 6 +++--- roles/pbx/tasks/freepbx.yml | 11 ++++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index f79b360c5..bf4eb87e2 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -55,7 +55,7 @@ # name: aptitude # state: latest -- name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 5 MIN OR LONGER! +- name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install args: chdir: "{{ asterisk_src_dir }}" @@ -88,13 +88,13 @@ args: chdir: "{{ asterisk_src_dir }}" -- name: Asterisk - Run 'make' - CAN TAKE 8-30 MIN OR LONGER! +- name: Asterisk - Run 'make' - CAN TAKE 4-30 MIN OR LONGER! command: make args: chdir: "{{ asterisk_src_dir }}" creates: defaults.h -- name: Asterisk - Run 'make install' - CAN TAKE 2 MIN OR LONGER! +- name: Asterisk - Run 'make install' - CAN TAKE TIME 1-2 MIN W/ SLOW DISKS? command: make install args: chdir: "{{ asterisk_src_dir }}" diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index a94c30681..5481a734c 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -226,7 +226,7 @@ dest: /etc/asterisk/cdr_mysql.conf -- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - CAN TAKE 3-12 MIN OR LONGER! +- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) command: "{{ item }}" args: chdir: "{{ freepbx_src_dir }}" @@ -277,13 +277,14 @@ # command: fwconsole ma upgradeall # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 -- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help the ~15 modules below to install!) +- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help the ~15 modules below install!) command: fwconsole ma downloadinstall framework -- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 - command: fwconsole reload +# ERROR: "Unable to connect to remote asterisk" +# - name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +# command: fwconsole reload -- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - NOTE THIS CAN TAKE SEVERAL MINUTES +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail # - name: FreePBX - Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_use_nginx" From d98a6c70a4fc121fc50eee666bea6403029a08fe Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 May 2022 01:53:52 -0400 Subject: [PATCH 0313/1758] Try installing 1+15 FreePBX modules BEFORE forcing off Asterisk --- roles/pbx/tasks/freepbx.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 5481a734c..4c98133a4 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -236,6 +236,18 @@ - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} +# 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 +- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!) + command: fwconsole ma downloadinstall framework + +# ERROR IF RUN BELOW: "Unable to connect to remote asterisk" +- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 + command: fwconsole reload + +# DEFAULT MODULE LIST: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! + command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail + - name: FreePBX - Run 'fwconsole stop', 'killall -9 safe_asterisk' to stop both main Asterisk processes - this avoids "Unable to run Pre-Asterisk hooks, because Asterisk is already running" in 'journalctl -u freepbx' logs command: "{{ item }}" with_items: @@ -276,17 +288,6 @@ # - name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! # command: fwconsole ma upgradeall -# 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 -- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help the ~15 modules below install!) - command: fwconsole ma downloadinstall framework - -# ERROR: "Unable to connect to remote asterisk" -# - name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 -# command: fwconsole reload - -- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! - command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail - # - name: FreePBX - Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_use_nginx" # lineinfile: # path: /etc/freepbx.conf From 1f2eab54f4fe39b52e7fa4bf6ba0a1562358f135 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 May 2022 01:57:38 -0400 Subject: [PATCH 0314/1758] pbx/tasks/asterisk.yml: Typo in 'make install' output --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index bf4eb87e2..7c52248bf 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -94,7 +94,7 @@ chdir: "{{ asterisk_src_dir }}" creates: defaults.h -- name: Asterisk - Run 'make install' - CAN TAKE TIME 1-2 MIN W/ SLOW DISKS? +- name: Asterisk - Run 'make install' - CAN TAKE 1-2 MIN W/ SLOW DISKS? command: make install args: chdir: "{{ asterisk_src_dir }}" From 066837fe160792f39bbd44f6ca93150f0325a850 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 May 2022 02:06:14 -0400 Subject: [PATCH 0315/1758] Delineate sections in 336-line freepbx.yml --- roles/pbx/tasks/freepbx.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 4c98133a4..9ee2ed7a9 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -66,6 +66,7 @@ include_tasks: apache.yml when: pbx_use_apache + # - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} # get_url: # url: "{{ freepbx_url }}/{{ freepbx_src_file }}" @@ -104,6 +105,7 @@ depth: 1 force: yes + # No longer needed since approx 2022-01-31 / 2022-02-14, as confirmed by: # https://github.com/FreePBX/framework/blob/release/16.0/install.php#L27 # https://github.com/FreePBX/framework/blob/release/16.0/installlib/installcommand.class.php#L300 @@ -236,6 +238,7 @@ - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} + # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 - name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!) command: fwconsole ma downloadinstall framework @@ -248,6 +251,7 @@ - name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail + - name: FreePBX - Run 'fwconsole stop', 'killall -9 safe_asterisk' to stop both main Asterisk processes - this avoids "Unable to run Pre-Asterisk hooks, because Asterisk is already running" in 'journalctl -u freepbx' logs command: "{{ item }}" with_items: @@ -284,7 +288,8 @@ src: freepbx.service dest: /etc/systemd/system/ -# Default module list https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 + +# 2022-05-25: Replaced by 'fwconsole ma downloadinstall' commands above # - name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! # command: fwconsole ma upgradeall From 55e673e518f984872b66f43ec08a3e809e6c555c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 26 May 2022 09:36:29 -0400 Subject: [PATCH 0316/1758] freepbx.yml: Mention 2 new auto-installed FreePBX modules --- roles/pbx/tasks/freepbx.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 9ee2ed7a9..69d6eaf86 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -247,7 +247,8 @@ - name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 command: fwconsole reload -# DEFAULT MODULE LIST: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 +# DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 +# YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 - name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail From 58566cb8ca50caa95e265f41cb587501fb0f970b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 26 May 2022 11:23:34 -0400 Subject: [PATCH 0317/1758] pbx/README.adoc: THX Ron Raikes for his GitHub approach to installing FreePBX (PR #3229) --- roles/pbx/README.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 51625fd7e..81a2c5403 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -321,4 +321,8 @@ In August 2021 it was overhauled, with thanks to these 3 sources especially: * Comprehensive & recent recipe for Raspberry Pi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html * Popular but dated recipe: https://computingforgeeks.com/how-to-install-asterisk-16-with-freepbx-15-on-ubuntu-debian/ +In May 2022, installation of FreePBX was made more resilient in https://github.com/iiab/iiab/pull/3229[PR #3229] thanks to: + +* Ron Raikes' routine to install FreePBX from GitHub: https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 + Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 858895c50b5b9716378a9ddc7bd4a9669f7a2153 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 26 May 2022 13:56:33 -0400 Subject: [PATCH 0318/1758] pbx/README.adoc: Update FAQ.IIAB.IO URL's --- roles/pbx/README.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 81a2c5403..36c0f6cbf 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -34,7 +34,7 @@ https://en.wikipedia.org/wiki/FreePBX[FreePBX] is a web-based open source GUI (g Edit /etc/iiab/local_vars.yml to customize your Internet-in-a-Box? [Y/n] ---- + -Accept the challenge! Make sure your IIAB configuration file (http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]) contains: +Accept the challenge! Make sure your IIAB configuration file (https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]) contains: + ---- pbx_install: True @@ -43,7 +43,7 @@ pbx_enabled: True + FreePBX can be used with either or both web servers, NGINX on port 80 (as is new) and/or Apache on port 83 (as is traditional). + -If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB: +If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB: + ---- pbx_use_apache: False @@ -305,9 +305,9 @@ Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on //// == Raspberry Pi Known Issues -As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a http://wiki.laptop.org/go/IIAB/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. +As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. -It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support.3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] +It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support.3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] //// From 876f4461de94bc4e0c7289c6eaff0557549ed9ae Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 27 May 2022 18:55:28 -0400 Subject: [PATCH 0319/1758] Update kiwix/README.rst --- roles/kiwix/README.rst | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/kiwix/README.rst b/roles/kiwix/README.rst index 0a6aa1741..64c73aaa6 100644 --- a/roles/kiwix/README.rst +++ b/roles/kiwix/README.rst @@ -3,21 +3,21 @@ Kiwix README ============ Kiwix develops ZIM file creation & rendering tools for offline action, -as summarized at: http://wiki.kiwix.org/wiki/Software +as summarized at: https://wiki.kiwix.org/wiki/Software -Internet-in-a-Box uses the kiwix-serve and kiwix-manage executables (in -/opt/iiab/kiwix/bin) to set up and render ZIM files such as Wikipedia, and -other educational materials: http://download.kiwix.org/zim/ +Internet-in-a-Box uses executables like kiwix-manage, kiwix-serve and kiwix-search (in +``/opt/iiab/kiwix/bin``) to set up and render ZIM files (such as Wikipedia, and +other educational materials) typically from https://download.kiwix.org/zim/ Locations --------- -- Your ZIM files go in /library/zims/content -- Your ZIM index files go in directories under /library/zims/index (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!) +- Your ZIM files go in ``/library/zims/content`` +- Your ZIM index files used to go in directories under ``/library/zims/index`` (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!) - The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats) -- Use URL http://box:3000/kiwix/ if you want to avoid the proxy +- Use URL http://box:3000/kiwix if you want to avoid the proxy -Your local ZIM catalog (at /library/zims/library.xml) can be regenerated by running: -/usr/bin/iiab-make-kiwix-lib +Your ``/library/zims/library.xml`` (containing essential metadata for the ZIM files you've installed) can be regenerated if necessary, by running: +``/usr/bin/iiab-make-kiwix-lib`` -See "How do I add ZIM files, like Wikipedia?" at http://FAQ.IIAB.IO +See also "How do I add ZIM files, like Wikipedia?" at http://FAQ.IIAB.IO From 2678d79b2fdaaa5354191e09910bcf3e11694ac7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 27 May 2022 19:53:15 -0400 Subject: [PATCH 0320/1758] Update kiwix/README.rst --- roles/kiwix/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/README.rst b/roles/kiwix/README.rst index 64c73aaa6..e635be2de 100644 --- a/roles/kiwix/README.rst +++ b/roles/kiwix/README.rst @@ -5,7 +5,7 @@ Kiwix README Kiwix develops ZIM file creation & rendering tools for offline action, as summarized at: https://wiki.kiwix.org/wiki/Software -Internet-in-a-Box uses executables like kiwix-manage, kiwix-serve and kiwix-search (in +Internet-in-a-Box uses `kiwix-tools `_ executables like kiwix-manage, kiwix-serve and kiwix-search (in ``/opt/iiab/kiwix/bin``) to set up and render ZIM files (such as Wikipedia, and other educational materials) typically from https://download.kiwix.org/zim/ From 61ada786cdd6173e68df88c06feda539907ea2ae Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 May 2022 14:57:32 -0400 Subject: [PATCH 0321/1758] iiab-diagnostics: (1) Show commits even if non-root (2) Cleaner "/CANONICAL-PATH/CMD PARAMS" output (3) Lint to [[ $VAR == "" ]] --- scripts/iiab-diagnostics | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 633d467df..c79afa252 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -6,11 +6,14 @@ IIAB_RELEASE=`cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2` OS_VER=`cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2` -#HASH=`cd /opt/iiab/iiab; git log --pretty=format:'%h' -n 1` -HASH1=`cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1` -HASH2=`cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1` YMDT=$(date +%F_%T_%Z) +#HASH=`cd /opt/iiab/iiab; git log --pretty=format:'%h' -n 1` +git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root +HASH1=`cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1` +git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root +HASH2=`cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1` + echo -e "\nGathers IIAB diagnostics into 1 file, to accelerate troubleshooting. USAGE:" echo echo -e " iiab-diagnostics" @@ -19,7 +22,7 @@ echo -e " sudo iiab-diagnostics PATH/FILE1 PATH/FILE2 ... # COMPLETE RESU echo echo -ne "Can you provide a \e[1mshort public nickname:\e[0m (no spaces!) " read nickname < /dev/tty -if [ "$nickname" = "" ]; then +if [[ $nickname == "" ]]; then nickname="NONAME" fi @@ -82,18 +85,21 @@ function cat_dir() { fi } -function cat_cmd() { # $1 = command + params, $2 = explanation +function cat_cmd() { # $1 = command + params, $2 = explanation echo " $1 # $2" echo "=IIAB==========================================================================" >> $outfile - cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right - pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command on right - if [ "$2" = "" ]; then - echo "COMMAND: $pth$1" >> $outfile + #cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right (NOT NEC, 'command -v' does this!) + #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right + pthcmd=$(command -v $1) # Use canonical path on left; Drop params on right + spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between + #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) + if [[ $2 == "" ]]; then + echo "COMMAND: $pthcmd$spc_params" >> $outfile else - echo "COMMAND: $pth$1 # $2" >> $outfile + echo "COMMAND: $pthcmd$spc_params # $2" >> $outfile fi echo >> $outfile - if [ "$pth" = "" ]; then + if [[ $pthcmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else $(echo "eval $1") >> $outfile # eval is nec within backticks, so | (pipes) work: https://stackoverflow.com/a/7184782 @@ -101,7 +107,7 @@ function cat_cmd() { # $1 = command + params, $2 = explan echo >> $outfile } -function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail +function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail echo " $1" echo "=IIAB==========================================================================" >> $outfile cat_file_raw "$1" $2 # e.g. last 100 lines, maximum From 0654e5f6dcf36338638c1335ac87de22b0b24b67 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 29 May 2022 16:37:45 -0400 Subject: [PATCH 0322/1758] iiab-diagnostics: bash -c "$1" instead of eval/exec to fix globbing --- scripts/iiab-diagnostics | 5 ++++- scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index c79afa252..0002c7ea1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -102,7 +102,10 @@ function cat_cmd() { # $1 = command + params, $2 = explanation if [[ $pthcmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else - $(echo "eval $1") >> $outfile # eval is nec within backticks, so | (pipes) work: https://stackoverflow.com/a/7184782 + bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! + #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. + #eval $1 >> $outfile # Should be identical to below, i.e. insufficient -- "eval" combine ARGs into a single string. + #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT commands like 'ls -l /lib/firmware/brcm/*43455*' FAIL to output lines w/ filenames that contains spaces (ugly IFS issues!) fi echo >> $outfile } diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 715d99b14..f4aef576c 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 110-233 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 119-243 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From fc50d0995121001adc7d3c5b741e96fd99f26e55 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 29 May 2022 16:50:27 -0400 Subject: [PATCH 0323/1758] iiab-diagnostics: Avoid eval due to globbing "filenames that contain spaces (ugly IFS issues!)" --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 0002c7ea1..1f51df8b1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -105,7 +105,7 @@ function cat_cmd() { # $1 = command + params, $2 = explanation bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. #eval $1 >> $outfile # Should be identical to below, i.e. insufficient -- "eval" combine ARGs into a single string. - #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT commands like 'ls -l /lib/firmware/brcm/*43455*' FAIL to output lines w/ filenames that contains spaces (ugly IFS issues!) + #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT globbing like 'ls -l /lib/firmware/brcm/*43455*' FAILS to output lines w/ filenames that contain spaces (ugly IFS issues!) fi echo >> $outfile } From 4edc6c22bd7175e3c60a226b4f38e1a97b98bd2c Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Tue, 31 May 2022 06:51:57 -0400 Subject: [PATCH 0324/1758] Fix bug in cookie placement --- roles/matomo/tasks/install.yml | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 5c2303519..ac3aa0e9c 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -35,6 +35,10 @@ method: GET status_code: 200 register: matomo_welcome +- name: debug welcome + debug: + var: matomo_welcome + verbosity: 2 - name: Set a variable for the MATOMO_SESSID cookie set_fact: matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" @@ -52,6 +56,10 @@ timeout: 120 status_code: 200 register: matomo_system_check +- name: debug syscheck + debug: + var: matomo_system_check + verbosity: 2 - name: Matomo Database Setup uri: url: "{{ matomo_url }}index.php?action=databaseSetup" @@ -73,6 +81,20 @@ method: GET status_code: 200 register: matomo_table_creation +- name: Set a variable for the MATOMO_SESSID cookie + set_fact: + matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" + when: + - matomo_table_creation.cookies is defined + - matomo_table_creation.cookies | length > 0 + - cookie.key == "MATOMO_SESSID" + loop: "{{ matomo_table_creation.cookies | dict2items }}" + loop_control: + loop_var: cookie +- name: debug tablecreation + debug: + var: matomo_table_creation + verbosity: 2 - name: Matomo User Setup uri: url: "{{ matomo_url }}index.php?action=setupSuperUser&module=Installation" @@ -89,16 +111,6 @@ body_format: form-urlencoded status_code: 302 register: matomo_setup_superuser -- name: Set a variable for the MATOMO_SESSID cookie - set_fact: - matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" - when: - - matomo_table_creation.cookies is defined - - matomo_table_creation.cookies | length > 0 - - cookie.key == "MATOMO_SESSID" - loop: "{{ matomo_table_creation.cookies | dict2items }}" - loop_control: - loop_var: cookie - name: Configure Matomo to track IIAB uri: url: "{{ matomo_url }}index.php?action=firstWebsiteSetup&module=Installation" From 26727d23d407edd721564a9bb6b062bcb7a9b98a Mon Sep 17 00:00:00 2001 From: tim-moody Date: Tue, 31 May 2022 15:45:38 -0400 Subject: [PATCH 0325/1758] no services --- vars/local_vars_none.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 vars/local_vars_none.yml diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml new file mode 100644 index 000000000..86401c167 --- /dev/null +++ b/vars/local_vars_none.yml @@ -0,0 +1,11 @@ +# turn off defaults +remoteit_install: False +openvpn_install: False +kalite_install: False +kalite_enabled: False +kiwix_install: False +kiwix_enabled: False +osm_vector_maps_install: False +awstats_install: False +awstats_enabled: False +captiveportal_install: False From fba4bf3ba1659200d9be63306d85b88a0e27ddba Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 2 Jun 2022 19:33:05 -0400 Subject: [PATCH 0326/1758] mediawiki/defaults/main.yml: new release 1.38.0 --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index b49ce8a83..508208373 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.37 # "1.35" also works -mediawiki_minor_version: 2 +mediawiki_major_version: 1.38 # "1.35" also works +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From f0a5ca750be48f33b736ec4334f2988446d5ffc1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Jun 2022 10:45:48 -0400 Subject: [PATCH 0327/1758] mediawiki/defaults/main.yml: MediaWiki 1.38.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 508208373..b6c008387 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 2ffbde9b41730b2a71877d850edfcad4dffb78ae Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Jun 2022 12:01:14 -0400 Subject: [PATCH 0328/1758] kiwix/defaults/main.yml: kiwix-tools 3.3.0 (coming soon) --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 100999da2..66f2de5c5 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-5 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-5 -kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-5 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0 +kiwix_version_i686: kiwix-tools_linux-i586-3.3.0 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From cb1f00467a0c575d5fa22fbeb77498e1a76b9d01 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Jun 2022 19:58:21 -0400 Subject: [PATCH 0329/1758] mongodb/tasks/install.yml: Remove ancient comment --- roles/mongodb/tasks/install.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 6218c0cea..307b28cf4 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -51,9 +51,6 @@ template: src: mongod.conf.j2 dest: "{{ mongodb_conf }}" # /etc/mongod.conf - #owner: root - #group: root - #mode: 0644 # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") From edb26161db055b724edac5637d2113d4336ada7c Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 01:06:29 -0400 Subject: [PATCH 0330/1758] test.yml: Document ansible_local.local_facts, ansible_architecture etc --- test.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test.yml b/test.yml index 0b50a13b0..f00fd3b3c 100644 --- a/test.yml +++ b/test.yml @@ -55,4 +55,13 @@ - debug: var: f + - debug: + var: ansible_local.local_facts + - debug: + var: ansible_local.local_facts.os_ver + - debug: + var: ansible_architecture + - debug: + var: ansible_machine + # TEST ANSIBLE COMMANDS/MODULES HERE! From 71beb2c588422655739417baa6f8ac610aacaade Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 03:57:15 -0400 Subject: [PATCH 0331/1758] WIP: MongoDB Spring Cleaning (bug fixes) for #3236 --- roles/mongodb/tasks/install.yml | 46 ++++++++++++---- .../iiab-mongodb-repair-if-no-lock.j2 | 2 + roles/mongodb/templates/mongodb.service.j2 | 52 +++++++++++++++++-- 3 files changed, 87 insertions(+), 13 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 307b28cf4..2ce01e197 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -55,11 +55,11 @@ # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") -# 32-bit OS's are handled above: this should handle aarch32 including 32-bit Ubuntu -# from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04 32-bit might fail -# untested, and 32-bit Intel might puke as this was orginally deployed for Raspbian. -# (Haven't seen bootable 32-bit Intel installers for a while now.) -# 64-bit OS's proceed below. +# 32-bit OS's are handled above: this should handle aarch32 including 32-bit +# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04 32-bit +# might fail untested, and 32-bit Intel might puke as this was orginally +# deployed for Raspbian. (Haven't seen bootable 32-bit Intel installers for a +# while now.) 64-bit OS's proceed below. - block: - name: Add mongodb.org signing key (only 64-bit support available) @@ -111,15 +111,43 @@ - mongodb-org-server state: present - - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} (mongodb_conf) -- takes effect on next (re)start of the service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + - name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand lineinfile: path: "{{ mongodb_conf }}" - regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899 - #backrefs: yes + regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 + line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb + + # GRATUITOUS (port 27017 is already the default) + - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + lineinfile: + path: "{{ mongodb_conf }}" + regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899 line: " port: {{ mongodb_port }}" # 27017 + # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4 also reveals: + # (1) dbPath fix in /etc/mongod.conf (~12 lines above) from /var/lib/mongodb + # to /library/dbdata/mongodb + # (2) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID + # file (it may be zero bytes, but never goes away) as confirmed with + # MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now + # 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock + # (3) mongodb.service should really use a more graceful way to shut down + # than 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). + # (4) MongoDB 6.0 is likely imminent but in the meantime a 2022-01-12 option + # (stanza below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: + # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz + # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ + + - name: OVERWRITING AN APT PACKAGE IS RISKY (IT MIGHT LATER UPDATE + OVERWRITE THIS!) BUT FOR NOW download & unzip 76MB http://download.iiab.io/packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + unarchive: + remote_src: yes + src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" + dest: /usr/bin + when: rpi_model != "none" + # end block - when: (ansible_architecture == "aarch64") or (ansible_architecture == "x86_64") + when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + # 2. CONFIGURE MongoDB FOR IIAB diff --git a/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 b/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 index 790748103..433b98c5d 100644 --- a/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 +++ b/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 @@ -1,5 +1,7 @@ #!/bin/bash +# 2022-06-07: 100% BOGUS+USELESS with MongoDB 4+ -- SEE mongodb.service & #3236 + if [ -f {{ mongodb_db_lock_file }} ]; then echo '"mongod --repair" cannot run when {{ mongodb_db_lock_file }} present.' >&2 # Output to STDERR but keep going, so /etc/systems/system/mongodb.service continues else diff --git a/roles/mongodb/templates/mongodb.service.j2 b/roles/mongodb/templates/mongodb.service.j2 index 1ae050ae8..6e371da7d 100644 --- a/roles/mongodb/templates/mongodb.service.j2 +++ b/roles/mongodb/templates/mongodb.service.j2 @@ -1,3 +1,40 @@ +# 2022-06-07: IS MongoDB's OFFICIAL /lib/systemd/system/mongod.service USEFUL? + +# [Unit] +# Description=MongoDB Database Server +# Documentation=https://docs.mongodb.org/manual +# After=network-online.target +# Wants=network-online.target + +# [Service] +# User=mongodb +# Group=mongodb +# EnvironmentFile=-/etc/default/mongod +# ExecStart=/usr/bin/mongod --config /etc/mongod.conf +# PIDFile=/var/run/mongodb/mongod.pid +# # file size +# LimitFSIZE=infinity +# # cpu time +# LimitCPU=infinity +# # virtual memory size +# LimitAS=infinity +# # open files +# LimitNOFILE=64000 +# # processes/threads +# LimitNPROC=64000 +# # locked memory +# LimitMEMLOCK=infinity +# # total threads (user+kernel) +# TasksMax=infinity +# TasksAccounting=false + +# # Recommended limits for mongod as specified in +# # https://docs.mongodb.com/manual/reference/ulimit/#recommended-ulimit-settings + +# [Install] +# WantedBy=multi-user.target + + [Unit] Description=High-performance, schema-free document-oriented database After=syslog.target network.target @@ -6,15 +43,22 @@ After=syslog.target network.target Type=simple User=mongodb Group=mongodb -# FAILS (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942) +{% if not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") %} +# USED TO FAIL (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942) #ExecStartPre=/usr/bin/mongod --repair --dbpath /library/dbdata/mongodb # FAILS as systemd cannot run bash here: #ExecStartPre=if [ ! -f /library/dbdata/mongodb/mongod.lock ]; then /usr/bin/mongod --repair --dbpath {{ mongodb_db_path }}; fi +# 2022-06-07: MIGHT STILL BE USEFUL for MongoDB 3.x (i.e. on 32-bit RasPiOS) ExecStartPre=/usr/bin/iiab-mongodb-repair-if-no-lock +{% endif %} ExecStart=/usr/bin/mongod -f {{ mongodb_conf }} -ExecStop=/usr/bin/killall mongod -# killall's SIGTERM (15) seems fine, to induce a graceful stop. This would work too: -#ExecStop=mongod --dbpath {{ mongodb_db_path }} --shutdown +#ExecStop=/usr/bin/killall mongod +# killall's SIGTERM (15) above no longer induces a graceful stop w/ MongoDB 5+ +# https://www.mongodb.com/docs/manual/reference/method/db.shutdownServer/ +# https://www.mongodb.com/docs/v5.0/reference/command/shutdown/ +# https://www.mongodb.com/docs/v6.0/reference/command/shutdown/ +ExecStop=/usr/bin/mongod -f {{ mongodb_conf }} --shutdown +#ExecStop=/usr/bin/mongod --dbpath {{ mongodb_db_path }} --shutdown [Install] WantedBy=multi-user.target From 64e178c822a32961a6538392eba65e973afe95fa Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 13:52:20 -0400 Subject: [PATCH 0332/1758] test.yml: Document ansible_facts['distribution'] etc --- test.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/test.yml b/test.yml index f00fd3b3c..ad68e07da 100644 --- a/test.yml +++ b/test.yml @@ -56,9 +56,19 @@ var: f - debug: - var: ansible_local.local_facts + var: ansible_local.local_facts # SEE: /opt/iiab/iiab/scripts/local_facts.fact - debug: var: ansible_local.local_facts.os_ver + + # Since Ansible 2.7, avoid ansible_distribution: https://github.com/iiab/iiab/pull/3237 + # https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html#commonly-used-facts + + - debug: + var: ansible_facts['distribution'] # ansible_facts.distribution ? + - debug: + var: ansible_facts['os_family'] # ansible_facts.os_family ? + - debug: + var: ansible_facts['distribution_major_version'] # ansible_facts.distribution_major_version ? - debug: var: ansible_architecture - debug: From 4084fd1ade21f913503dd2c2cdc94dbc1e99c84d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 7 Jun 2022 14:05:51 -0400 Subject: [PATCH 0333/1758] test.yml: YAML disallows tab indentation, #3239 --- test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.yml b/test.yml index ad68e07da..5364223a5 100644 --- a/test.yml +++ b/test.yml @@ -38,7 +38,7 @@ #a: b: c: # Space - #d: # Tab + #d: # Tabs NO LONGER ALLOWED, in strict YAML: https://stackoverflow.com/a/19976827 e: '' f: "" From 35fa7634d90e9089370b76ca42979f0446a202f3 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 15:47:04 -0400 Subject: [PATCH 0334/1758] Unblock Kolibri 0.15.3 install on Ubuntu 22.04+ --- roles/7-edu-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 327b1ca3f..b7dd56855 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: kolibri_install - name: KIWIX include_role: From 56e5cc48b9c0eec3415ac73741224b3297ca4104 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jun 2022 23:22:35 -0400 Subject: [PATCH 0335/1758] WIP: Tighten up roles/mongodb --- roles/mongodb/tasks/install.yml | 80 ++++++++++++++++++++------------- roles/mongodb/tasks/main.yml | 15 ++++--- 2 files changed, 57 insertions(+), 38 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 2ce01e197..fa5f94ac7 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -67,7 +67,7 @@ args: warn: false - - name: Use mongodb-org's Debian repo for Debian (only amd64 support available) + - name: Use mongodb-org's Debian repo for Debian on x86_64 (only amd64 support available) apt_repository: # 2020-10-28: http://repo.mongodb.org/apt/debian/dists/ supports only # {buster 10, stretch 9, jessie 8, wheezy 7} @@ -76,38 +76,45 @@ #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org - when: is_debian and (ansible_architecture == "x86_64") + when: is_debian and ansible_architecture == "x86_64" - # Debian 10 aarch64 might work below but is blocked in main.yml - - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 + - name: Otherwise use mongodb-org's Ubuntu focal repo [ arch=amd64,arm64 ] apt_repository: repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse state: present filename: mongodb-org - when: is_raspbian and (ansible_architecture == "aarch64") + when: not (is_debian and ansible_architecture == "x86_64") - - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only - apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - state: present - filename: mongodb-org - when: is_linuxmint + # # Debian 10 aarch64 might work below but is blocked in main.yml + # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 + # apt_repository: + # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + # state: present + # filename: mongodb-org + # when: is_raspbian and (ansible_architecture == "aarch64") - - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only - apt_repository: - # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only - # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} - # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse - state: present - filename: mongodb-org - when: is_ubuntu and not is_linuxmint + # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only + # apt_repository: + # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + # state: present + # filename: mongodb-org + # when: is_linuxmint + + # - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only + # apt_repository: + # # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only + # # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} + # # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: + # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + # #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse + # state: present + # filename: mongodb-org + # when: is_ubuntu and not is_linuxmint - name: "Install packages: mongodb-org, mongodb-org-server" package: name: - - mongodb-org + - mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?) - mongodb-org-server state: present @@ -124,21 +131,32 @@ regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899 line: " port: {{ mongodb_port }}" # 27017 - # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4 also reveals: - # (1) dbPath fix in /etc/mongod.conf (~12 lines above) from /var/lib/mongodb - # to /library/dbdata/mongodb - # (2) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID + # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... + # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 + # ...as ARM v8-A < ARM v8.2-A ...also reveals: + # + # (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. + # For AMD x86_64, MongoDB 5.x requires Bulldozer or later. + # Roughly speaking, this means CPUs with AVX instructions: + # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 + # (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from + # /var/lib/mongodb to /library/dbdata/mongodb + # (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID # file (it may be zero bytes, but never goes away) as confirmed with # MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now # 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock - # (3) mongodb.service should really use a more graceful way to shut down - # than 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). - # (4) MongoDB 6.0 is likely imminent but in the meantime a 2022-01-12 option - # (stanza below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: + # (4) mongodb.service needed a more graceful way to shut down than + # 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). + # (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12 + # lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - name: OVERWRITING AN APT PACKAGE IS RISKY (IT MIGHT LATER UPDATE + OVERWRITE THIS!) BUT FOR NOW download & unzip 76MB http://download.iiab.io/packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + - name: Run 'apt-mark hold mongodb-org mongodb-org-server' if hardware is Raspberry Pi (any 64-bit OS) so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + command: apt-mark hold mongodb-org mongodb-org-server + when: rpi_model != "none" + + - name: Unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin, if hardware is Raspberry Pi (any 64-bit OS) unarchive: remote_src: yes src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index e5e2f20ba..b728aac82 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -35,18 +35,19 @@ - debug: var: is_raspbian -# might be able to lift this once we know using bionic would work -- name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64 - fail: # FORCE IT RED THIS ONCE! - msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) - when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian - ignore_errors: yes +# # might be able to lift this once we know using bionic would work +# - name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64 +# fail: # FORCE IT RED THIS ONCE! +# msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) +# when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian +# ignore_errors: yes # ELSE... - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml - when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) + when: mongodb_installed is undefined + # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) - name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) From 56d428ede0ffaa21c0edb3e504bffc5b5d1e7904 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 8 Jun 2022 16:22:32 -0400 Subject: [PATCH 0336/1758] mongodb/tasks/install.yml: Clean comments & spacing --- roles/mongodb/tasks/install.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index fa5f94ac7..e9ff59322 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -1,4 +1,4 @@ -# 1. INSTALL MongoDB PACKAGES OR BINARIES +# 1. INSTALL MongoDB PACKAGES AND/OR BINARIES # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so # https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/ is @@ -56,10 +56,10 @@ when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # 32-bit OS's are handled above: this should handle aarch32 including 32-bit -# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04 32-bit -# might fail untested, and 32-bit Intel might puke as this was orginally -# deployed for Raspbian. (Haven't seen bootable 32-bit Intel installers for a -# while now.) 64-bit OS's proceed below. +# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and +# 22.04+ 32-bit might fail untested, and 32-bit Intel might puke as this was +# orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel +# installers for a while now.) 64-bit OS's proceed below. - block: - name: Add mongodb.org signing key (only 64-bit support available) @@ -91,7 +91,7 @@ # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse # state: present # filename: mongodb-org - # when: is_raspbian and (ansible_architecture == "aarch64") + # when: is_raspbian and ansible_architecture == "aarch64" # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only # apt_repository: @@ -167,7 +167,6 @@ when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" - # 2. CONFIGURE MongoDB FOR IIAB - name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}' From 14adcdd6c992f2cd77603eb14d98de26f84cff4e Mon Sep 17 00:00:00 2001 From: root Date: Wed, 8 Jun 2022 16:43:59 -0400 Subject: [PATCH 0337/1758] nodered/tasks/rpi_desk.yml: Interim patch comments out 'pi' on RasPiOS --- roles/nodered/tasks/rpi_desk.yml | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/roles/nodered/tasks/rpi_desk.yml b/roles/nodered/tasks/rpi_desk.yml index bc61c971f..1686994e8 100644 --- a/roles/nodered/tasks/rpi_desk.yml +++ b/roles/nodered/tasks/rpi_desk.yml @@ -30,18 +30,21 @@ - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log -- name: Create /home/pi/.node-red/ directory (rpi) - file: - path: /home/pi/.node-red - state: directory - owner: pi - group: pi - mode: 0775 +# 2022-06-08 #3245: Raspberry Pi OS recently removed the 'pi' user. For now, +# until converging on a longer-term strategy, let's comment out both stanzas. -- name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) - template: - src: settings.js.j2 - dest: /home/pi/.node-red/settings.js - owner: pi - group: pi - mode: 0755 +# - name: Create /home/pi/.node-red/ directory (rpi) +# file: +# path: /home/pi/.node-red +# state: directory +# owner: pi +# group: pi +# mode: 0775 + +# - name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) +# template: +# src: settings.js.j2 +# dest: /home/pi/.node-red/settings.js +# owner: pi +# group: pi +# mode: 0755 From 840eca85cef4d36028e5f7cbb510e5f9d11c47ba Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 15:58:49 -0400 Subject: [PATCH 0338/1758] Rework + modernize roles/nodered (no more 'pi', ETC) --- .../{nginx.yml => enable-or-disable.yml} | 16 +++ roles/calibre-web/tasks/main.yml | 18 +-- roles/cups/tasks/install.yml | 2 +- .../{nginx.yml => enable-or-disable.yml} | 16 +++ roles/kolibri/tasks/main.yml | 18 +-- roles/nextcloud/tasks/main.yml | 1 - roles/nodered/defaults/main.yml | 7 +- .../{nginx.yml => enable-or-disable.yml} | 18 ++- roles/nodered/tasks/group.yml | 26 ---- roles/nodered/tasks/install.yml | 65 +++++++--- roles/nodered/tasks/main.yml | 18 +-- roles/nodered/tasks/os-integration.yml | 68 +++++++++++ roles/nodered/tasks/rpi_desk.yml | 50 -------- roles/nodered/tasks/settings.yml | 112 ++++++++++++++++++ ...d.service.j2 => nodered.service.j2.unused} | 0 .../{settings.js.j2 => settings.js.j2.unused} | 4 +- roles/pbx/tasks/freepbx.yml | 4 +- roles/sugarizer/tasks/main2.yml | 3 +- 18 files changed, 288 insertions(+), 158 deletions(-) rename roles/calibre-web/tasks/{nginx.yml => enable-or-disable.yml} (67%) rename roles/kolibri/tasks/{nginx.yml => enable-or-disable.yml} (64%) rename roles/nodered/tasks/{nginx.yml => enable-or-disable.yml} (54%) delete mode 100644 roles/nodered/tasks/group.yml create mode 100644 roles/nodered/tasks/os-integration.yml delete mode 100644 roles/nodered/tasks/rpi_desk.yml create mode 100644 roles/nodered/tasks/settings.yml rename roles/nodered/templates/{nodered.service.j2 => nodered.service.j2.unused} (100%) rename roles/nodered/templates/{settings.js.j2 => settings.js.j2.unused} (99%) diff --git a/roles/calibre-web/tasks/nginx.yml b/roles/calibre-web/tasks/enable-or-disable.yml similarity index 67% rename from roles/calibre-web/tasks/nginx.yml rename to roles/calibre-web/tasks/enable-or-disable.yml index 046bc65b8..b196176f9 100644 --- a/roles/calibre-web/tasks/nginx.yml +++ b/roles/calibre-web/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled + systemd: + name: calibre-web + daemon_reload: yes + enabled: yes + state: restarted + when: calibreweb_enabled + +- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled + systemd: + name: calibre-web + enabled: no + state: stopped + when: not calibreweb_enabled + + # TO DO: restore http://box/libros & http://box/livres etc, alongside English (#2195) # RELATED: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index e8be74274..9d6e53333 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -24,23 +24,7 @@ when: calibreweb_installed is undefined -- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled - systemd: - name: calibre-web - daemon_reload: yes - enabled: yes - state: restarted - when: calibreweb_enabled - -- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled - systemd: - name: calibre-web - enabled: no - state: stopped - when: not calibreweb_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'calibre-web' variable values to {{ iiab_ini_file }} diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index ea073de16..d585b42e0 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -49,7 +49,7 @@ blockinfile: path: /etc/cups/cupsd.conf insertafter: '^$' - block: |2 # Indent with 2 spaces, and surround block with 2 comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK" + block: |2 # |n MEANS: Set the block's left edge n CHARACTERS TO THE RIGHT of *this line's* indentation -- where n is {1..9} -- instead of setting its left edge to the 1st non-blank line's indentation below. Also surround block with comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK" AuthType Default Require user @SYSTEM diff --git a/roles/kolibri/tasks/nginx.yml b/roles/kolibri/tasks/enable-or-disable.yml similarity index 64% rename from roles/kolibri/tasks/nginx.yml rename to roles/kolibri/tasks/enable-or-disable.yml index 379339b68..8204b3aee 100644 --- a/roles/kolibri/tasks/nginx.yml +++ b/roles/kolibri/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled + systemd: + name: kolibri + daemon_reload: yes + enabled: yes + state: started + when: kolibri_enabled + +- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled + systemd: + name: kolibri + enabled: no + state: stopped + when: not kolibri_enabled + + - name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_conf_dir }}/kolibri-nginx.conf from template # http://box/kolibri template: src: kolibri-nginx.conf.j2 diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index aebecece9..680724179 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -29,23 +29,7 @@ when: kolibri_installed is undefined -- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled - systemd: - name: kolibri - daemon_reload: yes - enabled: yes - state: started - when: kolibri_enabled - -- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled - systemd: - name: kolibri - enabled: no - state: stopped - when: not kolibri_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 83877e92e..ae5587642 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -26,7 +26,6 @@ - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - when: nginx_enabled - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} diff --git a/roles/nodered/defaults/main.yml b/roles/nodered/defaults/main.yml index f68a595d3..f7cf092a5 100644 --- a/roles/nodered/defaults/main.yml +++ b/roles/nodered/defaults/main.yml @@ -9,9 +9,10 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -nodered_user: Admin -nodered_password: changeme # REMOVE THIS PASSWORD REMINDER LINE AS NECESSARY -nodered_password_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPMNz7q +nodered_linux_user: nodered + +nodered_admin_user: Admin +nodered_admin_pwd_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPMNz7q # Password itself is "changeme" # TO GENERATE A NEW PASSWORD HASH, run 'node-red-admin hash-pw' and enter # the new password. Paste the resulting hash as above, but into your own: diff --git a/roles/nodered/tasks/nginx.yml b/roles/nodered/tasks/enable-or-disable.yml similarity index 54% rename from roles/nodered/tasks/nginx.yml rename to roles/nodered/tasks/enable-or-disable.yml index e7affdab7..87a1c8d2a 100644 --- a/roles/nodered/tasks/nginx.yml +++ b/roles/nodered/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & (Re)start 'nodered' systemd service, if nodered_enabled + systemd: + name: nodered + daemon_reload: yes + enabled: yes + state: restarted + when: nodered_enabled + +- name: Disable & Stop 'nodered' systemd service, if not nodered_enabled + systemd: + name: nodered + enabled: no + state: stopped + when: not nodered_enabled + + - name: Enable http://box/nodered via NGINX, by installing {{ nginx_conf_dir }}/nodered-nginx.conf from template template: src: nodered-nginx.conf.j2 @@ -6,7 +22,7 @@ - name: Disable http://box/nodered via NGINX, by removing {{ nginx_conf_dir }}/nodered-nginx.conf file: - path: "{{ nginx_conf_dir }}/nodered-nginx.conf" # /etc/nginx/conf.d + path: "{{ nginx_conf_dir }}/nodered-nginx.conf" state: absent when: not nodered_enabled diff --git a/roles/nodered/tasks/group.yml b/roles/nodered/tasks/group.yml deleted file mode 100644 index ad4499023..000000000 --- a/roles/nodered/tasks/group.yml +++ /dev/null @@ -1,26 +0,0 @@ -- name: Ensure Linux group 'nodered' exists (if not rpi) - group: - name: nodered - state: present - -- name: Ensure Linux user 'nodered' exists and is added to group 'nodered' (if not rpi) - user: - name: nodered - group: nodered - -- name: Ensure directory /home/nodered/.node-red/ exists (if not rpi) - file: - path: /home/nodered/.node-red - state: directory - owner: nodered - group: nodered - mode: 0775 - -- name: Install /home/nodered/.node-red/settings.js from template, with authentication (if not rpi) - template: - backup: yes - src: settings.js.j2 - dest: /home/nodered/.node-red/settings.js - owner: nodered - group: nodered - mode: 0755 diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 3c95f7408..7ee0a7d73 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -16,7 +16,7 @@ msg: "Node-RED install cannot proceed, as Node.js is not installed." when: nodejs_installed is undefined -# 2020-10-29: not really be nec as Node-RED supports recent Node.js versions +# 2020-10-29: not really nec as Node-RED supports recent Node.js versions #- name: FAIL (STOP THE INSTALL) IF 'nodejs_version != "12.x"' # fail: # msg: "Node-RED install cannot proceed, as it currently requires Node.js 12.x, whereas nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc." @@ -36,7 +36,6 @@ package: name: nodered state: absent - when: nodered_install # 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED # environment, inspired by: @@ -44,15 +43,22 @@ # https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered # https://github.com/iiab/iiab/pull/1497 -- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" - command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard - #command: npm install -g --unsafe-perm node-red@latest node-red-admin@latest node-red-dashboard@latest - # Above "@latest" is recommended by https://nodered.org/docs/hardware/raspberrypi (SHOULD WE CONSIDER?) - when: nodered_install +# https://nodered.org/docs/user-guide/node-red-admin built in since Node-RED +# 1.1.0 (2020-06-30). Run it using: node-red admin +# If you install it separately, run: node-red-admin +# +#- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" +- name: "Globally 'npm install' 2 Node-RED packages: node-red, node-red-dashboard" + #command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard + command: npm install -g --unsafe-perm node-red@latest node-red-dashboard@latest + # Above "@latest" recommended by https://nodered.org/docs/hardware/raspberrypi back in 2019 -- name: "Globally 'npm install' 8 Node-RED learning examples for RPi: node-red-contrib-ibm-watson-iot, node-red-contrib-play-audio, node-red-node-ledborg, node-red-node-ping, node-red-node-pi-sense-hat, node-red-node-random, node-red-node-serialport, node-red-node-smooth" - command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth - when: nodered_install and is_raspbian +# 2022-06-08: New list copied from $EXTRANODES in https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +- name: "Globally 'npm install' 6 Node-RED learning examples IF Raspberry Pi hardware detected: node-red-node-pi-gpio, node-red-node-random, node-red-node-ping, node-red-contrib-play-audio, node-red-node-smooth, node-red-node-serialport" + #command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth + command: npm install -g --unsafe-perm node-red-node-pi-gpio@latest node-red-node-random@latest node-red-node-ping@latest node-red-contrib-play-audio@latest node-red-node-smooth@latest node-red-node-serialport@latest + #command: npm i --unsafe-perm --save --no-progress --no-update-notifier --no-audit --no-fund node-red-node-pi-gpio@latest node-red-node-random@latest node-red-node-ping@latest node-red-contrib-play-audio@latest node-red-node-smooth@latest node-red-node-serialport@latest 2>&1 + when: rpi_model != "none" ## To protect pre-installed packages within /usr/lib/node_modules in graphical ## desktop OS's like Raspbian Desktop & Ubermix, we now only install those that @@ -89,18 +95,39 @@ # creates: /usr/lib/node_modules/node-red-dashboard # when: nodered_install and internet_available -- include_tasks: group.yml - when: nodered_install and not is_raspbian +- include_tasks: settings.yml + #when: not is_raspbian -- include_tasks: rpi_desk.yml - when: nodered_install and is_raspbian +- include_tasks: os-integration.yml +#- include_tasks: rpi_desk.yml +# when: is_raspbian -- name: Install /etc/systemd/system/nodered.service systemd unit file from template - template: - backup: no - src: nodered.service.j2 +# 2022-06-08 OFFICIALLY RECOMMENDED /lib/systemd/system/nodered.service IS: +# https://github.com/node-red/linux-installers/blob/master/resources/nodered.service +# EXPLAINED AT https://nodered.org/docs/faq/customising-systemd-on-pi +# +# AS RECOMMENDED BY OFFICIAL INSTALLER SCRIPT: +# https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +# OFFICIAL INSTRUCTIONS: https://nodered.org/docs/getting-started/local +# https://nodered.org/docs/getting-started/raspberrypi +# +# Should /lib be considered instead of /etc ? +# - name: Install /etc/systemd/system/nodered.service systemd unit file from template +# template: +# src: nodered.service.j2 +# dest: /etc/systemd/system/nodered.service + +- name: Start by downloading https://github.com/node-red/linux-installers/blob/master/resources/nodered.service to /etc/systemd/system/nodered.service + get_url: + url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/nodered.service dest: /etc/systemd/system/nodered.service - # mode: '0666' + timeout: "{{ download_timeout }}" + +- name: Replace every '[=/]pi' with '[=/]{{ nodered_linux_user }}' (nodered_linux_user) in /etc/systemd/system/nodered.service + replace: + path: /etc/systemd/system/nodered.service + regexp: '([=/])pi' # e.g. nodered_linux_user: nodered + replace: '\1{{ nodered_linux_user }}' # \1 is a back-reference to above '=' or '/' -- like sed, but Ansible uses https://docs.python.org/3/library/re.html # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml #- name: Enable proxy_wstunnel apache2 module diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 2add807b2..2b5e3525b 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -24,23 +24,7 @@ when: nodered_installed is undefined -- name: Enable & (Re)start 'nodered' systemd service, if nodered_enabled - systemd: - name: nodered - daemon_reload: yes - enabled: yes - state: restarted - when: nodered_enabled - -- name: Disable & Stop 'nodered' systemd service, if not nodered_enabled - systemd: - name: nodered - enabled: no - state: stopped - when: not nodered_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'nodered' variable values to {{ iiab_ini_file }} diff --git a/roles/nodered/tasks/os-integration.yml b/roles/nodered/tasks/os-integration.yml new file mode 100644 index 000000000..c7b008da3 --- /dev/null +++ b/roles/nodered/tasks/os-integration.yml @@ -0,0 +1,68 @@ +# 2022-06-08: This file used to be rpi_desk.yml + +# 2022-06-09: Crucially, the 3 "dest" dirs (below) exist on all mainline OS's +- name: "Download 3 Node-RED enhancements: Node-RED icon, start menu item, /etc/logrotate.d/nodered" + get_url: + url: "{{ item.url }}" + dest: "{{ item.dest }}" + force: yes + timeout: "{{ download_timeout }}" + with_items: + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-icon.svg + dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/Node-RED.desktop + dest: /usr/share/applications/Node-RED.desktop + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/nodered.rotate + dest: /etc/logrotate.d/nodered + # 2022-06-08: New versions above, pasted from https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg + # dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop + # dest: /usr/share/applications/Node-RED.desktop + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate + # dest: /etc/logrotate.d/nodered + # - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' + # dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' + +#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) +# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' +# when: nodered_install and internet_available and is_raspbian + +#- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' +- name: 'Install 5 executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-reload, node-red-log' + get_url: + url: "{{ item }}" + dest: /usr/bin + mode: a+x + force: yes + timeout: "{{ download_timeout }}" + with_items: + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-start + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-stop + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-restart + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-reload + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-log + # 2022-08-06: New versions above, pasted from https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log + +# 2022-06-08 #3245: Raspberry Pi OS recently removed the 'pi' user. For now, +# until converging on a longer-term strategy, let's comment out both stanzas: + +# - name: Create /home/pi/.node-red/ directory (rpi) +# file: +# path: /home/pi/.node-red +# state: directory +# owner: pi +# group: pi +# mode: 0775 + +# - name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) +# template: +# src: settings.js.j2 +# dest: /home/pi/.node-red/settings.js +# owner: pi +# group: pi +# mode: 0755 diff --git a/roles/nodered/tasks/rpi_desk.yml b/roles/nodered/tasks/rpi_desk.yml deleted file mode 100644 index 1686994e8..000000000 --- a/roles/nodered/tasks/rpi_desk.yml +++ /dev/null @@ -1,50 +0,0 @@ -# TEST UNNEC ICON/MENU FILE PLACEMENT ON RASPIAN LITE TOO ! -- name: 'Download/Install 4 useful items for RPi: Node-RED icon, start menu item, /etc/logrotate.d/nodered, tweaked "Pi cpu temperature.json"' - get_url: - url: "{{ item.url }}" - dest: "{{ item.dest }}" - timeout: "{{ download_timeout }}" - with_items: - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg - dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop - dest: /usr/share/applications/Node-RED.desktop - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate - dest: /etc/logrotate.d/nodered - - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' - dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' - -#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) -# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' -# when: nodered_install and internet_available and is_raspbian - -- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' - get_url: - url: "{{ item }}" - dest: /usr/bin - mode: a+x - timeout: "{{ download_timeout }}" - with_items: - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log - -# 2022-06-08 #3245: Raspberry Pi OS recently removed the 'pi' user. For now, -# until converging on a longer-term strategy, let's comment out both stanzas. - -# - name: Create /home/pi/.node-red/ directory (rpi) -# file: -# path: /home/pi/.node-red -# state: directory -# owner: pi -# group: pi -# mode: 0775 - -# - name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) -# template: -# src: settings.js.j2 -# dest: /home/pi/.node-red/settings.js -# owner: pi -# group: pi -# mode: 0755 diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml new file mode 100644 index 000000000..ade1b61f8 --- /dev/null +++ b/roles/nodered/tasks/settings.yml @@ -0,0 +1,112 @@ +- name: Ensure Linux group '{{ nodered_linux_user }}' exists + group: + name: "{{ nodered_linux_user }}" + state: present + +- name: Ensure nodered_linux_user '{{ nodered_linux_user }}' exists and is added to group '{{ nodered_linux_user }}' + user: + name: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" # Primary group + +- name: Ensure directory /home/{{ nodered_linux_user }}/.node-red/ exists + file: + path: /home/{{ nodered_linux_user }}/.node-red + state: directory + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + mode: 0775 + + +# - name: Install /home/{{ nodered_linux_user }}/.node-red/settings.js from template, with authentication +# template: +# backup: yes +# src: settings.js.j2 +# dest: /home/{{ nodered_linux_user }}/.node-red/settings.js +# owner: "{{ nodered_linux_user }}" +# group: "{{ nodered_linux_user }}" +# mode: 0755 + +# 2022-06-08 some alternative options arising from official installer +# https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +# +# 1) User {{ nodered_linux_user }} run 'node-red admin init' to create /home/{{ NODERED_LINUX_USER }}/.node-red/settings.js +# 2) Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ NODERED_LINUX_USER }}/.node-red/settings.js +# 3) https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js +# +# Approach 1) (THEIR VERY INTERACTIVE SCRIPT) can't be automated like this: +#- name: Run 'node-red admin init' as user '{{ nodered_linux_user }}' to create /home/{{ nodered_linux_user }}/.node-red/settings.js +# command: runuser -u {{ nodered_linux_user }} node-red admin init + +- name: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js + copy: + remote_src: yes + src: /usr/lib/node_modules/node-red/settings.js + dest: /home/{{ nodered_linux_user }}/.node-red/settings.js + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + #mode: preserve # Implied (and required) w/ remote_src, since Ansible 2.6 + + +- name: Splice username and password into /home/{{ nodered_linux_user }}/.node-red/settings.js + blockinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + block: |2 # |n MEANS: Set the block's left edge n CHARACTERS TO THE RIGHT of *this line's* indentation -- where n is {1..9} -- instead of setting its left edge to the 1st non-blank line's indentation below + adminAuth: { + type: "credentials", + users: [{ + username: "{{ nodered_admin_user }}", + password: "{{ nodered_admin_pwd_hash }}", + permissions: "*" + }] + }, + marker: "// {mark} ANSIBLE MANAGED BLOCK" # Surround block with comment lines: "// BEGIN ANSIBLE MANAGED BLOCK", "// END ANSIBLE MANAGED BLOCK" + insertafter: '^module.exports = {$' + #insertbefore: '^}$' + +# 2022-06-09: IF ABOVE SNIPPET ALREADY EXISTS *UNCOMMENTED* IN settings.js, +# THESE WOULD BE NEEDED INSTEAD OF blockinfile: + +# - name: Splice 'username: "{{ nodered_admin_user }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: 'username:' +# line: ' username: "{{ nodered_admin_user }}",' + +# - name: Splice 'password: "{{ nodered_admin_pwd_hash }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: 'password:' +# line: ' password: "{{ nodered_admin_pwd_hash }}",' + + +# 2022-06-09: httpRoot might be going away? Increasingly hidden from +# settings.js which used to say: "property can be used in place of +# 'httpAdminRoot' and 'httpNodeRoot', to apply the same root to both parts." +# +# "httpRoot sets the root url for both admin and node endpoints. +# It overrides the values set by httpAdminRoot and httpNodeRoot" +# https://nodered.org/docs/user-guide/runtime/configuration +# +# - name: Splice "httpRoot: '/{{ nodered_web_path }}'," into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: '^\s*httpRoot:' +# line: " httpRoot: '/{{ nodered_web_path }}'," +# insertafter: '^module.exports = {$' +# #insertbefore: '^}$' + +- name: 'Splice "httpNodeRoot: ''/{{ nodered_web_path }}''," into /home/{{ nodered_linux_user }}/.node-red/settings.js' + lineinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + regexp: '^\s*httpNodeRoot:' + line: " httpNodeRoot: '/{{ nodered_web_path }}'," + insertafter: '^module.exports = {$' + #insertbefore: '^}$' + +- name: 'Splice "httpAdminRoot: ''/{{ nodered_web_path }}''," into /home/{{ nodered_linux_user }}/.node-red/settings.js' + lineinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + regexp: '^\s*httpAdminRoot:' + line: " httpAdminRoot: '/{{ nodered_web_path }}'," + insertafter: '^module.exports = {$' + #insertbefore: '^}$' diff --git a/roles/nodered/templates/nodered.service.j2 b/roles/nodered/templates/nodered.service.j2.unused similarity index 100% rename from roles/nodered/templates/nodered.service.j2 rename to roles/nodered/templates/nodered.service.j2.unused diff --git a/roles/nodered/templates/settings.js.j2 b/roles/nodered/templates/settings.js.j2.unused similarity index 99% rename from roles/nodered/templates/settings.js.j2 rename to roles/nodered/templates/settings.js.j2.unused index 50923671c..c484a4bcb 100644 --- a/roles/nodered/templates/settings.js.j2 +++ b/roles/nodered/templates/settings.js.j2.unused @@ -118,8 +118,8 @@ module.exports = { adminAuth: { type: "credentials", users: [{ - username: "{{ nodered_user }}", - password: "{{ nodered_password_hash }}", + username: "{{ nodered_admin_user }}", + password: "{{ nodered_admin_pwd_hash }}", permissions: "*" }] }, diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 69d6eaf86..bbe5287d9 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -190,11 +190,11 @@ - name: "FreePBX - Populate /etc/asterisk/freepbx_chown.conf to prevent 'fwconsole chown' takeover of /var/lib/php/sessions" # And possibly later /etc/freepbx.conf, /var/log/asterisk/freepbx.log, /var/spool/asterisk/cache blockinfile: - content: | + path: /etc/asterisk/freepbx_chown.conf + block: | [blacklist] directory = /var/lib/php/sessions marker: "; {mark} ANSIBLE MANAGED BLOCK" - dest: /etc/asterisk/freepbx_chown.conf owner: asterisk group: asterisk create: yes diff --git a/roles/sugarizer/tasks/main2.yml b/roles/sugarizer/tasks/main2.yml index 88aa786f8..5a719e233 100644 --- a/roles/sugarizer/tasks/main2.yml +++ b/roles/sugarizer/tasks/main2.yml @@ -3,8 +3,7 @@ when: sugarizer_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: enable-or-disable.yml +- include_tasks: enable-or-disable.yml - name: Add 'sugarizer' variable values to {{ iiab_ini_file }} From f813408f05073c2ecbac0411b0813376def74e0b Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 16:07:18 -0400 Subject: [PATCH 0339/1758] git mv nodered/tasks/group.yml nodered/tasks/settings.yml --- roles/nodered/tasks/settings.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml index ade1b61f8..07b9b4e8b 100644 --- a/roles/nodered/tasks/settings.yml +++ b/roles/nodered/tasks/settings.yml @@ -1,3 +1,5 @@ +# 2022-06-09: This file used to be group.yml + - name: Ensure Linux group '{{ nodered_linux_user }}' exists group: name: "{{ nodered_linux_user }}" From c8e779ab772ec9135062ee3feb835ed5af13d974 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 16:36:22 -0400 Subject: [PATCH 0340/1758] CAUTION Re: blockinfile acting on /home/nodered/.node-red/settings.js --- roles/nodered/tasks/settings.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml index 07b9b4e8b..22b2f33a6 100644 --- a/roles/nodered/tasks/settings.yml +++ b/roles/nodered/tasks/settings.yml @@ -65,8 +65,8 @@ insertafter: '^module.exports = {$' #insertbefore: '^}$' -# 2022-06-09: IF ABOVE SNIPPET ALREADY EXISTS *UNCOMMENTED* IN settings.js, -# THESE WOULD BE NEEDED INSTEAD OF blockinfile: +# 2022-06-09: IF ABOVE SNIPPET ALREADY EXISTS *UNCOMMENTED* IN settings.js +# *WITHOUT* ANSIBLE MARKERS, THESE WOULD BE NEEDED INSTEAD OF blockinfile: # - name: Splice 'username: "{{ nodered_admin_user }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js # lineinfile: From a5d802ae7ff7edcee9550768d2419a3518b96268 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 17:10:51 -0400 Subject: [PATCH 0341/1758] Move to nodered/tasks/apache.yml.unused --- roles/nodered/tasks/{apache.yml => apache.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nodered/tasks/{apache.yml => apache.yml.unused} (100%) diff --git a/roles/nodered/tasks/apache.yml b/roles/nodered/tasks/apache.yml.unused similarity index 100% rename from roles/nodered/tasks/apache.yml rename to roles/nodered/tasks/apache.yml.unused From c095851eb2244719dee2e7067612a258a1ceecb7 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 22:50:21 -0400 Subject: [PATCH 0342/1758] WIP: Softcode 'mongodb_64bit_version: 4.4' --- roles/mongodb/defaults/main.yml | 3 ++ roles/mongodb/tasks/install.yml | 61 +++++++++++++++++++++------------ 2 files changed, 42 insertions(+), 22 deletions(-) diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 1c54103e7..75599850c 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,6 +20,9 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail + # on "pre-2011" CPU's that lack AVX. + mongodb_conf: /etc/mongod.conf mongodb_db_path: "{{ content_base }}/dbdata/mongodb" # /library/dbdata/mongodb mongodb_db_lock_file: "{{ mongodb_db_path }}/mongod.lock" diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index e9ff59322..024e1e438 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -52,6 +52,16 @@ src: mongod.conf.j2 dest: "{{ mongodb_conf }}" # /etc/mongod.conf + - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)' + file: + state: directory + path: "{{ item }}" + owner: mongodb + group: mongodb + with_items: + - /var/lib/mongodb + - /var/log/mongodb + # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") @@ -67,20 +77,20 @@ args: warn: false - - name: Use mongodb-org's Debian repo for Debian on x86_64 (only amd64 support available) + - name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} apt_repository: - # 2020-10-28: http://repo.mongodb.org/apt/debian/dists/ supports only - # {buster 10, stretch 9, jessie 8, wheezy 7} - # so Debian 11 "Bullseye" (testing branch) can revert to buster for now: - repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main + # 2020-10-28 and 2022-06-09: http://repo.mongodb.org/apt/debian/dists/ + # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye + # 11 and Bookworm 12 (testing branch) revert to buster for now: + repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" - - name: Otherwise use mongodb-org's Ubuntu focal repo [ arch=amd64,arm64 ] + - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse state: present filename: mongodb-org when: not (is_debian and ansible_architecture == "x86_64") @@ -128,7 +138,7 @@ - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand lineinfile: path: "{{ mongodb_conf }}" - regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899 + regexp: '^\s*port:' line: " port: {{ mongodb_port }}" # 27017 # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... @@ -137,7 +147,7 @@ # # (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. # For AMD x86_64, MongoDB 5.x requires Bulldozer or later. - # Roughly speaking, this means CPUs with AVX instructions: + # Roughly speaking, this means post-2011 CPUs with AVX instructions: # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 # (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from # /var/lib/mongodb to /library/dbdata/mongodb @@ -152,16 +162,16 @@ # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - name: Run 'apt-mark hold mongodb-org mongodb-org-server' if hardware is Raspberry Pi (any 64-bit OS) so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future command: apt-mark hold mongodb-org mongodb-org-server - when: rpi_model != "none" + when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') - - name: Unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin, if hardware is Raspberry Pi (any 64-bit OS) + - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin unarchive: remote_src: yes src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" dest: /usr/bin - when: rpi_model != "none" + when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') # end block when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" @@ -169,25 +179,32 @@ # 2. CONFIGURE MongoDB FOR IIAB -- name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}' +# - name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}' +# file: +# state: directory +# path: "{{ item }}" +# owner: mongodb +# group: mongodb +# with_items: +# #- { path: '/var/run/mongodb' } +# - /var/lib/mongodb +# - /var/log/mongodb +# - "{{ mongodb_db_path }}" # /library/dbdata/mongodb + +- name: 'Create dir {{ mongodb_db_path }} (mongodb:mongodb)' file: state: directory - path: "{{ item }}" + path: "{{ mongodb_db_path }}" # /library/dbdata/mongodb owner: mongodb group: mongodb - with_items: - #- { path: '/var/run/mongodb' } - - /var/lib/mongodb - - /var/log/mongodb - - "{{ mongodb_db_path }}" # /library/dbdata/mongodb - name: Install mongodb.service, /usr/bin/iiab-mongodb-repair-if-no-lock from templates template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root mode: "{{ item.mode }}" + #owner: root + #group: root with_items: - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' } - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' } From f7d3411df11a64e4a00114ab6051ab28e37fae04 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Jun 2022 23:49:54 -0400 Subject: [PATCH 0343/1758] Fix + Clarify apt signing key, mongodb_64bit_version --- roles/mongodb/defaults/main.yml | 7 +++++-- roles/mongodb/tasks/install.yml | 10 ++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 75599850c..f42149f8e 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,8 +20,11 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail - # on "pre-2011" CPU's that lack AVX. +mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail on +# "pre-2011" CPU's lacking AVX. VERIFY both X.Y versions exist (+ work!) below: +# +# 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com +# 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu mongodb_conf: /etc/mongod.conf mongodb_db_path: "{{ content_base }}/dbdata/mongodb" # /library/dbdata/mongodb diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 024e1e438..930bd6219 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -1,3 +1,8 @@ +# MongoDB Install Docs: +# https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/ +# https://www.mongodb.com/docs/manual/installation/ + + # 1. INSTALL MongoDB PACKAGES AND/OR BINARIES # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so @@ -72,8 +77,9 @@ # installers for a while now.) 64-bit OS's proceed below. - block: - - name: Add mongodb.org signing key (only 64-bit support available) - shell: wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add - + - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - + #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - args: warn: false From a1656ca6e7a7242e8af61aa82d94a5b5e027554d Mon Sep 17 00:00:00 2001 From: root Date: Sat, 11 Jun 2022 11:52:13 -0400 Subject: [PATCH 0344/1758] moodle/tasks/enable-or-disable.yml like other roles --- .../tasks/{nginx.yml => enable-or-disable.yml} | 15 +++++++++++++++ roles/moodle/tasks/main.yml | 18 +----------------- 2 files changed, 16 insertions(+), 17 deletions(-) rename roles/moodle/tasks/{nginx.yml => enable-or-disable.yml} (53%) diff --git a/roles/moodle/tasks/nginx.yml b/roles/moodle/tasks/enable-or-disable.yml similarity index 53% rename from roles/moodle/tasks/nginx.yml rename to roles/moodle/tasks/enable-or-disable.yml index 65a8eef08..687d6db1e 100644 --- a/roles/moodle/tasks/nginx.yml +++ b/roles/moodle/tasks/enable-or-disable.yml @@ -1,3 +1,18 @@ +- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" + set_fact: + postgresql_install: True + postgresql_enabled: True # Revert just below if... + +- name: "Set 'postgresql_enabled: False' if not moodle_enabled" + set_fact: + postgresql_enabled: False + when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled) + +- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) + include_role: + name: postgresql + + - name: Enable http://box/moodle via NGINX, by installing {{ nginx_conf_dir }}/moodle-nginx.conf from template template: src: moodle-nginx.conf.j2 diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 5c4e6bf73..56289248c 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -24,23 +24,7 @@ when: moodle_installed is undefined -- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" - set_fact: - postgresql_install: True - postgresql_enabled: True # Revert just below if... - -- name: "Set 'postgresql_enabled: False' if not moodle_enabled" - set_fact: - postgresql_enabled: False - when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled) - -- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) - include_role: - name: postgresql - - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'moodle' variable values to {{ iiab_ini_file }} From 8260890840031634e79fee32057a149551df8b8b Mon Sep 17 00:00:00 2001 From: root Date: Sat, 11 Jun 2022 13:19:57 -0400 Subject: [PATCH 0345/1758] iiab-diagnostics: 'df -ah' for disk usage detail --- scripts/iiab-diagnostics | 1 + scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 1f51df8b1..b6c834b42 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -198,6 +198,7 @@ cat_cmd 'uname -a' 'Linux kernel' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' cat_cmd 'df -h' 'Disk usage' +cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' cat_cmd 'blkid' 'Mount point details' cat_cmd 'ip addr' 'Network interfaces' diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index f4aef576c..6ba4c8ca2 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 119-243 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 119-244 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 0381225f531db6db3024fdef9ba2f7d760205868 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sun, 12 Jun 2022 06:27:27 -0400 Subject: [PATCH 0346/1758] Fix remaining bugs --- roles/matomo/tasks/install.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index ac3aa0e9c..4cad7236d 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -105,7 +105,7 @@ login: "{{ mdb_username }}" password: "{{ mdb_password }}" password_bis: "{{ mdb_password }}" - e-mail: "nobody@dev.null" + email: "nobody@dev.null" subscribe_newsletter_piwikorg: 0 subscribe_newsletter_professionalservices: 0 body_format: form-urlencoded @@ -118,7 +118,7 @@ headers: Cookie: "{{ matomo_session_cookie }}" body: - name: "IIAB" + siteName: "IIAB" url: "{{ host_url }}" timezone: "Europe/London" ecommerce: 0 @@ -161,11 +161,3 @@ job: "{{ matomo_cronjob }}" user: root cron_file: "matomo_daily" -- name: Set Matomo state variable - set_fact: - matomo_installed: True -- name: Set Matomo state variable in IIAB state file - lineinfile: - path: "{{ iiab_state_file }}" - regexp: '^matomo_installed' - line: 'matomo_installed: True' From 7c43cddedc3d58a1078c799f783e7e881153b82c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Jun 2022 23:41:56 -0400 Subject: [PATCH 0347/1758] pbx/tasks/freepbx.yml: Remove gratuitous 'state: present' from mysql_user, myqsl_db --- roles/pbx/tasks/freepbx.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index bbe5287d9..1fa9c98cc 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -151,7 +151,6 @@ # login_user: root # login_password: "{{ mysql_root_password }}" host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}" - state: present - name: FreePBX - Add MySQL db ({{ asterisk_db_dbname }}) mysql_db: @@ -161,7 +160,6 @@ login_host: "{{ asterisk_db_host }}" login_user: "{{ asterisk_db_user }}" login_password: "{{ asterisk_db_password }}" - state: present - name: FreePBX - Add CDR MySQL db ({{ asterisk_db_cdrdbname }}) mysql_db: @@ -171,7 +169,6 @@ login_host: "{{ asterisk_db_host }}" login_user: "{{ asterisk_db_user }}" login_password: "{{ asterisk_db_password }}" - state: present # 2021-08-16: DOES NGINX NEED THE NEXT 2 STANZAS? (If not, should 'when: pbx_use_apache' be added?) From 4e04780ec568e82483abde3377442f746b8c6fba Mon Sep 17 00:00:00 2001 From: root Date: Wed, 15 Jun 2022 02:40:28 -0400 Subject: [PATCH 0348/1758] Matomo-IIAB integration begins --- roles/0-init/tasks/validate_vars.yml | 3 +- roles/8-mgmt-tools/tasks/main.yml | 4 +- roles/matomo/README.adoc | 48 ++++++++++ roles/matomo/defaults/main.yml | 18 ++++ roles/matomo/tasks/install.yml | 128 +++++++++++++++++---------- roles/matomo/tasks/main.yml | 52 +++++++++-- vars/default_vars.yml | 4 + vars/local_vars_large.yml | 4 + vars/local_vars_medium.yml | 4 + vars/local_vars_small.yml | 4 + vars/local_vars_unittest.yml | 4 + 11 files changed, 214 insertions(+), 59 deletions(-) create mode 100644 roles/matomo/README.adoc create mode 100644 roles/matomo/defaults/main.yml diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f29525daf..764d39f31 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -95,6 +95,7 @@ - gitea - jupyterhub - lokole + - matomo - mediawiki - mosquitto - nodejs # Dependency - excluded from _installed check below diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index d9ea58dc1..61ac785ad 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -12,12 +12,12 @@ include_role: name: awstats when: awstats_install - + - name: MATOMO include_role: name: matomo when: matomo_install - + - name: MONIT include_role: name: monit diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc new file mode 100644 index 000000000..fa4f2e980 --- /dev/null +++ b/roles/matomo/README.adoc @@ -0,0 +1,48 @@ += Matomo README + +https://matomo.org/[Matomo] is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership, that you can use with https://internet-in-a-box.org[Internet-in-a-Box] (IIAB). + +== Install it + +Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] + +One way to do that is by changing these 2 lines: + +---- +iiab_hostname: box +iiab_domain: lan +---- + +Or, you can change the Matomo URL by putting your IIAB IP Address in a line like: + +---- +matomo_host_url: http://192.168.0.199 +---- + +Either way, consider setting a Matomo username and password using lines like: + +---- +matomo_db_user: Admin +matomo_db_pass: changeme +---- + +Also ensure that your `/etc/iiab/local_vars.yml` contains these lines: + +---- +matomo_install: True +matomo_enabled: True +---- + +_Finally, continue to https://download.iiab.io[install IIAB], e.g. by running `sudo iiab`, until software installation is complete._ + +== Use it + +Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged above. + +Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ + +WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) + +== Credits + +Carl Wivagg diff --git a/roles/matomo/defaults/main.yml b/roles/matomo/defaults/main.yml new file mode 100644 index 000000000..1ec6c8500 --- /dev/null +++ b/roles/matomo/defaults/main.yml @@ -0,0 +1,18 @@ +# matomo_install: True +# matomo_enabled: True + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! + +matomo_dl_url: https://builds.matomo.org/matomo.tar.gz +matomo_path: "{{ doc_root }}" # e.g. /library/www/html + +matomo_db_name: matomodb +matomo_db_user: Admin +matomo_db_pass: changeme + +#matomo_host_url: http://{{ ansible_default_ipv4.address }} +matomo_host_url: http://{{ iiab_hostname }}.{{ iiab_domain }} # e.g. http://box.lan +matomo_full_url: "{{ matomo_host_url }}/matomo/" + +matomo_cronjob: "sudo python3 {{ matomo_path }}/matomo/misc/log-analytics/import_logs.py --url={{ matomo_full_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log" diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 4cad7236d..a36e1d3ec 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -1,44 +1,57 @@ # The sections of code interacting with the Matomo website are modified from code found at https://git.coop/webarch/matomo/. This code is distributed under # Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running -# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 29 through 126. +# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156. + +- name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/html/matomo already exists" + meta: noop + +# EXAMPLE OF ABOVE ERROR: + +# TASK [matomo : HTTP Get Welcome] *************************************************************************************************************************************** +# fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} - name: Start MariaDB - action: service name=mysql state=started + #action: service name=mysql state=started + systemd: + name: "{{ mysql_service }}" + state: started + - name: Create MariaDB Database for Matomo community.mysql.mysql_db: - name: "{{ mdb_dbname }}" - state: present - login_unix_socket: /var/run/mysqld/mysqld.sock + name: "{{ matomo_db_name }}" + #login_unix_socket: /var/run/mysqld/mysqld.sock + - name: Add Admin User to MariaDB Database community.mysql.mysql_user: - name: "{{ mdb_username }}" - password: "{{ mdb_password }}" - host: localhost - state: present - update_password: on_create - priv: "{{ mdb_dbname }}.*:ALL" - login_unix_socket: /var/run/mysqld/mysqld.sock -- name: Download and Extract Matomo + name: "{{ matomo_db_user }}" + password: "{{ matomo_db_pass }}" + update_password: on_create # OR SHOULD './runrole --reinstall matomo' FORCE A COMPLETELY CLEAN INSTALL? + priv: "{{ matomo_db_name }}.*:ALL" + #login_unix_socket: /var/run/mysqld/mysqld.sock + +- name: Download and Extract Matomo (~1 min) unarchive: - src: https://builds.matomo.org/matomo.zip - dest: "{{ nginx_loc }}" + src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.zip + dest: "{{ matomo_path }}" # e.g. /library/www/html remote_src: yes + - name: Set Matomo Directory Permissions file: - path: "{{ nginx_loc }}/matomo" + path: "{{ matomo_path }}/matomo" recurse: yes - owner: www-data - group: www-data + owner: "{{ apache_user }}" # e.g. www-data + group: "{{ apache_user }}" + - name: HTTP Get Welcome uri: - url: "{{ matomo_url }}index.php?action=welcome" + url: "{{ matomo_full_url }}index.php?action=welcome" # e.g. http://box.lan/matomo method: GET status_code: 200 register: matomo_welcome -- name: debug welcome - debug: + +- debug: var: matomo_welcome - verbosity: 2 + - name: Set a variable for the MATOMO_SESSID cookie set_fact: matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" @@ -46,9 +59,10 @@ loop: "{{ matomo_welcome.cookies | dict2items }}" loop_control: loop_var: cookie + - name: Get Matomo System Check uri: - url: "{{matomo_url}}index.php?action=systemCheck" + url: "{{ matomo_full_url }}index.php?action=systemCheck" method: GET headers: Cookie: "{{ matomo_session_cookie }}" @@ -56,31 +70,33 @@ timeout: 120 status_code: 200 register: matomo_system_check -- name: debug syscheck - debug: + +- debug: var: matomo_system_check - verbosity: 2 + - name: Matomo Database Setup uri: - url: "{{ matomo_url }}index.php?action=databaseSetup" + url: "{{ matomo_full_url }}index.php?action=databaseSetup" method: POST headers: Cookie: "{{ matomo_session_cookie }}" body: - username: "{{ mdb_username }}" - password: "{{ mdb_password }}" - dbname: "{{ mdb_dbname }}" + username: "{{ matomo_db_user }}" + password: "{{ matomo_db_pass }}" + dbname: "{{ matomo_db_name }}" tables_prefix: "matomo_" adapter: "PDO\\MYSQL" body_format: form-urlencoded status_code: 302 - register: matomo_database_setup + #register: matomo_database_setup + - name: Matomo Table Creation uri: - url: "{{ matomo_url }}index.php?action=tablesCreation&module=Installation" + url: "{{ matomo_full_url }}index.php?action=tablesCreation&module=Installation" method: GET status_code: 200 register: matomo_table_creation + - name: Set a variable for the MATOMO_SESSID cookie set_fact: matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" @@ -91,52 +107,55 @@ loop: "{{ matomo_table_creation.cookies | dict2items }}" loop_control: loop_var: cookie -- name: debug tablecreation - debug: + +- debug: var: matomo_table_creation - verbosity: 2 + - name: Matomo User Setup uri: - url: "{{ matomo_url }}index.php?action=setupSuperUser&module=Installation" + url: "{{ matomo_full_url }}index.php?action=setupSuperUser&module=Installation" method: POST headers: Cookie: "{{ matomo_session_cookie }}" body: - login: "{{ mdb_username }}" - password: "{{ mdb_password }}" - password_bis: "{{ mdb_password }}" + login: "{{ matomo_db_user }}" + password: "{{ matomo_db_pass }}" + password_bis: "{{ matomo_db_pass }}" email: "nobody@dev.null" subscribe_newsletter_piwikorg: 0 subscribe_newsletter_professionalservices: 0 body_format: form-urlencoded status_code: 302 - register: matomo_setup_superuser + #register: matomo_setup_superuser + - name: Configure Matomo to track IIAB uri: - url: "{{ matomo_url }}index.php?action=firstWebsiteSetup&module=Installation" + url: "{{ matomo_full_url }}index.php?action=firstWebsiteSetup&module=Installation" method: POST headers: Cookie: "{{ matomo_session_cookie }}" body: siteName: "IIAB" - url: "{{ host_url }}" - timezone: "Europe/London" + url: "{{ matomo_host_url }}" + timezone: "Europe/London" # CONSIDER IIAB'S OWN TIMEZONE? (Or if that's too hard, UTC to avoid UK's March + October time changes?) ecommerce: 0 body_format: form-urlencoded status_code: 302 - register: matomo_first_website_setup + #register: matomo_first_website_setup + - name: Matomo Tracking Code uri: - url: "{{ matomo_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name={{ host_url }}" + url: "{{ matomo_full_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name={{ matomo_host_url }}" method: GET headers: Cookie: "{{ matomo_session_cookie }}" return_content: true status_code: 200 - register: matomo_tracking_code + #register: matomo_tracking_code + - name: Finish Matomo Setup uri: - url: "{{ matomo_url }}index.php?action=finished&module=Installation" + url: "{{ matomo_full_url }}index.php?action=finished&module=Installation" method: POST headers: Cookie: "{{ matomo_session_cookie }}" @@ -146,6 +165,7 @@ submit: "Continue to Matomo" body_format: form-urlencoded status_code: 302 + - name: Start Collecting Matomo Data cron: name: "MatomoDataIngestionOnReboot" @@ -153,6 +173,7 @@ job: "{{ matomo_cronjob }}" user: root cron_file: "matomo_reboot" + - name: Run Daily Job Collecting Matomo Data cron: name: "DailyMatomoDataIngestion" @@ -161,3 +182,16 @@ job: "{{ matomo_cronjob }}" user: root cron_file: "matomo_daily" + + +# RECORD Matomo AS INSTALLED + +- name: "Set 'matomo_installed: True'" + set_fact: + matomo_installed: True + +- name: "Add 'matomo_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^matomo_installed' + line: 'matomo_installed: True' diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 799b171cf..1c08e3fac 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -1,11 +1,45 @@ -- name: Install Matomo main +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 + +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "matomo_install is sameas true" (boolean not string etc) + assert: + that: matomo_install is sameas true + fail_msg: "PLEASE SET 'matomo_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "matomo_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: matomo_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'matomo_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: matomo_installed is undefined - vars: - nginx_loc: "/library/www/html" - mdb_dbname: "matomodb" - mdb_username: "iiab-admin" - mdb_password: "g0adm1n" - host_url: "http://{{ ansible_default_ipv4.address}}" - matomo_url: "{{ host_url }}/matomo/" - matomo_cronjob: "sudo python3 /library/www/html/matomo/misc/log-analytics/import_logs.py --url={{ matomo_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log" + + +# LET'S ADD THIS "ON/OFF SWITCH" IF POSS! +# - include_tasks: enable-or-disable.yml + + +- name: Add 'matomo' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: matomo + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Matomo + - option: description + value: '"Matomo is a web analytics alternative to Google Analytics, that focuses on data ownership and privacy."' + - option: matomo_install + value: "{{ matomo_install }}" + - option: matomo_enabled + value: "{{ matomo_enabled }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 17b614453..77f5b5d6c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -567,6 +567,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c5cda1688..dca172e6f 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -343,6 +343,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 0958e1470..f7a3a8642 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -343,6 +343,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index dc2e25bcb..423c2bc53 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -343,6 +343,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 14e90b185..24ae7074d 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -343,6 +343,10 @@ transmission_kalite_languages: awstats_install: False awstats_enabled: False +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: False +matomo_enabled: False + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False From 698e261220d99e6124f70c70abca8f011a0d488a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Jun 2022 03:19:36 -0400 Subject: [PATCH 0349/1758] validate_vars.yml: Preserve install order (awstats, matomo) --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 764d39f31..2a972370d 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -95,7 +95,6 @@ - gitea - jupyterhub - lokole - - matomo - mediawiki - mosquitto - nodejs # Dependency - excluded from _installed check below @@ -112,6 +111,7 @@ - osm_vector_maps - transmission - awstats + - matomo - monit - munin - phpmyadmin From 4074a75c0fcf3ed964676bb069ffade7f10f7ccb Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Jun 2022 04:01:58 -0400 Subject: [PATCH 0350/1758] install.yml: Mention matomo.tar.gz (download) --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index a36e1d3ec..becdbd5d7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -31,7 +31,7 @@ - name: Download and Extract Matomo (~1 min) unarchive: - src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.zip + src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz dest: "{{ matomo_path }}" # e.g. /library/www/html remote_src: yes From d4154e09a5721e31b0a241e442e452f44f031327 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Jun 2022 09:07:14 -0400 Subject: [PATCH 0351/1758] matomo/tasks/main.yml: Update description for iiab.ini --- roles/matomo/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 1c08e3fac..fa30b573f 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -38,7 +38,7 @@ - option: name value: Matomo - option: description - value: '"Matomo is a web analytics alternative to Google Analytics, that focuses on data ownership and privacy."' + value: '"Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership."' - option: matomo_install value: "{{ matomo_install }}" - option: matomo_enabled From c52b3a11342247fa6749cbac6ad974305e45c146 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Wed, 15 Jun 2022 09:58:40 -0400 Subject: [PATCH 0352/1758] add latest flavor of the month --- vars/local_vars_none.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 86401c167..871068689 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -8,4 +8,6 @@ kiwix_enabled: False osm_vector_maps_install: False awstats_install: False awstats_enabled: False +matomo_install: False +matomo_enabled: False captiveportal_install: False From 5cfebd8cc6b7849b0c0f245dc84b65878b69b8ae Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 16 Jun 2022 13:49:50 -0400 Subject: [PATCH 0353/1758] on usb mount no symlink if rootfs or /library on device --- roles/usb_lib/templates/mount.d/70-usb-library | 18 +++++++++++++++--- .../usb_lib/templates/umount.d/70-usb-library | 4 ++-- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library b/roles/usb_lib/templates/mount.d/70-usb-library index 11358220d..5b9cfefe8 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library +++ b/roles/usb_lib/templates/mount.d/70-usb-library @@ -12,7 +12,7 @@ source {{ iiab_env_file }} case $IIAB_USB_LIB_SHOW_ALL in 'True'|'true'|'TRUE') - logger -p user.notice -t "70-usb-library" -- "Displaying root directory on $UM_MOUNTPOINT." + logger -p user.notice -t "70-usb-library" -- "Display entire USB drive is True. Checking for rootfs or /library on $UM_MOUNTPOINT." # regularize the variable IIAB_USB_LIB_SHOW_ALL=True ;; @@ -41,8 +41,20 @@ fi if [ -d $UM_MOUNTPOINT/usb ]; then SHARE_DIR="$UM_MOUNTPOINT/usb" fi + if [ "$IIAB_USB_LIB_SHOW_ALL" == "True" ]; then - SHARE_DIR="$UM_MOUNTPOINT" + UM_DEV=`findmnt $UM_MOUNTPOINT | grep / | awk '{print $2}'` + LIB_DEV=`findmnt /library | grep / | awk '{print $2}' |awk -F '[' '{print $1}'` + ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` + if [ "$UM_DEV" == "$LIB_DEV" ]; then + logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing /library" + #echo "lib on dev" + elif [ "$UM_DEV" == "$ROOT_DEV" ]; then + logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing rootfs" + #echo "rootfs on dev" + else + SHARE_DIR="$UM_MOUNTPOINT" + fi fi if [ ! -z "$SHARE_DIR" ]; then @@ -50,7 +62,7 @@ if [ ! -z "$SHARE_DIR" ]; then else logger -p user.notice -t "70-usb-library" -- "did not find /share, /Share, /Piratebox/Share, /USB, or /usb on USB" fi - + if [ "$SHARE_DIR" != "" ];then CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` diff --git a/roles/usb_lib/templates/umount.d/70-usb-library b/roles/usb_lib/templates/umount.d/70-usb-library index 7803b880f..5af914c01 100644 --- a/roles/usb_lib/templates/umount.d/70-usb-library +++ b/roles/usb_lib/templates/umount.d/70-usb-library @@ -16,9 +16,9 @@ logger -p user.notice -t "70-usb-library" -- "Attempting to remove link $CONTENT if [ -L $CONTENT_LINK ]; then {% if is_debuntu %} - /bin/rm $CONTENT_LINK + /bin/rm -f $CONTENT_LINK {% else %} - /usr/bin/rm $CONTENT_LINK + /usr/bin/rm -f $CONTENT_LINK {% endif %} logger -p user.notice -t "70-usb-library" -- "$CONTENT_LINK removed." fi From 645a3e20db30ab88aad6d99b6ceb3c54ef2f487d Mon Sep 17 00:00:00 2001 From: root Date: Fri, 17 Jun 2022 10:53:44 -0400 Subject: [PATCH 0354/1758] Prototype 'skip_role_on_error: True' in 4 roles {lokole, moodle, mongodb, sugarizer} --- roles/7-edu-apps/tasks/main.yml | 4 +- roles/lokole/tasks/main.yml | 95 ++++++++++++++++++--------------- roles/mongodb/tasks/main.yml | 52 ++++++++++-------- roles/moodle/tasks/main.yml | 49 +++++++++-------- roles/sugarizer/tasks/main.yml | 68 +++++++++++++---------- vars/default_vars.yml | 2 + 6 files changed, 155 insertions(+), 115 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index b7dd56855..f4bdae83b 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: moodle_install # and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: OSM-VECTOR-MAPS include_role: @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: sugarizer_install # and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index 75cc0cc53..45d47d129 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -19,53 +19,62 @@ quiet: yes -- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: lokole_installed is undefined +- block: + + - name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: lokole_installed is undefined -- name: Do a 'systemctl daemon-reload' - systemd: - daemon_reload: yes - when: lokole_enabled + - name: Do a 'systemctl daemon-reload' + systemd: + daemon_reload: yes + when: lokole_enabled -- name: Enable & Restart supervisor systemd service, if lokole_enabled - systemd: - name: supervisor - enabled: yes - state: restarted - when: lokole_enabled + - name: Enable & Restart supervisor systemd service, if lokole_enabled + systemd: + name: supervisor + enabled: yes + state: restarted + when: lokole_enabled -- name: Disable & Stop supervisor systemd service, if not lokole_enabled - systemd: - name: supervisor - enabled: no - state: stopped - when: not lokole_enabled + - name: Disable & Stop supervisor systemd service, if not lokole_enabled + systemd: + name: supervisor + enabled: no + state: stopped + when: not lokole_enabled -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml -- name: Add 'lokole' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: lokole - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Lokole - - option: description - value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."' - #value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."' - - option: lokole_install - value: "{{ lokole_install }}" - - option: lokole_enabled - value: "{{ lokole_enabled }}" - - option: lokole_settings - value: "{{ lokole_settings }}" - - option: lokole_url - value: "{{ lokole_url }}" - - option: lokole_full_url - value: "{{ lokole_full_url }}" + - name: Add 'lokole' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: lokole + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Lokole + - option: description + value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."' + #value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."' + - option: lokole_install + value: "{{ lokole_install }}" + - option: lokole_enabled + value: "{{ lokole_enabled }}" + - option: lokole_settings + value: "{{ lokole_settings }}" + - option: lokole_url + value: "{{ lokole_url }}" + - option: lokole_full_url + value: "{{ lokole_full_url }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index b728aac82..f2ce63d49 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -44,29 +44,37 @@ # ELSE... -- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mongodb_installed is undefined - # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) +- block: -- name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) - include_tasks: enable-or-disable.yml - when: mongodb_installed is defined + - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mongodb_installed is undefined + # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) + - name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) + include_tasks: enable-or-disable.yml + when: mongodb_installed is defined -- name: Add 'mongodb' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mongodb - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: MongoDB - - option: description - value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' - - option: mongodb_install - value: "{{ mongodb_install }}" - - option: mongodb_enabled - value: "{{ mongodb_enabled }}" + - name: Add 'mongodb' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mongodb + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: MongoDB + - option: description + value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' + - option: mongodb_install + value: "{{ mongodb_install }}" + - option: mongodb_enabled + value: "{{ mongodb_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 56289248c..aeb40556f 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -19,28 +19,35 @@ quiet: yes -- name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: moodle_installed is undefined +- block: + - name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: moodle_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'moodle' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: moodle + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Moodle + - option: description + value: '"Access the Moodle learning management system."' + - option: moodle_install + value: "{{ moodle_install }}" + - option: moodle_enabled + value: "{{ moodle_enabled }}" + - option: moodle_base + value: "{{ moodle_base }}" -- name: Add 'moodle' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: moodle - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Moodle - - option: description - value: '"Access the Moodle learning management system."' - - option: moodle_install - value: "{{ moodle_install }}" - - option: moodle_enabled - value: "{{ moodle_enabled }}" - - option: moodle_base - value: "{{ moodle_base }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index e1e6b825b..d0c2ac55a 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -19,39 +19,53 @@ quiet: yes -# 3 stanzas moved up from install.yml, so Debian-or-any-OS-where-MongoDB-fails -# still finish their "LARGE-sized" IIAB install: (WITH LOUD RED WARNINGS!) +- block: -- name: "Set 'mongodb_install: True'" - set_fact: - mongodb_install: True + # 3 stanzas moved up from install.yml, so Debian-or-any-OS-where-MongoDB-fails + # still finish their "LARGE-sized" IIAB install: (WITH LOUD RED WARNINGS!) -- name: 'CAUTION: IF ''mongodb.service'' IS STOPPED FOR ANY REASON, IT WILL IMMEDIATELY CAUSE SUGARIZER TO FAIL ("502 Bad Gateway") !' - debug: - msg: "/etc/systemd/system/sugarizer.service Line 4 'Requires=mongodb.service' tries to auto-start MongoDB every time Sugarizer starts. IIAB (roles/mongodb/tasks/enable-or-disable.yml) tries its best to keep Ansible var 'mongodb_enabled' in sync with its systemd equivalent, i.e. the output of 'systemctl is-enabled mongodb' (as of 2020-10-29 both are typically disabled, unless other apps/services/operators choose to use MongoDB)." + - name: "Set 'mongodb_install: True'" + set_fact: + mongodb_install: True -- name: MONGODB - run 'mongodb' role (attempt to install MongoDB) - include_role: - name: mongodb + - name: 'CAUTION: IF ''mongodb.service'' IS STOPPED FOR ANY REASON, IT WILL IMMEDIATELY CAUSE SUGARIZER TO FAIL ("502 Bad Gateway") !' + debug: + msg: "/etc/systemd/system/sugarizer.service Line 4 'Requires=mongodb.service' tries to auto-start MongoDB every time Sugarizer starts. IIAB (roles/mongodb/tasks/enable-or-disable.yml) tries its best to keep Ansible var 'mongodb_enabled' in sync with its systemd equivalent, i.e. the output of 'systemctl is-enabled mongodb' (as of 2020-10-29 both are typically disabled, unless other apps/services/operators choose to use MongoDB)." + + - name: MONGODB - run 'mongodb' role (attempt to install MongoDB) + include_role: + name: mongodb -- name: EXIT 'sugarizer' ROLE & CONTINUE, IF 'mongodb_installed is undefined' - fail: # FORCE IT RED THIS ONCE! - msg: MongoDB INSTALLATION FAILED, perhaps because your OS is Debian 10 on aarch64? Nevertheless IIAB will continue (consider this a warning!) - when: mongodb_installed is undefined - ignore_errors: yes + # - name: EXIT 'sugarizer' ROLE & CONTINUE, IF 'mongodb_installed is undefined' + # fail: # FORCE IT RED THIS ONCE! + # msg: MongoDB INSTALLATION FAILED, perhaps because MongoDB doesn't yet support Ubuntu 22.04 with libssl3? Nevertheless IIAB will continue (consider this a warning!) + # when: mongodb_installed is undefined + # ignore_errors: yes # RESCUE (BELOW) NOW HANDLES THIS -# ELSE... + - name: Verify that mongodb_installed is defined + fail: + msg: MongoDB INSTALLATION FAILED, perhaps because MongoDB doesn't yet support Ubuntu 22.04 with libssl3? #3190 + when: mongodb_installed is undefined -- name: Install/Enable/Disable/Record Sugarizer (main2.yml) IF 'mongodb_installed is defined' - include_tasks: main2.yml - when: mongodb_installed is defined + # ELSE... -# THE block: APPROACH BELOW WORKS JUST LIKE main2.yml ABOVE. -# BUT IT VISUALLY POLLUTES: MANY BLUE "skipping:" MESSAGES IN ANSIBLE'S OUTPUT. + - name: Install/Enable/Disable/Record Sugarizer (main2.yml) IF 'mongodb_installed is defined' + include_tasks: main2.yml + when: mongodb_installed is defined -# - block: # ENTIRE BLOCK CONDITIONED ON 'when: mongodb_installed is defined' -# -# [MOVED TO main2.yml] -# -# when: mongodb_installed is defined # CONDITION FOR ENTIRE ABOVE block: + # THE block: APPROACH BELOW WORKS JUST LIKE main2.yml ABOVE. + # BUT IT VISUALLY POLLUTES: MANY BLUE "skipping:" MESSAGES IN ANSIBLE'S OUTPUT. + + # - block: # ENTIRE BLOCK CONDITIONED ON 'when: mongodb_installed is defined' + # + # [MOVED TO main2.yml] + # + # when: mongodb_installed is defined # CONDITION FOR ENTIRE ABOVE block: + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 17b614453..22d000eac 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,6 +16,8 @@ iiab_base_ver: 8.0 iiab_revision: 0 +skip_role_on_error: False + iiab_etc_path: /etc/iiab # Main configuration file From 0871592ed61704f9cb95048bd6ebf8760ebdf6be Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jun 2022 21:58:22 -0400 Subject: [PATCH 0355/1758] 6-generic-apps: Mark AzuraCast & Lokole as unmaintained (for now) --- roles/6-generic-apps/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index f241095f6..fca8899e6 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -3,6 +3,7 @@ - name: ...IS BEGINNING ==================================== meta: noop +# UNMAINTAINED - name: AZURACAST include_role: name: azuracast @@ -36,6 +37,7 @@ name: jupyterhub when: jupyterhub_install +# UNMAINTAINED - name: LOKOLE include_role: name: lokole From 18577c19e9bf75da9f8b6fca182bd083870dccca Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jun 2022 22:00:25 -0400 Subject: [PATCH 0356/1758] 6-generic-apps: "when: lokole_install is defined and..." --- roles/6-generic-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index fca8899e6..1c36cb5d3 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -41,7 +41,7 @@ - name: LOKOLE include_role: name: lokole - when: lokole_install + when: lokole_install is defined and lokole_install - name: MEDIAWIKI include_role: From bacef12a1f52776493be295d1a00b7cc52f71ba5 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jun 2022 13:23:42 +0000 Subject: [PATCH 0357/1758] update Matomo timezone to autodetect --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index becdbd5d7..ede730dbc 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -137,7 +137,7 @@ body: siteName: "IIAB" url: "{{ matomo_host_url }}" - timezone: "Europe/London" # CONSIDER IIAB'S OWN TIMEZONE? (Or if that's too hard, UTC to avoid UK's March + October time changes?) + timezone: "{{ ansible_date_time.tz }}" ecommerce: 0 body_format: form-urlencoded status_code: 302 From c431400a7fff40080d6d351bc56686e81964d062 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sat, 18 Jun 2022 13:43:43 -0400 Subject: [PATCH 0358/1758] first try at moving matomo to doc base --- roles/matomo/defaults/main.yml | 2 +- roles/matomo/tasks/install.yml | 4 ++-- roles/matomo/tasks/main.yml | 4 ++++ roles/matomo/tasks/nginx.yml | 16 ++++++++++++++++ roles/matomo/templates/matomo-nginx.conf.j2 | 17 +++++++++++++++++ 5 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 roles/matomo/tasks/nginx.yml create mode 100644 roles/matomo/templates/matomo-nginx.conf.j2 diff --git a/roles/matomo/defaults/main.yml b/roles/matomo/defaults/main.yml index 1ec6c8500..cf332c0e1 100644 --- a/roles/matomo/defaults/main.yml +++ b/roles/matomo/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! matomo_dl_url: https://builds.matomo.org/matomo.tar.gz -matomo_path: "{{ doc_root }}" # e.g. /library/www/html +matomo_path: "{{ doc_base }}" # e.g. /library/www matomo_db_name: matomodb matomo_db_user: Admin diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index ede730dbc..3e41602e2 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -2,7 +2,7 @@ # Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running # from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156. -- name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/html/matomo already exists" +- name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/matomo already exists" meta: noop # EXAMPLE OF ABOVE ERROR: @@ -32,7 +32,7 @@ - name: Download and Extract Matomo (~1 min) unarchive: src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz - dest: "{{ matomo_path }}" # e.g. /library/www/html + dest: "{{ matomo_path }}" # e.g. /library/www remote_src: yes - name: Set Matomo Directory Permissions diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index fa30b573f..eb19c533a 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -24,6 +24,10 @@ when: matomo_installed is undefined +- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml + + # LET'S ADD THIS "ON/OFF SWITCH" IF POSS! # - include_tasks: enable-or-disable.yml diff --git a/roles/matomo/tasks/nginx.yml b/roles/matomo/tasks/nginx.yml new file mode 100644 index 000000000..8d432ee8c --- /dev/null +++ b/roles/matomo/tasks/nginx.yml @@ -0,0 +1,16 @@ +- name: Enable http://box/maps & http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template + template: + src: matomo-nginx.conf.j2 + dest: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d + when: matomo_enabled + +- name: Disable http://box/maps & http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf + file: + path: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d + state: absent + when: not matomo_enabled + +- name: Reload 'nginx' systemd service + systemd: + name: nginx + state: reloaded diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 new file mode 100644 index 000000000..21ae9ddfa --- /dev/null +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -0,0 +1,17 @@ +location ~ ^/matomo(.*)\.php(.*)$ { + alias /library/www/matomo$1.php$2; # /library/www/matomo + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.html; + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param PATH_INFO $2; +} + +location ~ ^/matomo/ { + root /library/www; +} From a91b56169c9c318bef0f706ace7d39e4cc03cbcb Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Sat, 18 Jun 2022 13:53:10 -0400 Subject: [PATCH 0359/1758] Add Matomo to nginx before install so web install works --- roles/matomo/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index eb19c533a..7453b4821 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -19,15 +19,15 @@ quiet: yes +- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml + + - name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: matomo_installed is undefined -- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled - include_tasks: nginx.yml - - # LET'S ADD THIS "ON/OFF SWITCH" IF POSS! # - include_tasks: enable-or-disable.yml From 8749e66a0b1af141d9af2e4248c7c3838f94eeeb Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jun 2022 13:55:05 -0400 Subject: [PATCH 0360/1758] Support skip_role_on_error in 23+2 more roles (Stages 6-9) --- roles/awstats/tasks/main.yml | 47 ++++++---- roles/calibre-web/tasks/main.yml | 73 +++++++------- roles/calibre/tasks/enable-or-disable.yml | 29 ++++++ roles/calibre/tasks/main.yml | 86 ++++++----------- roles/captiveportal/tasks/main.yml | 46 +++++---- .../{nginx.yml => enable-or-disable.yml} | 16 ++++ roles/gitea/tasks/main.yml | 67 ++++++------- .../{nginx.yml => enable-or-disable.yml} | 16 ++++ roles/internetarchive/tasks/main.yml | 94 ++++++++----------- roles/jupyterhub/tasks/main.yml | 45 +++++---- roles/kalite/tasks/enable-or-disable.yml | 14 +++ roles/kalite/tasks/main.yml | 64 ++++++------- roles/kiwix/tasks/main.yml | 69 ++++++++------ roles/kolibri/tasks/main.yml | 67 +++++++------ roles/mediawiki/tasks/main.yml | 71 +++++++------- roles/minetest/tasks/main.yml | 57 ++++++----- roles/mongodb/tasks/enable-or-disable.yml | 1 + roles/mongodb/tasks/main.yml | 3 +- roles/monit/tasks/main.yml | 77 ++++++++------- roles/mosquitto/tasks/main.yml | 45 +++++---- .../{nginx.yml => enable-or-disable.yml} | 16 ++++ roles/munin/tasks/main.yml | 59 +++++------- roles/nextcloud/tasks/main.yml | 67 +++++++------ roles/nodejs/tasks/main.yml | 44 +++++---- roles/nodered/tasks/main.yml | 45 +++++---- roles/osm-vector-maps/tasks/main.yml | 50 +++++----- roles/pbx/tasks/main.yml | 53 ++++++----- roles/phpmyadmin/tasks/main.yml | 51 +++++----- roles/postgresql/tasks/enable-or-disable.yml | 14 +++ roles/postgresql/tasks/main.yml | 56 +++++------ roles/transmission/tasks/main.yml | 91 +++++++++--------- roles/vnstat/tasks/main.yml | 45 +++++---- roles/wordpress/tasks/main.yml | 79 +++++++++------- 33 files changed, 914 insertions(+), 743 deletions(-) create mode 100644 roles/calibre/tasks/enable-or-disable.yml rename roles/gitea/tasks/{nginx.yml => enable-or-disable.yml} (61%) rename roles/internetarchive/tasks/{nginx.yml => enable-or-disable.yml} (62%) create mode 100644 roles/kalite/tasks/enable-or-disable.yml rename roles/munin/tasks/{nginx.yml => enable-or-disable.yml} (64%) create mode 100644 roles/postgresql/tasks/enable-or-disable.yml diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index 79615d71a..47ae7b247 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -19,27 +19,34 @@ quiet: yes -- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: awstats_installed is undefined +- block: + - name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: awstats_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml + - name: Add 'awstats' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: awstats + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: AWStats + - option: description + value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' + - option: awstats_install + value: "{{ awstats_install }}" + - option: awstats_enabled + value: "{{ awstats_enabled }}" -- name: Add 'awstats' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: awstats - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: AWStats - - option: description - value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' - - option: awstats_install - value: "{{ awstats_install }}" - - option: awstats_enabled - value: "{{ awstats_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 9d6e53333..cc0e89850 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -19,40 +19,47 @@ quiet: yes -- name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: calibreweb_installed is undefined +- block: + - name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: calibreweb_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'calibre-web' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre-web + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Calibre-Web + - option: description + value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."' + - option: calibreweb_install + value: "{{ calibreweb_install }}" + - option: calibreweb_enabled + value: "{{ calibreweb_enabled }}" + - option: calibreweb_url1 + value: "{{ calibreweb_url1 }}" + - option: calibreweb_url2 + value: "{{ calibreweb_url2 }}" + - option: calibreweb_url3 + value: "{{ calibreweb_url3 }}" + - option: calibreweb_path + value: "{{ calibreweb_venv_path }}" + - option: calibreweb_home + value: "{{ calibreweb_home }}" + - option: calibreweb_port + value: "{{ calibreweb_port }}" + - option: calibreweb_settings_database + value: "{{ calibreweb_settings_database }}" -- name: Add 'calibre-web' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: calibre-web - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Calibre-Web - - option: description - value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."' - - option: calibreweb_install - value: "{{ calibreweb_install }}" - - option: calibreweb_enabled - value: "{{ calibreweb_enabled }}" - - option: calibreweb_url1 - value: "{{ calibreweb_url1 }}" - - option: calibreweb_url2 - value: "{{ calibreweb_url2 }}" - - option: calibreweb_url3 - value: "{{ calibreweb_url3 }}" - - option: calibreweb_path - value: "{{ calibreweb_venv_path }}" - - option: calibreweb_home - value: "{{ calibreweb_home }}" - - option: calibreweb_port - value: "{{ calibreweb_port }}" - - option: calibreweb_settings_database - value: "{{ calibreweb_settings_database }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/calibre/tasks/enable-or-disable.yml b/roles/calibre/tasks/enable-or-disable.yml new file mode 100644 index 000000000..07a0cc911 --- /dev/null +++ b/roles/calibre/tasks/enable-or-disable.yml @@ -0,0 +1,29 @@ +# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) +# +# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: +# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 +# (anyway this works great for calibre-web, allowing http://box/books +# to work even better than http://box:8083 when box == 192.168.0.x !) +# +#- name: Attempt to enable http://box/calibre via Apache (UNTESTED) +# command: a2ensite calibre.conf +# when: apache_installed and calibre_enabled +# +#- name: Attempt to disable http://box/calibre via Apache (UNTESTED) +# command: a2dissite calibre.conf +# when: apache_installed and not calibre_enabled + +- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled + systemd: + daemon_reload: yes + name: calibre-serve + enabled: yes + state: restarted + when: calibre_enabled + +- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled + systemd: + name: calibre-serve + enabled: no + state: stopped + when: not calibre_enabled diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index bedb960de..a6504b658 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -19,65 +19,37 @@ quiet: yes -- name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: calibre_installed is undefined +- block: -# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) -# -# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: -# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 -# (anyway this works great for calibre-web, allowing http://box/books -# to work even better than http://box:8083 when box == 192.168.0.x !) -# -#- name: Attempt to enable http://box/calibre via Apache (UNTESTED) -# command: a2ensite calibre.conf -# when: apache_installed and calibre_enabled -# -#- name: Attempt to disable http://box/calibre via Apache (UNTESTED) -# command: a2dissite calibre.conf -# when: apache_installed and not calibre_enabled + - name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: calibre_installed is undefined -- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled - systemd: - daemon_reload: yes - name: calibre-serve - enabled: yes - state: restarted - when: calibre_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled - systemd: - name: calibre-serve - enabled: no - state: stopped - when: not calibre_enabled + - name: Add 'calibre' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Calibre + - option: description + value: '"Calibre is an extremely popular personal library system for e-books."' + - option: calibre_src_url + value: "{{ calibre_src_url }}" + - option: calibre_dbpath + value: "{{ calibre_dbpath }}" + - option: calibre_port + value: "{{ calibre_port }}" + - option: calibre_enabled + value: "{{ calibre_enabled }}" -#- name: Enable/Disable/Restart Apache if primary -# include_tasks: apache.yml -# when: not nginx_enabled -# -#- name: Enable/Disable/Restart NGINX if primary -# include_tasks: nginx.yml -# when: nginx_enabled + rescue: - -- name: Add 'calibre' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: calibre - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Calibre - - option: description - value: '"Calibre is an extremely popular personal library system for e-books."' - - option: calibre_src_url - value: "{{ calibre_src_url }}" - - option: calibre_dbpath - value: "{{ calibre_dbpath }}" - - option: calibre_port - value: "{{ calibre_port }}" - - option: calibre_enabled - value: "{{ calibre_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml index 0b3408b75..bd24b7186 100644 --- a/roles/captiveportal/tasks/main.yml +++ b/roles/captiveportal/tasks/main.yml @@ -19,27 +19,33 @@ quiet: yes -- name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: captiveportal_installed is undefined +- block: + - name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: captiveportal_installed is undefined -- name: Enable or Disable Captive Portal - include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'captiveportal' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: captiveportal + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Captive Portal + - option: description + value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."' + - option: captiveportal_install + value: "{{ captiveportal_install }}" + - option: captiveportal_enabled + value: "{{ captiveportal_enabled }}" -- name: Add 'captiveportal' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: captiveportal - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Captive Portal - - option: description - value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."' - - option: captiveportal_install - value: "{{ captiveportal_install }}" - - option: captiveportal_enabled - value: "{{ captiveportal_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/gitea/tasks/nginx.yml b/roles/gitea/tasks/enable-or-disable.yml similarity index 61% rename from roles/gitea/tasks/nginx.yml rename to roles/gitea/tasks/enable-or-disable.yml index 2014a0d03..d1e140781 100644 --- a/roles/gitea/tasks/nginx.yml +++ b/roles/gitea/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ + - name: Enable & Restart 'gitea' systemd service, if gitea_enabled + systemd: + name: gitea + daemon_reload: yes + enabled: yes + state: restarted + when: gitea_enabled + + - name: Disable & Stop 'gitea' systemd service, if not gitea_enabled + systemd: + name: gitea + enabled: no + state: stopped + when: not gitea_enabled + + - name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template template: src: gitea-nginx.conf.j2 diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 578c1e590..4fbd7359e 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -19,46 +19,37 @@ quiet: yes -- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: gitea_installed is undefined +- block: + - name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: gitea_installed is undefined -- name: Enable & Restart 'gitea' systemd service, if gitea_enabled - systemd: - name: gitea - daemon_reload: yes - enabled: yes - state: restarted - when: gitea_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled - systemd: - name: gitea - enabled: no - state: stopped - when: not gitea_enabled + - name: Add 'gitea' to list of services at {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: gitea + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Gitea + - option: description + value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"' + - option: gitea_install + value: "{{ gitea_install }}" + - option: gitea_enabled + value: "{{ gitea_enabled }}" + - option: gitea_run_directory + value: "{{ gitea_run_directory }}" + - option: gitea_url + value: "{{ gitea_url }}" -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + rescue: - -- name: Add 'gitea' to list of services at {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: gitea - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Gitea - - option: description - value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"' - - option: gitea_install - value: "{{ gitea_install }}" - - option: gitea_enabled - value: "{{ gitea_enabled }}" - - option: gitea_run_directory - value: "{{ gitea_run_directory }}" - - option: gitea_url - value: "{{ gitea_url }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/internetarchive/tasks/nginx.yml b/roles/internetarchive/tasks/enable-or-disable.yml similarity index 62% rename from roles/internetarchive/tasks/nginx.yml rename to roles/internetarchive/tasks/enable-or-disable.yml index 0469e58c4..47cebe214 100644 --- a/roles/internetarchive/tasks/nginx.yml +++ b/roles/internetarchive/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled + systemd: + name: internetarchive + daemon_reload: yes + enabled: yes + state: restarted + when: internetarchive_enabled + +- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled + systemd: + name: internetarchive + enabled: no + state: stopped + when: not internetarchive_enabled + + - name: Enable http://box/archive via NGINX, by installing {{ nginx_conf_dir }}/internetarchive-nginx.conf from template template: src: internetarchive-nginx.conf.j2 # TO DO: roles/internetarchive/templates/internetarchive-nginx.conf.j2 diff --git a/roles/internetarchive/tasks/main.yml b/roles/internetarchive/tasks/main.yml index c878287a3..7e3a8a2dd 100644 --- a/roles/internetarchive/tasks/main.yml +++ b/roles/internetarchive/tasks/main.yml @@ -19,76 +19,60 @@ quiet: yes -# 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza -# "UPDATE internetarchive" block should run whenever one isn't installing -# (or reinstalling) internetarchive, for now. We're aware this means slowness -# during "./runrole internetarchive" but that's very intentional for now -- as -# it leads to more testing of more recent versions of internetarchive, which -# is strongly desired. Finally, these current norms can and probably will be -# changed in future, when broader IIAB norms develop around "./runrole -# --upgrade internetarchive" or "./runrole --update internetarchive" or such, -# as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178 +- block: -- block: # BEGIN 2-STANZA BLOCK + # 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza + # "UPDATE internetarchive" portion should run whenever one isn't installing + # (or reinstalling) internetarchive, for now. We're aware this means slowness + # during "./runrole internetarchive" but that's very intentional for now -- as + # it leads to more testing of more recent versions of internetarchive, which + # is strongly desired. Finally, these current norms can and probably will be + # changed in future, when broader IIAB norms develop around "./runrole + # --upgrade internetarchive" or "./runrole --update internetarchive" or such, + # as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178 - name: "UPGRADE: Stop 'internetarchive' systemd service, if internetarchive_installed is defined" systemd: name: internetarchive daemon_reload: yes state: stopped + when: internetarchive_installed is defined - name: "UPGRADE: Run 'yarn upgrade' in {{ internetarchive_dir }}, if internetarchive_installed is defined" shell: yarn config set child-concurrency 1 && yarn install && yarn upgrade args: chdir: "{{ internetarchive_dir }}" + when: internetarchive_installed is defined - when: internetarchive_installed is defined # END 2-STANZA BLOCK + # "ELSE" INSTALL... -# "ELSE" INSTALL... - -- name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: internetarchive_installed is undefined + - name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: internetarchive_installed is undefined -# ENABLE/DISABLE/RESTART SYSTEMD SERVICE & WEB SERVERS AS NEC ? - -- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled - systemd: - name: internetarchive - daemon_reload: yes - enabled: yes - state: restarted - when: internetarchive_enabled - -- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled - systemd: - name: internetarchive - enabled: no - state: stopped - when: not internetarchive_enabled - -# - name: Enable/Disable/Restart Apache if primary -# include_tasks: apache.yml -# when: apache_installed is defined and not nginx_enabled - -- name: Enable/Disable/Restart NGINX if primary - include_tasks: nginx.yml - #when: nginx_enabled + - include_tasks: enable-or-disable.yml -- name: Add 'internetarchive' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: internetarchive - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Internet Archive - - option: description - value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"' - - option: internetarchive_install - value: "{{ internetarchive_install }}" - - option: internetarchive_enabled - value: "{{ internetarchive_enabled }}" + - name: Add 'internetarchive' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: internetarchive + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Internet Archive + - option: description + value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"' + - option: internetarchive_install + value: "{{ internetarchive_install }}" + - option: internetarchive_enabled + value: "{{ internetarchive_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/jupyterhub/tasks/main.yml b/roles/jupyterhub/tasks/main.yml index 01acf8154..9f2d31d13 100644 --- a/roles/jupyterhub/tasks/main.yml +++ b/roles/jupyterhub/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: jupyterhub_installed is undefined +- block: + - name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: jupyterhub_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'jupyterhub' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: jupyterhub + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: JupyterHub + - option: description + value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."' + - option: jupyterhub_install + value: "{{ jupyterhub_install }}" + - option: jupyterhub_enabled + value: "{{ jupyterhub_enabled }}" -- name: Add 'jupyterhub' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: jupyterhub - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: JupyterHub - - option: description - value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."' - - option: jupyterhub_install - value: "{{ jupyterhub_install }}" - - option: jupyterhub_enabled - value: "{{ jupyterhub_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/kalite/tasks/enable-or-disable.yml b/roles/kalite/tasks/enable-or-disable.yml new file mode 100644 index 000000000..fca843870 --- /dev/null +++ b/roles/kalite/tasks/enable-or-disable.yml @@ -0,0 +1,14 @@ +- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled + systemd: + daemon_reload: yes + name: kalite-serve + enabled: yes + state: restarted + when: kalite_enabled + +- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled + systemd: + name: kalite-serve + enabled: no + state: stopped + when: not kalite_enabled diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 35bea770c..3786a9c38 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -19,43 +19,37 @@ quiet: yes -- name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: kalite_installed is undefined +- block: + - name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kalite_installed is undefined -- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled - systemd: - daemon_reload: yes - name: kalite-serve - enabled: yes - state: restarted - when: kalite_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled - systemd: - name: kalite-serve - enabled: no - state: stopped - when: not kalite_enabled + - name: Add 'kalite' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kalite + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: "KA Lite" + - option: description + value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' + - option: kalite_install + value: "{{ kalite_install }}" + - option: kalite_enabled + value: "{{ kalite_enabled }}" + - option: path + value: "{{ kalite_root }}" + - option: port + value: "{{ kalite_server_port }}" + rescue: -- name: Add 'kalite' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: kalite - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: "KA Lite" - - option: description - value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' - - option: kalite_install - value: "{{ kalite_install }}" - - option: kalite_enabled - value: "{{ kalite_enabled }}" - - option: path - value: "{{ kalite_root }}" - - option: port - value: "{{ kalite_server_port }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 045707f37..ab5064fba 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -19,38 +19,45 @@ quiet: yes -- name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: kiwix_installed is undefined +- block: + - name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kiwix_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'kiwix' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: kiwix + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Kiwix + - option: description + value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' + - option: kiwix_install + value: "{{ kiwix_install }}" + - option: kiwix_enabled + value: "{{ kiwix_enabled }}" + - option: kiwix_url + value: "{{ kiwix_url }}" + - option: kiwix_url_plus_slash + value: "{{ kiwix_url_plus_slash }}" + - option: kiwix_path + value: "{{ kiwix_path }}" + - option: kiwix_port + value: "{{ kiwix_port }}" + - option: iiab_zim_path + value: "{{ iiab_zim_path }}" + - option: kiwix_library_xml + value: "{{ kiwix_library_xml }}" -- name: Add 'kiwix' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: kiwix - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Kiwix - - option: description - value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' - - option: kiwix_install - value: "{{ kiwix_install }}" - - option: kiwix_enabled - value: "{{ kiwix_enabled }}" - - option: kiwix_url - value: "{{ kiwix_url }}" - - option: kiwix_url_plus_slash - value: "{{ kiwix_url_plus_slash }}" - - option: kiwix_path - value: "{{ kiwix_path }}" - - option: kiwix_port - value: "{{ kiwix_port }}" - - option: iiab_zim_path - value: "{{ iiab_zim_path }}" - - option: kiwix_library_xml - value: "{{ kiwix_library_xml }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 680724179..1af098232 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -19,37 +19,46 @@ quiet: yes -#- name: "Set 'kolibri_provision: False' for a more lightweight (re)install" -# set_fact: -# kolibri_provision: False -# when: ??? +- block: -- name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: kolibri_installed is undefined + #- name: "Set 'kolibri_provision: False' for a more lightweight (re)install" + # set_fact: + # kolibri_provision: False + # when: ??? + + - name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kolibri_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml -- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: kolibri - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Kolibri - - option: description - value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' - - option: kolibri_install - value: "{{ kolibri_install }}" - - option: kolibri_enabled - value: "{{ kolibri_enabled }}" - - option: kolibri_url - value: "{{ kolibri_url }}" - - option: kolibri_path - value: "{{ kolibri_exec_path }}" - - option: kolibri_port - value: "{{ kolibri_http_port }}" + - name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kolibri + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Kolibri + - option: description + value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' + - option: kolibri_install + value: "{{ kolibri_install }}" + - option: kolibri_enabled + value: "{{ kolibri_enabled }}" + - option: kolibri_url + value: "{{ kolibri_url }}" + - option: kolibri_path + value: "{{ kolibri_exec_path }}" + - option: kolibri_port + value: "{{ kolibri_http_port }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index 2318a886d..1a0318e06 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -19,39 +19,46 @@ quiet: yes -- name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mediawiki_installed is undefined +- block: + - name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mediawiki_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml + - name: Add 'mediawiki' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mediawiki + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: MediaWiki + - option: description + value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."' + - option: mediawiki_install + value: "{{ mediawiki_install }}" + - option: mediawiki_enabled + value: "{{ mediawiki_enabled }}" + - option: mediawiki_src + value: "{{ mediawiki_src }}" + - option: mediawiki_abs_path + value: "{{ mediawiki_abs_path }}" + - option: mediawiki_db_name + value: "{{ mediawiki_db_name }}" + - option: mediawiki_db_user + value: "{{ mediawiki_db_user }}" + - option: mediawiki_url + value: "{{ mediawiki_url }}" + - option: mediawiki_full_url + value: "{{ mediawiki_full_url }}" -- name: Add 'mediawiki' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mediawiki - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: MediaWiki - - option: description - value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."' - - option: mediawiki_install - value: "{{ mediawiki_install }}" - - option: mediawiki_enabled - value: "{{ mediawiki_enabled }}" - - option: mediawiki_src - value: "{{ mediawiki_src }}" - - option: mediawiki_abs_path - value: "{{ mediawiki_abs_path }}" - - option: mediawiki_db_name - value: "{{ mediawiki_db_name }}" - - option: mediawiki_db_user - value: "{{ mediawiki_db_user }}" - - option: mediawiki_url - value: "{{ mediawiki_url }}" - - option: mediawiki_full_url - value: "{{ mediawiki_full_url }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml index a07d640c7..f5fad6cd1 100644 --- a/roles/minetest/tasks/main.yml +++ b/roles/minetest/tasks/main.yml @@ -19,32 +19,39 @@ quiet: yes -- name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: provision.yml # i.e. install.yml in other roles - when: minetest_installed is undefined +- block: + - name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: provision.yml # i.e. install.yml in other roles + when: minetest_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'minetest' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: minetest + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Minetest Server + - option: description + value: '"Minetest is an open source clone of the Minecraft building blocks game."' + - option: minetest_install + value: "{{ minetest_install }}" + - option: minetest_enabled + value: "{{ minetest_enabled }}" + - option: minetest_world_dir + value: "{{ minetest_world_dir }}" + - option: minetest_port + value: "{{ minetest_port }}" + - option: minetest_world_dir + value: "{{ minetest_world_dir }}" -- name: Add 'minetest' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: minetest - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Minetest Server - - option: description - value: '"Minetest is an open source clone of the Minecraft building blocks game."' - - option: minetest_install - value: "{{ minetest_install }}" - - option: minetest_enabled - value: "{{ minetest_enabled }}" - - option: minetest_world_dir - value: "{{ minetest_world_dir }}" - - option: minetest_port - value: "{{ minetest_port }}" - - option: minetest_world_dir - value: "{{ minetest_world_dir }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mongodb/tasks/enable-or-disable.yml b/roles/mongodb/tasks/enable-or-disable.yml index 68aaf9e84..851b4fb0e 100644 --- a/roles/mongodb/tasks/enable-or-disable.yml +++ b/roles/mongodb/tasks/enable-or-disable.yml @@ -1,6 +1,7 @@ - name: Enable & (Re)Start 'mongodb.service' if mongodb_enabled systemd: name: mongodb + daemon_reload: yes enabled: yes state: restarted when: mongodb_enabled diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index f2ce63d49..3365e818a 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -52,9 +52,8 @@ when: mongodb_installed is undefined # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) - - name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) + - name: Enable or Disable MongoDB (FYI sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) include_tasks: enable-or-disable.yml - when: mongodb_installed is defined - name: Add 'mongodb' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index 23340644d..c6c50d042 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -19,43 +19,52 @@ quiet: yes -# 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0 -# "Buster" during the very final days prior to release, as confirmed by the -# sudden disappearance of these 2 pages: -# -# https://packages.debian.org/buster/monit -# https://packages.debian.org/source/buster/monit -# -# And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to -# be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via -# apt -- so eliminating "Debian 10+" requires this funky conditional: +- block: -# 2020-09-21: The 'monit' package appears to be returning to Debian 11, per: -# -# https://packages.debian.org/bullseye/monit -# https://packages.debian.org/source/bullseye/monit -# -# SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc. + # 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0 + # "Buster" during the very final days prior to release, as confirmed by the + # sudden disappearance of these 2 pages: + # + # https://packages.debian.org/buster/monit + # https://packages.debian.org/source/buster/monit + # + # And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to + # be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via + # apt -- so eliminating "Debian 10+" requires this funky conditional: -- name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) - #when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) + # 2020-09-21: The 'monit' package appears to be returning to Debian 11, per: + # + # https://packages.debian.org/bullseye/monit + # https://packages.debian.org/source/bullseye/monit + # + # SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc. + + - name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) + #when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml -- name: Add 'monit' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: monit - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Monit - - option: description - value: '"Monit is a background service monitor which can correct problems, send email, restart services."' - - option: enabled - value: "{{ monit_enabled }}" + - name: Add 'monit' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: monit + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Monit + - option: description + value: '"Monit is a background service monitor which can correct problems, send email, restart services."' + - option: enabled + value: "{{ monit_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml index dd953d37a..1d38ab229 100644 --- a/roles/mosquitto/tasks/main.yml +++ b/roles/mosquitto/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mosquitto_installed is undefined +- block: + - name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mosquitto_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'mosquitto' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mosquitto + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Mosquitto service + - option: description + value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"' + - option: mosquitto_install + value: "{{ mosquitto_install }}" + - option: mosquitto_enabled + value: "{{ mosquitto_enabled }}" -- name: Add 'mosquitto' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mosquitto - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Mosquitto service - - option: description - value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"' - - option: mosquitto_install - value: "{{ mosquitto_install }}" - - option: mosquitto_enabled - value: "{{ mosquitto_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/munin/tasks/nginx.yml b/roles/munin/tasks/enable-or-disable.yml similarity index 64% rename from roles/munin/tasks/nginx.yml rename to roles/munin/tasks/enable-or-disable.yml index cd1094451..1b0d3ac28 100644 --- a/roles/munin/tasks/nginx.yml +++ b/roles/munin/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Start 'munin-node' systemd service + systemd: + name: munin-node + daemon_reload: yes + enabled: yes + state: started + when: munin_enabled + +- name: Disable & Stop 'munin-node' systemd service + systemd: + name: munin-node + enabled: no + state: stopped + when: not munin_enabled + + - name: Enable http://box/munin via NGINX, by installing {{ nginx_conf_dir }}/munin24-nginx.conf from template template: src: munin24-nginx.conf.j2 diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 22a07119a..0ff168fa5 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -19,42 +19,33 @@ quiet: yes -- name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: munin_installed is undefined +- block: + - name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: munin_installed is undefined -- name: Enable & Start 'munin-node' systemd service - systemd: - name: munin-node - daemon_reload: yes - enabled: yes - state: started - when: munin_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'munin-node' systemd service - systemd: - name: munin-node - enabled: no - state: stopped - when: not munin_enabled + - name: Add 'munin' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: munin + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Munin + - option: description + value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."' + - option: munin_install + value: "{{ munin_install }}" + - option: munin_enabled + value: "{{ munin_enabled }}" -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + rescue: - -- name: Add 'munin' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: munin - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Munin - - option: description - value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."' - - option: munin_install - value: "{{ munin_install }}" - - option: munin_enabled - value: "{{ munin_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index ae5587642..d98ae5b27 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -19,37 +19,44 @@ quiet: yes -- name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: nextcloud_installed is undefined +- block: + - name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nextcloud_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml + - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: Nextcloud + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Nextcloud + - option: description + value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' + - option: nextcloud_install + value: "{{ nextcloud_install }}" + - option: nextcloud_enabled + value: "{{ nextcloud_enabled }}" + - option: nextcloud_dl_url + value: "{{ nextcloud_dl_url }}" + - option: nextcloud_url + value: "{{ nextcloud_url }}" + - option: nextcloud_base_dir + value: "{{ nextcloud_base_dir }}" + - option: nextcloud_root_dir + value: "{{ nextcloud_root_dir }}" + - option: nextcloud_data_dir + value: "{{ nextcloud_data_dir }}" -- name: Add 'nextcloud' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: Nextcloud - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Nextcloud - - option: description - value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' - - option: nextcloud_install - value: "{{ nextcloud_install }}" - - option: nextcloud_enabled - value: "{{ nextcloud_enabled }}" - - option: nextcloud_dl_url - value: "{{ nextcloud_dl_url }}" - - option: nextcloud_url - value: "{{ nextcloud_url }}" - - option: nextcloud_base_dir - value: "{{ nextcloud_base_dir }}" - - option: nextcloud_root_dir - value: "{{ nextcloud_root_dir }}" - - option: nextcloud_data_dir - value: "{{ nextcloud_data_dir }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index 99250321b..07de2bcf8 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -35,23 +35,31 @@ var: nodejs_installed -- name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: nodejs_installed is undefined +- block: + - name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nodejs_installed is undefined -- name: Add 'nodejs' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: nodejs - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Node.js - - option: description - value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."' - - option: nodejs_install - value: "{{ nodejs_install }}" - - option: nodejs_enabled - value: "{{ nodejs_enabled }}" + - name: Add 'nodejs' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodejs + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Node.js + - option: description + value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."' + - option: nodejs_install + value: "{{ nodejs_install }}" + - option: nodejs_enabled + value: "{{ nodejs_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 2b5e3525b..2c197013e 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Node-RED if nodered_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: nodered_installed is undefined +- block: + - name: Install Node-RED if nodered_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nodered_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'nodered' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodered + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Node-RED + - option: description + value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."' + - option: nodered_install + value: "{{ nodered_install }}" + - option: nodered_enabled + value: "{{ nodered_enabled }}" -- name: Add 'nodered' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: nodered - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Node-RED - - option: description - value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."' - - option: nodered_install - value: "{{ nodered_install }}" - - option: nodered_enabled - value: "{{ nodered_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index a16cfcd34..388c594d6 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -11,28 +11,34 @@ quiet: yes -- name: Install OSM Vector Maps if 'osm_vector_maps_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: osm_vector_maps_installed is undefined - +- block: -- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled - include_tasks: nginx.yml - #when: nginx_enabled # NGINX is mandatory starting with IIAB 7.2 + - name: Install OSM Vector Maps if 'osm_vector_maps_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: osm_vector_maps_installed is undefined + - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml -- name: Add 'osm-vector-maps' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: osm-vector-maps - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: OSM Vector Maps - - option: description - value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising. Download detailed ''vector maps'' for an entire continent, or the entire world! Also includes 10+ zoom levels of satellite imagery!"' - - option: osm_vector_maps_install - value: "{{ osm_vector_maps_install }}" - - option: osm_vector_maps_enabled - value: "{{ osm_vector_maps_enabled }}" + - name: Add 'osm-vector-maps' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: osm-vector-maps + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: OSM Vector Maps + - option: description + value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising. Download detailed ''vector maps'' for an entire continent, or the entire world! Also includes 10+ zoom levels of satellite imagery!"' + - option: osm_vector_maps_install + value: "{{ osm_vector_maps_install }}" + - option: osm_vector_maps_enabled + value: "{{ osm_vector_maps_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 508691965..81a9dcebd 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -19,29 +19,38 @@ quiet: yes -- name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: pbx_installed is undefined +- block: -- name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle - include_tasks: chan_dongle.yml - when: asterisk_chan_dongle + - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: pbx_installed is undefined -- include_tasks: enable-or-disable.yml + - name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle + include_tasks: chan_dongle.yml + when: asterisk_chan_dongle + + - include_tasks: enable-or-disable.yml -- name: Add 'pbx' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: pbx - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: PBX - - option: description - value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' - - option: pbx_install - value: "{{ pbx_install }}" - - option: pbx_enabled - value: "{{ pbx_enabled }}" + - name: Add 'pbx' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: pbx + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: PBX + - option: description + value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' + - option: pbx_install + value: "{{ pbx_install }}" + - option: pbx_enabled + value: "{{ pbx_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index 55339f268..b4f04646d 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -19,29 +19,36 @@ quiet: yes -- name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: phpmyadmin_installed is undefined +- block: + - name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: phpmyadmin_installed is undefined -- name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06 - include_tasks: enable-or-disable.yml + - name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06 + include_tasks: enable-or-disable.yml + - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: phpmyadmin + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: phpMyAdmin + - option: description + value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' + - option: phpmyadmin_install + value: "{{ phpmyadmin_install }}" + - option: phpmyadmin_enabled + value: "{{ phpmyadmin_enabled }}" + - option: path + value: /opt/phpmyadmin -- name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: phpmyadmin - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: phpMyAdmin - - option: description - value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' - - option: phpmyadmin_install - value: "{{ phpmyadmin_install }}" - - option: phpmyadmin_enabled - value: "{{ phpmyadmin_enabled }}" - - option: path - value: /opt/phpmyadmin + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/postgresql/tasks/enable-or-disable.yml b/roles/postgresql/tasks/enable-or-disable.yml new file mode 100644 index 000000000..e9deb96d9 --- /dev/null +++ b/roles/postgresql/tasks/enable-or-disable.yml @@ -0,0 +1,14 @@ +- name: Enable & Start 'postgresql-iiab' systemd service, if postgresql_enabled + systemd: + name: postgresql-iiab + daemon_reload: yes + enabled: yes + state: started + when: postgresql_enabled + +- name: Disable & Stop 'postgresql-iiab' systemd service, if not postgresql_enabled + systemd: + name: postgresql-iiab + enabled: no + state: stopped + when: not postgresql_enabled diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index c69396d29..8d7070ea8 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -26,39 +26,33 @@ var: postgresql_installed -- name: Install PostgreSQL if 'postgresql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: postgresql_installed is undefined +- block: + - name: Install PostgreSQL if 'postgresql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: postgresql_installed is undefined -- name: Enable & Start 'postgresql-iiab' systemd service, if postgresql_enabled - systemd: - name: postgresql-iiab - daemon_reload: yes - enabled: yes - state: started - when: postgresql_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'postgresql-iiab' systemd service, if not postgresql_enabled - systemd: - name: postgresql-iiab - enabled: no - state: stopped - when: not postgresql_enabled + - name: Add 'postgresql' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: postgresql + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: PostgreSQL + - option: description + value: '"PostgreSQL is a powerful, open source object-relational database system."' + - option: postgresql_install + value: "{{ postgresql_install }}" + - option: postgresql_enabled + value: "{{ postgresql_enabled }}" + rescue: -- name: Add 'postgresql' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: postgresql - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: PostgreSQL - - option: description - value: '"PostgreSQL is a powerful, open source object-relational database system."' - - option: postgresql_install - value: "{{ postgresql_install }}" - - option: postgresql_enabled - value: "{{ postgresql_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index c2f599628..bee271ab3 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -19,49 +19,56 @@ quiet: yes -- name: Install Transmission if 'transmission_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: transmission_installed is undefined +- block: + - name: Install Transmission if 'transmission_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: transmission_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'transmission' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: transmission + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Transmission + - option: description + value: '"Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form)."' + - option: transmission_install + value: "{{ transmission_install }}" + - option: transmission_enabled + value: "{{ transmission_enabled }}" + - option: transmission_download_dir + value: "{{ transmission_download_dir }}" + - option: transmission_user + value: "{{ transmission_user }}" + - option: transmission_group + value: "{{ transmission_group }}" + - option: transmission_http_port + value: "{{ transmission_http_port }}" + - option: transmission_url + value: "{{ transmission_url }}" + - option: transmission_peer_port + value: "{{ transmission_peer_port }}" + - option: transmission_provision + value: "{{ transmission_provision }}" + - option: transmission_kalite_version + value: "{{ transmission_kalite_version }}" + - option: transmission_kalite_languages + value: "{{ transmission_kalite_languages }}" + - option: transmission_username + value: "{{ transmission_username }}" + # 2020-04-14: better to redact passwords from /etc/iiab/iiab.ini etc, so iiab-diagnostics command doesn't publish these, etc + #- option: transmission_password + # value: "{{ transmission_password }}" -- name: Add 'transmission' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: transmission - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Transmission - - option: description - value: '"Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form)."' - - option: transmission_install - value: "{{ transmission_install }}" - - option: transmission_enabled - value: "{{ transmission_enabled }}" - - option: transmission_download_dir - value: "{{ transmission_download_dir }}" - - option: transmission_user - value: "{{ transmission_user }}" - - option: transmission_group - value: "{{ transmission_group }}" - - option: transmission_http_port - value: "{{ transmission_http_port }}" - - option: transmission_url - value: "{{ transmission_url }}" - - option: transmission_peer_port - value: "{{ transmission_peer_port }}" - - option: transmission_provision - value: "{{ transmission_provision }}" - - option: transmission_kalite_version - value: "{{ transmission_kalite_version }}" - - option: transmission_kalite_languages - value: "{{ transmission_kalite_languages }}" - - option: transmission_username - value: "{{ transmission_username }}" - # 2020-04-14: better to redact passwords from /etc/iiab/iiab.ini etc, so iiab-diagnostics command doesn't publish these, etc - #- option: transmission_password - # value: "{{ transmission_password }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index 5e28f26aa..40ae032f4 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install vnStat if 'vnstat_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: vnstat_installed is undefined +- block: + - name: Install vnStat if 'vnstat_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: vnstat_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'vnstat' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: vnstat + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: vnStat + - option: description + value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."' + - option: vnstat_install + value: "{{ vnstat_install }}" + - option: vnstat_enabled + value: "{{ vnstat_enabled }}" -- name: Add 'vnstat' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: vnstat - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: vnStat - - option: description - value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."' - - option: vnstat_install - value: "{{ vnstat_install }}" - - option: vnstat_enabled - value: "{{ vnstat_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 7204f741e..aa93c6672 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -21,43 +21,52 @@ quiet: yes -- name: Provision MySQL DB for WordPress, if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: setup.yml - when: wordpress_installed is undefined # and not installing +- block: -- name: Install WordPress if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: wordpress_installed is undefined + - name: Provision MySQL DB for WordPress, if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: setup.yml + when: wordpress_installed is undefined # and not installing + + - name: Install WordPress if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: wordpress_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml -- name: Add 'wordpress' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: wordpress - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: WordPress - - option: description - value: '"WordPress is a blog and web site management application."' - - option: wordpress_install - value: "{{ wordpress_install }}" - - option: wordpress_enabled - value: "{{ wordpress_enabled }}" - - option: wordpress_src - value: "{{ wordpress_src }}" - - option: wp_abs_path - value: "{{ wp_abs_path }}" - - option: wp_db_name - value: "{{ wp_db_name }}" - - option: wp_db_user - value: "{{ wp_db_user }}" - - option: wp_url - value: "{{ wp_url }}" - - option: wp_full_url - value: "{{ wp_full_url }}" + - name: Add 'wordpress' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: wordpress + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: WordPress + - option: description + value: '"WordPress is a blog and web site management application."' + - option: wordpress_install + value: "{{ wordpress_install }}" + - option: wordpress_enabled + value: "{{ wordpress_enabled }}" + - option: wordpress_src + value: "{{ wordpress_src }}" + - option: wp_abs_path + value: "{{ wp_abs_path }}" + - option: wp_db_name + value: "{{ wp_db_name }}" + - option: wp_db_user + value: "{{ wp_db_user }}" + - option: wp_url + value: "{{ wp_url }}" + - option: wp_full_url + value: "{{ wp_full_url }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From 47aae3661fe66800f942b8af9c3a0c2071d30355 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jun 2022 14:49:45 -0400 Subject: [PATCH 0361/1758] gitea/tasks/enable-or-disable.yml: Fix indentation --- roles/gitea/tasks/enable-or-disable.yml | 26 ++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/gitea/tasks/enable-or-disable.yml b/roles/gitea/tasks/enable-or-disable.yml index d1e140781..3401c3fdd 100644 --- a/roles/gitea/tasks/enable-or-disable.yml +++ b/roles/gitea/tasks/enable-or-disable.yml @@ -1,17 +1,17 @@ - - name: Enable & Restart 'gitea' systemd service, if gitea_enabled - systemd: - name: gitea - daemon_reload: yes - enabled: yes - state: restarted - when: gitea_enabled +- name: Enable & Restart 'gitea' systemd service, if gitea_enabled + systemd: + name: gitea + daemon_reload: yes + enabled: yes + state: restarted + when: gitea_enabled - - name: Disable & Stop 'gitea' systemd service, if not gitea_enabled - systemd: - name: gitea - enabled: no - state: stopped - when: not gitea_enabled +- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled + systemd: + name: gitea + enabled: no + state: stopped + when: not gitea_enabled - name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template From 43147e3f59b5a3e3c597b66f6867ae7030905a4c Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jun 2022 17:04:13 -0400 Subject: [PATCH 0362/1758] yarn/tasks/main.yml: Support skip_role_on_error flag --- roles/yarn/tasks/main.yml | 44 +++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/roles/yarn/tasks/main.yml b/roles/yarn/tasks/main.yml index 5d8844ab9..c44758b22 100644 --- a/roles/yarn/tasks/main.yml +++ b/roles/yarn/tasks/main.yml @@ -26,23 +26,31 @@ var: yarn_installed -- name: Install Yarn if 'yarn_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: yarn_installed is undefined +- block: + - name: Install Yarn if 'yarn_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: yarn_installed is undefined -- name: Add 'yarn' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: yarn - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Yarn - - option: description - value: '"Fast, reliable, and secure dependency management. Comparable to npm. Released by Facebook in October 2016."' - - option: yarn_install - value: "{{ yarn_install }}" - - option: yarn_enabled - value: "{{ yarn_enabled }}" + - name: Add 'yarn' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: yarn + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Yarn + - option: description + value: '"Fast, reliable, and secure dependency management. Comparable to npm. Released by Facebook in October 2016."' + - option: yarn_install + value: "{{ yarn_install }}" + - option: yarn_enabled + value: "{{ yarn_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From 9dc838fdebe0537075314fa2bd54b4204bbcfd0c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 19 Jun 2022 00:43:43 -0400 Subject: [PATCH 0363/1758] /usr/bin/iiab-apps-to-be-installed: Quick scan to see what's not yet installed --- roles/0-init/tasks/main.yml | 2 +- roles/1-prep/tasks/main.yml | 6 ++++++ scripts/iiab-apps-to-be-installed | 32 +++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100755 scripts/iiab-apps-to-be-installed diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8d93f2441..328ad5629 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -38,7 +38,7 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy /opt/iiab/iiab/scripts/iiab-diagnostics to /usr/bin/iiab-diagnostics +- name: Copy /opt/iiab/iiab/scripts/iiab-diagnostics to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/iiab-diagnostics" dest: /usr/bin/ diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 9f44befc8..4fda2bf5f 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,6 +23,12 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? +- name: Copy /opt/iiab/iiab/scripts/iiab-apps-to-be-installed to /usr/bin/ + copy: + src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" + dest: /usr/bin/ + mode: '0755' + - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml #when: dnsmasq_install # Flag might be used in future? diff --git a/scripts/iiab-apps-to-be-installed b/scripts/iiab-apps-to-be-installed new file mode 100755 index 000000000..68d0295c1 --- /dev/null +++ b/scripts/iiab-apps-to-be-installed @@ -0,0 +1,32 @@ +#!/bin/bash + +# Lists IIAB Apps set to install BUT not yet installed (according to /etc/iiab/iiab_state.yml) + +iiab_var_value() { + v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") + v2=$(grep "^$1:\s" /etc/iiab/local_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") + [[ $v2 != "" ]] && echo $v2 || echo $v1 # [ "$v2" ] ALSO WORKS +} + +# 2022-06-18: 40 apps (list not quite complete) +#grep -l _installed: /opt/iiab/iiab/roles/*/tasks/install.yml | cut -d/ -f6 > /tmp/iiab-apps-list + +# 2022-06-18: 46 apps (list incorrect) -- adds these 6: iiab_admin, minetest, network (HAS NO _installed VAR), pylibs, www_base, www_options +#grep -l _installed: /opt/iiab/iiab/roles/*/tasks/* | cut -d/ -f6 | sort | uniq > /tmp/iiab-apps-list + +# 2022-06-18: 50 apps (list long but ok!) -- adds these 10: dansguardian, dhcpd, iiab_admin, minetest, named, pylibs, squid, wondershaper, www_base, www_options +grep -hro '[A-Za-z_][A-Za-z_]*_installed: True' --exclude-dir=0-DEPRECATED-ROLES /opt/iiab/iiab/roles | sed 's/_installed: True$//' | sort | uniq > /tmp/iiab-apps-list + +while read app; do + if [ $app == "calibre-web" ]; then + app=calibreweb + elif [ $app == "osm-vector-maps" ]; then + app=osm_vector_maps + fi + + # echo ${app}_install: $(iiab_var_value ${app}_install) + + if [[ $(iiab_var_value ${app}_install) =~ ^[Tt]rue$ ]] && ! grep -q "${app}_installed: True" /etc/iiab/iiab_state.yml; then + echo $app + fi +done < /tmp/iiab-apps-list From 6a8d4a45f6055e4881a2d951fc5deb028c160fb0 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 19 Jun 2022 19:59:23 -0400 Subject: [PATCH 0364/1758] iiab-diagnostics: Fix cat_cmd output + speed up prompt --- scripts/iiab-diagnostics | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index b6c834b42..89141194d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -88,18 +88,19 @@ function cat_dir() { function cat_cmd() { # $1 = command + params, $2 = explanation echo " $1 # $2" echo "=IIAB==========================================================================" >> $outfile - #cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right (NOT NEC, 'command -v' does this!) - #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right - pthcmd=$(command -v $1) # Use canonical path on left; Drop params on right - spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between + cmd=$(echo "$1" | sed 's/^\s*\(\S*\)\s.*/\1/') # Keep command on left; Drop params on right (NEC b/c 'command -v' interprets every word on the line!) + #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right + path_cmd=$(command -v $cmd) # Use canonical path on left; Drop params on right + spc_params=$(echo "$1" | sed 's/^\s*\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim + #spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) if [[ $2 == "" ]]; then - echo "COMMAND: $pthcmd$spc_params" >> $outfile + echo "COMMAND: $path_cmd$spc_params" >> $outfile else - echo "COMMAND: $pthcmd$spc_params # $2" >> $outfile + echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile fi echo >> $outfile - if [[ $pthcmd == "" ]]; then + if [[ $path_cmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! @@ -254,7 +255,8 @@ echo -e " $outfile\e[0m" #else echo echo -ne "\e[42;1mPublish it to a web pastebin? [Y/n]\e[0m " -read ans < /dev/tty +read -n 1 -r ans < /dev/tty +echo #fi echo -e "\e[1m" From f9a145309f8bb79ad6ee7a6be6bcab57004fa49b Mon Sep 17 00:00:00 2001 From: root Date: Sun, 19 Jun 2022 20:07:05 -0400 Subject: [PATCH 0365/1758] iiab-diagnostics: grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log --- scripts/iiab-diagnostics | 1 + scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 89141194d..a1f516125 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -236,6 +236,7 @@ cat_cmd 'sudo iptables-save' 'Firewall rules' echo -e "\n 6. Log Files: (last 100 lines of each)\n" echo -e "\n\n\n\n6. LOG FILES (LAST 100 LINES OF EACH)\n" >> $outfile +cat_cmd 'grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log' cat_tail /opt/iiab/iiab/iiab-install.log 100 cat_tail /opt/iiab/iiab/iiab-configure.log 100 cat_tail /opt/iiab/iiab/iiab-debug.log 100 diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 6ba4c8ca2..fad4fa31d 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 119-244 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 120-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From fa5d5d57b625cf5085bdbec17e8364ed7a397287 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 19 Jun 2022 20:55:59 -0400 Subject: [PATCH 0366/1758] iiab-diagnostics: Clean regex's, move/explain 'grep -B2', tighten prompt logic --- scripts/iiab-diagnostics | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a1f516125..ebd57b979 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -88,10 +88,10 @@ function cat_dir() { function cat_cmd() { # $1 = command + params, $2 = explanation echo " $1 # $2" echo "=IIAB==========================================================================" >> $outfile - cmd=$(echo "$1" | sed 's/^\s*\(\S*\)\s.*/\1/') # Keep command on left; Drop params on right (NEC b/c 'command -v' interprets every word on the line!) - #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right - path_cmd=$(command -v $cmd) # Use canonical path on left; Drop params on right - spc_params=$(echo "$1" | sed 's/^\s*\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim + cmd=$(echo "$1" | sed 's/^\s*\(\S\S*\)\b.*$/\1/') # Keep command on left; Drop params on right (NEC b/c 'command -v' interprets every word on the line!) + #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right + path_cmd=$(command -v $cmd) # Use canonical path on left (would drop params on right, but over-interpret each word as a cmd!) + spc_params=$(echo "$1" | sed 's/^\s*\S\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim #spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) if [[ $2 == "" ]]; then @@ -234,9 +234,9 @@ echo -e "\n\n\n\n5. FIREWALL RULES\n" >> $outfile #cat_file /usr/bin/iiab-gen-iptables cat_cmd 'sudo iptables-save' 'Firewall rules' -echo -e "\n 6. Log Files: (last 100 lines of each)\n" -echo -e "\n\n\n\n6. LOG FILES (LAST 100 LINES OF EACH)\n" >> $outfile -cat_cmd 'grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log' +echo -e "\n 6. Log Files: (e.g. last 100 lines of each)\n" +echo -e "\n\n\n\n6. LOG FILES (e.g. LAST 100 LINES OF EACH)\n" >> $outfile +cat_cmd 'grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log' 'for skip_role_on_error' cat_tail /opt/iiab/iiab/iiab-install.log 100 cat_tail /opt/iiab/iiab/iiab-configure.log 100 cat_tail /opt/iiab/iiab/iiab-debug.log 100 @@ -261,7 +261,8 @@ echo #fi echo -e "\e[1m" -if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then +#if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then +if ! [[ $ans =~ ^[nN]$ ]]; then echo -ne "PUBLISHING TO URL... " #pastebinit -b dpaste.com < $outfile pastebinit -b sprunge.us < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs From f098d8e5eb1828dda54db08bdfebbb595dccaf9e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Jun 2022 16:31:10 -0400 Subject: [PATCH 0367/1758] vars/ubuntu-2204.yml: python_ver: "3.10" --- vars/ubuntu-2204.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/ubuntu-2204.yml b/vars/ubuntu-2204.yml index 45228126e..bbe849b36 100644 --- a/vars/ubuntu-2204.yml +++ b/vars/ubuntu-2204.yml @@ -26,4 +26,4 @@ sshd_service: ssh php_version: 8.1 postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.10 +python_ver: "3.10" From 8a87034c72ac661deca4b6cd375892b008d8ef9e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Jun 2022 16:32:19 -0400 Subject: [PATCH 0368/1758] vars/ubuntu-2210.yml: python_ver: "3.10" --- vars/ubuntu-2210.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml index bdcd73967..e7ac7cc12 100644 --- a/vars/ubuntu-2210.yml +++ b/vars/ubuntu-2210.yml @@ -26,4 +26,4 @@ sshd_service: ssh php_version: 8.1 postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.10 +python_ver: "3.10" From f7a32070344e67a38b65b1569089b06602429c21 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Jun 2022 16:41:49 -0400 Subject: [PATCH 0369/1758] vars/debian-12.yml: Set PHP 8.1, PostgreSQL 14, Python 3.10 --- vars/debian-12.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 4ac59c25d..cf4fbfcea 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -23,7 +23,7 @@ mysql_service: mariadb apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh -php_version: 8.0 -postgresql_version: 13 +php_version: 8.1 +postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.9 +python_ver: "3.10" From 0036d8c17b3407693d0818c20cee6e86018fec03 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 20 Jun 2022 20:13:41 -0400 Subject: [PATCH 0370/1758] test.yml: float (drops outer zeros) vs AnsibleUnicode (String) --- test.yml | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/test.yml b/test.yml index 5364223a5..f346fb757 100644 --- a/test.yml +++ b/test.yml @@ -35,25 +35,42 @@ - name: a shows "VARIABLE IS NOT DEFINED!" -- whereas b (w/o whitespace) AND c (with space) AND d (with tab, STRICTLY DISALLOWED IN YAML BY ansible-core 2.11.6) showed null (without quotes!) -- whereas e (singlequotes) and f (doublequotes) show "" empty string set_fact: - #a: + #a: # Tabs NO LONGER ALLOWED, in strict YAML: https://stackoverflow.com/a/19976827 b: c: # Space - #d: # Tabs NO LONGER ALLOWED, in strict YAML: https://stackoverflow.com/a/19976827 - e: '' - f: "" + d: '' + e: "" + f: "3.10" # zero preserved b/c AnsibleUnicode (i.e. string) + g: +03.10 # plus sign & zeros dropped b/c float - debug: - var: a + var: a # "VARIABLE IS NOT DEFINED!" - debug: - var: b + var: a | type_debug # AnsibleUndefined - debug: - var: c + var: b # null - debug: - var: d + var: b | type_debug # NoneType - debug: - var: e + var: c # null - debug: - var: f + var: c | type_debug # NoneType + - debug: + var: d # "" + - debug: + var: d | type_debug # AnsibleUnicode + - debug: + var: e # "" + - debug: + var: e | type_debug # AnsibleUnicode + - debug: + var: f # "3.10" + - debug: + var: f | type_debug # AnsibleUnicode + - debug: + var: g # 3.1 + - debug: + var: g | type_debug # float - debug: var: ansible_local.local_facts # SEE: /opt/iiab/iiab/scripts/local_facts.fact @@ -75,3 +92,4 @@ var: ansible_machine # TEST ANSIBLE COMMANDS/MODULES HERE! + From 2d6943e9667d1bf8cba07b876ed69f6fad17da26 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 21 Jun 2022 11:01:01 -0400 Subject: [PATCH 0371/1758] Try 'skip_role_on_error: True' in default_vars --- iiab-install | 9 ++++++--- runrole | 7 ++++--- vars/default_vars.yml | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/iiab-install b/iiab-install index 037d61b24..49294dbc5 100755 --- a/iiab-install +++ b/iiab-install @@ -6,7 +6,7 @@ PLAYBOOK=iiab-stages.yml INVENTORY=ansible_hosts IIAB_STATE_FILE=/etc/iiab/iiab_state.yml -ARGS="" +ARGS="--extra-vars {\"skip_role_on_error\":False" # bash forces {...} to '{...}' for Ansible CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} @@ -127,7 +127,8 @@ if [ -f /etc/iiab/iiab.env ]; then if [ "$1" == "--reinstall" ]; then STAGE=0 - ARGS="$ARGS"" --extra-vars reinstall=True" + #ARGS="$ARGS"" --extra-vars reinstall=True" + ARGS="$ARGS,\"reinstall\":True" # Needs boolean not string so use JSON list sed -i 's/^STAGE=.*/STAGE=0/' /etc/iiab/iiab.env echo "Wrote STAGE=0 (counter) to /etc/iiab/iiab.env" elif [ "$STAGE" -ge 2 ] && [ "$1" == "--debug" ]; then @@ -168,6 +169,8 @@ export ANSIBLE_LOG_PATH="$CWD""/iiab-install.log" ansible -m setup -i $INVENTORY localhost --connection=local | grep python ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null # So vars are recorded in /opt/iiab/iiab/iiab-install.log -ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local +ARGS="$ARGS}" +echo -e "\nNOW RUN: ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local\n" +ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local echo -e "./iiab-install $* COMPLETED IN $CWD\n\n" diff --git a/runrole b/runrole index d29bb900b..644665d2f 100755 --- a/runrole +++ b/runrole @@ -8,7 +8,8 @@ INSTALL=false ENABLED=false REINSTALL=false CWD=`pwd` -ARGS="--extra-vars {" # bash forces {...} to '{...}' for Ansible, SEE BOTTOM +#ARGS="--extra-vars {" +ARGS="--extra-vars {\"skip_role_on_error\":False," # bash forces {...} to '{...}' for Ansible, SEE BOTTOM (IFS-like issue) INVENTORY=ansible_hosts PLAYBOOK=run-one-role.yml @@ -44,7 +45,7 @@ fi #fi if [ "$1" == "--reinstall" ]; then - ARGS="$ARGS\"reinstall\":True," # Needs boolean not string so use JSON list + ARGS="$ARGS\"reinstall\":True," # Needs boolean not string so use JSON list REINSTALL=true shift fi @@ -110,7 +111,7 @@ else export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log" fi -ARGS="$ARGS\"role_to_run\":\"$1\"}" # $1 works like \"$1\" if str validated +ARGS="$ARGS\"role_to_run\":\"$1\"}" # $1 works like \"$1\" if str type validated CMD="ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local $ARGS" echo -e "\e[1mbash will now run this, adding single quotes around the {...} curly braces:\e[0m\n\n$CMD\n" ansible -m setup -i $INVENTORY localhost --connection=local | grep python diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 22d000eac..68ba1ff32 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,7 +16,7 @@ iiab_base_ver: 8.0 iiab_revision: 0 -skip_role_on_error: False +skip_role_on_error: True iiab_etc_path: /etc/iiab From b4ba2f6a76a0d081f9a0c04f148bcf9b7b689bb1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 Jun 2022 18:05:47 -0400 Subject: [PATCH 0372/1758] scripts/ansible: Recommend ansible-core 2.13.1 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 7d8d16617..ea3ae3891 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] -GOOD_VER=2.13.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 07d6d7b0752236a61b3260a3ab697023a5a3b685 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 22 Jun 2022 11:58:22 -0400 Subject: [PATCH 0373/1758] Lint/Indent .yml files in /opt/iiab/iiab --- iiab-from-cmdline.yml | 8 ++++---- iiab-from-console.yml | 8 ++++---- iiab-network.yml | 8 ++++---- iiab-stages.yml | 10 +++++----- install-support.yml => install-support.yml.unused | 6 +++--- run-one-role.yml | 8 ++++---- runroles-base.yml | 6 +++--- test.yml | 10 +++++----- 8 files changed, 32 insertions(+), 32 deletions(-) rename install-support.yml => install-support.yml.unused (51%) diff --git a/iiab-from-cmdline.yml b/iiab-from-cmdline.yml index 74b507b56..68956b3ad 100644 --- a/iiab-from-cmdline.yml +++ b/iiab-from-cmdline.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/iiab-from-console.yml b/iiab-from-console.yml index e83aefdb9..fb8282580 100644 --- a/iiab-from-console.yml +++ b/iiab-from-console.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/iiab-network.yml b/iiab-network.yml index a72678367..2725a78c5 100644 --- a/iiab-network.yml +++ b/iiab-network.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/iiab-stages.yml b/iiab-stages.yml index 4b0940db6..32a6ca751 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -3,11 +3,11 @@ become: yes vars_files: - - roles/0-init/defaults/main.yml - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - roles/0-init/defaults/main.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml tasks: diff --git a/install-support.yml b/install-support.yml.unused similarity index 51% rename from install-support.yml rename to install-support.yml.unused index f8e6802f6..f2835214d 100644 --- a/install-support.yml +++ b/install-support.yml.unused @@ -2,9 +2,9 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml roles: - { role: 0-init } diff --git a/run-one-role.yml b/run-one-role.yml index c7dc1b98c..c10a42a2b 100644 --- a/run-one-role.yml +++ b/run-one-role.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/runroles-base.yml b/runroles-base.yml index 55bcb1efd..8df997790 100644 --- a/runroles-base.yml +++ b/runroles-base.yml @@ -3,9 +3,9 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml roles: - { role: 0-init } diff --git a/test.yml b/test.yml index f346fb757..032d35f23 100644 --- a/test.yml +++ b/test.yml @@ -5,11 +5,11 @@ become: yes # Optional privilege escalation #vars_files: - #- roles/0-init/defaults/main.yml - #- vars/default_vars.yml - #- vars/{{ ansible_local.local_facts.os_ver }}.yml - #- /etc/iiab/local_vars.yml - #- /etc/iiab/iiab_state.yml + # - roles/0-init/defaults/main.yml + # - vars/default_vars.yml + # - vars/{{ ansible_local.local_facts.os_ver }}.yml + # - /etc/iiab/local_vars.yml + # - /etc/iiab/iiab_state.yml #roles: # - { role: 0-init } From f63ef539985e109c9847e192c45bb23c435c7d39 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 22 Jun 2022 22:46:51 -0400 Subject: [PATCH 0374/1758] iiab-install: Parse flags cleanly, e.g. '--risky' for 'skip_role_on_error: True' --- iiab-install | 79 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 52 insertions(+), 27 deletions(-) diff --git a/iiab-install b/iiab-install index 49294dbc5..ec93b10b7 100755 --- a/iiab-install +++ b/iiab-install @@ -1,17 +1,57 @@ #!/bin/bash -e # Running from a git repo # Add cmdline options for passing to ansible -# Todo add proper shift to gobble up --debug --reinstall PLAYBOOK=iiab-stages.yml INVENTORY=ansible_hosts IIAB_STATE_FILE=/etc/iiab/iiab_state.yml -ARGS="--extra-vars {\"skip_role_on_error\":False" # bash forces {...} to '{...}' for Ansible +ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forces {...} to '{...}' for Ansible + CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` -OS=${OS//\"/} +OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.11.6 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.12.7 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. + +REINSTALL=false +DEBUG=false +SKIP_ROLE_ON_ERROR=false + +usage() { + echo -e "\n\e[1mUse './iiab-install' for regular installs, or to continue an install." + echo -e "Use './iiab-install --risky' to force 'skip_role_on_error: True'" + echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." + echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." + echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." + echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role." + echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\e[0m\n" +} + +# https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash/14203146#14203146 +while [[ $# -gt 0 ]]; do + case $1 in + --reinstall) + REINSTALL=true + shift + ;; + --debug) + DEBUG=true + shift + ;; + -r|--risky) + SKIP_ROLE_ON_ERROR=true + shift + ;; + *) + usage + exit 1 + ;; + esac +done + +ARGS="$ARGS\"skip_role_on_error\":$SKIP_ROLE_ON_ERROR" # Needs boolean not +# string so use JSON list. Ansible permits these boolean values: (refresher) +# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml#L19-L43 if [ ! -f /etc/iiab/local_vars.yml ]; then @@ -27,11 +67,11 @@ if [ ! -f /etc/iiab/local_vars.yml ]; then echo -e "\nEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\n" >&2 - echo -e "(1) Please read http://wiki.laptop.org/go/IIAB/local_vars.yml to learn more" >&2 - echo -e "(2) MIN/MEDIUM/BIG samples are included in /opt/iiab/iiab/vars" >&2 + echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 + echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2 - echo -e ' http://download.iiab.io\n' >&2 + echo -e ' https://download.iiab.io\n' >&2 exit 1 fi @@ -57,16 +97,6 @@ if [ ! -f $PLAYBOOK ]; then exit 1 fi -if [ "$1" != "--debug" ] && [ "$1" != "--reinstall" ] && [ "$1" != "" ]; then - echo "Use './iiab-install' for regular installs, or to continue an install." - echo "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." - echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." - echo "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." - echo "Use './runrole' to run Stage 0, followed by a single Stage or Role." - echo "Use './iiab-network' to run Stage 0, followed by the Network Role." - exit 1 -fi - # Subroutine compares software version numbers. Generates rare false positives # like "1.0 > 1" and "2.4.0 > 2.4". Avoid risks by structuring conditionals w/ # a consistent # of decimal points e.g. "if version_gt w.x.y.z a.b.c.d; then" @@ -125,28 +155,23 @@ if [ -f /etc/iiab/iiab.env ]; then fi fi - if [ "$1" == "--reinstall" ]; then + if $($REINSTALL); then STAGE=0 #ARGS="$ARGS"" --extra-vars reinstall=True" ARGS="$ARGS,\"reinstall\":True" # Needs boolean not string so use JSON list sed -i 's/^STAGE=.*/STAGE=0/' /etc/iiab/iiab.env echo "Wrote STAGE=0 (counter) to /etc/iiab/iiab.env" - elif [ "$STAGE" -ge 2 ] && [ "$1" == "--debug" ]; then + elif [ "$STAGE" -ge 2 ] && $($DEBUG); then STAGE=2 sed -i 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env echo "Wrote STAGE=2 (counter) to /etc/iiab/iiab.env" elif [ "$STAGE" -eq 9 ]; then - echo -e "\nEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done." - echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." - echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." - echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." - echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role." - echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\n\n" - + echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done." + usage exit 0 # Allows rerunning http://download.iiab.io/install.txt fi fi -if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then +if [ "$STAGE" -lt 2 ] && $($DEBUG); then echo -e "\n'--debug' *ignored* as STAGE (counter) < 2." fi From 41a91bd0f546bd4fc4ddef5bbbec17aca1296509 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Thu, 23 Jun 2022 04:55:56 +0100 Subject: [PATCH 0375/1758] get lan_ip soft coded everywhere --- .../templates/iiab-divert-to-nginx | 2 +- roles/cups/tasks/install.yml | 8 +++---- .../network/templates/dhcp/dhcpd-iiab.conf.j2 | 17 +++++++++----- .../templates/gateway/iiab-gen-iptables | 2 +- .../templates/named/school.internal.zone.db | 22 +++++++++---------- .../templates/named/school.local.zone.db | 22 +++++++++---------- roles/nextcloud/README.md | 2 +- roles/samba/templates/smb.conf.j2 | 2 +- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 9 +++++--- 10 files changed, 49 insertions(+), 39 deletions(-) diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx index c708de87a..8d6d06b2e 100755 --- a/roles/captiveportal/templates/iiab-divert-to-nginx +++ b/roles/captiveportal/templates/iiab-divert-to-nginx @@ -1,4 +1,4 @@ #!/bin/bash -x -awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture +awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index d585b42e0..6b8971f34 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -76,14 +76,14 @@ name: cups state: started -# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" # command: cupsctl --remote-admin --share-printers --user-cancel-any # 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER: # (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW. # (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!) -- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" command: cupsctl --remote-any --share-printers --user-cancel-any # 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml @@ -96,7 +96,7 @@ # command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging # when: not cups_enabled -# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631" +# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631" # lineinfile: # path: /etc/cups/cupsd.conf # line: "{{ item }}" @@ -105,7 +105,7 @@ # - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027 # - "ServerAlias *" # - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan -# - "#Listen {{ lan_ip }}:631" # 172.18.96.1 +# - "#Listen {{ lan_ip }}:631" # {{ lan_ip }} # - "#Listen 127.0.0.1:631" # - "#Listen 0.0.0.0:631" # - "#Listen *:631" diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index a3c844120..c6cdc6028 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -5,15 +5,22 @@ ddns-update-style interim; #ignore client-updates; option domain-name "{{ iiab_domain }}"; -option domain-name-servers 172.18.96.1; -option ntp-servers 172.18.96.1; +option domain-name-servers {{ lan_ip }}; +option ntp-servers {{ lan_ip }}; subnet 172.18.96.0 netmask 255.255.224.0 { {% if iiab_network_mode == "Gateway" %} - option routers 172.18.96.1; + option routers {{ lan_ip }}; {% endif %} - option subnet-mask 255.255.224.0; - option broadcast-address 172.18.127.255; + {% if 172_network %} + option subnet-mask 255.255.224.0; + option broadcast-address 172.18.127.255; + {% else %} + option subnet-mask 255.255.255.0; + option broadcast-address 10.10.10.255; + {% endif %} + + # Description of network allocations in old OLPC school server # this is the whole range we have available - 8K addresses # range 172.18.96.2 172.18.127.254; # instead, we'll save 510 addresses for later. diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 79a112b55..d784d38a9 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled" echo #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` #echo -e "Network Mode: $network_mode\n" -lan_ip=$(iiab_var_value lan_ip) # 172.18.96.1 +lan_ip=$(iiab_var_value lan_ip) # {{ lan_ip }} ports_externally_visible=$(iiab_var_value ports_externally_visible) gw_block_https=$(iiab_var_value gw_block_https) diff --git a/roles/network/templates/named/school.internal.zone.db b/roles/network/templates/named/school.internal.zone.db index 99a131aa2..ec930bee8 100644 --- a/roles/network/templates/named/school.internal.zone.db +++ b/roles/network/templates/named/school.internal.zone.db @@ -1,19 +1,19 @@ @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} -conference.schoolserver IN A 172.18.96.1 +conference.schoolserver IN A {{ lan_ip }} ; translations of school - in plain latin script diff --git a/roles/network/templates/named/school.local.zone.db b/roles/network/templates/named/school.local.zone.db index 3d0619e96..8b4bc384e 100644 --- a/roles/network/templates/named/school.local.zone.db +++ b/roles/network/templates/named/school.local.zone.db @@ -3,18 +3,18 @@ @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} -conference.schoolserver IN A 172.18.96.1 +conference.schoolserver IN A {{ lan_ip }} ; translations of school - in plain latin script diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 99cdc4b02..3759ad121 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre ## Using It -Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using: Username: Admin Password: changeme diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index acfc004a7..8dd667d05 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -92,7 +92,7 @@ ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 - hosts allow = 127. 172.18. + hosts allow = 127. 172.18. 10.10. ; max protocol = SMB2 diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 380ea6048..773ec65f4 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -12,7 +12,7 @@ # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # transmission_http_port: 9091 # transmission_url: /transmission/ -# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.* # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 22d000eac..9eac09d85 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -98,8 +98,11 @@ disregard_network: False # Use cache, or error out if cache does not exist. iiab_hostname: box iiab_domain: lan -lan_ip: 172.18.96.1 -lan_netmask: 255.255.224.0 +lan_ip: 10.10.10.10 +172_network: False +#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems +lan_netmask: 255.255.255.0 +#lan_netmask: 255.255.224.0 # Older networks were larger # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. @@ -540,7 +543,7 @@ transmission_group: debian-transmission # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme transmission_http_port: 9091 transmission_url: /transmission/ -transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 From 96521f9ad42a57828285e38c8f2dcdf8d47ffc0e Mon Sep 17 00:00:00 2001 From: root Date: Thu, 23 Jun 2022 01:12:19 -0400 Subject: [PATCH 0376/1758] Clarify './iiab-install --risky' for 'skip_role_on_error: True' in default_vars.yml --- vars/default_vars.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 68ba1ff32..4e8b9f2bc 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,6 +16,10 @@ iiab_base_ver: 8.0 iiab_revision: 0 +# 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear +# install path, intentionally overriding this value, until "SOFTWARE INSTALL IS +# COMPLETE". But you can run './iiab-install --risky' if you truly need +# iiab-install to run with 'skip_role_on_error: True' (PRs #3255, #3256, #3262) skip_role_on_error: True iiab_etc_path: /etc/iiab From 63f1363e21c5b44817b5f579b4ba521c63de93aa Mon Sep 17 00:00:00 2001 From: root Date: Thu, 23 Jun 2022 10:11:50 -0400 Subject: [PATCH 0377/1758] iiab-install: Show usage in bold more cleanly --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index ec93b10b7..f3f0bc830 100755 --- a/iiab-install +++ b/iiab-install @@ -166,7 +166,7 @@ if [ -f /etc/iiab/iiab.env ]; then sed -i 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env echo "Wrote STAGE=2 (counter) to /etc/iiab/iiab.env" elif [ "$STAGE" -eq 9 ]; then - echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done." + echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done.\e[0m" usage exit 0 # Allows rerunning http://download.iiab.io/install.txt fi From 1fec2559e919cfe925e55e4d18c9ab8d9bd4810e Mon Sep 17 00:00:00 2001 From: root Date: Fri, 24 Jun 2022 14:32:07 -0400 Subject: [PATCH 0378/1758] 22.04 & Mint 21: Avoid Sugarizer+Moodle initially (TEMPORARY) --- roles/7-edu-apps/tasks/main.yml | 4 ++-- vars/linuxmint-21.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index f4bdae83b..b7dd56855 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install # and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: OSM-VECTOR-MAPS include_role: @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install # and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index 5a1e79131..a6403ed91 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -2,7 +2,7 @@ # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now -is_ubuntu_22: True +is_ubuntu_2204: True is_linuxmint: True is_linuxmint_21: True From 18aef95d925aea2662169a87ee7b3a639c7ecb09 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 24 Jun 2022 14:42:32 -0400 Subject: [PATCH 0379/1758] vars/linuxmint-21.yml: python_ver: "3.10" advance fix re: PR #3260 & PR #3265 --- vars/linuxmint-21.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index a6403ed91..0135cd65f 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -28,4 +28,4 @@ sshd_service: ssh php_version: 8.1 postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.10 +python_ver: "3.10" From f898553346aa51b94fa57f318448b2a6daab3cdb Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Jun 2022 19:53:58 -0400 Subject: [PATCH 0380/1758] Record recent git tag, for 2 primary repos --- roles/0-init/tasks/create_iiab_ini.yml | 4 ++-- roles/0-init/tasks/main.yml | 7 ++----- scripts/iiab-diagnostics | 15 +++++++++------ scripts/local_facts.fact | 13 ++++++------- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index d29f791c8..22e69f096 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -33,10 +33,10 @@ value: "{{ ansible_local.local_facts.iiab_branch }}" - option: iiab_commit value: "{{ ansible_local.local_facts.iiab_commit }}" + - option: iiab_recent_tag + value: "{{ ansible_local.local_facts.iiab_recent_tag }}" - option: install_date value: "{{ ansible_date_time.iso8601 }}" - #- option: xo_model - # value: "{{ xo_model }}" - option: rpi_model value: "{{ rpi_model }}" - option: devicetree_model diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 328ad5629..2b1126220 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -11,7 +11,6 @@ set_fact: rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" - #xo_model: "{{ ansible_local.local_facts.xo_model }}" iiab_stage: "{{ ansible_local.local_facts.stage }}" # 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*) @@ -78,6 +77,8 @@ value: "{{ ansible_local.local_facts.iiab_branch }}" - option: runtime_commit value: "{{ ansible_local.local_facts.iiab_commit }}" + - option: iiab_recent_tag + value: "{{ ansible_local.local_facts.iiab_recent_tag }}" - option: runtime_date value: "{{ ansible_date_time.iso8601 }}" - option: ansible_version @@ -102,10 +103,6 @@ value: "{{ local_tz }}" - option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist value: "{{ etc_localtime.stdout }}" - #- option: no_NM_reload - # value: "{{ no_NM_reload }}" - #- option: is_F18 - # value: "{{ is_F18 }}" - option: FQDN_changed value: "{{ FQDN_changed }}" diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ebd57b979..f2a10b88f 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -4,15 +4,16 @@ # PLEASE SEE /opt/iiab/iiab/scripts/iiab-diagnostics.README.md OR ONLINE HERE: # https://github.com/iiab/iiab/blob/master/scripts/iiab-diagnostics.README.md -IIAB_RELEASE=`cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2` -OS_VER=`cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2` +IIAB_RELEASE=$(cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2) +OS_VER=$(cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2) YMDT=$(date +%F_%T_%Z) -#HASH=`cd /opt/iiab/iiab; git log --pretty=format:'%h' -n 1` git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root -HASH1=`cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1` +HASH1=$(cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1) # --pretty=format:'%h' (8 chars) +TAG1=$(cd /opt/iiab/iiab; git describe --tags --abbrev=0) git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root -HASH2=`cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1` +HASH2=$(cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1) +TAG2=$(cd /opt/iiab/iiab-admin-console; git describe --tags --abbrev=0) echo -e "\nGathers IIAB diagnostics into 1 file, to accelerate troubleshooting. USAGE:" echo @@ -123,10 +124,12 @@ echo -e "\nCompiling diagnostics..." echo -e "\n 0. Filename Header + Git Hashes + Raspberry Pi Model + OS" echo "This is: $outfile" >> $outfile echo >> $outfile -echo -e "\n\n\n\n0. GIT HASHES + RASPBERRY PI MODEL + OS" >> $outfile +echo -e "\n\n\n\n0. GIT HASHES/TAGS + RASPBERRY PI MODEL + OS" >> $outfile echo >> $outfile echo "iiab commit: $HASH1" >> $outfile +echo " recent git tag: $TAG1" >> $outfile echo "iiab-admin-console commit: $HASH2" >> $outfile +echo " recent git tag: $TAG2" >> $outfile echo >> $outfile cat_file /etc/iiab/pr-list-pulled cat_file /proc/device-tree/model # Should be identical to /sys/firmware/devicetree/base/model diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index bf1833340..332e97e13 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -3,7 +3,7 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -# 2020-10-27: Most of the 11 variables require a command[*] to be run to +# 2020-10-27: Most of the 12 variables require a command[*] to be run to # establish the var's value. WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE. # # [*] DOESN'T MATTER WHAT COMMAND: so long as it fails with Return Code != 0 @@ -14,7 +14,7 @@ OS="none" VERSION_ID="none" # This var's combined with the above, before being output IIAB_BRANCH="none" IIAB_COMMIT="none" -#XO_MODEL="none" +IIAB_RECENT_TAG="none" RPI_MODEL="none" DEVICETREE_MODEL="none" ANSIBLE_VERSION="none" @@ -86,15 +86,15 @@ case $OS_VER in ;; esac -# These next 2 help indicate what version of IIAB +# These next 3 help indicate what version of IIAB tmp=$(git rev-parse --abbrev-ref HEAD) && IIAB_BRANCH=$tmp tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp -#tmp=$(cat /proc/device-tree/mfg-data/MN) && -# XO_MODEL=$tmp +tmp=$(git describe --tags --abbrev=0) && + IIAB_RECENT_TAG=$tmp grep -iq raspberry /proc/device-tree/model && RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') @@ -143,11 +143,10 @@ cat < Date: Sun, 26 Jun 2022 06:21:30 -0400 Subject: [PATCH 0381/1758] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index fad4fa31d..7bbabcc3a 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 120-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 121-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 17aa26a4acb168c7a2c123d12c02ff5753500dfe Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 26 Jun 2022 21:20:50 +0100 Subject: [PATCH 0382/1758] jinja2 variable must start with non-numeric --- roles/network/templates/dhcp/dhcpd-iiab.conf.j2 | 2 +- roles/network/templates/network/dnsmasq.conf.j2 | 7 ++++++- vars/default_vars.yml | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index c6cdc6028..4b452a163 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -12,7 +12,7 @@ subnet 172.18.96.0 netmask 255.255.224.0 { {% if iiab_network_mode == "Gateway" %} option routers {{ lan_ip }}; {% endif %} - {% if 172_network %} + {% if network_172 %} option subnet-mask 255.255.224.0; option broadcast-address 172.18.127.255; {% else %} diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index 782f38049..056830267 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -18,7 +18,12 @@ addn-hosts=/etc/hosts.dnsmasq expand-hosts # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease -dhcp-range=172.18.100.1,172.18.126.254,1h +{% if network_172 %} + dhcp-range=172.18.100.1,172.18.126.254,1h +{% else %} + dhcp-range=10.10.10.21,10.10.10.253,1h +{% endif %} + # Specify the default route dhcp-option=3,{{ lan_ip }} # Specify the DNS server address diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9eac09d85..3b223320c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -99,7 +99,7 @@ disregard_network: False # Use cache, or error out if cache does not exist. iiab_hostname: box iiab_domain: lan lan_ip: 10.10.10.10 -172_network: False +network_172: False #lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems lan_netmask: 255.255.255.0 #lan_netmask: 255.255.224.0 # Older networks were larger From 40c60d9596038e2366d73ce9a66e6e842fdcae9e Mon Sep 17 00:00:00 2001 From: root Date: Mon, 27 Jun 2022 16:02:21 -0400 Subject: [PATCH 0383/1758] iiab-diagnostics: Show Git details for 2 primary repos --- scripts/iiab-diagnostics | 25 ++++++++++++++++++------- scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f2a10b88f..55f783919 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -10,10 +10,16 @@ YMDT=$(date +%F_%T_%Z) git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root HASH1=$(cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1) # --pretty=format:'%h' (8 chars) -TAG1=$(cd /opt/iiab/iiab; git describe --tags --abbrev=0) +BRANCH1=$(cd /opt/iiab/iiab; git branch --show-current) +REMOTE_URL1=$(cd /opt/iiab/iiab; git config remote.$(git config branch.$BRANCH1.remote).url) +PR_COUNT1=$(cd /opt/iiab/iiab; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +TAG_COMMITS1=$(cd /opt/iiab/iiab; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root HASH2=$(cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1) -TAG2=$(cd /opt/iiab/iiab-admin-console; git describe --tags --abbrev=0) +BRANCH2=$(cd /opt/iiab/iiab-admin-console; git branch --show-current) +REMOTE_URL2=$(cd /opt/iiab/iiab-admin-console; git config remote.$(git config branch.$BRANCH2.remote).url) +PR_COUNT2=$(cd /opt/iiab/iiab-admin-console; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +TAG_COMMITS2=$(cd /opt/iiab/iiab-admin-console; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') echo -e "\nGathers IIAB diagnostics into 1 file, to accelerate troubleshooting. USAGE:" echo @@ -124,12 +130,17 @@ echo -e "\nCompiling diagnostics..." echo -e "\n 0. Filename Header + Git Hashes + Raspberry Pi Model + OS" echo "This is: $outfile" >> $outfile echo >> $outfile -echo -e "\n\n\n\n0. GIT HASHES/TAGS + RASPBERRY PI MODEL + OS" >> $outfile +echo -e "\n\n\n\n0. GIT INFO + RASPBERRY PI MODEL + OS" >> $outfile echo >> $outfile -echo "iiab commit: $HASH1" >> $outfile -echo " recent git tag: $TAG1" >> $outfile -echo "iiab-admin-console commit: $HASH2" >> $outfile -echo " recent git tag: $TAG2" >> $outfile +echo "iiab commit: $HASH1" >> $outfile +echo " remote: $REMOTE_URL1" >> $outfile +echo " branch: $BRANCH1" >> $outfile +printf "%4s merged PR's since recent tag: $TAG_COMMITS1\n" $PR_COUNT1 >> $outfile +echo >> $outfile +echo "iiab-admin-console commit: $HASH2" >> $outfile +echo " remote: $REMOTE_URL2" >> $outfile +echo " branch: $BRANCH2" >> $outfile +printf "%4s merged PR's since recent tag: $TAG_COMMITS2\n" $PR_COUNT2 >> $outfile echo >> $outfile cat_file /etc/iiab/pr-list-pulled cat_file /proc/device-tree/model # Should be identical to /sys/firmware/devicetree/base/model diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 7bbabcc3a..2637c7ef9 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 121-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-260 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 6404c71859eed145c2102cb7a06385bcb52993c6 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 27 Jun 2022 16:23:29 -0400 Subject: [PATCH 0384/1758] iiab-diagnostics: Unindent Git details --- scripts/iiab-diagnostics | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 55f783919..04689d3e6 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -132,14 +132,14 @@ echo "This is: $outfile" >> $outfile echo >> $outfile echo -e "\n\n\n\n0. GIT INFO + RASPBERRY PI MODEL + OS" >> $outfile echo >> $outfile -echo "iiab commit: $HASH1" >> $outfile -echo " remote: $REMOTE_URL1" >> $outfile -echo " branch: $BRANCH1" >> $outfile +echo "iiab commit: $HASH1" >> $outfile +echo " remote: $REMOTE_URL1" >> $outfile +echo " branch: $BRANCH1" >> $outfile printf "%4s merged PR's since recent tag: $TAG_COMMITS1\n" $PR_COUNT1 >> $outfile echo >> $outfile -echo "iiab-admin-console commit: $HASH2" >> $outfile -echo " remote: $REMOTE_URL2" >> $outfile -echo " branch: $BRANCH2" >> $outfile +echo "iiab-admin-console commit: $HASH2" >> $outfile +echo " remote: $REMOTE_URL2" >> $outfile +echo " branch: $BRANCH2" >> $outfile printf "%4s merged PR's since recent tag: $TAG_COMMITS2\n" $PR_COUNT2 >> $outfile echo >> $outfile cat_file /etc/iiab/pr-list-pulled From 9370f59a44beeb880a2a48bf6c9f778649f53af3 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 08:58:41 -0400 Subject: [PATCH 0385/1758] /usr/bin/iiab-summary: Concise/quick view of any IIAB in ~20 lines --- roles/1-prep/tasks/main.yml | 7 ++-- scripts/iiab-summary | 66 +++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100755 scripts/iiab-summary diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 4fda2bf5f..b5f55e78e 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,11 +23,14 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? -- name: Copy /opt/iiab/iiab/scripts/iiab-apps-to-be-installed to /usr/bin/ +- name: Copy iiab-summary & iiab-apps-to-be-installed from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: - src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" + src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ mode: '0755' + with_items: + - iiab-summary + - iiab-apps-to-be-installed - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml diff --git a/scripts/iiab-summary b/scripts/iiab-summary new file mode 100755 index 000000000..e529c1332 --- /dev/null +++ b/scripts/iiab-summary @@ -0,0 +1,66 @@ +#!/bin/bash + +# Intentionally very concise summary of IIAB details. +# Can evolve for int'l community needs, alongside the much longer: +# https://github.com/iiab/iiab/blob/master/scripts/iiab-diagnostics.README.md + +git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root +cd /opt/iiab/iiab +SHORT_HASH1=$(git log --pretty=format:'%h' -n 1) # --pretty=format:'%H' (all 40 chars) +TAG1=$(git describe --tags --abbrev=0) +COMMITS1=$(git log "$TAG1..HEAD" --oneline | wc -l) +PR_COUNT1=$(git log "$TAG1..HEAD" --oneline --grep='Merge pull request' | wc -l) +COMMIT_MSG1=$(git log --format=%B -1 | head -1) +BRANCH1=$(git branch --show-current) +REMOTE_URL1=$(git config remote.$(git config branch.$BRANCH1.remote).url) + +git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root +cd /opt/iiab/iiab-admin-console +SHORT_HASH2=$(git log --pretty=format:'%h' -n 1) # --pretty=format:'%H' (all 40 chars) +TAG2=$(git describe --tags --abbrev=0) +COMMITS2=$(git log "$TAG2..HEAD" --oneline | wc -l) +PR_COUNT2=$(git log "$TAG2..HEAD" --oneline --grep='Merge pull request' | wc -l) +COMMIT_MSG2=$(git log --format=%B -1 | head -1) +BRANCH2=$(git branch --show-current) +REMOTE_URL2=$(git config remote.$(git config branch.$BRANCH2.remote).url) + +echo "$(grep install_date /etc/iiab/iiab.ini) Current TZ: $(date +%Z)" +echo +echo -e "iiab: $SHORT_HASH1, $PR_COUNT1 PR's / $COMMITS1 commits since tag $TAG1" +echo -e " \e[1m\"$COMMIT_MSG1\"\e[0m" +echo " $REMOTE_URL1 branch: $BRANCH1" +if [ -f /etc/iiab/pr-list-pulled ]; then + echo + cat /etc/iiab/pr-list-pulled +fi +echo +echo -e "iiab-admin-console: $SHORT_HASH2, $PR_COUNT2 PR's / $COMMITS2 commits since tag $TAG2" +echo -e " \e[1m\"$COMMIT_MSG2\"\e[0m" +echo " $REMOTE_URL2 branch: $BRANCH2" +echo +if [ -f /etc/rpi-issue ]; then + cat /etc/rpi-issue + echo "/etc/debian-version: $(cat /etc/debian_version)" +else + echo "$(cat /etc/issue.net) $(cat /etc/debian_version)" +fi +echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $(dpkg --print-architecture) Arch2: $(dpkg --print-foreign-architectures)" +uname -rvp +echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) +if [ -f /proc/device-tree/model ]; then + cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo +fi +if [ -f /sys/class/thermal/thermal_zone0/temp ]; then + echo "Temp(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp +fi +#if command -v landscape-sysinfo > /dev/null; then # Slow, Ubuntu Server only +# landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p +#fi +echo +echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l)" +echo +echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net +grep "^openvpn_enabled:" /etc/iiab/local_vars.yml +grep "^openvpn_handle:" /etc/iiab/local_vars.yml +hostname -I +echo From 194bd1a2b43a798bc1de490599b253671aa6c496 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 09:14:24 -0400 Subject: [PATCH 0386/1758] /usr/bin/iiab-summary: Clarify temperature(s) --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index e529c1332..cb1d1c8aa 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -51,7 +51,7 @@ if [ -f /proc/device-tree/model ]; then cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo fi if [ -f /sys/class/thermal/thermal_zone0/temp ]; then - echo "Temp(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp + echo "Temperature(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp fi #if command -v landscape-sysinfo > /dev/null; then # Slow, Ubuntu Server only # landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p From 25e06a03d74da631eb4974e946b7805f3dcc7525 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 09:37:28 -0400 Subject: [PATCH 0387/1758] Update scripts/iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 2637c7ef9..fe1589b11 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -1,10 +1,16 @@ ## Objective -To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable small file, that can be easily circulated online AND offline. Just FYI Raspberry Pi OS's [/usr/bin/raspinfo](https://github.com/raspberrypi/utils/blob/master/raspinfo/raspinfo) serves a very similar purpose, but we do not include that program's 700-to-800 line output at present. +To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable file of about 2000 lines, that can be easily circulated online AND offline. -Passwords (including Wi-Fi passwords) are auto-redacted from this file, to protect your community confidentiality. +Just FYI Raspberry Pi OS's [/usr/bin/raspinfo](https://github.com/raspberrypi/utils/blob/master/raspinfo/raspinfo) serves a very similar purpose, but we do not include that program's 700-to-800 line output at present. -Finally, the ``pastebinit`` command can then be used to auto-upload this file, creating a short URL that makes it much easier to circulate among [volunteers](http://internet-in-a-box.org/pages/contributing.html). +For a more concise "instant" summary of any IIAB machine (about 20-25 lines) try this command instead: [/usr/bin/iiab-summary](iiab-summary) + +## What `iiab-diagnostics` does + +Passwords (including Wi-Fi passwords) are auto-redacted as the output file is generated, to protect your community confidentiality. + +Finally, the ``pastebinit`` command can be used to auto-upload the output file (human-readable, approx 2000 lines) creating a short URL that makes it much easier to circulate among [volunteers](https://internet-in-a-box.org/contributing.html). But first off, the file is compiled by harvesting 1 + 6 kinds of things: From 5f3946fb846f6c9c09087989ce381c892c1af856 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 09:48:13 -0400 Subject: [PATCH 0388/1758] iiab-summary: Summary count of `iiab-apps-to-be-installed` --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index cb1d1c8aa..e0410f18d 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -57,7 +57,7 @@ fi # landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p #fi echo -echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l)" +echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(iiab-apps-to-be-installed | wc -l)" echo echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net grep "^openvpn_enabled:" /etc/iiab/local_vars.yml From 93709b75da70dad439b36c8da5a8003bbeea61f0 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Jun 2022 10:04:50 -0400 Subject: [PATCH 0389/1758] iiab-diagnostics: Include iiab-apps-to-be-installed output --- scripts/iiab-diagnostics | 1 + scripts/iiab-diagnostics.README.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 04689d3e6..957111ad1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -163,6 +163,7 @@ cat_cmd 'dpkg --print-architecture' 'RaspiOS-on-PC shows: i386' cat_cmd 'dpkg --print-foreign-architectures' 'RaspiOS-on-PC shows: amd64' cat_cmd 'systemctl is-active display-manager.service' 'Graphical Desktop?' cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml' +cat_cmd 'iiab-apps-to-be-installed' 'IIAB Apps to be installed' echo -e '\n\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index fe1589b11..1dacfe807 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-260 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-261 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 60745e3e59e4a3a060c7f02894d4fb383adc278e Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 09:06:08 -0400 Subject: [PATCH 0390/1758] remoteit/tasks/install.yml: Remove "IIAB_LIKE=Ubuntu" after workaround, for Ansible --- roles/remoteit/tasks/install.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index ee838b9d3..4e52bd586 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -76,6 +76,15 @@ - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh +# 2022-06-29: Ansible misinterprets "IIAB_LIKE=Ubuntu" (interpreting the entire +# OS as Ubuntu instead of Mint, on later Ansible runs) so let's remove line now. +- name: If Linux Mint, remove above "IIAB_LIKE=Ubuntu" from /etc/os-release (for Ansible's sloppy OS recognition logic) + lineinfile: + path: /etc/os-release + line: IIAB_LIKE=Ubuntu + state: absent + when: is_linuxmint + - name: "'rm /etc/remoteit/registration' (empty file used just above)" file: From 64b2635bbb061e86d7364a419f1d5ed3011d329a Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 12:50:11 -0400 Subject: [PATCH 0391/1758] Record branch's actual Git remote (URL) to iiab.ini (in 2 places) --- roles/0-init/tasks/create_iiab_ini.yml | 2 ++ roles/0-init/tasks/main.yml | 2 ++ scripts/local_facts.fact | 7 ++++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 22e69f096..f27cb2e38 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -29,6 +29,8 @@ value: "{{ ansible_architecture }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" + - option: iiab_remote + value: "{{ ansible_local.local_facts.iiab_remote }}" - option: iiab_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: iiab_commit diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 2b1126220..2e95bc920 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -73,6 +73,8 @@ value: "{{ iiab_base_ver }}" - option: iiab_revision value: "{{ iiab_revision }}" + - option: iiab_remote + value: "{{ ansible_local.local_facts.iiab_remote }}" - option: runtime_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: runtime_commit diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 332e97e13..06b430411 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -12,6 +12,7 @@ STAGE=0 OS="none" VERSION_ID="none" # This var's combined with the above, before being output +IIAB_REMOTE="none" IIAB_BRANCH="none" IIAB_COMMIT="none" IIAB_RECENT_TAG="none" @@ -86,10 +87,13 @@ case $OS_VER in ;; esac -# These next 3 help indicate what version of IIAB +# These next 4 help indicate what version of IIAB tmp=$(git rev-parse --abbrev-ref HEAD) && IIAB_BRANCH=$tmp +tmp=$(git config remote.$(git config branch.$IIAB_BRANCH.remote).url) && + IIAB_REMOTE=$tmp + tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp @@ -141,6 +145,7 @@ cat < Date: Wed, 29 Jun 2022 12:59:53 -0400 Subject: [PATCH 0392/1758] iiab-summary: Cleaner when there's no /opt/iiab/iiab-admin-console --- scripts/iiab-summary | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index e0410f18d..79588036e 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -34,9 +34,13 @@ if [ -f /etc/iiab/pr-list-pulled ]; then cat /etc/iiab/pr-list-pulled fi echo -echo -e "iiab-admin-console: $SHORT_HASH2, $PR_COUNT2 PR's / $COMMITS2 commits since tag $TAG2" -echo -e " \e[1m\"$COMMIT_MSG2\"\e[0m" -echo " $REMOTE_URL2 branch: $BRANCH2" +if [ -d /opt/iiab/iiab-admin-console ]; then + echo -e "iiab-admin-console: $SHORT_HASH2, $PR_COUNT2 PR's / $COMMITS2 commits since tag $TAG2" + echo -e " \e[1m\"$COMMIT_MSG2\"\e[0m" + echo " $REMOTE_URL2 branch: $BRANCH2" +else + echo " WARNING: Directory /opt/iiab/iiab-admin-console does not exist!" +fi echo if [ -f /etc/rpi-issue ]; then cat /etc/rpi-issue From cb51d68a9ccaba88588a133fa5269d36f031c56f Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 13:05:57 -0400 Subject: [PATCH 0393/1758] local_facts.fact: Fix typo 12 -> "13 vars require a command" --- scripts/local_facts.fact | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 06b430411..a0471c95a 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -3,7 +3,7 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -# 2020-10-27: Most of the 12 variables require a command[*] to be run to +# 2020-10-27: Most of the 13 variables require a command[*] to be run to # establish the var's value. WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE. # # [*] DOESN'T MATTER WHAT COMMAND: so long as it fails with Return Code != 0 From 15a5efb765fa7e68a8442a0d44d09ea27733f0a1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jun 2022 14:09:15 -0400 Subject: [PATCH 0394/1758] awstats.schoolserver.conf.j2: Set AllowFullYearView=3 not 2 --- roles/awstats/templates/awstats.schoolserver.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/awstats/templates/awstats.schoolserver.conf.j2 b/roles/awstats/templates/awstats.schoolserver.conf.j2 index 40816fef5..2a5e8802d 100644 --- a/roles/awstats/templates/awstats.schoolserver.conf.j2 +++ b/roles/awstats/templates/awstats.schoolserver.conf.j2 @@ -261,7 +261,7 @@ AllowToUpdateStatsFromBrowser=1 # 3 - Possible on CLI and CGI # Default: 2 # -AllowFullYearView=2 +AllowFullYearView=3 From 2457f415fceaf574c1fcc38ce7282163762116cd Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 18:37:13 -0400 Subject: [PATCH 0395/1758] Speed up roles/0-init by moving 2 things to detected_network.yml --- roles/0-init/defaults/main.yml | 8 ---- roles/0-init/tasks/main.yml | 15 ++------ roles/0-init/tasks/network.yml | 43 --------------------- roles/1-prep/tasks/main.yml | 7 +++- roles/network/defaults/main.yml | 4 ++ roles/network/tasks/detected_network.yml | 48 ++++++++++++++++++++++++ roles/phpmyadmin/tasks/install.yml | 2 +- roles/www_options/tasks/main.yml | 19 +++++++++- 8 files changed, 79 insertions(+), 67 deletions(-) diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml index 95cca916b..a07cde5cf 100644 --- a/roles/0-init/defaults/main.yml +++ b/roles/0-init/defaults/main.yml @@ -23,14 +23,6 @@ # ...after it is set in 0-init/tasks/main.yml first_run: False rpi_model: none # 2021-07-30: Broadly used! -#xo_model: none # 2021-07-30: No longer used -# 2021-07-30: Recorded to /etc/iiab/iiab.ini but not used programmatically: -gw_active: False -# 2021-07-30: Broadly used, but not in an organized way -- most all IIAB -# outfitting/provisioning happens online -- in situations where connectivity -# failures should be reported to the operator, rather than papered over: -internet_available: False -discovered_wan_iface: none # 2021-07-30: Very broadly used! # 2021-07-30: Barely used -- for {named, dhcpd, squid} in # roles/network/tasks/main.yml -- after being set in 0-init/tasks/network.yml diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 2e95bc920..b7d128124 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -13,11 +13,6 @@ devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" iiab_stage: "{{ ansible_local.local_facts.stage }}" -# 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*) -#- name: Re-read local_facts.facts from /etc/ansible/facts.d -# setup: -# filter: ansible_local - # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. - name: Create {{ iiab_ini_file }}, if it doesn't exist @@ -26,9 +21,9 @@ # 2021-07-30: The 'first_run' flag isn't much used anymore. In theory it's # still used in these 2 places: -# (1) roles/1-prep/tasks/main.yml for raspberry_pi.yml +# (1) roles/1-prep/tasks/hardware.yml for raspberry_pi.yml # (2) roles/network/tasks/named.yml for "Stop named before copying files" -# In practice however, it's no longer important, and might be reconsidered? +# This needs to be reworked for 0-init speed, and overall understandability. - name: Set first_run flag set_fact: first_run: True @@ -56,7 +51,7 @@ - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml -- name: Test Gateway + Test Internet + Set new hostname/domain (hostname.yml) if nec + Set 'gui_port' to 80 or 443 for Admin Console +- name: Set new hostname/domain (hostname.yml) if nec include_tasks: network.yml @@ -91,10 +86,6 @@ value: "{{ ansible_memtotal_mb }}" - option: swap_mb value: "{{ ansible_swaptotal_mb }}" - - option: gw_active - value: "{{ gw_active }}" - - option: internet_available - value: "{{ internet_available }}" - option: rpi_model value: "{{ rpi_model }}" - option: devicetree_model diff --git a/roles/0-init/tasks/network.yml b/roles/0-init/tasks/network.yml index c0d52ba68..91ed10998 100644 --- a/roles/0-init/tasks/network.yml +++ b/roles/0-init/tasks/network.yml @@ -1,46 +1,3 @@ -- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here... - debug: - var: ansible_default_ipv4 - -- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" - set_fact: - discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" - when: ansible_default_ipv4.gateway is defined - -- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" - shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l - register: gw_active_test - when: discovered_wan_iface != "none" - -- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" - set_fact: - iiab_wan_iface: "{{ discovered_wan_iface }}" - gw_active: True - when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" - - -- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' - get_url: - url: "{{ iiab_download_url }}/heart-beat.txt" - dest: /tmp/heart-beat.txt - #timeout: "{{ download_timeout }}" - # @jvonau recommends: 100sec is too much (keep 10sec default) - ignore_errors: True - #async: 10 - #poll: 2 - register: internet_access_test - -- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network" - set_fact: - internet_available: True # Initialized to 'False' in 0-init/defaults/main.yml - when: not internet_access_test.failed and not disregard_network - -- name: Remove downloaded Internet test file /tmp/heart-beat.txt - file: - path: /tmp/heart-beat.txt - state: absent - - - name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" set_fact: iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index b5f55e78e..0dfd32ee0 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -71,7 +71,10 @@ # when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed -- name: Recording STAGE 1 HAS COMPLETED ============================ +- name: Install {{ iiab_env_file }} from template -- FYI this file can be run as a script if absolutely nec -- e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT' template: src: roles/1-prep/templates/iiab.env.j2 - dest: "{{ iiab_env_file }}" # Can also be run as a script if absolutely nec, e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT' + dest: "{{ iiab_env_file }}" + +- name: Recording STAGE 1 HAS COMPLETED ============================ + meta: noop diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 8fb1226d6..6938f4a43 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -27,6 +27,10 @@ # hostapd_enabled: True # Above set in /opt/iiab/iiab/vars/default_vars.yml +# 2022-06-29: Legacy vars no longer used by roles/0-init +gw_active: False # 2021-07-30: Not used propgrammatically +discovered_wan_iface: none # 2021-07-30: Very broadly used! + hostapd_wait: 10 host_wireless_n: False driver_name: nl80211 diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 531eb4f65..5b3539e52 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,3 +1,47 @@ +- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here... + debug: + var: ansible_default_ipv4 + +- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" + set_fact: + discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: ansible_default_ipv4.gateway is defined + +- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" + shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l + register: gw_active_test + when: discovered_wan_iface != "none" + +- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" + set_fact: + iiab_wan_iface: "{{ discovered_wan_iface }}" + gw_active: True + when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" + + +# Similar to roles/www_options/tasks/main.yml prereq for iiab-refresh-wiki-docs +- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' + get_url: + url: "{{ iiab_download_url }}/heart-beat.txt" + dest: /tmp/heart-beat.txt + #timeout: "{{ download_timeout }}" + # @jvonau recommends: 100sec is too much (keep 10sec default) + ignore_errors: True + #async: 10 + #poll: 2 + register: internet_access_test + +- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network" + set_fact: + internet_available: True # Initialized to 'False' in 0-init/defaults/main.yml + when: not internet_access_test.failed and not disregard_network + +- name: Remove downloaded Internet test file /tmp/heart-beat.txt + file: + path: /tmp/heart-beat.txt + state: absent + + # so this works - name: Interface count shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} | wc | awk '{print $1}' @@ -239,6 +283,10 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: + - option: gw_active + value: "{{ gw_active }}" + - option: internet_available + value: "{{ internet_available }}" - option: has_ifcfg_gw value: "{{ has_ifcfg_gw }}" - option: prior_gateway_device diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index eaec8af82..9c4e4ef7d 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -3,7 +3,7 @@ url: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.0.4/phpMyAdmin-5.0.4-all-languages.zip dest: "{{ downloads_dir }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" - when: internet_available + #when: internet_available - name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist? stat: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 90f5cc6b6..6c7362e49 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -154,9 +154,26 @@ when: not apache_allow_sudo +# internet_available var moved to roles/network/tasks/detected_network.yml +- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' + get_url: + url: "{{ iiab_download_url }}/heart-beat.txt" + dest: /tmp/heart-beat.txt + #timeout: "{{ download_timeout }}" + # @jvonau recommends: 100sec is too much (keep 10sec default) + ignore_errors: True + #async: 10 + #poll: 2 + register: internet_access_test + +- name: Remove downloaded Internet test file /tmp/heart-beat.txt + file: + path: /tmp/heart-beat.txt + state: absent + - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml) command: /usr/bin/iiab-refresh-wiki-docs - when: internet_available and not nodocs + when: not internet_access_test.failed and not nodocs - name: (Re)Start '{{ apache_service }}' systemd service, if installed & enabled From 8eed8854b5e86fd6706e237bbee5c38f7ece5bec Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jun 2022 20:01:03 -0400 Subject: [PATCH 0396/1758] vnStat is basically never used (but patch it for divine reasons) --- roles/network/tasks/detected_network.yml | 3 ++- roles/vnstat/tasks/install.yml | 20 ++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 5b3539e52..f9c239b10 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,3 +1,4 @@ +# Similar code block in roles/vnstat/tasks/install.yml - name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here... debug: var: ansible_default_ipv4 @@ -14,7 +15,7 @@ - name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" set_fact: - iiab_wan_iface: "{{ discovered_wan_iface }}" + iiab_wan_iface: "{{ discovered_wan_iface }}" # Same as code on Line 70 ! gw_active: True when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index d015385bf..6ffb9e8d5 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,3 +1,20 @@ +# Similar code block in roles/network/tasks/detected_network.yml +- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" + set_fact: + discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: ansible_default_ipv4.gateway is defined + +- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" + shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l + register: gw_active_test + when: discovered_wan_iface != "none" + +- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" + set_fact: + iiab_wan_iface: "{{ discovered_wan_iface }}" + when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" + + - name: Install 'vnstat' package package: name: vnstat @@ -7,10 +24,9 @@ template: src: vnstat.conf.j2 dest: /etc/vnstat.conf - # owner: root - # group: root mode: '0744' + - name: Create database for WAN to collect vnStat data shell: /usr/bin/vnstat -i {{ iiab_wan_iface }} From f0ea82c1b63598e2944e989ac14cc9d617d7705a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jun 2022 20:32:17 -0400 Subject: [PATCH 0397/1758] vnstat/tasks/install.yml: Clean up comment for PR #3272 --- roles/vnstat/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 6ffb9e8d5..94248c734 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -9,7 +9,7 @@ register: gw_active_test when: discovered_wan_iface != "none" -- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" +- name: "If gateway responded, set 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" set_fact: iiab_wan_iface: "{{ discovered_wan_iface }}" when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" From 86375892188ff65464535d43fa34759146e63c97 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jun 2022 22:25:01 -0500 Subject: [PATCH 0398/1758] Not required for normal operation --- roles/network/tasks/detected_network.yml | 39 ------------------------ 1 file changed, 39 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index f9c239b10..01ff42e18 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -8,41 +8,6 @@ discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" when: ansible_default_ipv4.gateway is defined -- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" - shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l - register: gw_active_test - when: discovered_wan_iface != "none" - -- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" - set_fact: - iiab_wan_iface: "{{ discovered_wan_iface }}" # Same as code on Line 70 ! - gw_active: True - when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" - - -# Similar to roles/www_options/tasks/main.yml prereq for iiab-refresh-wiki-docs -- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' - get_url: - url: "{{ iiab_download_url }}/heart-beat.txt" - dest: /tmp/heart-beat.txt - #timeout: "{{ download_timeout }}" - # @jvonau recommends: 100sec is too much (keep 10sec default) - ignore_errors: True - #async: 10 - #poll: 2 - register: internet_access_test - -- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network" - set_fact: - internet_available: True # Initialized to 'False' in 0-init/defaults/main.yml - when: not internet_access_test.failed and not disregard_network - -- name: Remove downloaded Internet test file /tmp/heart-beat.txt - file: - path: /tmp/heart-beat.txt - state: absent - - # so this works - name: Interface count shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} | wc | awk '{print $1}' @@ -284,10 +249,6 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: gw_active - value: "{{ gw_active }}" - - option: internet_available - value: "{{ internet_available }}" - option: has_ifcfg_gw value: "{{ has_ifcfg_gw }}" - option: prior_gateway_device From 4e717570e2bc723cc64a1b5e29b7362ff875cdbe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jun 2022 22:25:57 -0500 Subject: [PATCH 0399/1758] vnstat - just use ansible in install mode --- roles/vnstat/tasks/install.yml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 94248c734..f76554ae9 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,19 +1,9 @@ # Similar code block in roles/network/tasks/detected_network.yml -- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" +- name: "Setting iiab_wan_iface to {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" set_fact: - discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" + iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" when: ansible_default_ipv4.gateway is defined -- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" - shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l - register: gw_active_test - when: discovered_wan_iface != "none" - -- name: "If gateway responded, set 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" - set_fact: - iiab_wan_iface: "{{ discovered_wan_iface }}" - when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" - - name: Install 'vnstat' package package: From ebae3606465da6c0dbec5ffd22500a0f98c8cf2e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jun 2022 22:48:14 -0500 Subject: [PATCH 0400/1758] network - drop internet_available --- roles/network/defaults/main.yml | 6 ++---- roles/network/tasks/netplan.yml | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 6938f4a43..fd1fa4dcc 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -27,9 +27,6 @@ # hostapd_enabled: True # Above set in /opt/iiab/iiab/vars/default_vars.yml -# 2022-06-29: Legacy vars no longer used by roles/0-init -gw_active: False # 2021-07-30: Not used propgrammatically -discovered_wan_iface: none # 2021-07-30: Very broadly used! hostapd_wait: 10 host_wireless_n: False @@ -67,7 +64,8 @@ can_be_ap: False exclude_devices: none device_gw: none prior_gw_device: unset - +# 2022-06-29: Legacy vars no longer used by roles/0-init +discovered_wan_iface: none # 2021-07-30: Very broadly used! iiab_wan_iface: none iiab_lan_iface: none discovered_lan_iface: none diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 799af001d..136b1df09 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -64,7 +64,7 @@ url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher dest: /usr/bin/networkd-dispatcher timeout: "{{ download_timeout }}" - when: internet_available and fix_dispatcher and ansible_distribution_release == "groovy" + when: iiab_stage|int < 9 and fix_dispatcher and ansible_distribution_release == "groovy" # 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later # should have the fix baked into a newer apt package installed by default. From 490f64a27ac1a90209fe93c2ba82cae30ae09098 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jun 2022 23:31:10 -0500 Subject: [PATCH 0401/1758] remove disregard_network from default_vars --- vars/default_vars.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4e8b9f2bc..4440b9e58 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -97,9 +97,6 @@ js_menu_install: True # NETWORK role (/opt/iiab/iiab/roles/network). SEE ALSO: # https://github.com/iiab/iiab/blob/master/roles/network/defaults/main.yml -# The following variable may be useful in debugging: -disregard_network: False # Use cache, or error out if cache does not exist. - iiab_hostname: box iiab_domain: lan lan_ip: 172.18.96.1 From fb7aa6a9c3efa51fac0b9bc2004ac7e536f43da6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jun 2022 01:31:56 -0500 Subject: [PATCH 0402/1758] Update roles/vnstat/tasks/install.yml Co-authored-by: A Holt --- roles/vnstat/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index f76554ae9..84bec243c 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,5 +1,5 @@ # Similar code block in roles/network/tasks/detected_network.yml -- name: "Setting iiab_wan_iface to {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" +- name: "Setting iiab_wan_iface to '{{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" set_fact: iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" when: ansible_default_ipv4.gateway is defined From 52ae68473a48b2b5130f83ea8829f530515458d5 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Thu, 30 Jun 2022 15:34:34 +0200 Subject: [PATCH 0403/1758] updated lokole role to reflect changes in Lokole --- roles/lokole/tasks/install.yml | 13 +------------ roles/lokole/tasks/setup.yml | 4 +++- roles/lokole/templates/lokole_restarter.conf | 4 ++-- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 776014396..849d899bb 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -23,24 +23,13 @@ - wvdial state: present -- name: "workarounds for older flask version used" - pip: - name: "{{ item.name }}" - version: "{{ item.version }}" - virtualenv: "{{ lokole_venv }}" - virtualenv_command: python3 -m venv "{{ lokole_venv }}" - extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ - with_items: - - { name: 'itsdangerous', version: '2.0.1' } - - { name: 'Jinja2', version: '3.0.3' } - # For development purposes -- To install Lokole from a given commit, add the # following line to roles/lokole/defaults/main.yml: # lokole_commit: - name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined" pip: - name: "git+https://github.com/ascoderu/lokole.git@{{ lokole_commit }}#egg=opwen_email_client" + name: "git+https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }}#egg=opwen_email_client" virtualenv: "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}" extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml index 1f49661c6..3c5b71b7c 100644 --- a/roles/lokole/tasks/setup.yml +++ b/roles/lokole/tasks/setup.yml @@ -6,7 +6,9 @@ - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env - {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' + cd {{ lokole_venv }}/lib/python${python_version}/site-packages/ + export FLASK_APP="opwen_email_client.webapp:app" + {{ lokole_venv }}/bin/flask manage createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' - name: Change owner of dbfiles file: diff --git a/roles/lokole/templates/lokole_restarter.conf b/roles/lokole/templates/lokole_restarter.conf index 94f580e9c..ab0118625 100644 --- a/roles/lokole/templates/lokole_restarter.conf +++ b/roles/lokole/templates/lokole_restarter.conf @@ -1,5 +1,5 @@ [program:lokole_restarter] -command={{ lokole_venv }}/bin/manage.py restarter --directory={{ lokole_run_dir }}/lokole_restarter +command={{ lokole_venv }}/bin/flask manage restarter --directory={{ lokole_run_dir }}/lokole_restarter autostart=true autorestart=true startretries=3 @@ -7,4 +7,4 @@ stopasgroup=true stderr_logfile={{ lokole_log_dir }}/lokole_restarter.stderr.log stdout_logfile={{ lokole_log_dir }}/lokole_restarter.stdout.log user=root -environment=OPWEN_SETTINGS={{ lokole_settings }} +environment=FLASK_APP="opwen_email_client.webapp",OPWEN_SETTINGS={{ lokole_settings }} From e0ca1f225384078a812b35739db3b333cd15682b Mon Sep 17 00:00:00 2001 From: Mohamad Date: Thu, 30 Jun 2022 16:07:44 +0200 Subject: [PATCH 0404/1758] TODO --- roles/lokole/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 849d899bb..8851c42ae 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -27,6 +27,7 @@ # For development purposes -- To install Lokole from a given commit, add the # following line to roles/lokole/defaults/main.yml: # lokole_commit: +# TODO: revert back to main remo after upstream PR is merged - name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined" pip: name: "git+https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }}#egg=opwen_email_client" From 46fad7936e3db81e05c8be9cc1d2874b9a9ca5ab Mon Sep 17 00:00:00 2001 From: root Date: Thu, 30 Jun 2022 10:29:08 -0400 Subject: [PATCH 0405/1758] netplan.yml: Mint networkd-dispatcher issue? groovy & internet_available removed --- roles/network/tasks/netplan.yml | 24 ++++++++++++++++-------- roles/www_options/tasks/main.yml | 2 +- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 136b1df09..43865d437 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -59,14 +59,22 @@ with_items: - "{{ netplan.stdout_lines }}" -- name: Replace networkd-dispatcher #2585 for "groovy" - get_url: - url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher - dest: /usr/bin/networkd-dispatcher - timeout: "{{ download_timeout }}" - when: iiab_stage|int < 9 and fix_dispatcher and ansible_distribution_release == "groovy" - # 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later - # should have the fix baked into a newer apt package installed by default. +# 2022-06-30: Ubuntu Groovy (20.10) is ancient history but this code might now +# help Linux Mint ? +# +# 2022-05-29: @jvonau wrote on #3106 "networkd-dispatcher has a traceback, +# I suspect the cause is the same as found #2645, need to confirm the package +# version installed with apt list networkd-dispatcher before suggesting the +# workaround be extended to LinuxMint" +# +# - name: Replace networkd-dispatcher #2585 for "groovy" +# get_url: +# url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher +# dest: /usr/bin/networkd-dispatcher +# timeout: "{{ download_timeout }}" +# when: iiab_stage|int < 9 and fix_dispatcher and ansible_distribution_release == "groovy" +# # 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later +# # should have the fix baked into a newer apt package installed by default. #- name: Supply netplan template # template: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 6c7362e49..445ee5e0e 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -154,7 +154,7 @@ when: not apache_allow_sudo -# internet_available var moved to roles/network/tasks/detected_network.yml +# 2022-06-30: internet_available var removed - name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' get_url: url: "{{ iiab_download_url }}/heart-beat.txt" From 8aef9d8fc87a83214ff2f059f2f465b3c96a6d8a Mon Sep 17 00:00:00 2001 From: root Date: Thu, 30 Jun 2022 11:10:13 -0400 Subject: [PATCH 0406/1758] Cleaner RasPiOS comments in 2-common, iiab-admin, jupyterhub, kalite, kolibri --- roles/2-common/tasks/network.yml | 10 +++++----- roles/2-common/tasks/packages.yml | 4 ++-- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- roles/jupyterhub/tasks/install.yml | 2 +- roles/kalite/tasks/install.yml | 2 +- roles/kolibri/templates/kolibri.service.j2 | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index c043a0bc3..57bea8434 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: Install package networkd-dispatcher (OS's other than RaspiOS) +- name: Install package networkd-dispatcher (OS's other than RasPiOS) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present @@ -19,16 +19,16 @@ - name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - - avahi-daemon # 97kB download: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml + - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml #- avahi-discover # 46kB download: 2021-07-27: Commented out long ago - hostapd # 764kB download: IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired #- inetutils-syslogd # 240kB download: 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros - - iproute2 # 902kB download: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools + - iproute2 # 902kB download: RasPiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools - iptables-persistent # 12kB download: Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it! - iw # 97kB download: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - - libnss-mdns # 27kB download: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi + - libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - netmask # 25kB download: Handy utility -- helps determine network masks - - net-tools # 248kB download: RaspiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? + - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index d731b25fc..889f9bd3f 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -16,12 +16,12 @@ #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles - mlocate # 92kB download - #- ntfs-3g # 379kB download: RaspiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 + #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics #- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc - #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 did not. + #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RasPiOS 10 did not. - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index fe7e8ae1b..23d0816ec 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -19,7 +19,7 @@ check_user_pwd() { # enough when user does not exist. Or uncomment to FORCE ERROR CODE 2. # Either way, overall bash script still returns exit code 0 ("success") - # sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RaspiOS ships w/ + # sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RasPiOS ships w/ # /etc/sudoers.d/010_pi-nopasswd containing "pi ALL=(ALL) NOPASSWD: ALL" # (read access to /etc/shadow is otherwise restricted to just root and # group www-data i.e. Apache, NGINX get special access). SEE: #2431, #2561 diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index ffb4aabcf..671e8a3ea 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -45,7 +45,7 @@ - jupyterhub-systemdspawner virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released. diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index c53230138..2d12f9d17 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -65,7 +65,7 @@ replace: 'a-zA-Z0-9\-' when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RaspiOS 11+ too? + # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 replace: diff --git a/roles/kolibri/templates/kolibri.service.j2 b/roles/kolibri/templates/kolibri.service.j2 index a886aa73e..21d7631b9 100644 --- a/roles/kolibri/templates/kolibri.service.j2 +++ b/roles/kolibri/templates/kolibri.service.j2 @@ -10,7 +10,7 @@ Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }} Environment=KOLIBRI_URL_PATH_PREFIX={{ kolibri_url_without_slash }} User={{ kolibri_user }} Group={{ apache_user }} -# 2020-10-03: Kolibri was timing out on RaspiOS & Ubuntu 20 NUC: iiab/iiab#2555 +# 2020-10-03: Kolibri was timing out on RasPiOS & Ubuntu 20 NUC: iiab/iiab#2555 TimeoutStartSec=1200 # The following is the systemd default, which is too much for most teachers in # low-electricity environments (30-60 sec is about all they can handle before From 7cd2c66fc8a83b8e60a731f956105999537eda85 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 24 Mar 2022 08:13:46 -0500 Subject: [PATCH 0407/1758] reorder and 'installed' --- roles/2-common/tasks/main.yml | 10 +++++-- roles/4-server-options/tasks/main.yml | 17 ----------- .../network.yml => network/tasks/install.yml} | 28 +++++++++++++++++-- roles/network/tasks/main.yml | 4 +++ 4 files changed, 37 insertions(+), 22 deletions(-) rename roles/{2-common/tasks/network.yml => network/tasks/install.yml} (86%) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 9ed8ff007..c6fb3f21c 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,8 +8,14 @@ - include_tasks: packages.yml -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: network.yml +- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf" + sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? + - { name: 'kernel.core_uses_pid', value: '1' } + #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - include_tasks: iiab-startup.yml diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 8ccf6b88b..9bed4e5e8 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -24,23 +24,6 @@ name: sshd when: sshd_install - -# UNMAINTAINED -- name: Install named / BIND - include_tasks: roles/network/tasks/named.yml - when: named_install is defined and named_install - -# UNMAINTAINED -- name: Install dhcpd - include_tasks: roles/network/tasks/dhcpd.yml - when: dhcpd_install is defined and dhcpd_install - -# LESS MAINTAINED -- name: Install Squid - include_tasks: roles/network/tasks/squid.yml - when: squid_install and squid_installed is undefined - - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/2-common/tasks/network.yml b/roles/network/tasks/install.yml similarity index 86% rename from roles/2-common/tasks/network.yml rename to roles/network/tasks/install.yml index 57bea8434..051e3fe84 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/network/tasks/install.yml @@ -52,10 +52,32 @@ - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE + +- name: "Set 'network_installed: True'" + set_fact: + network_installed: True + +- name: "Add 'network_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^network_installed' + line: 'network_installed: True' + +# UNMAINTAINED +- name: Install named / BIND + include_tasks: roles/network/tasks/named.yml + when: named_install is defined and named_install + +# UNMAINTAINED +- name: Install dhcpd + include_tasks: roles/network/tasks/dhcpd.yml + when: dhcpd_install is defined and dhcpd_install + +# LESS MAINTAINED +- name: Install Squid + include_tasks: roles/network/tasks/squid.yml + when: squid_install and squid_installed is undefined diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d849cebaf..d6806dea4 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,3 +1,7 @@ +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_installed is undefined + - name: Select RPi firmware mode include_role: name: firmware From 6219a24d8204b998bdd950e7ced1cff8bbccc48a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Mar 2022 20:19:33 -0500 Subject: [PATCH 0408/1758] group dnsmasq within network and always preinstall --- roles/1-prep/tasks/main.yml | 7 +++---- roles/network/tasks/install.yml | 3 +++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0dfd32ee0..0e8aa4e5c 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,6 +3,9 @@ - name: ...IS BEGINNING ============================================ meta: noop +- name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/install.yml + - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: name: sshd @@ -32,10 +35,6 @@ - iiab-summary - iiab-apps-to-be-installed -- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/dnsmasq.yml - #when: dnsmasq_install # Flag might be used in future? - - include_tasks: uuid.yml - include_tasks: ubermix.yml diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 051e3fe84..cdfbf2b8d 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,5 +1,8 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. +- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/dnsmasq.yml + - name: Install package networkd-dispatcher (OS's other than RasPiOS) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes From 85dfee3b087d54000845cd54079cc0002e87e4e7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 7 Apr 2022 06:14:58 -0500 Subject: [PATCH 0409/1758] fully opt out --- iiab-stages.yml | 1 + roles/0-init/tasks/validate_vars.yml | 3 ++- roles/1-prep/tasks/main.yml | 1 + vars/default_vars.yml | 2 ++ 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/iiab-stages.yml b/iiab-stages.yml index 32a6ca751..5f15ffbb8 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -63,3 +63,4 @@ - name: Network include_role: name: network + when: network_installed is defined and network_enabled diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f29525daf..f2f6cf8e0 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -122,6 +122,7 @@ - calibreweb - calibre - pbx + - network - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined assert: diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0e8aa4e5c..c522e82fb 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -5,6 +5,7 @@ - name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/install.yml + when: network_install - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4440b9e58..7023aa718 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -92,6 +92,8 @@ js_menu_install: True # IIAB Networking README: https://github.com/iiab/iiab/tree/master/roles/network # IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking # Read it offline too: http://box/info > "IIAB Networking" +network_install: True +network_enabled: True # NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 100 LINES, as enabled by Ansible's # NETWORK role (/opt/iiab/iiab/roles/network). SEE ALSO: From 57a9fa85f99b3befca7a61c3d59a1e63354d3c5a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 5 May 2022 22:52:48 -0500 Subject: [PATCH 0410/1758] use block in the role for enable --- iiab-stages.yml | 1 - roles/network/tasks/main.yml | 126 ++++++++++++++++++----------------- 2 files changed, 65 insertions(+), 62 deletions(-) diff --git a/iiab-stages.yml b/iiab-stages.yml index 5f15ffbb8..32a6ca751 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -63,4 +63,3 @@ - name: Network include_role: name: network - when: network_installed is defined and network_enabled diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d6806dea4..a1d34eac7 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,83 +1,87 @@ - name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) include_tasks: install.yml - when: network_installed is undefined + when: network_install and network_installed is undefined - name: Select RPi firmware mode include_role: name: firmware when: rpi_model != "none" -- name: detected_network - include_tasks: detected_network.yml +- name: Configuring Network if enabled + block: + - name: detected_network + include_tasks: detected_network.yml -#- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" -- name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" - set_fact: - no_net_restart: True # 2020-09-12: - # 0-init/defaults/main.yml - default boolean value of False - # network/tasks/main.yml - changes flag based on conditional present - # Var is currently used in 9 subsequent files, to suppress restarting of - # hostapd, dnsmasq and/or other networking service in computed_services.yml, - # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, - # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml - when: has_wifi_gateway is defined + #- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" + - name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" + set_fact: + no_net_restart: True # 2020-09-12: + # 0-init/defaults/main.yml - default boolean value of False + # network/tasks/main.yml - changes flag based on conditional present + # Var is currently used in 9 subsequent files, to suppress restarting of + # hostapd, dnsmasq and/or other networking service in computed_services.yml, + # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, + # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml + when: has_wifi_gateway is defined -- name: computed_network - include_tasks: computed_network.yml + - name: computed_network + include_tasks: computed_network.yml -# - name: Configure wondershaper -# include_tasks: wondershaper.yml -# when: wondershaper_install or wondershaper_installed is defined + # - name: Configure wondershaper + # include_tasks: wondershaper.yml + # when: wondershaper_install or wondershaper_installed is defined -- name: (Re)Install named - include_tasks: named.yml - when: named_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install named + include_tasks: named.yml + when: named_install and FQDN_changed and iiab_stage|int == 9 -- name: (Re)Install dhcpd - include_tasks: dhcpd.yml - when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install dhcpd + include_tasks: dhcpd.yml + when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 -- name: (Re)Install Squid - include_tasks: squid.yml - when: squid_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install Squid + include_tasks: squid.yml + when: squid_install and FQDN_changed and iiab_stage|int == 9 -#preprep for backends -- name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 + #preprep for backends + - name: Netplan in use on Ubuntu 18.04+ + include_tasks: netplan.yml + when: is_ubuntu and not is_ubuntu_16 -#### Start services -- name: avahi - include_tasks: avahi.yml -- name: hostapd - include_tasks: hostapd.yml -- name: computed_services - include_tasks: computed_services.yml -- name: enable_services - include_tasks: enable_services.yml -#### End services + #### Start services + - name: avahi + include_tasks: avahi.yml + - name: hostapd + include_tasks: hostapd.yml + - name: computed_services + include_tasks: computed_services.yml + - name: enable_services + include_tasks: enable_services.yml + #### End services -#### Start network layout -#- name: Redhat networking -# include_tasks: ifcfg_mods.yml -# when: is_redhat + #### Start network layout + #- name: Redhat networking + # include_tasks: ifcfg_mods.yml + # when: is_redhat -- name: NetworkManager in use - include_tasks: NM-debian.yml - when: is_debuntu and network_manager_active + - name: NetworkManager in use + include_tasks: NM-debian.yml + when: is_debuntu and network_manager_active -- name: systemd-networkd in use - include_tasks: sysd-netd-debian.yml - when: is_debuntu and systemd_networkd_active + - name: systemd-networkd in use + include_tasks: sysd-netd-debian.yml + when: is_debuntu and systemd_networkd_active -- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active - include_tasks: rpi_debian.yml - when: is_raspbian + - name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active + include_tasks: rpi_debian.yml + when: is_raspbian -- name: Not RPi, Not NetworkManager, Not systemd-networkd in use - include_tasks: debian.yml - when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 -#### end network layout + - name: Not RPi, Not NetworkManager, Not systemd-networkd in use + include_tasks: debian.yml + when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 + #### end network layout -- name: Restart services - include_tasks: restart.yml + - name: Restart services + include_tasks: restart.yml + # end block + when: network_installed is defined and network_enabled From 94d80f7ac44a4ddbd24e6dbec25787a27f15a400 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 20 May 2022 11:25:01 -0500 Subject: [PATCH 0411/1758] always detect and report - record enabled --- roles/network/tasks/computed_network.yml | 2 ++ roles/network/tasks/main.yml | 36 ++++++++++++------------ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index efe764642..8c7ac5515 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -172,3 +172,5 @@ value: "{{ iiab_lan_iface }}" - option: iiab_network_mode value: "{{ iiab_network_mode }}" + - option: network_enabled + value: "{{ network_enabled }}" diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a1d34eac7..a4808b47e 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -7,26 +7,26 @@ name: firmware when: rpi_model != "none" +- name: detected_network + include_tasks: detected_network.yml + +#- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" +- name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" + set_fact: + no_net_restart: True # 2020-09-12: + # 0-init/defaults/main.yml - default boolean value of False + # network/tasks/main.yml - changes flag based on conditional present + # Var is currently used in 9 subsequent files, to suppress restarting of + # hostapd, dnsmasq and/or other networking service in computed_services.yml, + # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, + # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml + when: has_wifi_gateway is defined + +- name: computed_network + include_tasks: computed_network.yml + - name: Configuring Network if enabled block: - - name: detected_network - include_tasks: detected_network.yml - - #- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" - - name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" - set_fact: - no_net_restart: True # 2020-09-12: - # 0-init/defaults/main.yml - default boolean value of False - # network/tasks/main.yml - changes flag based on conditional present - # Var is currently used in 9 subsequent files, to suppress restarting of - # hostapd, dnsmasq and/or other networking service in computed_services.yml, - # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, - # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml - when: has_wifi_gateway is defined - - - name: computed_network - include_tasks: computed_network.yml - # - name: Configure wondershaper # include_tasks: wondershaper.yml # when: wondershaper_install or wondershaper_installed is defined From 5196b4dff983bf4a4fecc5460996b44ca40fa7b9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 20 May 2022 13:13:11 -0500 Subject: [PATCH 0412/1758] tools needed after detection --- roles/network/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a4808b47e..86a07413b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,7 +1,3 @@ -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: install.yml - when: network_install and network_installed is undefined - - name: Select RPi firmware mode include_role: name: firmware @@ -25,6 +21,10 @@ - name: computed_network include_tasks: computed_network.yml +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_install and network_installed is undefined + - name: Configuring Network if enabled block: # - name: Configure wondershaper From 59cd7ecc13bd51f25c3943e198c90e23bb1f00aa Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 25 Mar 2022 00:08:40 -0500 Subject: [PATCH 0413/1758] Correct discription of network.yml to hostname.yml --- roles/0-init/tasks/hostname.yml | 24 ++++++++++++++---------- roles/0-init/tasks/main.yml | 5 ++--- roles/0-init/tasks/network.yml | 31 ------------------------------- 3 files changed, 16 insertions(+), 44 deletions(-) delete mode 100644 roles/0-init/tasks/network.yml diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 3d323b3cc..427380929 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -1,3 +1,8 @@ +- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" + set_fact: + iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" + FQDN_changed: False + - name: Does /etc/cloud/cloud.cfg exist e.g. is this Ubuntu Server 18+ ? stat: path: /etc/cloud/cloud.cfg @@ -17,16 +22,7 @@ # 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904) # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" -#- name: Install /etc/sysconfig/network from template (redhat) -# template: -# src: roles/network/templates/network/sysconfig.network.j2 -# dest: /etc/sysconfig/network -# owner: root -# group: root -# mode: 0644 -# when: is_redhat - -# roles/network/tasks/hosts.yml [no longer in use] ALSO did this: +# should the first entry match just hostname and domain move to after localhost? - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' lineinfile: path: /etc/hosts @@ -36,6 +32,14 @@ #group: root #mode: 0644 +# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is +# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it +# should be reconsidered? See PR #2876: roles/network might become optional? +- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" + set_fact: + FQDN_changed: True + when: iiab_fqdn != ansible_fqdn + #- name: Re-configuring httpd - not initial install # include_tasks: roles/httpd/tasks/main.yml # when: iiab_stage|int > 3 diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index b7d128124..1fd2c525f 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -51,9 +51,8 @@ - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml -- name: Set new hostname/domain (hostname.yml) if nec - include_tasks: network.yml - +- name: Set hostname / domain (etc) in various places + include_tasks: hostname.yml - name: Add 'runtime' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/0-init/tasks/network.yml b/roles/0-init/tasks/network.yml deleted file mode 100644 index 91ed10998..000000000 --- a/roles/0-init/tasks/network.yml +++ /dev/null @@ -1,31 +0,0 @@ -- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" - set_fact: - iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" - FQDN_changed: False - -- name: Set hostname / domain (etc) in various places -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }}) - include_tasks: hostname.yml - when: iiab_fqdn != ansible_fqdn - -# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is -# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it -# should be reconsidered? See PR #2876: roles/network might become optional? -- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" - set_fact: - FQDN_changed: True - when: iiab_fqdn != ansible_fqdn - - -# 2021-08-17: (1) iiab-gen-iptables works better if gui_port is set directly in -# default_vars.yml and/or local_vars.yml (2) Admin Console's iiab-admin.yml -# and js-menu.yml set 'adm_cons_force_ssl: False' - -# - name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl" -# set_fact: -# gui_port: 80 -# when: not adm_cons_force_ssl - -# - name: "Set 'gui_port: 443' for Admin Console if adm_cons_force_ssl" -# set_fact: -# gui_port: 443 -# when: adm_cons_force_ssl From 11f451da1af99b6eb8f47a808c9a6be8606fb381 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jun 2022 12:21:33 -0500 Subject: [PATCH 0414/1758] visual feedback --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index cdfbf2b8d..06e4cf31d 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -47,7 +47,7 @@ # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: -- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" +- name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot name: "{{ item.name }}" value: "{{ item.value }}" From ca3f852748a30818789d6d6966bd8a8708a19638 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 30 Jun 2022 17:00:16 -0400 Subject: [PATCH 0415/1758] mediawiki/defaults/main.yml: Version 1.38.2 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index b6c008387..ca21a0ad4 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 1 +mediawiki_minor_version: 2 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 191e7577c3ea46d20e2a64d9c331335475396042 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 02:15:10 +0200 Subject: [PATCH 0416/1758] added lokole_repo var to enable setting alternative git repo --- roles/lokole/defaults/main.yml | 1 + roles/lokole/tasks/install.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index b8f4d030f..887938e44 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -14,6 +14,7 @@ # https://pypi.org/project/opwen-email-client/ ...OR... HARDCODE EITHER HERE: #lokole_commit: # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/lokole/commits/master #lokole_version: # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history +lokole_repo: https://github.com/ascoderu/lokole.git@{{ lokole_commit }} # the lokole git repo location to pull from if lokole_commit is defined lokole_admin_user: admin # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole) lokole_admin_password: changeme diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 8851c42ae..782866744 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -30,7 +30,7 @@ # TODO: revert back to main remo after upstream PR is merged - name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined" pip: - name: "git+https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }}#egg=opwen_email_client" + name: "git+{{ lokole_repo }}@{{ lokole_commit }}#egg=opwen_email_client" virtualenv: "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}" extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ From 6a55a11f555095421f42f862b8a7f5bddf0562e6 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 17:05:40 +0200 Subject: [PATCH 0417/1758] set python_version env var before running createadmin --- roles/lokole/tasks/setup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml index 3c5b71b7c..a8542f90b 100644 --- a/roles/lokole/tasks/setup.yml +++ b/roles/lokole/tasks/setup.yml @@ -6,6 +6,7 @@ - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env + python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) cd {{ lokole_venv }}/lib/python${python_version}/site-packages/ export FLASK_APP="opwen_email_client.webapp:app" {{ lokole_venv }}/bin/flask manage createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' From 5faa5d0ca037921fe69246e31e98714627f7aa4d Mon Sep 17 00:00:00 2001 From: George Hunt Date: Fri, 1 Jul 2022 16:21:31 +0100 Subject: [PATCH 0418/1758] make local network mask correct for 256 --- roles/cups/templates/cups.conf.j2 | 2 +- roles/network/templates/network/bridge-br0 | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/cups/templates/cups.conf.j2 b/roles/cups/templates/cups.conf.j2 index abec5152d..a481aa0b1 100644 --- a/roles/cups/templates/cups.conf.j2 +++ b/roles/cups/templates/cups.conf.j2 @@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex return 301 http://localhost:631; } - return 301 http://$host:631; # For 192.168.0.x, 172.18.96.1, 10.8.0.y ETC + return 301 http://$host:631; # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC } diff --git a/roles/network/templates/network/bridge-br0 b/roles/network/templates/network/bridge-br0 index 8aaa27968..59d85db73 100644 --- a/roles/network/templates/network/bridge-br0 +++ b/roles/network/templates/network/bridge-br0 @@ -6,7 +6,11 @@ interface-name=br0 permissions= [ipv4] +{% if network_172 %} address1={{ lan_ip }}/19 +{% else %} +address1={{ lan_ip }}/24 +{% endif %} dns-search={{ iiab_domain }} method=manual From ba463a0b0aa1ce5de9cc44546aab017c5d954ee2 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 17:46:59 +0200 Subject: [PATCH 0419/1758] use fork in defaults/main.yml for testing --- roles/lokole/defaults/main.yml | 3 ++- roles/lokole/tasks/install.yml | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 887938e44..f57ab5f11 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -14,7 +14,8 @@ # https://pypi.org/project/opwen-email-client/ ...OR... HARDCODE EITHER HERE: #lokole_commit: # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/lokole/commits/master #lokole_version: # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history -lokole_repo: https://github.com/ascoderu/lokole.git@{{ lokole_commit }} # the lokole git repo location to pull from if lokole_commit is defined +# TODO: revert back to main repo after upstream PR is merged +lokole_repo: https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }} # the lokole git repo location to pull from if lokole_commit is defined lokole_admin_user: admin # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole) lokole_admin_password: changeme diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 782866744..a95d5b132 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -27,7 +27,6 @@ # For development purposes -- To install Lokole from a given commit, add the # following line to roles/lokole/defaults/main.yml: # lokole_commit: -# TODO: revert back to main remo after upstream PR is merged - name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined" pip: name: "git+{{ lokole_repo }}@{{ lokole_commit }}#egg=opwen_email_client" From 8456c6dd5adb5221d42559cbda40f75eb463a2a1 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 18:48:38 +0200 Subject: [PATCH 0420/1758] removed lokole_commit ref from lokole_repo as it's already referenced --- roles/lokole/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index f57ab5f11..d3799a86f 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -15,7 +15,7 @@ #lokole_commit: # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/lokole/commits/master #lokole_version: # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history # TODO: revert back to main repo after upstream PR is merged -lokole_repo: https://github.com/mabuelhagag/lokole.git@{{ lokole_commit }} # the lokole git repo location to pull from if lokole_commit is defined +lokole_repo: https://github.com/mabuelhagag/lokole.git # the lokole git repo location to pull from if lokole_commit is defined lokole_admin_user: admin # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole) lokole_admin_password: changeme From f1fbd524d984acc52e423d41133610268bdf22b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Jul 2022 17:51:04 -0400 Subject: [PATCH 0421/1758] phpmyadmin: Remove stale comment, cleaner spacing --- roles/phpmyadmin/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index 9c4e4ef7d..345927a04 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -3,7 +3,6 @@ url: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.0.4/phpMyAdmin-5.0.4-all-languages.zip dest: "{{ downloads_dir }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" - #when: internet_available - name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist? stat: @@ -46,6 +45,7 @@ # # recurse: yes # # state: directory + # RECORD phpMyAdmin AS INSTALLED - name: "Set 'phpmyadmin_installed: True'" From 24829db43b960f0a9b35bc9977406bbdab3f0d9d Mon Sep 17 00:00:00 2001 From: Mohamad Date: Fri, 1 Jul 2022 23:52:26 +0200 Subject: [PATCH 0422/1758] added --force-reinstall to as extra ag to pip --- roles/lokole/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index a95d5b132..b472ebdd3 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -32,7 +32,7 @@ name: "git+{{ lokole_repo }}@{{ lokole_commit }}#egg=opwen_email_client" virtualenv: "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}" - extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ + extra_args: --no-cache-dir --force-reinstall # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ when: lokole_commit is defined # For development purposes -- To install a given pip version of Lokole, add From 843f14a849eefa0d618528a913ae87b34fdd367a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Jul 2022 20:05:48 -0400 Subject: [PATCH 0423/1758] scripts/iiab-summary: Clarify when PR's are auto-pulled --- scripts/iiab-summary | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 79588036e..a77aebf83 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -31,6 +31,7 @@ echo -e " \e[1m\"$COMMIT_MSG1\"\e[0m" echo " $REMOTE_URL1 branch: $BRANCH1" if [ -f /etc/iiab/pr-list-pulled ]; then echo + echo "/etc/iiab/pr-list-pulled is:" cat /etc/iiab/pr-list-pulled fi echo From 4cd135f19868da65b6fa42e17932d01bf223ef66 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 1 Jul 2022 20:09:30 -0400 Subject: [PATCH 0424/1758] iiab-summary: Tighten up /etc/iiab/pr-list-pulled context/wording --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index a77aebf83..4e7a5cb1e 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -31,7 +31,7 @@ echo -e " \e[1m\"$COMMIT_MSG1\"\e[0m" echo " $REMOTE_URL1 branch: $BRANCH1" if [ -f /etc/iiab/pr-list-pulled ]; then echo - echo "/etc/iiab/pr-list-pulled is:" + echo "/etc/iiab/pr-list-pulled:" cat /etc/iiab/pr-list-pulled fi echo From d7d7270e21daa6a9b6b026b7ea3c47b50c4fed1b Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 2 Jul 2022 04:23:22 +0100 Subject: [PATCH 0425/1758] missed two changes to mask from 224 to 255 --- roles/network/templates/network/dhcpcd.conf.j2 | 4 ++++ roles/network/templates/network/systemd-br0-network.j2 | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/roles/network/templates/network/dhcpcd.conf.j2 b/roles/network/templates/network/dhcpcd.conf.j2 index b44eb297d..cebff6e51 100644 --- a/roles/network/templates/network/dhcpcd.conf.j2 +++ b/roles/network/templates/network/dhcpcd.conf.j2 @@ -58,7 +58,11 @@ denyinterfaces {{ iiab_wired_lan_iface }} {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %} interface {{ iiab_lan_iface }} +{% if network_172 %} static ip_address={{ lan_ip }}/19 +{% else %} +static ip_address={{ lan_ip }}/24 +{% endif %} static domain_name_servers=127.0.0.1 {% endif %} diff --git a/roles/network/templates/network/systemd-br0-network.j2 b/roles/network/templates/network/systemd-br0-network.j2 index 619196b8b..07c5a1246 100644 --- a/roles/network/templates/network/systemd-br0-network.j2 +++ b/roles/network/templates/network/systemd-br0-network.j2 @@ -3,7 +3,11 @@ Name=br0 [Network] +{% if network_172 %} Address={{ lan_ip }}/19 +{% else %} +Address={{ lan_ip }}/24 +{% endif %} LinkLocalAddressing=no ConfigureWithoutCarrier=yes RequiredForOnline=degraded-carrier From bfb9328da173aedc9e28a1b9309176629c76a624 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 2 Jul 2022 20:17:47 -0400 Subject: [PATCH 0426/1758] iiab-summary: Path for iiab-apps-to-be-installed (so it works early on) --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 4e7a5cb1e..40f423584 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -62,7 +62,7 @@ fi # landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p #fi echo -echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(iiab-apps-to-be-installed | wc -l)" +echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(/opt/iiab/iiab/scripts/iiab-apps-to-be-installed | wc -l)" echo echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net grep "^openvpn_enabled:" /etc/iiab/local_vars.yml From 98cbca6278bc87a46af788a2a4d9e984b5550a19 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 3 Jul 2022 15:25:31 -0400 Subject: [PATCH 0427/1758] iiab-apps-to-be-installed: rm tmp file (so diff users can later run this cleanly) --- scripts/iiab-apps-to-be-installed | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-apps-to-be-installed b/scripts/iiab-apps-to-be-installed index 68d0295c1..394087d22 100755 --- a/scripts/iiab-apps-to-be-installed +++ b/scripts/iiab-apps-to-be-installed @@ -30,3 +30,5 @@ while read app; do echo $app fi done < /tmp/iiab-apps-list + +rm /tmp/iiab-apps-list # So a non-root user can later run this cleanly! From b56e4d5079e30e419b76e68f095d9e61995804e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 4 Jul 2022 10:53:06 -0400 Subject: [PATCH 0428/1758] iiab-apps-to-be-installed: double brackets (safer for string compare) --- scripts/iiab-apps-to-be-installed | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-apps-to-be-installed b/scripts/iiab-apps-to-be-installed index 394087d22..e44baee93 100755 --- a/scripts/iiab-apps-to-be-installed +++ b/scripts/iiab-apps-to-be-installed @@ -18,9 +18,9 @@ iiab_var_value() { grep -hro '[A-Za-z_][A-Za-z_]*_installed: True' --exclude-dir=0-DEPRECATED-ROLES /opt/iiab/iiab/roles | sed 's/_installed: True$//' | sort | uniq > /tmp/iiab-apps-list while read app; do - if [ $app == "calibre-web" ]; then + if [[ $app == "calibre-web" ]]; then app=calibreweb - elif [ $app == "osm-vector-maps" ]; then + elif [[ $app == "osm-vector-maps" ]]; then app=osm_vector_maps fi From 9f13454e8331843516d9f34be463a798d7f67611 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 5 Jul 2022 12:05:17 -0400 Subject: [PATCH 0429/1758] Change download URL's & others to TLS/SSL --- README.md | 2 +- iiab-install | 2 +- roles/1-prep/tasks/hardware.yml | 2 +- roles/azuracast/README.rst | 6 +++--- roles/calibre/defaults/main.yml | 4 ++-- roles/captiveportal/README.md | 2 +- roles/cups/README.md | 2 +- roles/firmware/tasks/download.yml | 14 +++++++------- roles/iiab-admin/README.rst | 10 +++++----- roles/iiab-admin/tasks/main.yml | 2 +- roles/internetarchive/README.md | 4 ++-- roles/jupyterhub/README.md | 2 +- roles/kiwix/defaults/main.yml | 6 +++--- roles/kiwix/tasks/install.yml | 2 +- roles/lokole/README.rst | 6 +++--- roles/minetest/README.rst | 2 +- roles/mongodb/tasks/install.yml | 14 +++++++------- roles/monit/templates/monitrc.unused | 2 +- roles/mosquitto/README.rst | 2 +- roles/network/README.rst | 2 +- roles/nextcloud/README.md | 2 +- roles/nextcloud/defaults/main.yml | 2 +- roles/nginx/README.md | 2 +- roles/osm-vector-maps/defaults/main.yml | 6 +++--- roles/osm-vector-maps/tasks/install.yml | 2 +- roles/pbx/README.adoc | 6 +++--- roles/pbx/defaults/main.yml | 4 ++-- roles/pbx/tasks/chan_dongle.yml | 2 +- roles/pbx/tasks/freepbx.yml | 2 +- roles/samba/README.rst | 2 +- roles/samba/templates/smb.conf.j2 | 4 ++-- roles/sugarizer/tasks/install.yml | 4 ++-- roles/transmission/README.rst | 8 ++++---- roles/transmission/defaults/main.yml | 2 +- roles/transmission/tasks/enable-or-disable.yml | 2 +- roles/www_base/files/html/html/credits.html | 8 ++++---- roles/www_base/tasks/php-stem.yml | 14 +++++++------- scripts/ansible | 4 ++-- vars/default_vars.yml | 8 ++++---- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- vars/raspbian-10.yml | 4 ++-- vars/raspbian-11.yml | 4 ++-- vars/raspbian-9.yml | 2 +- 46 files changed, 99 insertions(+), 99 deletions(-) diff --git a/README.md b/README.md index 92b7d9d3d..64b577547 100644 --- a/README.md +++ b/README.md @@ -54,4 +54,4 @@ Install our latest pre-release using the 1-line installer at: [**download.iiab.i You can also consider earlier official releases at: [github.com/iiab/iiab/releases](https://github.com/iiab/iiab/releases) -For much older versions, see: [github.com/xsce](http://github.com/xsce), [schoolserver.org](http://schoolserver.org) +For much older versions, see: [github.com/xsce](https://github.com/xsce), [schoolserver.org](http://schoolserver.org) diff --git a/iiab-install b/iiab-install index f3f0bc830..b678e7df6 100755 --- a/iiab-install +++ b/iiab-install @@ -168,7 +168,7 @@ if [ -f /etc/iiab/iiab.env ]; then elif [ "$STAGE" -eq 9 ]; then echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done.\e[0m" usage - exit 0 # Allows rerunning http://download.iiab.io/install.txt + exit 0 # Allows rerunning https://download.iiab.io/install.txt fi fi if [ "$STAGE" -lt 2 ] && $($DEBUG); then diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 4c50c0d8a..89efd2453 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -14,7 +14,7 @@ - name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 get_url: - url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # http://download.iiab.io/packages + url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages dest: /lib/firmware timeout: "{{ download_timeout }}" when: usb_NUC6.stdout|int > 0 diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 420bfb92d..fca21ce96 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -1,6 +1,6 @@ -========== +================ AzuraCast README -========== +================ This playbook adds `AzuraCast `_ to Internet-in-a-Box (IIAB) for network radio station functionality. With 'AzuraCast' you and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported. @@ -11,7 +11,7 @@ As of 2019-08-04, this will only run on Ubuntu 18.04, and tentatively on Debian Using It -------- -* Do a normal IIAB install (http://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. +* Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. * When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:10080 * This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! diff --git a/roles/calibre/defaults/main.yml b/roles/calibre/defaults/main.yml index b41475e23..0f3643735 100644 --- a/roles/calibre/defaults/main.yml +++ b/roles/calibre/defaults/main.yml @@ -34,11 +34,11 @@ calibre_userdb: "{{ calibre_dbpath }}/users.sqlite" # calibre-server --manage-users --userdb /library/calibre/users.sqlite calibre_sample_book: "Metamorphosis-jackson.epub" -# Must be downloadable from http://download.iiab.io/packages +# Must be downloadable from https://download.iiab.io/packages calibre_src_url: "https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py" -calibre_deb_url: "{{ iiab_download_url }}" # http://download.iiab.io/packages +calibre_deb_url: "{{ iiab_download_url }}" # https://download.iiab.io/packages # Above URL must offer both .deb files below: (for scripts/calibre-install-pinned-rpi.sh to run) calibre_deb_pin_version: 3.33.1+dfsg-1 # for calibre_3.33.1+dfsg-1_all.deb (24M, 2018-10-21) calibre_bin_deb_pin_version: "{{ calibre_deb_pin_version }}" # for calibre-bin_3.33.1+dfsg-1_armhf.deb (706K, 2018-10-23) diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md index 11736aadd..ddacbe311 100644 --- a/roles/captiveportal/README.md +++ b/roles/captiveportal/README.md @@ -1,4 +1,4 @@ -_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](http://wiki.laptop.org/go/IIAB/FAQ#Captive_Portal_Administration:_What_tips_.26_tricks_exist.3F)_ +_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](https://wiki.iiab.io/go/FAQ#Captive_Portal_Administration:_What_tips_&_tricks_exist%3F)_ ## Theory of Operation diff --git a/roles/cups/README.md b/roles/cups/README.md index 493673715..6cf926c88 100644 --- a/roles/cups/README.md +++ b/roles/cups/README.md @@ -2,7 +2,7 @@ [CUPS](https://en.wikipedia.org/wiki/CUPS) (also known as the "Common UNIX Printing System") is the standards-based, open source printing system for Linux and macOS. -It allows your [Internet-in-a-Box (IIAB)](http://internet-in-a-box.org) to act as a print server. +It allows your [Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) to act as a print server. This can be useful if a printer is attached to your IIAB — so student/teacher print jobs from client computers and phones can be processed — and then sent to the appropriate printer. diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 6b5f83f8b..2c06ffbb6 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -15,13 +15,13 @@ dest: /lib/firmware/brcm/ timeout: "{{ download_timeout }}" with_items: - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 - - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi - - http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 + - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2021-11-30_minimal" # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin + - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal" # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 + - "{{ iiab_download_url }}/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi" # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob + - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1" # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - "{{ iiab_download_url }}/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi" + - "{{ iiab_download_url }}/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65" # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - "{{ iiab_download_url }}/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65" # RECORD firmware AS DOWNLOADED diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index 55def7bde..5017e4186 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -13,7 +13,7 @@ iiab-admin README ================= -`Internet-in-a-Box `_ (IIAB) encourages you to pay attention to the security of your learning community. +`Internet-in-a-Box `_ (IIAB) encourages you to pay attention to the security of your learning community. This Ansible playbook is one of the very first that runs when you install IIAB, and we hope reading this helps you understand your choices: @@ -21,11 +21,11 @@ Configure user 'iiab-admin' --------------------------- * `admin-user.yml `_ configures a Linux user that will give you access to IIAB's Admin Console (http://box.lan/admin) after IIAB is installed — and can also help you at the command-line with IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware, etc}. - * If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (http://download.iiab.io) or by your underlying OS, that too will be taken care of here. + * If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (https://download.iiab.io) or by your underlying OS, that too will be taken care of here. * By default this user is ``iiab-admin`` with password ``g0adm1n`` * *Do change the default password if you haven't yet, by running:* **sudo passwd iiab-admin** * After IIAB is installed, you can also change the password by logging into Admin Console (http://box.lan/admin) > Utilities > Change Password. -* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB!) +* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB!) * You can set ``iiab_admin_can_sudo: False`` if you want a strict security lockdown (if you're really sure you won't need IIAB community support commands like `/usr/bin/iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_, `/usr/bin/iiab-hotspot-on <../network/templates/network/iiab-hotspot-on>`_, `iiab-check-firmware <../firmware/templates/iiab-check-firmware>`_, etc!) * You can also set ``iiab_admin_user_install: False`` if you're sure you know how to do all this `account and sudo configuration `_ manually. @@ -36,14 +36,14 @@ Security #. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml `_) #. ``sudo`` * Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md -* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: http://wiki.laptop.org/go/IIAB/Security +* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security * Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d `_ (and `/etc/xdg/lxsession/LXDE-pi `_ when it exists, i.e. on Raspberry Pi OS with desktop). Example ======= * If you later change your mind about ``sudo`` privileges for user 'iiab-admin' (as specified by ``iiab_admin_user``) then do this: - #. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml `_ + #. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml `_ #. Make sure that ``iiab_admin_user_install: True`` is also set. #. Then re-run this Ansible playbook, by running ``cd /opt/iiab/iiab`` followed by ``sudo ./runrole --reinstall iiab-admin`` diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index f2a048e33..09a408aa4 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -23,7 +23,7 @@ # (1) by the OS installer # (2) by the OS's graphical desktop tools # (3) at the command-line: sudo passwd iiab-admin -# (4) by IIAB's 1-line installer: http://download.iiab.io +# (4) by IIAB's 1-line installer: https://download.iiab.io # (5) by this role: roles/iiab-admin/tasks/admin-user.yml # (6) by IIAB's Admin Console during installation # ...and/or... diff --git a/roles/internetarchive/README.md b/roles/internetarchive/README.md index 49d8d3f0f..bd32849c3 100644 --- a/roles/internetarchive/README.md +++ b/roles/internetarchive/README.md @@ -8,7 +8,7 @@ Access to our library of millions of books, journals, audio and video recordings This Ansible role installs the Internet Archive's dweb-mirror project on Internet-in-a-Box (IIAB). Use this to build up a dynamic offline library -arising from the materials you can explore at http://dweb.archive.org +arising from the materials you can explore at https://dweb.archive.org The Offline Internet Archive server: @@ -248,7 +248,7 @@ and just checks the content is up to date. ## Managing collections on Internet Archive -You can create and manage your own collections on the [Internet Archive site](http://www.archive.org). +You can create and manage your own collections on the [Internet Archive site](https://www.archive.org). Other people can then crawl those collections. First get in touch with Mitra Ardron at `mitra@archive.org`, as processes may have changed since this is written. diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index be6fc5719..583466e04 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -74,4 +74,4 @@ _WARNING: If on login users see "500 : Internal Server Error", you may need to r While PAWS is a little bit off topic, if you have an interest in Wikipedia, please do see this 23m 42s video ["Intro to PAWS/Jupyter notebooks for Python beginners"](https://www.youtube.com/watch?v=AUZkioRI-aA&list=PLeoTcBlDanyNQXBqI1rVXUqUTSSiuSIXN&index=8) by Chico Venancio, from 2021-06-01. -He explains PAWS as a "powerful Python execution environment http://paws.wmcloud.org [allowing] ordinary folks to write interactive scripts to work with Wikimedia content." +He explains PAWS as a "powerful Python execution environment https://paws.wmcloud.org = https://wikitech.wikimedia.org/wiki/PAWS [allowing] ordinary folks to write interactive scripts to work with Wikimedia content." diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 66f2de5c5..784e615e4 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -22,9 +22,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # 3 lines below specify which version(s) of kiwix-tools to download from... -# http://download.iiab.io/packages/ ...as originally obtained from... -# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... -# http://download.kiwix.org/nightly/ +# https://download.iiab.io/packages/ ...as originally obtained from... +# https://download.kiwix.org/release/kiwix-tools/ ...or sometimes... +# https://download.kiwix.org/nightly/ kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0 kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0 diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 52647ffe9..3a6c6dcba 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -34,7 +34,7 @@ - name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads get_url: - url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages + url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # https://download.iiab.io/packages dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" diff --git a/roles/lokole/README.rst b/roles/lokole/README.rst index 95da4397c..53add2239 100644 --- a/roles/lokole/README.rst +++ b/roles/lokole/README.rst @@ -17,9 +17,9 @@ For an up-to-date list of supported languages, refer to the `Lokole translations Using It -------- -If your IIAB was `installed `_ with the Lokole web app[*] it can be accessed at http://box/lokole +If your IIAB was `installed `_ with the Lokole web app[*] it can be accessed at http://box/lokole -[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml `_ contains ``lokole_install: True`` and ``lokole_enabled: True`` +[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml `_ contains ``lokole_install: True`` and ``lokole_enabled: True`` By default in an offline community, ``lokole_sim_type: LocalOnly`` is set (e.g. instead of ``lokole_sim_type: Ethernet``) and email addresses will look like: @@ -85,7 +85,7 @@ The Lokole software can be configured to access the Internet via USB modem, SIM If configured to work with a USB modem or other form of Internet connection, Lokole will sync with the cloud server (operated by `Ascoderu `_) on a nightly basis to deliver and receive emails globally. *However, arranging this is extremely complicated.* You would need a compatible form of connection and an Internet expert familiar with modem protocols, MX records, etc. Ask that person to read the `Lokole software README `_ in its entirety, to help you understand whether this is realistic for your organization. -Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us `_ if you have the capacity to help make such a social enterprise happen. +Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us `_ if you have the capacity to help make such a social enterprise happen. Troubleshooting --------------- diff --git a/roles/minetest/README.rst b/roles/minetest/README.rst index 38e04eef6..82dfaa397 100644 --- a/roles/minetest/README.rst +++ b/roles/minetest/README.rst @@ -23,7 +23,7 @@ No password is required. Configurable Parameters ----------------------- -If changes are necessary, please edit `/etc/iiab/local_vars.yml `_ (adding any variables that you need) prior to installation if possible: +If changes are necessary, please edit `/etc/iiab/local_vars.yml `_ (adding any variables that you need) prior to installation if possible: - ``minetest_install:`` set Minetest up to install; default is False - ``minetest_enabled:`` set Minetest up to be enabled; default is False diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 930bd6219..ea749db4b 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -10,7 +10,7 @@ # being used on Raspbian, all I found! (Raspbian's apt pkg is MongoDB 2.4.14) # # mongodb_stretch_3_0_14_core.zip (20M) & mongodb_stretch_3_0_14_tools.zip (15M) -# were backed up from andyfelong.com to http://download.iiab.io/packages/ +# were backed up from andyfelong.com to https://download.iiab.io/packages/ # # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) @@ -21,16 +21,16 @@ path: /tmp/mongodb-3.0.1x state: directory - - name: Download & unzip 20MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) + - name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) unarchive: remote_src: yes - src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # http://download.iiab.io/packages + src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages dest: /tmp/mongodb-3.0.1x - name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32) shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin - - name: Download & unzip 15MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) + - name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) unarchive: remote_src: yes src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" @@ -85,11 +85,11 @@ - name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} apt_repository: - # 2020-10-28 and 2022-06-09: http://repo.mongodb.org/apt/debian/dists/ + # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: - repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main - #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main + repo: deb https://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main + #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" diff --git a/roles/monit/templates/monitrc.unused b/roles/monit/templates/monitrc.unused index e66b3055c..a269d30d3 100644 --- a/roles/monit/templates/monitrc.unused +++ b/roles/monit/templates/monitrc.unused @@ -65,7 +65,7 @@ set daemon 300 # check services at 5-minute intervals # # ## Send status and events to M/Monit (for more informations about M/Monit -## see http://mmonit.com/). By default Monit registers credentials with +## see https://mmonit.com/). By default Monit registers credentials with ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't ## have to register Monit credentials manually in M/Monit. It is possible to ## disable credential registration using the commented out option below. diff --git a/roles/mosquitto/README.rst b/roles/mosquitto/README.rst index 098ff2831..7ccb29f97 100644 --- a/roles/mosquitto/README.rst +++ b/roles/mosquitto/README.rst @@ -9,7 +9,7 @@ Roughly follows this guide: https://www.digitalocean.com/community/tutorials/how Using It -------- -Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: +Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: mosquitto_install: True mosquitto_enabled: True diff --git a/roles/network/README.rst b/roles/network/README.rst index cbe01f450..3d0a3082f 100644 --- a/roles/network/README.rst +++ b/roles/network/README.rst @@ -2,7 +2,7 @@ Network README ============== -This is run by `Ansible `_ after it has installed the core (`Stages 0-to-9 `_) of `Internet-in-a-Box (IIAB) `_ and its apps/services. +This is run by `Ansible `_ after it has installed the core (`Stages 0-to-9 `_) of `Internet-in-a-Box (IIAB) `_ and its apps/services. Specifically, this 'network' role is run... diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 99cdc4b02..e36ee0219 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -1,6 +1,6 @@ # Nextcloud README -Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](http://internet-in-a-box.org). +Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](https://internet-in-a-box.org). This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017. diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 9fb31c593..1a0b1741d 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -14,7 +14,7 @@ # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # The following line can avoid that: (but might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest.tar.bz2 nextcloud_url: /nextcloud diff --git a/roles/nginx/README.md b/roles/nginx/README.md index e677c7ba2..dd2311a15 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -35,7 +35,7 @@ * usb_lib * wordpress - 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: + 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: * **NONE: Apache support is now fully REMOVED as of 2021-08-08** ([PR #2850](https://github.com/iiab/iiab/pull/2850)) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 984009c6e..7e2fd1a2d 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -15,8 +15,8 @@ maps_branch: master # Quotes not required #maps_branch: maps7.3 # 2022-04-30 -- Bluehost (timmoody.com) has become extremely slow! -#map_installer_url: http://timmoody.com/iiab-files/maps -map_installer_url: http://download.iiab.io/content/OSM/vector-tiles +#map_installer_url: https://timmoody.com/iiab-files/maps +map_installer_url: https://download.iiab.io/content/OSM/vector-tiles installer_planet: planet_z0-z6_2020.mbtiles installer_satellite: satellite_z0-z6_2020.mbtiles @@ -29,4 +29,4 @@ archive_org_url: https://archive.org/download # 2022-04-30 -- Unused, but URL illustrates legacy approach: -#iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden +#iiab_map_url: https://download.iiab.io/content/OSM/vector-tiles/maplist/hidden diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 65b261718..e441a6a41 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -79,7 +79,7 @@ - name: Download 48MB {{ map_installer_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer get_url: - url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. http://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles + url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. https://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/installer/" timeout: "{{ download_timeout }}" diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 36c0f6cbf..bef5c3924 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -28,7 +28,7 @@ https://en.wikipedia.org/wiki/FreePBX[FreePBX] is a web-based open source GUI (g == Install it -. As you begin installing Internet-in-a-Box (IIAB) from http://download.iiab.io[download.iiab.io], it will prompt you: +. As you begin installing Internet-in-a-Box (IIAB) from https://download.iiab.io[download.iiab.io], it will prompt you: + ---- Edit /etc/iiab/local_vars.yml to customize your Internet-in-a-Box? [Y/n] @@ -293,7 +293,7 @@ _If there's a bug or serious problem with IIAB, please do https://internet-in-a- + If not, the link:tasks/freepbx.yml#L175-L187[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` -. The link:tasks/freepbx.yml#L214-L221[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? +. The link:tasks/freepbx.yml#L214-L221[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? + See the output of `asterisk -rx "cdr show status"` as mentioned at https://github.com/iiab/iiab/pull/2938#issuecomment-898693126[#2938] and https://github.com/iiab/iiab/pull/2942[PR #2942]. @@ -318,7 +318,7 @@ In February 2019, this https://github.com/iiab/iiab/tree/master/roles/pbx[roles/ In August 2021 it was overhauled, with thanks to these 3 sources especially: * "Official" recipe: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9 -* Comprehensive & recent recipe for Raspberry Pi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html +* Comprehensive & recent recipe for Raspberry Pi: https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html * Popular but dated recipe: https://computingforgeeks.com/how-to-install-asterisk-16-with-freepbx-15-on-ubuntu-debian/ In May 2022, installation of FreePBX was made more resilient in https://github.com/iiab/iiab/pull/3229[PR #3229] thanks to: diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index d66575a83..1ef7b8125 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -21,11 +21,11 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -asterisk_url: http://downloads.asterisk.org/pub/telephony/asterisk +asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-19-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab -# freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 +# freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 diff --git a/roles/pbx/tasks/chan_dongle.yml b/roles/pbx/tasks/chan_dongle.yml index a9fbfcf25..b7b5c5691 100644 --- a/roles/pbx/tasks/chan_dongle.yml +++ b/roles/pbx/tasks/chan_dongle.yml @@ -1,4 +1,4 @@ -# RPi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html +# RPi: https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html - name: chan_dongle - Download {{ chan_dongle_url }}/{{ chan_dongle_src_file }} to {{ downloads_dir }} get_url: diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 1fa9c98cc..5480e7722 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -210,7 +210,7 @@ args: creates: /usr/local/lib/mariadb/libmaodbc.so -# http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html +# https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html - name: FreePBX - Install /etc/odbc.ini, /etc/odbcinst.ini from template (root:root, 0644 by default) template: src: "{{ item.src }}" diff --git a/roles/samba/README.rst b/roles/samba/README.rst index 2f65310d0..ff9296f4c 100644 --- a/roles/samba/README.rst +++ b/roles/samba/README.rst @@ -22,4 +22,4 @@ Security Please review the default `/etc/samba/smb.conf `_ file, and revise it appropriately. -Please also review your overall `IIAB Security `_. +Please also review your overall `IIAB Security `_. diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index acfc004a7..73151f095 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -4,10 +4,10 @@ # # The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step # guides for installing, configuring, and using Samba: -# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf +# https://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # The Samba-3 by Example guide has working examples for smb.conf. This guide is -# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf +# generated daily: https://www.samba.org/samba/docs/Samba-Guide.pdf # # In this file, lines starting with a semicolon (;) or a hash (#) are # comments and are ignored. This file uses hashes to denote commentary and diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 08fabac93..948c128b7 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -46,7 +46,7 @@ # 3. DOWNLOAD+LINK /opt/iiab/sugarizer-server -# 2018-07-11: http://download.iiab.io/packages/sugarizer-server-1.0.tar.gz +# 2018-07-11: https://download.iiab.io/packages/sugarizer-server-1.0.tar.gz # was flawed, as documented at: # https://github.com/iiab/iiab/pull/814#issuecomment-404211098 # Versions of MongoDB, npm (& Node.js ?) matter! Sugarizer 1.0 Context: @@ -159,7 +159,7 @@ # WITH FUTURE UPGRADES BEYOND SUGARIZER 1.1?! # # SOME BACKGROUND -- WHY WE'RE AUTO-EDITING sugarizer-server'S CONFIG FILES: -# http://github.com/iiab/iiab/pull/1430#issuecomment-459129378 +# https://github.com/iiab/iiab/pull/1430#issuecomment-459129378 # sugarizer_port is set to 8089 in /opt/iiab/iiab/vars/default_vars.yml # If you need to change this, edit /etc/iiab/local_vars.yml prior to installing diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 7cc3d2701..40f6e38fc 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -15,7 +15,7 @@ Transmission README Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form). All these incarnations feature a very simple and intuitive interface, on top on an efficient, cross-platform backend: https://transmissionbt.com -Transmission is intended to download KA Lite content to Internet-in-a-Box (IIAB) from places like http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. +Transmission is intended to download KA Lite content to Internet-in-a-Box (IIAB) from places like https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO @@ -28,7 +28,7 @@ Caveat emptor! (That's Latin for "Buyer Beware") Using It -------- -Install Transmission by setting 'transmission_install' and 'transmission_enabled' to True in `/etc/iiab/local_vars.yml `_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: +Install Transmission by setting 'transmission_install' and 'transmission_enabled' to True in `/etc/iiab/local_vars.yml `_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: cd /opt/iiab/iiab ./runrole transmission @@ -66,9 +66,9 @@ After saving your changes in 'settings.json', restart Transmission by running:: Adding Torrents --------------- -Transmission can facilitate provisioning content onto your IIAB, e.g. by adding thousands of KA Lite videos from places like: http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +Transmission can facilitate provisioning content onto your IIAB, e.g. by adding thousands of KA Lite videos from places like: https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ -Please read the lettered instructions (A, B, C, D) in `/etc/iiab/local_vars.yml `_ and 'KA Lite Administration: What tips & tricks exist?' at http://FAQ.IIAB.IO outlining how to use Transmission to download and then install KA Lite content. +Please read the lettered instructions (A, B, C, D) in `/etc/iiab/local_vars.yml `_ and 'KA Lite Administration: What tips & tricks exist?' at http://FAQ.IIAB.IO outlining how to use Transmission to download and then install KA Lite content. You can also download other torrents using Transmission's web interface, or by typing `transmission-remote `_ at the command-line:: diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 380ea6048..4cf3bcbfa 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -16,7 +16,7 @@ # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 -# Provision Transmission with torrent(s) from http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# Provision Transmission with torrent(s) from https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ # transmission_provision: True # transmission_kalite_version: 0.17 diff --git a/roles/transmission/tasks/enable-or-disable.yml b/roles/transmission/tasks/enable-or-disable.yml index 8804c5b17..c62a2edda 100644 --- a/roles/transmission/tasks/enable-or-disable.yml +++ b/roles/transmission/tasks/enable-or-disable.yml @@ -14,7 +14,7 @@ /usr/bin/transmission-remote --start-paused -n {{ transmission_username }}:{{ transmission_password }} - -a http://pantry.learningequality.org/downloads/ka-lite/{{ transmission_kalite_version }}/content/ka-lite-0.17-resized-videos-{{ item }}.torrent + -a https://pantry.learningequality.org/downloads/ka-lite/{{ transmission_kalite_version }}/content/ka-lite-0.17-resized-videos-{{ item }}.torrent with_items: "{{ transmission_kalite_languages }}" when: transmission_enabled and transmission_provision and transmission_kalite_languages is defined and transmission_kalite_languages is not none # '!= None' also works (i.e. to avoid var value 'null', with type 'NoneType') ignore_errors: yes diff --git a/roles/www_base/files/html/html/credits.html b/roles/www_base/files/html/html/credits.html index e6c428260..7bc53de49 100644 --- a/roles/www_base/files/html/html/credits.html +++ b/roles/www_base/files/html/html/credits.html @@ -23,9 +23,9 @@ All PhET Interactive Simulations content is available for free at phet.colorado.edu.
All MedLine content is available for free at medlineplus.gov.
All Hesperian content is available for free at hesperian.org.
- Arabic translations of Hesperian content were done by Arab Resource Collective and are available for free at mawared.org.
+ Arabic translations of Hesperian content were done by Arab Resource Collective and are available for free at mawared.org.
All Gutenberg content is available for free at www.gutenberg.org.
- All OLPC content is available for free at wiki.laptop.org.
+ All OLPC content is available for free at wiki.laptop.org.
All MIT Scratch content is available for free at scratch.mit.edu.
All UNESCO's IICBA content is available for free at www.iicba.unesco.org.
All Math Expression content is available for free at www.mathexpression.com.
@@ -36,8 +36,8 @@ Internet-in-a-Box also includes the work of content aggregators which we gratefully acknowledge:

- RACHEL is a curation of selected offline content at oer2go.org.
- Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at www.kiwix.org.
+ RACHEL is a curation of selected offline content at oer2go.org.
+ Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at www.kiwix.org.
KA Lite is a server and repository of Khan Academy content in various languages at learningequality.org/ka-lite.

Internet-in-a-Box also contains a number of applications each of which has its own attribution information, which is included.

diff --git a/roles/www_base/tasks/php-stem.yml b/roles/www_base/tasks/php-stem.yml index 8bce0fd08..15332a942 100644 --- a/roles/www_base/tasks/php-stem.yml +++ b/roles/www_base/tasks/php-stem.yml @@ -2,7 +2,7 @@ # README & Code: https://github.com/iiab/php-stem -# Source Code also here: http://download.iiab.io/packages/php-stem.src.tar +# Source Code also here: https://download.iiab.io/packages/php-stem.src.tar # June 2018 debugging & compilation thanks to Tim Moody & George Hunt # Original bug: https://github.com/iiab/iiab/issues/829 @@ -94,9 +94,9 @@ # stem_available: True # when: php_version == 7.4 and (ansible_machine == "aarch64" or ansible_machine == "x86_64") -# - name: Unarchive http://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar to / (rpi) +# - name: Unarchive https://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar to / (rpi) # unarchive: -# src: http://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar +# src: https://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar # dest: / # owner: root # group: root @@ -104,9 +104,9 @@ # remote_src: yes # when: (ansible_machine == "armv7l" or ansible_machine == "armv6l") and stem_available is defined -# - name: Unarchive http://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar to / (rpi) +# - name: Unarchive https://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar to / (rpi) # unarchive: -# src: http://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar +# src: https://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar # dest: / # owner: root # group: root @@ -114,9 +114,9 @@ # remote_src: yes # when: ansible_machine == "aarch64" and stem_available is defined -# - name: Unarchive http://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar to / (x64) +# - name: Unarchive https://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar to / (x64) # unarchive: -# src: http://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar +# src: https://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar # dest: / # owner: root # group: root diff --git a/scripts/ansible b/scripts/ansible index ea3ae3891..7a48bd30e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -68,9 +68,9 @@ GOOD_VER=2.13.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) #pip3 install ansible==2.9.27 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 -#echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" +#echo "Install https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" #cd /tmp -#wget http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb +#wget https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb #apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb export DEBIAN_FRONTEND=noninteractive diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4440b9e58..74107cd5b 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -37,7 +37,7 @@ iiab_dir: "{{ iiab_base }}/iiab" pip_packages_dir: "{{ iiab_base }}/pip-packages" yum_packages_dir: "{{ iiab_base }}/yum-packages" downloads_dir: "{{ iiab_base }}/downloads" -iiab_download_url: http://download.iiab.io/packages +iiab_download_url: https://download.iiab.io/packages content_base: /library doc_base: "{{ content_base }}/www" @@ -455,7 +455,7 @@ nextcloud_enabled: False # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False @@ -545,7 +545,7 @@ transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 -# Provision Transmission with torrent(s) from http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# Provision Transmission with torrent(s) from https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_provision: True transmission_kalite_version: 0.17 @@ -691,7 +691,7 @@ pbx_http_port: 83 # authserver_install: False # authserver_enabled: False -# Unmaintained (better to install from http://teamviewer.com or prep scripts at http://download.iiab.io) +# Unmaintained (better to install from https://teamviewer.com or prep scripts at https://download.iiab.io) # teamviewer_install: False # teamviewer_enabled: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c5cda1688..a88ff7af0 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -275,7 +275,7 @@ nextcloud_enabled: True # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: True @@ -322,7 +322,7 @@ sugarizer_enabled: True transmission_install: True transmission_enabled: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 0958e1470..6d4cc1b1d 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -275,7 +275,7 @@ nextcloud_enabled: True # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: True @@ -322,7 +322,7 @@ sugarizer_enabled: True transmission_install: True transmission_enabled: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index dc2e25bcb..d84945e0c 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -275,7 +275,7 @@ nextcloud_enabled: False # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False @@ -322,7 +322,7 @@ sugarizer_enabled: False transmission_install: False transmission_enabled: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 14e90b185..2df3ba79b 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -275,7 +275,7 @@ nextcloud_enabled: False # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False @@ -322,7 +322,7 @@ sugarizer_enabled: False transmission_install: False transmission_enabled: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml index b2f3298d8..ed6b61e0f 100644 --- a/vars/raspbian-10.yml +++ b/vars/raspbian-10.yml @@ -35,6 +35,6 @@ minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game minetest_rpi_src_tar: minetest.5.1.1.tar.gz -#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}" +#minetest_rpi_src_url: "https://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_url: "{{ iiab_download_url }}/{{ minetest_rpi_src_tar }}" minetest_rpi_src_untarred: Minetest diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index d1d1d8672..932455bc7 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -35,6 +35,6 @@ minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game minetest_rpi_src_tar: minetest.5.1.1.tar.gz -#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}" +#minetest_rpi_src_url: "https://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_url: "{{ iiab_download_url }}/{{ minetest_rpi_src_tar }}" minetest_rpi_src_untarred: Minetest diff --git a/vars/raspbian-9.yml b/vars/raspbian-9.yml index abf0acbd2..6d955a00c 100644 --- a/vars/raspbian-9.yml +++ b/vars/raspbian-9.yml @@ -31,5 +31,5 @@ systemd_location: /lib/systemd/system minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game -minetest_rpi_src_url: http://www.nathansalapat.com/downloads/0.4.17.1.tar.gz +minetest_rpi_src_url: https://www.nathansalapat.com/downloads/0.4.17.1.tar.gz minetest_rpi_src: minetest-0.4.17.1.tar.gz From 9e39d421fadfb4db86c8d036198b2b9f680bfedf Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 5 Jul 2022 12:56:59 -0400 Subject: [PATCH 0430/1758] firmware/tasks/download.yml: Tighter iiab_download_url + with_items --- roles/firmware/tasks/download.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 2c06ffbb6..949ad3583 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -9,19 +9,19 @@ - brcmfmac43455-sdio.clm_blob ignore_errors: yes -- name: Download higher-capacity firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) +- name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: - url: "{{ item }}" + url: "{{ iiab_download_url }}/{{ item }}" dest: /lib/firmware/brcm/ timeout: "{{ download_timeout }}" with_items: - - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2021-11-30_minimal" # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin - - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal" # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 - - "{{ iiab_download_url }}/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi" # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob - - "{{ iiab_download_url }}/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1" # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - "{{ iiab_download_url }}/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi" - - "{{ iiab_download_url }}/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65" # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - "{{ iiab_download_url }}/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65" + - brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin + - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob + - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi + - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 # RECORD firmware AS DOWNLOADED From 8f0bb179905068fda72eebc1972fbdb63bf6d0a5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Jul 2022 02:39:29 -0400 Subject: [PATCH 0431/1758] Uncover IIAB_REMOTE_URL in 1 of 2 places (for both repos) --- roles/0-init/tasks/create_iiab_ini.yml | 4 ++-- roles/0-init/tasks/main.yml | 4 ++-- scripts/iiab-summary | 18 ++++++++++++++++-- scripts/local_facts.fact | 13 +++++++++---- 4 files changed, 29 insertions(+), 10 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index f27cb2e38..239ce570d 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -29,8 +29,8 @@ value: "{{ ansible_architecture }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" - - option: iiab_remote - value: "{{ ansible_local.local_facts.iiab_remote }}" + - option: iiab_remote_url + value: "{{ ansible_local.local_facts.iiab_remote_url }}" - option: iiab_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: iiab_commit diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index b7d128124..cf5482144 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -68,8 +68,8 @@ value: "{{ iiab_base_ver }}" - option: iiab_revision value: "{{ iiab_revision }}" - - option: iiab_remote - value: "{{ ansible_local.local_facts.iiab_remote }}" + - option: iiab_remote_url + value: "{{ ansible_local.local_facts.iiab_remote_url }}" - option: runtime_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: runtime_commit diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 40f423584..f1b7179a5 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -12,7 +12,14 @@ COMMITS1=$(git log "$TAG1..HEAD" --oneline | wc -l) PR_COUNT1=$(git log "$TAG1..HEAD" --oneline --grep='Merge pull request' | wc -l) COMMIT_MSG1=$(git log --format=%B -1 | head -1) BRANCH1=$(git branch --show-current) -REMOTE_URL1=$(git config remote.$(git config branch.$BRANCH1.remote).url) +REMOTE_URL1="none" +tmp=$(git config branch.$BRANCH1.remote) && { + if [[ $tmp =~ ^"https://" ]]; then + REMOTE_URL1=$tmp + else + REMOTE_URL1=$(git config remote.$tmp.url) + fi +} git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root cd /opt/iiab/iiab-admin-console @@ -22,7 +29,14 @@ COMMITS2=$(git log "$TAG2..HEAD" --oneline | wc -l) PR_COUNT2=$(git log "$TAG2..HEAD" --oneline --grep='Merge pull request' | wc -l) COMMIT_MSG2=$(git log --format=%B -1 | head -1) BRANCH2=$(git branch --show-current) -REMOTE_URL2=$(git config remote.$(git config branch.$BRANCH2.remote).url) +REMOTE_URL2="none" +tmp=$(git config branch.$BRANCH2.remote) && { + if [[ $tmp =~ ^"https://" ]]; then + REMOTE_URL2=$tmp + else + REMOTE_URL2=$(git config remote.$tmp.url) + fi +} echo "$(grep install_date /etc/iiab/iiab.ini) Current TZ: $(date +%Z)" echo diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index a0471c95a..3c50c360e 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -12,7 +12,7 @@ STAGE=0 OS="none" VERSION_ID="none" # This var's combined with the above, before being output -IIAB_REMOTE="none" +IIAB_REMOTE_URL="none" IIAB_BRANCH="none" IIAB_COMMIT="none" IIAB_RECENT_TAG="none" @@ -91,8 +91,13 @@ esac tmp=$(git rev-parse --abbrev-ref HEAD) && IIAB_BRANCH=$tmp -tmp=$(git config remote.$(git config branch.$IIAB_BRANCH.remote).url) && - IIAB_REMOTE=$tmp +tmp=$(git config branch.$IIAB_BRANCH.remote) && { + if [[ $tmp =~ ^"https://" ]]; then + IIAB_REMOTE_URL=$tmp + else + IIAB_REMOTE_URL=$(git config remote.$tmp.url) + fi +} tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp @@ -145,7 +150,7 @@ cat < Date: Wed, 6 Jul 2022 02:50:05 -0500 Subject: [PATCH 0432/1758] iiab-diagnostics - use full path to repo location for iiab-apps-to-be-installed Reason: Shared helper file, recent changes will appear with just a 'git pull' not requiring an ansible run to install the file first. --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 957111ad1..9beb929f9 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -163,7 +163,7 @@ cat_cmd 'dpkg --print-architecture' 'RaspiOS-on-PC shows: i386' cat_cmd 'dpkg --print-foreign-architectures' 'RaspiOS-on-PC shows: amd64' cat_cmd 'systemctl is-active display-manager.service' 'Graphical Desktop?' cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml' -cat_cmd 'iiab-apps-to-be-installed' 'IIAB Apps to be installed' +cat_cmd '/opt/iiab/iiab/scripts/iiab-apps-to-be-installed' 'IIAB Apps to be installed' echo -e '\n\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile From afa45d3f5552ced5e96b210628c67bda3efa4b28 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 6 Jul 2022 02:57:10 -0500 Subject: [PATCH 0433/1758] iiab-summary - update on the fly --- roles/0-init/tasks/main.yml | 7 +++++-- roles/1-prep/tasks/main.yml | 9 --------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index b7d128124..7831663a0 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -32,11 +32,14 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy /opt/iiab/iiab/scripts/iiab-diagnostics to /usr/bin/ +- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: - src: "{{ iiab_dir }}/scripts/iiab-diagnostics" + src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ mode: '0755' + with_items: + - iiab-summary + - iiab-diagnostics - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0dfd32ee0..e4132ad4c 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,15 +23,6 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? -- name: Copy iiab-summary & iiab-apps-to-be-installed from /opt/iiab/iiab/scripts/ to /usr/bin/ - copy: - src: "{{ iiab_dir }}/scripts/{{ item }}" - dest: /usr/bin/ - mode: '0755' - with_items: - - iiab-summary - - iiab-apps-to-be-installed - - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml #when: dnsmasq_install # Flag might be used in future? From faa73a308856b054a9e57144c7197c3ce9dfd4f3 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Jul 2022 05:53:19 -0400 Subject: [PATCH 0434/1758] Toughen up iiab-apps-to-be-installed, iiab-summary, iiab-diagnostics --- scripts/iiab-apps-to-be-installed | 16 +++++++++--- scripts/iiab-diagnostics | 41 ++++++++---------------------- scripts/iiab-diagnostics.README.md | 2 +- scripts/iiab-summary | 3 ++- 4 files changed, 27 insertions(+), 35 deletions(-) diff --git a/scripts/iiab-apps-to-be-installed b/scripts/iiab-apps-to-be-installed index e44baee93..84b6e2f11 100755 --- a/scripts/iiab-apps-to-be-installed +++ b/scripts/iiab-apps-to-be-installed @@ -8,6 +8,11 @@ iiab_var_value() { [[ $v2 != "" ]] && echo $v2 || echo $v1 # [ "$v2" ] ALSO WORKS } +# https://askubuntu.com/questions/1250974/user-root-cant-write-to-file-in-tmp-owned-by-someone-else-in-20-04-but-can-in +# https://unix.stackexchange.com/questions/503111/group-permissions-for-root-not-working-in-tmp +[[ $(id -un) == "root" ]] && + rm -f /tmp/iiab-apps-list /tmp/iiab-apps-to-be-installed + # 2022-06-18: 40 apps (list not quite complete) #grep -l _installed: /opt/iiab/iiab/roles/*/tasks/install.yml | cut -d/ -f6 > /tmp/iiab-apps-list @@ -17,6 +22,13 @@ iiab_var_value() { # 2022-06-18: 50 apps (list long but ok!) -- adds these 10: dansguardian, dhcpd, iiab_admin, minetest, named, pylibs, squid, wondershaper, www_base, www_options grep -hro '[A-Za-z_][A-Za-z_]*_installed: True' --exclude-dir=0-DEPRECATED-ROLES /opt/iiab/iiab/roles | sed 's/_installed: True$//' | sort | uniq > /tmp/iiab-apps-list +# Non-root CANNOT rm files from /tmp, but CAN write to them (unlike root!!) +# This ALSO creates the file (useful when "Apps2B" == 0, for iiab-summary etc) +truncate -s 0 /tmp/iiab-apps-to-be-installed + +# So other (non-root) users CAN later write to these, even if they CAN'T chmod! +chmod 777 /tmp/iiab-apps-list /tmp/iiab-apps-to-be-installed 2>/dev/null + while read app; do if [[ $app == "calibre-web" ]]; then app=calibreweb @@ -27,8 +39,6 @@ while read app; do # echo ${app}_install: $(iiab_var_value ${app}_install) if [[ $(iiab_var_value ${app}_install) =~ ^[Tt]rue$ ]] && ! grep -q "${app}_installed: True" /etc/iiab/iiab_state.yml; then - echo $app + echo $app | tee -a /tmp/iiab-apps-to-be-installed fi done < /tmp/iiab-apps-list - -rm /tmp/iiab-apps-list # So a non-root user can later run this cleanly! diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 957111ad1..f447fb3d1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -127,45 +127,26 @@ function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail # START BUILDING UP THE FILE THAT'LL CONTAIN THE DIAGNOSTICS! echo -e "\nCompiling diagnostics..." -echo -e "\n 0. Filename Header + Git Hashes + Raspberry Pi Model + OS" +echo -e "\n 0. HW + SW Quick Summary" echo "This is: $outfile" >> $outfile echo >> $outfile -echo -e "\n\n\n\n0. GIT INFO + RASPBERRY PI MODEL + OS" >> $outfile -echo >> $outfile -echo "iiab commit: $HASH1" >> $outfile -echo " remote: $REMOTE_URL1" >> $outfile -echo " branch: $BRANCH1" >> $outfile -printf "%4s merged PR's since recent tag: $TAG_COMMITS1\n" $PR_COUNT1 >> $outfile -echo >> $outfile -echo "iiab-admin-console commit: $HASH2" >> $outfile -echo " remote: $REMOTE_URL2" >> $outfile -echo " branch: $BRANCH2" >> $outfile -printf "%4s merged PR's since recent tag: $TAG_COMMITS2\n" $PR_COUNT2 >> $outfile -echo >> $outfile -cat_file /etc/iiab/pr-list-pulled -cat_file /proc/device-tree/model # Should be identical to /sys/firmware/devicetree/base/model -cat_file /etc/rpi-issue -echo "-IIAB-EXPLANATION-OF-THE-ABOVE-------------------------------------------------" >> $outfile +echo -e "\n\n\n\n0. HW + SW Quick Summary" >> $outfile echo >> $outfile +/opt/iiab/iiab/scripts/iiab-summary >> $outfile if [ -f /etc/rpi-issue ]; then echo "stage2 = Raspberry Pi OS Lite" >> $outfile echo "stage4 = Raspberry Pi OS with desktop" >> $outfile echo "stage5 = Raspberry Pi OS with desktop + recommended software" >> $outfile - echo >> $outfile echo "SEE https://github.com/RPi-Distro/pi-gen#stage-anatomy" >> $outfile -else - echo "(This is NOT Raspberry Pi OS!)" >> $outfile + echo >> $outfile +fi +if [ -s /tmp/iiab-apps-to-be-installed ]; then + echo "iiab-apps-to-be-installed :" >> $outfile + cat /tmp/iiab-apps-to-be-installed >> $outfile + echo >> $outfile fi -echo >> $outfile -cat_file /etc/issue.net -cat_file /etc/debian_version -cat_cmd 'dpkg --print-architecture' 'RaspiOS-on-PC shows: i386' -cat_cmd 'dpkg --print-foreign-architectures' 'RaspiOS-on-PC shows: amd64' -cat_cmd 'systemctl is-active display-manager.service' 'Graphical Desktop?' -cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml' -cat_cmd 'iiab-apps-to-be-installed' 'IIAB Apps to be installed' -echo -e '\n\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' +echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile for f in "$@"; do cat_file $f @@ -277,7 +258,7 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then -if ! [[ $ans =~ ^[nN]$ ]]; then +if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " #pastebinit -b dpaste.com < $outfile pastebinit -b sprunge.us < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 1dacfe807..63d0edc59 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-261 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-242 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. diff --git a/scripts/iiab-summary b/scripts/iiab-summary index f1b7179a5..ffd9ac45c 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -76,7 +76,8 @@ fi # landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p #fi echo -echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(/opt/iiab/iiab/scripts/iiab-apps-to-be-installed | wc -l)" +/opt/iiab/iiab/scripts/iiab-apps-to-be-installed > /dev/null +echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(cat /tmp/iiab-apps-to-be-installed | wc -l)" echo echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net grep "^openvpn_enabled:" /etc/iiab/local_vars.yml From 16c1bf8e126b1614d80a3374bc2b771907bc554c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 6 Jul 2022 11:35:00 -0500 Subject: [PATCH 0435/1758] Update iiab-diagnostics --- scripts/iiab-diagnostics | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 3b4b37de0..f447fb3d1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -146,7 +146,6 @@ if [ -s /tmp/iiab-apps-to-be-installed ]; then echo >> $outfile fi - echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile for f in "$@"; do From 99d5debbf4652b25381b3c8658cf4687111f9cda Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Jul 2022 15:25:14 -0400 Subject: [PATCH 0436/1758] iiab-summary: Remove bold font for pastebin. Restore /usr/bin/iiab-apps-to-be-installed --- roles/1-prep/tasks/main.yml | 6 ++++++ scripts/iiab-summary | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index e4132ad4c..d7af981bd 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,6 +23,12 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? +- name: Copy iiab-apps-to-be-installed from {{ iiab_dir }} to /usr/bin/ + copy: + src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab/scripts + dest: /usr/bin/ + mode: '0755' + - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml #when: dnsmasq_install # Flag might be used in future? diff --git a/scripts/iiab-summary b/scripts/iiab-summary index ffd9ac45c..2e1da90a7 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -41,7 +41,7 @@ tmp=$(git config branch.$BRANCH2.remote) && { echo "$(grep install_date /etc/iiab/iiab.ini) Current TZ: $(date +%Z)" echo echo -e "iiab: $SHORT_HASH1, $PR_COUNT1 PR's / $COMMITS1 commits since tag $TAG1" -echo -e " \e[1m\"$COMMIT_MSG1\"\e[0m" +echo -e " \"$COMMIT_MSG1\"" echo " $REMOTE_URL1 branch: $BRANCH1" if [ -f /etc/iiab/pr-list-pulled ]; then echo @@ -51,7 +51,7 @@ fi echo if [ -d /opt/iiab/iiab-admin-console ]; then echo -e "iiab-admin-console: $SHORT_HASH2, $PR_COUNT2 PR's / $COMMITS2 commits since tag $TAG2" - echo -e " \e[1m\"$COMMIT_MSG2\"\e[0m" + echo -e " \"$COMMIT_MSG2\"" echo " $REMOTE_URL2 branch: $BRANCH2" else echo " WARNING: Directory /opt/iiab/iiab-admin-console does not exist!" From e8ee4400ead70048800c36e4579a7eaecedd71ce Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Jul 2022 15:38:45 -0400 Subject: [PATCH 0437/1758] iiab-diagnostics output: Less spacing betw 6 sections --- scripts/iiab-diagnostics | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f447fb3d1..2de2e1c76 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -130,7 +130,7 @@ echo -e "\nCompiling diagnostics..." echo -e "\n 0. HW + SW Quick Summary" echo "This is: $outfile" >> $outfile echo >> $outfile -echo -e "\n\n\n\n0. HW + SW Quick Summary" >> $outfile +echo -e "\n\n\n0. HW + SW Quick Summary" >> $outfile echo >> $outfile /opt/iiab/iiab/scripts/iiab-summary >> $outfile if [ -f /etc/rpi-issue ]; then @@ -147,7 +147,7 @@ if [ -s /tmp/iiab-apps-to-be-installed ]; then fi echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' -echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile +echo -e '\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile for f in "$@"; do cat_file $f done @@ -157,7 +157,7 @@ if [ $# -eq 0 ]; then else echo -e "\n 2. Regular Files:\n" fi -echo -e "\n\n\n\n2. REGULAR FILES\n" >> $outfile +echo -e "\n\n\n2. REGULAR FILES\n" >> $outfile #cat_file /dev/sda # Device "file" test #cat_file /nonsense # Non-existence test #cat_file /opt/iiab/iiab # Directory test @@ -181,7 +181,7 @@ cat_file /library/www/html/home/menu.json #cat_file /tmp/all-ansible-vars echo -e "\n 3. Content of Directories: (1-level deep)\n" -echo -e "\n\n\n\n3. CONTENT OF DIRECTORIES (1-LEVEL DEEP)\n" >> $outfile +echo -e "\n\n\n3. CONTENT OF DIRECTORIES (1-LEVEL DEEP)\n" >> $outfile cat_dir /etc/network/interfaces.d cat_dir /etc/systemd/network cat_dir /etc/NetworkManager/system-connections # Redacts most passwords above @@ -190,7 +190,7 @@ cat_dir /etc/netplan # Redacts most passwords above #cat_dir /etc/network # Above file /etc/network/interfaces suffices echo -e "\n 4. Output of Commands:\n" -echo -e "\n\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile +echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' @@ -226,12 +226,12 @@ cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" -echo -e "\n\n\n\n5. FIREWALL RULES\n" >> $outfile +echo -e "\n\n\n5. FIREWALL RULES\n" >> $outfile #cat_file /usr/bin/iiab-gen-iptables cat_cmd 'sudo iptables-save' 'Firewall rules' echo -e "\n 6. Log Files: (e.g. last 100 lines of each)\n" -echo -e "\n\n\n\n6. LOG FILES (e.g. LAST 100 LINES OF EACH)\n" >> $outfile +echo -e "\n\n\n6. LOG FILES (e.g. LAST 100 LINES OF EACH)\n" >> $outfile cat_cmd 'grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log' 'for skip_role_on_error' cat_tail /opt/iiab/iiab/iiab-install.log 100 cat_tail /opt/iiab/iiab/iiab-configure.log 100 From 389ee282272a37eaab42c50e7a63254a4e876004 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Jul 2022 16:08:57 -0400 Subject: [PATCH 0438/1758] PR #3292 comment clarif: {{ iiab_dir }} is /opt/iiab/iiab --- roles/1-prep/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index d7af981bd..0c376df31 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -25,7 +25,7 @@ - name: Copy iiab-apps-to-be-installed from {{ iiab_dir }} to /usr/bin/ copy: - src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab/scripts + src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab dest: /usr/bin/ mode: '0755' From 4c7369cd7a3ee0fbf56dce35aef36dd1f70cd142 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 17:46:06 -0400 Subject: [PATCH 0439/1758] calibre-web/tasks/install.yml: Clarify 'pip list' prob suffic --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 8616674e6..65a88168c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -51,7 +51,7 @@ # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 # source bin/activate -# python3 -m pip list +# python3 -m pip list ('pip list' probably sufficient, likewise below) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt # deactivate From 21ee498b73666709d6b4ae9257b9d78281c4b89c Mon Sep 17 00:00:00 2001 From: George Hunt Date: Thu, 7 Jul 2022 23:51:29 +0100 Subject: [PATCH 0440/1758] break pip install into two plays --- roles/jupyterhub/tasks/install.yml | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 671e8a3ea..7a12252cd 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,22 +33,29 @@ global: yes state: latest -- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~217 MB)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~217 MB total in two ansible plays)" pip: name: - pip - wheel - - ipywidgets - jupyterhub - - jupyterlab - - jupyterhub_firstuseauthenticator - - jupyterhub-systemdspawner virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released. +- name: "pip break apart jupyterlab install into two parts - must have conflicting mutual dependency (4 packages)" + pip: + name: + - jupyterlab + - jupyterhub_firstuseauthenticator + - jupyterhub-systemdspawner + - ipywidgets + virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub + virtualenv_site_packages: no + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" + - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" template: src: jupyterhub_config.py.j2 From 2c09ed18875b88b4cbf95b8b9cb890c99ed6d995 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 19:17:40 -0400 Subject: [PATCH 0441/1758] jupyterhub/tasks/install.yml: Quick "lint" for indentation etc --- roles/jupyterhub/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 7a12252cd..bb2a8364e 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -48,11 +48,11 @@ - name: "pip break apart jupyterlab install into two parts - must have conflicting mutual dependency (4 packages)" pip: name: - - jupyterlab - - jupyterhub_firstuseauthenticator - - jupyterhub-systemdspawner - - ipywidgets - virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub + - jupyterlab + - jupyterhub_firstuseauthenticator + - jupyterhub-systemdspawner + - ipywidgets + virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" From 0a7aa0c162a859990f71e891badc101b85aa18a8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 19:34:30 -0400 Subject: [PATCH 0442/1758] jupyterhub/tasks/install.yml: Comment clarifs for PR #3294 --- roles/jupyterhub/tasks/install.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index bb2a8364e..eaa4e80fb 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -45,7 +45,11 @@ #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released. -- name: "pip break apart jupyterlab install into two parts - must have conflicting mutual dependency (4 packages)" +# 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below) +# fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) +# https://github.com/iiab/iiab/issues/3283 + +- name: Break apart jupyterhub/jupyterlab pip installs into two parts - must have conflicting mutual dependency (3 packages above + 4 packages here) pip: name: - jupyterlab From cfe9a37b7ad4f2f4a4140b4f7b3254367504e63d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 19:53:15 -0400 Subject: [PATCH 0443/1758] jupyterhub/tasks/install.yml: Update comment ~217MB to ~306MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index eaa4e80fb..d92b166fe 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~217 MB total in two ansible plays)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~306 MB total, in two ansible plays)" pip: name: - pip From 79237c65b09d267747508fa54b042365ea37a4a9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 22:19:15 -0400 Subject: [PATCH 0444/1758] jupyterhub/tasks/install.yml: Use --no-cache-dir w/o --pre --- roles/jupyterhub/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d92b166fe..a593bf8d6 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -41,9 +41,9 @@ - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) - extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released. + extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 # 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below) # fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) @@ -59,6 +59,7 @@ virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" + extra_args: "--no-cache-dir" - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" template: From c153cb8d9a964f496272967490986721cb25828b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 22:41:52 -0400 Subject: [PATCH 0445/1758] jupyterhub/tasks/install.yml: Clarify ~304MB /opt/iiab/jupyterhub --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index a593bf8d6..257f817f3 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~306 MB total, in two ansible plays)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, in two ansible plays)" pip: name: - pip From 5dad80366edbc14fd8fdc70661e458aba0c944e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 23:16:58 -0400 Subject: [PATCH 0446/1758] jupyterhub/tasks/install.yml: Nix getsite.py & patch_FUA.sh --- roles/jupyterhub/tasks/install.yml | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 257f817f3..0018b4422 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -71,20 +71,21 @@ src: jupyterhub.service.j2 dest: /etc/systemd/system/jupyterhub.service -- name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages - template: - src: getsite.py.j2 - dest: "{{ jupyterhub_venv }}/bin/getsite.py" - mode: 0755 - -- name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py - template: - src: patch_FUA.sh.j2 - dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" - mode: 0755 - -- name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh" - command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" +# 2022-07-07: No longer needed, thx to upstream fixes +# - name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages +# template: +# src: getsite.py.j2 +# dest: "{{ jupyterhub_venv }}/bin/getsite.py" +# mode: 0755 +# +# - name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py +# template: +# src: patch_FUA.sh.j2 +# dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" +# mode: 0755 +# +# - name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh" +# command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" - name: Install patch_http-warning.sh from template, to turn off the warning about http insecurity, in {{ jupyterhub_venv }}/share/jupyterhub/templates/login.html template: From 54703fa34afedceb1f95c064f61cb7491d854143 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 23:18:09 -0400 Subject: [PATCH 0447/1758] Rename patch_FUA.sh.j2 to patch_FUA.sh.j2.unused --- .../templates/{patch_FUA.sh.j2 => patch_FUA.sh.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/jupyterhub/templates/{patch_FUA.sh.j2 => patch_FUA.sh.j2.unused} (100%) diff --git a/roles/jupyterhub/templates/patch_FUA.sh.j2 b/roles/jupyterhub/templates/patch_FUA.sh.j2.unused similarity index 100% rename from roles/jupyterhub/templates/patch_FUA.sh.j2 rename to roles/jupyterhub/templates/patch_FUA.sh.j2.unused From 042dff872bc33845d5f171194b4e82347341ff5e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 23:18:46 -0400 Subject: [PATCH 0448/1758] Rename getsite.py.j2 to getsite.py.j2.unused --- .../jupyterhub/templates/{getsite.py.j2 => getsite.py.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/jupyterhub/templates/{getsite.py.j2 => getsite.py.j2.unused} (100%) diff --git a/roles/jupyterhub/templates/getsite.py.j2 b/roles/jupyterhub/templates/getsite.py.j2.unused similarity index 100% rename from roles/jupyterhub/templates/getsite.py.j2 rename to roles/jupyterhub/templates/getsite.py.j2.unused From f035414ce9df5fcaf0a3257c0bc591535f9b3b2a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Jul 2022 23:47:32 -0400 Subject: [PATCH 0449/1758] jupyterhub/tasks/install.yml: Ansible output re: mutual dep deadlock --- roles/jupyterhub/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 0018b4422..8ef7ce7d9 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, in two ansible plays)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, after 2 Ansible calls)" pip: name: - pip @@ -49,7 +49,7 @@ # fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) # https://github.com/iiab/iiab/issues/3283 -- name: Break apart jupyterhub/jupyterlab pip installs into two parts - must have conflicting mutual dependency (3 packages above + 4 packages here) +- name: Break up jupyterhub/jupyterlab pip installs into 2 parts (3 packages above + 4 packages here) due to mutual dependency deadlock on some OS's pip: name: - jupyterlab From d12546c98df55fd870163ad9d020e7307d17d9ec Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Jul 2022 22:00:03 -0400 Subject: [PATCH 0450/1758] Prepare for 10.10.10.10, by evolving PR #3281 --- roles/captiveportal/tasks/install.yml | 2 +- ...ivert-to-nginx => iiab-divert-to-nginx.j2} | 0 roles/cups/tasks/install.yml | 2 +- roles/cups/templates/cups.conf.j2 | 2 +- roles/network/tasks/enable_services.yml | 4 +- roles/network/tasks/named.yml | 4 +- .../network/templates/dhcp/dhcpd-iiab.conf.j2 | 62 +++++++++++-------- .../templates/gateway/iiab-gen-iptables | 2 +- ...nal.zone.db => school.internal.zone.db.j2} | 0 ....local.zone.db => school.local.zone.db.j2} | 0 .../network/templates/network/dnsmasq.conf.j2 | 4 +- roles/nextcloud/README.md | 2 +- roles/samba/templates/smb.conf.j2 | 7 ++- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 8 +-- 15 files changed, 57 insertions(+), 44 deletions(-) rename roles/captiveportal/templates/{iiab-divert-to-nginx => iiab-divert-to-nginx.j2} (100%) rename roles/network/templates/named/{school.internal.zone.db => school.internal.zone.db.j2} (100%) rename roles/network/templates/named/{school.local.zone.db => school.local.zone.db.j2} (100%) diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index af022f0e9..ab25d50b6 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -26,7 +26,7 @@ mode: "{{ item.mode }}" with_items: - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' } - - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' } + - { src: roles/captiveportal/templates/iiab-divert-to-nginx.j2, dest: /usr/sbin/iiab-divert-to-nginx, mode: '0755' } - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' } - name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server) diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx.j2 similarity index 100% rename from roles/captiveportal/templates/iiab-divert-to-nginx rename to roles/captiveportal/templates/iiab-divert-to-nginx.j2 diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 6b8971f34..12296cfe5 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -105,7 +105,7 @@ # - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027 # - "ServerAlias *" # - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan -# - "#Listen {{ lan_ip }}:631" # {{ lan_ip }} +# - "#Listen {{ lan_ip }}:631" # e.g. 10.10.10.10 # - "#Listen 127.0.0.1:631" # - "#Listen 0.0.0.0:631" # - "#Listen *:631" diff --git a/roles/cups/templates/cups.conf.j2 b/roles/cups/templates/cups.conf.j2 index a481aa0b1..3d4f4f53f 100644 --- a/roles/cups/templates/cups.conf.j2 +++ b/roles/cups/templates/cups.conf.j2 @@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex return 301 http://localhost:631; } - return 301 http://$host:631; # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC + return 301 http://$host:631; # For 192.168.0.x, 10.10.10.10, 172.18.96.1, 10.8.0.y ETC } diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index d87f9ab36..bf73f1f77 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -32,8 +32,8 @@ # mode: "{{ item.mode }}" with_items: - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } - - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/' } - - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/' } + - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } + - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } when: named_install and named_enabled - name: Enable named service ({{ dns_service }}) if named_enabled diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index 9183242f9..0123ef03f 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -58,8 +58,8 @@ - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly - - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' } - - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' } - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' } diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index 4b452a163..95dbf32dc 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -6,33 +6,43 @@ ddns-update-style interim; option domain-name "{{ iiab_domain }}"; option domain-name-servers {{ lan_ip }}; -option ntp-servers {{ lan_ip }}; +option ntp-servers {{ lan_ip }}; +{% if network_172 %} subnet 172.18.96.0 netmask 255.255.224.0 { - {% if iiab_network_mode == "Gateway" %} - option routers {{ lan_ip }}; - {% endif %} - {% if network_172 %} - option subnet-mask 255.255.224.0; - option broadcast-address 172.18.127.255; - {% else %} - option subnet-mask 255.255.255.0; - option broadcast-address 10.10.10.255; - {% endif %} + {% if iiab_network_mode == "Gateway" %} + option routers {{ lan_ip }}; + {% endif %} + option subnet-mask 255.255.224.0; + option broadcast-address 172.18.127.255; + # Description of network allocations in old OLPC school server + # this is the whole range we have available - 8K addresses + # range 172.18.96.2 172.18.127.254; + # instead, we'll save 510 addresses for later. + range 172.18.96.2 172.18.125.254; + # the other /24s: + # -> 172.18.126.0/24 for static IP addresses + # for printers, AP management consoles, etc. + # -> 172.18.127.0/24 for temporary addresses for + # XO activation - # Description of network allocations in old OLPC school server - # this is the whole range we have available - 8K addresses - # range 172.18.96.2 172.18.127.254; - # instead, we'll save 510 addresses for later. - range 172.18.96.2 172.18.125.254; - # the other /24s: - # -> 172.18.126.0/24 for static IP addresses - # for printers, AP management consoles, etc. - # -> 172.18.127.0/24 for temporary addresses for - # XO activation - - # As this subnet is wired or wifi a/b/g, these lease - # times are on the long side - default-lease-time 10800; - max-lease-time 21600; + # As this subnet is wired or wifi a/b/g, these lease + # times are on the long side + default-lease-time 10800; + max-lease-time 21600; } +{% else %} +subnet 10.10.10.0 netmask 255.255.255.0 { + {% if iiab_network_mode == "Gateway" %} + option routers {{ lan_ip }}; + {% endif %} + option subnet-mask 255.255.255.0; + option broadcast-address 10.10.10.255; + range 10.10.10.2 10.10.10.254; + + # As this subnet is wired or wifi a/b/g, these lease + # times are on the long side + default-lease-time 10800; + max-lease-time 21600; +} +{% endif %} diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index d784d38a9..b11cd4fca 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled" echo #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` #echo -e "Network Mode: $network_mode\n" -lan_ip=$(iiab_var_value lan_ip) # {{ lan_ip }} +lan_ip=$(iiab_var_value lan_ip) # e.g. 10.10.10.10 ports_externally_visible=$(iiab_var_value ports_externally_visible) gw_block_https=$(iiab_var_value gw_block_https) diff --git a/roles/network/templates/named/school.internal.zone.db b/roles/network/templates/named/school.internal.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.db rename to roles/network/templates/named/school.internal.zone.db.j2 diff --git a/roles/network/templates/named/school.local.zone.db b/roles/network/templates/named/school.local.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.local.zone.db rename to roles/network/templates/named/school.local.zone.db.j2 diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index 056830267..152369cad 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -19,9 +19,9 @@ expand-hosts # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease {% if network_172 %} - dhcp-range=172.18.100.1,172.18.126.254,1h +dhcp-range=172.18.100.1,172.18.126.254,1h {% else %} - dhcp-range=10.10.10.21,10.10.10.253,1h +dhcp-range=10.10.10.11,10.10.10.254,1h {% endif %} # Specify the default route diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 4117fd790..14af973e0 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre ## Using It -Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using: +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://10.10.10.10/nextcloud (or similar) using: Username: Admin Password: changeme diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index df58ac824..f7e7c9457 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -92,7 +92,12 @@ ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 - hosts allow = 127. 172.18. 10.10. + +{% if network_172 %} + hosts allow = 127. 172.18. +{% else %} + hosts allow = 10.10.10. +{% endif %} ; max protocol = SMB2 diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 23cb52027..f6763f593 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -12,7 +12,7 @@ # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # transmission_http_port: 9091 # transmission_url: /transmission/ -# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.* +# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10.*,172.18.96.*,10.8.0.* # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a4807a38e..796074a3b 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -100,10 +100,8 @@ js_menu_install: True iiab_hostname: box iiab_domain: lan lan_ip: 10.10.10.10 -network_172: False -#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems -lan_netmask: 255.255.255.0 -#lan_netmask: 255.255.224.0 # Older networks were larger +network_172: False # Change to True if you set the above to 172.18.96.1 +lan_netmask: 255.255.255.0 # Change to 255.255.224.0 if using 172.18.96.1 # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. @@ -544,7 +542,7 @@ transmission_group: debian-transmission # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme transmission_http_port: 9091 transmission_url: /transmission/ -transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,* +transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10,*,172.18.96.*,10.8.0.* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 From ebbda467a676e4b1c9d4ed4d6b72c8ae7c8d5bc6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Jul 2022 22:08:53 -0400 Subject: [PATCH 0451/1758] dhcpd-iiab.conf.j2: range 10.10.10.11 10.10.10.254; --- roles/network/templates/dhcp/dhcpd-iiab.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index 95dbf32dc..66cd3e706 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -38,7 +38,7 @@ subnet 10.10.10.0 netmask 255.255.255.0 { {% endif %} option subnet-mask 255.255.255.0; option broadcast-address 10.10.10.255; - range 10.10.10.2 10.10.10.254; + range 10.10.10.11 10.10.10.254; # As this subnet is wired or wifi a/b/g, these lease # times are on the long side From 47fda4d1739eb4d5fc1fab4400d4c5345c529572 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Jul 2022 22:12:24 -0400 Subject: [PATCH 0452/1758] smb.conf.j2: hosts allow = 127. 10.10.10. --- roles/samba/templates/smb.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index f7e7c9457..9b60050d8 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -96,7 +96,7 @@ {% if network_172 %} hosts allow = 127. 172.18. {% else %} - hosts allow = 10.10.10. + hosts allow = 127. 10.10.10. {% endif %} ; max protocol = SMB2 From e30b1c9549beed3b7402b58d5201311daa0c8084 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 10 Jul 2022 15:45:30 -0500 Subject: [PATCH 0453/1758] drop old olpc fedora paths --- roles/2-common/tasks/fl.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/2-common/tasks/fl.yml b/roles/2-common/tasks/fl.yml index 30c8266e7..829b8dfbf 100644 --- a/roles/2-common/tasks/fl.yml +++ b/roles/2-common/tasks/fl.yml @@ -1,6 +1,6 @@ # fl.yml signifies "file layout" -- name: "File Layout - Create directories: 1 in /etc, 1 in {{ py3_dist_path }}, 3 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab +- name: "File Layout - Create directories: 1 in {{ py3_dist_path }}, 2 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab file: path: "{{ item }}" # owner: root @@ -8,9 +8,9 @@ # mode: '0755' state: directory with_items: - - /etc/sysconfig/olpc-scripts/setup.d/installed/ + #- /etc/sysconfig/olpc-scripts/setup.d/installed/ - "{{ py3_dist_path }}/iiab" # /usr/lib/python3/dist-packages - - "{{ yum_packages_dir }}" # /opt/iiab/yum-packages + #- "{{ yum_packages_dir }}" # /opt/iiab/yum-packages - "{{ pip_packages_dir }}" # /opt/iiab/pip-packages - "{{ downloads_dir }}" # /opt/iiab/downloads #- "{{ content_base }}/downloads" # /library/downloads auto-created just below From 91046a4f12b12ba4027816cb2ecb8e8080651195 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Jul 2022 15:40:52 +0000 Subject: [PATCH 0454/1758] PR #3173 adjustments (making network role optional) --- roles/1-prep/tasks/main.yml | 8 ++++---- roles/network/tasks/install.yml | 22 ++++++++++++---------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index d1ce25c6d..911e31df5 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,10 +3,6 @@ - name: ...IS BEGINNING ============================================ meta: noop -- name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/install.yml - when: network_install - - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: name: sshd @@ -33,6 +29,10 @@ dest: /usr/bin/ mode: '0755' +- name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/install.yml + when: network_install + - include_tasks: uuid.yml - include_tasks: ubermix.yml diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 06e4cf31d..65f7fb2c2 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -19,7 +19,7 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml @@ -60,15 +60,6 @@ #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE -- name: "Set 'network_installed: True'" - set_fact: - network_installed: True - -- name: "Add 'network_installed: True' to {{ iiab_state_file }}" - lineinfile: - path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - regexp: '^network_installed' - line: 'network_installed: True' # UNMAINTAINED - name: Install named / BIND @@ -84,3 +75,14 @@ - name: Install Squid include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined + + +- name: "Set 'network_installed: True'" + set_fact: + network_installed: True + +- name: "Add 'network_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^network_installed' + line: 'network_installed: True' From 699e908291261084eca7a9d53b2c40fb76b7a516 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Jul 2022 17:12:29 +0000 Subject: [PATCH 0455/1758] Move iiab-hotspot-on|off installs (hostapd.yml to main.yml, for Admin Console) --- roles/network/tasks/hostapd.yml | 17 ++--------------- roles/network/tasks/main.yml | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 07e534b66..3b9231a86 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -50,21 +50,8 @@ mode: 0644 when: not wifi_up_down and can_be_ap -- name: Create /usr/bin/iiab-hotspot-on from template - template: - src: hostapd/iiab-hotspot-on - dest: /usr/bin/iiab-hotspot-on - owner: root - group: root - mode: 0755 - -- name: Create /usr/bin/iiab-hotspot-off from template - template: - src: hostapd/iiab-hotspot-off - dest: /usr/bin/iiab-hotspot-off - owner: root - group: root - mode: 0755 +# 2022-07-11: Install of iiab-hotspot-on|off moved to network/tasks/main.yml +# as required for Admin Console - name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True template: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 86a07413b..567a21159 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -25,6 +25,22 @@ include_tasks: install.yml when: network_install and network_installed is undefined +- name: Create /usr/bin/iiab-hotspot-on from template + template: + src: hostapd/iiab-hotspot-on + dest: /usr/bin/iiab-hotspot-on + owner: root + group: root + mode: 0755 + +- name: Create /usr/bin/iiab-hotspot-off from template + template: + src: hostapd/iiab-hotspot-off + dest: /usr/bin/iiab-hotspot-off + owner: root + group: root + mode: 0755 + - name: Configuring Network if enabled block: # - name: Configure wondershaper From 9e6f96bd33cf42b25931c4ab5dd4643c8616b730 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Jul 2022 14:37:28 -0400 Subject: [PATCH 0456/1758] 1-prep: Also enforce "network_installed is undefined" --- roles/1-prep/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 911e31df5..96ff6779d 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -31,7 +31,7 @@ - name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/install.yml - when: network_install + when: network_install and network_installed is undefined - include_tasks: uuid.yml - include_tasks: ubermix.yml From d67b2751a6f9e44aebe1bf20709bf383af289ca1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Jul 2022 20:14:15 -0400 Subject: [PATCH 0457/1758] hostname.yml: Note /etc/hosts & /etc/hostname tkts --- roles/0-init/tasks/hostname.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 427380929..70321cb4a 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -22,7 +22,10 @@ # 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904) # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" -# should the first entry match just hostname and domain move to after localhost? +# 2022-07-11: Should the first entry match just hostname and domain move to +# after localhost? Background: +# 1. /etc/hosts -- #1815 solved by PR #1847 +# 2. /etc/hostname -- #2904 solved by PR #2973 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' lineinfile: path: /etc/hosts From ab5f4c5fe988435bd710371df6b1996d7bf239fc Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 12 Jul 2022 08:21:29 -0400 Subject: [PATCH 0458/1758] Update README.adoc --- roles/matomo/README.adoc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index fa4f2e980..bcb110c2f 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -43,6 +43,20 @@ Take a look at Matomo's official guides to further set this up: https://matomo.o WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) +=== Getting Started + +Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. + +The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on "Visitors" and then below "Visitors", "Overview", to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to Internet in a Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet in a Box. + +Below the "Visitors" button is a second button, "Behavior". Click on the "Pages" button after clicking "Behavior" and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. + +=== IIAB Tips, Tricks, and Gotchas + +1. If your Internet In A Box setup is without power and Internet access, it will not be a ble to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. + +2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. + == Credits Carl Wivagg From fafaf693eaa9cf47197a1eb5358a8b360c0e6d92 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 12 Jul 2022 08:35:42 -0400 Subject: [PATCH 0459/1758] 0-init/tasks/hostname.yml: Note discussion(s) of /etc/hosts --- roles/0-init/tasks/hostname.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 70321cb4a..ed79ccf3b 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -23,7 +23,7 @@ # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" # 2022-07-11: Should the first entry match just hostname and domain move to -# after localhost? Background: +# after localhost? See PR's #1 & #8 -- with discussion on #3302 -- and also: # 1. /etc/hosts -- #1815 solved by PR #1847 # 2. /etc/hostname -- #2904 solved by PR #2973 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' From 6c5a42ffeaefdaee1c44e3c5a85a6369f41ec466 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 12 Jul 2022 09:13:45 -0400 Subject: [PATCH 0460/1758] Update roles/0-init/tasks/validate_vars.yml Co-authored-by: A Holt --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 2a972370d..06d565c3d 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 46 + 46 + 42 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd From 594386073a8caff42eeed2904fe4f982d94687c2 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 12 Jul 2022 09:13:54 -0400 Subject: [PATCH 0461/1758] Update roles/matomo/README.adoc Co-authored-by: A Holt --- roles/matomo/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index bcb110c2f..4d7ca6589 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -53,7 +53,7 @@ Below the "Visitors" button is a second button, "Behavior". Click on the "Pages" === IIAB Tips, Tricks, and Gotchas -1. If your Internet In A Box setup is without power and Internet access, it will not be a ble to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. +1. If your Internet-in-a-Box setup is without power and Internet access, it will not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. 2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. From 9c812e16e7f0e227ad2fae225d1f09b389794770 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 12 Jul 2022 11:50:43 -0400 Subject: [PATCH 0462/1758] Update validate_vars.yml --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 8520f31ba..e72677e44 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -64,7 +64,7 @@ # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 46 + 46 + 42 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd From d4492ef0c8bbdc4de0a874a44951966f8016a5fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 12 Jul 2022 12:33:54 -0400 Subject: [PATCH 0463/1758] scripts/local_facts.fact: Stop supporting Ubuntu 22.10 (Impish Indri) --- scripts/local_facts.fact | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 3c50c360e..a393c2232 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -64,6 +64,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-18" | \ #"ubuntu-19" | \ #"ubuntu-2104" | \ + #"ubuntu-2210" | \ #"centos-7" | \ #"raspbian-8" | \ #"raspbian-9" | \ @@ -78,7 +79,6 @@ case $OS_VER in "ubuntu-2004" | \ "ubuntu-2110" | \ "ubuntu-2204" | \ - "ubuntu-2210" | \ "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") From afc70f6f62178e2b60703c7911a200d2ec4b5eea Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Jul 2022 00:55:11 -0500 Subject: [PATCH 0464/1758] exit code --- iiab-network | 1 + 1 file changed, 1 insertion(+) diff --git a/iiab-network b/iiab-network index 6ff4b5cd3..9ac41f986 100755 --- a/iiab-network +++ b/iiab-network @@ -94,3 +94,4 @@ echo "iiab-network run start: $Start" echo "iiab-network run end: $End" echo echo "Please REBOOT to fully verify your network -- graphical desktops MUST reboot!" +exit 0 From ce47c8e7b104144cb94e724eeb2077f06f05fbcf Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Jul 2022 00:58:45 -0500 Subject: [PATCH 0465/1758] helper script --- scripts/iiab-network | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 scripts/iiab-network diff --git a/scripts/iiab-network b/scripts/iiab-network new file mode 100644 index 000000000..03d1cee87 --- /dev/null +++ b/scripts/iiab-network @@ -0,0 +1,7 @@ +#!/bin/bash -e +cd /opt/iiab/iiab +sudo ./iiab-network +rc=$? +if [ “${rc}” == “0” ]; then + sudo touch /etc/iiab/install-flags/iiab-network-complete +fi From 21dcbcaf4fffd136fa8cd0eb3e888ca0e200d43c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 14 Jul 2022 01:03:27 -0500 Subject: [PATCH 0466/1758] install helper script --- roles/1-prep/tasks/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 96ff6779d..929dd04da 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,12 +23,18 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? -- name: Copy iiab-apps-to-be-installed from {{ iiab_dir }} to /usr/bin/ +- name: Copy iiab-apps-to-be-installed from {{ iiab_dir }}/scripts to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab dest: /usr/bin/ mode: '0755' +- name: Copy iiab-network from {{ iiab_dir }}/scripts to /usr/local/bin/ + copy: + src: "{{ iiab_dir }}/scripts/iiab-network" + dest: /usr/local/bin/ + mode: '0755' + - name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/install.yml when: network_install and network_installed is undefined From 5d96561e73293a89c436dcdec8423445e31b7d8a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:21:16 -0400 Subject: [PATCH 0467/1758] Fix local_facts.fact to deprecate 21.10 not 22.10 --- scripts/local_facts.fact | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index a393c2232..57d56575b 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -64,7 +64,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-18" | \ #"ubuntu-19" | \ #"ubuntu-2104" | \ - #"ubuntu-2210" | \ + #"ubuntu-2110" | \ #"centos-7" | \ #"raspbian-8" | \ #"raspbian-9" | \ @@ -77,8 +77,8 @@ case $OS_VER in "debian-11" | \ "debian-12" | \ "ubuntu-2004" | \ - "ubuntu-2110" | \ "ubuntu-2204" | \ + "ubuntu-2210" | \ "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") From 602f3ba87096cebf4600a6718053d953945a3bf9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:29:50 -0400 Subject: [PATCH 0468/1758] Rename ubuntu-2104.yml to ubuntu-2104.yml.unused --- vars/{ubuntu-2104.yml => ubuntu-2104.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{ubuntu-2104.yml => ubuntu-2104.yml.unused} (100%) diff --git a/vars/ubuntu-2104.yml b/vars/ubuntu-2104.yml.unused similarity index 100% rename from vars/ubuntu-2104.yml rename to vars/ubuntu-2104.yml.unused From 3102a731aae9856196ee8ce6b19392f9fb8267ba Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:30:33 -0400 Subject: [PATCH 0469/1758] Rename ubuntu-2110.yml to ubuntu-2110.yml.unused --- vars/{ubuntu-2110.yml => ubuntu-2110.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{ubuntu-2110.yml => ubuntu-2110.yml.unused} (100%) diff --git a/vars/ubuntu-2110.yml b/vars/ubuntu-2110.yml.unused similarity index 100% rename from vars/ubuntu-2110.yml rename to vars/ubuntu-2110.yml.unused From 288ce650ae02adbac819caf27854b05f9fcbecb9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:32:53 -0400 Subject: [PATCH 0470/1758] Rename raspbian-10.yml to raspbian-10.yml.unused --- vars/{raspbian-10.yml => raspbian-10.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{raspbian-10.yml => raspbian-10.yml.unused} (100%) diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml.unused similarity index 100% rename from vars/raspbian-10.yml rename to vars/raspbian-10.yml.unused From 815607e7c53984ea7c1cdc4054222602543c6cd6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:33:16 -0400 Subject: [PATCH 0471/1758] Rename raspbian-9.yml to raspbian-9.yml.unused --- vars/{raspbian-9.yml => raspbian-9.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{raspbian-9.yml => raspbian-9.yml.unused} (100%) diff --git a/vars/raspbian-9.yml b/vars/raspbian-9.yml.unused similarity index 100% rename from vars/raspbian-9.yml rename to vars/raspbian-9.yml.unused From 144196734eca62f6af667b29e6218813c814e5fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:33:37 -0400 Subject: [PATCH 0472/1758] Rename raspbian-8.yml to raspbian-8.yml.unused --- vars/{raspbian-8.yml => raspbian-8.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{raspbian-8.yml => raspbian-8.yml.unused} (100%) diff --git a/vars/raspbian-8.yml b/vars/raspbian-8.yml.unused similarity index 100% rename from vars/raspbian-8.yml rename to vars/raspbian-8.yml.unused From 572df993d340c0a5a96d354cc08fe7175b579b95 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:34:20 -0400 Subject: [PATCH 0473/1758] Rename debian-10.yml to debian-10.yml.unused --- vars/{debian-10.yml => debian-10.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{debian-10.yml => debian-10.yml.unused} (100%) diff --git a/vars/debian-10.yml b/vars/debian-10.yml.unused similarity index 100% rename from vars/debian-10.yml rename to vars/debian-10.yml.unused From cc42b6e234e98b82e250e5d9985b500ef8bddec5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:34:42 -0400 Subject: [PATCH 0474/1758] Rename debian-9.yml to debian-9.yml.unused --- vars/{debian-9.yml => debian-9.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{debian-9.yml => debian-9.yml.unused} (100%) diff --git a/vars/debian-9.yml b/vars/debian-9.yml.unused similarity index 100% rename from vars/debian-9.yml rename to vars/debian-9.yml.unused From 50bd128ee73ad0a0fafafbce452793d969f5a37d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:35:00 -0400 Subject: [PATCH 0475/1758] Rename debian-8.yml to debian-8.yml.unused --- vars/{debian-8.yml => debian-8.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{debian-8.yml => debian-8.yml.unused} (100%) diff --git a/vars/debian-8.yml b/vars/debian-8.yml.unused similarity index 100% rename from vars/debian-8.yml rename to vars/debian-8.yml.unused From 41dd93627621cc2a0191815c990f428cec2a970e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:35:19 -0400 Subject: [PATCH 0476/1758] Rename centos-7.yml to centos-7.yml.unused --- vars/{centos-7.yml => centos-7.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{centos-7.yml => centos-7.yml.unused} (100%) diff --git a/vars/centos-7.yml b/vars/centos-7.yml.unused similarity index 100% rename from vars/centos-7.yml rename to vars/centos-7.yml.unused From ac8c7ad0909c8923301b9a90267ee3c571f80d60 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:35:39 -0400 Subject: [PATCH 0477/1758] Rename fedora-22.yml to fedora-22.yml.unused --- vars/{fedora-22.yml => fedora-22.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{fedora-22.yml => fedora-22.yml.unused} (100%) diff --git a/vars/fedora-22.yml b/vars/fedora-22.yml.unused similarity index 100% rename from vars/fedora-22.yml rename to vars/fedora-22.yml.unused From b62432d8ab985da2ffafb78104c8ba7b4610f458 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 09:35:55 -0400 Subject: [PATCH 0478/1758] Rename fedora-18.yml to fedora-18.yml.unused --- vars/{fedora-18.yml => fedora-18.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{fedora-18.yml => fedora-18.yml.unused} (100%) diff --git a/vars/fedora-18.yml b/vars/fedora-18.yml.unused similarity index 100% rename from vars/fedora-18.yml rename to vars/fedora-18.yml.unused From 1d1ef405a9446852aa6e5db511121fd8a889e8a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Jul 2022 11:53:11 -0400 Subject: [PATCH 0479/1758] scripts/iiab-network: Lint bash conditional, for #3308 --- scripts/iiab-network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-network b/scripts/iiab-network index 03d1cee87..9e56350eb 100644 --- a/scripts/iiab-network +++ b/scripts/iiab-network @@ -2,6 +2,6 @@ cd /opt/iiab/iiab sudo ./iiab-network rc=$? -if [ “${rc}” == “0” ]; then +if [[ $rc == "0" ]]; then sudo touch /etc/iiab/install-flags/iiab-network-complete fi From 62459e3db51d8df81c434b4aeae7ef112d1d7a86 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 15 Jul 2022 10:24:31 -0400 Subject: [PATCH 0480/1758] default_vars.yml: kiwix-3.5.0.apk from 2022-05-31 --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c1ff11bb9..c5832015f 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -486,7 +486,7 @@ kiwix_port: 3000 iiab_zim_path: "{{ content_base }}/zims" # /library/zims kiwix_incl_apk: False kiwix_apk_url: /software/kiwix -kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix-3.4.5.apk +kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix-3.5.0.apk # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as PostgreSQL is installed on # demand as a dependency -- by Moodle &/or Pathagar From b1e2a4db67ab253ee0a85b3f5973451cbde8fcee Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 15 Jul 2022 10:49:19 -0400 Subject: [PATCH 0481/1758] kiwix/tasks/kiwix-apk.yml: Lint & revise comment #3310 --- roles/kiwix/tasks/kiwix-apk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/kiwix-apk.yml b/roles/kiwix/tasks/kiwix-apk.yml index e81711013..049cc5476 100644 --- a/roles/kiwix/tasks/kiwix-apk.yml +++ b/roles/kiwix/tasks/kiwix-apk.yml @@ -6,7 +6,7 @@ - name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }} get_url: - url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix.apk + url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix-3.5.0.apk formerly kiwix.apk dest: "{{ doc_root }}{{ kiwix_apk_url }}" timeout: "{{ download_timeout }}" From b4dae53f2b77d5653abac2da4a321ac875404261 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 15 Jul 2022 21:11:30 -0400 Subject: [PATCH 0482/1758] default_vars.yml: Try kiwix.apk not kiwix-3.5.0.apk --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c5832015f..ecfa0d677 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -486,7 +486,7 @@ kiwix_port: 3000 iiab_zim_path: "{{ content_base }}/zims" # /library/zims kiwix_incl_apk: False kiwix_apk_url: /software/kiwix -kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix-3.5.0.apk +kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as PostgreSQL is installed on # demand as a dependency -- by Moodle &/or Pathagar From 57aabf0fc6757148a21bfeee7a2a4b58914a02cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 15 Jul 2022 21:14:00 -0400 Subject: [PATCH 0483/1758] Clarify kiwix/tasks/kiwix-apk.yml --- roles/kiwix/tasks/kiwix-apk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/kiwix-apk.yml b/roles/kiwix/tasks/kiwix-apk.yml index 049cc5476..fa03667f3 100644 --- a/roles/kiwix/tasks/kiwix-apk.yml +++ b/roles/kiwix/tasks/kiwix-apk.yml @@ -6,7 +6,7 @@ - name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }} get_url: - url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix-3.5.0.apk formerly kiwix.apk + url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix.apk formerly kiwix-3.5.0.apk dest: "{{ doc_root }}{{ kiwix_apk_url }}" timeout: "{{ download_timeout }}" From a9e92191db71497caa804f485835a37f84d5e6e3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 Jul 2022 01:16:36 -0500 Subject: [PATCH 0484/1758] remove named and dhcpd install options --- roles/network/tasks/NM-debian.yml | 4 +- roles/network/tasks/computed_services.yml | 30 +++--- roles/network/tasks/debian.yml | 2 +- .../tasks/{dhcpd.yml => dhcpd.yml.unused} | 0 ...down-debian.yml => down-debian.yml.unused} | 0 roles/network/tasks/enable_services.yml | 97 ++++++++++--------- roles/network/tasks/install.yml | 12 +-- roles/network/tasks/main.yml | 18 ++-- .../tasks/{named.yml => named.yml.unused} | 0 roles/network/tasks/restart.yml | 13 +-- roles/network/tasks/rpi_debian.yml | 6 +- roles/network/tasks/sysd-netd-debian.yml | 4 +- .../captive-portal.py.j2 | 0 .../{dhcp => dhcp.unused}/dhcpd-env.j2 | 0 .../{dhcp => dhcp.unused}/dhcpd-iiab.conf.j2 | 0 .../{dhcp => dhcp.unused}/dhcpd.service | 0 .../{named => named.unused}/bind9.service | 0 .../{named => named.unused}/dns-jail.conf | 0 .../templates/{named => named.unused}/dummy | 0 .../{named => named.unused}/localdomain.zone | 0 .../{named => named.unused}/localhost.zone | 0 .../templates/{named => named.unused}/named | 0 .../named-iiab.conf.j2 | 0 .../{named => named.unused}/named.blackhole | 0 .../{named => named.unused}/named.broadcast | 0 .../{named => named.unused}/named.ip6.local | 0 .../{named => named.unused}/named.j2 | 0 .../{named => named.unused}/named.local | 0 .../named.rfc1912.zones | 0 .../{named => named.unused}/named.root | 0 .../{named => named.unused}/named.root.hints | 0 .../{named => named.unused}/named.service | 0 .../{named => named.unused}/named.zero | 0 .../school.external.zone.db | 0 .../school.internal.zone.16.in-addr.db.j2 | 0 .../school.internal.zone.32.in-addr.db.j2 | 0 .../school.internal.zone.48.in-addr.db.j2 | 0 .../school.internal.zone.db.j2 | 0 .../school.internal.zone.in-addr.db.j2 | 0 .../school.local.zone.db.j2 | 0 40 files changed, 95 insertions(+), 91 deletions(-) rename roles/network/tasks/{dhcpd.yml => dhcpd.yml.unused} (100%) rename roles/network/tasks/{down-debian.yml => down-debian.yml.unused} (100%) rename roles/network/tasks/{named.yml => named.yml.unused} (100%) rename roles/network/templates/{captive-portal => captive-portal.unused}/captive-portal.py.j2 (100%) rename roles/network/templates/{dhcp => dhcp.unused}/dhcpd-env.j2 (100%) rename roles/network/templates/{dhcp => dhcp.unused}/dhcpd-iiab.conf.j2 (100%) rename roles/network/templates/{dhcp => dhcp.unused}/dhcpd.service (100%) rename roles/network/templates/{named => named.unused}/bind9.service (100%) rename roles/network/templates/{named => named.unused}/dns-jail.conf (100%) rename roles/network/templates/{named => named.unused}/dummy (100%) rename roles/network/templates/{named => named.unused}/localdomain.zone (100%) rename roles/network/templates/{named => named.unused}/localhost.zone (100%) rename roles/network/templates/{named => named.unused}/named (100%) rename roles/network/templates/{named => named.unused}/named-iiab.conf.j2 (100%) rename roles/network/templates/{named => named.unused}/named.blackhole (100%) rename roles/network/templates/{named => named.unused}/named.broadcast (100%) rename roles/network/templates/{named => named.unused}/named.ip6.local (100%) rename roles/network/templates/{named => named.unused}/named.j2 (100%) rename roles/network/templates/{named => named.unused}/named.local (100%) rename roles/network/templates/{named => named.unused}/named.rfc1912.zones (100%) rename roles/network/templates/{named => named.unused}/named.root (100%) rename roles/network/templates/{named => named.unused}/named.root.hints (100%) rename roles/network/templates/{named => named.unused}/named.service (100%) rename roles/network/templates/{named => named.unused}/named.zero (100%) rename roles/network/templates/{named => named.unused}/school.external.zone.db (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.16.in-addr.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.32.in-addr.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.48.in-addr.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.internal.zone.in-addr.db.j2 (100%) rename roles/network/templates/{named => named.unused}/school.local.zone.db.j2 (100%) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 8cf977c8a..d5dad9ffc 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -1,6 +1,6 @@ # NM-debian.yml -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml # provide keyfile layout like the XO's used way back. #- name: Create uuid for NM's keyfile store diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 47c3cd7cc..939167cce 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -22,30 +22,30 @@ - name: No LAN configured - non-dnsmasq set_fact: - named_enabled: True - dhcpd_enabled: False +# named_enabled: True +# dhcpd_enabled: False dhcp_service2: "dhcpd disabled" when: not dnsmasq_enabled and iiab_network_mode == "Appliance" - name: LAN configured - non-dnsmasq set_fact: - named_enabled: True - dhcpd_enabled: True +# named_enabled: True +# dhcpd_enabled: True dhcp_service2: "dhcpd" when: not dnsmasq_enabled and iiab_network_mode != "Appliance" - name: LAN configured - dnsmasq set_fact: - named_enabled: False - dhcpd_enabled: False +# named_enabled: False +# dhcpd_enabled: False dnsmasq_enabled: True dhcp_service2: "dnsmasq" when: dnsmasq_install and iiab_network_mode != "Appliance" - name: LAN not configured - dnsmasq set_fact: - named_enabled: False - dhcpd_enabled: False +# named_enabled: False +# dhcpd_enabled: False dnsmasq_enabled: True dhcp_service2: "dnsmasq" when: dnsmasq_install and iiab_network_mode == "Appliance" @@ -71,12 +71,12 @@ # value: "{{ wondershaper_enabled }}" - option: iiab_network_mode_applied value: "{{ iiab_network_mode }}" - - option: dhcpd_enabled - value: "{{ dhcpd_enabled }}" - - option: dhcp_service2 - value: "{{ dhcp_service2 }}" - - option: named_enabled - value: "{{ named_enabled }}" +# - option: dhcpd_enabled +# value: "{{ dhcpd_enabled }}" +# - option: dhcp_service2 +# value: "{{ dhcp_service2 }}" +# - option: named_enabled +# value: "{{ named_enabled }}" - option: dnsmasq_enabled value: "{{ dnsmasq_enabled }}" - option: no_net_restart @@ -89,7 +89,7 @@ value: "{{ host_wifi_mode }}" - option: host_channel value: "{{ host_channel }}" - + - name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 74ca452c7..52982af42 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -62,7 +62,7 @@ regexp: "{{ iiab_wan_iface }}" when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian and not is_debian_8 -- include_tasks: down-debian.yml +#- include_tasks: down-debian.yml - name: Reload systemd systemd: diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml.unused similarity index 100% rename from roles/network/tasks/dhcpd.yml rename to roles/network/tasks/dhcpd.yml.unused diff --git a/roles/network/tasks/down-debian.yml b/roles/network/tasks/down-debian.yml.unused similarity index 100% rename from roles/network/tasks/down-debian.yml rename to roles/network/tasks/down-debian.yml.unused diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index bf73f1f77..50d0f69ed 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -1,70 +1,72 @@ -- name: Disable dhcpd service - service: - name: dhcpd - enabled: no - when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled +#- name: Disable dhcpd service +# service: +# name: dhcpd +# enabled: no +# when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled # service is restarted with NM dispatcher.d script -- name: Enable dhcpd service - service: - name: dhcpd - enabled: yes - when: dhcpd_install and dhcpd_enabled +#- name: Enable dhcpd service +# service: +# name: dhcpd +# enabled: yes +# when: dhcpd_install and dhcpd_enabled -- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates (root:root, 0644 by default) - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" +#- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates (root:root, 0644 by default) +# template: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" +# # owner: root + # group: root + # mode: "{{ item.mode }}" +# with_items: +# - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd' } +# - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf' } +# when: dhcpd_install and dhcpd_enabled + +#- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab (root:root, 0644 by default) +# template: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" # owner: root # group: root # mode: "{{ item.mode }}" - with_items: - - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd' } - - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf' } - when: dhcpd_install and dhcpd_enabled +# with_items: +# - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } +# - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } +# - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } +# when: named_install and named_enabled -- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab (root:root, 0644 by default) - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: "{{ item.mode }}" - with_items: - - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } - - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } - - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } - when: named_install and named_enabled +#- name: Enable named service ({{ dns_service }}) if named_enabled +# systemd: +# name: "{{ dns_service }}" +# enabled: yes +# when: named_install and named_enabled -- name: Enable named service ({{ dns_service }}) if named_enabled - systemd: - name: "{{ dns_service }}" - enabled: yes - when: named_install and named_enabled - -- name: Disable named service ({{ dns_service }}) if not named_enabled - systemd: - name: "{{ dns_service }}" - enabled: no - when: (named_install or named_installed is defined) and not named_enabled +#- name: Disable named service ({{ dns_service }}) if not named_enabled +# systemd: +# name: "{{ dns_service }}" +# enabled: no +# when: (named_install or named_installed is defined) and not named_enabled - name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance template: src: network/dnsmasq.conf.j2 dest: /etc/dnsmasq.d/iiab.conf - when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") + when: iiab_network_mode != "Appliance" +# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Install /etc/hosts.dnsmasq from template for /etc/dnsmasq.d/iiab.conf (instead of using /etc/hosts) template: src: network/hosts-dnsmasq.j2 dest: /etc/hosts.dnsmasq - when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") + when: iiab_network_mode != "Appliance" +# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Update /etc/dnsmasq.d/dnsmasq-iiab for custom dns setting template: src: network/dnsmasq-iiab dest: /etc/dnsmasq.d/dnsmasq-iiab - when: dnsmasq_install # 2020-05-10: Are all these dnsmasq_install conditions really still necessary ? +# when: dnsmasq_install # 2020-05-10: Are all these dnsmasq_install conditions really still necessary ? ## Another way to skin the cat ##- name: Check if systemd service networkd-dispatcher is enabled @@ -100,7 +102,8 @@ mode: 0755 # owner: root # group: root - when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") + when: nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") +# when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") @@ -108,13 +111,13 @@ file: path: /etc/dnsmasq.d/iiab.conf state: absent - when: (not dnsmasq_enabled) or (iiab_network_mode == "Appliance") + when: iiab_network_mode == "Appliance" - name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled systemd: name: iiab-dnsmasq enabled: yes - when: dnsmasq_install and dnsmasq_enabled +# when: dnsmasq_install and dnsmasq_enabled - name: Disable iiab-dnsmasq, if not dnsmasq_enabled systemd: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 65f7fb2c2..394286c32 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -62,14 +62,14 @@ # UNMAINTAINED -- name: Install named / BIND - include_tasks: roles/network/tasks/named.yml - when: named_install is defined and named_install +#- name: Install named / BIND +# include_tasks: roles/network/tasks/named.yml +# when: named_install is defined and named_install # UNMAINTAINED -- name: Install dhcpd - include_tasks: roles/network/tasks/dhcpd.yml - when: dhcpd_install is defined and dhcpd_install +#- name: Install dhcpd +# include_tasks: roles/network/tasks/dhcpd.yml +# when: dhcpd_install is defined and dhcpd_install # LESS MAINTAINED - name: Install Squid diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 567a21159..8e225eb40 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -47,17 +47,17 @@ # include_tasks: wondershaper.yml # when: wondershaper_install or wondershaper_installed is defined - - name: (Re)Install named - include_tasks: named.yml - when: named_install and FQDN_changed and iiab_stage|int == 9 +# - name: (Re)Install named +# include_tasks: named.yml +# when: named_install and FQDN_changed and iiab_stage|int == 9 - - name: (Re)Install dhcpd - include_tasks: dhcpd.yml - when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 +# - name: (Re)Install dhcpd +# include_tasks: dhcpd.yml +# when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 - - name: (Re)Install Squid - include_tasks: squid.yml - when: squid_install and FQDN_changed and iiab_stage|int == 9 +# - name: (Re)Install Squid +# include_tasks: squid.yml +# when: squid_install and FQDN_changed and iiab_stage|int == 9 #preprep for backends - name: Netplan in use on Ubuntu 18.04+ diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml.unused similarity index 100% rename from roles/network/tasks/named.yml rename to roles/network/tasks/named.yml.unused diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 0dda30a6f..659a18329 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -29,11 +29,11 @@ shell: netplan apply when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 -- name: Start named service - systemd: - name: "{{ dns_service }}" - state: restarted - when: named_enabled and named_install +#- name: Start named service +# systemd: +# name: "{{ dns_service }}" +# state: restarted +# when: named_enabled and named_install - name: Stop Squid service systemd: @@ -98,7 +98,8 @@ #both interfaces.d and systemd-networkd should have br0 available and Appliance lacks br0 #keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address #due to hostapd didn't go to a carrier state. All others should get dnsmasq restarted -- name: User choice of dnsmasq or dhcpd - restarting {{ dhcp_service2 }} +#- name: User choice of dnsmasq or dhcpd - restarting {{ dhcp_service2 }} +- name: Restarting {{ dhcp_service2 }} systemd: name: "{{ dhcp_service2 }}" state: restarted diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 9c245a5f6..4d672ad0b 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -31,7 +31,7 @@ when: country_code is defined and country_code.stdout | length > 0 - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec - lineinfile: + lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} @@ -54,8 +54,8 @@ src: network/dnsmasq-iiab when: iiab_lan_iface == "br0" -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml - name: Reload systemd systemd: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index c32b966a1..e88c0483e 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -44,8 +44,8 @@ #when: wan_ip != "dhcp" and not is_ubuntu_18 -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml - name: Reload systemd systemd: diff --git a/roles/network/templates/captive-portal/captive-portal.py.j2 b/roles/network/templates/captive-portal.unused/captive-portal.py.j2 similarity index 100% rename from roles/network/templates/captive-portal/captive-portal.py.j2 rename to roles/network/templates/captive-portal.unused/captive-portal.py.j2 diff --git a/roles/network/templates/dhcp/dhcpd-env.j2 b/roles/network/templates/dhcp.unused/dhcpd-env.j2 similarity index 100% rename from roles/network/templates/dhcp/dhcpd-env.j2 rename to roles/network/templates/dhcp.unused/dhcpd-env.j2 diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp.unused/dhcpd-iiab.conf.j2 similarity index 100% rename from roles/network/templates/dhcp/dhcpd-iiab.conf.j2 rename to roles/network/templates/dhcp.unused/dhcpd-iiab.conf.j2 diff --git a/roles/network/templates/dhcp/dhcpd.service b/roles/network/templates/dhcp.unused/dhcpd.service similarity index 100% rename from roles/network/templates/dhcp/dhcpd.service rename to roles/network/templates/dhcp.unused/dhcpd.service diff --git a/roles/network/templates/named/bind9.service b/roles/network/templates/named.unused/bind9.service similarity index 100% rename from roles/network/templates/named/bind9.service rename to roles/network/templates/named.unused/bind9.service diff --git a/roles/network/templates/named/dns-jail.conf b/roles/network/templates/named.unused/dns-jail.conf similarity index 100% rename from roles/network/templates/named/dns-jail.conf rename to roles/network/templates/named.unused/dns-jail.conf diff --git a/roles/network/templates/named/dummy b/roles/network/templates/named.unused/dummy similarity index 100% rename from roles/network/templates/named/dummy rename to roles/network/templates/named.unused/dummy diff --git a/roles/network/templates/named/localdomain.zone b/roles/network/templates/named.unused/localdomain.zone similarity index 100% rename from roles/network/templates/named/localdomain.zone rename to roles/network/templates/named.unused/localdomain.zone diff --git a/roles/network/templates/named/localhost.zone b/roles/network/templates/named.unused/localhost.zone similarity index 100% rename from roles/network/templates/named/localhost.zone rename to roles/network/templates/named.unused/localhost.zone diff --git a/roles/network/templates/named/named b/roles/network/templates/named.unused/named similarity index 100% rename from roles/network/templates/named/named rename to roles/network/templates/named.unused/named diff --git a/roles/network/templates/named/named-iiab.conf.j2 b/roles/network/templates/named.unused/named-iiab.conf.j2 similarity index 100% rename from roles/network/templates/named/named-iiab.conf.j2 rename to roles/network/templates/named.unused/named-iiab.conf.j2 diff --git a/roles/network/templates/named/named.blackhole b/roles/network/templates/named.unused/named.blackhole similarity index 100% rename from roles/network/templates/named/named.blackhole rename to roles/network/templates/named.unused/named.blackhole diff --git a/roles/network/templates/named/named.broadcast b/roles/network/templates/named.unused/named.broadcast similarity index 100% rename from roles/network/templates/named/named.broadcast rename to roles/network/templates/named.unused/named.broadcast diff --git a/roles/network/templates/named/named.ip6.local b/roles/network/templates/named.unused/named.ip6.local similarity index 100% rename from roles/network/templates/named/named.ip6.local rename to roles/network/templates/named.unused/named.ip6.local diff --git a/roles/network/templates/named/named.j2 b/roles/network/templates/named.unused/named.j2 similarity index 100% rename from roles/network/templates/named/named.j2 rename to roles/network/templates/named.unused/named.j2 diff --git a/roles/network/templates/named/named.local b/roles/network/templates/named.unused/named.local similarity index 100% rename from roles/network/templates/named/named.local rename to roles/network/templates/named.unused/named.local diff --git a/roles/network/templates/named/named.rfc1912.zones b/roles/network/templates/named.unused/named.rfc1912.zones similarity index 100% rename from roles/network/templates/named/named.rfc1912.zones rename to roles/network/templates/named.unused/named.rfc1912.zones diff --git a/roles/network/templates/named/named.root b/roles/network/templates/named.unused/named.root similarity index 100% rename from roles/network/templates/named/named.root rename to roles/network/templates/named.unused/named.root diff --git a/roles/network/templates/named/named.root.hints b/roles/network/templates/named.unused/named.root.hints similarity index 100% rename from roles/network/templates/named/named.root.hints rename to roles/network/templates/named.unused/named.root.hints diff --git a/roles/network/templates/named/named.service b/roles/network/templates/named.unused/named.service similarity index 100% rename from roles/network/templates/named/named.service rename to roles/network/templates/named.unused/named.service diff --git a/roles/network/templates/named/named.zero b/roles/network/templates/named.unused/named.zero similarity index 100% rename from roles/network/templates/named/named.zero rename to roles/network/templates/named.unused/named.zero diff --git a/roles/network/templates/named/school.external.zone.db b/roles/network/templates/named.unused/school.external.zone.db similarity index 100% rename from roles/network/templates/named/school.external.zone.db rename to roles/network/templates/named.unused/school.external.zone.db diff --git a/roles/network/templates/named/school.internal.zone.16.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.16.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.16.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.16.in-addr.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.32.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.32.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.32.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.32.in-addr.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.48.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.48.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.48.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.48.in-addr.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.db.j2 b/roles/network/templates/named.unused/school.internal.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.in-addr.db.j2 diff --git a/roles/network/templates/named/school.local.zone.db.j2 b/roles/network/templates/named.unused/school.local.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.local.zone.db.j2 rename to roles/network/templates/named.unused/school.local.zone.db.j2 From bcc59a0bc36bef48fcc7b8e5e321c8fb8aa9749e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 Jul 2022 02:04:05 -0500 Subject: [PATCH 0485/1758] cleanups --- roles/network/tasks/computed_services.yml | 36 +++++++++++------------ roles/network/tasks/enable_services.yml | 14 ++++----- roles/network/tasks/restart.yml | 7 +++-- 3 files changed, 29 insertions(+), 28 deletions(-) diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 939167cce..9527ed7d3 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -20,35 +20,35 @@ iiab_network_mode: "Gateway" when: iiab_lan_iface != "none" and iiab_wan_iface != "none" -- name: No LAN configured - non-dnsmasq - set_fact: +#- name: No LAN configured - non-dnsmasq +# set_fact: # named_enabled: True # dhcpd_enabled: False - dhcp_service2: "dhcpd disabled" - when: not dnsmasq_enabled and iiab_network_mode == "Appliance" +# dhcp_service2: "dhcpd disabled" +# when: not dnsmasq_enabled and iiab_network_mode == "Appliance" -- name: LAN configured - non-dnsmasq - set_fact: +#- name: LAN configured - non-dnsmasq +# set_fact: # named_enabled: True # dhcpd_enabled: True - dhcp_service2: "dhcpd" - when: not dnsmasq_enabled and iiab_network_mode != "Appliance" +# dhcp_service2: "dhcpd" +# when: not dnsmasq_enabled and iiab_network_mode != "Appliance" -- name: LAN configured - dnsmasq - set_fact: +#- name: LAN configured - dnsmasq +# set_fact: # named_enabled: False # dhcpd_enabled: False - dnsmasq_enabled: True - dhcp_service2: "dnsmasq" - when: dnsmasq_install and iiab_network_mode != "Appliance" +# dnsmasq_enabled: True +# dhcp_service2: "dnsmasq" +# when: dnsmasq_install and iiab_network_mode != "Appliance" -- name: LAN not configured - dnsmasq - set_fact: +#- name: LAN not configured - dnsmasq +# set_fact: # named_enabled: False # dhcpd_enabled: False - dnsmasq_enabled: True - dhcp_service2: "dnsmasq" - when: dnsmasq_install and iiab_network_mode == "Appliance" +# dnsmasq_enabled: True +# dhcp_service2: "dnsmasq" +# when: dnsmasq_install and iiab_network_mode == "Appliance" - name: Add 'network' variable values (from computed_services.yml) to {{ iiab_ini_file }} ini_file: diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 50d0f69ed..f6686de3d 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -117,13 +117,13 @@ systemd: name: iiab-dnsmasq enabled: yes -# when: dnsmasq_install and dnsmasq_enabled + when: dnsmasq_enabled - name: Disable iiab-dnsmasq, if not dnsmasq_enabled systemd: name: iiab-dnsmasq enabled: no - when: dnsmasq_install and not dnsmasq_enabled + when: not dnsmasq_enabled # - name: Enable DansGuardian systemd service, if dansguardian_enabled # systemd: @@ -142,13 +142,13 @@ path: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=True' - when: squid_install and squid_enabled + when: squid_installed is defined and squid_enabled - name: Enable systemd service '{{ proxy }}' - if squid_install and squid_enabled systemd: name: "{{ proxy }}" # squid (or 'squid3' on vars/debian-8.yml, vars/raspbian-8.yml) enabled: yes - when: squid_install and squid_enabled + when: squid_installed is defined and squid_enabled - name: Install /etc/{{ proxy }}/squid.conf from template (root:root, 0644 by default) - and create a timestamped backup of the original - if squid_install and squid_enabled template: @@ -157,7 +157,7 @@ # owner: "{{ proxy_user }}" # proxy (or 'squid' on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml) # group: "{{ proxy_user }}" backup: yes - when: squid_install and squid_enabled + when: squid_installed is defined and squid_enabled # - name: Point /etc/init.d/{{ proxy }} to /etc/{{ proxy }}/squid-iiab.conf - if squid_install and squid_enabled # lineinfile: @@ -170,14 +170,14 @@ systemd: name: "{{ proxy }}" enabled: no - when: (squid_install or squid_installed is defined) and not squid_enabled + when: squid_installed is defined and not squid_enabled - name: Revert {{ iiab_env_file }} to 'HTTPCACHE_ON=False' - if squid_install and not squid_enabled lineinfile: path: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=False' - when: squid_install and not squid_enabled + when: squid_installed is defined and not squid_enabled # - name: Enable Wondershaper service, if wondershaper_enabled # systemd: diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 659a18329..de930332f 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -99,11 +99,12 @@ #keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address #due to hostapd didn't go to a carrier state. All others should get dnsmasq restarted #- name: User choice of dnsmasq or dhcpd - restarting {{ dhcp_service2 }} -- name: Restarting {{ dhcp_service2 }} +- name: Restarting dnsmasq systemd: - name: "{{ dhcp_service2 }}" + name: dnsmasq state: restarted - when: (not no_net_restart or (is_ubuntu and wifi_up_down)) or (iiab_stage|int == 9) + when: dnsmasq_enabled and ((not no_net_restart or (is_ubuntu and wifi_up_down)) or (iiab_stage|int == 9)) +# when: (not no_net_restart or (is_ubuntu and wifi_up_down)) or (iiab_stage|int == 9) #when: (not no_net_restart or (is_ubuntu_20 and wifi_up_down)) or (iiab_stage|int == 9) #when: (not no_net_restart or (is_ubuntu_20 and wifi_up_down)) #when: (iiab_network_mode != "Appliance") # Sufficient b/c br0 exists thanks to /etc/network/interfaces.d/iiab From 9ce883ab01d76adca063776552859964a3c0c4e5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 Jul 2022 00:51:33 -0500 Subject: [PATCH 0486/1758] lockout unsupported options --- roles/0-init/tasks/validate_vars.yml | 32 ++++++++++++++--------- vars/default_vars.yml | 38 ++++++++++++++-------------- 2 files changed, 39 insertions(+), 31 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f2f6cf8e0..5d4566055 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,15 +63,12 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 43 + 43 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd - - dhcpd - - named - dnsmasq - bluetooth - #- wondershaper # Unmaintained - sshd - openvpn - remoteit @@ -80,18 +77,10 @@ #- apache # Unmaintained - former dependency #- mysql # MANDATORY - squid - #- dansguardian # Unmaintained - cups - samba - usb_lib - #- xo_services # Unmaintained - #- activity_server # Unmaintained - #- ejabberd_xs # Unmaintained - #- idmgr # Unmaintained - azuracast - #- dokuwiki # Unmaintained - #- ejabberd # Unmaintained - #- elgg # Unmaintained - gitea - jupyterhub - lokole @@ -166,3 +155,22 @@ quiet: yes when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" + +# Validates stale options are not marked for install +- name: 'DISALLOW "XYZ_install: True" Unmaintained' + assert: + that: "{{ item }}_install is undefined" + fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" + quiet: yes + with_items: + - named + - dhcpd + - wondershaper # Unmaintained + - dansguardian # Unmaintained + - xo_services # Unmaintained + - activity_server # Unmaintained + - ejabberd_xs # Unmaintained + - idmgr # Unmaintained + - dokuwiki # Unmaintained + - ejabberd # Unmaintained + - elgg # Unmaintained diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ecfa0d677..cf80f3295 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -201,13 +201,13 @@ dnsmasq_install: True dnsmasq_enabled: True # UNMAINTAINED as of July 2021 -dhcpd_install: False -dhcpd_enabled: False +#dhcpd_install: False +#dhcpd_enabled: False # UNMAINTAINED as of July 2021 # named (BIND) -named_install: False -named_enabled: False +#named_install: False +#named_enabled: False block_DNS: False # Enable in local_vars.yml AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" @@ -357,20 +357,20 @@ nodocs: False # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. # UNMAINTAINED since about 2012-2017 -xo_services_install: False # 2020-01-23: UNUSED -xo_services_enabled: False # 2020-01-23: Used in idmgr/tasks/main.yml & iiab-admin-console/roles/console/files/htmlf/20-configure.html +#xo_services_install: False # 2020-01-23: UNUSED +#xo_services_enabled: False # 2020-01-23: Used in idmgr/tasks/main.yml & iiab-admin-console/roles/console/files/htmlf/20-configure.html # UNMAINTAINED since about 2012-2017 -activity_server_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml (originally defined in activity-server/defaults/main.yml) -activity_server_enabled: False # 2020-01-23: Used in activity-server/tasks/main.yml (originally defined in activity-server/defaults/main.yml) +#activity_server_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml (originally defined in activity-server/defaults/main.yml) +#activity_server_enabled: False # 2020-01-23: Used in activity-server/tasks/main.yml (originally defined in activity-server/defaults/main.yml) # UNMAINTAINED since about 2012-2017: consider 'ejabberd' in Stage 6-GENERIC-APPS below? -ejabberd_xs_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml & roles/ejabberd_xs/tasks/main.yml -ejabberd_xs_enabled: False # 2020-01-23: Used in roles/ejabberd_xs/tasks/main.yml +#ejabberd_xs_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml & roles/ejabberd_xs/tasks/main.yml +#ejabberd_xs_enabled: False # 2020-01-23: Used in roles/ejabberd_xs/tasks/main.yml # UNMAINTAINED since about 2012-2017: change calibre_port from 8080 to 8010 below, if you use idmgr -idmgr_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml -idmgr_enabled: False # 2020-01-23: UNUSED +#idmgr_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml +#idmgr_enabled: False # 2020-01-23: UNUSED # 6-GENERIC-APPS @@ -388,17 +388,17 @@ azuracast_https_port: 10443 azuracast_port_range_prefix: 10 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 -dokuwiki_install: False -dokuwiki_enabled: False -dokuwiki_url: /dokuwiki +#dokuwiki_install: False +#dokuwiki_enabled: False +#dokuwiki_url: /dokuwiki # UNMAINTAINED as of November 2019 -ejabberd_install: False -ejabberd_enabled: False +#ejabberd_install: False +#ejabberd_enabled: False # UNMAINTAINED as of July 2021 -elgg_install: False -elgg_enabled: False +#elgg_install: False +#elgg_enabled: False # elgg_mysql_password: $6$iiab51$jeTwnATcbaa92xo0QBTgjLBU.5aVDDrbKeNyyC99R/TAWz6pvfzj.L7lfnOVVjD78nxqT.gkNn6XZmuRV0W3o1 elgg_mysql_password: elgg4kids From e382d193dad3059b38ce226d673cf292c2b631b8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 Jul 2022 06:12:00 -0500 Subject: [PATCH 0487/1758] Removed --- roles/0-init/tasks/validate_vars.yml | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 5d4566055..b7da3e09d 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 43 + 43 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 43 + 43 + 39 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -159,18 +159,19 @@ # Validates stale options are not marked for install - name: 'DISALLOW "XYZ_install: True" Unmaintained' assert: - that: "{{ item }}_install is undefined" + that: "{{ item }}_install is undefined or not {{ item }}_install" + fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" quiet: yes with_items: - - named - - dhcpd - - wondershaper # Unmaintained - - dansguardian # Unmaintained - - xo_services # Unmaintained - - activity_server # Unmaintained - - ejabberd_xs # Unmaintained - - idmgr # Unmaintained - - dokuwiki # Unmaintained - - ejabberd # Unmaintained - - elgg # Unmaintained + - named # Removed + - dhcpd # Removed + - wondershaper # Removed + - dansguardian # Removed + #- xo_services # Unmaintained + #- activity_server # Unmaintained + #- ejabberd_xs # Unmaintained + #- idmgr # Unmaintained + #- dokuwiki # Unmaintained + #- ejabberd # Unmaintained + #- elgg # Unmaintained From 48bd4223bba76e50186e2e8f72c7a4788f05ee85 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 00:20:48 -0500 Subject: [PATCH 0488/1758] network speedup --- roles/firmware/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index edbd27da2..3e33890ba 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -18,7 +18,7 @@ - name: Install firmware (for RPi internal WiFi) include_tasks: install.yml - #when: firmware_installed is undefined + when: firmware_installed is undefined # Two variables are placed in /etc/iiab/iiab_state.yml: # From 30677d78295193d6e8b165607f2927805e79d84e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 00:21:40 -0500 Subject: [PATCH 0489/1758] correct procedure --- roles/firmware/templates/iiab-check-firmware | 10 ++++++---- roles/firmware/templates/iiab-firmware-warn.sh | 5 +++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index 9e66b6462..a953d70b8 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -44,10 +44,12 @@ else echo -e "settings in /etc/iiab/local_vars.yml, please then run:" echo echo -e " cd /opt/iiab/iiab" - echo -e " sudo iiab-hotspot-off # Sometimes nec, eg to restore 'wifi_up_down: True'" - echo -e " sudo ./iiab-network # Or, 'sudo ./runrole firmware' is SOMETIMES enough" - echo -e " sudo iiab-hotspot-on # Sometimes nec, eg to restore 'wifi_up_down: True'" - echo -e " sudo poweroff\n" +# echo -e " sudo iiab-hotspot-off # Sometimes nec, eg to restore 'wifi_up_down: True'" +# echo -e " sudo ./iiab-network # Or, 'sudo ./runrole firmware' is SOMETIMES enough" +# echo -e " sudo iiab-hotspot-on # Sometimes nec, eg to restore 'wifi_up_down: True'" +# echo -e " sudo poweroff\n" + echo -e " sudo ./runrole firmware" + echo -e " sudo reboot\n" #echo #echo -e "Disconnect your power cord before rebooting, for better WiFi firmware results.\n" fi diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index 03e98ba2e..77e38c71c 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -2,8 +2,9 @@ if [ -f /tmp/.fw_modified ]; then echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" - echo - echo -e "If you want this warning to stop, run: sudo rm /tmp/.fw_modified\n" + # /tmp should be auto cleaned with a reboot + #echo + #echo -e "If you want this warning to stop, run: sudo rm /tmp/.fw_modified\n" fi # \e[1m = bright white \e[100;1m = bright white, on gray \n\e[41;1m = bright white, on red From 6d089636341a959b814e849b73136399b8e83a73 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 00:26:40 -0500 Subject: [PATCH 0490/1758] name resolution failure on the iiab box post-install when iiab-network ran with usb0 uplink --- roles/network/tasks/sysd-netd-debian.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index e88c0483e..66281973d 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -64,6 +64,13 @@ enabled: yes masked: no +- name: Enable & Restart systemd-resolved.service + systemd: + name: systemd-resolved + state: restarted + enabled: yes + masked: no + - name: Enable & Restart networkd-dispatcher.service systemd: name: networkd-dispatcher From a2cbfc45d6f558e493272d4d8fb93c91b2a4275e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 16 Jul 2022 14:26:34 -0400 Subject: [PATCH 0491/1758] firmware/templates/iiab-firmware-warn.sh: Suggest reboot --- roles/firmware/templates/iiab-firmware-warn.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index 77e38c71c..dd2c34dba 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -2,9 +2,8 @@ if [ -f /tmp/.fw_modified ]; then echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" - # /tmp should be auto cleaned with a reboot - #echo - #echo -e "If you want this warning to stop, run: sudo rm /tmp/.fw_modified\n" + echo + echo -e "If you want this warning to stop, reboot to remove /tmp/.fw_modified\n" fi # \e[1m = bright white \e[100;1m = bright white, on gray \n\e[41;1m = bright white, on red From ffb831cf664d5035947d98c530f320f1a8aea98f Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 Jul 2022 09:41:20 -0400 Subject: [PATCH 0492/1758] Clean + explain 0-init/tasks/validate_vars.yml --- roles/0-init/tasks/validate_vars.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index b7da3e09d..934c4a561 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -156,18 +156,16 @@ when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" -# Validates stale options are not marked for install -- name: 'DISALLOW "XYZ_install: True" Unmaintained' +- name: 'DISALLOW "XYZ_install: True" if deprecated' assert: that: "{{ item }}_install is undefined or not {{ item }}_install" - fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" quiet: yes with_items: - - named # Removed - - dhcpd # Removed - - wondershaper # Removed - - dansguardian # Removed + - dhcpd # Deprecated + - named # Deprecated + - wondershaper # Deprecated + - dansguardian # Deprecated #- xo_services # Unmaintained #- activity_server # Unmaintained #- ejabberd_xs # Unmaintained From cf2b5a409755c567ca263b35e7cad6fa529de219 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 Jul 2022 10:00:21 -0400 Subject: [PATCH 0493/1758] iiab-check-firmware: Emphasize './runrole --reinstall firmware' --- roles/firmware/templates/iiab-check-firmware | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index a953d70b8..b26810440 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -44,11 +44,10 @@ else echo -e "settings in /etc/iiab/local_vars.yml, please then run:" echo echo -e " cd /opt/iiab/iiab" -# echo -e " sudo iiab-hotspot-off # Sometimes nec, eg to restore 'wifi_up_down: True'" -# echo -e " sudo ./iiab-network # Or, 'sudo ./runrole firmware' is SOMETIMES enough" -# echo -e " sudo iiab-hotspot-on # Sometimes nec, eg to restore 'wifi_up_down: True'" -# echo -e " sudo poweroff\n" - echo -e " sudo ./runrole firmware" + echo -e " sudo iiab-hotspot-off # NO LONGER NEC? eg to restore 'wifi_up_down: True'" + echo -e " sudo ./runrole --reinstall firmware" + echo -e " sudo ./iiab-network # SOMETIMES NECESSARY" + echo -e " sudo iiab-hotspot-on # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo reboot\n" #echo #echo -e "Disconnect your power cord before rebooting, for better WiFi firmware results.\n" From eb3c0a2684c81e6f916c8219c49918e8d304d1da Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 11:12:40 -0500 Subject: [PATCH 0494/1758] shut the log up for #3278 --- roles/network/tasks/enable_services.yml | 4 +++- roles/network/tasks/hostapd.yml | 2 +- roles/network/tasks/install.yml | 2 +- roles/network/tasks/sysd-netd-debian.yml | 1 + 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index f6686de3d..2991a0c58 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -95,6 +95,8 @@ #- debug: # var: nd_dir +# networkd-dispatcher not enabled for is_linuxmint https://github.com/iiab/iiab/issues/3278 +# might need the same dispatcher treatment using networkmanager-dispatcher to bring up dnsmasq or look at dnsmasq-iiab - name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04 or later) (root:root by default) template: src: roles/network/templates/network/dnsmasq.sh.j2 @@ -107,7 +109,7 @@ #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") -- name: Remove /etc/dnsmasq.d/iiab.conf, when not dnsmasq_enabled or is Appliance +- name: Remove /etc/dnsmasq.d/iiab.conf, when is Appliance file: path: /etc/dnsmasq.d/iiab.conf state: absent diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 3b9231a86..0bae7b20f 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -118,7 +118,7 @@ systemd: name: "{{ item }}" enabled: no - daemon_reload: yes + daemon_reload: yes with_items: - iiab-clone-wifi.service - iiab-wifi-test.service diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 394286c32..08ddb9113 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -7,7 +7,7 @@ package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present - when: not is_raspbian + when: not is_raspbian or not is_linuxmint # 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools) # are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 66281973d..3c0b3d875 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -77,3 +77,4 @@ state: restarted enabled: yes masked: no + when: not is_linuxmint From db52b47b81d2aaa655426cfde8c8b776c903a23b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 Jul 2022 12:23:44 -0400 Subject: [PATCH 0495/1758] scripts/ansible: Recommend ansible-core 2.13.2 --- scripts/ansible | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 7a48bd30e..b5496c6e8 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] -GOOD_VER=2.13.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.13.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases (OLD) +# https://github.com/ansible/ansible/commits/stable-2.13 +# https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst # https://github.com/ansible/ansible/commits/stable-2.12 # https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-v2.12.rst # https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_12.rst From a907459b3e785efc5d2ea6191399567358ef3f2f Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 Jul 2022 16:19:36 -0400 Subject: [PATCH 0496/1758] vars/.yml: Remove dns_service, dns_user, dhcp_service --- vars/debian-11.yml | 8 +------- vars/debian-12.yml | 8 +------- vars/linuxmint-20.yml | 8 +------- vars/linuxmint-21.yml | 8 +------- vars/raspbian-11.yml | 8 +------- vars/ubuntu-2004.yml | 8 +------- vars/ubuntu-2204.yml | 8 +------- vars/ubuntu-2210.yml | 8 +------- 8 files changed, 8 insertions(+), 56 deletions(-) diff --git a/vars/debian-11.yml b/vars/debian-11.yml index 57160cecb..bf0154cef 100644 --- a/vars/debian-11.yml +++ b/vars/debian-11.yml @@ -4,23 +4,17 @@ is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_11: True -# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dhcp_service: isc-dhcp-server -dns_user: bind - proxy: squid proxy_user: proxy apache_service: apache2 apache_conf_dir: apache2/sites-available apache_user: www-data apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 7.4 diff --git a/vars/debian-12.yml b/vars/debian-12.yml index cf4fbfcea..3e22cd07e 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -4,23 +4,17 @@ is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_12: True -# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dhcp_service: isc-dhcp-server -dns_user: bind - proxy: squid proxy_user: proxy apache_service: apache2 apache_conf_dir: apache2/sites-available apache_user: www-data apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml index 0afc95bb0..4e3cc762b 100644 --- a/vars/linuxmint-20.yml +++ b/vars/linuxmint-20.yml @@ -6,23 +6,17 @@ is_ubuntu_20: True is_linuxmint: True is_linuxmint_20: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 7.4 diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index 0135cd65f..799915c1e 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -6,23 +6,17 @@ is_ubuntu_2204: True is_linuxmint: True is_linuxmint_21: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index 932455bc7..6ad1ebe21 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -6,23 +6,17 @@ is_debian_11: True is_raspbian: True is_raspbian_11: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_conf_dir: apache2/sites-available apache_user: www-data apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: ssh sshd_service: ssh php_version: 7.4 diff --git a/vars/ubuntu-2004.yml b/vars/ubuntu-2004.yml index 7e7e1a2ad..b5890c330 100644 --- a/vars/ubuntu-2004.yml +++ b/vars/ubuntu-2004.yml @@ -4,23 +4,17 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2004: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 7.4 diff --git a/vars/ubuntu-2204.yml b/vars/ubuntu-2204.yml index bbe849b36..47d60d401 100644 --- a/vars/ubuntu-2204.yml +++ b/vars/ubuntu-2204.yml @@ -4,23 +4,17 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2204: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml index e7ac7cc12..31d73daf9 100644 --- a/vars/ubuntu-2210.yml +++ b/vars/ubuntu-2210.yml @@ -4,23 +4,17 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2210: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 From 52989599dda1ade00bf46683a3c2e48c863da84c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 11:45:29 -0500 Subject: [PATCH 0497/1758] move iiab-internet-on|off - introduce netwarn --- roles/network/tasks/enable_services.yml | 11 ----------- roles/network/tasks/install.yml | 20 ++++++++++++++++++++ scripts/netwarn.sh | 8 ++++++++ 3 files changed, 28 insertions(+), 11 deletions(-) create mode 100644 scripts/netwarn.sh diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 2991a0c58..4566c00bb 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -202,17 +202,6 @@ # group: root mode: 0755 -- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) - template: - src: "{{ item }}" - dest: /usr/bin/ - # owner: root - # group: root - mode: 0755 - with_items: - - gateway/iiab-internet-on - - gateway/iiab-internet-off - - name: Add 'squid' variable values to {{ iiab_ini_file }} - if squid_installed is defined ini_file: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 08ddb9113..2a76b10c2 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -76,6 +76,26 @@ include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined +- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn + file: + src: "{{ iiab_dir }}/scripts/netwarn.sh" + dest: /usr/local/sbin/netwarn + mode: '0755' + state: link + +- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) + template: + src: "{{ item }}" + dest: /usr/bin/ + # owner: root + # group: root + mode: 0755 + with_items: + - gateway/iiab-internet-on + - gateway/iiab-internet-off + +# mate desktop detection based on 'register: nd_dir' + - name: "Set 'network_installed: True'" set_fact: diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh new file mode 100644 index 000000000..8524c22f8 --- /dev/null +++ b/scripts/netwarn.sh @@ -0,0 +1,8 @@ +if ! [ -f /etc/iiab/install-flags/iiab-network-complete ]; then + zenity --question --text="You need to provision the network. Ensure you have your upstream internet active first if needed. You will be prompted for your password. You should REBOOT afterwards, do you want to Proceed?" + rc=$? + if [ $rc == "1" ]; then + exit 1 + fi + x-terminal-emulator -e /usr/local/bin/iiab-network +fi From 8d42038ad2c0dc80121ee429c097ee91640cdd08 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 12:16:09 -0500 Subject: [PATCH 0498/1758] introduce netwarn-iiab-network.desktop --- roles/network/tasks/install.yml | 21 ++++++++++++++++++++- scripts/netwarn-iiab-network.desktop | 10 ++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 scripts/netwarn-iiab-network.desktop diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 2a76b10c2..301b3ddc0 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -94,8 +94,27 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off -# mate desktop detection based on 'register: nd_dir' +# mate desktop detection based on 'register: nd_dir' in enable_services +- name: Check if /usr/share/mate/autostart/ exists + stat: + path: /usr/share/mate/autostart/ + register: mate_dir +- name: Link /usr/share/mate/autostart/netwarn-iiab-network.desktop to {{ iiab_dir }}/scripts/netwarn-iiab-network.desktop + file: + src: "{{ iiab_dir }}/scripts/netwarn" + dest: /usr/share/mate/autostart/netwarn-iiab-network.desktop + mode: '0755' + state: link + when: mate_dir.stat.exists and mate_dir.stat.isdir + +# RpiOS detection based on register: lx in pwd-warnings.yml +- name: Is /etc/xdg/lxsession/LXDE-pi a directory? + stat: + path: /etc/xdg/lxsession/LXDE-pi + register: lx + +# clairify usage - name: "Set 'network_installed: True'" set_fact: diff --git a/scripts/netwarn-iiab-network.desktop b/scripts/netwarn-iiab-network.desktop new file mode 100644 index 000000000..35547ee41 --- /dev/null +++ b/scripts/netwarn-iiab-network.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Name[en_US]=iiab-network +Comment[en_US]=iiab-network +Name[en_CA]=iiab-network +Comment[en_CA]=iiab-network +Type=Application +Exec=/usr/local/sbin/netwarn +Hidden=false +Name=iiab-network +Comment=iiab-network From a3de7b389d3f6add35d748a13a63bddf85492dbe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 12:47:30 -0500 Subject: [PATCH 0499/1758] also allow ICO to set the complete flag --- roles/network/tasks/main.yml | 6 ++++++ scripts/iiab-network | 4 ---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 8e225eb40..1fce28475 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -101,3 +101,9 @@ include_tasks: restart.yml # end block when: network_installed is defined and network_enabled + +- name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. + file: + path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" + state: touch + when: iiab_stage|int == 9 diff --git a/scripts/iiab-network b/scripts/iiab-network index 9e56350eb..c2d12056f 100644 --- a/scripts/iiab-network +++ b/scripts/iiab-network @@ -1,7 +1,3 @@ #!/bin/bash -e cd /opt/iiab/iiab sudo ./iiab-network -rc=$? -if [[ $rc == "0" ]]; then - sudo touch /etc/iiab/install-flags/iiab-network-complete -fi From e6155e6a864c9cc8d5710d889b008b57b0a706ee Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 17 Jul 2022 15:15:56 -0500 Subject: [PATCH 0500/1758] netwarn - with reboot question --- roles/network/tasks/install.yml | 2 +- scripts/netwarn.sh | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 301b3ddc0..592c1612c 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -80,7 +80,7 @@ file: src: "{{ iiab_dir }}/scripts/netwarn.sh" dest: /usr/local/sbin/netwarn - mode: '0755' + mode: 0755 state: link - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh index 8524c22f8..641d5ba81 100644 --- a/scripts/netwarn.sh +++ b/scripts/netwarn.sh @@ -1,8 +1,20 @@ +#!/bin/bash if ! [ -f /etc/iiab/install-flags/iiab-network-complete ]; then - zenity --question --text="You need to provision the network. Ensure you have your upstream internet active first if needed. You will be prompted for your password. You should REBOOT afterwards, do you want to Proceed?" + zenity --question --width=200 --text="You need to provision the network. Ensure you have your upstream internet active first. You might be prompted for your password. Should you not want to provision the network at this time just click NO" rc=$? if [ $rc == "1" ]; then - exit 1 + exit 0 fi x-terminal-emulator -e /usr/local/bin/iiab-network + rc=$? + if [ $rc == "1" ]; then + zenity --question --width=200 --text="Network exited with error, please review /opt/iiab/iiab/iiab-network.log" + exit 1 + fi + zenity --question --width=200 --text="A REBOOT is recommended, would you like to REBOOT now?" + rc=$? + if [ $rc == "1" ]; then + exit 0 + fi + x-terminal-emulator -e /usr/sbin/reboot fi From 700cdc9a07d421eda9390267ebc6bf646f98e678 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 20:33:08 -0500 Subject: [PATCH 0501/1758] switch to using dash via sh --- scripts/netwarn.sh | 47 +++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh index 641d5ba81..457152b37 100644 --- a/scripts/netwarn.sh +++ b/scripts/netwarn.sh @@ -1,20 +1,29 @@ -#!/bin/bash -if ! [ -f /etc/iiab/install-flags/iiab-network-complete ]; then - zenity --question --width=200 --text="You need to provision the network. Ensure you have your upstream internet active first. You might be prompted for your password. Should you not want to provision the network at this time just click NO" - rc=$? - if [ $rc == "1" ]; then - exit 0 - fi - x-terminal-emulator -e /usr/local/bin/iiab-network - rc=$? - if [ $rc == "1" ]; then - zenity --question --width=200 --text="Network exited with error, please review /opt/iiab/iiab/iiab-network.log" - exit 1 - fi - zenity --question --width=200 --text="A REBOOT is recommended, would you like to REBOOT now?" - rc=$? - if [ $rc == "1" ]; then - exit 0 - fi - x-terminal-emulator -e /usr/sbin/reboot +#!/bin/sh +if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then + exit +fi + +zenity --question --width=350 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue?" +case $? in + -1|5) + exit 1 + ;; + + 1) + exit 0 + ;; + + 0) + x-terminal-emulator -e /usr/local/bin/iiab-network + ;; +esac + +if [ "$?" = "1" ]; then + zenity --warning --width=350 --text="iiab-network exited with error.\n\nPlease review /opt/iiab/iiab/iiab-network.log" + exit 1 +fi + +zenity --question --width=350 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" +if [ "$?" = "0" ]; then + x-terminal-emulator -e "sudo reboot" fi From a5c8dcc904e1c9c1426f5d8580e5560479d2e421 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 22:53:41 -0500 Subject: [PATCH 0502/1758] rework --- roles/network/tasks/install.yml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 592c1612c..20c6f279b 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -76,13 +76,7 @@ include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined -- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn - file: - src: "{{ iiab_dir }}/scripts/netwarn.sh" - dest: /usr/local/sbin/netwarn - mode: 0755 - state: link - +# all installs - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) template: src: "{{ item }}" @@ -100,11 +94,21 @@ path: /usr/share/mate/autostart/ register: mate_dir +# contents work with mate as of 'switch to using dash via sh' +# 'text' is up for debate other structural changes I do not recommend JV +# if need be cut a second version for RasPiOS + +- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn + file: + src: "{{ iiab_dir }}/scripts/netwarn.sh" + dest: /usr/local/sbin/netwarn + state: link + when: mate_dir.stat.exists and mate_dir.stat.isdir + - name: Link /usr/share/mate/autostart/netwarn-iiab-network.desktop to {{ iiab_dir }}/scripts/netwarn-iiab-network.desktop file: - src: "{{ iiab_dir }}/scripts/netwarn" + src: "{{ iiab_dir }}/scripts/netwarn-iiab-network.desktop" dest: /usr/share/mate/autostart/netwarn-iiab-network.desktop - mode: '0755' state: link when: mate_dir.stat.exists and mate_dir.stat.isdir From ad3d4f2ea913b27f184833ae203be4ba5a606e8d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 23:22:11 -0500 Subject: [PATCH 0503/1758] speedup - ssh ports are not changing --- roles/network/tasks/install.yml | 7 +++++-- roles/network/tasks/main.yml | 2 -- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 20c6f279b..330d6bd38 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -61,12 +61,12 @@ #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE -# UNMAINTAINED +# UNUSED #- name: Install named / BIND # include_tasks: roles/network/tasks/named.yml # when: named_install is defined and named_install -# UNMAINTAINED +# UNUSED #- name: Install dhcpd # include_tasks: roles/network/tasks/dhcpd.yml # when: dhcpd_install is defined and dhcpd_install @@ -88,6 +88,9 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off +- name: avahi + include_tasks: avahi.yml + # mate desktop detection based on 'register: nd_dir' in enable_services - name: Check if /usr/share/mate/autostart/ exists stat: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 1fce28475..aecbc5d7e 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -65,8 +65,6 @@ when: is_ubuntu and not is_ubuntu_16 #### Start services - - name: avahi - include_tasks: avahi.yml - name: hostapd include_tasks: hostapd.yml - name: computed_services From 9bc9f3aeee0c95b92cd0bf890d88409e229f961b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 23:49:25 -0500 Subject: [PATCH 0504/1758] fedora files --- .../templates/network/{ifcfg-WAN.j2 => ifcfg-WAN.j2.unsued} | 0 .../templates/network/{ifcfg-slave.j2 => ifcfg-slave.j2.unused} | 0 roles/network/templates/network/{ifcfg.j2 => ifcfg.j2.usused} | 0 .../network/{sysconfig.network.j2 => sysconfig.network.j2.unused} | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename roles/network/templates/network/{ifcfg-WAN.j2 => ifcfg-WAN.j2.unsued} (100%) rename roles/network/templates/network/{ifcfg-slave.j2 => ifcfg-slave.j2.unused} (100%) rename roles/network/templates/network/{ifcfg.j2 => ifcfg.j2.usused} (100%) rename roles/network/templates/network/{sysconfig.network.j2 => sysconfig.network.j2.unused} (100%) diff --git a/roles/network/templates/network/ifcfg-WAN.j2 b/roles/network/templates/network/ifcfg-WAN.j2.unsued similarity index 100% rename from roles/network/templates/network/ifcfg-WAN.j2 rename to roles/network/templates/network/ifcfg-WAN.j2.unsued diff --git a/roles/network/templates/network/ifcfg-slave.j2 b/roles/network/templates/network/ifcfg-slave.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg-slave.j2 rename to roles/network/templates/network/ifcfg-slave.j2.unused diff --git a/roles/network/templates/network/ifcfg.j2 b/roles/network/templates/network/ifcfg.j2.usused similarity index 100% rename from roles/network/templates/network/ifcfg.j2 rename to roles/network/templates/network/ifcfg.j2.usused diff --git a/roles/network/templates/network/sysconfig.network.j2 b/roles/network/templates/network/sysconfig.network.j2.unused similarity index 100% rename from roles/network/templates/network/sysconfig.network.j2 rename to roles/network/templates/network/sysconfig.network.j2.unused From ce25ac3cdc3232c24905240b79bee71693b64757 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 23:44:19 -0500 Subject: [PATCH 0505/1758] netplan setup is one time and may not even be needed --- roles/network/tasks/install.yml | 10 +++++++--- roles/network/tasks/main.yml | 5 ----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 330d6bd38..15ec9331c 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -45,6 +45,8 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' +- name: avahi + include_tasks: avahi.yml # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: - name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" @@ -76,6 +78,11 @@ include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined + #preprep for backends +- name: Netplan in use on Ubuntu 18.04+ + include_tasks: netplan.yml + when: is_ubuntu + # all installs - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) template: @@ -88,9 +95,6 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off -- name: avahi - include_tasks: avahi.yml - # mate desktop detection based on 'register: nd_dir' in enable_services - name: Check if /usr/share/mate/autostart/ exists stat: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index aecbc5d7e..579bf64e9 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -59,11 +59,6 @@ # include_tasks: squid.yml # when: squid_install and FQDN_changed and iiab_stage|int == 9 - #preprep for backends - - name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 - #### Start services - name: hostapd include_tasks: hostapd.yml From 85a5f8fd985d000ec1ddea47b0538e29d40cddd8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Jul 2022 00:05:34 -0500 Subject: [PATCH 0506/1758] unmask hostapd once --- roles/network/tasks/hostapd.yml | 3 +-- roles/network/tasks/install.yml | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 0bae7b20f..520567a66 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,8 +1,7 @@ -- name: Unmask the Access Point 'hostapd' service +- name: Disable the Access Point 'hostapd' service systemd: name: hostapd enabled: no - masked: no - name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected set_fact: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 15ec9331c..4272cd627 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -45,6 +45,12 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' +-- name: Unmask the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + masked: no + - name: avahi include_tasks: avahi.yml From 861652f141282ef212022e62a177aaabd4a4378e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Jul 2022 00:49:28 -0500 Subject: [PATCH 0507/1758] hostapd refinement --- roles/network/tasks/hostapd.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 520567a66..99fb6cf41 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,13 +1,14 @@ -- name: Disable the Access Point 'hostapd' service - systemd: - name: hostapd - enabled: no - - name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected set_fact: hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap +- name: Disable the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + when: not hostapd_enabled + - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel @@ -21,10 +22,12 @@ - name: Generate new random mac address for ap0 shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' register: ap0_mac + when: can_be_ap - name: Setting ap0 mac address for use in hostapd service file set_fact: ap0_mac_addr: "{{ ap0_mac.stdout }}" + when: can_be_ap - name: "Use custom 'hostapd' systemd service unit file using ap0 -- install from template: /etc/systemd/system/hostapd.service, /etc/systemd/system/iiab-clone-wifi.service, /etc/systemd/system/iiab-wifi-test.service, /usr/sbin/iiab-test-wifi" template: From a761450578941ae00a57e1a8930c6beccf5a21e2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Jul 2022 11:11:43 -0400 Subject: [PATCH 0508/1758] osm-vector-maps/tasks/install.yml: Clarify cities1000.sqlite is 26MB --- roles/osm-vector-maps/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index e441a6a41..2173090c4 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -20,7 +20,7 @@ - "{{ vector_map_path }}/viewer/tiles" - "{{ vector_map_path }}/installer" -- name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ +- name: Download 26MB {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" # e.g. https://raw.githubusercontent.com/iiab/maps + / + master + ... dest: "{{ vector_map_path }}/viewer/" From db770f1be5e2448c0e28b7904472011bfd22b12f Mon Sep 17 00:00:00 2001 From: root Date: Tue, 19 Jul 2022 12:17:19 -0400 Subject: [PATCH 0509/1758] roles/osm-vector-maps: D/l three 25-48MB files from repo iiab/maps-assets --- roles/osm-vector-maps/defaults/main.yml | 12 +++++++----- roles/osm-vector-maps/tasks/install.yml | 12 ++++++------ 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 7e2fd1a2d..b000c992a 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -8,18 +8,20 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# Pulls in ~38 files thx to @jvonau's #3192 -- change these 2 during testing: +# Pulls in ~37 files thx to @jvonau's #3192 -- change these 2 during testing: osm_repo_url: https://raw.githubusercontent.com/iiab/maps maps_branch: master # Quotes not required #osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps #maps_branch: maps7.3 # 2022-04-30 -- Bluehost (timmoody.com) has become extremely slow! -#map_installer_url: https://timmoody.com/iiab-files/maps -map_installer_url: https://download.iiab.io/content/OSM/vector-tiles +#maps_assets_url: https://timmoody.com/iiab-files/maps +#maps_assets_url: https://download.iiab.io/content/OSM/vector-tiles +maps_assets_url: https://raw.githubusercontent.com/iiab/maps-assets/main -installer_planet: planet_z0-z6_2020.mbtiles -installer_satellite: satellite_z0-z6_2020.mbtiles +# cities1000.sqlite # 26MB +installer_planet: planet_z0-z6_2020.mbtiles # 48MB +installer_satellite: satellite_z0-z6_2020.mbtiles # 25MB # 2022-04-30 WIP -- CLI approach to installing larger .mbtiles OSM "continents" a.k.a. regions: diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 2173090c4..ab28c7cd6 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -20,9 +20,9 @@ - "{{ vector_map_path }}/viewer/tiles" - "{{ vector_map_path }}/installer" -- name: Download 26MB {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ +- name: Download 26MB {{ maps_assets_url }}/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" # e.g. https://raw.githubusercontent.com/iiab/maps + / + master + ... + url: "{{ maps_assets_url }}/cities1000.sqlite" # e.g. https://raw.githubusercontent.com/iiab/maps-assets/main dest: "{{ vector_map_path }}/viewer/" timeout: "{{ download_timeout }}" @@ -77,9 +77,9 @@ - tileserver.php -- name: Download 48MB {{ map_installer_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer +- name: Download 48MB {{ maps_assets_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer get_url: - url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. https://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles + url: "{{ maps_assets_url }}/{{ installer_planet }}" # e.g. planet_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/installer/" timeout: "{{ download_timeout }}" @@ -95,9 +95,9 @@ path: "{{ vector_map_path }}/viewer/tiles/{{ installer_planet }}" state: link -- name: Download 25MB {{ map_installer_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ -- basic satellite photos +- name: Download 25MB {{ maps_assets_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ -- basic satellite photos get_url: - url: "{{ map_installer_url }}/{{ installer_satellite }}" # e.g. satellite_z0-z6_2020.mbtiles + url: "{{ maps_assets_url }}/{{ installer_satellite }}" # e.g. satellite_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/viewer/tiles/" timeout: "{{ download_timeout }}" From 4018d7fe04d8a94f590373ee666f1df816ff9a61 Mon Sep 17 00:00:00 2001 From: Avni Khatri Date: Wed, 20 Jul 2022 00:12:23 -0400 Subject: [PATCH 0510/1758] Correcting typo in comment on L67 Correcting per https://github.com/iiab/iiab/pull/3304#issuecomment-1189063200 to change: 44 + 44 + 0 to: 44 + 44 + 40 --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index bfa7a1a70..f5277d2d9 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -64,7 +64,7 @@ # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 0 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd From 3558f1934b64ebd49b507ec5ba8842d313c108ab Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Jul 2022 08:53:08 -0400 Subject: [PATCH 0511/1758] nodered/README.rst: Fix password changing line number --- roles/nodered/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodered/README.rst b/roles/nodered/README.rst index 102e4a995..aa3dc3236 100644 --- a/roles/nodered/README.rst +++ b/roles/nodered/README.rst @@ -20,7 +20,7 @@ Username: ``Admin`` Password: ``changeme`` -To change this password, please see: `roles/nodered/defaults/main.yml `_ +To change this password, please see: `roles/nodered/defaults/main.yml `_ You can monitor the Node-RED service with command:: From 18d2c5c6783ae54cf6cc04a3832830b39672ee6d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 20 Jul 2022 09:22:34 -0400 Subject: [PATCH 0512/1758] Create roles/nodejs/README.md --- roles/nodejs/README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 roles/nodejs/README.md diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md new file mode 100644 index 000000000..7d35c9e3e --- /dev/null +++ b/roles/nodejs/README.md @@ -0,0 +1,27 @@ +Please see IIAB's recommended Node.js version number [around line 439 of /opt/iiab/iiab/vars/default_vars.yml](https://github.com/iiab/iiab/blob/master/vars/default_vars.yml#L434-L439) + +If nodesource.com doesn't yet support your OS +--------------------------------------------- + +If nodesource.com [does not yet support your Linux OS (they often support Debian pre-releases, but generally not other OS pre-releases)](https://github.com/nodesource/distributions#deb) then you can manually install an older version of Node.js and npm as follows: + +- `sudo apt install nodejs npm` +- `sudo echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml` + +Best to do this prior to installing IIAB! + +See also late-breaking details about your individual OS: + +- https://github.com/nodesource/distributions#deb +- https://github.com/iiab/iiab/wiki/IIAB-Platforms + +Raspberry Pi Zero W Warning +--------------------------- + +Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). + +If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then ([attempt!](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)) to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml) _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole --reinstall nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617)). + +You'll (likely) also need `apt install npm`. + +Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) From 4f05d638fb39c700bd2208406c96df0777715877 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 14:02:14 -0400 Subject: [PATCH 0513/1758] scripts/netwarn.sh: Cleaner pop-ups & #!/bin/sh in-line explanation --- scripts/netwarn.sh | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh index 457152b37..59a0cc20a 100644 --- a/scripts/netwarn.sh +++ b/scripts/netwarn.sh @@ -1,29 +1,32 @@ #!/bin/sh + +# Some OS's like Ubuntu with LightDM *IGNORE* the above shebang line when this +# script is invcked from /usr/share/mate/autostart/netwarn-iiab-network.desktop +# +# WHAT HAPPENS: sh (dash) NOT BASH will always be run! As confirmed by: +# +# ps -p $$ # Whereas 'echo $SHELL' DOES NOT show the actual running shell! +# +# RECAP: We hard-code the above '#!/bin/sh' for uniformity across all distros. + if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then exit fi -zenity --question --width=350 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue?" -case $? in - -1|5) - exit 1 - ;; - - 1) - exit 0 - ;; - - 0) - x-terminal-emulator -e /usr/local/bin/iiab-network - ;; -esac - -if [ "$?" = "1" ]; then - zenity --warning --width=350 --text="iiab-network exited with error.\n\nPlease review /opt/iiab/iiab/iiab-network.log" - exit 1 +zenity --question --width=360 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue? (This can take 2-3 minutes)" +rc=$? +if [ "$rc" != "0" ]; then + exit $rc fi -zenity --question --width=350 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" +x-terminal-emulator -e /usr/local/bin/iiab-network +rc=$? +if [ "$rc" != "0" ]; then + zenity --warning --width=360 --text="iiab-network exited with error: $rc\n\nPlease review /opt/iiab/iiab/iiab-network.log" + exit $rc +fi + +zenity --question --width=360 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" if [ "$?" = "0" ]; then x-terminal-emulator -e "sudo reboot" fi From a5610dd7d50760073e2406b5aa49dd57cd2df71d Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 14:45:37 -0400 Subject: [PATCH 0514/1758] Add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart --- roles/network/tasks/install.yml | 21 +++++++++++++++------ roles/www_options/tasks/main.yml | 18 +++++++++--------- scripts/{netwarn.sh => netwarn} | 0 3 files changed, 24 insertions(+), 15 deletions(-) rename scripts/{netwarn.sh => netwarn} (100%) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 4272cd627..8188446d4 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -113,7 +113,7 @@ - name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn file: - src: "{{ iiab_dir }}/scripts/netwarn.sh" + src: "{{ iiab_dir }}/scripts/netwarn" dest: /usr/local/sbin/netwarn state: link when: mate_dir.stat.exists and mate_dir.stat.isdir @@ -125,13 +125,22 @@ state: link when: mate_dir.stat.exists and mate_dir.stat.isdir -# RpiOS detection based on register: lx in pwd-warnings.yml -- name: Is /etc/xdg/lxsession/LXDE-pi a directory? +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? stat: - path: /etc/xdg/lxsession/LXDE-pi - register: lx + path: /etc/xdg/lxsession/LXDE-pi/autostart + register: lxde_pi_autostart_present -# clairify usage +- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart + lineinfile: + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/local/sbin/netwarn$' + line: '/usr/local/sbin/netwarn' + when: lxde_pi_autostart_present.stat.exists + +# Add logic for Mint & stock Ubuntu here? (in addition to Mate & LXDE-pi) + + +# RECORD Network AS INSTALLED - name: "Set 'network_installed: True'" set_fact: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 445ee5e0e..ec25d97ef 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -23,29 +23,29 @@ when: nginx_installed is defined #when: nginx_install -- name: Make home page autostart on localhost (the server's console) if session manager is LXDE (rpi) +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box.lan IIAB home page) stat: path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_present + register: lxde_pi_autostart_present -- name: Check for Chromium name change +- name: Does /usr/bin/chromium exist? (check for browser filename change) stat: path: /usr/bin/chromium register: chromium_present -- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE +- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart lineinfile: path: /etc/xdg/lxsession/LXDE-pi/autostart regexp: '^/usr/bin/chromium-browser' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: lxde_present.stat.exists and not chromium_present.stat.exists + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: lxde_pi_autostart_present.stat.exists and not chromium_present.stat.exists -- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE +- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart lineinfile: path: /etc/xdg/lxsession/LXDE-pi/autostart regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium --disable-restore-session-state http://box/home' - when: lxde_present.stat.exists and chromium_present.stat.exists + line: '/usr/bin/chromium --disable-restore-session-state http://box/home' + when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists - debug: diff --git a/scripts/netwarn.sh b/scripts/netwarn similarity index 100% rename from scripts/netwarn.sh rename to scripts/netwarn From a442bd7b26cf4adaa9187bfa1aec2f92541d540a Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 15:14:09 -0400 Subject: [PATCH 0515/1758] Move scripts/netwarn* to roles/network/templates/netwarn/ --- roles/network/tasks/install.yml | 43 ++----------------- roles/network/tasks/netwarn.yml | 37 ++++++++++++++++ .../network/templates/netwarn}/netwarn | 0 .../netwarn}/netwarn-iiab-network.desktop | 0 4 files changed, 40 insertions(+), 40 deletions(-) create mode 100644 roles/network/tasks/netwarn.yml rename {scripts => roles/network/templates/netwarn}/netwarn (100%) mode change 100644 => 100755 rename {scripts => roles/network/templates/netwarn}/netwarn-iiab-network.desktop (100%) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 8188446d4..c84ec9a23 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,7 +1,7 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/dnsmasq.yml + include_tasks: dnsmasq.yml - name: Install package networkd-dispatcher (OS's other than RasPiOS) package: @@ -94,50 +94,13 @@ template: src: "{{ item }}" dest: /usr/bin/ - # owner: root - # group: root mode: 0755 with_items: - gateway/iiab-internet-on - gateway/iiab-internet-off -# mate desktop detection based on 'register: nd_dir' in enable_services -- name: Check if /usr/share/mate/autostart/ exists - stat: - path: /usr/share/mate/autostart/ - register: mate_dir - -# contents work with mate as of 'switch to using dash via sh' -# 'text' is up for debate other structural changes I do not recommend JV -# if need be cut a second version for RasPiOS - -- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn - file: - src: "{{ iiab_dir }}/scripts/netwarn" - dest: /usr/local/sbin/netwarn - state: link - when: mate_dir.stat.exists and mate_dir.stat.isdir - -- name: Link /usr/share/mate/autostart/netwarn-iiab-network.desktop to {{ iiab_dir }}/scripts/netwarn-iiab-network.desktop - file: - src: "{{ iiab_dir }}/scripts/netwarn-iiab-network.desktop" - dest: /usr/share/mate/autostart/netwarn-iiab-network.desktop - state: link - when: mate_dir.stat.exists and mate_dir.stat.isdir - -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? - stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_pi_autostart_present - -- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/local/sbin/netwarn$' - line: '/usr/local/sbin/netwarn' - when: lxde_pi_autostart_present.stat.exists - -# Add logic for Mint & stock Ubuntu here? (in addition to Mate & LXDE-pi) +- name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' + include_tasks: netwarn.yml # RECORD Network AS INSTALLED diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml new file mode 100644 index 000000000..098a5c49e --- /dev/null +++ b/roles/network/tasks/netwarn.yml @@ -0,0 +1,37 @@ +# mate desktop detection based on 'register: nd_dir' in enable_services +- name: Does /usr/share/mate/autostart/ exist? + stat: + path: /usr/share/mate/autostart/ + register: mate_dir + +# contents work with mate as of 'switch to using dash via sh' +# 'text' is up for debate other structural changes I do not recommend JV + +- name: 'Install from template: /usr/local/sbin/netwarn' + file: + src: netwarn/netwarn + dest: /usr/local/sbin/ + mode: 0755 + when: mate_dir.stat.exists and mate_dir.stat.isdir + +- name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop' + file: + src: netwarn/netwarn-iiab-network.desktop + dest: /usr/share/mate/autostart/ + when: mate_dir.stat.exists and mate_dir.stat.isdir + + +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? + stat: + path: /etc/xdg/lxsession/LXDE-pi/autostart + register: lxde_pi_autostart_present + +- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart + lineinfile: + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/local/sbin/netwarn$' + line: '/usr/local/sbin/netwarn' + when: lxde_pi_autostart_present.stat.exists + + +# 2022-07-21: Is autostart pop-up logic for Mint & stock Ubuntu much the same? diff --git a/scripts/netwarn b/roles/network/templates/netwarn/netwarn old mode 100644 new mode 100755 similarity index 100% rename from scripts/netwarn rename to roles/network/templates/netwarn/netwarn diff --git a/scripts/netwarn-iiab-network.desktop b/roles/network/templates/netwarn/netwarn-iiab-network.desktop similarity index 100% rename from scripts/netwarn-iiab-network.desktop rename to roles/network/templates/netwarn/netwarn-iiab-network.desktop From 42b5b766c45399748cdee28f0d1f53036298e316 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 15:30:44 -0400 Subject: [PATCH 0516/1758] network/tasks/install.yml: hostapd syntax errors 85a5f8fd (3 days ago) --- roles/network/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index c84ec9a23..3cc89148a 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -45,11 +45,11 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' --- name: Unmask the Access Point 'hostapd' service - systemd: - name: hostapd - enabled: no - masked: no +- name: Unmask the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + masked: no - name: avahi include_tasks: avahi.yml From 44af07638b9395207c6b72d604c93e4553be4f1a Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 19:53:37 +0000 Subject: [PATCH 0517/1758] Clean up roles/network/tasks/netwarn.yml --- roles/network/tasks/netwarn.yml | 49 +++++++++++++++++---------------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 098a5c49e..91c66c14f 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -1,26 +1,3 @@ -# mate desktop detection based on 'register: nd_dir' in enable_services -- name: Does /usr/share/mate/autostart/ exist? - stat: - path: /usr/share/mate/autostart/ - register: mate_dir - -# contents work with mate as of 'switch to using dash via sh' -# 'text' is up for debate other structural changes I do not recommend JV - -- name: 'Install from template: /usr/local/sbin/netwarn' - file: - src: netwarn/netwarn - dest: /usr/local/sbin/ - mode: 0755 - when: mate_dir.stat.exists and mate_dir.stat.isdir - -- name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop' - file: - src: netwarn/netwarn-iiab-network.desktop - dest: /usr/share/mate/autostart/ - when: mate_dir.stat.exists and mate_dir.stat.isdir - - - name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? stat: path: /etc/xdg/lxsession/LXDE-pi/autostart @@ -34,4 +11,30 @@ when: lxde_pi_autostart_present.stat.exists +# mate desktop detection based on 'register: nd_dir' in enable_services +- name: Does /usr/share/mate/autostart/ exist? + stat: + path: /usr/share/mate/autostart/ + register: mate_dir + +# contents work with mate as of 'switch to using dash via sh' +# 'text' is up for debate other structural changes I do not recommend JV + +- name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop' + template: + src: netwarn/netwarn-iiab-network.desktop + dest: /usr/share/mate/autostart/ + when: mate_dir.stat.exists and mate_dir.stat.isdir + + # 2022-07-21: Is autostart pop-up logic for Mint & stock Ubuntu much the same? + +# (Let's insert those here if so, and refine the 'when:' line below.) + + +- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn' + template: + src: netwarn/netwarn + dest: /usr/local/sbin/ + mode: 0755 + when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir) From 2530b779fc5afff5efb4c703610f66c77329b679 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 19:05:58 -0400 Subject: [PATCH 0518/1758] Bypass dysfunctional error-checking if mate-terminal detected --- roles/network/templates/netwarn/netwarn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/netwarn index 59a0cc20a..146c41725 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/netwarn @@ -21,7 +21,7 @@ fi x-terminal-emulator -e /usr/local/bin/iiab-network rc=$? -if [ "$rc" != "0" ]; then +if [ "$rc" != "0" ] && [ ! -f /usr/bin/mate-terminal ]; then zenity --warning --width=360 --text="iiab-network exited with error: $rc\n\nPlease review /opt/iiab/iiab/iiab-network.log" exit $rc fi From 78e65f44ddffa68f951c3e48e99911fc0d4685fd Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Jul 2022 21:45:22 -0400 Subject: [PATCH 0519/1758] Intercept mate-terminal RC + tee iiab-network errors to iiab-network.log --- iiab-network | 35 ++++++++++++------------- roles/network/templates/netwarn/netwarn | 22 +++++----------- 2 files changed, 24 insertions(+), 33 deletions(-) diff --git a/iiab-network b/iiab-network index 9ac41f986..54e781a66 100755 --- a/iiab-network +++ b/iiab-network @@ -4,11 +4,15 @@ CWD=`pwd` export ANSIBLE_LOG_PATH="$CWD/iiab-network.log" -if [ ! -f iiab-network.yml ]; then - echo "iiab-network.yml not found in current directory." - echo "Please rerun this command from the top level of the git repo." - echo "Exiting." +exit_error() { + echo -e "\nEXITING: "$@ | tee -a /opt/iiab/iiab/iiab-network.log exit 1 +} + +if [ ! -f iiab-network.yml ]; then + exit_error "iiab-network.yml not found in current directory." \ + "Please rerun this command from the top level of the git repo." \ + "Exiting." fi OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit @@ -19,26 +23,21 @@ if [ -f /etc/iiab/iiab.env ]; then if grep -q STAGE= /etc/iiab/iiab.env ; then echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env" if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then - echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is non-integer" - exit 1 + exit_error "STAGE (counter) value == ""$STAGE"" is non-integer" elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then - echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is out-of-range" - exit 1 + exit_error "STAGE (counter) value == ""$STAGE"" is out-of-range" elif [ "$STAGE" -lt 3 ]; then - echo -e "\nEXITING: STAGE (counter) value == ""$STAGE" - echo -e "\nIIAB Stage 3 not complete." - echo -e "\nPlease run: ./iiab-install" - exit 1 + exit_error "STAGE (counter) value == ""$STAGE" \ + "\nIIAB Stage 3 not complete." \ + "\nPlease run: ./iiab-install" fi else - echo -e "\nEXITING: STAGE (counter) not found" - echo -e "\nIIAB not installed." - echo -e "\nPlease run: ./iiab-install" - exit 1 + exit_error "STAGE (counter) not found" \ + "\nIIAB not installed." \ + "\nPlease run: ./iiab-install" fi else - echo -e "\nEXITING: /etc/iiab/iiab.env not found" - exit 1 + exit_error "/etc/iiab/iiab.env not found" fi echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log" diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/netwarn index 146c41725..fc4c8f4bb 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/netwarn @@ -1,13 +1,4 @@ -#!/bin/sh - -# Some OS's like Ubuntu with LightDM *IGNORE* the above shebang line when this -# script is invcked from /usr/share/mate/autostart/netwarn-iiab-network.desktop -# -# WHAT HAPPENS: sh (dash) NOT BASH will always be run! As confirmed by: -# -# ps -p $$ # Whereas 'echo $SHELL' DOES NOT show the actual running shell! -# -# RECAP: We hard-code the above '#!/bin/sh' for uniformity across all distros. +#!/bin/bash if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then exit @@ -15,18 +6,19 @@ fi zenity --question --width=360 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue? (This can take 2-3 minutes)" rc=$? -if [ "$rc" != "0" ]; then +if [[ $rc != "0" ]]; then exit $rc fi -x-terminal-emulator -e /usr/local/bin/iiab-network -rc=$? -if [ "$rc" != "0" ] && [ ! -f /usr/bin/mate-terminal ]; then +# mate-terminal always returns 255 w/ autostart, so intercept/record return code +x-terminal-emulator -e "bash -c '/usr/local/bin/iiab-network; echo \"\$?\" > /tmp/iiab-network.rc'" +rc=$(cat /tmp/iiab-network.rc) +if [[ $rc != "0" ]]; then zenity --warning --width=360 --text="iiab-network exited with error: $rc\n\nPlease review /opt/iiab/iiab/iiab-network.log" exit $rc fi zenity --question --width=360 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" -if [ "$?" = "0" ]; then +if [[ $? == "0" ]]; then x-terminal-emulator -e "sudo reboot" fi From 0763d56fa986eeb6a183332b565dd196a42c11fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Jul 2022 23:21:53 -0400 Subject: [PATCH 0520/1758] iiab-network: Lint intendation --- iiab-network | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-network b/iiab-network index 54e781a66..6d286c2a0 100755 --- a/iiab-network +++ b/iiab-network @@ -28,8 +28,8 @@ if [ -f /etc/iiab/iiab.env ]; then exit_error "STAGE (counter) value == ""$STAGE"" is out-of-range" elif [ "$STAGE" -lt 3 ]; then exit_error "STAGE (counter) value == ""$STAGE" \ - "\nIIAB Stage 3 not complete." \ - "\nPlease run: ./iiab-install" + "\nIIAB Stage 3 not complete." \ + "\nPlease run: ./iiab-install" fi else exit_error "STAGE (counter) not found" \ From e221c0a91cba9139bc905058cab21a4cac852c62 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Jul 2022 23:26:14 -0400 Subject: [PATCH 0521/1758] iiab-network: Remove repetitive output --- iiab-network | 1 - 1 file changed, 1 deletion(-) diff --git a/iiab-network b/iiab-network index 6d286c2a0..5e3d5ba20 100755 --- a/iiab-network +++ b/iiab-network @@ -12,7 +12,6 @@ exit_error() { if [ ! -f iiab-network.yml ]; then exit_error "iiab-network.yml not found in current directory." \ "Please rerun this command from the top level of the git repo." \ - "Exiting." fi OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit From 71351c18b1363c33c13ce1f6da8854f4a7e7511b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Jul 2022 23:38:47 -0400 Subject: [PATCH 0522/1758] Rename ifcfg-WAN.j2.unsued to ifcfg-WAN.j2.unused --- .../network/{ifcfg-WAN.j2.unsued => ifcfg-WAN.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/network/templates/network/{ifcfg-WAN.j2.unsued => ifcfg-WAN.j2.unused} (100%) diff --git a/roles/network/templates/network/ifcfg-WAN.j2.unsued b/roles/network/templates/network/ifcfg-WAN.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg-WAN.j2.unsued rename to roles/network/templates/network/ifcfg-WAN.j2.unused From f1ba6d82cc13427d062be77c8b68de191531b79d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Jul 2022 23:39:18 -0400 Subject: [PATCH 0523/1758] Rename ifcfg.j2.usused to ifcfg.j2.unused --- .../templates/network/{ifcfg.j2.usused => ifcfg.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/network/templates/network/{ifcfg.j2.usused => ifcfg.j2.unused} (100%) diff --git a/roles/network/templates/network/ifcfg.j2.usused b/roles/network/templates/network/ifcfg.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg.j2.usused rename to roles/network/templates/network/ifcfg.j2.unused From f8cb292828785d5c51aa8db26e1bcdb156baac74 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 09:14:26 -0400 Subject: [PATCH 0524/1758] FULL/PATH/dnsmasq.yml in network/tasks/install.yml for 1-prep --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 3cc89148a..dcb17feb4 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,7 +1,7 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 - include_tasks: dnsmasq.yml + include_tasks: roles/network/tasks/dnsmasq.yml # Invoked by 1-prep (so full path needed) - name: Install package networkd-dispatcher (OS's other than RasPiOS) package: From a450db1f1a5fafba73aa6b1c48e59ef4a3c91916 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 09:27:31 -0400 Subject: [PATCH 0525/1758] FULL/PATH to Avahi stuff in roles/network for 1-prep --- roles/network/tasks/avahi.yml | 2 +- roles/network/tasks/install.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 15a62de8e..8fe5f7159 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -7,7 +7,7 @@ - name: Install avahi announce config file /etc/avahi/services/schoolserver.service template: - src: avahi/schoolserver.service + src: roles/network/templates/avahi/schoolserver.service # Invoked by 1-prep (so full path needed) dest: /etc/avahi/services/schoolserver.service owner: avahi group: avahi diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index dcb17feb4..d375f8b5d 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -51,8 +51,8 @@ enabled: no masked: no -- name: avahi - include_tasks: avahi.yml +- name: Install Avahi (mDNS, Zeroconf/Bonjour) + include_tasks: roles/network/tasks/avahi.yml # Invoked by 1-prep (so full path needed) # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: - name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" From 7d0bf6c1ef0bd0daf35f873fa60fc6d8ce763578 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 09:51:53 -0400 Subject: [PATCH 0526/1758] FULL/PATH to netplan.yml & netwarn.yml for 1-prep --- roles/network/tasks/install.yml | 6 +++--- roles/network/tasks/main.yml | 30 +++++++++++++++++------------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index d375f8b5d..088aac902 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -81,12 +81,12 @@ # LESS MAINTAINED - name: Install Squid - include_tasks: roles/network/tasks/squid.yml + include_tasks: roles/network/tasks/squid.yml # Invoked by 1-prep (so full path needed) when: squid_install and squid_installed is undefined #preprep for backends - name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml + include_tasks: roles/network/tasks/netplan.yml # Invoked by 1-prep (so full path needed) when: is_ubuntu # all installs @@ -100,7 +100,7 @@ - gateway/iiab-internet-off - name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' - include_tasks: netwarn.yml + include_tasks: roles/network/tasks/netwarn.yml # Invoked by 1-prep (so full path needed) # RECORD Network AS INSTALLED diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 579bf64e9..36359edb1 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -43,21 +43,24 @@ - name: Configuring Network if enabled block: - # - name: Configure wondershaper - # include_tasks: wondershaper.yml - # when: wondershaper_install or wondershaper_installed is defined -# - name: (Re)Install named -# include_tasks: named.yml -# when: named_install and FQDN_changed and iiab_stage|int == 9 + # DEPRECATED + #- name: Configure wondershaper + # include_tasks: wondershaper.yml + # when: wondershaper_install or wondershaper_installed is defined + # + #- name: (Re)Install named + # include_tasks: named.yml + # when: named_install and FQDN_changed and iiab_stage|int == 9 + # + #- name: (Re)Install dhcpd + # include_tasks: dhcpd.yml + # when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 -# - name: (Re)Install dhcpd -# include_tasks: dhcpd.yml -# when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 - -# - name: (Re)Install Squid -# include_tasks: squid.yml -# when: squid_install and FQDN_changed and iiab_stage|int == 9 + # 2022-07-22: Is './runrole --reinstall network' the new way to make this run? + #- name: (Re)Install Squid + # include_tasks: squid.yml + # when: squid_install and FQDN_changed and iiab_stage|int == 9 #### Start services - name: hostapd @@ -92,6 +95,7 @@ - name: Restart services include_tasks: restart.yml + # end block when: network_installed is defined and network_enabled From 556db4bfb643298460dd089d981b2ac92a5567e3 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 10:53:24 -0400 Subject: [PATCH 0527/1758] 2 vars in detected_network.yml to netplan.yml; FULL/PATHS for 1-prep --- roles/network/tasks/detected_network.yml | 21 +++++++--------- roles/network/tasks/install.yml | 4 +-- roles/network/tasks/main.yml | 32 +++++++++++++----------- roles/network/tasks/netplan.yml | 13 ++++++++++ roles/network/tasks/netwarn.yml | 4 +-- 5 files changed, 43 insertions(+), 31 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 01ff42e18..9acffaab6 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -36,25 +36,22 @@ device_gw: "{{ discovered_wan_iface }}" when: ansible_default_ipv4.gateway is defined -- name: Figure out netplan file name - shell: ls /etc/netplan - register: netplan - ignore_errors: True # pre 17.10 doesn't use netplan - when: is_ubuntu +# 2022-07-22: Moved to netplan.yml +# - name: Figure out netplan file name +# shell: ls /etc/netplan +# register: netplan +# ignore_errors: True # pre 17.10 doesn't use netplan +# when: is_ubuntu - name: Setting dhcpcd_test results set_fact: dhcpcd_result: "{{ ansible_local.local_facts.dhcpcd }}" -- name: Setting systemd_networkd results +# 2022-07-22: Copied to netplan.yml (REMOVE DUPLICATE CODE LATER?!) +- name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms" set_fact: systemd_networkd_active: True - when: 'ansible_local.local_facts.systemd_networkd == "enabled"' - -- name: Setting systemd_networkd-2 results - set_fact: - systemd_networkd_active: True - when: 'ansible_local.local_facts.systemd_networkd == "enabled-runtime"' + when: ansible_local.local_facts.systemd_networkd == "enabled" or ansible_local.local_facts.systemd_networkd == "enabled-runtime" - name: Setting network_manager results set_fact: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 088aac902..4ce34c3c1 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -96,8 +96,8 @@ dest: /usr/bin/ mode: 0755 with_items: - - gateway/iiab-internet-on - - gateway/iiab-internet-off + - roles/network/templates/gateway/iiab-internet-on # Invoked by 1-prep (so full path needed) + - roles/network/templates/gateway/iiab-internet-off # Invoked by 1-prep (so full path needed) - name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' include_tasks: roles/network/tasks/netwarn.yml # Invoked by 1-prep (so full path needed) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 36359edb1..efea4cf3f 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -25,21 +25,23 @@ include_tasks: install.yml when: network_install and network_installed is undefined -- name: Create /usr/bin/iiab-hotspot-on from template - template: - src: hostapd/iiab-hotspot-on - dest: /usr/bin/iiab-hotspot-on - owner: root - group: root - mode: 0755 - -- name: Create /usr/bin/iiab-hotspot-off from template - template: - src: hostapd/iiab-hotspot-off - dest: /usr/bin/iiab-hotspot-off - owner: root - group: root - mode: 0755 +# 2022-07-22: Should be done in install.yml above (avoid duplication if poss?) +# +# - name: Create /usr/bin/iiab-hotspot-on from template +# template: +# src: hostapd/iiab-hotspot-on +# dest: /usr/bin/iiab-hotspot-on +# owner: root +# group: root +# mode: 0755 +# +# - name: Create /usr/bin/iiab-hotspot-off from template +# template: +# src: hostapd/iiab-hotspot-off +# dest: /usr/bin/iiab-hotspot-off +# owner: root +# group: root +# mode: 0755 - name: Configuring Network if enabled block: diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 43865d437..2e685be3e 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -1,3 +1,16 @@ +# 2022-07-22: Moved from detected_network.yml +- name: Figure out netplan file name + shell: ls /etc/netplan + register: netplan + #ignore_errors: True # pre 17.10 doesn't use netplan + +# 2022-07-22: Copied from detected_network.yml (REMOVE DUPLICATE CODE LATER?!) +- name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms" + set_fact: + systemd_networkd_active: True + when: ansible_local.local_facts.systemd_networkd == "enabled" or ansible_local.local_facts.systemd_networkd == "enabled-runtime" + + - name: Disable cloud-init the easy way shell: touch /etc/cloud/cloud-init.disabled when: item|trim == "50-cloud-init.yaml" diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 91c66c14f..d31b262d7 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -22,7 +22,7 @@ - name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop' template: - src: netwarn/netwarn-iiab-network.desktop + src: roles/network/templates/netwarn/netwarn-iiab-network.desktop # Invoked by 1-prep (so full path needed) dest: /usr/share/mate/autostart/ when: mate_dir.stat.exists and mate_dir.stat.isdir @@ -34,7 +34,7 @@ - name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn' template: - src: netwarn/netwarn + src: roles/network/templates/netwarn/netwarn # Invoked by 1-prep (so full path needed) dest: /usr/local/sbin/ mode: 0755 when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir) From 79d6bd8bc66778b319e52d358627840b5ebb601d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 11:15:38 -0400 Subject: [PATCH 0528/1758] iiab-network: Line ending typo / syntax error --- iiab-network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-network b/iiab-network index 5e3d5ba20..5dc831b8e 100755 --- a/iiab-network +++ b/iiab-network @@ -11,7 +11,7 @@ exit_error() { if [ ! -f iiab-network.yml ]; then exit_error "iiab-network.yml not found in current directory." \ - "Please rerun this command from the top level of the git repo." \ + "Please rerun this command from the top level of the git repo." fi OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit From f33e15ecd2eb5adacf3770ab1dd48dad24d6804f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 11:25:47 -0400 Subject: [PATCH 0529/1758] network/tasks/restart.yml also needed netplan var. Dup code for now :/ --- roles/network/tasks/detected_network.yml | 2 +- roles/network/tasks/main.yml | 2 ++ roles/network/tasks/netplan.yml | 2 +- roles/network/tasks/restart.yml | 8 ++++++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 9acffaab6..8a5dd3a5d 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -36,7 +36,7 @@ device_gw: "{{ discovered_wan_iface }}" when: ansible_default_ipv4.gateway is defined -# 2022-07-22: Moved to netplan.yml +# 2022-07-22: Moved to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) # - name: Figure out netplan file name # shell: ls /etc/netplan # register: netplan diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index efea4cf3f..5a000f13b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -43,6 +43,7 @@ # group: root # mode: 0755 + - name: Configuring Network if enabled block: @@ -101,6 +102,7 @@ # end block when: network_installed is defined and network_enabled + - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 2e685be3e..8a772d214 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -1,4 +1,4 @@ -# 2022-07-22: Moved from detected_network.yml +# 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) - name: Figure out netplan file name shell: ls /etc/netplan register: netplan diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index de930332f..e5a825dee 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -1,3 +1,11 @@ +# 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) +- name: Figure out netplan file name + shell: ls /etc/netplan + register: netplan + #ignore_errors: True # pre 17.10 doesn't use netplan + when: is_ubuntu + + - name: Restart wpa_supplicant service systemd: name: "{{ item }}" From 60579c6c008e7b12c5a463087ca5f3d602deab49 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 12:18:58 -0400 Subject: [PATCH 0530/1758] network/tasks/install.yml: Spacing around "all installs" header --- roles/network/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 4ce34c3c1..ebdf5a080 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -90,6 +90,7 @@ when: is_ubuntu # all installs + - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) template: src: "{{ item }}" From e71efff7e2481c42d1132fd692836d2ec4415e06 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 14:43:39 -0400 Subject: [PATCH 0531/1758] network/tasks/main.yml: Restore iiab-hotspot-on|off --- roles/network/tasks/main.yml | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 5a000f13b..9187eeb48 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -25,23 +25,14 @@ include_tasks: install.yml when: network_install and network_installed is undefined -# 2022-07-22: Should be done in install.yml above (avoid duplication if poss?) -# -# - name: Create /usr/bin/iiab-hotspot-on from template -# template: -# src: hostapd/iiab-hotspot-on -# dest: /usr/bin/iiab-hotspot-on -# owner: root -# group: root -# mode: 0755 -# -# - name: Create /usr/bin/iiab-hotspot-off from template -# template: -# src: hostapd/iiab-hotspot-off -# dest: /usr/bin/iiab-hotspot-off -# owner: root -# group: root -# mode: 0755 +- name: Install /usr/bin/iiab-hotspot-on|off from template (root:root by default) + template: + src: "{{ item }}" + dest: /usr/bin/ + mode: 0755 + with_items: + - hostapd/iiab-hotspot-on + - hostapd/iiab-hotspot-off - name: Configuring Network if enabled From 69aba8eec3ef4121d98fc9a8f7c1de2b9412504c Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 15:14:40 -0400 Subject: [PATCH 0532/1758] network/tasks/main.yml: Swap order of iiab-hotspot-on|off & install.yml on @jvonau's request --- roles/network/tasks/main.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 9187eeb48..6a2ba3a7a 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -21,10 +21,10 @@ - name: computed_network include_tasks: computed_network.yml -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: install.yml - when: network_install and network_installed is undefined - +# 2022-07-22: @jvonau asks for this to be (1) AFTER computed_network.yml [what +# goes into the 'hotspot' depends on what can_be_ap and wifi_up_down are set to] +# AND (2) BEFORE install.yml -- FYI Admin Console reads iiab_network_mode from +# /etc/iiab/iiab.ini and uses /usr/bin/iiab-hotspot-on|off. - name: Install /usr/bin/iiab-hotspot-on|off from template (root:root by default) template: src: "{{ item }}" @@ -34,6 +34,10 @@ - hostapd/iiab-hotspot-on - hostapd/iiab-hotspot-off +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_install and network_installed is undefined + - name: Configuring Network if enabled block: From dbeaf024824738ae766c181caedd38dae9e3630f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 15:35:05 -0400 Subject: [PATCH 0533/1758] Try to explain ordering of iiab-hotspot-on|off & install.yml (in network/tasks/main.yml) --- roles/network/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 6a2ba3a7a..67f9d28e7 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -21,10 +21,10 @@ - name: computed_network include_tasks: computed_network.yml -# 2022-07-22: @jvonau asks for this to be (1) AFTER computed_network.yml [what -# goes into the 'hotspot' depends on what can_be_ap and wifi_up_down are set to] -# AND (2) BEFORE install.yml -- FYI Admin Console reads iiab_network_mode from -# /etc/iiab/iiab.ini and uses /usr/bin/iiab-hotspot-on|off. +# 2022-07-22: @jvonau asks for this to be (1) BELOW computed_network.yml +# (what goes into iiab-hotspot-on|off depends on can_be_ap and wifi_up_down) +# AND (2) ABOVE install.yml for some reason? REQUIREMENT: Admin Console reads +# iiab_network_mode from /etc/iiab/iiab.ini + uses /usr/bin/iiab-hotspot-on|off - name: Install /usr/bin/iiab-hotspot-on|off from template (root:root by default) template: src: "{{ item }}" From 9f5032d74fa3566f2becfe1f9e5a80e81332bc9b Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Jul 2022 15:59:10 -0400 Subject: [PATCH 0534/1758] Comment out 'netplan apply' from restart.yml (trim netplan.yml later?) --- roles/network/tasks/restart.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index e5a825dee..1576a2af3 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -1,9 +1,9 @@ # 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) -- name: Figure out netplan file name - shell: ls /etc/netplan - register: netplan - #ignore_errors: True # pre 17.10 doesn't use netplan - when: is_ubuntu +# - name: Figure out netplan file name +# shell: ls /etc/netplan +# register: netplan +# #ignore_errors: True # pre 17.10 doesn't use netplan +# when: is_ubuntu - name: Restart wpa_supplicant service @@ -33,9 +33,13 @@ daemon_reload: yes when: hostapd_enabled and (wifi_up_down or not no_net_restart) -- name: Reload netplan for Wifi gateway on Ubuntu 18+ - shell: netplan apply - when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 +# 2022-07-22: @jvonau suggests commenting this out as: "we really don't touch +# any of the config files... netplan.yml renames one file if it's a container +# build like on MATE, could possibly skip netplan.yml in future or toss that in +# the mix now and see what shakes up" [ok, but keep netplan.yml as is for now] +# - name: Reload netplan for Wifi gateway on Ubuntu 18+ +# shell: netplan apply +# when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 #- name: Start named service # systemd: From 6b5678555f7afaf8b73755efd4315dc4e0dfbbeb Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 16:34:52 -0400 Subject: [PATCH 0535/1758] gitea/tasks/install.yml: Clarify slow d/l can be ~15min --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 820e44868..7e064548f 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -43,7 +43,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~103 MB) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~100 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16 From acda63894116c5f89945337b5fd296e9d159396a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 18:37:00 -0400 Subject: [PATCH 0536/1758] www_options/tasks/main.yml: Mention http://box/home for LXDE-pi/autostart --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index ec25d97ef..83464d059 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -23,7 +23,7 @@ when: nginx_installed is defined #when: nginx_install -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box.lan IIAB home page) +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) stat: path: /etc/xdg/lxsession/LXDE-pi/autostart register: lxde_pi_autostart_present From da97d3e7c256e1a0ae19cf1ff850204e389799dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 18:42:39 -0400 Subject: [PATCH 0537/1758] netwarn.yml note: /etc/profile.d for ssh in future? #3318 --- roles/network/tasks/netwarn.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index d31b262d7..421b648f9 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -1,3 +1,7 @@ +# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/netwarn but for +# ssh sessions (across all OS's/distros/window managers) might also make sense? + + - name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? stat: path: /etc/xdg/lxsession/LXDE-pi/autostart From 7bd9eb3e4f8e7ee6050afe383733dbac8313c5dc Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 20:31:19 -0400 Subject: [PATCH 0538/1758] www_options: Mention netwarn.yml & pwd-warnings.yml --- roles/www_options/tasks/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 83464d059..bca310071 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -21,7 +21,10 @@ - name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install include_tasks: roles/nginx/tasks/homepage.yml when: nginx_installed is defined - #when: nginx_install + + +# 2022-07-22: SIMILAR TO roles/network/tasks/netwarn.yml +# AND roles/iiab-admin/tasks/pwd-warnings.yml - name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) stat: From e9806667acbd6ffd189d1ad3b4b5963962b6d251 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 20:38:22 -0400 Subject: [PATCH 0539/1758] pwd-warnings.yml: Mention www_options & netwarn.yml --- roles/iiab-admin/tasks/pwd-warnings.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index d1379b3fb..e63c8841b 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -1,3 +1,7 @@ +# 2022-07-22: SIMILAR TO roles/www_options/tasks/main.yml FOR browser +# AND roles/network/tasks/netwarn.yml FOR iiab-network + + - name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default template: src: sshpwd-profile-iiab.sh.j2 From 3e69c957e421f9a505c08d134efe4914d37e5741 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 20:42:29 -0400 Subject: [PATCH 0540/1758] www_options/tasks/main.yml: Refine comment --- roles/www_options/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index bca310071..05bd3e12f 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -23,8 +23,8 @@ when: nginx_installed is defined -# 2022-07-22: SIMILAR TO roles/network/tasks/netwarn.yml -# AND roles/iiab-admin/tasks/pwd-warnings.yml +# 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords +# AND roles/network/tasks/netwarn.yml FOR iiab-network - name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) stat: From b73567260afa6aafde1705baacaf9346e4e117a6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Jul 2022 20:47:36 -0400 Subject: [PATCH 0541/1758] netwarn.yml: Note similar pwd-warnings.yml & www_options --- roles/network/tasks/netwarn.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 421b648f9..c1f687e28 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -1,3 +1,6 @@ +# 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords +# AND roles/www_options/tasks/main.yml FOR browser + # 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/netwarn but for # ssh sessions (across all OS's/distros/window managers) might also make sense? From 41728b644452509d29245bdc05afc45aab9ea296 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 23 Jul 2022 13:16:55 -0500 Subject: [PATCH 0542/1758] default --- roles/network/tasks/netplan.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 8a772d214..a341c2622 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -4,6 +4,11 @@ register: netplan #ignore_errors: True # pre 17.10 doesn't use netplan +# 2022-07-23 +- name: Default to False + set_fact: + systemd_networkd_active: False + # 2022-07-22: Copied from detected_network.yml (REMOVE DUPLICATE CODE LATER?!) - name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms" set_fact: From 14b6fa624e3bf13f18faacf45ce6fe0d5868f78c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 23 Jul 2022 13:52:38 -0500 Subject: [PATCH 0543/1758] wording --- roles/network/tasks/install.yml | 2 +- roles/network/tasks/sysd-netd-debian.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index ebdf5a080..197361780 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -3,7 +3,7 @@ - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml # Invoked by 1-prep (so full path needed) -- name: Install package networkd-dispatcher (OS's other than RasPiOS) +- name: Install package networkd-dispatcher (OS's other than RasPiOS and LinuxMint) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 3c0b3d875..7e3b49566 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -71,7 +71,7 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service +- name: Enable & Restart networkd-dispatcher.service except for LinuxMint systemd: name: networkd-dispatcher state: restarted From 1b6c988b2153980506154872d8c2645ffba6f3ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 23 Jul 2022 15:54:38 -0400 Subject: [PATCH 0544/1758] netplan.yml: Explain forced 'systemd_networkd_active: False' (for 1-prep) --- roles/network/tasks/netplan.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index a341c2622..8af6b807c 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -4,8 +4,9 @@ register: netplan #ignore_errors: True # pre 17.10 doesn't use netplan -# 2022-07-23 -- name: Default to False +# 2022-07-23: PR #3319 "Ubuntu variants [all] use NetworkManager as the backend +# for use with netplan and ship with systemd-networkd present but disabled" +- name: "Force default 'systemd_networkd_active: False' -- nec b/c network/default/main.yml is omitted when 1-prep directly invokes network/tasks/install.yml" set_fact: systemd_networkd_active: False From 67c866a8c9d7561d996ab1792b8be97f435666a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 23 Jul 2022 15:56:01 -0400 Subject: [PATCH 0545/1758] network/tasks/install.yml: "Linux Mint" w/ space --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 197361780..8ac1b8cc6 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -3,7 +3,7 @@ - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml # Invoked by 1-prep (so full path needed) -- name: Install package networkd-dispatcher (OS's other than RasPiOS and LinuxMint) +- name: Install package networkd-dispatcher (OS's other than RasPiOS and Linux Mint) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present From b7b200cef15f48ad7e8d8529992dd0cd5800973c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 23 Jul 2022 15:56:43 -0400 Subject: [PATCH 0546/1758] network/tasks/sysd-netd-debian.yml: "Linux Mint" w/ space --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 7e3b49566..35aa0b6b0 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -71,7 +71,7 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service except for LinuxMint +- name: Enable & Restart networkd-dispatcher.service except for Linux Mint systemd: name: networkd-dispatcher state: restarted From 002e98efeee8fde3c3a5ab70ae074e43f7f3b05c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Jul 2022 14:09:10 -0400 Subject: [PATCH 0547/1758] =?UTF-8?q?OER2Go.org=20now=20hosts=20a=20casino?= =?UTF-8?q?=20in=20Indonesia=20=E2=98=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/www_base/files/html/html/credits.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/files/html/html/credits.html b/roles/www_base/files/html/html/credits.html index 7bc53de49..6ab6950cc 100644 --- a/roles/www_base/files/html/html/credits.html +++ b/roles/www_base/files/html/html/credits.html @@ -36,9 +36,9 @@ Internet-in-a-Box also includes the work of content aggregators which we gratefully acknowledge:

- RACHEL is a curation of selected offline content at oer2go.org.
Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at www.kiwix.org.
KA Lite is a server and repository of Khan Academy content in various languages at learningequality.org/ka-lite.

+ OER2Go/RACHEL is a curation of selected offline content at rachel.worldpossible.org/content.
Internet-in-a-Box also contains a number of applications each of which has its own attribution information, which is included.

From 354110b0f57434b78bea63dd790de7df49879ee0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Jul 2022 14:13:38 -0400 Subject: [PATCH 0548/1758] Update LICENSING.md --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index fac901b1d..53bc9d1ef 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2021, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2022, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From 66138941e99e9d672177816d7e26c3b4e68ba996 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Tue, 26 Jul 2022 11:38:11 -0400 Subject: [PATCH 0549/1758] handle missing or empty library.xml --- roles/kiwix/templates/iiab-make-kiwix-lib | 12 +++++++++--- roles/pylibs/templates/iiab_lib.py | 3 ++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib b/roles/kiwix/templates/iiab-make-kiwix-lib index 083b87116..e69271949 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib +++ b/roles/kiwix/templates/iiab-make-kiwix-lib @@ -19,10 +19,16 @@ if flock -n -e 200; then : # write to {{ kiwix_library_xml }}.tmp to minimize kiwix down # zim map could be out of sync for a few seconds # using new version that does deltas - cp $KIWIXLIB $KIWIXLIB.tmp - /usr/bin/iiab-make-kiwix-lib.py + if [ -f $KIWIXLIB ]; then + cp $KIWIXLIB $KIWIXLIB.tmp + /usr/bin/iiab-make-kiwix-lib.py + else + /usr/bin/iiab-make-kiwix-lib.py -f # force rebuild of library.xml + fi {{ systemctl_program }} stop kiwix-serve - rm $KIWIXLIB + if [ -f $KIWIXLIB ]; then + rm $KIWIXLIB + fi mv $KIWIXLIB.tmp $KIWIXLIB {{ systemctl_program }} start kiwix-serve else diff --git a/roles/pylibs/templates/iiab_lib.py b/roles/pylibs/templates/iiab_lib.py index 84dee97e3..ef9da7e82 100644 --- a/roles/pylibs/templates/iiab_lib.py +++ b/roles/pylibs/templates/iiab_lib.py @@ -85,8 +85,9 @@ def read_library_xml(lib_xml_file, kiwix_exclude_attr=["favicon"]): # duplicated attributes[attr] = child.attrib[attr] # copy if not id or in exclusion list zims_installed[zim_id] = attributes path_to_id_map[child.attrib['path']] = zim_id - except IOError: + except: # though I try how can I carry on zims_installed = {} + path_to_id_map = {} return zims_installed, path_to_id_map def rem_libr_xml(zim_id, kiwix_library_xml): From 914285037a0393e04fa6ea35469d8c2013f8c701 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 27 Jul 2022 12:55:20 -0400 Subject: [PATCH 0550/1758] /usr/local/sbin/netwarn: Test-during-boot reminder #3318 --- roles/network/templates/netwarn/netwarn | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/netwarn index fc4c8f4bb..8c5d95b05 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/netwarn @@ -1,5 +1,15 @@ #!/bin/bash +# CONFUSING BUT FYI: Commands below run *strictly sequentially* when this +# script (/usr/local/sbin/netwarn) is invoked by autostart during OS boot. +# This allows return codes to be meaningful, at each successive step. +# (As of July 2022, this is tested to work well with Ubuntu Mate and RasPiOS +# on Raspberry Pi 4!) +# +# IN CONTRAST: return codes below are NOT MEANINGFUL when this script is +# invoked from a regularly graphical desktop session -- so make sure to test +# during an actual OS boot-up, with autostart! + if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then exit fi From 004b89015d773f25327ac10353f2bcae820279d1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 27 Jul 2022 15:53:46 -0400 Subject: [PATCH 0551/1758] /usr/local/sbin/network: Comment clarif (RasPiOS w/ desktop) --- roles/network/templates/netwarn/netwarn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/netwarn index 8c5d95b05..a8f7a7916 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/netwarn @@ -3,8 +3,8 @@ # CONFUSING BUT FYI: Commands below run *strictly sequentially* when this # script (/usr/local/sbin/netwarn) is invoked by autostart during OS boot. # This allows return codes to be meaningful, at each successive step. -# (As of July 2022, this is tested to work well with Ubuntu Mate and RasPiOS -# on Raspberry Pi 4!) +# (As of July 2022, this is tested to work well with Ubuntu Mate and "Raspberry +# Pi OS with desktop" on Raspberry Pi 4!) # # IN CONTRAST: return codes below are NOT MEANINGFUL when this script is # invoked from a regularly graphical desktop session -- so make sure to test From c6ee32d0c08bf7d6595d7c9b707d3f47352bc043 Mon Sep 17 00:00:00 2001 From: Carl Wivagg Date: Thu, 28 Jul 2022 06:36:33 -0400 Subject: [PATCH 0552/1758] fix timezone issue --- roles/matomo/tasks/install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 3e41602e2..68942ea3c 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -137,7 +137,6 @@ body: siteName: "IIAB" url: "{{ matomo_host_url }}" - timezone: "{{ ansible_date_time.tz }}" ecommerce: 0 body_format: form-urlencoded status_code: 302 From 9ad5a9caa128cbb5e3748fe6fe8f58f9619ff5b4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 28 Jul 2022 14:18:49 +0000 Subject: [PATCH 0553/1758] network/tasks/detected_network.yml: can_be_ap grep failed on absence of regex --- roles/network/tasks/detected_network.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 8a5dd3a5d..40c239184 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -113,6 +113,7 @@ shell: iw list | grep '^[[:space:]]*\* AP$' register: look_for_ap when: discovered_wireless_iface != "none" + failed_when: False # Hides red errors (stronger than 'ignore_errors: yes') -- otherwise Ansible will fail if grep returns '1' on absence of regex! - name: Set can_be_ap if 'iw list' output contains suitable '* AP' set_fact: From cd6358514d0cab3e660aa916a7b6f5420888c0ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 28 Jul 2022 16:55:16 -0400 Subject: [PATCH 0554/1758] Modernize matomo/tasks/main.yml for skip_role_on_error #3255 --- roles/matomo/tasks/main.yml | 52 +++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index 7453b4821..eec80e81a 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -19,31 +19,37 @@ quiet: yes -- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled - include_tasks: nginx.yml +- block: + - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml -- name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: matomo_installed is undefined + - name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: matomo_installed is undefined + # LET'S ADD THIS "ON/OFF SWITCH" IF POSS! + # - include_tasks: enable-or-disable.yml -# LET'S ADD THIS "ON/OFF SWITCH" IF POSS! -# - include_tasks: enable-or-disable.yml + - name: Add 'matomo' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: matomo + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Matomo + - option: description + value: '"Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership."' + - option: matomo_install + value: "{{ matomo_install }}" + - option: matomo_enabled + value: "{{ matomo_enabled }}" + + rescue: - -- name: Add 'matomo' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: matomo - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Matomo - - option: description - value: '"Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership."' - - option: matomo_install - value: "{{ matomo_install }}" - - option: matomo_enabled - value: "{{ matomo_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From b51fbe21b73da1ff25a1eaa502bc9a63d9f04759 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 30 Jul 2022 15:41:11 -0400 Subject: [PATCH 0555/1758] Use the new 'gitea_version: 1.17' instead of 1.16 --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index d438312de..9fb97153a 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.16 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. +gitea_version: 1.17 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. iset_suffixes: i386: 386 x86_64: amd64 From 0b83307f7355bf210914d1e53613fbe2b2c3f66c Mon Sep 17 00:00:00 2001 From: root Date: Sat, 30 Jul 2022 18:45:51 -0400 Subject: [PATCH 0556/1758] Kolibri PPA promises auto-upgrades. List 25 -> 31 languages --- roles/kolibri/defaults/main.yml | 3 +- roles/kolibri/tasks/install.yml | 59 ++++++++++++++++++++++++--------- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 49 insertions(+), 21 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 0354eb1c4..43f412f79 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -16,7 +16,8 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +# 2022-07-30: UNCOMMENT THE FOLLOWING LINE TO TEST A PARTICULAR .deb INSTALL +# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release: # https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb # diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 77ec7692e..9bcc2c057 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -35,8 +35,35 @@ apt: deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # these don't do a thing for now but + KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later + when: kolibri_deb_url is defined + +- block: # ELSE... + + # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html says: + # "When you use the PPA installation method, upgrades to newer versions + # will be automatic, provided there is internet access available." + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu) + apt_repository: + repo: ppa:learningequality/kolibri + when: is_ubuntu + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian) + apt_repository: + repo: ppa:learningequality/kolibri + codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) + when: is_debian + + - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri + apt: + name: kolibri + environment: + KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but + KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later + + when: kolibri_deb_url is undefined - name: 'Install from template: /etc/systemd/system/kolibri.service' template: @@ -52,20 +79,20 @@ # 2019-10-01: Should no longer be nec, thanks to /etc/kolibri/daemon.conf # containing KOLIBRI_HOME="/library/kolibri" (above) -#- name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri -# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate -# ignore_errors: yes -# become: yes -# become_user: "{{ kolibri_user }}" -# when: kolibri_provision +# - name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri +# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate +# ignore_errors: yes +# become: yes +# become_user: "{{ kolibri_user }}" +# when: kolibri_provision # 2020-01-05: Deprecated per https://github.com/iiab/iiab/issues/2103 -#- name: Set Kolibri default language ({{ kolibri_language }}) -# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" -# ignore_errors: yes -# become: yes -# become_user: "{{ kolibri_user }}" -# when: kolibri_provision +# - name: Set Kolibri default language ({{ kolibri_language }}) +# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" +# ignore_errors: yes +# become: yes +# become_user: "{{ kolibri_user }}" +# when: kolibri_provision - name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language' shell: > @@ -91,9 +118,9 @@ # 2019-10-07: Moved to roles/httpd/tasks/main.yml # 2019-09-29: roles/kiwix/tasks/kiwix_install.yml installs 4 Apache modules # for similar purposes (not all nec?) Only 1 (proxy_http) is needed here. -#- name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri -# apache2_module: -# name: proxy_http +# - name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri +# apache2_module: +# name: proxy_http # RECORD Kolibri AS INSTALLED diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index a88ff7af0..2e3e7da63 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -291,7 +291,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 6d4cc1b1d..fb5f6b582 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -291,7 +291,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index d84945e0c..04c881193 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -291,7 +291,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 2df3ba79b..17130e1f4 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -291,7 +291,7 @@ kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: False From 4ad26221119cf244c692b0a630ba9efbf58dc133 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 Aug 2022 00:56:49 -0400 Subject: [PATCH 0557/1758] Live w/ red errors to set can_be_ap ('failed_when: False' was too strong) --- roles/network/tasks/detected_network.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 40c239184..72bbb1810 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -108,12 +108,12 @@ set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" -- name: Run 'iw list' to check for Access Point capability - #command: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc +- name: Run 'iw list' to check for Access Point capability -- if discovered_wireless_iface != "none" + # shell: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc shell: iw list | grep '^[[:space:]]*\* AP$' register: look_for_ap - when: discovered_wireless_iface != "none" - failed_when: False # Hides red errors (stronger than 'ignore_errors: yes') -- otherwise Ansible will fail if grep returns '1' on absence of regex! + when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) + ignore_errors: yes # 'failed_when: False' hides red errors, but is too strong (renders useless the look_for_ap.failed test below!) - name: Set can_be_ap if 'iw list' output contains suitable '* AP' set_fact: From 5499f09ec485595b8c1bc453ff49648f9dcc2e74 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 1 Aug 2022 01:43:40 -0400 Subject: [PATCH 0558/1758] detected_network.yml: Clarify #3329 can_be_ap grep RC --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 72bbb1810..1a298b753 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -110,7 +110,7 @@ - name: Run 'iw list' to check for Access Point capability -- if discovered_wireless_iface != "none" # shell: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc - shell: iw list | grep '^[[:space:]]*\* AP$' + shell: iw list | grep '^[[:space:]]*\* AP$' # If grep doesn't find the regex, it returns 1 (hence 'ignore_errors: yes' below) register: look_for_ap when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) ignore_errors: yes # 'failed_when: False' hides red errors, but is too strong (renders useless the look_for_ap.failed test below!) From d99fcaddd6956391f2684c110f834ae5e152c431 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 1 Aug 2022 02:07:34 -0400 Subject: [PATCH 0559/1758] detected_network.yml: Clarify 'can_be_ap: True' for #3329 --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 1a298b753..9d68baa24 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -115,7 +115,7 @@ when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) ignore_errors: yes # 'failed_when: False' hides red errors, but is too strong (renders useless the look_for_ap.failed test below!) -- name: Set can_be_ap if 'iw list' output contains suitable '* AP' +- name: "Set 'can_be_ap: True' if 'iw list' output contains suitable '* AP'" set_fact: can_be_ap: True when: look_for_ap.failed is defined and not look_for_ap.failed From 112347ffa3f339a73bd9b4debb9cc27fe544e67a Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 Aug 2022 17:15:03 -0400 Subject: [PATCH 0560/1758] iiab-network alert: "WiFi chipset/firmware NOT CAPABLE of AP Mode (details above)" --- roles/network/tasks/detected_network.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 9d68baa24..3fad5831c 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -108,12 +108,19 @@ set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" -- name: Run 'iw list' to check for Access Point capability -- if discovered_wireless_iface != "none" - # shell: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc - shell: iw list | grep '^[[:space:]]*\* AP$' # If grep doesn't find the regex, it returns 1 (hence 'ignore_errors: yes' below) - register: look_for_ap - when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) - ignore_errors: yes # 'failed_when: False' hides red errors, but is too strong (renders useless the look_for_ap.failed test below!) +- block: + - name: Run 'iw list' to check for Access Point capability -- if discovered_wireless_iface ({{ discovered_wireless_iface }}) != "none" + # shell: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc + shell: iw list | grep '^[[:space:]]*\* AP$' # If grep doesn't find the regex, it returns 1 (hence 'ignore_errors: yes' 9 lines below) + register: look_for_ap + when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) + # failed_when: False # Hides red errors and is too strong (renders useless the look_for_ap.failed test below!) + + rescue: # Force another red error msg (to explain) then proceed + - name: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + fail: + msg: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + ignore_errors: yes - name: "Set 'can_be_ap: True' if 'iw list' output contains suitable '* AP'" set_fact: @@ -125,7 +132,7 @@ register: wifi_gateway_found when: discovered_wireless_iface != "none" -- name: Set has_wifi_gateway if WiFi has default gateway detected for {{ discovered_wireless_iface }} +- name: "Set 'has_wifi_gateway: True' if WiFi has default gateway detected for discovered_wireless_iface ({{ discovered_wireless_iface }}) -- otherwise leave it undefined" set_fact: has_wifi_gateway: True when: discovered_wireless_iface != "none" and (wifi_gateway_found.stdout|int > 0) @@ -184,7 +191,7 @@ with_items: - "{{ lan_list_result.stdout_lines }}" -- name: Set iiab_wireless_lan_iface to {{ discovered_wireless_iface }} if not none +- name: Set iiab_wireless_lan_iface to discovered_wireless_iface ({{ discovered_wireless_iface }}) if not none set_fact: iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}" when: discovered_wireless_iface != "none" and not wifi_up_down From 015abc52c759d0ac6140f346886920800eb61257 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 Aug 2022 17:28:50 -0400 Subject: [PATCH 0561/1758] detected_network.yml: Unindent can_be_ap rescue clause (explanation) --- roles/network/tasks/detected_network.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 3fad5831c..51a85ce86 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -117,10 +117,10 @@ # failed_when: False # Hides red errors and is too strong (renders useless the look_for_ap.failed test below!) rescue: # Force another red error msg (to explain) then proceed - - name: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) - fail: - msg: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) - ignore_errors: yes + - name: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + fail: + msg: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + ignore_errors: yes - name: "Set 'can_be_ap: True' if 'iw list' output contains suitable '* AP'" set_fact: From 530b1dbc6e2eb8d244fabbd19a42c0161aff8e2d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 15:51:39 -0400 Subject: [PATCH 0562/1758] iiab-diagnostics: sudo ufw status verbose --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 2de2e1c76..1cad03da0 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,7 @@ echo -e "\n 5. Firewall Rules:\n" echo -e "\n\n\n5. FIREWALL RULES\n" >> $outfile #cat_file /usr/bin/iiab-gen-iptables cat_cmd 'sudo iptables-save' 'Firewall rules' +cat_cmd 'sudo ufw status verbose' 'Firewall status & rules' echo -e "\n 6. Log Files: (e.g. last 100 lines of each)\n" echo -e "\n\n\n6. LOG FILES (e.g. LAST 100 LINES OF EACH)\n" >> $outfile From 16b40cdf058b151d01e98393ef1ef0292b642ffa Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 15:55:58 -0400 Subject: [PATCH 0563/1758] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 63d0edc59..b2ae9eaf0 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-242 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-243 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 7b6d02884a4a67072bba49c8fd0037ab301384a1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 17:26:23 -0400 Subject: [PATCH 0564/1758] iiab-diagnostics: dmesg | tail -100 (kernel/driver messages) --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 1cad03da0..a6fdfbff8 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -241,6 +241,7 @@ cat_tail /opt/iiab/iiab/iiab-network.log 100 cat_tail /opt/iiab/iiab-admin-console/admin-install.log 100 cat_tail /var/log/messages 100 cat_tail /var/log/syslog 100 +cat_cmd 'dmesg | tail -100' 'kernel/driver messages' linecount=$(wc -l $outfile | sed 's/\s.*$//') sizecount=$(du -h $outfile | sed 's/\s.*$//') From ac8a022bbaa9616710aa012856111efbe8338586 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 17:26:45 -0400 Subject: [PATCH 0565/1758] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index b2ae9eaf0..da9754842 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-243 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-244 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From dc2c531947657cfff2c9efc172faef4385129fcd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 22:27:44 -0400 Subject: [PATCH 0566/1758] Disallow multi-line var second_gateway_found ~= exclude_devices --- roles/network/tasks/detected_network.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 51a85ce86..976e46987 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -142,6 +142,10 @@ register: second_gateway_found changed_when: False +- assert: + that: second_gateway_found.stdout_lines | length == 1 + fail_msg: "IIAB currently DOES NOT SUPPORT multiple secondary gateways." + - name: Set exclude_devices if default gateway has been detected for {{ second_gateway_found.stdout }} set_fact: exclude_devices: "{{ second_gateway_found.stdout }}" From 99a05c6a78612039e95a272dc4d22dfb4e379203 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 22:47:21 -0400 Subject: [PATCH 0567/1758] Clean up "multiple secondary gateways" error handling --- roles/network/tasks/detected_network.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 976e46987..899300d53 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -142,9 +142,10 @@ register: second_gateway_found changed_when: False -- assert: - that: second_gateway_found.stdout_lines | length == 1 - fail_msg: "IIAB currently DOES NOT SUPPORT multiple secondary gateways." +- name: Fail intentionally and explain, if multiple secondary gateways are detected + fail: + msg: "IIAB currently DOES NOT SUPPORT multiple secondary gateways: {{ second_gateway_found.stdout }}" + when: second_gateway_found.stdout_lines is defined and second_gateway_found.stdout_lines | length > 1 - name: Set exclude_devices if default gateway has been detected for {{ second_gateway_found.stdout }} set_fact: From 664dd5da5eb0c3d993a08875779fd73364a79c04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Aug 2022 23:00:43 -0400 Subject: [PATCH 0568/1758] Clarify "multiple secondary gateways" detection --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 899300d53..e04ae0e20 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -142,7 +142,7 @@ register: second_gateway_found changed_when: False -- name: Fail intentionally and explain, if multiple secondary gateways are detected +- name: If multiple secondary gateways are detected, fail intentionally and explain fail: msg: "IIAB currently DOES NOT SUPPORT multiple secondary gateways: {{ second_gateway_found.stdout }}" when: second_gateway_found.stdout_lines is defined and second_gateway_found.stdout_lines | length > 1 From dbeb20597ec770e1e3aed204bc0a528e57dacc72 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 4 Aug 2022 13:05:19 -0400 Subject: [PATCH 0569/1758] iiab-diagnostics: dmesg | grep -i -e 80211 ... (brcm, realtek, etc) --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a6fdfbff8..56855bd02 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -216,7 +216,8 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' -cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +#cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | tail -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' @@ -241,7 +242,6 @@ cat_tail /opt/iiab/iiab/iiab-network.log 100 cat_tail /opt/iiab/iiab-admin-console/admin-install.log 100 cat_tail /var/log/messages 100 cat_tail /var/log/syslog 100 -cat_cmd 'dmesg | tail -100' 'kernel/driver messages' linecount=$(wc -l $outfile | sed 's/\s.*$//') sizecount=$(du -h $outfile | sed 's/\s.*$//') From fe0854be728844eb63681034a96d29dee21c0e11 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 4 Aug 2022 13:13:15 -0400 Subject: [PATCH 0570/1758] dmesg | grep | head -100 (not tail -100) --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 56855bd02..1fdb97933 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -217,7 +217,7 @@ cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | tail -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' From acfb4ff36f29d1cbb52267dacaf3cb1c48999d8f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 5 Aug 2022 09:33:30 -0400 Subject: [PATCH 0571/1758] Update roles/network/README.rst for #3308 --- roles/network/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/network/README.rst b/roles/network/README.rst index 3d0a3082f..a95e247ff 100644 --- a/roles/network/README.rst +++ b/roles/network/README.rst @@ -8,7 +8,9 @@ Specifically, this 'network' role is run... - ...automatically during IIAB installation, after `/opt/iiab/iiab/iiab-install <../../iiab-install>`_ has run `Stages 0-to-9 <..>`_ (thanks to `iiab-stages.yml <../../iiab-stages.yml>`_). - ...automatically by IIAB's **Admin Console** (http://box/admin) if you click **Configure** -> **Install Configured Options** — this is similar to the above, but only runs Stage 0, then Stage 4-to-9, and then finally this 'network' role/stage (thanks to `iiab-from-console.yml <../../iiab-from-console.yml>`_). -- ...or manually, if you run ``cd /opt/iiab/iiab`` then `sudo ./iiab-network <../../iiab-network>`_ (which is much the same as running ``sudo ./runrole network``). +- ...or manually, if you run `sudo iiab-network <../../scripts/iiab-network>`_ + - A stronger version is also available if necessary: ``cd /opt/iiab/iiab`` then ``sudo ./runrole --reinstall network`` + - If your IIAB was installed prior to August 2022, instead run: ``cd /opt/iiab/iiab`` then `sudo ./iiab-network <../../iiab-network>`_ (which is much the same as running ``sudo ./runrole network``). Many IIAB networking questions can be answered in these 2 documents: From 115276baad1ce4e2ce3da615a75993789d4f2c0a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 7 Aug 2022 08:50:02 -0400 Subject: [PATCH 0572/1758] Revert "1-prep/templates/iiab-expand-rootfs: Avoid reboot" --- roles/1-prep/templates/iiab-expand-rootfs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 82799f8d8..bc81bd302 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -11,11 +11,11 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then echo "$0: Expanding rootfs partition" -# if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS -# # 2022-02-17: Uses do_expand_rootfs() from: -# # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config -# raspi-config --expand-rootfs # REQUIRES A REBOOT -# else # REQUIRES NO REBOOT; works on all OS's + if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS + # 2022-02-17: Uses do_expand_rootfs() from: + # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config + raspi-config --expand-rootfs + else # Other Linux OS's # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 ROOT_DEV="/dev/$(lsblk -no pkname "$ROOT_PART")" # e.g. /dev/sda or /dev/mmcblk0 @@ -53,7 +53,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # # Resize partition # growpart /dev/$root_dev $root_part_no # resize2fs /dev/$root_part -# fi + fi rm -f /.expand-rootfs /.resize-rootfs fi From e58c4b0c9c883b8cf026859c3c8c53744a221985 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 7 Aug 2022 08:56:26 -0400 Subject: [PATCH 0573/1758] iiab-expand-rootfs: Note collision (race condition) w/ fsck --- roles/1-prep/templates/iiab-expand-rootfs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index bc81bd302..2cd28de46 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -14,8 +14,8 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config - raspi-config --expand-rootfs - else # Other Linux OS's + raspi-config --expand-rootfs # REQUIRES A REBOOT + else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325) # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 ROOT_DEV="/dev/$(lsblk -no pkname "$ROOT_PART")" # e.g. /dev/sda or /dev/mmcblk0 From e351801933ce9c89c0cd25f0725fbc8ae8b84257 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 7 Aug 2022 20:29:24 -0400 Subject: [PATCH 0574/1758] 1-prep/templates/iiab-expand-rootfs.service based on 2020's #2522 --- roles/1-prep/templates/iiab-expand-rootfs.service | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index f7f68402c..89e42f2ab 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -1,5 +1,8 @@ [Unit] Description=Root Filesystem Auto-Expander +DefaultDependencies=no +After=systemd-remount-fs.service +Before=dphys-swapfile.service [Service] Environment=TERM=linux @@ -8,7 +11,7 @@ ExecStart=/usr/sbin/iiab-expand-rootfs # "Standard output type syslog is obsolete" # StandardError=syslog # WHEREAS StandardError=journal is the default, per https://www.freedesktop.org/software/systemd/man/systemd.exec.html#StandardOutput= -RemainAfterExit=no +RemainAfterExit=yes [Install] -WantedBy=multi-user.target +WantedBy=local-fs.target From 6403ce517a348baa2c453659258695d7896e4ddd Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Aug 2022 18:18:53 -0400 Subject: [PATCH 0575/1758] iiab-expand-rootfs.service: TimeoutSec=infinity in [Service] --- roles/1-prep/templates/iiab-expand-rootfs.service | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index 89e42f2ab..1d29e4b90 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -8,6 +8,7 @@ Before=dphys-swapfile.service Environment=TERM=linux Type=oneshot ExecStart=/usr/sbin/iiab-expand-rootfs +TimeoutSec=infinity # "Standard output type syslog is obsolete" # StandardError=syslog # WHEREAS StandardError=journal is the default, per https://www.freedesktop.org/software/systemd/man/systemd.exec.html#StandardOutput= From 5c26d52549e2344aa2012fd5692ad530bcb85ede Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Aug 2022 19:24:23 -0400 Subject: [PATCH 0576/1758] iiab-expand-rootfs.service: Explain Before=dphys-swapfile.service --- roles/1-prep/templates/iiab-expand-rootfs.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index 1d29e4b90..0756d8151 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -2,6 +2,8 @@ Description=Root Filesystem Auto-Expander DefaultDependencies=no After=systemd-remount-fs.service +# 2022-08-08: While dphys-swapfile.service doesn't exist on Ubuntu, Mint +# and pure Debian, the following line may still serve a purpose on RasPiOS: Before=dphys-swapfile.service [Service] From 3798685ba7ec369196acf4f045146d4eae6ed7c5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Aug 2022 19:52:51 -0400 Subject: [PATCH 0577/1758] iiab-expand-rootfs.service: Explain TimeoutSec=infinity --- roles/1-prep/templates/iiab-expand-rootfs.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index 0756d8151..f8333e020 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -10,6 +10,8 @@ Before=dphys-swapfile.service Environment=TERM=linux Type=oneshot ExecStart=/usr/sbin/iiab-expand-rootfs +# 2022-08-08: By default, systemd dangerously kills rootfs expansion after just +# 90s (1TB microSD cards take ~8 min to expand). Let's remove the time limit: TimeoutSec=infinity # "Standard output type syslog is obsolete" # StandardError=syslog From c3ab1236a5fae68c4bf73b00bb9f5522ce8cc2ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Aug 2022 22:46:36 -0400 Subject: [PATCH 0578/1758] iiab-expand-rootfs.service: Explain After=systemd-remount-fs.service --- roles/1-prep/templates/iiab-expand-rootfs.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs.service b/roles/1-prep/templates/iiab-expand-rootfs.service index f8333e020..91de4cc5b 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs.service +++ b/roles/1-prep/templates/iiab-expand-rootfs.service @@ -1,6 +1,8 @@ [Unit] Description=Root Filesystem Auto-Expander DefaultDependencies=no +# 2022-08-08: IIAB's 4 core OS's have 'After=systemd-fsck-root.service' WITHIN +# systemd-remount-fs.service, allowing us to avoid #3325 race condition w/ fsck After=systemd-remount-fs.service # 2022-08-08: While dphys-swapfile.service doesn't exist on Ubuntu, Mint # and pure Debian, the following line may still serve a purpose on RasPiOS: From 35211d0e603df3058d62fdb22a41126276693441 Mon Sep 17 00:00:00 2001 From: Mohamad Date: Tue, 9 Aug 2022 08:02:37 +0200 Subject: [PATCH 0579/1758] revert `lokole_repo` to original repo --- roles/lokole/defaults/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index d3799a86f..f5c283cae 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -14,8 +14,7 @@ # https://pypi.org/project/opwen-email-client/ ...OR... HARDCODE EITHER HERE: #lokole_commit: # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/lokole/commits/master #lokole_version: # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history -# TODO: revert back to main repo after upstream PR is merged -lokole_repo: https://github.com/mabuelhagag/lokole.git # the lokole git repo location to pull from if lokole_commit is defined +lokole_repo: https://github.com/ascoderu/lokole.git # the lokole git repo location to pull from if lokole_commit is defined lokole_admin_user: admin # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole) lokole_admin_password: changeme From 15a2a3f8a6092c5768c53f3c27fe9d9cd32e348c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Aug 2022 09:36:31 -0400 Subject: [PATCH 0580/1758] Disable openvpn service AND openvpn_enabled in local_vars.yml --- roles/openvpn/templates/iiab-remote-off | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off index 9d3b0d258..f450bc79d 100755 --- a/roles/openvpn/templates/iiab-remote-off +++ b/roles/openvpn/templates/iiab-remote-off @@ -19,6 +19,12 @@ if [ $? -ne 0 ]; then exit 1 fi +if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then + sed -i "s/^openvpn_enabled:.*/openvpn_enabled: False/" /etc/iiab/local_vars.yml +else + echo "openvpn_enabled: False" >> /etc/iiab/local_vars.yml +fi + systemctl disable openvpn systemctl stop openvpn From 83dc48ba7d3841b38c136b3e5a754fc79ece40d4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Aug 2022 09:45:09 -0400 Subject: [PATCH 0581/1758] iiab-remote-off: Comment out stale guidance --- roles/openvpn/templates/iiab-remote-off | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off index f450bc79d..914621435 100755 --- a/roles/openvpn/templates/iiab-remote-off +++ b/roles/openvpn/templates/iiab-remote-off @@ -3,14 +3,14 @@ # /usr/bin/iiab-remote-off should fully turn off multiple remote support # services like OpenVPN and others, to reduce risk of remote attacks. -echo -e '\nWARNING: To disable OpenVPN long-term, it'"'"'s recommended you:\n' - -echo -e '1) Set this variable in /etc/iiab/local_vars.yml' -echo -e ' openvpn_enabled: False\n' - -echo -e '2) Run:' -echo -e ' cd /opt/iiab/iiab' -echo -e ' sudo ./runrole openvpn\n' +# echo -e '\nWARNING: To disable OpenVPN long-term, it'"'"'s recommended you:\n' +# +# echo -e '1) Set this variable in /etc/iiab/local_vars.yml' +# echo -e ' openvpn_enabled: False\n' +# +# echo -e '2) Run:' +# echo -e ' cd /opt/iiab/iiab' +# echo -e ' sudo ./runrole openvpn\n' # Do nothing if OpenVPN not installed which openvpn From 3227cffe5f0a898bb14677f57cb3263385e11771 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Aug 2022 12:02:44 -0400 Subject: [PATCH 0582/1758] iiab-remote-off: UX explaining OpenVPN's truly off --- roles/openvpn/templates/iiab-remote-off | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off index 914621435..6d5003b78 100755 --- a/roles/openvpn/templates/iiab-remote-off +++ b/roles/openvpn/templates/iiab-remote-off @@ -31,7 +31,9 @@ systemctl stop openvpn sleep 5 ps -e | grep openvpn # 2018-09-05: "ps -e | grep vpn" no longer works (nor would "pgrep vpn") when invoked from iiab-vpn-off (as filename itself causes [multiple] "vpn" instances to appear in process list!) if [ $? -eq 0 ]; then - echo OpenVPN failed to stop. + echo "OpenVPN failed to stop." else - echo Successfully stopped and disabled OpenVPN. + echo "OpenVPN's systemd service was successfully stopped and disabled." + echo + echo "Also, 'openvpn_enabled: False' was set in /etc/iiab/local_vars.yml" fi From b9a653c1b962ebcdf73315f6370d4203aee62c37 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Aug 2022 21:42:57 -0400 Subject: [PATCH 0583/1758] iiab-expand-rootfs: bash -e exit on error; do not delete /.expand-rootfs --- roles/1-prep/templates/iiab-expand-rootfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 2cd28de46..620990893 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash -xe # Expand rootfs partition to its maximum size, if /.expand-rootfs exists. # Used by /etc/systemd/system/iiab-expand-rootfs.service on IIAB boot. From f1eb4f381f366b1c5dbe89bca1ee2ad1f284de87 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 13 Aug 2022 09:01:00 -0400 Subject: [PATCH 0584/1758] Update README.adoc Instructions for getting into Matomo --- roles/matomo/README.adoc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 4d7ca6589..0fdbb3a4d 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -39,6 +39,13 @@ _Finally, continue to https://download.iiab.io[install IIAB], e.g. by running `s Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged above. +WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. + +1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see 'trusted_hosts[] = "192.168.64.10"', so I copy "192.168.64.10". +2. Run "sudo nano /library/www/matomo/config/config.ini.php" to edit Matomo's config file. +3. Paste or type the IP address from Step 1 to replace "box.lan" in the trusted_hosts line, which should be about line 13. When I'm done, my line 13 says 'trusted_hosts[] = "192.168.64.10"' instead of 'trusted_hosts[] = "box.lan"'. +4. Refresh the Matomo homepage and the warning should be gone. + Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) From 77024e62f95a27841c62a69109887cc3f0824e90 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Aug 2022 11:58:26 -0400 Subject: [PATCH 0585/1758] README.adoc: Highlight code snippets & Bold buttons --- roles/matomo/README.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 0fdbb3a4d..bd86af315 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -41,9 +41,9 @@ Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged a WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. -1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see 'trusted_hosts[] = "192.168.64.10"', so I copy "192.168.64.10". -2. Run "sudo nano /library/www/matomo/config/config.ini.php" to edit Matomo's config file. -3. Paste or type the IP address from Step 1 to replace "box.lan" in the trusted_hosts line, which should be about line 13. When I'm done, my line 13 says 'trusted_hosts[] = "192.168.64.10"' instead of 'trusted_hosts[] = "box.lan"'. +1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see `trusted_hosts[] = "192.168.64.10"`, so I copy `"192.168.64.10"`. +2. Run `sudo nano /library/www/matomo/config/config.ini.php` to edit Matomo's config file. +3. Paste or type the IP address from Step 1 to replace `"box.lan"` in the `trusted_hosts` line, which should be about line 13. When I'm done, my line 13 says `trusted_hosts[] = "192.168.64.10"` instead of `trusted_hosts[] = "box.lan"`. 4. Refresh the Matomo homepage and the warning should be gone. Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ @@ -54,9 +54,9 @@ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (w Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. -The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on "Visitors" and then below "Visitors", "Overview", to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to Internet in a Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet in a Box. +The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to Internet in a Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. -Below the "Visitors" button is a second button, "Behavior". Click on the "Pages" button after clicking "Behavior" and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. +Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* button after clicking *Behavior* and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. === IIAB Tips, Tricks, and Gotchas From ab1d417d253c2a0d9ea3efe74b87d8db508385a2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Aug 2022 15:57:52 -0400 Subject: [PATCH 0586/1758] Update matomo/README.adoc --- roles/matomo/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index bd86af315..615ad9a99 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -54,7 +54,7 @@ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (w Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. -The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to Internet in a Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. +The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* button after clicking *Behavior* and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. From 6e09f13dbae28662fcac494e656085489169cffa Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Aug 2022 16:19:15 -0400 Subject: [PATCH 0587/1758] Update matomo/README.adoc --- roles/matomo/README.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 615ad9a99..0ad39328a 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -39,14 +39,15 @@ _Finally, continue to https://download.iiab.io[install IIAB], e.g. by running `s Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged above. +Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ + WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. 1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see `trusted_hosts[] = "192.168.64.10"`, so I copy `"192.168.64.10"`. 2. Run `sudo nano /library/www/matomo/config/config.ini.php` to edit Matomo's config file. 3. Paste or type the IP address from Step 1 to replace `"box.lan"` in the `trusted_hosts` line, which should be about line 13. When I'm done, my line 13 says `trusted_hosts[] = "192.168.64.10"` instead of `trusted_hosts[] = "box.lan"`. 4. Refresh the Matomo homepage and the warning should be gone. - -Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ +5. Optionally, see the https://forum.matomo.org/t/trusted-hostname/11963[advanced tips] in https://forum.matomo.org/[Matomo's Forum]. WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) From ac6e54dae25f26af98b9a2f37286e8ce4d4b9b99 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 16 Aug 2022 09:11:23 -0400 Subject: [PATCH 0588/1758] Recommend ansible-core 2.13.3 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index b5496c6e8..8d5293023 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] -GOOD_VER=2.13.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From e277e405eb8c263cc942be41e03a4c605bbba609 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 17 Aug 2022 15:53:11 -0400 Subject: [PATCH 0589/1758] kiwix/defaults/main.yml: New kiwix-tools version 3.3.0-1 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 784e615e4..332eb6289 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # https://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # https://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0 -kiwix_version_i686: kiwix-tools_linux-i586-3.3.0 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0-1 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0-1 +kiwix_version_i686: kiwix-tools_linux-i586-3.3.0-1 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From 6b7da719dc5f4a61afab8a97bedc170838298574 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 19 Aug 2022 19:48:02 -0400 Subject: [PATCH 0590/1758] kolibri/tasks/install.yml: PPA special cases for Mint 20 (focal) + Mint 21 (jammy) --- roles/kolibri/tasks/install.yml | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 9bcc2c057..84e742c7b 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -45,16 +45,38 @@ # "When you use the PPA installation method, upgrades to newer versions # will be automatic, provided there is internet access available." - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu) + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) apt_repository: repo: ppa:learningequality/kolibri - when: is_ubuntu + when: is_ubuntu and not is_linuxmint - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian) + # 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on + # Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) + # BUT equivalent Ansible command (STANZA ABOVE) failed with error... + # "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file." + # ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!) + + # 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks + # about the warning below, arising no matter if codename is 'focal' or 'jammy' + # with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version': + # + # /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release + # warnings.warn( + + # 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also + # want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) + apt_repository: + repo: ppa:learningequality/kolibri + codename: jammy # CONSOLIDATE THIS STANZA WITH UBUNTU ABOVE IN FUTURE? + when: is_linuxmint_21 + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) apt_repository: repo: ppa:learningequality/kolibri codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) - when: is_debian + when: is_debian or is_linuxmint_20 - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: From a02798cb1e3807c65e260acfdd1adea278612cec Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 22 Aug 2022 15:17:07 -0400 Subject: [PATCH 0591/1758] iiab-diagnostics: Display /etc/fstab --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 1fdb97933..ed243490c 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -198,6 +198,7 @@ cat_cmd 'df -h' 'Disk usage' cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' cat_cmd 'blkid' 'Mount point details' +cat_file /etc/fstab cat_cmd 'ip addr' 'Network interfaces' cat_cmd 'ifconfig' 'Network interfaces (old view)' cat_cmd 'ip route' 'Routing table' From 6be554d4ab9d30da446a3501ce950c7f07f39836 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 22 Aug 2022 15:17:32 -0400 Subject: [PATCH 0592/1758] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index da9754842..be341bb4f 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-244 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-245 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From ca2ab6a5ab07e768435429d215596047d695f6cf Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Aug 2021 12:32:06 -0500 Subject: [PATCH 0593/1758] Azuracast baseline --- roles/azuracast/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 9f1b1e2ab..a9b9c73c4 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -11,13 +11,13 @@ #group: root mode: 0644 -- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template - template: - src: docker-compose.override.yml.j2 - dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" +#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template +# template: +# src: docker-compose.override.yml.j2 +# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" #owner: root #group: root - mode: 0644 +# mode: 0644 - name: AzuraCast - Download {{ docker_sh_url }} to {{ azuracast_host_dir }} get_url: From bb01db529ab4523d47457085ead3c33ca5f2913d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 16 Aug 2021 22:11:44 -0500 Subject: [PATCH 0594/1758] azuracast.env --- roles/azuracast/tasks/install.yml | 20 ++- roles/azuracast/templates/azuracast.env | 155 ++++++++++++++++++ .../azuracast/templates/azuracast.sample.env | 155 ++++++++++++++++++ 3 files changed, 324 insertions(+), 6 deletions(-) create mode 100644 roles/azuracast/templates/azuracast.env create mode 100644 roles/azuracast/templates/azuracast.sample.env diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index a9b9c73c4..febb7302d 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -40,6 +40,20 @@ # line: "\\1reply='Y'" # backrefs: yes +#- name: Change default port number range 8xxx:8xxx to {{ azuracast_port_range_prefix }}xxx:{{ azuracast_port_range_prefix }}xxx icecast-stations in docker-compose.yml +# replace: +# path: "{{ azuracast_host_dir }}/docker-compose.yml" +# regexp: "^( *- \\')8([0-9]{3})\\:8([0-9]{3}\\'.*)$" +# replace: "\\g<1>{{ azuracast_port_range_prefix }}\\g<2>:{{ azuracast_port_range_prefix }}\\g<3>" + +- name: AzuraCast - Install {{ azuracast_host_dir }}/azuracast.env for altered ports + template: + src: azuracast.env + dest: "{{ azuracast_host_dir }}/" + #owner: root + #group: root + mode: 0644 + - name: AzuraCast - Make directory {{ docker_container_dir }} file: path: "{{ docker_container_dir }}" @@ -51,12 +65,6 @@ path: /var/lib/docker state: link -- name: Change default port number range 8xxx:8xxx to {{ azuracast_port_range_prefix }}xxx:{{ azuracast_port_range_prefix }}xxx icecast-stations in docker-compose.yml - replace: - path: "{{ azuracast_host_dir }}/docker-compose.yml" - regexp: "^( *- \\')8([0-9]{3})\\:8([0-9]{3}\\'.*)$" - replace: "\\g<1>{{ azuracast_port_range_prefix }}\\g<2>:{{ azuracast_port_range_prefix }}\\g<3>" - - name: AzuraCast - Setup for stable channel install shell: "yes 'Y' | /bin/bash docker.sh setup-release" args: diff --git a/roles/azuracast/templates/azuracast.env b/roles/azuracast/templates/azuracast.env new file mode 100644 index 000000000..75ff47f6b --- /dev/null +++ b/roles/azuracast/templates/azuracast.env @@ -0,0 +1,155 @@ +# IIAB version for altered ports +# +# AzuraCast Customization +# + +# The application environment. +# Valid options: production, development, testing +APPLICATION_ENV=production + +# Manually modify the logging level. +# This allows you to log debug-level errors temporarily (for problem-solving) or reduce +# the volume of logs that are produced by your installation, without needing to modify +# whether your installation is a production or development instance. +# Valid options: debug, info, notice, warning, error, critical, alert, emergency +# LOG_LEVEL=notice + +# Enable the composer "merge" functionality to combine the main application's +# composer.json file with any plugins' composer files. +# This can have performance implications, so you should only use it if +# you use one or more plugins with their own Composer dependencies. +# Valid options: true, false +COMPOSER_PLUGIN_MODE=false + +# The minimum port number to use when automatically assigning ports to a station. +# By default, this matches the first forwarded port on the "stations" container. +# You can modify this variable if your station port range is different. +# Be sure to also forward the necessary ports via `docker-compose.yml` +# (and nginx, if you want to use the built-in port-80/443 proxy)! +AUTO_ASSIGN_PORT_MIN=10000 + +# The maximum port number to use when automatically assigning ports to a station. +# See AUTO_ASSIGN_PORT_MIN. +AUTO_ASSIGN_PORT_MAX=10499 + +# +# Database Configuration +# -- +# Once the database has been installed, DO NOT CHANGE these values! +# + +# The host to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: mariadb +MYSQL_HOST=mariadb + +# The port to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: 3306 +MYSQL_PORT=3306 + +# The username AzuraCast will use to connect to the database. +# Default: azuracast +MYSQL_USER=azuracast + +# The password AzuraCast will use to connect to the database. +# By default, the database is not exposed to the Internet at all and this is only +# an internal password used by the service itself. +# Default: azur4c457 +MYSQL_PASSWORD=azur4c457 + +# The name of the AzuraCast database. +# Default: azuracast +MYSQL_DATABASE=azuracast + +# Automatically generate a random root password upon the first database spin-up. +# This password will be visible in the mariadb container's logs. +# Default: yes +MYSQL_RANDOM_ROOT_PASSWORD=yes + +# Log slower queries for the purpose of diagnosing issues. Only turn this on when +# you need to, by uncommenting this and switching it to 1. +# To read the slow query log once enabled, run: +# docker-compose exec mariadb slow_queries +# Default: 0 +MYSQL_SLOW_QUERY_LOG=0 + +# Set the amount of allowed connections to the database. This value should be increased +# if you are seeing the `Too many connections` error in the logs. +# Default: 100 +MYSQL_MAX_CONNECTIONS=100 + +# +# Redis Configuration +# +# Uncomment these fields if you are using a third-party Redis host instead of the one provided with AzuraCast. +# Do not modify these fields if you are using the standard AzuraCast Redis host. +# + +# Whether to use the Redis cache; if set to false, will disable Redis and use flatfile cache instead. +# Default: true +# ENABLE_REDIS=true + +# Name of the Redis host. +# Default: redis +# REDIS_HOST=redis + +# Port to connect to on the Redis host. +# Default: 6379 +# REDIS_PORT=6379 + +# Database index to use on the Redis host. +# Default: 1 +# REDIS_DB=1 + +# +# Advanced Configuration +# + +# PHP's maximum POST body size and max upload filesize. +# PHP_MAX_FILE_SIZE=25M + +# PHP's maximum memory limit. +# PHP_MEMORY_LIMIT=128M + +# PHP's maximum script execution time (in seconds). +# PHP_MAX_EXECUTION_TIME=30 + +# The maximum execution time (and lock timeout) for the 15-second, 1-minute and 5-minute synchronization tasks. +# SYNC_SHORT_EXECUTION_TIME=600 + +# The maximum execution time (and lock timeout) for the 1-hour synchronization task. +# SYNC_LONG_EXECUTION_TIME=1800 + +# Maximum number of PHP-FPM worker processes to spawn. +# PHP_FPM_MAX_CHILDREN=5 + +# +# PHP-SPX profiling extension Configuration +# +# These environment variables allow you to enable and configure the PHP-SPX profiling extension +# which can be helpful when debugging resource issues in AzuraCast. +# +# The profiling dashboard can be accessed by visting https://yourdomain.com/?SPX_KEY=dev&SPX_UI_URI=/ +# If you change the PROFILING_EXTENSION_HTTP_KEY variable change the value for SPX_KEY accordingly. +# + +# Enable the profiling extension. +# Profiling data can be viewed by visiting http://your-azuracast-site/?SPX_KEY=dev&SPX_UI_URI=/ +# Default: 0 +# PROFILING_EXTENSION_ENABLED=0 + +# Profile ALL requests made to this account. +# This will have significant performance impact on your installation and should only be used in test circumstances. +# Default: 0 +# PROFILING_EXTENSION_ALWAYS_ON=0 + +# Configure the value for the SPX_KEY parameter needed to access the profiling dashboard +# Default: dev +# PROFILING_EXTENSION_HTTP_KEY=dev + +# Configure the IP whitelist for the profiling dashboard +# By default only localhost is allowed to access this page. +# Uncomment this line to enable access for you. +# Default: 127.0.0.1 +# PROFILING_EXTENSION_HTTP_IP_WHITELIST=* diff --git a/roles/azuracast/templates/azuracast.sample.env b/roles/azuracast/templates/azuracast.sample.env new file mode 100644 index 000000000..bc9ffc204 --- /dev/null +++ b/roles/azuracast/templates/azuracast.sample.env @@ -0,0 +1,155 @@ +# https://github.com/AzuraCast/AzuraCast/blob/main/azuracast.sample.env +# +# AzuraCast Customization +# + +# The application environment. +# Valid options: production, development, testing +APPLICATION_ENV=production + +# Manually modify the logging level. +# This allows you to log debug-level errors temporarily (for problem-solving) or reduce +# the volume of logs that are produced by your installation, without needing to modify +# whether your installation is a production or development instance. +# Valid options: debug, info, notice, warning, error, critical, alert, emergency +# LOG_LEVEL=notice + +# Enable the composer "merge" functionality to combine the main application's +# composer.json file with any plugins' composer files. +# This can have performance implications, so you should only use it if +# you use one or more plugins with their own Composer dependencies. +# Valid options: true, false +COMPOSER_PLUGIN_MODE=false + +# The minimum port number to use when automatically assigning ports to a station. +# By default, this matches the first forwarded port on the "stations" container. +# You can modify this variable if your station port range is different. +# Be sure to also forward the necessary ports via `docker-compose.yml` +# (and nginx, if you want to use the built-in port-80/443 proxy)! +AUTO_ASSIGN_PORT_MIN=8000 + +# The maximum port number to use when automatically assigning ports to a station. +# See AUTO_ASSIGN_PORT_MIN. +AUTO_ASSIGN_PORT_MAX=8499 + +# +# Database Configuration +# -- +# Once the database has been installed, DO NOT CHANGE these values! +# + +# The host to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: mariadb +MYSQL_HOST=mariadb + +# The port to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: 3306 +MYSQL_PORT=3306 + +# The username AzuraCast will use to connect to the database. +# Default: azuracast +MYSQL_USER=azuracast + +# The password AzuraCast will use to connect to the database. +# By default, the database is not exposed to the Internet at all and this is only +# an internal password used by the service itself. +# Default: azur4c457 +MYSQL_PASSWORD=azur4c457 + +# The name of the AzuraCast database. +# Default: azuracast +MYSQL_DATABASE=azuracast + +# Automatically generate a random root password upon the first database spin-up. +# This password will be visible in the mariadb container's logs. +# Default: yes +MYSQL_RANDOM_ROOT_PASSWORD=yes + +# Log slower queries for the purpose of diagnosing issues. Only turn this on when +# you need to, by uncommenting this and switching it to 1. +# To read the slow query log once enabled, run: +# docker-compose exec mariadb slow_queries +# Default: 0 +MYSQL_SLOW_QUERY_LOG=0 + +# Set the amount of allowed connections to the database. This value should be increased +# if you are seeing the `Too many connections` error in the logs. +# Default: 100 +MYSQL_MAX_CONNECTIONS=100 + +# +# Redis Configuration +# +# Uncomment these fields if you are using a third-party Redis host instead of the one provided with AzuraCast. +# Do not modify these fields if you are using the standard AzuraCast Redis host. +# + +# Whether to use the Redis cache; if set to false, will disable Redis and use flatfile cache instead. +# Default: true +# ENABLE_REDIS=true + +# Name of the Redis host. +# Default: redis +# REDIS_HOST=redis + +# Port to connect to on the Redis host. +# Default: 6379 +# REDIS_PORT=6379 + +# Database index to use on the Redis host. +# Default: 1 +# REDIS_DB=1 + +# +# Advanced Configuration +# + +# PHP's maximum POST body size and max upload filesize. +# PHP_MAX_FILE_SIZE=25M + +# PHP's maximum memory limit. +# PHP_MEMORY_LIMIT=128M + +# PHP's maximum script execution time (in seconds). +# PHP_MAX_EXECUTION_TIME=30 + +# The maximum execution time (and lock timeout) for the 15-second, 1-minute and 5-minute synchronization tasks. +# SYNC_SHORT_EXECUTION_TIME=600 + +# The maximum execution time (and lock timeout) for the 1-hour synchronization task. +# SYNC_LONG_EXECUTION_TIME=1800 + +# Maximum number of PHP-FPM worker processes to spawn. +# PHP_FPM_MAX_CHILDREN=5 + +# +# PHP-SPX profiling extension Configuration +# +# These environment variables allow you to enable and configure the PHP-SPX profiling extension +# which can be helpful when debugging resource issues in AzuraCast. +# +# The profiling dashboard can be accessed by visting https://yourdomain.com/?SPX_KEY=dev&SPX_UI_URI=/ +# If you change the PROFILING_EXTENSION_HTTP_KEY variable change the value for SPX_KEY accordingly. +# + +# Enable the profiling extension. +# Profiling data can be viewed by visiting http://your-azuracast-site/?SPX_KEY=dev&SPX_UI_URI=/ +# Default: 0 +# PROFILING_EXTENSION_ENABLED=0 + +# Profile ALL requests made to this account. +# This will have significant performance impact on your installation and should only be used in test circumstances. +# Default: 0 +# PROFILING_EXTENSION_ALWAYS_ON=0 + +# Configure the value for the SPX_KEY parameter needed to access the profiling dashboard +# Default: dev +# PROFILING_EXTENSION_HTTP_KEY=dev + +# Configure the IP whitelist for the profiling dashboard +# By default only localhost is allowed to access this page. +# Uncomment this line to enable access for you. +# Default: 127.0.0.1 +# PROFILING_EXTENSION_HTTP_IP_WHITELIST=* From 1fb98f535b318400a11571c011a13d616de785ee Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 16 Aug 2021 22:20:50 -0500 Subject: [PATCH 0595/1758] overlaps AZURACAST_STATION_PORTS move just to be safe --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e4ee58a43..00bdc9767 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -378,8 +378,8 @@ nodocs: False # Simple, Self-Hosted Web Radio - from AzuraCast.com azuracast_install: False azuracast_enabled: False # This var is currently IGNORED -azuracast_http_port: 10080 -azuracast_https_port: 10443 +azuracast_http_port: 12080 +azuracast_https_port: 12443 # # AzuraCast needs many ports in the 8000:8100 range by default, but IIAB # services conflict with those ports so this variable below sets a sane prefix. From 5e0631a7c91af43bf83ad935600d45b064edc054 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 16 Aug 2021 22:22:16 -0500 Subject: [PATCH 0596/1758] Readme - port --- roles/azuracast/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index fca21ce96..20b3a495d 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -12,7 +12,7 @@ Using It -------- * Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. -* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:10080 +* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:12080 * This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! From 6c41a6579e732a650a0434ca57e34c5cce09e237 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 29 Aug 2022 07:13:09 -0400 Subject: [PATCH 0597/1758] scripts/ansible: Cleaner comment --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 8d5293023..a8dfadfae 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,7 +7,7 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.0] +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] GOOD_VER=2.13.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and From 7b058cfe47b70dd35a7dd09af68af93070aa5cbc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 11:47:22 -0500 Subject: [PATCH 0598/1758] upstream docker.sh as of Aug 22, 2022 https://raw.githubusercontent.com/AzuraCast/AzuraCast/stable/docker.sh --- roles/azuracast/upstream/docker.sh | 840 +++++++++++++++++++++++++++++ 1 file changed, 840 insertions(+) create mode 100755 roles/azuracast/upstream/docker.sh diff --git a/roles/azuracast/upstream/docker.sh b/roles/azuracast/upstream/docker.sh new file mode 100755 index 000000000..dfa1c2b81 --- /dev/null +++ b/roles/azuracast/upstream/docker.sh @@ -0,0 +1,840 @@ +#!/usr/bin/env bash +# shellcheck disable=SC2145,SC2178,SC2120,SC2162 + +# Functions to manage .env files +__dotenv= +__dotenv_file= +__dotenv_cmd=.env + +.env() { + REPLY=() + [[ $__dotenv_file || ${1-} == -* ]] || .env.--file .env || return + if declare -F -- ".env.${1-}" >/dev/null; then + .env."$@" + return + fi + return 64 +} + +.env.-f() { .env.--file "$@"; } + +.env.get() { + .env::arg "get requires a key" "$@" && + [[ "$__dotenv" =~ ^(.*(^|$'\n'))([ ]*)"$1="(.*)$ ]] && + REPLY=${BASH_REMATCH[4]%%$'\n'*} && REPLY=${REPLY%"${REPLY##*[![:space:]]}"} +} + +.env.parse() { + local line key + while IFS= read -r line; do + line=${line#"${line%%[![:space:]]*}"} # trim leading whitespace + line=${line%"${line##*[![:space:]]}"} # trim trailing whitespace + if [[ ! "$line" || "$line" == '#'* ]]; then continue; fi + if (($#)); then + for key; do + if [[ $key == "${line%%=*}" ]]; then + REPLY+=("$line") + break + fi + done + else + REPLY+=("$line") + fi + done <<<"$__dotenv" + ((${#REPLY[@]})) +} + +.env.export() { ! .env.parse "$@" || export "${REPLY[@]}"; } + +.env.set() { + .env::file load || return + local key saved=$__dotenv + while (($#)); do + key=${1#+} + key=${key%%=*} + if .env.get "$key"; then + REPLY=() + if [[ $1 == +* ]]; then + shift + continue # skip if already found + elif [[ $1 == *=* ]]; then + __dotenv=${BASH_REMATCH[1]}${BASH_REMATCH[3]}$1$'\n'${BASH_REMATCH[4]#*$'\n'} + else + __dotenv=${BASH_REMATCH[1]}${BASH_REMATCH[4]#*$'\n'} + continue # delete all occurrences + fi + elif [[ $1 == *=* ]]; then + __dotenv+="${1#+}"$'\n' + fi + shift + done + [[ $__dotenv == "$saved" ]] || .env::file save +} + +.env.puts() { echo "${1-}" >>"$__dotenv_file" && __dotenv+="$1"$'\n'; } + +.env.generate() { + .env::arg "key required for generate" "$@" || return + .env.get "$1" && return || REPLY=$("${@:2}") || return + .env::one "generate: ouptut of '${*:2}' has more than one line" "$REPLY" || return + .env.puts "$1=$REPLY" +} + +.env.--file() { + .env::arg "filename required for --file" "$@" || return + __dotenv_file=$1 + .env::file load || return + (($# < 2)) || .env "${@:2}" +} + +.env::arg() { [[ "${2-}" ]] || { + echo "$__dotenv_cmd: $1" >&2 + return 64 +}; } + +.env::one() { [[ "$2" != *$'\n'* ]] || .env::arg "$1"; } + +.env::file() { + local REPLY=$__dotenv_file + case "$1" in + load) + __dotenv= + ! [[ -f "$REPLY" ]] || __dotenv="$(<"$REPLY")"$'\n' || return + ;; + save) + if [[ -L "$REPLY" ]] && declare -F -- realpath.resolved >/dev/null; then + realpath.resolved "$REPLY" + fi + { [[ ! -f "$REPLY" ]] || cp -p "$REPLY" "$REPLY.bak"; } && + printf %s "$__dotenv" >"$REPLY.bak" && mv "$REPLY.bak" "$REPLY" + ;; + esac +} + +# Shortcut to convert semver version (x.yyy.zzz) into a comparable number. +version-number() { + echo "$@" | awk -F. '{ printf("%03d%03d%03d\n", $1,$2,$3); }' +} + +# Get the current release channel for AzuraCast +get-release-channel() { + local AZURACAST_VERSION="latest" + if [[ -f .env ]]; then + .env --file .env get AZURACAST_VERSION + AZURACAST_VERSION="${REPLY:-latest}" + fi + + echo "$AZURACAST_VERSION" +} + +get-release-branch-name() { + if [[ $(get-release-channel) == "stable" ]]; then + echo "stable" + else + echo "main" + fi +} + +# This is a general-purpose function to ask Yes/No questions in Bash, either +# with or without a default answer. It keeps repeating the question until it +# gets a valid answer. +ask() { + # https://djm.me/ask + local prompt default reply + + while true; do + + if [[ "${2:-}" == "Y" ]]; then + prompt="Y/n" + default=Y + elif [[ "${2:-}" == "N" ]]; then + prompt="y/N" + default=N + else + prompt="y/n" + default= + fi + + # Ask the question (not using "read -p" as it uses stderr not stdout) + echo -n "$1 [$prompt] " + + read reply + + # Default? + if [[ -z "$reply" ]]; then + reply=${default} + fi + + # Check if the reply is valid + case "$reply" in + Y* | y*) return 0 ;; + N* | n*) return 1 ;; + esac + + done +} + +# Generate a prompt to set an environment file value. +envfile-set() { + local VALUE INPUT + + .env --file .env + + .env get "$1" + VALUE=${REPLY:-$2} + + echo -n "$3 [$VALUE]: " + read INPUT + + VALUE=${INPUT:-$VALUE} + + .env set "${1}=${VALUE}" +} + +# +# Configure the ports used by AzuraCast. +# +setup-ports() { + envfile-set "AZURACAST_HTTP_PORT" "80" "Port to use for HTTP connections" + envfile-set "AZURACAST_HTTPS_PORT" "443" "Port to use for HTTPS connections" + envfile-set "AZURACAST_SFTP_PORT" "2022" "Port to use for SFTP connections" +} + +# +# Configure release mode settings. +# +setup-release() { + if [[ ! -f .env ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/main/sample.env -o .env + fi + + local OLD_RELEASE_CHANNEL + .env --file .env get AZURACAST_VERSION + OLD_RELEASE_CHANNEL="${REPLY:-latest}" + + local AZURACAST_VERSION="${OLD_RELEASE_CHANNEL}" + + if [[ $AZURACAST_VERSION == "latest" ]]; then + if ask "Your current release channel is 'Rolling Release'. Switch to 'Stable' release channel?" N; then + AZURACAST_VERSION="stable" + fi + elif [[ $AZURACAST_VERSION == "stable" ]]; then + if ask "Your current release channel is 'Stable'. Switch to 'Rolling Release' release channel?" N; then + AZURACAST_VERSION="latest" + fi + fi + + .env --file .env set AZURACAST_VERSION=${AZURACAST_VERSION} + + if [[ $AZURACAST_VERSION != $OLD_RELEASE_CHANNEL ]]; then + if ask "You should update the Docker Utility Script after changing release channels. Automatically update it now?" Y; then + update-self + fi + fi +} + +check-install-requirements() { + local CURRENT_OS CURRENT_ARCH REQUIRED_COMMANDS SCRIPT_DIR + + set -e + + echo "Checking installation requirements for AzuraCast..." + + CURRENT_OS=$(uname -s) + if [[ $CURRENT_OS == "Linux" ]]; then + echo -en "\e[32m[PASS]\e[0m Operating System: ${CURRENT_OS}\n" + else + echo -en "\e[41m[FAIL]\e[0m Operating System: ${CURRENT_OS}\n" + + echo " You are running an unsupported operating system." + echo " Automated AzuraCast installation is not currently supported on this" + echo " operating system." + exit 1 + fi + + CURRENT_ARCH=$(uname -m) + if [[ $CURRENT_ARCH == "x86_64" ]]; then + echo -en "\e[32m[PASS]\e[0m Architecture: ${CURRENT_ARCH}\n" + elif [[ $CURRENT_ARCH == "aarch64" ]]; then + echo -en "\e[32m[PASS]\e[0m Architecture: ${CURRENT_ARCH}\n" + else + echo -en "\e[41m[FAIL]\e[0m Architecture: ${CURRENT_ARCH}\n" + + echo " You are running an unsupported processor architecture." + echo " Automated AzuraCast installation is not currently supported on this " + echo " operating system." + exit 1 + fi + + REQUIRED_COMMANDS=(curl awk) + for COMMAND in "${REQUIRED_COMMANDS[@]}" ; do + if [[ $(command -v "$COMMAND") ]]; then + echo -en "\e[32m[PASS]\e[0m Command Present: ${COMMAND}\n" + else + echo -en "\e[41m[FAIL]\e[0m Command Present: ${COMMAND}\n" + + echo " ${COMMAND} does not appear to be installed." + echo " Install ${COMMAND} using your host's package manager," + echo " then continue installing using this script." + exit 1 + fi + done + + if [[ $EUID -ne 0 ]]; then + if [[ $(command -v sudo) ]]; then + echo -en "\e[32m[PASS]\e[0m User Permissions\n" + else + echo -en "\e[41m[FAIL]\e[0m User Permissions\n" + + echo " You are not currently the root user, and " + echo " 'sudo' does not appear to be installed." + echo " Install sudo using your host's package manager," + echo " then continue installing using this script." + exit 1 + fi + else + echo -en "\e[32m[PASS]\e[0m User Permissions\n" + fi + + SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" + if [[ $SCRIPT_DIR == "/var/azuracast" ]]; then + echo -en "\e[32m[PASS]\e[0m Installation Directory\n" + else + echo -en "\e[93m[WARN]\e[0m Installation Directory\n" + echo " AzuraCast is not installed in /var/azuracast, as is recommended" + echo " for most installations. This will not prevent AzuraCast from" + echo " working, but you will need to update any instructions in our" + echo " documentation to reflect your current directory:" + echo " $SCRIPT_DIR" + fi + + echo -en "\e[32m[PASS]\e[0m All requirements met!\n" + + set +e +} + +install-docker() { + set -e + + curl -fsSL get.docker.com -o get-docker.sh + sh get-docker.sh + rm get-docker.sh + + if [[ $EUID -ne 0 ]]; then + sudo usermod -aG docker "$(whoami)" + + echo "You must log out or restart to apply necessary Docker permissions changes." + echo "Restart, then continue installing using this script." + exit 1 + fi + + set +e +} + +install-docker-compose() { + set -e + echo "Installing Docker Compose..." + + curl -fsSL -o docker-compose https://github.com/docker/compose/releases/download/v2.4.1/docker-compose-linux-$(uname -m) + + ARCHITECTURE=amd64 + if [ "$(uname -m)" = "aarch64" ]; then + ARCHITECTURE=arm64 + fi + curl -fsSL -o docker-compose-switch https://github.com/docker/compose-switch/releases/download/v1.0.4/docker-compose-linux-${ARCHITECTURE} + + if [[ $EUID -ne 0 ]]; then + sudo chmod a+x ./docker-compose + sudo chmod a+x ./docker-compose-switch + + sudo mv ./docker-compose /usr/libexec/docker/cli-plugins/docker-compose + sudo mv ./docker-compose-switch /usr/local/bin/docker-compose + else + chmod a+x ./docker-compose + chmod a+x ./docker-compose-switch + + mv ./docker-compose /usr/libexec/docker/cli-plugins/docker-compose + mv ./docker-compose-switch /usr/local/bin/docker-compose + fi + + echo "Docker Compose updated!" + set +e +} + +run-installer() { + local AZURACAST_RELEASE_BRANCH + AZURACAST_RELEASE_BRANCH=$(get-release-branch-name) + + if [[ ! -f .env ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/sample.env -o .env + fi + if [[ ! -f azuracast.env ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/azuracast.sample.env -o azuracast.env + fi + if [[ ! -f docker-compose.yml ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker-compose.sample.yml -o docker-compose.yml + fi + + touch docker-compose.new.yml + + local dc_config_test=$(docker-compose -f docker-compose.new.yml config 2>/dev/null) + if [ $? -ne 0 ]; then + if ask "Docker Compose needs to be updated to continue. Update to latest version?" Y; then + install-docker-compose + fi + fi + + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker-compose.installer.yml -o docker-compose.installer.yml + + docker-compose -p azuracast_installer -f docker-compose.installer.yml pull + docker-compose -p azuracast_installer -f docker-compose.installer.yml run --rm installer install "$@" + + rm docker-compose.installer.yml +} + +# +# Run the initial installer of Docker and AzuraCast. +# Usage: ./docker.sh install +# +install() { + check-install-requirements + + if [[ $(command -v docker) && $(docker --version) ]]; then + echo "Docker is already installed! Continuing..." + else + if ask "Docker does not appear to be installed. Install Docker now?" Y; then + install-docker + fi + fi + + if [[ $(command -v docker-compose) ]]; then + echo "Docker Compose is already installed. Continuing..." + else + if ask "Docker Compose does not appear to be installed. Install Docker Compose now?" Y; then + install-docker-compose + fi + fi + + setup-release + + run-installer "$@" + + # Installer creates a file at docker-compose.new.yml; copy it to the main spot. + if [[ -s docker-compose.new.yml ]]; then + if [[ -f docker-compose.yml ]]; then + rm docker-compose.yml + fi + + mv docker-compose.new.yml docker-compose.yml + fi + + # If this script is running as a non-root user, set the PUID/PGID in the environment vars appropriately. + if [[ $EUID -ne 0 ]]; then + .env --file .env set AZURACAST_PUID="$(id -u)" + .env --file .env set AZURACAST_PGID="$(id -g)" + fi + + docker-compose pull + + docker-compose run --rm web -- azuracast_install "$@" + docker-compose up -d + exit +} + +install-dev() { + if [[ $(command -v docker) && $(docker --version) ]]; then + echo "Docker is already installed! Continuing..." + else + if ask "Docker does not appear to be installed. Install Docker now?" Y; then + install-docker + fi + fi + + if [[ $(command -v docker-compose) ]]; then + echo "Docker Compose is already installed. Continuing..." + else + if ask "Docker Compose does not appear to be installed. Install Docker Compose now?" Y; then + install-docker-compose + fi + fi + + if [[ ! -f docker-compose.yml ]]; then + cp docker-compose.sample.yml docker-compose.yml + fi + if [[ ! -f docker-compose.override.yml ]]; then + cp docker-compose.dev.yml docker-compose.override.yml + fi + if [[ ! -f .env ]]; then + cp dev.env .env + fi + if [[ ! -f azuracast.env ]]; then + cp azuracast.dev.env azuracast.env + + echo "Customize azuracast.env file now before continuing. Re-run this command to continue installation." + exit + fi + + # If this script is running as a non-root user, set the PUID/PGID in the environment vars appropriately. + if [[ $EUID -ne 0 ]]; then + .env --file .env set AZURACAST_PUID="$(id -u)" + .env --file .env set AZURACAST_PGID="$(id -g)" + fi + + chmod 777 ./frontend/ ./web/ ./vendor/ \ + ./web/static/ ./web/static/api/ \ + ./web/static/dist/ ./web/static/img/ + + docker-compose build + docker-compose run --rm web -- azuracast_install "$@" + + docker-compose -p azuracast_frontend -f docker-compose.frontend.yml build + docker-compose -p azuracast_frontend -f docker-compose.frontend.yml run --rm frontend npm run build + + docker-compose up -d + exit +} + +# +# Update the Docker images and codebase. +# Usage: ./docker.sh update +# +update() { + echo "[NOTICE] Before you continue, please make sure you have a recent snapshot of your system and or backed it up." + if ask "Are you ready to continue with the update?" Y; then + + # Check for a new Docker Utility Script. + local AZURACAST_RELEASE_BRANCH + AZURACAST_RELEASE_BRANCH=$(get-release-branch-name) + + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker.sh -o docker.new.sh + + local UTILITY_FILES_MATCH + UTILITY_FILES_MATCH="$( + cmp --silent docker.sh docker.new.sh + echo $? + )" + + local UPDATE_UTILITY=0 + if [[ ${UTILITY_FILES_MATCH} -ne 0 ]]; then + if ask "The Docker Utility Script has changed since your version. Update to latest version?" Y; then + UPDATE_UTILITY=1 + fi + fi + + if [[ ${UPDATE_UTILITY} -ne 0 ]]; then + mv docker.new.sh docker.sh + chmod a+x docker.sh + + echo "A new Docker Utility Script has been downloaded." + echo "Please re-run the update process to continue." + exit + else + rm docker.new.sh + fi + + run-installer --update "$@" + + # Check for updated Docker Compose config. + local COMPOSE_FILES_MATCH + + if [[ ! -s docker-compose.new.yml ]]; then + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker-compose.sample.yml -o docker-compose.new.yml + fi + + COMPOSE_FILES_MATCH="$( + cmp --silent docker-compose.yml docker-compose.new.yml + echo $? + )" + + if [[ ${COMPOSE_FILES_MATCH} -ne 0 ]]; then + docker-compose -f docker-compose.new.yml pull + docker-compose down + + cp docker-compose.yml docker-compose.backup.yml + mv docker-compose.new.yml docker-compose.yml + else + rm docker-compose.new.yml + + docker-compose pull + docker-compose down + fi + + docker-compose run --rm web -- azuracast_update "$@" + docker-compose up -d + + if ask "Clean up all stopped Docker containers and images to save space?" Y; then + docker system prune -f + fi + + echo "Update complete!" + fi + exit +} + +# +# Update this Docker utility script. +# Usage: ./docker.sh update-self +# +update-self() { + local AZURACAST_RELEASE_BRANCH + AZURACAST_RELEASE_BRANCH=$(get-release-branch-name) + + curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/$AZURACAST_RELEASE_BRANCH/docker.sh -o docker.sh + chmod a+x docker.sh + + echo "New Docker utility script downloaded." + exit +} + +# +# Run a CLI command inside the Docker container. +# Usage: ./docker.sh cli [command] +# +cli() { + docker-compose exec --user="azuracast" web azuracast_cli "$@" + exit +} + +# +# Enter the bash terminal of the running web container. +# Usage: ./docker.sh bash +# +bash() { + docker-compose exec --user="azuracast" web bash + exit +} + +# +# Enter the MariaDB database management terminal with the correct credentials. +# +db() { + local MYSQL_HOST MYSQL_PORT MYSQL_USER MYSQL_PASSWORD MYSQL_DATABASE + + .env --file azuracast.env get MYSQL_HOST + MYSQL_HOST="${REPLY:-localhost}" + + .env --file azuracast.env get MYSQL_PORT + MYSQL_PORT="${REPLY:-3306}" + + .env --file azuracast.env get MYSQL_USER + MYSQL_USER="${REPLY:-azuracast}" + + .env --file azuracast.env get MYSQL_PASSWORD + MYSQL_PASSWORD="${REPLY:-azur4c457}" + + .env --file azuracast.env get MYSQL_DATABASE + MYSQL_DATABASE="${REPLY:-azuracast}" + + docker-compose exec --user="mysql" web mysql --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} \ + --host=${MYSQL_HOST} --port=${MYSQL_PORT} --database=${MYSQL_DATABASE} + + exit +} + +# +# Back up the Docker volumes to a .tar.gz file. +# Usage: +# ./docker.sh backup [/custom/backup/dir/custombackupname.zip] +# +backup() { + local BACKUP_PATH BACKUP_DIR BACKUP_FILENAME BACKUP_EXT + BACKUP_PATH=$(readlink -f ${1:-"./backup.tar.gz"}) + BACKUP_DIR=$(dirname -- "$BACKUP_PATH") + BACKUP_FILENAME=$(basename -- "$BACKUP_PATH") + BACKUP_EXT="${BACKUP_FILENAME##*.}" + shift + + # Prepare permissions + if [[ $EUID -ne 0 ]]; then + .env --file .env set AZURACAST_PUID="$(id -u)" + .env --file .env set AZURACAST_PGID="$(id -g)" + fi + + docker-compose exec --user="azuracast" web azuracast_cli azuracast:backup "/var/azuracast/backups/${BACKUP_FILENAME}" "$@" + + # Move from Docker volume to local filesystem + docker run --rm -v "azuracast_backups:/backup_src" \ + -v "$BACKUP_DIR:/backup_dest" \ + busybox mv "/backup_src/${BACKUP_FILENAME}" "/backup_dest/${BACKUP_FILENAME}" +} + +# +# Restore an AzuraCast backup into Docker. +# Usage: +# ./docker.sh restore [/custom/backup/dir/custombackupname.zip] +# +restore() { + if [[ ! -f .env ]] || [[ ! -f azuracast.env ]]; then + echo "AzuraCast hasn't been installed yet on this server." + echo "You should run './docker.sh install' first before restoring." + exit 1 + fi + + if ask "Restoring will remove any existing AzuraCast installation data, replacing it with your backup. Continue?" Y; then + if [[ $1 != "" ]]; then + local BACKUP_PATH BACKUP_DIR BACKUP_FILENAME BACKUP_EXT + BACKUP_PATH=$(readlink -f ${1:-"./backup.tar.gz"}) + BACKUP_DIR=$(dirname -- "$BACKUP_PATH") + BACKUP_FILENAME=$(basename -- "$BACKUP_PATH") + BACKUP_EXT="${BACKUP_FILENAME##*.}" + shift + + if [[ ! -f ${BACKUP_PATH} ]]; then + echo "File '${BACKUP_PATH}' does not exist. Nothing to restore." + exit 1 + fi + + docker-compose down -v + docker volume create azuracast_backups + + # Move from local filesystem to Docker volume + docker run --rm -v "$BACKUP_DIR:/backup_src" \ + -v "azuracast_backups:/backup_dest" \ + busybox mv "/backup_src/${BACKUP_FILENAME}" "/backup_dest/${BACKUP_FILENAME}" + + # Prepare permissions + if [[ $EUID -ne 0 ]]; then + .env --file .env set AZURACAST_PUID="$(id -u)" + .env --file .env set AZURACAST_PGID="$(id -g)" + fi + + docker-compose run --rm web -- azuracast_restore "/var/azuracast/backups/${BACKUP_FILENAME}" "$@" + + # Move file back from volume to local filesystem + docker run --rm -v "azuracast_backups:/backup_src" \ + -v "$BACKUP_DIR:/backup_dest" \ + busybox mv "/backup_src/${BACKUP_FILENAME}" "/backup_dest/${BACKUP_FILENAME}" + + docker-compose down + docker-compose up -d + else + docker-compose down + + # Remove all volumes except the backup volume. + docker volume rm -f $(docker volume ls | grep -v "azuracast_backups" | awk 'NR>1 {print $2}') + + docker-compose run --rm web -- azuracast_restore "$@" + + docker-compose down + docker-compose up -d + fi + fi + exit +} + +# +# Restore the Docker volumes from a legacy backup format .tar.gz file. +# Usage: +# ./docker.sh restore [/custom/backup/dir/custombackupname.tar.gz] +# +restore-legacy() { + local APP_BASE_DIR BACKUP_PATH BACKUP_DIR BACKUP_FILENAME + + APP_BASE_DIR=$(pwd) + + BACKUP_PATH=${1:-"./backup.tar.gz"} + BACKUP_DIR=$(cd "$(dirname "$BACKUP_PATH")" && pwd) + BACKUP_FILENAME=$(basename "$BACKUP_PATH") + + cd "$APP_BASE_DIR" || exit + + if [ -f "$BACKUP_PATH" ]; then + docker-compose down + + docker volume rm azuracast_db_data azuracast_station_data + docker volume create azuracast_db_data + docker volume create azuracast_station_data + + docker run --rm -v "$BACKUP_DIR:/backup" \ + -v azuracast_db_data:/azuracast/db \ + -v azuracast_station_data:/azuracast/stations \ + busybox tar zxvf "/backup/$BACKUP_FILENAME" + + docker-compose up -d + else + echo "File $BACKUP_PATH does not exist in this directory. Nothing to restore." + exit 1 + fi + + exit +} + +# +# DEVELOPER TOOL: +# Access the static console as a developer. +# Usage: ./docker.sh static [static_container_command] +# +static() { + docker-compose -f docker-compose.frontend.yml down -v + docker-compose -f docker-compose.frontend.yml build + docker-compose --env-file=.env -f docker-compose.frontend.yml run --rm frontend "$@" + exit +} + +# +# Stop all Docker containers and remove related volumes. +# Usage: ./docker.sh uninstall +# +uninstall() { + if ask "This operation is destructive and will wipe your existing Docker containers. Continue?" N; then + + docker-compose down -v + docker-compose rm -f + docker volume prune -f + + echo "All AzuraCast Docker containers and volumes were removed." + echo "To remove *all* Docker containers and volumes, run:" + echo " docker stop \$(docker ps -a -q)" + echo " docker rm \$(docker ps -a -q)" + echo " docker volume prune -f" + echo "" + fi + + exit +} + +# +# LetsEncrypt: Now managed via the Web UI. +# +setup-letsencrypt() { + echo "LetsEncrypt is now managed from within the web interface." +} + +letsencrypt-create() { + setup-letsencrypt + exit +} + +# +# Utility script to facilitate switching ports. +# Usage: ./docker.sh change-ports +# +change-ports() { + setup-ports + + docker-compose down + docker-compose up -d +} + +# +# Helper scripts for basic Docker Compose functions +# +up() { + echo "Starting up AzuraCast services..." + docker-compose up -d +} + +down() { + echo "Shutting down AzuraCast services..." + docker-compose down +} + +restart() { + down + up +} + +# Ensure we're in the same directory as this script. +cd "$( dirname "${BASH_SOURCE[0]}" )" || exit + +"$@" From c4360a2497f3dd79cc2a28ec7f2f395055b4e40e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 12:06:39 -0500 Subject: [PATCH 0599/1758] curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/stable/sample.env -o sample.env --- roles/azuracast/upstream/sample.env | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 roles/azuracast/upstream/sample.env diff --git a/roles/azuracast/upstream/sample.env b/roles/azuracast/upstream/sample.env new file mode 100644 index 000000000..303905de1 --- /dev/null +++ b/roles/azuracast/upstream/sample.env @@ -0,0 +1,11 @@ +COMPOSE_PROJECT_NAME=azuracast + +AZURACAST_HTTP_PORT=80 +AZURACAST_HTTPS_PORT=443 + +AZURACAST_SFTP_PORT=2022 + +AZURACAST_PUID=1000 +AZURACAST_PGID=1000 + +NGINX_TIMEOUT=1800 From 89ca8f58b98014d0a552329aa4faeb8e5013c7ea Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 12:09:18 -0500 Subject: [PATCH 0600/1758] curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/stable/azuracast.sample.env -o azuracast.sample.env --- roles/azuracast/upstream/azuracast.sample.env | 161 ++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 roles/azuracast/upstream/azuracast.sample.env diff --git a/roles/azuracast/upstream/azuracast.sample.env b/roles/azuracast/upstream/azuracast.sample.env new file mode 100644 index 000000000..225b0fb4e --- /dev/null +++ b/roles/azuracast/upstream/azuracast.sample.env @@ -0,0 +1,161 @@ +# +# AzuraCast Customization +# + +# The application environment. +# Valid options: production, development, testing +APPLICATION_ENV=production + +# Manually modify the logging level. +# This allows you to log debug-level errors temporarily (for problem-solving) or reduce +# the volume of logs that are produced by your installation, without needing to modify +# whether your installation is a production or development instance. +# Valid options: debug, info, notice, warning, error, critical, alert, emergency +# LOG_LEVEL=notice + +# Enable the composer "merge" functionality to combine the main application's +# composer.json file with any plugins' composer files. +# This can have performance implications, so you should only use it if +# you use one or more plugins with their own Composer dependencies. +# Valid options: true, false +COMPOSER_PLUGIN_MODE=false + +# The minimum port number to use when automatically assigning ports to a station. +# By default, this matches the first forwarded port on the "stations" container. +# You can modify this variable if your station port range is different. +# Be sure to also forward the necessary ports via `docker-compose.yml` +# (and nginx, if you want to use the built-in port-80/443 proxy)! +AUTO_ASSIGN_PORT_MIN=8000 + +# The maximum port number to use when automatically assigning ports to a station. +# See AUTO_ASSIGN_PORT_MIN. +AUTO_ASSIGN_PORT_MAX=8499 + +# This allows you to debug Slim Application Errors you may encounter +# By default, this is disabled to prevent users from seeing privileged information +# Please report any Slim Application Error logs to the development team on GitHub +# Valid options: true, false +SHOW_DETAILED_ERRORS=false + + +# +# Database Configuration +# -- +# Once the database has been installed, DO NOT CHANGE these values! +# + +# The host to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: localhost +# MYSQL_HOST=localhost + +# The port to connect to. Leave this as the default value unless you're connecting +# to an external database server. +# Default: 3306 +# MYSQL_PORT=3306 + +# The username AzuraCast will use to connect to the database. +# Default: azuracast +# MYSQL_USER=azuracast + +# The password AzuraCast will use to connect to the database. +# By default, the database is not exposed to the Internet at all and this is only +# an internal password used by the service itself. +# Default: azur4c457 +MYSQL_PASSWORD=azur4c457 + +# The name of the AzuraCast database. +# Default: azuracast +# MYSQL_DATABASE=azuracast + +# Automatically generate a random root password upon the first database spin-up. +# This password will be visible in the mariadb container's logs. +# Default: yes +MYSQL_RANDOM_ROOT_PASSWORD=yes + +# Log slower queries for the purpose of diagnosing issues. Only turn this on when +# you need to, by uncommenting this and switching it to 1. +# To read the slow query log once enabled, run: +# docker-compose exec mariadb slow_queries +# Default: 0 +# MYSQL_SLOW_QUERY_LOG=0 + +# Set the amount of allowed connections to the database. This value should be increased +# if you are seeing the `Too many connections` error in the logs. +# Default: 100 +# MYSQL_MAX_CONNECTIONS=100 + +# +# Redis Configuration +# +# Uncomment these fields if you are using a third-party Redis host instead of the one provided with AzuraCast. +# Do not modify these fields if you are using the standard AzuraCast Redis host. +# + +# Whether to use the Redis cache; if set to false, will disable Redis and use flatfile cache instead. +# Default: true +# ENABLE_REDIS=true + +# Name of the Redis host. +# Default: localhost +# REDIS_HOST=localhost + +# Port to connect to on the Redis host. +# Default: 6379 +# REDIS_PORT=6379 + +# Database index to use on the Redis host. +# Default: 1 +# REDIS_DB=1 + +# +# Advanced Configuration +# + +# PHP's maximum POST body size and max upload filesize. +# PHP_MAX_FILE_SIZE=25M + +# PHP's maximum memory limit. +# PHP_MEMORY_LIMIT=128M + +# PHP's maximum script execution time (in seconds). +# PHP_MAX_EXECUTION_TIME=30 + +# The maximum execution time (and lock timeout) for the 15-second, 1-minute and 5-minute synchronization tasks. +# SYNC_SHORT_EXECUTION_TIME=600 + +# The maximum execution time (and lock timeout) for the 1-hour synchronization task. +# SYNC_LONG_EXECUTION_TIME=1800 + +# Maximum number of PHP-FPM worker processes to spawn. +# PHP_FPM_MAX_CHILDREN=5 + +# +# PHP-SPX profiling extension Configuration +# +# These environment variables allow you to enable and configure the PHP-SPX profiling extension +# which can be helpful when debugging resource issues in AzuraCast. +# +# The profiling dashboard can be accessed by visting https://yourdomain.com/?SPX_KEY=dev&SPX_UI_URI=/ +# If you change the PROFILING_EXTENSION_HTTP_KEY variable change the value for SPX_KEY accordingly. +# + +# Enable the profiling extension. +# Profiling data can be viewed by visiting http://your-azuracast-site/?SPX_KEY=dev&SPX_UI_URI=/ +# Default: 0 +# PROFILING_EXTENSION_ENABLED=0 + +# Profile ALL requests made to this account. +# This will have significant performance impact on your installation and should only be used in test circumstances. +# Default: 0 +# PROFILING_EXTENSION_ALWAYS_ON=0 + +# Configure the value for the SPX_KEY parameter needed to access the profiling dashboard +# Default: dev +# PROFILING_EXTENSION_HTTP_KEY=dev + +# Configure the IP whitelist for the profiling dashboard +# By default only localhost is allowed to access this page. +# Uncomment this line to enable access for you. +# Default: 127.0.0.1 +# PROFILING_EXTENSION_HTTP_IP_WHITELIST=* From 2f235a57ab2d2c617276fb9b6b79057313e6d5d1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 12:10:42 -0500 Subject: [PATCH 0601/1758] curl -fsSL https://raw.githubusercontent.com/AzuraCast/AzuraCast/stable/docker-compose.sample.yml -o docker-compose.sample.yml --- .../upstream/docker-compose.sample.yml | 214 ++++++++++++++++++ 1 file changed, 214 insertions(+) create mode 100644 roles/azuracast/upstream/docker-compose.sample.yml diff --git a/roles/azuracast/upstream/docker-compose.sample.yml b/roles/azuracast/upstream/docker-compose.sample.yml new file mode 100644 index 000000000..3c3759957 --- /dev/null +++ b/roles/azuracast/upstream/docker-compose.sample.yml @@ -0,0 +1,214 @@ +# +# AzuraCast Docker Compose Configuration File +# +# When updating, you will be prompted to replace this file with a new +# version; you should do this whenever possible to take advantage of +# new updates. +# +# If you need to customize this file, you can create a new file named: +# docker-compose.override.yml +# with any changes you need to make. +# + +services: + web: + container_name: azuracast + image: "ghcr.io/azuracast/azuracast:${AZURACAST_VERSION:-latest}" + # Want to customize the HTTP/S ports? Follow the instructions here: + # https://docs.azuracast.com/en/administration/docker#using-non-standard-ports + ports: + - '${AZURACAST_HTTP_PORT:-80}:80' + - '${AZURACAST_HTTPS_PORT:-443}:443' + - '${AZURACAST_SFTP_PORT:-2022}:2022' + # This default mapping is the outgoing and incoming ports for the first 50 stations. + # You can override this port mapping in your own docker-compose.override.yml file. + # For instructions, see: + # https://docs.azuracast.com/en/administration/docker#expanding-the-station-port-range + - '8000:8000' + - '8005:8005' + - '8006:8006' + - '8010:8010' + - '8015:8015' + - '8016:8016' + - '8020:8020' + - '8025:8025' + - '8026:8026' + - '8030:8030' + - '8035:8035' + - '8036:8036' + - '8040:8040' + - '8045:8045' + - '8046:8046' + - '8050:8050' + - '8055:8055' + - '8056:8056' + - '8060:8060' + - '8065:8065' + - '8066:8066' + - '8070:8070' + - '8075:8075' + - '8076:8076' + - '8090:8090' + - '8095:8095' + - '8096:8096' + - '8100:8100' + - '8105:8105' + - '8106:8106' + - '8110:8110' + - '8115:8115' + - '8116:8116' + - '8120:8120' + - '8125:8125' + - '8126:8126' + - '8130:8130' + - '8135:8135' + - '8136:8136' + - '8140:8140' + - '8145:8145' + - '8146:8146' + - '8150:8150' + - '8155:8155' + - '8156:8156' + - '8160:8160' + - '8165:8165' + - '8166:8166' + - '8170:8170' + - '8175:8175' + - '8176:8176' + - '8180:8180' + - '8185:8185' + - '8186:8186' + - '8190:8190' + - '8195:8195' + - '8196:8196' + - '8200:8200' + - '8205:8205' + - '8206:8206' + - '8210:8210' + - '8215:8215' + - '8216:8216' + - '8220:8220' + - '8225:8225' + - '8226:8226' + - '8230:8230' + - '8235:8235' + - '8236:8236' + - '8240:8240' + - '8245:8245' + - '8246:8246' + - '8250:8250' + - '8255:8255' + - '8256:8256' + - '8260:8260' + - '8265:8265' + - '8266:8266' + - '8270:8270' + - '8275:8275' + - '8276:8276' + - '8280:8280' + - '8285:8285' + - '8286:8286' + - '8290:8290' + - '8295:8295' + - '8296:8296' + - '8300:8300' + - '8305:8305' + - '8306:8306' + - '8310:8310' + - '8315:8315' + - '8316:8316' + - '8320:8320' + - '8325:8325' + - '8326:8326' + - '8330:8330' + - '8335:8335' + - '8336:8336' + - '8340:8340' + - '8345:8345' + - '8346:8346' + - '8350:8350' + - '8355:8355' + - '8356:8356' + - '8360:8360' + - '8365:8365' + - '8366:8366' + - '8370:8370' + - '8375:8375' + - '8376:8376' + - '8380:8380' + - '8385:8385' + - '8386:8386' + - '8390:8390' + - '8395:8395' + - '8396:8396' + - '8400:8400' + - '8405:8405' + - '8406:8406' + - '8410:8410' + - '8415:8415' + - '8416:8416' + - '8420:8420' + - '8425:8425' + - '8426:8426' + - '8430:8430' + - '8435:8435' + - '8436:8436' + - '8440:8440' + - '8445:8445' + - '8446:8446' + - '8450:8450' + - '8455:8455' + - '8456:8456' + - '8460:8460' + - '8465:8465' + - '8466:8466' + - '8470:8470' + - '8475:8475' + - '8476:8476' + - '8480:8480' + - '8485:8485' + - '8486:8486' + - '8490:8490' + - '8495:8495' + - '8496:8496' + env_file: azuracast.env + environment: + LANG: ${LANG:-en_US.UTF-8} + AZURACAST_DC_REVISION: 14 + AZURACAST_VERSION: ${AZURACAST_VERSION:-latest} + AZURACAST_SFTP_PORT: ${AZURACAST_SFTP_PORT:-2022} + NGINX_TIMEOUT: ${NGINX_TIMEOUT:-1800} + LETSENCRYPT_HOST: ${LETSENCRYPT_HOST:-} + LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL:-} + PUID: ${AZURACAST_PUID:-1000} + PGID: ${AZURACAST_PGID:-1000} + volumes: + - www_uploads:/var/azuracast/uploads + - station_data:/var/azuracast/stations + - shoutcast2_install:/var/azuracast/servers/shoutcast2 + - stereo_tool_install:/var/azuracast/servers/stereo_tool + - geolite_install:/var/azuracast/geoip + - sftpgo_data:/var/azuracast/sftpgo/persist + - backups:/var/azuracast/backups + - acme:/var/azuracast/acme + - db_data:/var/lib/mysql + restart: unless-stopped + ulimits: &default-ulimits + nofile: + soft: 65536 + hard: 65536 + logging: &default-logging + options: + max-size: "1m" + max-file: "5" + +volumes: + db_data: { } + acme: { } + shoutcast2_install: { } + stereo_tool_install: { } + geolite_install: { } + sftpgo_data: { } + station_data: { } + www_uploads: { } + backups: { } From 3adafc96f1f5d40b7062a768ce2be15bf483475a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 14:14:56 -0500 Subject: [PATCH 0602/1758] add notes.txt --- roles/azuracast/upstream/notes.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 roles/azuracast/upstream/notes.txt diff --git a/roles/azuracast/upstream/notes.txt b/roles/azuracast/upstream/notes.txt new file mode 100644 index 000000000..47be401bc --- /dev/null +++ b/roles/azuracast/upstream/notes.txt @@ -0,0 +1 @@ +The three file found here are mentioned in docker.sh's run-installer() with 'sample.' added to the filename From bae65ad64ead99fff4d0601142f7049f4bf5b203 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 14:28:02 -0500 Subject: [PATCH 0603/1758] whitespace and use 'prod.env' --- roles/azuracast/tasks/install.yml | 12 +++---- roles/azuracast/templates/prod.env | 54 ++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 6 deletions(-) create mode 100644 roles/azuracast/templates/prod.env diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index febb7302d..1929e6194 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -1,11 +1,11 @@ - name: AzuraCast - Make config directory {{ azuracast_host_dir }} - file: + file: path: "{{ azuracast_host_dir }}" state: directory - name: AzuraCast - Install {{ azuracast_host_dir }}/.env from template template: - src: env.j2 + src: prod.j2 dest: "{{ azuracast_host_dir }}/.env" #owner: root #group: root @@ -27,7 +27,7 @@ timeout: "{{ download_timeout }}" - name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }} - get_url: + get_url: url: "{{ docker_compose_url }}" dest: "{{ azuracast_host_dir }}/docker-compose.yml" mode: 0755 @@ -55,15 +55,15 @@ mode: 0644 - name: AzuraCast - Make directory {{ docker_container_dir }} - file: + file: path: "{{ docker_container_dir }}" state: directory - + - name: AzuraCast - Symlink /var/lib/docker -> {{ docker_container_dir }} file: src: "{{ docker_container_dir }}" path: /var/lib/docker - state: link + state: link - name: AzuraCast - Setup for stable channel install shell: "yes 'Y' | /bin/bash docker.sh setup-release" diff --git a/roles/azuracast/templates/prod.env b/roles/azuracast/templates/prod.env new file mode 100644 index 000000000..58fc11d3e --- /dev/null +++ b/roles/azuracast/templates/prod.env @@ -0,0 +1,54 @@ +# This file was automatically generated by AzuraCast and modified for IIAB +# You can modify it as necessary. To apply changes, restart the Docker containers. +# Remove the leading "#" symbol from lines to uncomment them. + +# (Docker Compose) All Docker containers are prefixed by this name. Do not change this after installation. +# Default: azuracast +COMPOSE_PROJECT_NAME=azuracast + +# (Docker Compose) The amount of time to wait before a Docker Compose operation fails. Increase this on lower performance computers. +# Default: 300 +COMPOSE_HTTP_TIMEOUT=300 + +# Release Channel +# Valid options: latest, stable +# Default: latest +AZURACAST_VERSION=stable + +NGINX_TIMEOUT=1800 +# HTTP Port +# The main port AzuraCast listens to for insecure HTTP connections. +# Default: 80 +AZURACAST_HTTP_PORT={{ azuracast_http_port }} + +# HTTPS Port +# The main port AzuraCast listens to for secure HTTPS connections. +# Default: 443 +AZURACAST_HTTPS_PORT={{ azuracast_https_port }} + +# SFTP Port +# The port AzuraCast listens to for SFTP file management connections. +# Default: 2022 +AZURACAST_SFTP_PORT=2022 + +# Station Ports +# The ports AzuraCast should listen to for station broadcasts and incoming DJ +# connections. +# Default: 8000,8005,8006,8010,8015,8016,8020,8025,8026,8030,8035,8036,8040,8045,8046,8050,8055,8056,8060,8065,8066,8070,8075,8076,8090,8095,8096,8100,8105,8106,8110,8115,8116,8120,8125,8126,8130,8135,8136,8140,8145,8146,8150,8155,8156,8160,8165,8166,8170,8175,8176,8180,8185,8186,8190,8195,8196,8200,8205,8206,8210,8215,8216,8220,8225,8226,8230,8235,8236,8240,8245,8246,8250,8255,8256,8260,8265,8266,8270,8275,8276,8280,8285,8286,8290,8295,8296,8300,8305,8306,8310,8315,8316,8320,8325,8326,8330,8335,8336,8340,8345,8346,8350,8355,8356,8360,8365,8366,8370,8375,8376,8380,8385,8386,8390,8395,8396,8400,8405,8406,8410,8415,8416,8420,8425,8426,8430,8435,8436,8440,8445,8446,8450,8455,8456,8460,8465,8466,8470,8475,8476,8480,8485,8486,8490,8495,8496 +AZURACAST_STATION_PORTS=10000,10005,10006,10010,10015,10016,10020,10025,10026,10030,10035,10036,10040,10045,10046,10050,10055,10056,10060,10065,10066,10070,10075,10076,10080,10085,10086,10090,10095,10096,10100,10105,10106,10110,10115,10116,10120,10125,10126,10130,10135,10136,10140,10145,10146,10150,10155,10156,10160,10165,10166,10170,10175,10176,10180,10185,10186,10190,10195,10196,10200,10205,10206,10210,10215,10216,10220,10225,10226,10230,10235,10236,10240,10245,10246,10250,10255,10256,10260,10265,10266,10270,10275,10276,10280,10285,10286,10290,10295,10296,10300,10305,10306,10310,10315,10316,10320,10325,10326,10330,10335,10336,10340,10345,10346,10350,10355,10356,10360,10365,10366,10370,10375,10376,10380,10385,10386,10390,10395,10396,10400,10405,10406,10410,10415,10416,10420,10425,10426,10430,10435,10436,10440,10445,10446,10450,10455,10456,10460,10465,10466,10470,10475,10476,10480,10485,10486,10490,10495,10496 + +# Docker User UID +# Set the UID of the user running inside the Docker containers. Matching this +# with your host UID can fix permission issues. +# Default: 1000 +AZURACAST_PUID=1000 + +# Docker User GID +# Set the GID of the user running inside the Docker containers. Matching this +# with your host GID can fix permission issues. +# Default: 1000 +AZURACAST_PGID=1000 + +# Advanced: Use Privileged Docker Settings +# Default: true +AZURACAST_COMPOSE_PRIVILEGED=true From de282a85cd95ce831bc7c1737b6454adad568ad9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 29 Aug 2022 14:36:17 -0500 Subject: [PATCH 0604/1758] clean up --- ....override.yml.j2 => docker-compose.override.yml.j2.unused} | 0 roles/azuracast/{templates/env.j2 => env.j2.unused} | 0 roles/azuracast/templates/azuracast.env | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename roles/azuracast/{templates/docker-compose.override.yml.j2 => docker-compose.override.yml.j2.unused} (100%) rename roles/azuracast/{templates/env.j2 => env.j2.unused} (100%) diff --git a/roles/azuracast/templates/docker-compose.override.yml.j2 b/roles/azuracast/docker-compose.override.yml.j2.unused similarity index 100% rename from roles/azuracast/templates/docker-compose.override.yml.j2 rename to roles/azuracast/docker-compose.override.yml.j2.unused diff --git a/roles/azuracast/templates/env.j2 b/roles/azuracast/env.j2.unused similarity index 100% rename from roles/azuracast/templates/env.j2 rename to roles/azuracast/env.j2.unused diff --git a/roles/azuracast/templates/azuracast.env b/roles/azuracast/templates/azuracast.env index 75ff47f6b..313fffc59 100644 --- a/roles/azuracast/templates/azuracast.env +++ b/roles/azuracast/templates/azuracast.env @@ -26,11 +26,11 @@ COMPOSER_PLUGIN_MODE=false # You can modify this variable if your station port range is different. # Be sure to also forward the necessary ports via `docker-compose.yml` # (and nginx, if you want to use the built-in port-80/443 proxy)! -AUTO_ASSIGN_PORT_MIN=10000 +AUTO_ASSIGN_PORT_MIN="{{ azuracast_port_range_prefix }}000" # The maximum port number to use when automatically assigning ports to a station. # See AUTO_ASSIGN_PORT_MIN. -AUTO_ASSIGN_PORT_MAX=10499 +AUTO_ASSIGN_PORT_MAX="{{ azuracast_port_range_prefix }}499" # # Database Configuration From a47789600325a4eb19ce963a338cb3db6f7def1e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 30 Aug 2022 04:54:21 -0500 Subject: [PATCH 0605/1758] use .j2 --- .../templates/prod.env => prod.env.j2 | 0 roles/azuracast/tasks/install.yml | 2 +- .../templates/azuracast-nginx.conf.j2 | 24 +++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) rename roles/azuracast/templates/prod.env => prod.env.j2 (100%) create mode 100644 roles/azuracast/templates/azuracast-nginx.conf.j2 diff --git a/roles/azuracast/templates/prod.env b/prod.env.j2 similarity index 100% rename from roles/azuracast/templates/prod.env rename to prod.env.j2 diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 1929e6194..5f4e43ff6 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -5,7 +5,7 @@ - name: AzuraCast - Install {{ azuracast_host_dir }}/.env from template template: - src: prod.j2 + src: prod.env.j2 dest: "{{ azuracast_host_dir }}/.env" #owner: root #group: root diff --git a/roles/azuracast/templates/azuracast-nginx.conf.j2 b/roles/azuracast/templates/azuracast-nginx.conf.j2 new file mode 100644 index 000000000..985f10602 --- /dev/null +++ b/roles/azuracast/templates/azuracast-nginx.conf.j2 @@ -0,0 +1,24 @@ +location /azuracast/ + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /azureacast; + proxy_pass http://127.0.0.1:{{ azuracast_http_port }}; +} + +location /radio/ { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /radio; + proxy_pass http://127.0.0.1:{{ azuracast_http_port }}; +} + +# http://box/livres +location {{ calibreweb_url3 }}/ { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name {{ calibreweb_url3 }}; + proxy_pass http://127.0.0.1:8083; +} From a168afeeeff501433310401c6f4da9921837bd2a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 30 Aug 2022 10:56:42 -0400 Subject: [PATCH 0606/1758] 6-generic-apps/tasks/main.yml: AzuraCast restoration --- roles/6-generic-apps/tasks/main.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 1c36cb5d3..4c4ea9522 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -3,12 +3,6 @@ - name: ...IS BEGINNING ==================================== meta: noop -# UNMAINTAINED -- name: AZURACAST - include_role: - name: azuracast - when: azuracast_install is defined and azuracast_install - # UNMAINTAINED - name: DOKUWIKI include_role: @@ -27,6 +21,11 @@ name: elgg when: elgg_install is defined and elgg_install +- name: AZURACAST + include_role: + name: azuracast + when: azuracast_install + - name: GITEA include_role: name: gitea From 45525c5397b2afb464526a09bffbe1fdc167776c Mon Sep 17 00:00:00 2001 From: cwivagg Date: Wed, 31 Aug 2022 06:42:47 -0400 Subject: [PATCH 0607/1758] Harden Matomo install for timezone issue Additionally, temporarily switch apache_user to www-data to unblock access to Matomo. Will debug later. --- roles/matomo/tasks/install.yml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 68942ea3c..e848f7172 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -39,8 +39,8 @@ file: path: "{{ matomo_path }}/matomo" recurse: yes - owner: "{{ apache_user }}" # e.g. www-data - group: "{{ apache_user }}" + owner: www-data + group: www-data - name: HTTP Get Welcome uri: @@ -139,8 +139,22 @@ url: "{{ matomo_host_url }}" ecommerce: 0 body_format: form-urlencoded + register: _result + +- name: Fallback Configure Matomo to track IIAB + uri: + url: "{{ matomo_full_url }}index.php?action=firstWebsiteSetup&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + siteName: "IIAB" + url: "{{ matomo_host_url }}" + timezone: "Europe/London" + ecommerce: 0 + body_format: form-urlencoded status_code: 302 - #register: matomo_first_website_setup + when: _result.status == 200 - name: Matomo Tracking Code uri: From d0feb297ce101deab9675beac807989d1bf5de25 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Wed, 31 Aug 2022 08:02:04 -0400 Subject: [PATCH 0608/1758] Accept both status codes for pre-fallback step --- roles/matomo/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index e848f7172..1f37a4fc0 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -139,6 +139,7 @@ url: "{{ matomo_host_url }}" ecommerce: 0 body_format: form-urlencoded + status_code: [200, 302] register: _result - name: Fallback Configure Matomo to track IIAB From da479832527b6b9a88ed0472c5ccde525526bc8e Mon Sep 17 00:00:00 2001 From: cwivagg Date: Wed, 31 Aug 2022 09:13:53 -0400 Subject: [PATCH 0609/1758] Update install.yml --- roles/matomo/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 1f37a4fc0..e5d22fcfb 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -39,8 +39,8 @@ file: path: "{{ matomo_path }}/matomo" recurse: yes - owner: www-data - group: www-data + owner: "{{ apache_user }}" # e.g. www-data + group: "{{ apache_user }}" - name: HTTP Get Welcome uri: From 162c86236b7aaa5f66596da393a156edf2ab6ce4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:26:03 -0400 Subject: [PATCH 0610/1758] Update azuracast/README.rst 3+ years later (WiP) --- roles/azuracast/README.rst | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index fca21ce96..da7d1abab 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -2,18 +2,37 @@ AzuraCast README ================ -This playbook adds `AzuraCast `_ to Internet-in-a-Box (IIAB) for network radio station functionality. With 'AzuraCast' you and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported. +This playbook adds `AzuraCast `_ to Internet-in-a-Box (IIAB) for "radio station" functionality. You and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported. -Please see AzuraCast's `screenshots `_. +As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar) for you, using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). -As of 2019-08-04, this will only run on Ubuntu 18.04, and tentatively on Debian 10 "Buster" (`#1766 `_). Support for Raspberry Pi remains a goal for now — please if you can, consider helping us solve this critical challenge (`#1772 `_, `AzuraCast/AzuraCast#332 `_). +Please see AzuraCast's `screenshots `_ and `docs <./README.rst#Requirements>`_. + +Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc. + +Requirements +------------ + +AzuraCast recommends `2-to-4 GB RAM minimum `_. + +As of 2022-08-31, AzuraCast should run on Ubuntu 22.04 and 64-bit Raspberry Pi OS: `#1772 `_, `AzuraCast/AzuraCast#332 `_, `PR #2946 `_ + +Other Linux distributions may also work, at your own risk, especially if Docker runs smoothly. Using It -------- -* Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. -* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:10080 +* Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when IIAB's installer prompts you to edit `/etc/iiab/local_vars.yml `_ +* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:12080 * This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! -Note: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 10000-10100 `_. +Note: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 12000-12100 `_ (port 12443 may also be required!) + +AzuraCast Docs +-------------- + +- https://docs.azuracast.com +- https://docs.azuracast.com/en/getting-started/installation/post-installation-steps +- https://docs.azuracast.com/en/getting-started/updates +- https://docs.azuracast.com/en/user-guide/streaming-software From 80513db2673895026a7ebc8a2a0bd1825d52e9c2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:30:32 -0400 Subject: [PATCH 0611/1758] azuracast/README.rst: Fix anchor tag #azuracast-docs --- roles/azuracast/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index da7d1abab..7d3f05f92 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -6,7 +6,7 @@ This playbook adds `AzuraCast `_ to Internet-in-a-Box (I As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar) for you, using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). -Please see AzuraCast's `screenshots `_ and `docs <./README.rst#Requirements>`_. +Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc. From 1d6a6b3bd48e0059f556771d7d90a1b82d84e59a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:32:26 -0400 Subject: [PATCH 0612/1758] azuracast/README.rst: Emphasize RasPiOS needs to be 64-bit --- roles/azuracast/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 7d3f05f92..515a8c6de 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -15,7 +15,7 @@ Requirements AzuraCast recommends `2-to-4 GB RAM minimum `_. -As of 2022-08-31, AzuraCast should run on Ubuntu 22.04 and 64-bit Raspberry Pi OS: `#1772 `_, `AzuraCast/AzuraCast#332 `_, `PR #2946 `_ +As of 2022-08-31, AzuraCast should run on Ubuntu 22.04 and **64-bit** Raspberry Pi OS: `#1772 `_, `AzuraCast/AzuraCast#332 `_, `PR #2946 `_ Other Linux distributions may also work, at your own risk, especially if Docker runs smoothly. From f691b389ba277f4eb1598142bbcabacdd99618ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:40:23 -0400 Subject: [PATCH 0613/1758] Install AzuraCast in Stage 9 (9-local-addons) --- roles/9-local-addons/tasks/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index d63d5b8c1..f9ea8e20f 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -3,7 +3,12 @@ - name: ...IS BEGINNING ==================================== meta: noop -# Is porting to Python 3 complete, and if so does this belong elsewhere? +- name: AZURACAST + include_role: + name: azuracast + when: azuracast_install + +# Porting to Python 3 is complete: does this belong elsewhere? - name: CAPTIVE PORTAL include_role: name: captiveportal From 1e5e3c25b325d74b86a611a12ed3d1af06e28a84 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:41:03 -0400 Subject: [PATCH 0614/1758] 6-generic-apps/tasks/main.yml: AzuraCast moved to Stage 9 --- roles/6-generic-apps/tasks/main.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 4c4ea9522..f43e878f3 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -21,11 +21,6 @@ name: elgg when: elgg_install is defined and elgg_install -- name: AZURACAST - include_role: - name: azuracast - when: azuracast_install - - name: GITEA include_role: name: gitea From 0b822d7204b1c05b11ecbf08f4f2991c34cc9c75 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 09:55:40 -0400 Subject: [PATCH 0615/1758] Tighten up azuracast/README.rst --- roles/azuracast/README.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 515a8c6de..e4d750046 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -2,9 +2,9 @@ AzuraCast README ================ -This playbook adds `AzuraCast `_ to Internet-in-a-Box (IIAB) for "radio station" functionality. You and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported. +Install `AzuraCast `_ to your Internet-in-a-Box (IIAB) if you want "radio station" functionality. You and your community can then schedule podcasts, music, and even do live streaming of audio content (video streaming might also be possible in future!) -As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar) for you, using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). +As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar files) using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. @@ -24,10 +24,10 @@ Using It * Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when IIAB's installer prompts you to edit `/etc/iiab/local_vars.yml `_ * When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:12080 -* This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. +* That console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! -Note: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 12000-12100 `_ (port 12443 may also be required!) +NOTE: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 12000-12100 `_ (port 12443 may also be required!) AzuraCast Docs -------------- From 624c4d8aaa0eb0b7725bd38cc401a792b7dbf7b0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 15:39:30 -0400 Subject: [PATCH 0616/1758] kolibri/tasks/install.yml: Clarify Mint 21 special case 'jammy' --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 84e742c7b..4323f0932 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -69,7 +69,7 @@ - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) apt_repository: repo: ppa:learningequality/kolibri - codename: jammy # CONSOLIDATE THIS STANZA WITH UBUNTU ABOVE IN FUTURE? + codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? when: is_linuxmint_21 - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) From e9564cab3613e7b53bfab7a2e68740a7a86c28d7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 16:07:19 -0400 Subject: [PATCH 0617/1758] azuracast/tasks/main.yml: skip_role_on_error --- roles/azuracast/tasks/main.yml | 43 ++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/roles/azuracast/tasks/main.yml b/roles/azuracast/tasks/main.yml index ef9c28914..c4e69ec0c 100644 --- a/roles/azuracast/tasks/main.yml +++ b/roles/azuracast/tasks/main.yml @@ -19,25 +19,32 @@ quiet: yes -- name: Install AzuraCast if 'azuracast_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: azuracast_installed is undefined +- block: + - name: Install AzuraCast if 'azuracast_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: azuracast_installed is undefined -# TODO figure out what to turn off/on for AzuraCast -# - include_tasks: enable-or-disable.yml + # TODO figure out what to turn off/on for AzuraCast + # - include_tasks: enable-or-disable.yml + - name: Add 'azuracast' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: azuracast + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: azuracast + - option: description + value: '"AzuraCast is a self-hosted, all-in-one radio station platform. Use AzuraCast to schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported."' + - option: enabled + value: "{{ azuracast_enabled }}" -- name: Add 'azuracast' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: azuracast - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: azuracast - - option: description - value: '"AzuraCast is a self-hosted, all-in-one radio station platform. Use AzuraCast to schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported."' - - option: enabled - value: "{{ azuracast_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From 2927f086a2a7443f843db3e7521be8de71d68660 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 16:19:32 -0400 Subject: [PATCH 0618/1758] azuracast/tasks/main.yml: Tighter iiab.ini description --- roles/azuracast/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/tasks/main.yml b/roles/azuracast/tasks/main.yml index c4e69ec0c..2fe95b682 100644 --- a/roles/azuracast/tasks/main.yml +++ b/roles/azuracast/tasks/main.yml @@ -38,7 +38,7 @@ - option: name value: azuracast - option: description - value: '"AzuraCast is a self-hosted, all-in-one radio station platform. Use AzuraCast to schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported."' + value: '"AzuraCast is simple, self-hosted web radio. Use it to schedule student newscasts, podcasts, music (e.g. MP3's and similar) and even do live-streaming."' - option: enabled value: "{{ azuracast_enabled }}" From 20ed74ea517ef82b63b366d24e66cc1ebbdcf5ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 16:22:04 -0400 Subject: [PATCH 0619/1758] azuracast/tasks/main.yml: iiab.ini description needs '' --- roles/azuracast/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/tasks/main.yml b/roles/azuracast/tasks/main.yml index 2fe95b682..6bc11b878 100644 --- a/roles/azuracast/tasks/main.yml +++ b/roles/azuracast/tasks/main.yml @@ -38,7 +38,7 @@ - option: name value: azuracast - option: description - value: '"AzuraCast is simple, self-hosted web radio. Use it to schedule student newscasts, podcasts, music (e.g. MP3's and similar) and even do live-streaming."' + value: '"AzuraCast is simple, self-hosted web radio. Use it to schedule student newscasts, podcasts, music (e.g. MP3''s and similar) and even do live-streaming."' - option: enabled value: "{{ azuracast_enabled }}" From 85e7d30e452b8a55d48f45197123fc9e6d24271f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 16:27:29 -0400 Subject: [PATCH 0620/1758] test.yml: Clarify '' to escape single quotes in 7 iiab.ini descriptions --- test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.yml b/test.yml index 032d35f23..ab0aeac9c 100644 --- a/test.yml +++ b/test.yml @@ -25,7 +25,7 @@ #- pause: - - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini Munin description + - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini descriptions for azuracast, captiveportal, mosquitto, munin, nodejs, osm-vector-maps, sshd debug: msg: '"''"' # FAILS: '"\'"' From f94a55b079bee91eeb2605f13dc1dabfcd8c651f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 31 Aug 2022 18:14:19 -0400 Subject: [PATCH 0621/1758] azuracast/README.rst: Cleaner explanation --- roles/azuracast/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index e4d750046..b76483ee1 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -2,13 +2,13 @@ AzuraCast README ================ -Install `AzuraCast `_ to your Internet-in-a-Box (IIAB) if you want "radio station" functionality. You and your community can then schedule podcasts, music, and even do live streaming of audio content (video streaming might also be possible in future!) +Install `AzuraCast `_ with your `Internet-in-a-Box (IIAB) `_ if you want a simple, self-hosted "web radio station" with a modern web UI/UX. You and your community can then schedule newscasts, podcasts, music, and even do live streaming of audio content (video streaming might also be possible in future!) As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar files) using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. -Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc. +Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. (If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc.) Requirements ------------ From 43c3ef4ddfe83e85090b949ed63958ec9cb7e3a5 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 31 Aug 2022 22:54:24 -0400 Subject: [PATCH 0622/1758] kolibri/tasks/install.yml: Modern apt keyring approach --- roles/kolibri/tasks/install.yml | 45 +++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 13 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 4323f0932..b519c95e1 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -44,11 +44,30 @@ # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html says: # "When you use the PPA installation method, upgrades to newer versions # will be automatic, provided there is internet access available." + # + # IN REALITY: Kolibri upgrades are still tricky, as 3 pink screens prompt you + # and PEOPLE WON'T KNOW TO TYPE IN things like Linux username 'kolibri' :/ - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) + # 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 + - name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg + shell: | + gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + + - name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04 or 22.10 or Mint 21 or Debian 12) apt_repository: - repo: ppa:learningequality/kolibri - when: is_ubuntu and not is_linuxmint + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" + when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 + + - name: Add signed Kolibri PPA 'focal' (other OS's) + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" + when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) + + # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) + # apt_repository: + # repo: ppa:learningequality/kolibri + # when: is_ubuntu and not is_linuxmint # 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on # Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) @@ -66,17 +85,17 @@ # 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also # want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) - apt_repository: - repo: ppa:learningequality/kolibri - codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? - when: is_linuxmint_21 + # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) + # apt_repository: + # repo: ppa:learningequality/kolibri + # codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? + # when: is_linuxmint_21 - - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) - apt_repository: - repo: ppa:learningequality/kolibri - codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) - when: is_debian or is_linuxmint_20 + # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) + # apt_repository: + # repo: ppa:learningequality/kolibri + # codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) + # when: is_debian or is_linuxmint_20 - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: From 55b0239ccbf038224ae1478fbb2d34a43ac1fd46 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Sep 2022 00:28:32 -0400 Subject: [PATCH 0623/1758] Document that apt upgrading Kolibri is risky (for now!) --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index b519c95e1..f0311fabb 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -45,8 +45,8 @@ # "When you use the PPA installation method, upgrades to newer versions # will be automatic, provided there is internet access available." # - # IN REALITY: Kolibri upgrades are still tricky, as 3 pink screens prompt you - # and PEOPLE WON'T KNOW TO TYPE IN things like Linux username 'kolibri' :/ + # IN REALITY: apt upgrading Kolibri is risky, as 3 pink/blue screens prompt + # PPL WHO DON'T KNOW TO TYPE IN things like Linux username 'kolibri' :/ #3356 # 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 - name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg From a6f89e59a42f0e5d42e4b4d8fdcc11b7782b31fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Sep 2022 00:31:05 -0400 Subject: [PATCH 0624/1758] kolibri/tasks/install.yml: PPA 'focal' (other/older OS's) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f0311fabb..191cba125 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -59,7 +59,7 @@ repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 - - name: Add signed Kolibri PPA 'focal' (other OS's) + - name: Add signed Kolibri PPA 'focal' (other/older OS's) apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) From bffe5227a05348e773ddd868b2177d03b87f4662 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Sep 2022 00:33:04 -0400 Subject: [PATCH 0625/1758] kolibri/tasks/install.yml: Clarify 'focal' (if other/older OS's) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 191cba125..91d347701 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -59,7 +59,7 @@ repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 - - name: Add signed Kolibri PPA 'focal' (other/older OS's) + - name: Add signed Kolibri PPA 'focal' (if other/older OS's) apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) From fea98739f9921f4f3dc75bc16dd8fce852a40c6d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 2 Sep 2022 07:04:47 -0400 Subject: [PATCH 0626/1758] azuracast/README.rst: Link to community example(s) --- roles/azuracast/README.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index b76483ee1..f230ae7a9 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -6,7 +6,10 @@ Install `AzuraCast `_ with your `Internet-in-a-Box (IIAB As soon as you install AzuraCast with IIAB, it can stream MP3 files (and similar files) using `LiquidSoap `_ to help you schedule or randomize playback of MP3 songs (and similar). -Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. +Please see AzuraCast's `screenshots `_ and `docs <./README.rst#azuracast-docs>`_. Community implementation examples: + +* https://twitter.com/internet_in_box/status/1564986581664014342 +* https://youtu.be/XfiFiOi46mk Optionally, live-streaming can also be made to work, e.g. if you install `Mixxx or BUTT `_ on your own. (If so, you have many options to configure streaming with `Icecast `_, `Shoutcast `_, etc.) From 1ddfab2eddcb748c619e9c2077f8805f66028e81 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:17:28 -0400 Subject: [PATCH 0627/1758] azuracast/defaults/main.yml: Update in-line docs --- roles/azuracast/defaults/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/azuracast/defaults/main.yml b/roles/azuracast/defaults/main.yml index 6e505649f..423682c12 100644 --- a/roles/azuracast/defaults/main.yml +++ b/roles/azuracast/defaults/main.yml @@ -1,17 +1,17 @@ -# A full-featured online radio station suite. -# Works on Ubuntu 18.04, Debian 9, 10. Uses docker +# A full-featured online radio station suite. Uses Docker. +# README: https://github.com/iiab/iiab/tree/master/roles/azuracast#readme # azuracast_install: False -# azuracast_enabled: False +# azuracast_enabled: False # This var is currently IGNORED -# azuracast_http_port: 10080 -# azuracast_https_port: 10443 +# azuracast_http_port: 12080 +# azuracast_https_port: 12443 -## AzuraCast needs many ports in the 8000:8100 range by default, but IIAB services -## conflict with those ports so this variable below sets a sane prefix. -## e.g. setting the below variable to 10 will result in port ranges 10000-10100 +## AzuraCast needs many ports in the 8000:8496 range by default, but IIAB +## services conflict, so this variable below sets a sane prefix. +## e.g. setting the below variable to 12 will result in port ranges 12000-12499 ## being reserved for AzuraCast: -# azuracast_port_range_prefix: 10 +# azuracast_port_range_prefix: 12 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From 6777e52d536868d8185304a36e360a014d6a3962 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:18:47 -0400 Subject: [PATCH 0628/1758] "azuracast_port_range_prefix: 12" in default_vars.yml --- vars/default_vars.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 00bdc9767..045102f0d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -381,11 +381,11 @@ azuracast_enabled: False # This var is currently IGNORED azuracast_http_port: 12080 azuracast_https_port: 12443 # -# AzuraCast needs many ports in the 8000:8100 range by default, but IIAB -# services conflict with those ports so this variable below sets a sane prefix. -# e.g. setting the below variable to 10 will result in port ranges 10000-10100 +# AzuraCast needs many ports in the 8000:8496 range by default, but IIAB +# services conflict, so this variable below sets a sane prefix. +# e.g. setting the below variable to 12 will result in port ranges 12000-12499 # being reserved for AzuraCast: -azuracast_port_range_prefix: 10 +azuracast_port_range_prefix: 12 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 #dokuwiki_install: False From c887768e11ea5ab397801a91fa39e0a652656064 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:26:34 -0400 Subject: [PATCH 0629/1758] azuracast/defaults/main.yml: Grammar typo --- roles/azuracast/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/defaults/main.yml b/roles/azuracast/defaults/main.yml index 423682c12..450ba867a 100644 --- a/roles/azuracast/defaults/main.yml +++ b/roles/azuracast/defaults/main.yml @@ -9,7 +9,7 @@ ## AzuraCast needs many ports in the 8000:8496 range by default, but IIAB ## services conflict, so this variable below sets a sane prefix. -## e.g. setting the below variable to 12 will result in port ranges 12000-12499 +## e.g. setting the below variable to 12 will result in port range 12000-12499 ## being reserved for AzuraCast: # azuracast_port_range_prefix: 12 From f6d1c9861688f37d8637cdb13d4746bcb3adf5a1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:27:38 -0400 Subject: [PATCH 0630/1758] default_vars.yml: Grammar typo RE: AzuraCast port range --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 045102f0d..d41ca1e82 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -383,7 +383,7 @@ azuracast_https_port: 12443 # # AzuraCast needs many ports in the 8000:8496 range by default, but IIAB # services conflict, so this variable below sets a sane prefix. -# e.g. setting the below variable to 12 will result in port ranges 12000-12499 +# e.g. setting the below variable to 12 will result in port range 12000-12499 # being reserved for AzuraCast: azuracast_port_range_prefix: 12 From 41140c65164294f30497b569d7164499d466b64c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:31:38 -0400 Subject: [PATCH 0631/1758] Update local_vars_unittest.yml --- vars/local_vars_unittest.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 7015d826d..f0fd76f47 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -233,10 +233,6 @@ nodocs: False # 6-GENERIC-APPS -# Simple, Self-Hosted Web Radio - from AzuraCast.com -azuracast_install: False -azuracast_enabled: False # This var is currently IGNORED. - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False @@ -368,6 +364,10 @@ vnstat_enabled: False # 9-LOCAL-ADDONS +# Simple, Self-Hosted Web Radio - from AzuraCast.com +azuracast_install: False +azuracast_enabled: False # This var is currently IGNORED. + # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively later refined (PRs #1179, #1300, #1327, #2070). From d7b1a99f4a23c4c7031d041628b24e14265adc00 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:31:43 -0400 Subject: [PATCH 0632/1758] Update local_vars_small.yml --- vars/local_vars_small.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 783009ab8..7e3092cbe 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -233,10 +233,6 @@ nodocs: False # 6-GENERIC-APPS -# Simple, Self-Hosted Web Radio - from AzuraCast.com -azuracast_install: False -azuracast_enabled: False # This var is currently IGNORED. - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False @@ -368,6 +364,10 @@ vnstat_enabled: False # 9-LOCAL-ADDONS +# Simple, Self-Hosted Web Radio - from AzuraCast.com +azuracast_install: False +azuracast_enabled: False # This var is currently IGNORED. + # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively later refined (PRs #1179, #1300, #1327, #2070). From 6b51db6865a2a9fe4a6326c8d835af60d99c10ce Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:31:49 -0400 Subject: [PATCH 0633/1758] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index c2cbb7708..6e695caeb 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -233,10 +233,6 @@ nodocs: False # 6-GENERIC-APPS -# Simple, Self-Hosted Web Radio - from AzuraCast.com -azuracast_install: False -azuracast_enabled: False # This var is currently IGNORED. - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False @@ -368,6 +364,10 @@ vnstat_enabled: False # 9-LOCAL-ADDONS +# Simple, Self-Hosted Web Radio - from AzuraCast.com +azuracast_install: False +azuracast_enabled: False # This var is currently IGNORED. + # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively later refined (PRs #1179, #1300, #1327, #2070). From f7afb80bb0e5dd54d7d8c448ec1492d5489a0f62 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Sep 2022 12:31:54 -0400 Subject: [PATCH 0634/1758] Update local_vars_large.yml --- vars/local_vars_large.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 588868b7f..624b01603 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -233,10 +233,6 @@ nodocs: False # 6-GENERIC-APPS -# Simple, Self-Hosted Web Radio - from AzuraCast.com -azuracast_install: False -azuracast_enabled: False # This var is currently IGNORED. - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: True gitea_enabled: True @@ -368,6 +364,10 @@ vnstat_enabled: True # 9-LOCAL-ADDONS +# Simple, Self-Hosted Web Radio - from AzuraCast.com +azuracast_install: False +azuracast_enabled: False # This var is currently IGNORED. + # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively later refined (PRs #1179, #1300, #1327, #2070). From 632085548ddf70b447d5dd270adf2f3841912bdc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 7 Sep 2022 09:10:05 -0500 Subject: [PATCH 0635/1758] Allow for NM with RPiOS https://www.raspberrypi.com/news/the-latest-update-to-raspberry-pi-os/ --- roles/network/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 67f9d28e7..c8b9aeac1 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -82,9 +82,9 @@ include_tasks: sysd-netd-debian.yml when: is_debuntu and systemd_networkd_active - - name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active + - name: Raspbian can use dhcpcd only with no N-M or SYS-NETD active include_tasks: rpi_debian.yml - when: is_raspbian + when: is_raspbian and not network_manager_active - name: Not RPi, Not NetworkManager, Not systemd-networkd in use include_tasks: debian.yml From 93490933bee66d30691a52049f48e843b050dc40 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 12:44:02 -0400 Subject: [PATCH 0636/1758] kolibri/tasks/install.yml: spacing around if/else block --- roles/kolibri/tasks/install.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 91d347701..b9826cdc2 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -31,6 +31,7 @@ content: 'KOLIBRI_HOME="{{ kolibri_home }}"' dest: /etc/kolibri/daemon.conf + - name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest @@ -106,6 +107,7 @@ when: kolibri_deb_url is undefined + - name: 'Install from template: /etc/systemd/system/kolibri.service' template: src: kolibri.service.j2 From b2e1fc609a14205ab8ad087c8235b07c04ceed6f Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 13:24:53 -0400 Subject: [PATCH 0637/1758] kolibri/tasks/install.yml: Mention @jredrejo's Ansible scripts --- roles/kolibri/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index b9826cdc2..4aedc53ae 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -1,3 +1,9 @@ +# 2022-09-08 @jredrejo's Ansible install scripts may provide guidelines: +# https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/common.yml +# https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/install.yml +# https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/offline.yml +# https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/online.yml + - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" From 17096e78b4a8306020c31a90ad8828bc74958310 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:00:33 -0400 Subject: [PATCH 0638/1758] remoteit/tasks/enable-or-disable.yml: Don't fail if svc(s) missing --- roles/remoteit/tasks/enable-or-disable.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 2d5570767..c80830a8b 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -43,6 +43,7 @@ with_items: - connectd - schannel + ignore_errors: yes when: not remoteit_enabled - name: Stop & Disable "Remote tcp connection services" remoteit@* found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service From 3b67ff0547f502396464aa62dae5da2d0ba0f1f9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:46:24 -0400 Subject: [PATCH 0639/1758] azuracast/defaults/main.yml: "# azuracast_port_range_prefix: 10" for now --- roles/azuracast/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/defaults/main.yml b/roles/azuracast/defaults/main.yml index 450ba867a..86bc22db7 100644 --- a/roles/azuracast/defaults/main.yml +++ b/roles/azuracast/defaults/main.yml @@ -11,7 +11,7 @@ ## services conflict, so this variable below sets a sane prefix. ## e.g. setting the below variable to 12 will result in port range 12000-12499 ## being reserved for AzuraCast: -# azuracast_port_range_prefix: 12 +# azuracast_port_range_prefix: 10 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From cd88b73b4e0ec44e6e2da791fa0e711d9b1bd6f1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:47:07 -0400 Subject: [PATCH 0640/1758] default_vars.yml: "azuracast_port_range_prefix: 10" for now --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index d41ca1e82..9b4cff1dc 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -385,7 +385,7 @@ azuracast_https_port: 12443 # services conflict, so this variable below sets a sane prefix. # e.g. setting the below variable to 12 will result in port range 12000-12499 # being reserved for AzuraCast: -azuracast_port_range_prefix: 12 +azuracast_port_range_prefix: 10 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 #dokuwiki_install: False From f2e771f63a81f29c472cd39eb79131ded902ddac Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:54:26 -0400 Subject: [PATCH 0641/1758] azuracast/defaults/main.yml: Doc tweak --- roles/azuracast/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/defaults/main.yml b/roles/azuracast/defaults/main.yml index 86bc22db7..a3cd24908 100644 --- a/roles/azuracast/defaults/main.yml +++ b/roles/azuracast/defaults/main.yml @@ -9,7 +9,7 @@ ## AzuraCast needs many ports in the 8000:8496 range by default, but IIAB ## services conflict, so this variable below sets a sane prefix. -## e.g. setting the below variable to 12 will result in port range 12000-12499 +## e.g. setting the below variable to 10 will result in port range 10000-10499 ## being reserved for AzuraCast: # azuracast_port_range_prefix: 10 From 43546a8a39bb2c846ae8373eb624fd9be4c60ae6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 14:55:27 -0400 Subject: [PATCH 0642/1758] default_vars.yml: AzuraCast ports doc tweak --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9b4cff1dc..920bb6bc3 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -383,7 +383,7 @@ azuracast_https_port: 12443 # # AzuraCast needs many ports in the 8000:8496 range by default, but IIAB # services conflict, so this variable below sets a sane prefix. -# e.g. setting the below variable to 12 will result in port range 12000-12499 +# e.g. setting the below variable to 10 will result in port range 10000-10499 # being reserved for AzuraCast: azuracast_port_range_prefix: 10 From 1cea2cf995623c9881c123ba9311c56a14536b31 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Sep 2022 15:01:26 -0400 Subject: [PATCH 0643/1758] azuracast/README.rst: Port numbers doc fix --- roles/azuracast/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index f230ae7a9..3e61395e7 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -30,7 +30,7 @@ Using It * That console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! -NOTE: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 12000-12100 `_ (port 12443 may also be required!) +NOTE: When creating a station using AzuraCast's console, its default streaming ports for ``station`` and ``autodj`` need to be in the `port range 10000-10499 `_ (ports 12080 and 12443 may also be required!) AzuraCast Docs -------------- From ca73d07705b37eed9271103ecde94d957eb348e4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Sep 2022 16:09:25 -0400 Subject: [PATCH 0644/1758] Recommend ansible-core 2.13.4 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index a8dfadfae..58513b6b5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] -GOOD_VER=2.13.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 09c26c8544f47081557eb5e565373e40789fe386 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 15 Sep 2022 09:45:20 -0400 Subject: [PATCH 0645/1758] plocate: Faster & smaller than locate & mlocate --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 889f9bd3f..e4abadc49 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -15,7 +15,8 @@ - logrotate # 67kB download: RasPiOS installs this regardless #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles - - mlocate # 92kB download + #- mlocate # 92kB download + - plocate # 97kB download: Faster & smaller than locate & mlocate #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs From 799f47b950ccc5db63575ad2c2cc148473aa1b20 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Sep 2022 21:02:18 -0400 Subject: [PATCH 0646/1758] sshpwd-lxde-iiab.sh.j2: sudo to verify /etc/shadow --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index 23d0816ec..e61f4dfec 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(grep "^$1:" /etc/shadow | cut -d: -f2) + field2=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 8ed159b5c2c181bed53128d32bc1b7dbfeab2f3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Sep 2022 21:08:38 -0400 Subject: [PATCH 0647/1758] sshpwd-profile-iiab.sh.j2: sudo to verify /etc/shadow --- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index 24d87886c..7cea14c41 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -16,7 +16,8 @@ check_user_pwd() { #[ $(id -un) = "root" ] || return 2 #[ $(id -un) = "root" ] || [ $(id -un) = "iiab-admin" ] || return 2 - [ -r /etc/shadow ] || return 2 # FORCE ERROR if /etc/shadow not readable + + #[ -r /etc/shadow ] || return 2 # FORCE ERROR if /etc/shadow not readable # *BUT* overall bash script still returns exit code 0 ("success"). #id -u $1 > /dev/null 2>&1 || return 2 # Not needed if return 1 is good @@ -25,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(grep "^$1:" /etc/shadow | cut -d: -f2) + field2=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From bdbdefa129e0a98eeb0834df0e5f811c3adf10a4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Sep 2022 21:37:57 -0400 Subject: [PATCH 0648/1758] sshpwd-lxde-iiab.sh.j2: 'sudo -n' avoids pwd prompts --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index e61f4dfec..e755bd638 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2) + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 763c6258c7af5daa50baca3c31f82cff1916e5ed Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Sep 2022 21:38:52 -0400 Subject: [PATCH 0649/1758] sshpwd-profile-iiab.sh.j2: 'sudo -n' avoids pwd prompts --- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index 7cea14c41..1dc7d0c2f 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 1aafc818a474230f8e69004683bb2ee0d3131e5f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Sep 2022 00:22:44 -0400 Subject: [PATCH 0650/1758] sshpwd-profile-iiab.sh.j2: Explain 'sudo -s' exception --- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index 1dc7d0c2f..7443f00ce 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # sets field2 to "" if sudo -s fails to read /etc/shadow [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 2b47baa85dadc9aac7562947cda4fe5a2d764be1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Sep 2022 00:25:41 -0400 Subject: [PATCH 0651/1758] sshpwd-lxde-iiab.sh.j2: Explain 'sudo -s' exception --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index e755bd638..f28fe8639 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # sets field2 to "" if sudo -s fails to read /etc/shadow [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 3132f79e16e55d795a10da8b50ee7074fe0d0a8b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Sep 2022 00:30:09 -0400 Subject: [PATCH 0652/1758] Update sshpwd-profile-iiab.sh.j2 --- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index 7443f00ce..aead6273a 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # sets field2 to "" if sudo -s fails to read /etc/shadow + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From e94c65f6ab82fd8e0ef3b88907ae41a15475d223 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Sep 2022 00:30:37 -0400 Subject: [PATCH 0653/1758] Update sshpwd-lxde-iiab.sh.j2 --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index f28fe8639..e41dde542 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # sets field2 to "" if sudo -s fails to read /etc/shadow + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 3ad29ffc5920c8a0bb78f0d459d1b077419a3c06 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 22 Sep 2022 10:44:31 -0400 Subject: [PATCH 0654/1758] add 2 utility scripts --- iiab-setup | 19 +++++++++++++++++++ iiab-upgrade | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 iiab-setup create mode 100644 iiab-upgrade diff --git a/iiab-setup b/iiab-setup new file mode 100644 index 000000000..38541e820 --- /dev/null +++ b/iiab-setup @@ -0,0 +1,19 @@ +#!/bin/bash -e +# Running from a git repo +# Assumes iiab repos are downloaded + +apt -y update +apt -y full-upgrade + +apt -y install git curl nano gawk wget pastebinit + +cd /opt/iiab/iiab +scripts/ansible + +mkdir -p /etc/iiab/install-flags + +if [ ! -f /etc/iiab/local_vars.yml ]; then + cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml +fi + +reboot diff --git a/iiab-upgrade b/iiab-upgrade new file mode 100644 index 000000000..d2a743c74 --- /dev/null +++ b/iiab-upgrade @@ -0,0 +1,46 @@ +#!/bin/bash -e +# Running from a git repo + +if [ ! -f /etc/iiab/local_vars.yml ]; then + echo -e "\nEXITING: IIAB is not already installed so can't upgrade\n" >&2 + exit 1 +fi + +echo -e "\nWARNING: Upgrades are not guaranteed to be compatible with previous installs\n" >&2 +echo -e "\Please make sure you know what you are doing.\n" >&2 +echo -e "\Press CTL-C to STOP or to continue.\n" >&2 +read ans < /dev/tty + +# check that latest version supports current OS +# N.B. install via adm cons assumes is on supported OS + +cd /opt/iiab +rm -rf iiab-latest +git clone https://github.com/iiab/iiab --depth 1 iiab-latest +cd iiab-latest +scripts/local_facts.fact; rc=$? + +if [ $rc -eq 0 ]; then # OS is supported + cd /opt/iiab + if [ ! -d iiab-installed ]; then + mv iiab iiab-installed + else + rm -rf iiab # in case run more than once + fi + + mv iiab-latest iiab + cd iiab + cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact + echo -e "\nIIAB has been Upgraded\n" +else + echo -e "\nYour OS is not supported by the latest IIAB\n" + echo -e "Unable to Upgrade IIAB\n" +fi + +echo -e "\Press CTL-C to STOP or to upgrade Admin Console.\n" >&2 +read ans < /dev/tty + +cd /opt/iiab/iiab-admin-console +git pull +./install +echo -e "IIAB Admin Console has been Upgraded\n\n" From cbe5583142ab03b0e29b73020cbafe9846b6b7a5 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 22 Sep 2022 10:45:38 -0400 Subject: [PATCH 0655/1758] make executable --- iiab-setup | 0 iiab-upgrade | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 iiab-setup mode change 100644 => 100755 iiab-upgrade diff --git a/iiab-setup b/iiab-setup old mode 100644 new mode 100755 diff --git a/iiab-upgrade b/iiab-upgrade old mode 100644 new mode 100755 From b3bad6ea21e6ff271f926ab735454c1d32a22153 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 11:41:31 -0400 Subject: [PATCH 0656/1758] iiab-expand-rootfs: reboot right after 'raspi-config --expand-rootfs' --- roles/1-prep/templates/iiab-expand-rootfs | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 620990893..d727d5623 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -15,6 +15,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config raspi-config --expand-rootfs # REQUIRES A REBOOT + reboot # In future, we might warn interactive users? else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325) # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 From e125fc1e39eda5ffde7f4d07117012484434c618 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 11:47:19 -0400 Subject: [PATCH 0657/1758] iiab-expand-rootfs: 'rm -f /.expand-rootfs /.resize-rootfs' prior to reboot --- roles/1-prep/templates/iiab-expand-rootfs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index d727d5623..9b5b01c9d 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -15,6 +15,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config raspi-config --expand-rootfs # REQUIRES A REBOOT + rm -f /.expand-rootfs /.resize-rootfs reboot # In future, we might warn interactive users? else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325) # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() @@ -54,7 +55,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # # Resize partition # growpart /dev/$root_dev $root_part_no # resize2fs /dev/$root_part + + rm -f /.expand-rootfs /.resize-rootfs fi - - rm -f /.expand-rootfs /.resize-rootfs fi From 939fc0d11cc67780a77c8a80c838aaef7a2f0353 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 11:56:28 -0400 Subject: [PATCH 0658/1758] iiab-expand-rootfs: IGNORE growpart errors for now (good enough!?) --- roles/1-prep/templates/iiab-expand-rootfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 9b5b01c9d..db77f59ec 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -32,7 +32,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then fi # Expand partition - growpart $ROOT_DEV $ROOT_PART_NUM # raspi-config instead uses fdisk + growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? resize2fs $ROOT_PART # 2022-03-15: Legacy code below worked with Raspberry Pi microSD cards From dfdc5eb78c441a511362208cbb3cdcdbbffe9327 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 12:05:20 -0400 Subject: [PATCH 0659/1758] iiab-expand-rootfs: Comment clarif RE: auto-reboot --- roles/1-prep/templates/iiab-expand-rootfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index db77f59ec..90cdb9318 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -16,7 +16,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config raspi-config --expand-rootfs # REQUIRES A REBOOT rm -f /.expand-rootfs /.resize-rootfs - reboot # In future, we might warn interactive users? + reboot # In future, we might warn interactive users that a reboot is coming? else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325) # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 From cf0c21bf1786831de69439e3ba5c5af620e912e2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 13:02:37 -0400 Subject: [PATCH 0660/1758] iiab-install: mkdir -p /etc/iiab/install-flags --- iiab-install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/iiab-install b/iiab-install index b678e7df6..e224c0410 100755 --- a/iiab-install +++ b/iiab-install @@ -81,6 +81,8 @@ fi echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" +mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 (PR #3318 netwarn pop-ups, asking you to run iiab-network) + echo -e "local_facts.fact DIAGNOSTICS... (A FEW LINES OF ERRORS/WARNINGS BELOW ARE OK!)\n" scripts/local_facts.fact # Exit & advise, if OS not supported. From 1000ed9a7b6a664c0c07b00867d079578bb71d19 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Sep 2022 13:05:57 -0400 Subject: [PATCH 0661/1758] iiab-install: Clarify need for /etc/iiab/install-flags --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index e224c0410..03a638549 100755 --- a/iiab-install +++ b/iiab-install @@ -81,7 +81,7 @@ fi echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" -mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 (PR #3318 netwarn pop-ups, asking you to run iiab-network) +mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 (for PR #3318 netwarn pop-ups, asking you to run iiab-network) echo -e "local_facts.fact DIAGNOSTICS... (A FEW LINES OF ERRORS/WARNINGS BELOW ARE OK!)\n" From f5aee8c992c027d5359f72560af61c2f3094528a Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 22 Sep 2022 17:24:48 -0400 Subject: [PATCH 0662/1758] rectification of names --- iiab-upgrade => adm-upgrade | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename iiab-upgrade => adm-upgrade (100%) diff --git a/iiab-upgrade b/adm-upgrade similarity index 100% rename from iiab-upgrade rename to adm-upgrade From f2ace322cc6370fc34008ed3c6f74962ecfa33bf Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 22 Sep 2022 17:30:04 -0500 Subject: [PATCH 0663/1758] Better discription of current configuration when networking is disabled --- roles/network/templates/hostapd/iiab-hotspot-off | 5 +++++ roles/network/templates/hostapd/iiab-hotspot-on | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 78d86cdd1..eb5951c6b 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -1,4 +1,8 @@ #!/bin/bash +{% if not network_enabled %} +echo -e "Networking role disabled\n" +echo -e "For details, see: https://github.com/iiab/iiab/pull/3302\n" +{% else %} sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} systemctl disable hostapd systemctl stop hostapd @@ -36,3 +40,4 @@ exit 0 {% endif %} #wifi_up_down {% endif %} +{% endif %} diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 41b5357a7..04d551774 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -1,4 +1,8 @@ #!/bin/bash +{% if not network_enabled %} +echo -e "Networking role disabled\n" +echo -e "For details, see: https://github.com/iiab/iiab/pull/3302\n" +{% else %} {% if not can_be_ap %} echo -e "\nUH-OH: Your Wi-Fi firmware doesn't support AP mode, according to 'iw list'\n" echo -e "If you add Wi-Fi hardware, run 'cd /opt/iiab/iiab' then 'sudo ./iiab-network'\n" @@ -45,3 +49,4 @@ exit 0 #wifi_up_down {% endif %} {% endif %} +{% endif %} From c9bfa40209d23f36a1f633403549ce69a29b7897 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 22 Sep 2022 21:21:55 -0500 Subject: [PATCH 0664/1758] The rebase dance is BS c9e0af4286e27487e3d1a13e7cb71d908bd35a6e Pushing related work #3353 before other's open PRs #2946 tend to break open PRs when forced to needlessly rebase --- prod.env.j2 => roles/azuracast/templates/prod.env.j2 | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename prod.env.j2 => roles/azuracast/templates/prod.env.j2 (100%) diff --git a/prod.env.j2 b/roles/azuracast/templates/prod.env.j2 similarity index 100% rename from prod.env.j2 rename to roles/azuracast/templates/prod.env.j2 From 8d38ed748f20c53b396cdab949573df7f86fd12c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 22 Sep 2022 22:07:03 -0500 Subject: [PATCH 0665/1758] Clean up nginx template - doesn't quite work yet anyway --- roles/azuracast/templates/azuracast-nginx.conf.j2 | 9 --------- 1 file changed, 9 deletions(-) diff --git a/roles/azuracast/templates/azuracast-nginx.conf.j2 b/roles/azuracast/templates/azuracast-nginx.conf.j2 index 985f10602..e79bc4bed 100644 --- a/roles/azuracast/templates/azuracast-nginx.conf.j2 +++ b/roles/azuracast/templates/azuracast-nginx.conf.j2 @@ -13,12 +13,3 @@ location /radio/ { proxy_set_header X-Script-Name /radio; proxy_pass http://127.0.0.1:{{ azuracast_http_port }}; } - -# http://box/livres -location {{ calibreweb_url3 }}/ { - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url3 }}; - proxy_pass http://127.0.0.1:8083; -} From b4f5e12f19df37ef33cae106f5da86a4725dae70 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 22 Sep 2022 22:11:52 -0500 Subject: [PATCH 0666/1758] Note --- roles/azuracast/templates/azuracast-nginx.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/azuracast/templates/azuracast-nginx.conf.j2 b/roles/azuracast/templates/azuracast-nginx.conf.j2 index e79bc4bed..33ae25476 100644 --- a/roles/azuracast/templates/azuracast-nginx.conf.j2 +++ b/roles/azuracast/templates/azuracast-nginx.conf.j2 @@ -1,3 +1,4 @@ +# work in progress might never be ready as the web interface has setting that would need to match location /azuracast/ proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 10c1bfaad9810b51c5348dfa154a1ccc72572a91 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Fri, 23 Sep 2022 08:38:03 -0400 Subject: [PATCH 0667/1758] moving elsewhere --- adm-upgrade | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) delete mode 100755 adm-upgrade diff --git a/adm-upgrade b/adm-upgrade deleted file mode 100755 index d2a743c74..000000000 --- a/adm-upgrade +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -e -# Running from a git repo - -if [ ! -f /etc/iiab/local_vars.yml ]; then - echo -e "\nEXITING: IIAB is not already installed so can't upgrade\n" >&2 - exit 1 -fi - -echo -e "\nWARNING: Upgrades are not guaranteed to be compatible with previous installs\n" >&2 -echo -e "\Please make sure you know what you are doing.\n" >&2 -echo -e "\Press CTL-C to STOP or to continue.\n" >&2 -read ans < /dev/tty - -# check that latest version supports current OS -# N.B. install via adm cons assumes is on supported OS - -cd /opt/iiab -rm -rf iiab-latest -git clone https://github.com/iiab/iiab --depth 1 iiab-latest -cd iiab-latest -scripts/local_facts.fact; rc=$? - -if [ $rc -eq 0 ]; then # OS is supported - cd /opt/iiab - if [ ! -d iiab-installed ]; then - mv iiab iiab-installed - else - rm -rf iiab # in case run more than once - fi - - mv iiab-latest iiab - cd iiab - cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact - echo -e "\nIIAB has been Upgraded\n" -else - echo -e "\nYour OS is not supported by the latest IIAB\n" - echo -e "Unable to Upgrade IIAB\n" -fi - -echo -e "\Press CTL-C to STOP or to upgrade Admin Console.\n" >&2 -read ans < /dev/tty - -cd /opt/iiab/iiab-admin-console -git pull -./install -echo -e "IIAB Admin Console has been Upgraded\n\n" From c76bd2745d156b9052340a0d674022fb94f167ad Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 24 Sep 2022 08:16:38 -0400 Subject: [PATCH 0668/1758] iiab-expand-rootfs: Make growpart & resize2fs RC visible to bash -x --- roles/1-prep/templates/iiab-expand-rootfs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 90cdb9318..a1fd06772 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -33,7 +33,9 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # Expand partition growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? + rc=$? # Make Return Code visible, for 'bash -x' resize2fs $ROOT_PART + rc=$? # Make RC visible (as above) # 2022-03-15: Legacy code below worked with Raspberry Pi microSD cards # but *not* with USB boot drives, internal spinning disks/SSD's, etc. From c75ab4777c069d3f5747f51ef77d252625d1c9ef Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Sep 2022 19:44:38 -0400 Subject: [PATCH 0669/1758] hostapd.legacy.j2: hostapd tries to start too early on Zero W --- roles/network/templates/hostapd/hostapd.legacy.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/hostapd/hostapd.legacy.j2 b/roles/network/templates/hostapd/hostapd.legacy.j2 index 4094b812a..d6f0acf4f 100644 --- a/roles/network/templates/hostapd/hostapd.legacy.j2 +++ b/roles/network/templates/hostapd/hostapd.legacy.j2 @@ -1,5 +1,9 @@ [Unit] Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +# https://unix.stackexchange.com/questions/257888/systemd-wait-for-network-interface-to-be-up-before-running-service/417839#417839 +# 2022-08-22: #3352 Raspberry Pi Zero W requires 2 lines below... +BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device Before=network.target Wants=network-pre.target From 09f6b292ef472ab78ce48fbe5bf59bb078a56e9d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Sep 2022 19:46:59 -0400 Subject: [PATCH 0670/1758] iiab-clone-wifi.service.j2: hostapd tries to start too early on Zero W --- roles/network/templates/hostapd/iiab-clone-wifi.service.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 b/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 index 87ae2fa09..92ee86c09 100644 --- a/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 +++ b/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 @@ -1,6 +1,10 @@ [Unit] Description=IIAB ap0 clone wifi device Wants=network-pre.target +# https://unix.stackexchange.com/questions/257888/systemd-wait-for-network-interface-to-be-up-before-running-service/417839#417839 +# 2022-08-22: #3352 Raspberry Pi Zero W requires 2 lines below... +BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device After=network-pre.target Before=dhcpcd.service Before=wpa_supplicant.service From 3aae53e6935df2829afa687b2b2a7a24e74bed93 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Sep 2022 12:33:52 -0400 Subject: [PATCH 0671/1758] mongodb/tasks/install.yml: buster -> bullseye on Debian x86_64 --- roles/mongodb/tasks/install.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index ea749db4b..414ddd080 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -83,17 +83,20 @@ args: warn: false - - name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} + - name: Install mongodb-org's Debian bullseye source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: - repo: deb https://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main + # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as + # this was recently added to https://repo.mongodb.org/apt/debian/dists/ + repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" + # 2022-09-27: Soon to change from 'focal' to 'jammy' - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse From 9f0c5f1e5db19e1212d0ab0136cb5e2e2174bfb3 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Sep 2022 16:49:34 -0400 Subject: [PATCH 0672/1758] Force-install libssl1.1 if MongoDB needed on Ubuntu >= 22.04 --- iiab-install | 9 ++++----- iiab-setup | 3 ++- roles/0-init/tasks/main.yml | 5 ++++- roles/7-edu-apps/tasks/main.yml | 2 +- roles/mongodb/defaults/main.yml | 4 ++-- roles/mongodb/tasks/install.yml | 33 ++++++++++++++++++++++++++++----- roles/mongodb/tasks/main.yml | 2 +- 7 files changed, 42 insertions(+), 16 deletions(-) diff --git a/iiab-install b/iiab-install index 03a638549..156fb71bb 100755 --- a/iiab-install +++ b/iiab-install @@ -81,15 +81,14 @@ fi echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" -mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 (for PR #3318 netwarn pop-ups, asking you to run iiab-network) +mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 +echo -e "/etc/iiab/install-flags directory created/verified." +echo -e "(e.g. for PR #3318 netwarn pop-ups, asking you to run iiab-network)\n" echo -e "local_facts.fact DIAGNOSTICS... (A FEW LINES OF ERRORS/WARNINGS BELOW ARE OK!)\n" - scripts/local_facts.fact # Exit & advise, if OS not supported. -if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then - mkdir -p /etc/ansible/facts.d -fi +mkdir -p /etc/ansible/facts.d cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact echo -e "\nPlaced /etc/ansible/facts.d/local_facts.fact into position." diff --git a/iiab-setup b/iiab-setup index 38541e820..359967bc2 100755 --- a/iiab-setup +++ b/iiab-setup @@ -10,7 +10,8 @@ apt -y install git curl nano gawk wget pastebinit cd /opt/iiab/iiab scripts/ansible -mkdir -p /etc/iiab/install-flags +# 2022-09-27: iiab-install now handles this +#mkdir -p /etc/iiab/install-flags if [ ! -f /etc/iiab/local_vars.yml ]; then cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index c8429a4ea..50047da46 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -9,9 +9,10 @@ # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml - name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 11 vars -- here we extract 3 of those -- rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, iiab_stage: {{ ansible_local.local_facts.stage }}" set_fact: + iiab_stage: "{{ ansible_local.local_facts.stage }}" rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" - iiab_stage: "{{ ansible_local.local_facts.stage }}" + os_ver: "{{ ansible_local.local_facts.os_ver }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. @@ -92,6 +93,8 @@ value: "{{ rpi_model }}" - option: devicetree_model value: "{{ devicetree_model }}" + - option: os_ver + value: "{{ os_ver }}" - option: first_run value: "{{ first_run }}" - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index b7dd56855..3e991bed7 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: sugarizer_install - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index f42149f8e..e1acd8fb0 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,8 +20,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail on -# "pre-2011" CPU's lacking AVX. VERIFY both X.Y versions exist (+ work!) below: +mongodb_64bit_version: 4.4 # 5.0 and 6.0 also work as of 2022-09-27, but fail +# on "pre-2011" CPU's w/o AVX. VERIFY both X.Y versions exist (+ work!) below: # # 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com # 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 414ddd080..e56229b18 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -92,7 +92,6 @@ # this was recently added to https://repo.mongodb.org/apt/debian/dists/ repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main - state: present filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" @@ -100,22 +99,47 @@ - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse - state: present filename: mongodb-org when: not (is_debian and ansible_architecture == "x86_64") + # 2022-09-27: Workaround to install MongoDB on Ubuntu 22.04+, which include + # libssl3 instead of libssl1.1 -- https://github.com/iiab/iiab/issues/3190 + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931 + # https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 + # echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list + # sudo apt-get update + # sudo apt-get install libssl1.1 + # rm /etc/apt/sources.list.d/focal-security.list + + - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + apt_repository: + repo: deb http://security.ubuntu.com/ubuntu focal-security main + #filename: focal-security # If filename focal-security.list is preferred + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + + - name: Install libssl1.1 if Ubuntu 22.04+ (required by MongoDB below) + package: + name: libssl1.1 + state: present + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + + - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + apt_repository: + repo: deb http://security.ubuntu.com/ubuntu focal-security main + state: absent + #filename: focal-security # 100% IGNORED during repo deletion + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 # apt_repository: # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # state: present # filename: mongodb-org # when: is_raspbian and ansible_architecture == "aarch64" # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only # apt_repository: # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # state: present # filename: mongodb-org # when: is_linuxmint @@ -126,7 +150,6 @@ # # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse # #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse - # state: present # filename: mongodb-org # when: is_ubuntu and not is_linuxmint diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 3365e818a..748493c68 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -29,7 +29,7 @@ - debug: var: rpi_model # 0-init sets it from ansible_local.local_facts.rpi_model - debug: - var: ansible_local.local_facts.os_ver # Like OS_VER in /etc/iiab/iiab.env + var: os_ver # Equivalent to ansible_local.local_facts.os_ver and OS_VER in /etc/iiab/iiab.env - debug: var: is_debian - debug: From d4a7bddfe9c45e29668eedbc5387b8f5f3381ff1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Sep 2022 17:10:47 -0400 Subject: [PATCH 0673/1758] iiab-install: Cleaner (reordered) on-screen output --- iiab-install | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/iiab-install b/iiab-install index 156fb71bb..5ae96be74 100755 --- a/iiab-install +++ b/iiab-install @@ -81,16 +81,16 @@ fi echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" -mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 -echo -e "/etc/iiab/install-flags directory created/verified." -echo -e "(e.g. for PR #3318 netwarn pop-ups, asking you to run iiab-network)\n" - echo -e "local_facts.fact DIAGNOSTICS... (A FEW LINES OF ERRORS/WARNINGS BELOW ARE OK!)\n" scripts/local_facts.fact # Exit & advise, if OS not supported. mkdir -p /etc/ansible/facts.d cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact -echo -e "\nPlaced /etc/ansible/facts.d/local_facts.fact into position." +echo -e "\nPlaced /etc/ansible/facts.d/local_facts.fact into position.\n" + +mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 +echo -e "/etc/iiab/install-flags directory created/verified." +echo -e "(e.g. for PR #3318 netwarn pop-ups, asking you to run iiab-network)\n" if [ ! -f $PLAYBOOK ]; then echo "EXITING: IIAB Playbook ""$PLAYBOOK"" not found." From b6e515e858985d1675e1b025234ec7e58b305989 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Sep 2022 22:04:24 -0400 Subject: [PATCH 0674/1758] Encourage pre-release testing of Moodle 4.1 LTS if PHP >= 8.1 --- roles/7-edu-apps/tasks/main.yml | 2 +- roles/moodle/defaults/main.yml | 7 ++++++- roles/moodle/tasks/install.yml | 15 +++++++++++---- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 3e991bed7..8f223b1fd 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: moodle_install - name: OSM-VECTOR-MAPS include_role: diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index d04d05006..d455ddd7e 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -7,7 +7,12 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -moodle_version: 400 + +# 2022-09-27: Currently testing Moodle's master branch is mandatory if your +# OS PHP >= 8.1 -- see moodle/tasks/install.yml for detail! +# (Any moodle_version setting below applies IF-AND-ONLY-IF your OS PHP < 8.1) +#moodle_version: master # Try Moodle's "weekly" 4.1dev pre-release, even if OS PHP < 8.1 +moodle_version: MOODLE_400_STABLE # Use Moodle 4.0 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a58598793..d42cb05e3 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -43,14 +43,21 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~370 MB initially, ~390 MB later) +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} >= 8.1" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "MOODLE_{{ moodle_version }}_STABLE" - #version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/ - #ignore_errors: yes + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022) + when: php_version is version('8.1', '>=') + +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} < 8.1 + git: + repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle + dest: "{{ moodle_base }}" # /opt/iiab/moodle + depth: 1 + version: "{{ moodle_version }}" # e.g. master or MOODLE_400_STABLE + when: php_version is version('8.1', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 2d6fc6fe85b4f30b7eede7c5d7e21de455273a00 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Sep 2022 17:17:03 -0400 Subject: [PATCH 0675/1758] mediawiki/defaults/main.yml: Version 1.38.3 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index ca21a0ad4..c9554413d 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 2 +mediawiki_minor_version: 3 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 86ae2bb9a1ae1b919eea4b700395b363ce2cabdd Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Sep 2022 19:40:25 -0400 Subject: [PATCH 0676/1758] Skip 'docker.sh setup-release' --- roles/azuracast/tasks/install.yml | 18 ++++++++---------- ....conf.j2 => azuracast-nginx.conf.j2.unused} | 0 2 files changed, 8 insertions(+), 10 deletions(-) rename roles/azuracast/templates/{azuracast-nginx.conf.j2 => azuracast-nginx.conf.j2.unused} (100%) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 5f4e43ff6..df4e9903a 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -7,16 +7,12 @@ template: src: prod.env.j2 dest: "{{ azuracast_host_dir }}/.env" - #owner: root - #group: root mode: 0644 #- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template # template: # src: docker-compose.override.yml.j2 # dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" - #owner: root - #group: root # mode: 0644 - name: AzuraCast - Download {{ docker_sh_url }} to {{ azuracast_host_dir }} @@ -50,8 +46,6 @@ template: src: azuracast.env dest: "{{ azuracast_host_dir }}/" - #owner: root - #group: root mode: 0644 - name: AzuraCast - Make directory {{ docker_container_dir }} @@ -65,10 +59,14 @@ path: /var/lib/docker state: link -- name: AzuraCast - Setup for stable channel install - shell: "yes 'Y' | /bin/bash docker.sh setup-release" - args: - chdir: "{{ azuracast_host_dir }}" +# 2022-09-28: "yes 'Y'" toggled whatever it found in /opt/azuracast/.env (e.g. +# AZURACAST_VERSION=stable from templates/prod.env.j2) to the opposite (e.g. +# AZURACAST_VERSION=latest). Let's not modify /opt/azuracast/.env unless nec! +# +# - name: AzuraCast - Setup for stable channel install +# shell: "yes 'Y' | /bin/bash docker.sh setup-release" +# args: +# chdir: "{{ azuracast_host_dir }}" - name: AzuraCast - Run the installer shell: "yes '' | /bin/bash docker.sh install" diff --git a/roles/azuracast/templates/azuracast-nginx.conf.j2 b/roles/azuracast/templates/azuracast-nginx.conf.j2.unused similarity index 100% rename from roles/azuracast/templates/azuracast-nginx.conf.j2 rename to roles/azuracast/templates/azuracast-nginx.conf.j2.unused From 17fb922f8d6ccfeed97db893bd81b2c00dd12c20 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Sep 2022 21:03:44 -0400 Subject: [PATCH 0677/1758] azuracast/README.rst: Link to more of their docs --- roles/azuracast/README.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 3e61395e7..3514bb56f 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -37,5 +37,9 @@ AzuraCast Docs - https://docs.azuracast.com - https://docs.azuracast.com/en/getting-started/installation/post-installation-steps -- https://docs.azuracast.com/en/getting-started/updates +- https://docs.azuracast.com/en/getting-started/settings +- https://docs.azuracast.com/en/getting-started/updates (can *DAMAGE* AzuraCast as of 2022-09-28) - https://docs.azuracast.com/en/user-guide/streaming-software +- https://docs.azuracast.com/en/user-guide/troubleshooting +- https://docs.azuracast.com/en/user-guide/logs +- https://docs.azuracast.com/en/administration/docker From c3efbb7defb76a9ac680a54831d79b839036e496 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Sep 2022 22:01:25 -0400 Subject: [PATCH 0678/1758] Rename azuracast.env.j2; Try w/o docker-compose.yml --- roles/azuracast/tasks/install.yml | 23 +++++++++++-------- .../{azuracast.env => azuracast.env.j2} | 0 2 files changed, 13 insertions(+), 10 deletions(-) rename roles/azuracast/templates/{azuracast.env => azuracast.env.j2} (100%) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index df4e9903a..89e611376 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -7,7 +7,7 @@ template: src: prod.env.j2 dest: "{{ azuracast_host_dir }}/.env" - mode: 0644 + #mode: 0644 #- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template # template: @@ -22,12 +22,15 @@ mode: 0755 timeout: "{{ download_timeout }}" -- name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }} - get_url: - url: "{{ docker_compose_url }}" - dest: "{{ azuracast_host_dir }}/docker-compose.yml" - mode: 0755 - timeout: "{{ download_timeout }}" +# 2022-09-28: https://docs.azuracast.com/en/getting-started/installation/docker +# suggests this step might not be necessary. +# +# - name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }} +# get_url: +# url: "{{ docker_compose_url }}" +# dest: "{{ azuracast_host_dir }}/docker-compose.yml" +# mode: 0755 +# timeout: "{{ download_timeout }}" #- name: AzuraCast - Make changes to docker.sh script so it runs headless # lineinfile: @@ -44,9 +47,9 @@ - name: AzuraCast - Install {{ azuracast_host_dir }}/azuracast.env for altered ports template: - src: azuracast.env - dest: "{{ azuracast_host_dir }}/" - mode: 0644 + src: azuracast.env.j2 + dest: "{{ azuracast_host_dir }}/azuracast.env" + #mode: 0644 - name: AzuraCast - Make directory {{ docker_container_dir }} file: diff --git a/roles/azuracast/templates/azuracast.env b/roles/azuracast/templates/azuracast.env.j2 similarity index 100% rename from roles/azuracast/templates/azuracast.env rename to roles/azuracast/templates/azuracast.env.j2 From b852f015ab2d7c4077f8c14e4b56d08f72cf5db0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Sep 2022 22:17:33 -0400 Subject: [PATCH 0679/1758] 2-common/tasks/packages.yml: Update comment --- roles/2-common/tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index e4abadc49..6919a7084 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 16 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, mlocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 16 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, plocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events From e595328fc1547e4f481e274ffa7b4b94582a46ac Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Sep 2022 22:33:05 -0400 Subject: [PATCH 0680/1758] Simplified azuracast/tasks/install.yml --- roles/azuracast/tasks/install.yml | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 89e611376..1de892984 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -7,13 +7,11 @@ template: src: prod.env.j2 dest: "{{ azuracast_host_dir }}/.env" - #mode: 0644 -#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template -# template: -# src: docker-compose.override.yml.j2 -# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" -# mode: 0644 +- name: AzuraCast - Install {{ azuracast_host_dir }}/azuracast.env for altered ports + template: + src: azuracast.env.j2 + dest: "{{ azuracast_host_dir }}/azuracast.env" - name: AzuraCast - Download {{ docker_sh_url }} to {{ azuracast_host_dir }} get_url: @@ -22,14 +20,18 @@ mode: 0755 timeout: "{{ download_timeout }}" +#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template +# template: +# src: docker-compose.override.yml.j2 +# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" + # 2022-09-28: https://docs.azuracast.com/en/getting-started/installation/docker -# suggests this step might not be necessary. +# (& testing) confirm this is done automatically by 'docker.sh install' below. # # - name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }} # get_url: # url: "{{ docker_compose_url }}" # dest: "{{ azuracast_host_dir }}/docker-compose.yml" -# mode: 0755 # timeout: "{{ download_timeout }}" #- name: AzuraCast - Make changes to docker.sh script so it runs headless @@ -45,12 +47,6 @@ # regexp: "^( *- \\')8([0-9]{3})\\:8([0-9]{3}\\'.*)$" # replace: "\\g<1>{{ azuracast_port_range_prefix }}\\g<2>:{{ azuracast_port_range_prefix }}\\g<3>" -- name: AzuraCast - Install {{ azuracast_host_dir }}/azuracast.env for altered ports - template: - src: azuracast.env.j2 - dest: "{{ azuracast_host_dir }}/azuracast.env" - #mode: 0644 - - name: AzuraCast - Make directory {{ docker_container_dir }} file: path: "{{ docker_container_dir }}" From c43d408711e22d0117994a909d87433d2b9a9864 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Sep 2022 00:31:17 -0400 Subject: [PATCH 0681/1758] azuracast/tasks/install.yml comment sequencing --- roles/azuracast/tasks/install.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 1de892984..21bcefa8b 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -20,10 +20,12 @@ mode: 0755 timeout: "{{ download_timeout }}" -#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template -# template: -# src: docker-compose.override.yml.j2 -# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" +#- name: AzuraCast - Make changes to docker.sh script so it runs headless +# lineinfile: +# path: "{{ azuracast_host_dir }}/docker.sh" +# regexp: "^(.*)read reply.*" +# line: "\\1reply='Y'" +# backrefs: yes # 2022-09-28: https://docs.azuracast.com/en/getting-started/installation/docker # (& testing) confirm this is done automatically by 'docker.sh install' below. @@ -34,12 +36,10 @@ # dest: "{{ azuracast_host_dir }}/docker-compose.yml" # timeout: "{{ download_timeout }}" -#- name: AzuraCast - Make changes to docker.sh script so it runs headless -# lineinfile: -# path: "{{ azuracast_host_dir }}/docker.sh" -# regexp: "^(.*)read reply.*" -# line: "\\1reply='Y'" -# backrefs: yes +#- name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template +# template: +# src: docker-compose.override.yml.j2 +# dest: "{{ azuracast_host_dir }}/docker-compose.override.yml" #- name: Change default port number range 8xxx:8xxx to {{ azuracast_port_range_prefix }}xxx:{{ azuracast_port_range_prefix }}xxx icecast-stations in docker-compose.yml # replace: From f21a58e5900d17f767e427bc7c1b85cca0d5315c Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Sep 2022 01:55:46 -0400 Subject: [PATCH 0682/1758] Explain './runrole --reinstall azuracast' workaround --- roles/azuracast/tasks/install.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 21bcefa8b..8ce9474d2 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -1,3 +1,30 @@ +# 2022-09-29: './runrole --reinstall azuracast' is NOT supported! +# +# 1. But if you must, first completely uninstall Docker + WIPE AzuraCast data: +# +# apt purge docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-scan-plugin +# rm -rf /library/docker /var/lib/docker /var/lib/containerd +# +# Per https://docs.docker.com/engine/install/ubuntu/#uninstall-docker-engine +# +# 2. REBOOT to avoid later problems with 'systemctl status docker' -- if you +# don't reboot, Ansible will fail below when 'docker.sh install' fails to +# start docker.service -- likewise if you run './docker.sh install-docker' +# manually in /opt/azuracast. Either way, 'systemctl restart docker' won't +# work for ~2 minutes. (Rebooting avoids all these hassles!) +# +# 3. Just FYI the Docker install process will rebuild its 11 core directories +# in /var/lib/docker -> /library/docker: (as 'docker.sh install' begins) +# +# buildkit containers image network overlay2 plugins runtimes swarm tmp trust volumes +# +# 4. Just FYI both MySQL passwords (MYSQL_PASSWORD & MYSQL_ROOT_PASSWORD) will +# be WIPED from /opt/azuracast/azuracast.env (and new passwords +# auto-generated below, for use inside AzuraCast's Docker container). +# +# 5. Run './runrole --reinstall azuracast' in /opt/iiab/iiab + + - name: AzuraCast - Make config directory {{ azuracast_host_dir }} file: path: "{{ azuracast_host_dir }}" From f2b945a0a9f12c00dc117b308326cc455a7c5898 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Sep 2022 03:17:58 -0400 Subject: [PATCH 0683/1758] azuracast/README.rst: Link to reinstall tech tips (in install.yml) --- roles/azuracast/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 3514bb56f..24d1277da 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -22,6 +22,8 @@ As of 2022-08-31, AzuraCast should run on Ubuntu 22.04 and **64-bit** Raspberry Other Linux distributions may also work, at your own risk, especially if Docker runs smoothly. +NOTE: AzuraCast was designed to be installed *just once* on a fresh OS. So ``./runrole --reinstall azuracast`` is not supported in general. However, if you accidentally damage your AzuraCast software, IIAB has posted `technical tips <./tasks/install.yml>`_ *(use at your own risk!)* in case of emergency. + Using It -------- From f06786e705ef37431f0481d4d0af7a707c73bde3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Sep 2022 17:51:04 -0400 Subject: [PATCH 0684/1758] mediawiki/defaults/main.yml: Version 1.38.4 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index c9554413d..3ab859963 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 3 +mediawiki_minor_version: 4 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From ebb1ac6cc1bc88b0886c6851986205a016ee081a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Oct 2022 21:05:16 -0400 Subject: [PATCH 0685/1758] 0-init: Skip validate_vars.yml on Zero W & Zero 2 W --- roles/0-init/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 50047da46..7425850bd 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -51,6 +51,7 @@ - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml + when: not (rpi_model | regex_search('\bW\b')) - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml From 87ea4720038940bc23e24deeead7f0fb55797b0e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 3 Oct 2022 00:57:12 -0500 Subject: [PATCH 0686/1758] add discovered_wireless_iface to lan_list_result and num_lan_interfaces_result --- roles/network/defaults/main.yml | 2 +- roles/network/tasks/detected_network.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index fd1fa4dcc..82de51aff 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -55,7 +55,7 @@ strict_networking: False iiab_demo_mode: False gui_static_wan: False wan_cidr: "" -virtual_network_devices: "-e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" +virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" # Set defaults for discovery process as strings wifi1: "not found-1" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index e04ae0e20..c4414b5ef 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -166,7 +166,7 @@ when: reserved_device is defined - name: Count LAN ifaces - shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_devices }} | wc -l + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e {{ discovered_wireless_iface }} -e {{ device_gw }} -e {{ exclude_devices }} | wc -l register: num_lan_interfaces_result - name: Calculate number of LAN interfaces including WiFi @@ -175,7 +175,7 @@ # LAN - pick non WAN's - name: Create list of LAN (non WAN) ifaces - shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_devices }} + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e {{ discovered_wireless_iface }} -e {{ device_gw }} -e {{ exclude_devices }} when: num_lan_interfaces != "0" register: lan_list_result From 9f4b99e50d7c18f2c665290fe9743ff9c5754f7b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 3 Oct 2022 01:01:51 -0500 Subject: [PATCH 0687/1758] use item|trim in template --- roles/network/templates/network/systemd-br0-slave.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/network/systemd-br0-slave.j2 b/roles/network/templates/network/systemd-br0-slave.j2 index 15fb5b16e..9c8555286 100644 --- a/roles/network/templates/network/systemd-br0-slave.j2 +++ b/roles/network/templates/network/systemd-br0-slave.j2 @@ -1,6 +1,6 @@ -# /etc/systemd/network/IIAB-Slave-{{ iiab_wired_lan_iface }}.network +# /etc/systemd/network/IIAB-Slave-{{ item|trim }}.network [Match] -Name={{ iiab_wired_lan_iface }} +Name={{ item|trim }} [Link] RequiredForOnline=no From 6b69696f7246b0acba21eae5e836e810e9bc7fbc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 3 Oct 2022 01:03:13 -0500 Subject: [PATCH 0688/1758] use can_be_ap --- roles/network/tasks/rpi_debian.yml | 2 +- roles/network/tasks/sysd-netd-debian.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 4d672ad0b..7020ce7df 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -65,7 +65,7 @@ systemd: name: iiab-clone-wifi state: started - when: wifi_up_down and discovered_wireless_iface != "none" + when: wifi_up_down and can_be_ap - name: Restart the networking service if appropriate systemd: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 35aa0b6b0..0a584f89b 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -55,7 +55,7 @@ systemd: name: iiab-clone-wifi state: started - when: wifi_up_down and discovered_wireless_iface != "none" + when: wifi_up_down and can_be_ap - name: Enable & Restart systemd-networkd.service systemd: From d349f2fe2f5a87eae43433a1041175d63b59dcd6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 2 Oct 2022 23:07:58 -0500 Subject: [PATCH 0689/1758] Restart iiab-clone-wifi if the ap0 device is not detected by ansible #3379 --- roles/network/tasks/rpi_debian.yml | 4 ++-- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 7020ce7df..1df7b4fd9 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -64,8 +64,8 @@ - name: Clone wifi if needed systemd: name: iiab-clone-wifi - state: started - when: wifi_up_down and can_be_ap + state: restarted + when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - name: Restart the networking service if appropriate systemd: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 0a584f89b..57c70e889 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -54,8 +54,8 @@ - name: Clone wifi if needed systemd: name: iiab-clone-wifi - state: started - when: wifi_up_down and can_be_ap + state: restarted + when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - name: Enable & Restart systemd-networkd.service systemd: From 5bbcacbe00256cdd23857187ad652e854eb874db Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Oct 2022 11:52:13 -0400 Subject: [PATCH 0690/1758] Ansible require double backslashes, e.g. with \b "word boundary" anchors --- roles/0-init/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 7425850bd..a12c91156 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -51,7 +51,7 @@ - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml - when: not (rpi_model | regex_search('\bW\b')) + when: not (rpi_model | regex_search('\\bW\\b')) # Ansible require double backslashes, e.g. with \b "word boundary" anchors: https://www.regular-expressions.info/wordboundaries.html https://stackoverflow.com/questions/56869119/ansible-regular-expression-to-match-a-string-and-extract-the-line/56869801#56869801 - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml From 8643285dc9722a42484233acffb05039cfd1fc0e Mon Sep 17 00:00:00 2001 From: root Date: Tue, 4 Oct 2022 19:09:04 -0400 Subject: [PATCH 0691/1758] Auto-install latest/official kiwix-tools + tighten up code --- roles/kiwix/defaults/main.yml | 27 +++++++++++++----- roles/kiwix/tasks/install.yml | 53 ++++++++++------------------------- roles/kiwix/tasks/main.yml | 2 ++ 3 files changed, 37 insertions(+), 45 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 332eb6289..21737efc3 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -21,14 +21,27 @@ # - index = directory for legacy *.zim.idx's kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" -# 3 lines below specify which version(s) of kiwix-tools to download from... -# https://download.iiab.io/packages/ ...as originally obtained from... -# https://download.kiwix.org/release/kiwix-tools/ ...or sometimes... -# https://download.kiwix.org/nightly/ +kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ +#kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ +#kiwix_base_url: "{{ iiab_download_url }}/" # https://download.iiab.io/packages/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0-1 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0-1 -kiwix_version_i686: kiwix-tools_linux-i586-3.3.0-1 +kiwix_arch_dict: + #i386: + i686: i586 + x86_64: x86_64 + armv6l: armhf + armv7l: armhf + aarch64: armhf + +# ansible_architecture can also work: +# https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 +kiwix_arch: "{{ kiwix_arch_dict[ansible_machine] | default('unsupported') }}" + +# Latest official kiwix-tools release, per Kiwix permalink redirects: +# https://www.kiwix.org/en/downloads/kiwix-serve/ +# https://github.com/kiwix/container-images/issues/236 +kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}.tar.gz" +#kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}-3.3.0-1.tar.gz" # Version can be hard-coded if you prefer (as was done til 2022-10-04) # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 3a6c6dcba..f9afc32ff 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -1,42 +1,22 @@ -# 0. SET CPU ARCHITECTURE +# 0. VERIFY CPU/OS ARCHITECTURE SUPPORTED -- name: "Initialize 'kiwix_src_dir: False' just in case CPU architecture is not supported" - set_fact: - kiwix_src_dir: False - -- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71 or aarch64)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_armhf }}" - when: ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64" - -- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_linux64 }}" - when: ansible_machine == "x86_64" - -- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_i686 }}' (i686)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_i686 }}" - when: ansible_machine == "i686" -# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017) - -- name: Force Ansible to exit (FAIL) if kiwix-tools appears unavailable for your architecture ({{ ansible_machine }}) +- name: Force Ansible to exit (FAIL) if kiwix-tools appears unavailable for your CPU/OS architecture ({{ ansible_machine }}) fail: - msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE." - when: not kiwix_src_dir - -- name: "Set fact 'kiwix_src_file: {{ kiwix_src_dir }}.tar.gz'" - set_fact: - kiwix_src_file: "{{ kiwix_src_dir }}.tar.gz" + msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} CPU/OS ARCHITECTURE." + when: kiwix_arch == "unsupported" # 1. PUT IN PLACE: /opt/iiab/downloads/kiwix-tools_linux-*.tar.gz, essential dirs, and test.zim if nec (library.xml is created later, by enable-or-disable.yml) -- name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads +# 2022-10-04: get_url might be removed in future (unarchive below can handle +# everything!) Conversely: (1) unarchive doesn't support timeout (2) one day +# /opt/iiab/downloads might have practical value beyond hoarding (unlikely!) +- name: Download {{ kiwix_base_url }}{{ kiwix_tar_gz }} to /opt/iiab/downloads get_url: - url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # https://download.iiab.io/packages - dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" # /opt/iiab/downloads + url: "{{ kiwix_base_url }}{{ kiwix_tar_gz }}" # e.g. https://download.kiwix.org/release/kiwix-tools/ + kiwix-tools_linux-x86_64.tar.gz + dest: "{{ downloads_dir }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" + register: kiwix_dl # Kiwix URL redirects to a longer filename, including the actual kiwix-tools version (placed in kiwix_dl.dest with its path, for unarchive ~28 lines below) - name: "Create dirs, including parent dirs: {{ kiwix_path }}/bin (executables), {{ iiab_zim_path }}/content (ZIM files), {{ iiab_zim_path }}/index (legacy indexes) (by default 0755)" file: @@ -63,13 +43,11 @@ # 2. INSTALL KIWIX-TOOLS EXECUTABLES -- name: Unarchive {{ kiwix_src_file }} to /tmp # e.g. kiwix-tools_linux-armhf-3.1.2-3.tar.gz +- name: Unarchive {{ kiwix_dl.dest }} to {{ kiwix_path }}/bin -- use '--strip-components=1' to remove tarball's top-level dir during unpacking unarchive: - src: "{{ downloads_dir }}/{{ kiwix_src_file }}" - dest: /tmp - -- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location {{ kiwix_path }}/bin - shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" # /opt/iiab/kiwix + src: "{{ kiwix_dl.dest }}" # See ~28 lines above, e.g. /opt/iiab/downloads/kiwix-tools_linux-x86_64-3.3.0-1.tar.gz + dest: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix/bin + extra_opts: --strip-components=1 # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU @@ -103,7 +81,6 @@ systemd: daemon_reload: yes -# install kiwix app - name: Install Kiwix Android app include_tasks: kiwix-apk.yml when: kiwix_incl_apk diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index ab5064fba..22c8820dc 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -42,6 +42,8 @@ value: "{{ kiwix_install }}" - option: kiwix_enabled value: "{{ kiwix_enabled }}" + - option: kiwix_tar_gz + value: "{{ kiwix_tar_gz }}" - option: kiwix_url value: "{{ kiwix_url }}" - option: kiwix_url_plus_slash From f2b74880e8c59a22ec864bf746e1f80f41d3d5ec Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Oct 2022 19:49:19 -0400 Subject: [PATCH 0692/1758] kiwix/defaults/main.yml: Clarify ansible_machine safer than ansible_architecture --- roles/kiwix/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 21737efc3..acfa7a08b 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -33,8 +33,10 @@ kiwix_arch_dict: armv7l: armhf aarch64: armhf -# ansible_architecture can also work: +# ansible_architecture might also work, if not quite as well: # https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 +# CLAIM: 'ansible_machine might be "i686", whereas ansible_architecture on the same host would be "i386"' +# https://stackoverflow.com/questions/44713880/how-do-i-make-decision-based-on-arch-in-ansible-playbooks/44714226#44714226 kiwix_arch: "{{ kiwix_arch_dict[ansible_machine] | default('unsupported') }}" # Latest official kiwix-tools release, per Kiwix permalink redirects: From 7e86d5e582d3f280eec3ce9610777693ddbc1b46 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Oct 2022 20:02:04 -0400 Subject: [PATCH 0693/1758] kiwix/tasks/install.yml: Clarify get_url "force: yes" implied b/c dest is a dir --- roles/kiwix/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index f9afc32ff..db7b1a9c0 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -15,6 +15,7 @@ get_url: url: "{{ kiwix_base_url }}{{ kiwix_tar_gz }}" # e.g. https://download.kiwix.org/release/kiwix-tools/ + kiwix-tools_linux-x86_64.tar.gz dest: "{{ downloads_dir }}" # /opt/iiab/downloads + #force: yes # Implied b/c dest is a dir! (to recover from incomplete downloads, etc) timeout: "{{ download_timeout }}" register: kiwix_dl # Kiwix URL redirects to a longer filename, including the actual kiwix-tools version (placed in kiwix_dl.dest with its path, for unarchive ~28 lines below) From c1d0bd03dd1e7500c98eb0abab42c6b67068a103 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Oct 2022 20:11:25 -0400 Subject: [PATCH 0694/1758] Untar with '--strip-components=1' to chop tarball's top-level dir from path --- roles/kiwix/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index db7b1a9c0..ab3c8fc27 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -44,7 +44,7 @@ # 2. INSTALL KIWIX-TOOLS EXECUTABLES -- name: Unarchive {{ kiwix_dl.dest }} to {{ kiwix_path }}/bin -- use '--strip-components=1' to remove tarball's top-level dir during unpacking +- name: Unarchive {{ kiwix_dl.dest }} to {{ kiwix_path }}/bin -- untar with '--strip-components=1' to chop tarball's top-level dir from path unarchive: src: "{{ kiwix_dl.dest }}" # See ~28 lines above, e.g. /opt/iiab/downloads/kiwix-tools_linux-x86_64-3.3.0-1.tar.gz dest: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix/bin From ff0384f7783e1068adcaa233ffc2da9a332cd7e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Oct 2022 20:24:06 -0400 Subject: [PATCH 0695/1758] kiwix/defaults/main.yml: Clarify "e.g. https://download.iiab.io/packages/" --- roles/kiwix/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index acfa7a08b..2696974fd 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -23,7 +23,7 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ #kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ -#kiwix_base_url: "{{ iiab_download_url }}/" # https://download.iiab.io/packages/ +#kiwix_base_url: "{{ iiab_download_url }}/" # e.g. https://download.iiab.io/packages/ kiwix_arch_dict: #i386: From 35898a6f92a24ede5d34a24fc4ee46927d596357 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 5 Oct 2022 00:17:37 -0400 Subject: [PATCH 0696/1758] First move /opt/iiab/kiwib/bin aside + Explain better --- roles/kiwix/tasks/enable-or-disable.yml | 18 +++++++++--------- roles/kiwix/tasks/install.yml | 21 +++++++++++++++------ 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index 9f813f4ad..c3b2d617c 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -13,7 +13,7 @@ systemd: name: kiwix-serve enabled: yes - state: started # Not needed...but can't hurt + state: started when: kiwix_enabled @@ -28,15 +28,15 @@ # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" dest: /etc/crontab - when: kiwix_enabled and is_debuntu + when: kiwix_enabled -- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) -# * * * * * user-name command to be executed - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: kiwix_enabled and is_redhat +# - name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) +# # * * * * * user-name command to be executed +# lineinfile: +# # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed +# line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" +# dest: /etc/crontab +# when: kiwix_enabled and is_redhat - name: Enable/Disable/Restart NGINX diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index ab3c8fc27..8a95d52ba 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -6,25 +6,34 @@ when: kiwix_arch == "unsupported" -# 1. PUT IN PLACE: /opt/iiab/downloads/kiwix-tools_linux-*.tar.gz, essential dirs, and test.zim if nec (library.xml is created later, by enable-or-disable.yml) +# 1. PUT IN PLACE: /opt/iiab/downloads/kiwix-tools_linux-*.tar.gz, move /opt/iiab/kiwix/bin aside if nec, create essential dirs, and test.zim if nec (library.xml is created later, by enable-or-disable.yml) # 2022-10-04: get_url might be removed in future (unarchive below can handle # everything!) Conversely: (1) unarchive doesn't support timeout (2) one day # /opt/iiab/downloads might have practical value beyond hoarding (unlikely!) -- name: Download {{ kiwix_base_url }}{{ kiwix_tar_gz }} to /opt/iiab/downloads +- name: Download {{ kiwix_base_url }}{{ kiwix_tar_gz }} into /opt/iiab/downloads (ACTUAL filename should include kiwix-tools version, or nightly build date) get_url: url: "{{ kiwix_base_url }}{{ kiwix_tar_gz }}" # e.g. https://download.kiwix.org/release/kiwix-tools/ + kiwix-tools_linux-x86_64.tar.gz dest: "{{ downloads_dir }}" # /opt/iiab/downloads - #force: yes # Implied b/c dest is a dir! (to recover from incomplete downloads, etc) + #force: yes # Already implied b/c dest is a dir! (to recover from incomplete downloads, etc) timeout: "{{ download_timeout }}" - register: kiwix_dl # Kiwix URL redirects to a longer filename, including the actual kiwix-tools version (placed in kiwix_dl.dest with its path, for unarchive ~28 lines below) + register: kiwix_dl # PATH /opt/iiab/downloads + ACTUAL filename put in kiwix_dl.dest, for unarchive ~28 lines below + +- name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) + stat: + path: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix + register: kiwix_bin + +- name: If so, move {{ kiwix_path }}/bin to {{ kiwix_path }}/bin.DATE_TIME_TZ + shell: "mv {{ kiwix_path }}/bin {{ kiwix_path }}/bin.$(date +%F_%T_%Z)" + when: kiwix_bin.stat.exists - name: "Create dirs, including parent dirs: {{ kiwix_path }}/bin (executables), {{ iiab_zim_path }}/content (ZIM files), {{ iiab_zim_path }}/index (legacy indexes) (by default 0755)" file: path: "{{ item }}" state: directory with_items: - - "{{ kiwix_path }}/bin" # /opt/iiab/kiwix + - "{{ kiwix_path }}/bin" - "{{ iiab_zim_path }}/content" # /library/zims - "{{ iiab_zim_path }}/index" @@ -47,7 +56,7 @@ - name: Unarchive {{ kiwix_dl.dest }} to {{ kiwix_path }}/bin -- untar with '--strip-components=1' to chop tarball's top-level dir from path unarchive: src: "{{ kiwix_dl.dest }}" # See ~28 lines above, e.g. /opt/iiab/downloads/kiwix-tools_linux-x86_64-3.3.0-1.tar.gz - dest: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix/bin + dest: "{{ kiwix_path }}/bin" extra_opts: --strip-components=1 From f02e514cd1c8d18cdee20e1a3ebf641b194d5712 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 5 Oct 2022 08:23:34 -0500 Subject: [PATCH 0697/1758] Move 'hooks' to their respective backends With NetworkManager active, systemd-networkd/networkd-dispatcher are used for br0/ap0 support but the hooks were not being installed on the first pass through network as systemd_networkd_active was not detected when ansibled stated. --- roles/network/tasks/hostapd.yml | 55 ------------------------ roles/network/tasks/rpi_debian.yml | 15 +++++++ roles/network/tasks/sysd-netd-debian.yml | 41 ++++++++++++++++-- 3 files changed, 53 insertions(+), 58 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 99fb6cf41..3df0f2c36 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -55,61 +55,6 @@ # 2022-07-11: Install of iiab-hotspot-on|off moved to network/tasks/main.yml # as required for Admin Console -- name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True - template: - src: hostapd/50-hostapd - dest: /lib/dhcpcd/dhcpcd-hooks/50-hostapd - owner: root - group: root - mode: 0644 - when: is_raspbian and wifi_up_down - -- name: Remove dhcpcd hook for hostapd if WiFi is not split using ap0 - file: - path: /lib/dhcpcd/dhcpcd-hooks/50-hostapd - state: absent - when: is_raspbian and not wifi_up_down - -- name: Create networkd-dispatcher diagnostic hook for recording network events - template: - owner: root - group: root - mode: 0755 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/carrier.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/degraded.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/dormant.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/no-carrier.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/off.d/00-iiab-debug' } - - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } - when: systemd_networkd_active and discovered_wireless_iface != "none" - -- name: Create networkd-dispatcher hook for hostapd wifi_up_down True - template: - owner: root - group: root - mode: 0755 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } - - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } - - { src: 'hostapd/netd-disp2', dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } - when: systemd_networkd_active and discovered_wireless_iface != "none" and wifi_up_down - -- name: Remove networkd-dispatcher hook wifi_up_down False - file: - path: "{{ item.dest }}" - state: absent - with_items: - - { dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } - - { dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } - - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } - - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } - when: systemd_networkd_active and discovered_wireless_iface != "none" and not wifi_up_down - - name: Enable the Access Point 'hostapd' service systemd: name: hostapd diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 1df7b4fd9..4dbcd97ee 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -20,6 +20,21 @@ dest: /etc/dhcpcd.conf src: network/dhcpcd.conf.j2 +- name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True + template: + src: hostapd/50-hostapd + dest: /lib/dhcpcd/dhcpcd-hooks/50-hostapd + owner: root + group: root + mode: 0644 + when: wifi_up_down + +- name: Remove dhcpcd hook for hostapd if WiFi is not split using ap0 + file: + path: /lib/dhcpcd/dhcpcd-hooks/50-hostapd + state: absent + when: not wifi_up_down + - name: New Raspbian requires country code -- check for it shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' register: country_code diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 57c70e889..c691f8317 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -42,10 +42,45 @@ src: network/systemd-static-net.j2 when: wan_ip != "dhcp" and ( is_ubuntu_16 or not network_manager_active ) - #when: wan_ip != "dhcp" and not is_ubuntu_18 +- name: Create networkd-dispatcher diagnostic hook for recording network events + template: + owner: root + group: root + mode: 0755 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/carrier.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/degraded.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/dormant.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/no-carrier.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/off.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } + when: discovered_wireless_iface != "none" or discovered_wired_iface != "none" -#- name: Stopping services -# include_tasks: down-debian.yml +- name: Create networkd-dispatcher hook for hostapd wifi_up_down True + template: + owner: root + group: root + mode: 0755 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } + - { src: 'hostapd/netd-disp2', dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } + when: discovered_wireless_iface != "none" and wifi_up_down + +- name: Remove networkd-dispatcher hook for wifi_up_down False + file: + path: "{{ item.dest }}" + state: absent + with_items: + - { dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } + when: discovered_wireless_iface != "none" and not wifi_up_down - name: Reload systemd systemd: From 5ab9e0ff76930a53898ecd2bd450df932ee23433 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 6 Oct 2022 07:25:53 -0500 Subject: [PATCH 0698/1758] use ap0 hack only on RPi hardware --- roles/network/tasks/sysd-netd-debian.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index c691f8317..ed627f797 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -58,7 +58,7 @@ - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } when: discovered_wireless_iface != "none" or discovered_wired_iface != "none" -- name: Create networkd-dispatcher hook for hostapd wifi_up_down True +- name: Create networkd-dispatcher hook for ap0 on RPi hardware with wifi_up_down True template: owner: root group: root @@ -69,9 +69,9 @@ - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } - { src: 'hostapd/netd-disp2', dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } - when: discovered_wireless_iface != "none" and wifi_up_down + when: discovered_wireless_iface != "none" and rpi_model != "none" and wifi_up_down -- name: Remove networkd-dispatcher hook for wifi_up_down False +- name: Remove networkd-dispatcher hook for ap0 on RPi hardware with wifi_up_down False file: path: "{{ item.dest }}" state: absent @@ -80,7 +80,7 @@ - { dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi2' } - when: discovered_wireless_iface != "none" and not wifi_up_down + when: discovered_wireless_iface != "none" and rpi_model != "none" and not wifi_up_down - name: Reload systemd systemd: From cf1869bd118459ac95d55112eee8ebce209dfeb8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 03:24:12 -0500 Subject: [PATCH 0699/1758] Revert "shut the log up for #3278" This reverts commit eb3c0a2684c81e6f916c8219c49918e8d304d1da. --- roles/network/tasks/enable_services.yml | 4 +--- roles/network/tasks/install.yml | 2 +- roles/network/tasks/sysd-netd-debian.yml | 1 - 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 4566c00bb..efbd3e12a 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -95,8 +95,6 @@ #- debug: # var: nd_dir -# networkd-dispatcher not enabled for is_linuxmint https://github.com/iiab/iiab/issues/3278 -# might need the same dispatcher treatment using networkmanager-dispatcher to bring up dnsmasq or look at dnsmasq-iiab - name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04 or later) (root:root by default) template: src: roles/network/templates/network/dnsmasq.sh.j2 @@ -109,7 +107,7 @@ #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") -- name: Remove /etc/dnsmasq.d/iiab.conf, when is Appliance +- name: Remove /etc/dnsmasq.d/iiab.conf, when not dnsmasq_enabled or is Appliance file: path: /etc/dnsmasq.d/iiab.conf state: absent diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 8ac1b8cc6..0c8592d45 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -7,7 +7,7 @@ package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present - when: not is_raspbian or not is_linuxmint + when: not is_raspbian # 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools) # are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index ed627f797..d5a494786 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -112,4 +112,3 @@ state: restarted enabled: yes masked: no - when: not is_linuxmint From fe18c8e05080a86433ac797cb7fb43c79ddebe97 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 03:33:41 -0500 Subject: [PATCH 0700/1758] remove RasPiOS restriction --- roles/network/tasks/install.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 0c8592d45..08a749707 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -3,12 +3,6 @@ - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/dnsmasq.yml # Invoked by 1-prep (so full path needed) -- name: Install package networkd-dispatcher (OS's other than RasPiOS and Linux Mint) - package: - name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - state: present - when: not is_raspbian - # 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools) # are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: # desktops might have some/all 3 preinstalled, while servers tend not to have @@ -19,7 +13,7 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 12 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml @@ -32,6 +26,7 @@ - libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - netmask # 25kB download: Handy utility -- helps determine network masks - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? + - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP From 07f663b8eecb18659ea789989c6a9334ecb05abd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 03:39:01 -0500 Subject: [PATCH 0701/1758] restore missing optional user disabling of dnsmasq --- roles/network/tasks/enable_services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index efbd3e12a..7cdb6da00 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -111,7 +111,7 @@ file: path: /etc/dnsmasq.d/iiab.conf state: absent - when: iiab_network_mode == "Appliance" + when: not dnsmasq_enabled or iiab_network_mode == "Appliance" - name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled systemd: From bad5b38e259a1f12ef516811ab416a462c5a27d6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 13:07:28 -0500 Subject: [PATCH 0702/1758] always install 00-iiab-debug --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index d5a494786..fc9067537 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -56,7 +56,7 @@ - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/no-carrier.d/00-iiab-debug' } - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/off.d/00-iiab-debug' } - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } - when: discovered_wireless_iface != "none" or discovered_wired_iface != "none" + # when: discovered_wireless_iface != "none" or discovered_wired_iface != "none" - name: Create networkd-dispatcher hook for ap0 on RPi hardware with wifi_up_down True template: From 417386121c79db66272d360e91cdc2b585827663 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Oct 2022 17:32:00 -0500 Subject: [PATCH 0703/1758] wording --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index fc9067537..2954d22e3 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -106,7 +106,7 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service except for Linux Mint +- name: Enable & Restart networkd-dispatcher.service systemd: name: networkd-dispatcher state: restarted From 5290f0036881857cdb2f981ac36a189437d02f5c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 14:03:32 -0400 Subject: [PATCH 0704/1758] iiab-remoteit-off: failsafe as connectd may no longer exist --- roles/remoteit/templates/iiab-remoteit-off | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit-off b/roles/remoteit/templates/iiab-remoteit-off index 80207f8be..41f204bbb 100755 --- a/roles/remoteit/templates/iiab-remoteit-off +++ b/roles/remoteit/templates/iiab-remoteit-off @@ -18,8 +18,8 @@ fi # https://github.com/iiab/iiab/tree/master/roles/remoteit/tasks/enable-or-disable.yml # remote.it "parent" service -systemctl stop connectd -systemctl disable connectd +systemctl stop connectd || true # connectd may no longer exist. See PR #3363 +systemctl disable connectd || true # "Remote tcp command service" systemctl stop schannel From 3796735b89b44b7be79f1f0f075d4b0833fe0784 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 14:10:44 -0400 Subject: [PATCH 0705/1758] Clarify iiab-remoteit-off: connectd may not exist --- roles/remoteit/templates/iiab-remoteit-off | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/templates/iiab-remoteit-off b/roles/remoteit/templates/iiab-remoteit-off index 41f204bbb..4e84d117c 100755 --- a/roles/remoteit/templates/iiab-remoteit-off +++ b/roles/remoteit/templates/iiab-remoteit-off @@ -18,7 +18,7 @@ fi # https://github.com/iiab/iiab/tree/master/roles/remoteit/tasks/enable-or-disable.yml # remote.it "parent" service -systemctl stop connectd || true # connectd may no longer exist. See PR #3363 +systemctl stop connectd || true # connectd may not exist. See PR #3363 systemctl disable connectd || true # "Remote tcp command service" From e30b2bbc0be9d06d7511426177a7195912e040d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 14:28:52 -0400 Subject: [PATCH 0706/1758] templates/iiab-remoteit: Compact prompt conditionals --- roles/remoteit/templates/iiab-remoteit | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index 9d310e492..c64ebc690 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -55,7 +55,7 @@ if [ -f /etc/remoteit/config.json ]; then read -n 1 -r ans < /dev/tty # Prompt for a single character echo; echo - if [[ $ans = "n" || $ans = "N" ]]; then # Nearly the same as Lines 142-189 + if [[ $ans =~ ^[nN]$ ]]; then # Nearly the same as Lines 142-189 echo -e "Let's try to enable remote.it, with your existing /etc/remoteit/config.json...\n" systemctl enable connectd @@ -88,7 +88,7 @@ echo -en "\e[1m\nOptionally purge + install latest remote.it Device Package? [y/ read -n 1 -r ans < /dev/tty # Prompt for a single character echo; echo -if [[ $ans = "y" || $ans = "Y" ]]; then +if [[ $ans =~ ^[yY]$ ]]; then # Full apt path avoids problematic /usr/local/bin/apt on Linux Mint /usr/bin/apt -y purge "remoteit*" || true From 0d646a2b8582b6653d357b6209b2bca7b11d1404 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 14:51:49 -0400 Subject: [PATCH 0707/1758] enable-or-disable.yml: Remove empty file /etc/remoteit/registration if remoteit_enabled --- roles/remoteit/tasks/enable-or-disable.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index c80830a8b..ee8134a11 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -17,6 +17,18 @@ when: remoteit_license_key is defined +- name: Does empty file /etc/remoteit/registration exist? + stat: + path: /etc/remoteit/registration + register: remoteit_reg + +- name: Remove empty file /etc/remoteit/registration if remoteit_enabled + file: + path: /etc/remoteit/registration + state: absent + when: remoteit_enabled and remoteit_reg.stat.exists and remoteit_reg.stat.size == 0 + + # 2022-04-07 FYI: connectd (below) never deletes /etc/remoteit/registration - name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below From 5cd21877965a7195f608685cda6cbc14ee3baf12 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 15:09:10 -0400 Subject: [PATCH 0708/1758] remoteit/tasks/install.yml: Defer deletion of /etc/remoteit/registration --- roles/remoteit/tasks/install.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 4e52bd586..4de54a116 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -47,7 +47,7 @@ state: directory path: /etc/remoteit -- name: "'touch /etc/remoteit/registration' to block generation of claim code below, also speeding things up a bit" +- name: "'touch /etc/remoteit/registration' (might contain a remoteit_license_key) to prevent generation of claim code below; also speeding things up a bit" file: state: touch path: /etc/remoteit/registration @@ -86,11 +86,13 @@ when: is_linuxmint -- name: "'rm /etc/remoteit/registration' (empty file used just above)" - file: - state: absent - path: /etc/remoteit/registration - ignore_errors: yes # In case a future version of install_agent.sh deletes it for us +# 2022-10-09: Let's keep the file (empty or not!) If it exists with size zero +# bytes, enable-or-disable.yml or /usr/bin/iiab-remoteit delete it later as nec. +# - name: "'rm /etc/remoteit/registration' (empty file used just above)" +# file: +# state: absent +# path: /etc/remoteit/registration +# ignore_errors: yes # In case a future version of install_agent.sh deletes it for us - name: Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly enable remote.it AND generate a new remote.it claim code (in /etc/remoteit/config.json) -- optionally downloading + installing the very latest Device Package (like the 2 steps above) From 84397e67b2687a0ba2243574948099aaeb0bced3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 16:29:54 -0400 Subject: [PATCH 0709/1758] remoteit/defaults/main.yml: New arch dict + URLs for optional CLI --- roles/remoteit/defaults/main.yml | 33 +++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index 48a7f0304..5acf6b379 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -7,7 +7,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# # 2022-03-31: https://remote.it/download/ offers 4 relevant "Device Packages" +# # 2022-03-31: https://remote.it/download/ offered 4 relevant "Device Packages" # # 1) Raspberry Pi (ARM) = armhf.rpi # # 2) Raspberry Pi (ARM64) = arm64.rpi # # 3) Debian Linux (ARM64) = arm64 @@ -32,23 +32,26 @@ # # # Example... https://downloads.remote.it/remoteit/v4.14.1/remoteit-4.14.1.armhf.rpi.deb -# 2022-03-31: https://remote.it/download/ offers 4 relevant "CLI" installs: -# 1) Debian Linux (ARM v6) OR Raspberry Pi (ARM) = armv6 -# 2) Debian Linux (ARM v7) = armv7 -# 3) Debian Linux (ARM64) OR Raspberry Pi (ARM64) = arm64 +# 2022-10-09: https://remote.it/download/ offers 4 relevant "CLI" installs: +# 1) Debian Linux (ARM v6) OR Raspberry Pi (ARM) = armv6 -> arm-v6 +# 2) Debian Linux (ARM v7) = armv7 -> arm-v7 +# 3) Debian Linux (ARM64) OR Raspberry Pi (ARM64) = arm64 -> aarch64 # 4) Debian Linux (x86_64) = x86_64 -# See https://docs.remote.it/software/cli/overview to refine URL below: -cli_suffixes: - armv6: armv6 - armv6l: armv6 - armv7: armv7 - armv7l: armv7 - armv8: arm64 - aarch64: arm64 +# SEE https://www.remote.it/download-list +# https://www.remote.it/download-list?products=cli to refine arch/URL below +# BUT https://docs.remote.it/software/cli/overview can be useful OR stale :/ +remoteit_arch_dict: + armv6: arm-v6 + armv6l: arm-v6 + armv7: arm-v7 + armv7l: arm-v7 + armv8: aarch64 + aarch64: aarch64 x86_64: x86_64 -remoteit_cli_suffix: "{{ cli_suffixes[ansible_architecture] | default('unknown') }}" -remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit_linux_{{ remoteit_cli_suffix }} +remoteit_arch: "{{ remoteit_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) +remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux + # OPTION #1: Run 'sudo iiab-remoteit' after IIAB is installed. From 865d2434ebc0c8f42baa1132d10112e1b3232250 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 16:34:04 -0400 Subject: [PATCH 0710/1758] remoteit/tasks/main.yml: Use skip_role_on_error --- roles/remoteit/tasks/main.yml | 56 ++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 24 deletions(-) diff --git a/roles/remoteit/tasks/main.yml b/roles/remoteit/tasks/main.yml index 1e1c85230..197010c3b 100644 --- a/roles/remoteit/tasks/main.yml +++ b/roles/remoteit/tasks/main.yml @@ -11,31 +11,39 @@ quiet: yes -- name: Install remoteit if 'remoteit_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: remoteit_installed is undefined +- block: + - name: Install remoteit if 'remoteit_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: remoteit_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml -# - name: Extract claim code from /etc/remoteit/config.json if it exists -# shell: grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev -# register: remoteit_claim_code + # - name: Extract claim code from /etc/remoteit/config.json if it exists + # shell: grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev + # register: remoteit_claim_code -- name: Add 'remoteit' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: remoteit - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: remote.it - - option: description - value: '"https://remote.it can help you remotely maintain an IIAB. Some benefits include: crossing multiple NATs/firewalls using a single TCP port, without requiring router port forwarding, and reducing your network''s vulnerability."' - - option: remoteit_install - value: "{{ remoteit_install }}" - - option: remoteit_enabled - value: "{{ remoteit_enabled }}" - # - option: remoteit_claim_code - # value: "{{ remoteit_claim_code.stdout }}" + - name: Add 'remoteit' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: remoteit + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: remote.it + - option: description + value: '"https://remote.it can help you remotely maintain an IIAB. Some benefits include: crossing multiple NATs/firewalls using a single TCP port, without requiring router port forwarding, and reducing your network''s vulnerability."' + - option: remoteit_install + value: "{{ remoteit_install }}" + - option: remoteit_enabled + value: "{{ remoteit_enabled }}" + # - option: remoteit_claim_code + # value: "{{ remoteit_claim_code.stdout }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From 617c4436a26b5b6a857cdf9210e51e12cb882004 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 17:09:23 -0400 Subject: [PATCH 0711/1758] remoteit/tasks/enable-or-disable.yml: Use /usr/share/remoteit/refresh.sh not connected --- roles/remoteit/tasks/enable-or-disable.yml | 45 ++++++++++++---------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index ee8134a11..2bd305ef6 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -22,40 +22,43 @@ path: /etc/remoteit/registration register: remoteit_reg -- name: Remove empty file /etc/remoteit/registration if remoteit_enabled +- name: Remove empty file /etc/remoteit/registration if remoteit_enabled, so claim code can be generated file: path: /etc/remoteit/registration state: absent when: remoteit_enabled and remoteit_reg.stat.exists and remoteit_reg.stat.size == 0 -# 2022-04-07 FYI: connectd (below) never deletes /etc/remoteit/registration +# 2022-10-09: refresh.sh is equivalent to their old connectd "parent" systemd +# service, that they removed from 4.15.2 device packages on 2022-09-07. +# (Either way, the job below never deletes /etc/remoteit/registration) -- name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below - systemd: - name: connectd - daemon_reload: yes - enabled: yes - state: restarted +- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don't already have a license key in /etc/remoteit/registration) -- FYI this spawns 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' + command: /usr/share/remoteit/refresh.sh when: remoteit_enabled -- name: Enable remote.it daemon schannel ("Remote tcp command service") -- try to avoid contention with connectd which auto-spawns it as nec (just above) +# - name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below +# systemd: +# name: connectd +# daemon_reload: yes +# enabled: yes +# state: restarted +# when: remoteit_enabled + +# 2022-10-09: refresh.sh (above) now takes care of this too +# - name: Enable remote.it daemon schannel ("Remote tcp command service") -- try to avoid contention with connectd which auto-spawns it as nec (just above) +# systemd: +# name: schannel +# enabled: yes +# state: started +# when: remoteit_enabled + + +- name: Disable & Stop remote.it service schannel systemd: name: schannel - enabled: yes - state: started - when: remoteit_enabled - - -- name: Disable & Stop remote.it services {connectd, schannel} - systemd: - name: "{{ item }}" enabled: no state: stopped - with_items: - - connectd - - schannel - ignore_errors: yes when: not remoteit_enabled - name: Stop & Disable "Remote tcp connection services" remoteit@* found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service From 586efa1ecf80898f2e3e39972dc2fe2dd7d61292 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 17:43:26 -0400 Subject: [PATCH 0712/1758] /usr/bin/iiab-remoteit: connectd systemd service GONE from 4.15.2 --- roles/remoteit/templates/iiab-remoteit | 30 +++++++++++--------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index c64ebc690..8aa64b758 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -58,9 +58,9 @@ if [ -f /etc/remoteit/config.json ]; then if [[ $ans =~ ^[nN]$ ]]; then # Nearly the same as Lines 142-189 echo -e "Let's try to enable remote.it, with your existing /etc/remoteit/config.json...\n" - systemctl enable connectd - systemctl restart connectd - systemctl enable schannel + /usr/share/remoteit/refresh.sh # Just like connectd systemd service + # prior to 4.15.2 (its new remoteit-refresh.service is insufficient, as + # it's not installed initially, by their curl script install_agent.sh) if grep -q '^remoteit_enabled:' /etc/iiab/local_vars.yml; then sed -i "s/^remoteit_enabled:.*/remoteit_enabled: True/" /etc/iiab/local_vars.yml @@ -123,9 +123,7 @@ else # regardless whether /etc/remoteit/registration exists and what it contains, # and regardless whether /etc/remoteit/config.json contains a claim code. - echo -e "In a few seconds, all 3 {connectd, schannel, remoteit@...} should be enabled!\n" - - systemctl stop connectd # "Safer" (though it's generally exited already!) + echo -e "In a few seconds, both services {schannel, remoteit@...} should be enabled!\n" #if [ ! -f /etc/remoteit/registration ] && [ -f /etc/remoteit/config.json ]; then if [ -f /etc/remoteit/config.json ]; then @@ -139,20 +137,18 @@ else echo -e "/etc/remoteit/config.json moved aside, for fresh device registration.\n" fi - systemctl start connectd # Registration logic (use license key or - # generate claim code) then kickstart 2 "child" services below. - # FYI running /usr/share/remoteit/refresh.sh appears to do the exact same - # thing (as bouncing service connectd). + /usr/share/remoteit/refresh.sh # Registration logic (use license key or + # generate claim code) then kickstart 2 "child" services below. In the + # past, we bounced the connectd service which did the same, and we enabled + # services {connectd, schannel} like enable-or-disable.yml used to do too. - systemctl enable connectd # 2 enable lines, like enable-or-disable.yml + # schannel.service - Remote tcp command service + # remoteit@80:00:01:7F:7E:00:56:36.service - Remote tcp connection service - # schannel = "Remote tcp command service" started by connectd above if nec - systemctl enable schannel # 2 enable lines, like enable-or-disable.yml - - # "Remote tcp connection service" appears a few seconds after connectd is - # started above. Auto-enabled when spawned by connectd, SO NOT NEC HERE: + # Both above appear a few seconds after refresh.sh is run, MANUAL NOT NEC: # systemctl enable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@*) - # These systemd service names e.g. remoteit@80:00:01:7F:7E:00:56:36.service + + # FYI systemd service names like remoteit@80:00:01:7F:7E:00:56:36.service # change, e.g. when a new claim code is generated, and more arise when the # IIAB device is registered to a remote.it account (#3166), etc. fi From da88bdba9e36506c516a8054839e124594d191d0 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 9 Oct 2022 18:31:22 -0400 Subject: [PATCH 0713/1758] roles/remoteit: small fixes + cleanup --- roles/remoteit/tasks/enable-or-disable.yml | 2 +- roles/remoteit/tasks/install.yml | 4 ++-- roles/remoteit/templates/iiab-remoteit | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 2bd305ef6..5fba120ca 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -33,7 +33,7 @@ # service, that they removed from 4.15.2 device packages on 2022-09-07. # (Either way, the job below never deletes /etc/remoteit/registration) -- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don't already have a license key in /etc/remoteit/registration) -- FYI this spawns 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' +- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don''t already have a license key in /etc/remoteit/registration) -- FYI this spawns 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' command: /usr/share/remoteit/refresh.sh when: remoteit_enabled diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 4de54a116..360cb7397 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -108,10 +108,10 @@ mode: 0755 -- name: Fail if architecture remoteit_cli_suffix == "unknown" +- name: Fail if architecture remoteit_arch == "unknown" fail: msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" - when: remoteit_cli_suffix == "unknown" + when: remoteit_arch == "unknown" - name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) get_url: diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index 8aa64b758..e4f8097b0 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -55,7 +55,7 @@ if [ -f /etc/remoteit/config.json ]; then read -n 1 -r ans < /dev/tty # Prompt for a single character echo; echo - if [[ $ans =~ ^[nN]$ ]]; then # Nearly the same as Lines 142-189 + if [[ $ans =~ ^[nN]$ ]]; then # Nearly the same as Lines 140-185 echo -e "Let's try to enable remote.it, with your existing /etc/remoteit/config.json...\n" /usr/share/remoteit/refresh.sh # Just like connectd systemd service From c1e83a5965611330343ce12c160ef2235f79fbd9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 18:46:20 -0400 Subject: [PATCH 0714/1758] iiab-remoteit-off: Comment out obsolete connectd ops --- roles/remoteit/templates/iiab-remoteit-off | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/remoteit/templates/iiab-remoteit-off b/roles/remoteit/templates/iiab-remoteit-off index 4e84d117c..8cd9b1b1b 100755 --- a/roles/remoteit/templates/iiab-remoteit-off +++ b/roles/remoteit/templates/iiab-remoteit-off @@ -17,9 +17,9 @@ fi # 3 sections below should be equivalent to -- and much faster than: # https://github.com/iiab/iiab/tree/master/roles/remoteit/tasks/enable-or-disable.yml -# remote.it "parent" service -systemctl stop connectd || true # connectd may not exist. See PR #3363 -systemctl disable connectd || true +# remote.it "parent" service no longer part of Device Package 4.15.2 on 2022-09-07 +#systemctl stop connectd +#systemctl disable connectd # "Remote tcp command service" systemctl stop schannel From 09fbcbb71fa0bcd0d637b46fd63810513a406ac0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 9 Oct 2022 18:52:13 -0400 Subject: [PATCH 0715/1758] remoteit/README.md: Their $6/month rose to $10/month --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 11b2d281b..5a7cf8bbb 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [April 2022](https://remote.it/pricing/), 5 IIAB devices can be managed for free, and an unlimited number can be managed for $6/month. +As of [October 2022](https://remote.it/pricing/), 5 IIAB devices can be managed for free, and an unlimited number can be managed for $10/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From 009562b6c5608ae9c9705a52a28378cc6c174e13 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Oct 2022 12:00:56 -0400 Subject: [PATCH 0716/1758] Recommend ansible-core 2.13.5 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 58513b6b5..f831a5461 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -8,7 +8,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] -GOOD_VER=2.13.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.13.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From f9e6b50bae0aed38678866353c7a0f2fae84f560 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Oct 2022 12:03:52 -0400 Subject: [PATCH 0717/1758] Update ansible --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index f831a5461..b574fd2f0 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,7 +7,7 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.5] GOOD_VER=2.13.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and From 363662601613b2c60edbdabf6dffe8c8686a359d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 12 Oct 2022 18:04:53 -0400 Subject: [PATCH 0718/1758] mongodb/tasks/install.yml: Force libssl1.1 on is_linuxmint_21 too --- roles/mongodb/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index e56229b18..dd2a8c3fc 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -115,20 +115,20 @@ apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main #filename: focal-security # If filename focal-security.list is preferred - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - name: Install libssl1.1 if Ubuntu 22.04+ (required by MongoDB below) package: name: libssl1.1 state: present - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main state: absent #filename: focal-security # 100% IGNORED during repo deletion - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 From ecff206feaf7edc0f32acd36959a3aae922d4779 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Oct 2022 14:34:00 -0400 Subject: [PATCH 0719/1758] 2-common/tasks/packages.yml: Debian 12 needs 'apt install cron' --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 6919a7084..0b33dd637 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,10 +1,11 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 16 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, plocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, plocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events - bzip2 # 47kB download: RasPiOS installs this regardless -- 2021-04-26: Prob not used, but can't hurt? + - cron # 98kB download: RasPiOS installs this regardless -- 2022-10-13: Debian 12 needs this added (for now?) - curl # 254kB download: RasPiOS installs this regardless -- Used to install roles/nodejs and roles/nodered #- etckeeper # 54kB download: "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146 #- exfat-fuse # 28kB download: 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out From b11a608adbad04f1964464069584fc3de5ef935c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Oct 2022 14:44:10 -0400 Subject: [PATCH 0720/1758] Clarify PR #3397: Force libssl1.1 on Mint 21 too --- roles/mongodb/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index dd2a8c3fc..64f171440 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -111,19 +111,19 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main #filename: focal-security # If filename focal-security.list is preferred when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - - name: Install libssl1.1 if Ubuntu 22.04+ (required by MongoDB below) + - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 (required by MongoDB below) package: name: libssl1.1 state: present when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main state: absent From 10eef2f6d9ecbfd51a7894622c321c65180077b3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Oct 2022 16:23:53 -0400 Subject: [PATCH 0721/1758] Document /home/nodered/.node-red/settings.js (username pi is no longer!) --- roles/nodered/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodered/defaults/main.yml b/roles/nodered/defaults/main.yml index f7cf092a5..a98463197 100644 --- a/roles/nodered/defaults/main.yml +++ b/roles/nodered/defaults/main.yml @@ -22,7 +22,7 @@ nodered_admin_pwd_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPM # username and password hash are stored in: # /home/nodered/.node-red/settings.js # -# Or...on Raspberry Pi they're stored in: +# Or...on Raspberry Pi they [USED TO BE] stored in: # /home/pi/.node-red/settings.js # # See http://nodered.org/docs/security.html for more detail. From aad72373eae22284fdf77fb9822de0a240bdb2b8 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Oct 2022 20:07:44 -0400 Subject: [PATCH 0722/1758] Copy Node-RED's default settings.js from /usr/lib/... OR /usr/local/lib/... --- roles/nodered/tasks/settings.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml index 22b2f33a6..edef7b909 100644 --- a/roles/nodered/tasks/settings.yml +++ b/roles/nodered/tasks/settings.yml @@ -39,7 +39,8 @@ #- name: Run 'node-red admin init' as user '{{ nodered_linux_user }}' to create /home/{{ nodered_linux_user }}/.node-red/settings.js # command: runuser -u {{ nodered_linux_user }} node-red admin init -- name: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js +# 2022-10-13: These 9 lines can likely be removed later in 2023 or 2024? +- name: "OLD WAY: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js" copy: remote_src: yes src: /usr/lib/node_modules/node-red/settings.js @@ -47,6 +48,17 @@ owner: "{{ nodered_linux_user }}" group: "{{ nodered_linux_user }}" #mode: preserve # Implied (and required) w/ remote_src, since Ansible 2.6 + ignore_errors: yes + +- name: "NEW WAY: Copy /usr/local/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js" + copy: + remote_src: yes + src: /usr/local/lib/node_modules/node-red/settings.js + dest: /home/{{ nodered_linux_user }}/.node-red/settings.js + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + #mode: preserve # Implied (and required) w/ remote_src, since Ansible 2.6 + ignore_errors: yes - name: Splice username and password into /home/{{ nodered_linux_user }}/.node-red/settings.js From 75fc75ce3dd6399ebc2d3646c02868da5243cfea Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Oct 2022 20:25:04 -0400 Subject: [PATCH 0723/1758] Node-RED's /usr/lib/.../settings.js (OLD WAY) *might* later be removable --- roles/nodered/tasks/settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml index edef7b909..92833d91a 100644 --- a/roles/nodered/tasks/settings.yml +++ b/roles/nodered/tasks/settings.yml @@ -39,7 +39,7 @@ #- name: Run 'node-red admin init' as user '{{ nodered_linux_user }}' to create /home/{{ nodered_linux_user }}/.node-red/settings.js # command: runuser -u {{ nodered_linux_user }} node-red admin init -# 2022-10-13: These 9 lines can likely be removed later in 2023 or 2024? +# 2022-10-13: These 9 lines (OLD WAY) might be removable by ~2024? PR #3402 - name: "OLD WAY: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js" copy: remote_src: yes From 98e66a483876ade5fe9028cf7e4d95c27e5a6c41 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 18 Oct 2022 18:47:52 -0400 Subject: [PATCH 0724/1758] Refine pwd warnings, avoiding Mint 21 pop-up --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 5 ++++- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index e41dde542..97728045c 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,10 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow + + # 2022-09-21 #3368: Sets field2 to "" if sudo -n fails to read /etc/shadow + # 2022-10-18 #3404: Redirect stderr to /dev/null, to avoid Mint pop-up + field2=$(sudo -n grep "^$1:" /etc/shadow 2>/dev/null | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index aead6273a..9d18eece1 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,10 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow + + # 2022-09-21 #3368: Sets field2 to "" if sudo -n fails to read /etc/shadow + # 2022-10-18 #3404: Redirect stderr to /dev/null, to avoid Mint pop-up + field2=$(sudo -n grep "^$1:" /etc/shadow 2> /dev/null | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds From 1ca77cdf866c18390875168922361c1f6fd13ccf Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 18 Oct 2022 19:02:19 -0400 Subject: [PATCH 0725/1758] Clarify useless pop-up risk on RasPiOS like Mint, due to sudo -n --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index 97728045c..356789433 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -28,7 +28,8 @@ check_user_pwd() { # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH # 2022-09-21 #3368: Sets field2 to "" if sudo -n fails to read /etc/shadow - # 2022-10-18 #3404: Redirect stderr to /dev/null, to avoid Mint pop-up + # 2022-10-18 #3404: Redirect stderr to /dev/null, as RasPiOS might one day + # force an annoying pop-up, as Mint did (due to sshpwd-profile-iiab.sh.j2) field2=$(sudo -n grep "^$1:" /etc/shadow 2>/dev/null | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] From 4b85b2fd37f893f95e17165c1554ef551855b36f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Oct 2022 09:22:32 -0400 Subject: [PATCH 0726/1758] Clarify Nextcloud 25.0.0 (~138MB) expands to ~507MB & later 531+ MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index c576daf13..0a9ba780c 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~118 MB) to {{ nextcloud_root_dir }} (~405 MB initially, 428+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~138 MB) to {{ nextcloud_root_dir }} (~507 MB initially, 531+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From f4622e54ce94778e2a74cf96f9ac1d25051c1778 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Oct 2022 09:51:24 -0400 Subject: [PATCH 0727/1758] Nextcloud 25.0.0 PHP 7.4, 8.0 or 8.1 reqs verified & documented --- roles/nextcloud/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0a9ba780c..409c8dbf4 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -43,6 +43,7 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/25/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: @@ -61,11 +62,11 @@ - php{{ php_version }}-gmp # OPTIONAL (for SFTP storage) - php-imagick # OPTIONAL (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in wordpress/tasks/install.yml - php{{ php_version }}-intl # OPTIONAL (increases language translation performance and fixes sorting of non-ASCII characters): Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, wordpress/tasks/install.yml - #- php{{ php_version }}-json # See stanza just below + #- php{{ php_version }}-json # Included with PHP >= 8.0 -- see stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - #- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT? + #- php{{ php_version }}-openssl # Included with PHP >= 8.0 -- NOT INSTALLABLE #- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php{{ php_version }}-mysql handles this on all OS's? #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? From daf3e5ce69409ae150add44034f5a457432dea9d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Oct 2022 09:55:43 -0400 Subject: [PATCH 0728/1758] Update nextcloud/README.md re: "latest" Nextcloud 22+ reqs --- roles/nextcloud/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 14af973e0..28aed5472 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -38,6 +38,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre (4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +- https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml From 7e5099553fd6780bd0aca6d3b460b34f84b420e1 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 19 Oct 2022 18:51:16 -0400 Subject: [PATCH 0729/1758] MongoDB 4.4 -> 6.0; force libssl1.1 for Debian 12 --- roles/mongodb/defaults/main.yml | 3 ++- roles/mongodb/tasks/install.yml | 25 ++++++++++++++++++++----- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index e1acd8fb0..19d2fa62f 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,7 +20,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 4.4 # 5.0 and 6.0 also work as of 2022-09-27, but fail +mongodb_64bit_version: 6.0 # 4.4 fails on Debian 12 with error "No package +# matching 'mongodb-org' is available" as of 2022-10-19. 5.0 works, but fails # on "pre-2011" CPU's w/o AVX. VERIFY both X.Y versions exist (+ work!) below: # # 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 64f171440..fd77f3324 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -102,9 +102,11 @@ filename: mongodb-org when: not (is_debian and ansible_architecture == "x86_64") - # 2022-09-27: Workaround to install MongoDB on Ubuntu 22.04+, which include - # libssl3 instead of libssl1.1 -- https://github.com/iiab/iiab/issues/3190 - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931 + # 2022-10-19: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; + # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 5 STANZAS + # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix + # may be backported to 6.0, according to 2022-09-29 "official" gossip here...) + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 # https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 # echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list # sudo apt-get update @@ -117,11 +119,24 @@ #filename: focal-security # If filename focal-security.list is preferred when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 - - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 (required by MongoDB below) + - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + when: is_debian_12 + + - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) package: name: libssl1.1 state: present - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + + - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + state: absent + when: is_debian_12 - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 apt_repository: From 065dfcb5508fcd177f7099b5fac9e4565d1e532f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 Oct 2022 11:56:22 -0400 Subject: [PATCH 0730/1758] usb_lib/tasks/install.yml: Investigate usbmount 0.0.24 &/or 0.0.25 --- roles/usb_lib/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 9d5e71fc9..6510ab336 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -1,3 +1,6 @@ +# usbmount 0.0.24 and/or 0.0.25 (2022-02-08) should be investigated: +# https://github.com/iiab/iiab/issues/3409 + # Official usbmount 0.0.22 (2011-08-08) documentation: # https://github.com/rbrito/usbmount/releases # https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) From 91a5cd33f34d5d2a55e75bf0cdc85bcd9d7b4821 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 22 Oct 2022 21:50:37 -0400 Subject: [PATCH 0731/1758] Use OS's Node.js & npm if Nodesource dragging (+ always wipe prior versions) --- roles/nodejs/tasks/install.yml | 95 +++++++++++++++++++--------------- 1 file changed, 53 insertions(+), 42 deletions(-) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index b9cdcffa1..3990e10b3 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -1,4 +1,4 @@ -# 1. TEST IF Node.js ALEADY INSTALLED & WARN AS NEC +# 1. TEST IF Node.js ALEADY INSTALLED & IF SO WARN IT'LL BE REPLACED # 2019-02-03: BELOW TESTS IF 'nodejs' VERSION IS ALREADY INSTALLED: # IF SO & THIS DOESN'T MATCH nodejs_version AS SET IN defaults_vars.yml @@ -10,19 +10,21 @@ - name: Try to run 'node -v' to get Node.js version # 'node -v' doesn't work with older versions e.g. Ubuntu 16.04's Node.js 4.2.6 # 'nodejs -v' doesn't work with newer versions e.g. Node.js 16.x - # Both below convert v10.15.1 to 10.x, but this is safer: (removes non-digits) - shell: node -v | sed 's/[^0-9]*//' | sed 's/[^0-9].*/.x/' + # Each below convert v10.15.1 to 10.x, but this is safest: + shell: node -v | sed 's/^[^0-9]*\([0-9][0-9]*\).*$/\1.x/' + # Capturing Groups & Backreferences -> GNU BRE: (Basic Regular Expression) + # https://www.regular-expressions.info/refcapture.html + # https://www.regular-expressions.info/gnu.html#bre + #shell: node -v | sed 's/[^0-9]*//; s/[^0-9].*/.x/' + #shell: node -v | sed 's/[^[:digit:]]*//; s/[^[:digit:]].*/.x/' #shell: node -v | sed 's/^[vV]//' | sed 's/\..*/.x/' register: nodejs_version_installed -#- debug: -# var: nodejs_version_installed - # When nodejs is NOT installed: -# nodejs_version_installed.rc == 0 # Crazy with stderr below, "due to pipes" +# nodejs_version_installed.rc == 0 # COUNTERINTUITIVE BUT 'echo $?' CONFIRMS (pipe zeros out error) -- thankfully STDERR msg from left side of pipe preserved below. # nodejs_version_installed.stdout == "" # nodejs_version_installed.stderr == "/bin/sh: 1: nodejs: not found" -# BOTH ABOVE (incl non-null stderr) are USED BELOW to confirm install is nec! +# BOTH ABOVE (incl non-null stderr) [were] USED BELOW to confirm install is nec! #- name: "ENFORCE PRECONDITION: Stop installing (intentionally fail) IF an installed 'nodejs' version isn't {{ nodejs_version }}" # fail: @@ -39,24 +41,27 @@ # file: # state: absent # path: /etc/apt/sources.list.d/nodesource.list +# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version # when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" -# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js -# Forces < 16.x or > 16.x to be uninstalled -- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js "{{ nodejs_version_installed.stdout }}" (IF IT'S NOT {{ nodejs_version }}) +- name: LOUD WARNING if Node.js will be replaced -- BRUTAL but helps OS's / distros with older Node.js + #debug: # GREEN + fail: # FORCE IT RED THIS ONCE! + msg: "WARNING: YOUR Node.js {{ nodejs_version_installed.stdout }} WILL BE WIPED AND REPLACED" + when: nodejs_version_installed.stderr == "" # and nodejs_version_installed.stdout == nodejs_version + ignore_errors: yes + +# 2022-10-22: Above 2 stanzas could be removed (tho informational value remains) + +- name: ASK apt TO REMOVE ANY PRE-EXISTING Node.js AND npm package: - name: nodejs + name: + - nodejs + - npm state: absent - when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version - #when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" - -- name: Warn if Node.js {{ nodejs_version}} already installed & might be updated - debug: - msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com" - when: nodejs_version_installed is defined and nodejs_version_installed.stdout == nodejs_version -# 2. INSTALL Node.js USING nodesource.com +# 2. INSTALL Node.js AND npm USING nodesource.com (OR OS's apt IF THAT FAILS!) # 2019-02-12: Should not be nec, as stanza below it should overwrite # /etc/apt/sources.list.d/nodesource.list regardless! @@ -67,35 +72,41 @@ # state: absent # when: internet_available and is_debuntu -# MANUAL INSTALL OPTION "IMMEDIATELY" AFTER ANY OS RELEASE: (e.g. Ubuntu 22.04) +# MANUAL NODESOURCE INSTALL *WORKS* EVEN PRIOR TO OFFICIAL DISTRO SUPPORT AT: +# https://github.com/nodesource/distributions#deb +# https://deb.nodesource.com/node_18.x/dists/ +# +# 1) e.g. Ubuntu 22.04: # wget https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/nodejs_18.0.0-deb-1nodesource1_amd64.deb -# apt install ./nodejs_18.0.0-deb-1nodesource1_amd64.deb +# apt install ./nodejs_18.0.0-deb-1nodesource1_amd64.deb # SMARTER + CLEANER THAN: dpkg -i nodejs_18... +# echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml +# +# 2) e.g. Ubuntu 22.10: +# wget https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/nodejs_18.11.0-deb-1nodesource1_amd64.deb +# apt install ./nodejs_18.11.0-deb-1nodesource1_amd64.deb # SMARTER + CLEANER THAN: dpkg -i nodejs_18... # echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml -- name: Run 'curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list - shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - +- name: Try 'curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list + shell: curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - + register: curl_nodesource + ignore_errors: yes #args: # warn: no # creates: /etc/apt/sources.list.d/nodesource.list - #when: internet_available # 2021-08-04: Better to fail & notify implementer! - #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17) - # NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/.yml - # DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!) -# 2019-03-29: Above works on Debian 10 Buster pre-releases, but fails on Ubuntu -# 19.04 Beta. Comment it out for now, and manually run: "apt install npm" then -# "npm install -g npm@latest" (all *SHOULD* be magically fixed by 2019-04-18 ?) - -# Forces update -- name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm +- name: Install latest Node.js -- includes /usr/bin/npm if nodesource installed above package: #name: nodejs={{ nodejs_version }} name: nodejs - state: latest - #state: present - #when: internet_available # 2021-08-04: Better to fail & notify implementer! - #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17) + state: latest # Equivalent to 'state: present' ? +- name: Also install latest npm (OS's) if nodesource failed to install above -- i.e. if OS not yet supported by https://github.com/nodesource/distributions#deb and https://deb.nodesource.com/node_{{ nodejs_version }}/dists/ + package: + name: npm + state: latest # Equivalent to 'state: present' ? + when: curl_nodesource.failed + +# NEED BLEEDING EDGE? Then Also Run: npm install -g npm@latest # 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm # 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above @@ -110,10 +121,10 @@ # which appears suffic "SO FAR"? 18.04's nodejs 8.10.0 is more reassuring! # # CRAZY IDEA: most versions of npm can upgrade themselves to the latest -# (6.2.0 for now) using command "npm install -g npm", if that helps us in -# future, e.g. TK's memory issue etc? If so, be CAREFUL this puts npm -# in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and Raspbian -# where it upgrades /usr/bin/npm in place: +# (6.2.0 for now) using "npm install -g npm" or "npm install -g npm@latest", +# if that helps us in future, e.g. TK's memory issue etc? If so, be CAREFUL +# this puts npm in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and +# Raspbian where it upgrades /usr/bin/npm in place: # https://askubuntu.com/questions/1036278/npm-is-incorrect-version-on-latest-ubuntu-18-04-installation # 2019-02-03: OLD WAY (PRIOR TO 2019) BELOW. Since then, @m-anish helped From dca476467d184182146ed24ba3784611b27008af Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Oct 2022 22:29:09 -0400 Subject: [PATCH 0732/1758] Update nodejs/README.md --- roles/nodejs/README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 7d35c9e3e..670eef034 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -3,16 +3,17 @@ Please see IIAB's recommended Node.js version number [around line 439 of /opt/ii If nodesource.com doesn't yet support your OS --------------------------------------------- -If nodesource.com [does not yet support your Linux OS (they often support Debian pre-releases, but generally not other OS pre-releases)](https://github.com/nodesource/distributions#deb) then you can manually install an older version of Node.js and npm as follows: +If nodesource.com [does not yet support your Linux OS (they often support Debian pre-releases, but generally not other OS pre-releases)](https://github.com/nodesource/distributions#deb) and IIAB's asked to install Node.js, it will do the equivalent of: - `sudo apt install nodejs npm` - `sudo echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml` -Best to do this prior to installing IIAB! +AT YOUR OWN RISK, you can later run `cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs` if you really want to **wipe** your OS's own versions of Node.js and npm, and attempt the Nodesource approach instead. See also late-breaking details about your individual OS: - https://github.com/nodesource/distributions#deb +- https://deb.nodesource.com/node_18.x/dists/ - https://github.com/iiab/iiab/wiki/IIAB-Platforms Raspberry Pi Zero W Warning @@ -20,8 +21,10 @@ Raspberry Pi Zero W Warning Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). -If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then ([attempt!](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)) to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml) _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole --reinstall nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617)). +If necessary, run `sudo apt purge nodejs npm` then `sudo rm /etc/apt/sources.list.d/nodesource.list` then `sudo apt update` and then attempt to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/install.yml) _on the Raspberry Pi Zero W itself_ (`cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs`). -You'll (likely) also need `apt install npm`. +Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) — and if so, consider a more recent version like https://nodejs.org/dist/latest-v18.x/ -Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) +You'll (likely) also then need to run: `sudo apt install npm` + +Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED ([Raspberry Pi notes](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)) and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) From 344c8788a7ab6518f1b0504adf25e14f3864942f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Oct 2022 23:01:20 -0400 Subject: [PATCH 0733/1758] roles/nodejs/README.md: Clarify Nodesource.com links --- roles/nodejs/README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 670eef034..a88feb933 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -10,11 +10,14 @@ If nodesource.com [does not yet support your Linux OS (they often support Debian AT YOUR OWN RISK, you can later run `cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs` if you really want to **wipe** your OS's own versions of Node.js and npm, and attempt the Nodesource approach instead. -See also late-breaking details about your individual OS: +See also late-breaking details on Nodesource support for your individual OS: - https://github.com/nodesource/distributions#deb - https://deb.nodesource.com/node_18.x/dists/ -- https://github.com/iiab/iiab/wiki/IIAB-Platforms + - https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/ +- https://deb.nodesource.com/node_19.x/dists/ + - https://deb.nodesource.com/node_19.x/pool/main/n/nodejs/ +- _ETC!_ Raspberry Pi Zero W Warning --------------------------- From be3a44e51ffee910b01e13e0048815a3762b63ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 Oct 2022 23:24:13 -0400 Subject: [PATCH 0734/1758] nodejs/README.md: Clarify RPi Zero [2] W suggestions --- roles/nodejs/README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index a88feb933..e3f17a11e 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -22,12 +22,14 @@ See also late-breaking details on Nodesource support for your individual OS: Raspberry Pi Zero W Warning --------------------------- -Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). +UPDATE: The Zero 2 W released 2021-10-28 is 64-bit (ARMv7) so may or may not have such serious problems... + +On the original Raspberry Pi Zero W (ARMv6) however: Node.js applications like Internet Archive, JupyterHub, Node-RED, PBX (Asterisk/FreePBX) and Sugarizer won't work — if you installed Node.js while on Raspberry Pi 3, 3 B+ (ARMv7) or Raspberry Pi 4 (ARMv8). If necessary, run `sudo apt purge nodejs npm` then `sudo rm /etc/apt/sources.list.d/nodesource.list` then `sudo apt update` and then attempt to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/install.yml) _on the Raspberry Pi Zero W itself_ (`cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs`). -Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) — and if so, consider a more recent version like https://nodejs.org/dist/latest-v18.x/ +Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) — if that is your preference, consider a more recent version like: https://nodejs.org/dist/latest-v18.x/ -You'll (likely) also then need to run: `sudo apt install npm` +Either way, you'll (likely) then also need to run: `sudo apt install npm` -Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED ([Raspberry Pi notes](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)) and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) +Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if necessary!) Finally, proceed to install Internet Archive, JupyterHub, Node-RED ([Raspberry Pi notes](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)), PBX (Asterisk/FreePBX) and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) From adb90878947bf84902dacc3c8eaae824c793980c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 23 Oct 2022 14:38:22 -0400 Subject: [PATCH 0735/1758] Clarify "If Nodesource.com doesn't yet support your OS" --- roles/nodejs/README.md | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index e3f17a11e..7a151adc6 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -1,24 +1,37 @@ Please see IIAB's recommended Node.js version number [around line 439 of /opt/iiab/iiab/vars/default_vars.yml](https://github.com/iiab/iiab/blob/master/vars/default_vars.yml#L434-L439) -If nodesource.com doesn't yet support your OS +If Nodesource.com doesn't yet support your OS --------------------------------------------- -If nodesource.com [does not yet support your Linux OS (they often support Debian pre-releases, but generally not other OS pre-releases)](https://github.com/nodesource/distributions#deb) and IIAB's asked to install Node.js, it will do the equivalent of: +Nodesource.com often supports Debian long before each Debian release, whereas for other OS's, Nodesource.com support usually arrives a few days or weeks after the OS release. -- `sudo apt install nodejs npm` -- `sudo echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml` - -AT YOUR OWN RISK, you can later run `cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs` if you really want to **wipe** your OS's own versions of Node.js and npm, and attempt the Nodesource approach instead. - -See also late-breaking details on Nodesource support for your individual OS: +For late-breaking details on Nodesource.com support for your particular Linux OS, keep an eye on: - https://github.com/nodesource/distributions#deb - https://deb.nodesource.com/node_18.x/dists/ - https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/ + - https://nodejs.org/dist/latest-v18.x/ - https://deb.nodesource.com/node_19.x/dists/ - https://deb.nodesource.com/node_19.x/pool/main/n/nodejs/ + - https://nodejs.org/dist/latest-v19.x/ - _ETC!_ +If Nodesource.com does not yet support your Linux OS and IIAB's asked to install Node.js — IIAB will then [fall back](https://github.com/iiab/iiab/blob/15a689e30b4eea325e4bb8d35e19990dd8062fbc/roles/nodejs/tasks/install.yml#L103-L107) to: (running the equivalent of) + +``` +sudo apt install nodejs npm +sudo echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml +``` + +(The above installs your OS's own versions of Node.js and npm.) + +Separately, if you later want to try **wiping** nodejs and npm (AT YOUR OWN RISK!) to attempt the Nodesource approach instead, run: + +``` +cd /opt/iiab/iiab +sudo ./runrole --reinstall nodejs +``` + Raspberry Pi Zero W Warning --------------------------- From e82b486b604b2f401dce4cf4fab231bffeee15b6 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 23 Oct 2022 23:43:38 -0400 Subject: [PATCH 0736/1758] Force-install libssl1.1 on ARM64 22.04+ for MongoDB 5+ & Sugarizer --- roles/mongodb/defaults/main.yml | 9 +++++--- roles/mongodb/tasks/install.yml | 37 +++++++++++++++++++++++---------- 2 files changed, 32 insertions(+), 14 deletions(-) diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 19d2fa62f..0cace8905 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,9 +20,12 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 6.0 # 4.4 fails on Debian 12 with error "No package -# matching 'mongodb-org' is available" as of 2022-10-19. 5.0 works, but fails -# on "pre-2011" CPU's w/o AVX. VERIFY both X.Y versions exist (+ work!) below: +mongodb_64bit_version: 6.0 # 2022-10-23: 4.4 fails on Debian 12 x86_64: +# "No package matching 'mongodb-org' is available". 5.0+ fail on "pre-2011" +# CPU's w/o AVX, and on RPi due to MongoDB compiling these for v8.2-A (RPi 4 is +# ARM v8-A). SO IIAB ALWAYS OVERLAYS andyfelong.com's 5.0.5 IF 5.0+ SPECIFIED. +# +# VERIFY both X.Y versions exist (+ work!) below: # # 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com # 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index fd77f3324..5e0a35ba1 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -83,7 +83,11 @@ args: warn: false - - name: Install mongodb-org's Debian bullseye source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} + # 2022-10-23: MongoDB only allows auto-install of Debian's x86_64, AND IN ANY + # CASE all their MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON + # ARM v8-A RPi 4, LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. + # -> CAN THIS ENTIRE STANZA BE *DELETED* -- ALWAYS USING UBUNTU REPO BELOW ? + - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye @@ -92,18 +96,18 @@ # this was recently added to https://repo.mongodb.org/apt/debian/dists/ repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main - filename: mongodb-org + #filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" - # 2022-09-27: Soon to change from 'focal' to 'jammy' + # 2022-10-23: RasPiOS Bullseye *MAY* FAIL when 'focal' changed to 'jammy' ? - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse - filename: mongodb-org + #filename: mongodb-org when: not (is_debian and ansible_architecture == "x86_64") - # 2022-10-19: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; - # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 5 STANZAS + # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; + # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix # may be backported to 6.0, according to 2022-09-29 "official" gossip here...) # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 @@ -113,11 +117,16 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 + - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main #filename: focal-security # If filename focal-security.list is preferred - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + + - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 apt_repository: @@ -138,12 +147,18 @@ state: absent when: is_debian_12 - - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ or Mint 21 + - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + state: absent + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + + - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 apt_repository: repo: deb http://security.ubuntu.com/ubuntu focal-security main state: absent #filename: focal-security # 100% IGNORED during repo deletion - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 @@ -177,7 +192,7 @@ - name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand lineinfile: - path: "{{ mongodb_conf }}" + path: "{{ mongodb_conf }}" # /etc/mongod.conf regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb From 339d72de20b8a921adf219745914f939f452eff3 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 24 Oct 2022 22:59:34 -0400 Subject: [PATCH 0737/1758] Modernize Kolibri PPA installer for Ubuntu 23.04, 23.10 etc --- roles/kolibri/tasks/install.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 4aedc53ae..94a8d4949 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -61,15 +61,17 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 - - name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04 or 22.10 or Mint 21 or Debian 12) + - name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" - when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 - name: Add signed Kolibri PPA 'focal' (if other/older OS's) apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" - when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) + when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) + #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) # apt_repository: From 4512a2afaace5220d21315a64f0aa243f5112d6f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 26 Oct 2022 21:43:44 -0400 Subject: [PATCH 0738/1758] vars/debian-12.yml: postgresql_version: 15 --- vars/debian-12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 3e22cd07e..50042fd50 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -18,6 +18,6 @@ mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh php_version: 8.1 -postgresql_version: 14 +postgresql_version: 15 systemd_location: /lib/systemd/system python_ver: "3.10" From 4f94011781cd4b2a5d3ee6243ef37c3a981c96df Mon Sep 17 00:00:00 2001 From: root Date: Fri, 28 Oct 2022 13:55:43 -0400 Subject: [PATCH 0739/1758] Prelim support for Ubuntu 23.04 Lunar Lobster --- roles/kalite/tasks/install.yml | 6 ++-- roles/monit/tasks/main.yml | 3 +- roles/network/tasks/avahi.yml | 30 +++++++++---------- roles/network/tasks/debian.yml | 6 ++-- roles/network/tasks/detected_network.yml | 8 +++-- roles/network/tasks/dhcpd.yml.unused | 3 +- roles/network/tasks/main.yml | 9 ++++-- roles/network/tasks/sysd-netd-debian.yml | 3 +- scripts/local_facts.fact | 1 + vars/debian-11.yml | 4 +-- vars/debian-12.yml | 2 +- vars/default_vars.yml | 37 ++++++++++++------------ vars/linuxmint-20.yml | 4 +-- vars/linuxmint-21.yml | 2 +- vars/raspbian-11.yml | 4 +-- vars/ubuntu-2004.yml | 4 +-- vars/ubuntu-2204.yml | 2 +- vars/ubuntu-2210.yml | 2 +- 18 files changed, 71 insertions(+), 59 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 2d12f9d17..722b7a566 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -28,7 +28,7 @@ virtualenv_command: /usr/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) + #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) - name: Use pip to install ka-lite-static to {{ kalite_venv }} @@ -63,7 +63,7 @@ path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' replace: 'a-zA-Z0-9\-' - when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) + #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? @@ -72,7 +72,7 @@ path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" regexp: 'a-zA-Z0-9' replace: 'a-zA-Z0-9\-' - when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 + #when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Create dir {{ kalite_root }} diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index c6c50d042..7cc7335f7 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -41,7 +41,8 @@ - name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml include_tasks: install.yml - when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) + when: monit_installed is undefined + #when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) #when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 8fe5f7159..cfa382d72 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -1,9 +1,9 @@ -- name: Create a user for avahi (debuntu) +- name: Create user 'avahi' user: name: avahi createhome: no shell: /bin/false - when: is_debuntu + #when: is_debuntu - name: Install avahi announce config file /etc/avahi/services/schoolserver.service template: @@ -20,24 +20,24 @@ # IF >= 2, Admin Console $gui_port from 0-init determines which port (http-or-https) is opened here: # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L133-L138 -- name: Find avahi_ver for clean copy of ssh.service (not debuntu) - shell: "ls /usr/share/doc/ | grep avahi | head -n1" - register: avahi_ver - ignore_errors: True - changed_when: False - # when: not is_debuntu # would cause failures 6 lines below +# - name: Find avahi_ver for clean copy of ssh.service (not debuntu) +# shell: "ls /usr/share/doc/ | grep avahi | head -n1" +# register: avahi_ver +# ignore_errors: True +# changed_when: False +# # when: not is_debuntu # would cause failures 6 lines below -- name: Grab a clean copy of ssh.service (not debuntu) - copy: - src: '/usr/share/doc/{{ avahi_ver.stdout }}/ssh.service' - dest: /etc/avahi/services/ - when: avahi_ver.stdout != "" and not is_debuntu +# - name: Grab a clean copy of ssh.service (not debuntu) +# copy: +# src: '/usr/share/doc/{{ avahi_ver.stdout }}/ssh.service' +# dest: /etc/avahi/services/ +# when: avahi_ver.stdout != "" and not is_debuntu -- name: Grab a clean copy of ssh.service (debuntu) +- name: Grab a clean copy of ssh.service copy: src: /usr/share/doc/avahi-daemon/examples/ssh.service dest: /etc/avahi/services/ - when: is_debuntu + #when: is_debuntu - name: Set ssh port for avahi lineinfile: diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 52982af42..3cc21d7ee 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -53,14 +53,16 @@ template: dest: /etc/network/interfaces.d/patch_auto src: network/debian-auto.j2 - when: iiab_wan_iface != "none" and is_debian and not is_debian_8 + when: iiab_wan_iface != "none" and is_debian + #when: iiab_wan_iface != "none" and is_debian and not is_debian_8 - name: Clearing out /etc/network/interfaces for static addresses (debian-9+) lineinfile: state: absent path: /etc/network/interfaces regexp: "{{ iiab_wan_iface }}" - when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian and not is_debian_8 + when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian + #when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian and not is_debian_8 #- include_tasks: down-debian.yml diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index c4414b5ef..0fe997598 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -60,13 +60,14 @@ - name: Check /etc/network/interfaces for gateway shell: grep {{ device_gw }} /etc/network/interfaces | wc -l - when: is_debuntu + #when: is_debuntu register: wan_file - name: Setting wan_in_interfaces set_fact: wan_in_interfaces: True - when: is_debuntu and (wan_file.stdout|int > 0) + when: wan_file.stdout|int > 0 + #when: is_debuntu and (wan_file.stdout|int > 0) # WIRELESS -- if any wireless is detected as gateway, it becomes WAN - name: Look for any wireless interfaces @@ -220,7 +221,8 @@ - name: For Debian, always use bridging set_fact: iiab_lan_iface: br0 - when: num_lan_interfaces|int >= 1 and is_debuntu + when: num_lan_interfaces|int >= 1 + #when: num_lan_interfaces|int >= 1 and is_debuntu - name: WiFi is on the LAN - use bridging set_fact: diff --git a/roles/network/tasks/dhcpd.yml.unused b/roles/network/tasks/dhcpd.yml.unused index c306205cf..f3056dd4a 100644 --- a/roles/network/tasks/dhcpd.yml.unused +++ b/roles/network/tasks/dhcpd.yml.unused @@ -28,7 +28,8 @@ name: "{{ dhcp_service }}6" enabled: no state: stopped - when: is_ubuntu and not is_ubuntu_16 + when: is_ubuntu + #when: is_ubuntu and not is_ubuntu_16 #when: is_ubuntu_18 - name: Install systemd unit file to /etc/systemd/system/dhcpd.service diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index c8b9aeac1..f00939911 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -76,11 +76,13 @@ - name: NetworkManager in use include_tasks: NM-debian.yml - when: is_debuntu and network_manager_active + when: network_manager_active + #when: is_debuntu and network_manager_active - name: systemd-networkd in use include_tasks: sysd-netd-debian.yml - when: is_debuntu and systemd_networkd_active + when: systemd_networkd_active + #when: is_debuntu and systemd_networkd_active - name: Raspbian can use dhcpcd only with no N-M or SYS-NETD active include_tasks: rpi_debian.yml @@ -88,7 +90,8 @@ - name: Not RPi, Not NetworkManager, Not systemd-networkd in use include_tasks: debian.yml - when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 + when: not is_raspbian and not network_manager_active and not systemd_networkd_active + #when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 #### end network layout - name: Restart services diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 2954d22e3..f1b860d85 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -40,7 +40,8 @@ template: dest: /etc/systemd/network/IIAB-Static.network src: network/systemd-static-net.j2 - when: wan_ip != "dhcp" and ( is_ubuntu_16 or not network_manager_active ) + when: wan_ip != "dhcp" and not network_manager_active + #when: wan_ip != "dhcp" and ( is_ubuntu_16 or not network_manager_active ) - name: Create networkd-dispatcher diagnostic hook for recording network events template: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 57d56575b..ce796fcc3 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -79,6 +79,7 @@ case $OS_VER in "ubuntu-2004" | \ "ubuntu-2204" | \ "ubuntu-2210" | \ + "ubuntu-2304" | \ "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") diff --git a/vars/debian-11.yml b/vars/debian-11.yml index bf0154cef..e3919dac4 100644 --- a/vars/debian-11.yml +++ b/vars/debian-11.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 7.4 +php_version: "7.4" postgresql_version: 13 systemd_location: /lib/systemd/system -python_ver: 3.9 +python_ver: "3.9" diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 50042fd50..915e91537 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 8.1 +php_version: "8.1" postgresql_version: 15 systemd_location: /lib/systemd/system python_ver: "3.10" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 920bb6bc3..9f656a926 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -755,15 +755,16 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2304: False is_ubuntu_2210: False is_ubuntu_2204: False -is_ubuntu_2110: False -is_ubuntu_2104: False +#is_ubuntu_2110: False +#is_ubuntu_2104: False is_ubuntu_2004: False -is_ubuntu_19: False -is_ubuntu_18: False -is_ubuntu_17: False -is_ubuntu_16: False +#is_ubuntu_19: False +#is_ubuntu_18: False +#is_ubuntu_17: False +#is_ubuntu_16: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_21: False @@ -772,22 +773,22 @@ is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) is_debian_12: False is_debian_11: False -is_debian_10: False -is_debian_9: False -is_debian_8: False +#is_debian_10: False +#is_debian_9: False +#is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) is_raspbian_11: False -is_raspbian_10: False -is_raspbian_9: False -is_raspbian_8: False +#is_raspbian_10: False +#is_raspbian_9: False +#is_raspbian_8: False -is_redhat: False # Not well supported as of 2019, see: https://github.com/iiab/iiab/issues/1434 -is_centos: False -is_centos_7: False -is_fedora: False -is_fedora_22: False -is_fedora_18: False +#is_redhat: False # Unsupported as of 2019, see: https://github.com/iiab/iiab/issues/1434 +#is_centos: False +#is_centos_7: False +#is_fedora: False +#is_fedora_22: False +#is_fedora_18: False # How This Works: # diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml index 4e3cc762b..6bb852035 100644 --- a/vars/linuxmint-20.yml +++ b/vars/linuxmint-20.yml @@ -19,7 +19,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 7.4 +php_version: "7.4" postgresql_version: 12 systemd_location: /lib/systemd/system -python_ver: 3.8 +python_ver: "3.8" diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index 799915c1e..8ef6c654c 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -19,7 +19,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 8.1 +php_version: "8.1" postgresql_version: 14 systemd_location: /lib/systemd/system python_ver: "3.10" diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index 6ad1ebe21..bb74aca90 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -19,10 +19,10 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: ssh sshd_service: ssh -php_version: 7.4 +php_version: "7.4" postgresql_version: 13 systemd_location: /lib/systemd/system -python_ver: 3.9 +python_ver: "3.9" # Minetest for RPi minetest_server_bin: /library/games/minetest/bin/minetestserver diff --git a/vars/ubuntu-2004.yml b/vars/ubuntu-2004.yml index b5890c330..e3a4dd5b6 100644 --- a/vars/ubuntu-2004.yml +++ b/vars/ubuntu-2004.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 7.4 +php_version: "7.4" postgresql_version: 12 systemd_location: /lib/systemd/system -python_ver: 3.8 +python_ver: "3.8" diff --git a/vars/ubuntu-2204.yml b/vars/ubuntu-2204.yml index 47d60d401..a2d0a874b 100644 --- a/vars/ubuntu-2204.yml +++ b/vars/ubuntu-2204.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 8.1 +php_version: "8.1" postgresql_version: 14 systemd_location: /lib/systemd/system python_ver: "3.10" diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml index 31d73daf9..fb09bd1e3 100644 --- a/vars/ubuntu-2210.yml +++ b/vars/ubuntu-2210.yml @@ -17,7 +17,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb sshd_package: openssh-server sshd_service: ssh -php_version: 8.1 +php_version: "8.1" postgresql_version: 14 systemd_location: /lib/systemd/system python_ver: "3.10" From c05588b09d4b0004378d226ad87c42aee8b9b56d Mon Sep 17 00:00:00 2001 From: root Date: Fri, 28 Oct 2022 14:41:20 -0400 Subject: [PATCH 0740/1758] Tighten up kalite/tasks/install.yml for recent OS's --- roles/kalite/tasks/install.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 722b7a566..5df22a881 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -20,7 +20,7 @@ #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. -- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # if Raspbian/Debian > 10 or Ubuntu > 19 pip: name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv @@ -58,7 +58,7 @@ # dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu # when: apache_installed is defined -- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # if Raspbian/Debian > 10 or Ubuntu > 19 replace: path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' @@ -67,13 +67,13 @@ # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? -- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 - replace: - path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" - regexp: 'a-zA-Z0-9' - replace: 'a-zA-Z0-9\-' - #when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. +# - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 +# replace: +# path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" +# regexp: 'a-zA-Z0-9' +# replace: 'a-zA-Z0-9\-' +# when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 +# # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Create dir {{ kalite_root }} file: From 0dc7aeed33f082f419a11d92f3bf89ba60401b12 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 28 Oct 2022 19:00:24 -0400 Subject: [PATCH 0741/1758] kalite/tasks/install.yml: Clarify PR #3415 --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 5df22a881..6f359395d 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -20,7 +20,7 @@ #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. -- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv @@ -58,7 +58,7 @@ # dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu # when: apache_installed is defined -- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 replace: path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' From d082e8136239851bfc711b28b43a37cadd86af2f Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Nov 2022 22:44:02 -0400 Subject: [PATCH 0742/1758] enable_services.yml: Remove 110+ stale lines (dhcpd, named, DansGuardian, Wondershaper} --- roles/network/tasks/enable_services.yml | 113 +----------------------- 1 file changed, 1 insertion(+), 112 deletions(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 7cdb6da00..462b40868 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -1,72 +1,19 @@ -#- name: Disable dhcpd service -# service: -# name: dhcpd -# enabled: no -# when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled - -# service is restarted with NM dispatcher.d script -#- name: Enable dhcpd service -# service: -# name: dhcpd -# enabled: yes -# when: dhcpd_install and dhcpd_enabled - -#- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates (root:root, 0644 by default) -# template: -# src: "{{ item.src }}" -# dest: "{{ item.dest }}" -# # owner: root - # group: root - # mode: "{{ item.mode }}" -# with_items: -# - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd' } -# - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf' } -# when: dhcpd_install and dhcpd_enabled - -#- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab (root:root, 0644 by default) -# template: -# src: "{{ item.src }}" -# dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: "{{ item.mode }}" -# with_items: -# - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } -# - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } -# - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } -# when: named_install and named_enabled - -#- name: Enable named service ({{ dns_service }}) if named_enabled -# systemd: -# name: "{{ dns_service }}" -# enabled: yes -# when: named_install and named_enabled - -#- name: Disable named service ({{ dns_service }}) if not named_enabled -# systemd: -# name: "{{ dns_service }}" -# enabled: no -# when: (named_install or named_installed is defined) and not named_enabled - - name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance template: src: network/dnsmasq.conf.j2 dest: /etc/dnsmasq.d/iiab.conf when: iiab_network_mode != "Appliance" -# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Install /etc/hosts.dnsmasq from template for /etc/dnsmasq.d/iiab.conf (instead of using /etc/hosts) template: src: network/hosts-dnsmasq.j2 dest: /etc/hosts.dnsmasq when: iiab_network_mode != "Appliance" -# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Update /etc/dnsmasq.d/dnsmasq-iiab for custom dns setting template: src: network/dnsmasq-iiab dest: /etc/dnsmasq.d/dnsmasq-iiab -# when: dnsmasq_install # 2020-05-10: Are all these dnsmasq_install conditions really still necessary ? ## Another way to skin the cat ##- name: Check if systemd service networkd-dispatcher is enabled @@ -83,27 +30,19 @@ # command: systemctl is-enabled networkd-dispatcher # register: nd_enabled # ignore_errors: True -# -#- debug: -# var: nd_enabled - name: Check if /etc/networkd-dispatcher/routable.d exists stat: path: /etc/networkd-dispatcher/routable.d register: nd_dir -#- debug: -# var: nd_dir - - name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04 or later) (root:root by default) template: src: roles/network/templates/network/dnsmasq.sh.j2 dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh mode: 0755 - # owner: root - # group: root when: nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") -# when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") + #when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") @@ -125,17 +64,6 @@ enabled: no when: not dnsmasq_enabled -# - name: Enable DansGuardian systemd service, if dansguardian_enabled -# systemd: -# name: dansguardian -# enabled: yes -# when: dansguardian_install and dansguardian_enabled - -# - name: Disable DansGuardian, if not dansguardian_enabled -# systemd: -# name: dansguardian -# enabled: no -# when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled - name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }} - if squid_install [{{ squid_install }}] and squid_enabled [{{ squid_enabled }}] lineinfile: @@ -179,25 +107,12 @@ line: 'HTTPCACHE_ON=False' when: squid_installed is defined and not squid_enabled -# - name: Enable Wondershaper service, if wondershaper_enabled -# systemd: -# name: wondershaper -# enabled: yes -# when: wondershaper_install and wondershaper_enabled - -# - name: Disable Wondershaper service, if not wondershaper_enabled -# systemd: -# name: wondershaper -# enabled: no -# when: (wondershaper_install or wondershaper_installed is defined) and not wondershaper_enabled # check-LAN should be iptables.yml remove later - name: Install clean copy of /usr/bin/iiab-gen-iptables from template (root:root by default) template: src: gateway/iiab-gen-iptables dest: /usr/bin/iiab-gen-iptables - # owner: root - # group: root mode: 0755 @@ -213,29 +128,3 @@ - option: squid_enabled value: "{{ squid_enabled }}" when: squid_installed is defined - -# - name: Add 'dansguardian' variable values to {{ iiab_ini_file }} -# ini_file: -# path: "{{ iiab_ini_file }}" -# section: dansguardian -# option: "{{ item.option }}" -# value: "{{ item.value | string }}" -# with_items: -# - option: dansguardian_install -# value: "{{ dansguardian_install }}" -# - option: dansguardian_enabled -# value: "{{ dansguardian_enabled }}" -# when: dansguardian_installed is defined - -# - name: Add 'wondershaper' variable values to {{ iiab_ini_file }} -# ini_file: -# path: "{{ iiab_ini_file }}" -# section: wondershaper -# option: "{{ item.option }}" -# value: "{{ item.value | string }}" -# with_items: -# - option: wondershaper_install -# value: "{{ wondershaper_install }}" -# - option: wondershaper_enabled -# value: "{{ wondershaper_enabled }}" -# when: wondershaper_installed is defined From 1ddbc6f635691d0e617b2b9030aa2f438e3643b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Nov 2022 00:47:45 -0400 Subject: [PATCH 0743/1758] network/tasks/dnsmasq.yml: Indent per Ansible norm --- roles/network/tasks/dnsmasq.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/dnsmasq.yml b/roles/network/tasks/dnsmasq.yml index 2678650ae..9ea710e4f 100644 --- a/roles/network/tasks/dnsmasq.yml +++ b/roles/network/tasks/dnsmasq.yml @@ -11,8 +11,8 @@ group: root mode: "{{ item.mode }}" with_items: - - { src: 'roles/network/templates/network/dnsmasq.service.u18', dest: '/etc/systemd/system/iiab-dnsmasq.service', mode: '0644' } - - { src: 'roles/network/templates/network/dnsmasq-iiab', dest: '/etc/dnsmasq.d/dnsmasq-iiab', mode: '644' } + - { src: 'roles/network/templates/network/dnsmasq.service.u18', dest: '/etc/systemd/system/iiab-dnsmasq.service', mode: '0644' } + - { src: 'roles/network/templates/network/dnsmasq-iiab', dest: '/etc/dnsmasq.d/dnsmasq-iiab', mode: '644' } - name: Don't use stock dnsmasq systemd unit file during boot but start now systemd: From 3236dbef96fac8f8042e059e89ce122969a0e9a4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Nov 2022 01:14:40 -0400 Subject: [PATCH 0744/1758] gateway/iiab-internet-off: Tighter instructions --- roles/network/templates/gateway/iiab-internet-off | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-internet-off b/roles/network/templates/gateway/iiab-internet-off index d2c4c404d..f5a2e0578 100644 --- a/roles/network/templates/gateway/iiab-internet-off +++ b/roles/network/templates/gateway/iiab-internet-off @@ -11,5 +11,5 @@ https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables WARNING: If you want to _permanently_ change your IIAB's default behavior (i.e. to specify whether student/client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in -/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' +/etc/iiab/local_vars.yml — and finally run: sudo iiab-network EOF From 719e81c660ed8da93e9e525c16d298d6e6c8c815 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Nov 2022 01:15:22 -0400 Subject: [PATCH 0745/1758] gateway/iiab-internet-on: Tighter instructions --- roles/network/templates/gateway/iiab-internet-on | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-internet-on b/roles/network/templates/gateway/iiab-internet-on index be99c1533..d616498a7 100644 --- a/roles/network/templates/gateway/iiab-internet-on +++ b/roles/network/templates/gateway/iiab-internet-on @@ -11,5 +11,5 @@ https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables WARNING: If you want to _permanently_ change your IIAB's default behavior (i.e. to specify whether student/client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in -/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' +/etc/iiab/local_vars.yml — and finally run: sudo iiab-network EOF From 26eb7935ba88443c43447732f69d60e05eab6ad6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 6 Nov 2022 21:07:58 -0500 Subject: [PATCH 0746/1758] Recommend ansible-core 2.14.0 --- scripts/ansible | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b574fd2f0..ad27fddd7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.5] -GOOD_VER=2.13.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.0] +GOOD_VER=2.14.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.13.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases (OLD) +# https://github.com/ansible/ansible/commits/stable-2.14 +# https://github.com/ansible/ansible/blob/stable-2.14/changelogs/CHANGELOG-v2.14.rst # https://github.com/ansible/ansible/commits/stable-2.13 # https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst # https://github.com/ansible/ansible/commits/stable-2.12 From b952d65c46a7d2cc6da19db5d2cf76f01a014d21 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 6 Nov 2022 21:38:33 -0500 Subject: [PATCH 0747/1758] Ansible 2.14 disallows 'args:' 'warn: no' --- roles/mongodb/tasks/install.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 5e0a35ba1..54b93c71e 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -80,8 +80,12 @@ - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - - args: - warn: false + #args: + # warn: no + # Ansible 2.14 ERROR: + # "Unsupported parameters for (ansible.legacy.command) module: warn. + # Supported parameters include: removes, strip_empty_ends, _raw_params, + # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." # 2022-10-23: MongoDB only allows auto-install of Debian's x86_64, AND IN ANY # CASE all their MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON From c46ffa142bbea8fa52e6821a94682e56975d9c57 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Nov 2022 09:33:43 -0500 Subject: [PATCH 0748/1758] RPi 3 install/requires ansible-core 2.11.x (for now?) --- iiab-install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-install b/iiab-install index 5ae96be74..d709b8438 100755 --- a/iiab-install +++ b/iiab-install @@ -10,8 +10,8 @@ ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forc CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' -MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.12.7 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 +MIN_ANSIBLE_VER=2.11.12 # 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 14a1b691134fc8da0e7ec326950f4f41cab0fc07 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Nov 2022 09:43:12 -0500 Subject: [PATCH 0749/1758] iiab-install: Clarify ansible-core 2.11 for RPi 3 (PR #3419) --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index d709b8438..08dc7eed7 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.11.12 # 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.11.12 # 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 125d930bdb32bd5a63f5a17d4dc3b0d1193746ce Mon Sep 17 00:00:00 2001 From: root Date: Wed, 9 Nov 2022 21:57:58 -0500 Subject: [PATCH 0750/1758] Til wheels fixed: ansible-core 2.12.10+ PPA on 32-bit RasPiOS --- scripts/ansible | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ad27fddd7..ec17ae84e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -128,6 +128,10 @@ fi ###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ ### > /etc/apt/sources.list.d/iiab-ansible.list +# 2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) +echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ + > /etc/apt/sources.list.d/iiab-ansible.list + # In future we might instead consider 'add-apt-repository ppa:ansible/ansible' # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined # removal using 'apt-add-repository -r' -- however that currently requires @@ -147,6 +151,9 @@ fi ###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg +# 2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) +cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg + ###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' ###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" ###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" @@ -172,13 +179,18 @@ $APT_PATH/apt -y install python3-pip #$APT_PATH/apt -y --allow-downgrades install ansible-core -# 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip -# cache system-wide before installing: -# https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 -# https://github.com/iiab/iiab/pull/3022 -pip3 config --global set global.no-cache-dir false -echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" -pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +if uname -m | grep -q 64; then + # 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip + # cache system-wide before installing: + # https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 + # https://github.com/iiab/iiab/pull/3022 + pip3 config --global set global.no-cache-dir false + echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" + pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +else + echo "2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" + $APT_PATH/apt -y --allow-downgrades install ansible-core +fi # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 1adef0e0ce0972ddc849be8f28c8c00fd8ba0de5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Nov 2022 22:25:30 -0500 Subject: [PATCH 0751/1758] Clarify focal PPA is ansible-core 2.12.10+ (i.e. evolving!) --- scripts/ansible | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ec17ae84e..3f6d6429a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -128,7 +128,7 @@ fi ###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ ### > /etc/apt/sources.list.d/iiab-ansible.list -# 2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) +# 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ > /etc/apt/sources.list.d/iiab-ansible.list @@ -151,7 +151,7 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la ###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg -# 2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) +# 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg ###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' @@ -188,7 +188,7 @@ if uname -m | grep -q 64; then echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 else - echo "2022-11-09: ansible-core 2.12.10 PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" + echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" $APT_PATH/apt -y --allow-downgrades install ansible-core fi From 06c4b7aaf619c7f9b79b16f9f70ba7fc2011a3a2 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 10 Nov 2022 12:30:54 -0500 Subject: [PATCH 0752/1758] Block iiab-install of JHub+CWeb on 32-bit, til RasPiOS fixes Rust --- roles/6-generic-apps/tasks/main.yml | 2 +- roles/9-local-addons/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index f43e878f3..648991a4f 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -29,7 +29,7 @@ - name: JUPYTERHUB include_role: name: jupyterhub - when: jupyterhub_install + when: jupyterhub_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) # UNMAINTAINED - name: LOKOLE diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index f9ea8e20f..e8ab5d14b 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -27,7 +27,7 @@ - name: CALIBRE-WEB include_role: name: calibre-web - when: calibreweb_install + when: calibreweb_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) # KEEP NEAR THE VERY END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE From 87ef96b02910e01f8c798597005956fcff3b1934 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 10 Nov 2022 19:29:05 -0500 Subject: [PATCH 0753/1758] Create ubuntu-2304.yml --- vars/ubuntu-2304.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 vars/ubuntu-2304.yml diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml new file mode 100644 index 000000000..e8150f2e4 --- /dev/null +++ b/vars/ubuntu-2304.yml @@ -0,0 +1,23 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2304: True + +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_user: www-data +apache_conf_dir: apache2/sites-available +apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +mysql_service: mariadb +sshd_package: openssh-server +sshd_service: ssh +php_version: "8.1" +postgresql_version: 14 +systemd_location: /lib/systemd/system +python_ver: "3.10" From 56457b9829107bc7fe81f1ab035424db7e519f00 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 10 Nov 2022 19:57:05 -0500 Subject: [PATCH 0754/1758] /library/www/nextcloud initial footprint: 507 -> 519MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 409c8dbf4..1d3e82257 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -92,7 +92,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~138 MB) to {{ nextcloud_root_dir }} (~507 MB initially, 531+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~138 MB) to {{ nextcloud_root_dir }} (~519 MB initially, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 352a8f354013e923574ebc47046dba910d0cb3c4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 10 Nov 2022 21:04:26 -0500 Subject: [PATCH 0755/1758] Update latest.tar.bz2 & /library/www/nextcloud sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 1d3e82257..0d5dafea4 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -92,7 +92,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~138 MB) to {{ nextcloud_root_dir }} (~519 MB initially, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 03fd8b267f4b6f58153df9fcd71373ee54bd521f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 11 Nov 2022 13:00:08 -0500 Subject: [PATCH 0756/1758] /opt/iiab/jupyterhub size estimate: ~304 -> ~271 MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 8ef7ce7d9..d4ce6c0eb 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, after 2 Ansible calls)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~271 MB total, after 2 Ansible calls)" pip: name: - pip From 6333ea1483e9f97c2ffe61c861f4b93063b183a9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Nov 2022 08:00:07 -0500 Subject: [PATCH 0757/1758] minetest/README.rst: Unhelpful mention of ancient OS's --- roles/minetest/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/minetest/README.rst b/roles/minetest/README.rst index 82dfaa397..40ef4bc76 100644 --- a/roles/minetest/README.rst +++ b/roles/minetest/README.rst @@ -5,7 +5,7 @@ Minetest README `Minetest `_ is a `Minecraft `_-inspired creative/explorational building blocks game, written from scratch and licensed under the LGPL (version 2.1 or later). It supports both survival and creative modes along with multiplayer support, dynamic lighting, and an "infinite" map generator. -The Minetest multiplayer server can be installed as part of Internet-in-a-Box (IIAB) on Raspberry Pi (Raspbian), Ubuntu 18.04 and Debian 9 Stretch. +The Minetest multiplayer server can be installed as part of Internet-in-a-Box (IIAB) on Raspberry Pi OS, Ubuntu, or Debian. Please note that the initial configuration is for creative mode, and a number of mods are installed (see the list in `tasks/main.yml `_). From cd8f599dd79095d928d0b7204373fab3c92da415 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Wed, 16 Nov 2022 17:29:30 -0500 Subject: [PATCH 0758/1758] wip --- .../minetest/{tasks => NotUsed}/calc_vars.yml | 0 .../rpi_minetest_install.yml | 0 roles/minetest/README.rst | 2 ++ roles/minetest/defaults/main.yml | 18 +++++----- .../tasks/{provision.yml => install.yml} | 33 +------------------ roles/minetest/tasks/main.yml | 2 +- roles/minetest/tasks/minetest_install.yml | 10 ------ 7 files changed, 12 insertions(+), 53 deletions(-) rename roles/minetest/{tasks => NotUsed}/calc_vars.yml (100%) rename roles/minetest/{tasks => NotUsed}/rpi_minetest_install.yml (100%) rename roles/minetest/tasks/{provision.yml => install.yml} (64%) diff --git a/roles/minetest/tasks/calc_vars.yml b/roles/minetest/NotUsed/calc_vars.yml similarity index 100% rename from roles/minetest/tasks/calc_vars.yml rename to roles/minetest/NotUsed/calc_vars.yml diff --git a/roles/minetest/tasks/rpi_minetest_install.yml b/roles/minetest/NotUsed/rpi_minetest_install.yml similarity index 100% rename from roles/minetest/tasks/rpi_minetest_install.yml rename to roles/minetest/NotUsed/rpi_minetest_install.yml diff --git a/roles/minetest/README.rst b/roles/minetest/README.rst index 40ef4bc76..ac633d53b 100644 --- a/roles/minetest/README.rst +++ b/roles/minetest/README.rst @@ -2,6 +2,8 @@ Minetest README =============== +11/16/2022 THIS NEEDS REVISING + `Minetest `_ is a `Minecraft `_-inspired creative/explorational building blocks game, written from scratch and licensed under the LGPL (version 2.1 or later). It supports both survival and creative modes along with multiplayer support, dynamic lighting, and an "infinite" map generator. diff --git a/roles/minetest/defaults/main.yml b/roles/minetest/defaults/main.yml index 28f847046..052deed38 100644 --- a/roles/minetest/defaults/main.yml +++ b/roles/minetest/defaults/main.yml @@ -1,15 +1,13 @@ -# minetest_install: False -# minetest_enabled: False - -# minetest_port: 30000 -# minetest_server_admin: Admin - -# minetest_default_game: carbone-ng # only carbone-ng and minetest are supported -# minetest_flat_world: False - -# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# Other vars set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # These should not be touched unless minetest packages change +minetest_server_bin: /usr/lib/minetest/minetestserver minetest_config_file: /etc/minetest/minetest.conf minetest_world_dir: /library/games/minetest/worlds/world + +minetest_runas_user: root +minetest_runas_group: root + +#minetest_runas_user: Debian-minetest +#minetest_runas_group: games diff --git a/roles/minetest/tasks/provision.yml b/roles/minetest/tasks/install.yml similarity index 64% rename from roles/minetest/tasks/provision.yml rename to roles/minetest/tasks/install.yml index ac63b5329..25c8e54ff 100644 --- a/roles/minetest/tasks/provision.yml +++ b/roles/minetest/tasks/install.yml @@ -1,6 +1,3 @@ -# Calculate local variables -- include_tasks: calc_vars.yml - - name: Check for Minetest world file ({{ minetest_world_dir }}/world.mt) stat: path: "{{ minetest_world_dir }}/world.mt" @@ -14,29 +11,8 @@ # group: root # mode: '0755' -# rpi only -- include_tasks: rpi_minetest_install.yml - when: not minetest_world.stat.exists and is_raspbian - -# not rpi - include_tasks: minetest_install.yml - when: not minetest_world.stat.exists and not is_raspbian - -- git: - repo: https://github.com/Calinou/carbone-ng.git - dest: "{{ minetest_game_dir }}" - depth: 1 - when: not minetest_world.stat.exists and minetest_default_game == "carbone-ng" - -- name: Give Minetest user ownership of carbone-ng - file: - state: directory - path: "{{ minetest_game_dir }}" - recurse: yes - owner: "{{ minetest_runas_user }}" - group: "{{ minetest_runas_group }}" - # mode: 0755 - when: minetest_default_game == "carbone-ng" + when: not minetest_world.stat.exists # Install games #- include_tasks: minetest_install_games.yml @@ -63,13 +39,6 @@ url: https://github.com/Uberi/Minetest-WorldEdit/archive/master.zip when: minetest_default_game == "minetest" -- name: Remove mod from carbone-ng that prevents our Admin name - file: - state: absent - path: "{{ minetest_game_dir }}/mods/name_restrictions" - when: minetest_default_game == "carbone-ng" - - # RECORD Minetest AS INSTALLED - name: "Set 'minetest_installed: True'" diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml index f5fad6cd1..9955788d6 100644 --- a/roles/minetest/tasks/main.yml +++ b/roles/minetest/tasks/main.yml @@ -22,7 +22,7 @@ - block: - name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: provision.yml # i.e. install.yml in other roles + include_tasks: install.yml when: minetest_installed is undefined - include_tasks: enable-or-disable.yml diff --git a/roles/minetest/tasks/minetest_install.yml b/roles/minetest/tasks/minetest_install.yml index 354907526..8cf943147 100644 --- a/roles/minetest/tasks/minetest_install.yml +++ b/roles/minetest/tasks/minetest_install.yml @@ -1,5 +1,3 @@ -# For non-rpi installs - - name: Install Minetest package package: name: minetest-server @@ -35,11 +33,3 @@ mode: 0755 with_items: - "{{ minetest_world_dir }}" - -- name: Change exec line in generated unit file - lineinfile: - path: /lib/systemd/system/minetest-server.service - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^ExecStart=/usr/lib/minetest/minetestserver', line: 'ExecStart=/usr/lib/minetest/minetestserver --config /etc/minetest/minetest.conf --logfile /var/log/minetest/minetest.log --world "{{ minetest_world_dir }}"' } From cfdba34b641fc92e3fa0aae455065b264cc6928f Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 17 Nov 2022 09:36:26 -0500 Subject: [PATCH 0759/1758] forgot to commit default_vars.yml os vars not needed --- vars/default_vars.yml | 7 ++++++- vars/raspbian-11.yml | 9 --------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9f656a926..c902a32fc 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -631,8 +631,13 @@ internetarchive_port: 4244 # for http://box:4244 minetest_install: False minetest_enabled: False minetest_port: 30000 +minetest_working_dir: /usr/share/games/minetest + minetest_server_admin: Admin -minetest_default_game: carbone-ng # only carbone-ng and minetest are supported +# minetest_default_game: carbone-ng # carbone-ng is not longer compatible so not supported +minetest_default_game: minetest +# minetest_default_game: dreambuilder - after 5.6 +minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }}" minetest_flat_world: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index bb74aca90..beb9c01ac 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -23,12 +23,3 @@ php_version: "7.4" postgresql_version: 13 systemd_location: /lib/systemd/system python_ver: "3.9" - -# Minetest for RPi -minetest_server_bin: /library/games/minetest/bin/minetestserver -minetest_working_dir: /library/games/minetest -minetest_game_dir: /library/games/minetest/games/minetest_game -minetest_rpi_src_tar: minetest.5.1.1.tar.gz -#minetest_rpi_src_url: "https://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_url: "{{ iiab_download_url }}/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_untarred: Minetest From 28b345ab78bbf4cae04f30b60fff924c73a36b17 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 17 Nov 2022 09:41:18 -0500 Subject: [PATCH 0760/1758] mark templates unused --- ...netest-server.service.j2 => minetest-server.service.j2.unused} | 0 .../templates/{minetest.conf.j2 => minetest.conf.j2.unused} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename roles/minetest/templates/{minetest-server.service.j2 => minetest-server.service.j2.unused} (100%) rename roles/minetest/templates/{minetest.conf.j2 => minetest.conf.j2.unused} (100%) diff --git a/roles/minetest/templates/minetest-server.service.j2 b/roles/minetest/templates/minetest-server.service.j2.unused similarity index 100% rename from roles/minetest/templates/minetest-server.service.j2 rename to roles/minetest/templates/minetest-server.service.j2.unused diff --git a/roles/minetest/templates/minetest.conf.j2 b/roles/minetest/templates/minetest.conf.j2.unused similarity index 100% rename from roles/minetest/templates/minetest.conf.j2 rename to roles/minetest/templates/minetest.conf.j2.unused From d5ad79720c26de7eda82e4172ab9f053a96e0039 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 17 Nov 2022 11:56:18 -0500 Subject: [PATCH 0761/1758] fixes --- roles/minetest/tasks/install.yml | 14 +++++--------- vars/default_vars.yml | 2 +- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/roles/minetest/tasks/install.yml b/roles/minetest/tasks/install.yml index 25c8e54ff..1850eda84 100644 --- a/roles/minetest/tasks/install.yml +++ b/roles/minetest/tasks/install.yml @@ -23,20 +23,16 @@ # Install mods - include_tasks: minetest_install_mods.yml with_items: - - name: moreblocks - url: https://github.com/minetest-mods/moreblocks/archive/master.zip - - name: moreores - url: https://github.com/Calinou/moreores/archive/master.zip - name: basic_materials - url: https://gitlab.com/VanessaE/basic_materials/-/archive/master/basic_materials-master.zip + url: https://content.minetest.net/packages/VanessaE/basic_materials/releases/14936/download/ - name: mesecons - url: https://github.com/minetest-mods/mesecons/archive/master.zip + url: https://content.minetest.net/packages/Jeija/mesecons/releases/14247/download/ - name: digilines - url: https://github.com/minetest-mods/digilines/archive/master.zip + url: https://content.minetest.net/packages/Jeija/digilines/releases/13248/download/ - name: pipeworks - url: https://github.com/minetest-mods/pipeworks/archive/master.zip + url: https://content.minetest.net/packages/VanessaE/pipeworks/releases/7488/download/ - name: Minetest-WorldEdit - url: https://github.com/Uberi/Minetest-WorldEdit/archive/master.zip + url: https://content.minetest.net/packages/sfan5/worldedit/releases/13367/download/ when: minetest_default_game == "minetest" # RECORD Minetest AS INSTALLED diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c902a32fc..888162e98 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -637,7 +637,7 @@ minetest_server_admin: Admin # minetest_default_game: carbone-ng # carbone-ng is not longer compatible so not supported minetest_default_game: minetest # minetest_default_game: dreambuilder - after 5.6 -minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }}" +minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }}_game" minetest_flat_world: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX From 1f68641c71d09868ee3c65b7efd4fcec390c11dd Mon Sep 17 00:00:00 2001 From: tim-moody Date: Fri, 18 Nov 2022 09:01:46 -0500 Subject: [PATCH 0762/1758] update readme --- roles/minetest/README.rst | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/roles/minetest/README.rst b/roles/minetest/README.rst index ac633d53b..5d1afaba8 100644 --- a/roles/minetest/README.rst +++ b/roles/minetest/README.rst @@ -2,8 +2,6 @@ Minetest README =============== -11/16/2022 THIS NEEDS REVISING - `Minetest `_ is a `Minecraft `_-inspired creative/explorational building blocks game, written from scratch and licensed under the LGPL (version 2.1 or later). It supports both survival and creative modes along with multiplayer support, dynamic lighting, and an "infinite" map generator. @@ -32,7 +30,7 @@ If changes are necessary, please edit `/etc/iiab/local_vars.yml `_ +- ``minetest_default_game:`` only the default minetest game is supported at present; in future the default will be DreamBuilder - ``minetest_flat_world:`` use a flat mapgen engine to lower computation on client; default is False After installation, you can monitor the 'minetest-server' service with command:: @@ -44,17 +42,6 @@ File Locations - The config file is ``/etc/minetest/minetest.conf`` - The world files are at ``/library/games/minetest/worlds/world`` - -File Locations on Raspberry Pi ------------------------------- - -- The server binary is ``/library/games/minetest/bin/minetestserver`` -- The working directory is ``/library/games/minetest`` -- mods are in ``/library/games/minetest/games//mods`` - -File Locations on Other Platforms ---------------------------------- - - The server binary is ``/usr/lib/minetest/minetestserver`` - The working directory is ``/usr/share/games/minetest`` - mods are in ``/usr/share/games/minetest/games//mods`` @@ -62,6 +49,6 @@ File Locations on Other Platforms To Do ----- -- Add more mods — currently only the default mods are there in carbone-ng +- Add more mods - Add more games - Minetest client software for Windows and Android, included onboard IIAB for offline communities (`#1465 `_) From d44f814e0e7e31e62071da2d114b186214bf56aa Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Nov 2022 12:38:37 -0500 Subject: [PATCH 0763/1758] Move netplan.j2 to netplan.j2.unused (as PR #2380 reverted PR #1634) --- roles/network/templates/network/{netplan.j2 => netplan.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/network/templates/network/{netplan.j2 => netplan.j2.unused} (100%) diff --git a/roles/network/templates/network/netplan.j2 b/roles/network/templates/network/netplan.j2.unused similarity index 100% rename from roles/network/templates/network/netplan.j2 rename to roles/network/templates/network/netplan.j2.unused From cc226b9e2d5333ee0380423b230a339174c1ea8e Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Nov 2022 13:20:26 -0500 Subject: [PATCH 0764/1758] Install Moodle 4.1 LTS, or 4.2dev if OS PHP >= 8.2 --- roles/moodle/defaults/main.yml | 12 ++++++------ roles/moodle/tasks/install.yml | 10 +++++----- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index d455ddd7e..6c3e6db16 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,15 +8,15 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2022-09-27: Currently testing Moodle's master branch is mandatory if your -# OS PHP >= 8.1 -- see moodle/tasks/install.yml for detail! -# (Any moodle_version setting below applies IF-AND-ONLY-IF your OS PHP < 8.1) -#moodle_version: master # Try Moodle's "weekly" 4.1dev pre-release, even if OS PHP < 8.1 -moodle_version: MOODLE_400_STABLE # Use Moodle 4.0 +# 2022-11-27: Currently testing Moodle's master branch is mandatory if your +# OS PHP >= 8.2, see moodle/tasks/install.yml for detail! OR, *IF* your +# OS PHP < 8.2, then {{ moodle_version }} will be attempted: +moodle_version: MOODLE_401_STABLE # Moodle 4.1 LTS +#moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! -moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab +moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab moodle_data: "{{ content_base }}/moodle" # /library moodle_db_name: moodle diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index d42cb05e3..8525b55a9 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -43,21 +43,21 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} >= 8.1" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} >= 8.2" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022) - when: php_version is version('8.1', '>=') + when: php_version is version('8.2', '>=') -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} < 8.1 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} < 8.2 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. master or MOODLE_400_STABLE - when: php_version is version('8.1', '<') + version: "{{ moodle_version }}" # e.g. MOODLE_401_STABLE (Moodle 4.1) + when: php_version is version('8.2', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 3ca4a8873653d895e3175de32934abdd94808d42 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Nov 2022 13:46:29 -0500 Subject: [PATCH 0765/1758] Clarify Moodle 4.1 size on disk; "weekly" master 4.2dev --- roles/moodle/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 8525b55a9..ea98ebe31 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -43,15 +43,15 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} >= 8.2" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.2" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022) + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022) when: php_version is version('8.2', '>=') -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~370 MB initially, ~390 MB later) if OS PHP {{ php_version }} < 8.2 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.2 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle From 3de6916af27da06f00b6739b9a780bf9228491f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Nov 2022 14:29:18 -0500 Subject: [PATCH 0766/1758] #3430: Moodle 4.2 will require php exif (we're already set!) --- roles/moodle/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index ea98ebe31..734730cde 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -30,6 +30,7 @@ #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + #- php{{ php_version }}-exif # 2022-11-27: Recommended by Moodle 4.1, required by Moodle 4.2 (for image metadata, rotation, etc?) apt package(s) NOT REQUIRED as it's somehow already installed with PHP's core, as confirmed by 'php -m' & 'php -i' on Ubuntu 22.04 and RasPiOS. - php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml From 4c4ce7fa3217edb6d49a231d2af04f18d3160da2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 28 Nov 2022 10:58:19 -0500 Subject: [PATCH 0767/1758] Clarify /library/gitea/bin/gitea-1.17 begins as ~108 MB --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 7e064548f..02dfa7cda 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -43,7 +43,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~100 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~108 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16 From 4385d4eb823b4d7a6f746b89040c9fc629f60e02 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Dec 2022 12:17:48 -0500 Subject: [PATCH 0768/1758] mediawiki/defaults/main.yml: Version 1.39.0 --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 3ab859963..68a13ca74 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.38 # "1.35" also works -mediawiki_minor_version: 4 +mediawiki_major_version: 1.39 # "1.35" also works +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 7003fa984c0b4d18f32d22d7b6dbc89056d5a317 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Dec 2022 12:50:57 -0500 Subject: [PATCH 0769/1758] Recommend ansible-core 2.14.1 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 3f6d6429a..2766aec7b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.0] -GOOD_VER=2.14.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.1] +GOOD_VER=2.14.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From ef8808b28dc65820ff204b2a57f8833a6adbf2db Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 08:09:23 -0500 Subject: [PATCH 0770/1758] Rename .travis.yml to .travis.yml.unused --- .travis.yml => .travis.yml.unused | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .travis.yml => .travis.yml.unused (100%) diff --git a/.travis.yml b/.travis.yml.unused similarity index 100% rename from .travis.yml rename to .travis.yml.unused From 83a6a2db0b22bde9f5781978538f384f98808388 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 08:24:28 -0500 Subject: [PATCH 0771/1758] www_base/tasks/main.yml: php-stem.yml might later support PHP 8.2 --- roles/www_base/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index f7fe20fc6..0f557148f 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -28,7 +28,7 @@ - name: Install php-stem.yml if php_version == 7.4 and (ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64" or ansible_machine == "x86_64") include_tasks: php-stem.yml when: php_version == 7.4 and (ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64" or ansible_machine == "x86_64") - # or php_version == 8.0 or php_version == 8.1 (IIAB MIGHT SUPPORT THESE LATER IN 2022) + # or php_version == 8.0 or php_version == 8.1 or php_version == 8.2 (IIAB MIGHT SUPPORT THESE LATER IN 2023) # or php_version == 7.2 or php_version == 7.3 (PROBABLY WORK, AT YOUR OWN RISK!) - name: Create dir {{ doc_root }}/home -- if you customized var iiab_home_url e.g. in /etc/iiab/local_vars.yml, that dir is created later -- by www_options/tasks/main.yml From 7746ebd2d265e2acdcb691ef44570b496a64389a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 08:49:26 -0500 Subject: [PATCH 0772/1758] Clean .gitignore: XS bitrot, space pollution, emacs support --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 38f8427ed..eefeddb66 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,8 @@ -xs-config.spec build deprecated .ansible *.patches -*.log +*.log *.retry *~ +.#* From cca40edb3d10fabbab53ac79a1705906a14b83a0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 09:23:21 -0500 Subject: [PATCH 0773/1758] .gitignore enhanced for emacs, which generates even more tmp files since 2022 --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitignore b/.gitignore index eefeddb66..62c1c7bcf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,13 @@ +# https://git-scm.com/docs/gitignore + build deprecated .ansible *.patches *.log *.retry + +# Lines below for emacs, which generates even more tmp files since 2022 *~ .#* +\#*# From b691bd8252a67205f6c6f4c7660fc7c18153b780 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 21 Dec 2022 13:34:30 -0500 Subject: [PATCH 0774/1758] Dynamically extract python_ver & postgresql_version --- roles/0-init/tasks/main.yml | 10 ++++++---- roles/lokole/tasks/install.yml | 17 ++++++++++++----- roles/postgresql/tasks/install.yml | 11 ++++++++--- scripts/local_facts.fact | 16 +++++++++++++--- vars/debian-11.yml | 4 ++-- vars/debian-12.yml | 4 ++-- vars/linuxmint-20.yml | 4 ++-- vars/linuxmint-21.yml | 4 ++-- vars/raspbian-11.yml | 4 ++-- .../{ubuntu-2004.yml => ubuntu-2004.yml.unused} | 0 vars/ubuntu-2204.yml | 4 ++-- vars/ubuntu-2210.yml | 4 ++-- vars/ubuntu-2304.yml | 4 ++-- 13 files changed, 55 insertions(+), 31 deletions(-) rename vars/{ubuntu-2004.yml => ubuntu-2004.yml.unused} (100%) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index a12c91156..27de31b64 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -7,12 +7,13 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 11 vars -- here we extract 3 of those -- rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, iiab_stage: {{ ansible_local.local_facts.stage }}" +- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 14 vars -- here we extract 5 of those -- iiab_stage: {{ ansible_local.local_facts.stage }}, rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, os_ver: {{ ansible_local.local_facts.os_ver }}, python_ver: {{ ansible_local.local_facts.python_ver }}" set_fact: iiab_stage: "{{ ansible_local.local_facts.stage }}" rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" os_ver: "{{ ansible_local.local_facts.os_ver }}" + python_ver: "{{ ansible_local.local_facts.python_ver }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. @@ -21,9 +22,8 @@ when: not iiab_ini_test.stat.exists # 2021-07-30: The 'first_run' flag isn't much used anymore. In theory it's -# still used in these 2 places: -# (1) roles/1-prep/tasks/hardware.yml for raspberry_pi.yml -# (2) roles/network/tasks/named.yml for "Stop named before copying files" +# still used in 1-prep/tasks/hardware.yml for raspberry_pi.yml +# # This needs to be reworked for 0-init speed, and overall understandability. - name: Set first_run flag set_fact: @@ -96,6 +96,8 @@ value: "{{ devicetree_model }}" - option: os_ver value: "{{ os_ver }}" + - option: python_ver + value: "{{ python_ver }}" - option: first_run value: "{{ first_run }}" - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index b472ebdd3..82b1c9cf4 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,10 +2,10 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: "Install 8 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, python3-bcrypt, libffi-dev, libssl-dev, libopenjp2-7" +- name: Install 14 packages for Lokole apt: name: - - python3 + #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact - python3-pip - python3-venv - python3-dev @@ -55,12 +55,19 @@ extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ when: lokole_commit is undefined and lokole_version is undefined -- name: Compile translations +# 2022-12-21: Dynamic callout to Python moved to scripts/local_facts.fact (Python 3 is now a mandatory IIAB pre-req) +# - name: Compile translations +# shell: | +# python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) +# {{ lokole_venv }}/bin/pybabel compile -d {{ item }}/translations +# with_items: +# - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp" + +- name: Compile translations for Python {{ python_ver }} shell: | - python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) {{ lokole_venv }}/bin/pybabel compile -d {{ item }}/translations with_items: - - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp" + - "{{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp" - name: Create system {{ lokole_user }} user ansible.builtin.user: diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 3fa1a95d0..df2918a32 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -6,13 +6,18 @@ - python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present +- name: Run shell command "pg_config --version" to extract MAJOR version numner -- strip off MINOR/PATCH version number(s) + shell: pg_config --version | sed 's/^[^0-9]*//' | sed 's/[^0-9].*//' + register: pg_config_version + +- name: 'Dynamically set Ansible var "postgresql_version: {{ pg_config_version.stdout }}"' + set_fact: + postgresql_version: "{{ pg_config_version.stdout }}" + - name: Install /etc/systemd/system/postgresql-iiab.service from template (0644 by default) template: src: postgresql-iiab.service dest: /etc/systemd/system/postgresql-iiab.service - # owner: root - # group: root - # mode: '0644' - name: Create PostgreSQL data dir /library/pgsql-iiab, owned by postgres:postgres (0700) file: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index ce796fcc3..236e08619 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -11,7 +11,9 @@ STAGE=0 OS="none" -VERSION_ID="none" # This var's combined with the above, before being output +VERSION_ID="none" # Temp var, for: OS_VER="$OS-$VERSION_ID" +OS_VER="none" +PYTHON_VER="none" IIAB_REMOTE_URL="none" IIAB_BRANCH="none" IIAB_COMMIT="none" @@ -63,6 +65,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-17" | \ #"ubuntu-18" | \ #"ubuntu-19" | \ + #"ubuntu-2004" | \ #"ubuntu-2104" | \ #"ubuntu-2110" | \ #"centos-7" | \ @@ -76,7 +79,6 @@ OS_VER="$OS-$VERSION_ID" case $OS_VER in "debian-11" | \ "debian-12" | \ - "ubuntu-2004" | \ "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ @@ -123,6 +125,13 @@ tmp=$(ansible --version) && #ANSIBLE_VERSION=$(echo "$tmp" | head -1 | awk '{print $2}') #ANSIBLE_VERSION=$(echo "$tmp" | head -1 | sed -e 's/.* //') +if tmp=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));'); then + PYTHON_VER=$tmp +else + echo -e "\e[1m\nPython 3 is REQUIRED for Internet-in-a-Box. You might want to run:\n\nsudo apt install python3\n\e[0m" + exit 1 +fi + # THE LAST 3 BELOW ARE DIFFERENT as "systemctl is-enabled" unhelpfully returns # the same error code (i.e. 1) REGARDLESS whether the service is (A) disabled @@ -159,5 +168,6 @@ cat < Date: Wed, 21 Dec 2022 14:07:10 -0500 Subject: [PATCH 0775/1758] postgresql/tasks/install.yml typo: numner -> number --- roles/postgresql/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index df2918a32..dd7ac22b3 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -6,7 +6,7 @@ - python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present -- name: Run shell command "pg_config --version" to extract MAJOR version numner -- strip off MINOR/PATCH version number(s) +- name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s) shell: pg_config --version | sed 's/^[^0-9]*//' | sed 's/[^0-9].*//' register: pg_config_version From b8e0b5e13a398188b9ed3c899c570f34c6d4614c Mon Sep 17 00:00:00 2001 From: root Date: Wed, 21 Dec 2022 14:18:27 -0500 Subject: [PATCH 0776/1758] Cleaner sed in nextcloud, postgresql, iiab-diagnostics --- roles/nextcloud/tasks/install.yml | 2 +- roles/postgresql/tasks/install.yml | 2 +- scripts/iiab-diagnostics | 24 ++++++++++++------------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0d5dafea4..1d6e135cc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -3,7 +3,7 @@ # - name: Try to run 'php -v' to get PHP version # # e.g. converts multi-line "PHP 7.0.33-0ubuntu0.16.04.5 (cli) ( NTS ) ..." to "7.0.33" -# shell: php -v | head -1 | sed 's/^[^0-9.]*//' | sed 's/[^0-9.].*//' +# shell: php -v | head -1 | sed 's/^[^0-9.]*//; s/[^0-9.].*//' # register: php_version_installed # #ignore_errors: yes # NOT NEC: if php is not installed, php_version_installed.stdout will get set to "" diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index dd7ac22b3..6c7cdb4fc 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -7,7 +7,7 @@ state: present - name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s) - shell: pg_config --version | sed 's/^[^0-9]*//' | sed 's/[^0-9].*//' + shell: pg_config --version | sed 's/^[^0-9]*//; s/[^0-9].*//' register: pg_config_version - name: 'Dynamically set Ansible var "postgresql_version: {{ pg_config_version.stdout }}"' diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ed243490c..7361e5621 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -8,18 +8,18 @@ IIAB_RELEASE=$(cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2) OS_VER=$(cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2) YMDT=$(date +%F_%T_%Z) -git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root -HASH1=$(cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1) # --pretty=format:'%h' (8 chars) -BRANCH1=$(cd /opt/iiab/iiab; git branch --show-current) -REMOTE_URL1=$(cd /opt/iiab/iiab; git config remote.$(git config branch.$BRANCH1.remote).url) -PR_COUNT1=$(cd /opt/iiab/iiab; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) -TAG_COMMITS1=$(cd /opt/iiab/iiab; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') -git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root -HASH2=$(cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1) -BRANCH2=$(cd /opt/iiab/iiab-admin-console; git branch --show-current) -REMOTE_URL2=$(cd /opt/iiab/iiab-admin-console; git config remote.$(git config branch.$BRANCH2.remote).url) -PR_COUNT2=$(cd /opt/iiab/iiab-admin-console; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) -TAG_COMMITS2=$(cd /opt/iiab/iiab-admin-console; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') +# git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root +# HASH1=$(cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1) # --pretty=format:'%h' (8 chars) +# BRANCH1=$(cd /opt/iiab/iiab; git branch --show-current) +# REMOTE_URL1=$(cd /opt/iiab/iiab; git config remote.$(git config branch.$BRANCH1.remote).url) +# PR_COUNT1=$(cd /opt/iiab/iiab; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +# TAG_COMMITS1=$(cd /opt/iiab/iiab; git describe --tags | sed 's/-[^-]*$//; s/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') +# git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root +# HASH2=$(cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1) +# BRANCH2=$(cd /opt/iiab/iiab-admin-console; git branch --show-current) +# REMOTE_URL2=$(cd /opt/iiab/iiab-admin-console; git config remote.$(git config branch.$BRANCH2.remote).url) +# PR_COUNT2=$(cd /opt/iiab/iiab-admin-console; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +# TAG_COMMITS2=$(cd /opt/iiab/iiab-admin-console; git describe --tags | sed 's/-[^-]*$//; s/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') echo -e "\nGathers IIAB diagnostics into 1 file, to accelerate troubleshooting. USAGE:" echo From cc659d0837583bbf87e3ee10b3ad00b24798c08b Mon Sep 17 00:00:00 2001 From: root Date: Wed, 21 Dec 2022 19:29:04 -0500 Subject: [PATCH 0777/1758] Dynamically extract php_version & python_version --- iiab-install | 9 ++-- roles/0-init/tasks/main.yml | 11 +++-- roles/jupyterhub/tasks/install.yml | 2 +- roles/lokole/tasks/install.yml | 6 +-- roles/lokole/tasks/setup.yml | 4 +- roles/lokole/templates/lokole-nginx.conf.j2 | 4 +- runrole | 55 ++++++++++++++------- scripts/local_facts.fact | 39 +++++++++------ vars/debian-11.yml | 8 +-- vars/debian-12.yml | 8 +-- vars/linuxmint-20.yml | 6 +-- vars/linuxmint-21.yml | 6 +-- vars/raspbian-11.yml | 8 +-- vars/ubuntu-2004.yml.unused | 6 +-- vars/ubuntu-2204.yml | 6 +-- vars/ubuntu-2210.yml | 6 +-- vars/ubuntu-2304.yml | 6 +-- 17 files changed, 113 insertions(+), 77 deletions(-) diff --git a/iiab-install b/iiab-install index 08dc7eed7..532cbf81d 100755 --- a/iiab-install +++ b/iiab-install @@ -65,7 +65,7 @@ if [ ! -f /etc/iiab/local_vars.yml ]; then echo -e "████████████████████████████████████████████████████████████████████████████████\n" >&2 fi - echo -e "\nEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\n" >&2 + echo -e "\n\e[1mEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 @@ -124,7 +124,7 @@ CURR_ANSIBLE_VER=0 #if [[ $(command -v ansible) ]]; then # Also Works! $(...) nests more easily than backticks #if [[ `which ansible` ]]; then # "which" misses built-in commands like cd, and is RISKY per https://stackoverflow.com/questions/592620/check-if-a-program-exists-from-a-bash-script #if [[ `type -P ansible` ]]; then # "type -P" isn't POSIX compliant; it misses built-in commands like "cd" -if [[ `command -v ansible` ]]; then # "command -v" is POSIX compliant; it catches built-in commands like "cd" +if [[ $(command -v ansible) ]]; then # "command -v" is POSIX compliant; it catches built-in commands like "cd" CURR_ANSIBLE_VER=$(ansible --version | head -1 | cut -f 2- -d " " | sed 's/.* \([^ ]*\)\].*/\1/') # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: #CURR_ANSIBLE_VER=$(ansible --version | head -1 | awk '{print $2}') @@ -179,14 +179,15 @@ fi # /etc/iiab/iiab_state.yml is mandatory and must be created here. Background: # Allow iiab-install to read IIAB_STATE_FILE to not repeat installs of previous # roles that already completed within the stage. -if [ ! -f $IIAB_STATE_FILE ]; then - #touch $IIAB_STATE_FILE +if [ ! -f $IIAB_STATE_FILE ]; then # touch $IIAB_STATE_FILE + echo -e "\nCreating... $IIAB_STATE_FILE" cat > $IIAB_STATE_FILE << EOF # DO *NOT* MANUALLY EDIT THIS, THANKS! # IIAB does NOT currently support uninstalling apps/services. EOF fi + echo -e "\nTRY TO RERUN './iiab-install' IF IT FAILS DUE TO CONNECTIVITY ISSUES ETC!\n" echo -e "\e[1mRunning local Ansible playbooks...\n...Stage 0 will now run\n...followed by Stages $(($STAGE + 1))-9\n...and then the Network Role.\e[0m\n" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 27de31b64..7a1532898 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -7,13 +7,14 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 14 vars -- here we extract 5 of those -- iiab_stage: {{ ansible_local.local_facts.stage }}, rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, os_ver: {{ ansible_local.local_facts.os_ver }}, python_ver: {{ ansible_local.local_facts.python_ver }}" +- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 15 vars -- here we extract 6 of those -- iiab_stage: {{ ansible_local.local_facts.stage }}, rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, os_ver: {{ ansible_local.local_facts.os_ver }}, python_version: {{ ansible_local.local_facts.python_version }}, php_version: {{ ansible_local.local_facts.php_version }}" set_fact: iiab_stage: "{{ ansible_local.local_facts.stage }}" rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" os_ver: "{{ ansible_local.local_facts.os_ver }}" - python_ver: "{{ ansible_local.local_facts.python_ver }}" + python_version: "{{ ansible_local.local_facts.python_version }}" + php_version: "{{ ansible_local.local_facts.php_version }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. @@ -96,8 +97,10 @@ value: "{{ devicetree_model }}" - option: os_ver value: "{{ os_ver }}" - - option: python_ver - value: "{{ python_ver }}" + - option: python_version + value: "{{ python_version }}" + - option: php_version + value: "{{ php_version }}" - option: first_run value: "{{ first_run }}" - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d4ce6c0eb..68f909ea7 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -72,7 +72,7 @@ dest: /etc/systemd/system/jupyterhub.service # 2022-07-07: No longer needed, thx to upstream fixes -# - name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages +# - name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_version }}/site-packages # template: # src: getsite.py.j2 # dest: "{{ jupyterhub_venv }}/bin/getsite.py" diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 82b1c9cf4..a1ea1d357 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -55,7 +55,6 @@ extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ when: lokole_commit is undefined and lokole_version is undefined -# 2022-12-21: Dynamic callout to Python moved to scripts/local_facts.fact (Python 3 is now a mandatory IIAB pre-req) # - name: Compile translations # shell: | # python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) @@ -63,11 +62,12 @@ # with_items: # - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp" -- name: Compile translations for Python {{ python_ver }} +# 2022-12-21: python_version determined by scripts/local_facts.fact -- to match templates/lokole-nginx.conf.j2 +- name: Compile translations for Python {{ python_version }} shell: | {{ lokole_venv }}/bin/pybabel compile -d {{ item }}/translations with_items: - - "{{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp" + - "{{ lokole_venv }}/lib/python{{ python_version }}/site-packages/opwen_email_client/webapp" - name: Create system {{ lokole_user }} user ansible.builtin.user: diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml index a8542f90b..58a5ec716 100644 --- a/roles/lokole/tasks/setup.yml +++ b/roles/lokole/tasks/setup.yml @@ -3,11 +3,11 @@ name: supervisor state: started +# 2022-12-21: python_version determined by scripts/local_facts.fact -- to match templates/lokole-nginx.conf.j2 - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env - python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) - cd {{ lokole_venv }}/lib/python${python_version}/site-packages/ + cd {{ lokole_venv }}/lib/python{{ python_version }}/site-packages/ export FLASK_APP="opwen_email_client.webapp:app" {{ lokole_venv }}/bin/flask manage createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' diff --git a/roles/lokole/templates/lokole-nginx.conf.j2 b/roles/lokole/templates/lokole-nginx.conf.j2 index a2084a160..002961fcf 100644 --- a/roles/lokole/templates/lokole-nginx.conf.j2 +++ b/roles/lokole/templates/lokole-nginx.conf.j2 @@ -1,9 +1,9 @@ location = {{ lokole_url }}/favicon.ico { - alias {{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp/static/favicon.ico; + alias {{ lokole_venv }}/lib/python{{ python_version }}/site-packages/opwen_email_client/webapp/static/favicon.ico; } location ~ ^{{ lokole_url }}/static/(.*)$ { - alias {{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp/static/$1; + alias {{ lokole_venv }}/lib/python{{ python_version }}/site-packages/opwen_email_client/webapp/static/$1; } location {{ lokole_url }}/ { diff --git a/runrole b/runrole index 644665d2f..ad1387e2c 100755 --- a/runrole +++ b/runrole @@ -15,7 +15,7 @@ PLAYBOOK=run-one-role.yml if [ ! -f $PLAYBOOK ]; then echo "Exiting: IIAB Playbook not found." - echo "Please run this in /opt/iiab/iiab (top level of the git repo)." + echo "Please run this in /opt/iiab/iiab (top level of git repo)." exit 1 fi @@ -28,28 +28,48 @@ if [ $# -eq 0 ] || [ "$2" == "--reinstall" ] || [ "$3" == "--reinstall" ]; then exit 0 fi -# 2020-08-05: yes /etc/iiab/iiab_state.yml is necessary, but we DON'T -# want to encourage sloppy operators to delete/touch this file. -# -# (The iiab_state.yml file should always be created by ./iiab-install, -# for IIAB's Ansible roles that then auto-populate this file.) -# -# FYI ./iiab-network and ./iiab-configure likewise warn operators (IN RED!) -# if they try to run without the existence of /etc/iiab/iiab_state.yml : -# -# ERROR! vars file /etc/iiab/iiab_state.yml was not found -# -# Needed for Stages 1-3 if not installed yet -#if [ ! -f $IIAB_STATE_FILE ]; then -# touch $IIAB_STATE_FILE -#fi - if [ "$1" == "--reinstall" ]; then ARGS="$ARGS\"reinstall\":True," # Needs boolean not string so use JSON list REINSTALL=true shift fi + +# 4 snippets to guide -> bootstrap -> accelerate role debugging on bare OS's: + +mkdir -p /etc/iiab # -p avoids errors, effectively like '|| true' +if [ ! -f /etc/iiab/local_vars.yml ]; then + echo -e "\n\e[1mEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 + + echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 + echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 + echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2 + + echo -e ' https://download.iiab.io\n' >&2 + + exit 1 +fi + +# In comparison, ./iiab-network and ./iiab-configure warn operators (IN RED) +# if run without the existence of /etc/iiab/iiab_state.yml +if [ ! -f $IIAB_STATE_FILE ]; then # touch $IIAB_STATE_FILE + echo -e "\n\e[1mCreating... $IIAB_STATE_FILE\e[0m" + cat > $IIAB_STATE_FILE << EOF +# DO *NOT* MANUALLY EDIT THIS, THANKS! +# IIAB does NOT currently support uninstalling apps/services. + +EOF +fi + +if ! [[ $(command -v ansible) ]]; then + echo -e "\n\e[1mPlease install Ansible, by running:\n\nsudo /opt/iiab/iiab/scripts/ansible\e[0m\n" + exit 1 +fi + +mkdir -p /etc/ansible/facts.d +cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact + + ROLE_VAR=$1 # Ansible role name & var name sometimes differ :/ if [ $1 == "calibre-web" ]; then ROLE_VAR=calibreweb @@ -105,6 +125,7 @@ if ! $INSTALL; then ARGS="$ARGS\"${ROLE_VAR}_install\":True," fi + if [ $# -eq 2 ]; then export ANSIBLE_LOG_PATH="$2" else diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 236e08619..b78e21e43 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -13,14 +13,15 @@ STAGE=0 OS="none" VERSION_ID="none" # Temp var, for: OS_VER="$OS-$VERSION_ID" OS_VER="none" -PYTHON_VER="none" -IIAB_REMOTE_URL="none" IIAB_BRANCH="none" -IIAB_COMMIT="none" +IIAB_REMOTE_URL="none" IIAB_RECENT_TAG="none" +IIAB_COMMIT="none" RPI_MODEL="none" DEVICETREE_MODEL="none" ANSIBLE_VERSION="none" +PYTHON_VERSION="none" +PHP_VERSION="none" DHCPCD="none" # The last 3 conditioned on string output not RC. SEE BELOW. NETWORK_MANAGER="none" SYSTEMD_NETWORKD="none" @@ -90,6 +91,7 @@ case $OS_VER in ;; esac + # These next 4 help indicate what version of IIAB tmp=$(git rev-parse --abbrev-ref HEAD) && IIAB_BRANCH=$tmp @@ -102,11 +104,12 @@ tmp=$(git config branch.$IIAB_BRANCH.remote) && { fi } +tmp=$(git describe --tags --abbrev=0) && + IIAB_RECENT_TAG=$tmp + tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp -tmp=$(git describe --tags --abbrev=0) && - IIAB_RECENT_TAG=$tmp grep -iq raspberry /proc/device-tree/model && RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') @@ -119,6 +122,7 @@ grep -iq raspberry /proc/device-tree/model && tmp=$(tr -d '\0' < /proc/device-tree/model) && DEVICETREE_MODEL=$tmp + tmp=$(ansible --version) && ANSIBLE_VERSION=$(echo "$tmp" | head -1 | cut -f 2- -d " " | sed 's/.* \([^ ]*\)\].*/\1/') # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: @@ -126,12 +130,18 @@ tmp=$(ansible --version) && #ANSIBLE_VERSION=$(echo "$tmp" | head -1 | sed -e 's/.* //') if tmp=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));'); then - PYTHON_VER=$tmp + PYTHON_VERSION=$tmp else echo -e "\e[1m\nPython 3 is REQUIRED for Internet-in-a-Box. You might want to run:\n\nsudo apt install python3\n\e[0m" exit 1 fi +tmp=$(apt list php) && + PHP_VERSION=$(echo $tmp | grep -Po '[0-9]+\.[0-9]+' | head -1) +# Extracts the first (topmost, leftmost) MAJOR.MINOR, even if not yet installed +# Safer than: echo $tmp | grep php | head -1 | sed 's/.*://; s/[^0-9.].*//') +# https://stackoverflow.com/questions/16675179/how-to-use-sed-to-extract-substring/16675391#16675391 + # THE LAST 3 BELOW ARE DIFFERENT as "systemctl is-enabled" unhelpfully returns # the same error code (i.e. 1) REGARDLESS whether the service is (A) disabled @@ -157,17 +167,18 @@ tmp=$(systemctl is-enabled systemd-networkd) # https://en.wikipedia.org/wiki/Here_document cat < Date: Wed, 21 Dec 2022 21:12:02 -0500 Subject: [PATCH 0778/1758] local_facts.fact: Transition Linux Mint 20 to 21, as per #3416 --- scripts/local_facts.fact | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index b78e21e43..ed84729f5 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -59,6 +59,7 @@ OS_VER="$OS-$VERSION_ID" # Previously supported Linux distributions / versions: #"fedora-18" | \ #"fedora-22" | \ + #"centos-7" | \ #"debian-8" | \ #"debian-9" | \ #"debian-10" | \ @@ -69,7 +70,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2004" | \ #"ubuntu-2104" | \ #"ubuntu-2110" | \ - #"centos-7" | \ + #"linuxmint-20" | \ #"raspbian-8" | \ #"raspbian-9" | \ #"raspbian-10" | \ @@ -83,7 +84,6 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ - "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") ;; From 313fd279a296ceeaf7953582eb740989a26c0997 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 21:14:12 -0500 Subject: [PATCH 0779/1758] Rename linuxmint-20.yml to linuxmint-20.yml.unused --- vars/{linuxmint-20.yml => linuxmint-20.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{linuxmint-20.yml => linuxmint-20.yml.unused} (100%) diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml.unused similarity index 100% rename from vars/linuxmint-20.yml rename to vars/linuxmint-20.yml.unused From 503d8d0c244db2ccf2f6ace9108057ac7740585b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 22:11:17 -0500 Subject: [PATCH 0780/1758] local_facts.fact: Clarify mechanics for PRs #3438 #3439 --- scripts/local_facts.fact | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index ed84729f5..e68aa93d5 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -3,15 +3,15 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -# 2020-10-27: Most of the 13 variables require a command[*] to be run to +# 2020-10-27: Most of the [15] variables require a command[*] to be run to # establish the var's value. WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE. # # [*] DOESN'T MATTER WHAT COMMAND: so long as it fails with Return Code != 0 -# If statements then use that RC to force the var to these default values... +# If RC == 0, var is forced from its default value here: (using cmd's output) STAGE=0 OS="none" -VERSION_ID="none" # Temp var, for: OS_VER="$OS-$VERSION_ID" +VERSION_ID="none" # Just a temp var, for: OS_VER="$OS-$VERSION_ID" OS_VER="none" IIAB_BRANCH="none" IIAB_REMOTE_URL="none" From 38ee0cfe81fc785adaf65b88bbb767bfe4a7177f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Dec 2022 22:17:23 -0500 Subject: [PATCH 0781/1758] default_vars.yml: Mention /opt/iiab/iiab/vars/.yml --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 888162e98..04d326693 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -753,8 +753,8 @@ pbx_http_port: 83 # OS-DEPENDENT VARS: TURN OFF ALL VARS BELOW AND THEN THE CORRECT -# /opt/iiab/iiab/vars/.yml WILL TURN ON WHAT'S APPROPRIATE. See "How This -# Works" ~32 lines below, and https://github.com/iiab/iiab/wiki/IIAB-Platforms +# /opt/iiab/iiab/vars/.yml WILL TURN ON WHAT'S APPROPRIATE. See +# "How This Works" below, and https://github.com/iiab/iiab/wiki/IIAB-Platforms # Wide to narrow (insofar as poss) is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) From d720e209e339d4725efd51198c66504c02fe6094 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 22 Dec 2022 00:22:56 -0500 Subject: [PATCH 0782/1758] Move stale vars: vars/OS.yml to default_vars.yml or roles/X/defaults --- roles/kiwix/defaults/main.yml | 1 + roles/sshd/defaults/main.yml | 10 ++++++++++ vars/debian-11.yml | 27 ++++++++++++--------------- vars/debian-12.yml | 27 ++++++++++++--------------- vars/default_vars.yml | 8 ++++++++ vars/linuxmint-21.yml | 27 ++++++++++++--------------- vars/raspbian-11.yml | 27 ++++++++++++--------------- vars/ubuntu-2204.yml | 27 ++++++++++++--------------- vars/ubuntu-2210.yml | 27 ++++++++++++--------------- vars/ubuntu-2304.yml | 27 ++++++++++++--------------- 10 files changed, 103 insertions(+), 105 deletions(-) create mode 100644 roles/sshd/defaults/main.yml diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 2696974fd..24c1ff0a9 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -57,5 +57,6 @@ kiwix_url: /kiwix kiwix_url_plus_slash: "{{ kiwix_url }}/" # /kiwix/ kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix +systemctl_program: /bin/systemctl kiwix_nginx_timeout: 600 kiwix_threads: 4 diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml new file mode 100644 index 000000000..5c9c5dc17 --- /dev/null +++ b/roles/sshd/defaults/main.yml @@ -0,0 +1,10 @@ +# sshd_install: True # Required by OpenVPN +# sshd_enabled: True + +# sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! + +sshd_package: openssh-server +sshd_service: ssh diff --git a/vars/debian-11.yml b/vars/debian-11.yml index 56a77a8ad..67020e3c3 100644 --- a/vars/debian-11.yml +++ b/vars/debian-11.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_11: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "7.4" # postgresql_version: 13 # python_version: "3.9" diff --git a/vars/debian-12.yml b/vars/debian-12.yml index e4119b469..abdbf891b 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_12: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 15 # python_version: "3.10" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 04d326693..7a2d22e57 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -272,6 +272,7 @@ pi_swap_file_size: 1024 # THESE 2 LEGACY VARS ARE PRESERVED BUT HAVE NO EFFECT: mysql_install: True mysql_enabled: True +mysql_service: mariadb # 2020-09-24: NGINX is MANDATORY but still evolving - please see: # https://github.com/iiab/iiab/blob/master/roles/nginx/README.md @@ -300,6 +301,8 @@ squid_install: False squid_enabled: False # Enabling this ~= 'iiab_gateway_enabled: True' (ABOVE) gw_squid_whitelist: False # Works with HTTP sites, not HTTPS sites ! gw_block_https: False +proxy: squid # Admin Console uses +proxy_user: proxy # Could move to roles/network/defaults/main.yml # UNMAINTAINED as of July 2021 # DansGuardian REQUIRES Squid (above) be installed & enabled. @@ -320,6 +323,7 @@ iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True +systemd_location: /lib/systemd/system # 2-common iiab-startup also uses # Common UNIX Printing System (CUPS) cups_install: False @@ -332,6 +336,8 @@ samba_enabled: False samba_udp_ports: 137:138 samba_tcp_mports: 139,445 shared_dir : "{{ content_base }}/public" # /library/public +smb_service: smbd # Admin Console uses +nmb_service: nmbd # Could move to roles/samba/defaults/main.yml # roles/www_options HANDLES THE 3 VARS BELOW: @@ -346,6 +352,8 @@ nginx_high_php_limits: False # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False +apache_service: apache2 +apache_user: www-data # Admin Console uses # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index 302b863c8..85d2c51c1 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -1,4 +1,4 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now @@ -6,20 +6,17 @@ is_ubuntu_2204: True is_linuxmint: True is_linuxmint_21: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index 360559dc5..ff03dd183 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -1,4 +1,4 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_debian: True # Opposite of is_ubuntu for now @@ -6,20 +6,17 @@ is_debian_11: True is_raspbian: True is_raspbian_11: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: ssh -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: ssh +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "7.4" # postgresql_version: 13 # python_version: "3.9" diff --git a/vars/ubuntu-2204.yml b/vars/ubuntu-2204.yml index ad9276b76..e619ed95a 100644 --- a/vars/ubuntu-2204.yml +++ b/vars/ubuntu-2204.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2204: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml index 5c3836016..cfe7706f9 100644 --- a/vars/ubuntu-2210.yml +++ b/vars/ubuntu-2210.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2210: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml index 026704b4a..07ed43529 100644 --- a/vars/ubuntu-2304.yml +++ b/vars/ubuntu-2304.yml @@ -1,23 +1,20 @@ -# Every is_ var is initially set to 'False' at the bottom of +# Every is_ var is initially set to 'False' at the bottom of # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2304: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" From fec9addc0f99ef69d17e024c9c20842878ef6282 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 22 Dec 2022 00:50:07 -0500 Subject: [PATCH 0783/1758] postgresql/tasks/install.yml: Update comment --- roles/postgresql/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 6c7cdb4fc..214f8b028 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,4 +1,4 @@ -- name: 'Install packages: postgresql, postgresql-client' +- name: 'Install packages: postgresql, postgresql-client, python3-psycopg2' package: name: - postgresql From 5d66eb5f89da8eea76d22774260651fb54dd35e9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 23 Dec 2022 17:25:54 -0500 Subject: [PATCH 0784/1758] Might as well align ubuntu-2004.yml.unused w/ others --- vars/ubuntu-2004.yml.unused | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/vars/ubuntu-2004.yml.unused b/vars/ubuntu-2004.yml.unused index 6f700bf0e..bdae9367d 100644 --- a/vars/ubuntu-2004.yml.unused +++ b/vars/ubuntu-2004.yml.unused @@ -4,20 +4,17 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2004: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "7.4" # postgresql_version: 12 # python_ver: "3.8" From 13df79006cc3708cb39997a948c80a72b9585d39 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 23 Dec 2022 17:27:17 -0500 Subject: [PATCH 0785/1758] Might as well align linuxmint-20.yml.unused w/ others --- vars/linuxmint-20.yml.unused | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/vars/linuxmint-20.yml.unused b/vars/linuxmint-20.yml.unused index 24b2e4aa7..3d1c4c7a9 100644 --- a/vars/linuxmint-20.yml.unused +++ b/vars/linuxmint-20.yml.unused @@ -6,20 +6,17 @@ is_ubuntu_20: True is_linuxmint: True is_linuxmint_20: True -proxy: squid -proxy_user: proxy -apache_service: apache2 -apache_user: www-data -apache_conf_dir: apache2/sites-available -apache_log_dir: /var/log/apache2 -apache_log: /var/log/apache2/access.log -smb_service: smbd -nmb_service: nmbd -systemctl_program: /bin/systemctl -mysql_service: mariadb -sshd_package: openssh-server -sshd_service: ssh -systemd_location: /lib/systemd/system +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system # php_version: "7.4" # postgresql_version: 12 # python_version: "3.8" From 3b3d223beba6412afaeaeb857bff46c55012d5ba Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 24 Dec 2022 07:29:02 -0500 Subject: [PATCH 0786/1758] Fix for Issue #3441 --- roles/matomo/tasks/install.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index e5d22fcfb..dabac9274 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -180,6 +180,13 @@ body_format: form-urlencoded status_code: 302 +- name: Set Matomo Directory Permissions + file: + path: "{{ matomo_path }}/matomo" + recurse: yes + owner: "{{ apache_user }}" # e.g. www-data + group: "{{ apache_user }}" + - name: Start Collecting Matomo Data cron: name: "MatomoDataIngestionOnReboot" From dd5c1818070a062410fc920ef338f58cd44ef601 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 24 Dec 2022 08:19:22 -0500 Subject: [PATCH 0787/1758] Add permissions fix as cronjob --- roles/matomo/tasks/install.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index dabac9274..66e3be188 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -205,6 +205,14 @@ cron_file: "matomo_daily" +- name: Start Collecting Matomo Data + cron: + name: "MatomoDataIngestionOnReboot2" + special_time: reboot + job: "sudo chown -R www-data:www-data /library/www/matomo" + user: root + cron_file: "matomo_reboot2" + # RECORD Matomo AS INSTALLED - name: "Set 'matomo_installed: True'" From c7ef1ce3d64da49794cc8af040c0bc35cc4d19f8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 24 Dec 2022 08:48:31 -0500 Subject: [PATCH 0788/1758] matomo/README.adoc: "username" consistency can't hurt --- roles/matomo/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 0ad39328a..ed24ec745 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -53,7 +53,7 @@ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (w === Getting Started -Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. +Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the username and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. From b968fd40f5a78ec1557c250a7c4f1c834b485469 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 24 Dec 2022 08:52:14 -0500 Subject: [PATCH 0789/1758] changes to cronjob hack as test --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 66e3be188..b05060e54 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -209,7 +209,7 @@ cron: name: "MatomoDataIngestionOnReboot2" special_time: reboot - job: "sudo chown -R www-data:www-data /library/www/matomo" + job: "sudo touch /library/www/matomo/tmp/cache/token.php && sudo mkdir /library/www/matomo/tmp/cache/tracker && sudo chown -R www-data:www-data /library/www/matomo" user: root cron_file: "matomo_reboot2" From 12f80696800b7ed4314d9eab20913f213ff36a3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 24 Dec 2022 08:56:10 -0500 Subject: [PATCH 0790/1758] matomo/README.adoc: "time stops" on some IIAB's (lacking RTC) but not all! --- roles/matomo/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index ed24ec745..8ce7d6b6b 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -55,13 +55,13 @@ WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (w Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the username and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. -The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. +The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device may not keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* button after clicking *Behavior* and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. === IIAB Tips, Tricks, and Gotchas -1. If your Internet-in-a-Box setup is without power and Internet access, it will not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. +1. If your Internet-in-a-Box setup is without power and Internet access, it may not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. 2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. From 4823353dd957aecb42443caa1f0431e09dec92d7 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Sat, 24 Dec 2022 10:30:47 -0500 Subject: [PATCH 0791/1758] Replace shell commands with ansible --- roles/matomo/tasks/install.yml | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index b05060e54..4edb9ce65 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -180,13 +180,6 @@ body_format: form-urlencoded status_code: 302 -- name: Set Matomo Directory Permissions - file: - path: "{{ matomo_path }}/matomo" - recurse: yes - owner: "{{ apache_user }}" # e.g. www-data - group: "{{ apache_user }}" - - name: Start Collecting Matomo Data cron: name: "MatomoDataIngestionOnReboot" @@ -204,14 +197,19 @@ user: root cron_file: "matomo_daily" +- name: Set Permissions for token.php + copy: + content: "" + dest: "{{ matomo_path }}/matomo/tmp/cache/token.php" + group: "{{ apache_user }}" + owner: "{{ apache_user }}" -- name: Start Collecting Matomo Data - cron: - name: "MatomoDataIngestionOnReboot2" - special_time: reboot - job: "sudo touch /library/www/matomo/tmp/cache/token.php && sudo mkdir /library/www/matomo/tmp/cache/tracker && sudo chown -R www-data:www-data /library/www/matomo" - user: root - cron_file: "matomo_reboot2" +- name: Set Permissions for tracker Directory + file: + path: "{{ matomo_path }}/matomo/tmp/cache/tracker" + state: directory + owner: "{{ apache_user }}" + group: "{{ apache_user }}" # RECORD Matomo AS INSTALLED From 9c21d688ad0627d94c5679f8f30350d830a71d72 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 25 Dec 2022 08:28:12 -0500 Subject: [PATCH 0792/1758] iiab-admin/templates/sshpwd-lxde-iiab.sh.j2: Fix {{ sshd_service }} --- roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index 356789433..373d3888d 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -41,8 +41,8 @@ check_user_pwd() { # [ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ] } -#grep -q "^PasswordAuthentication\s\+no\b" /etc/ssh/sshd_config && return -#systemctl is-active {{ sshd_service }} || return +# grep -q "^PasswordAuthentication\s\+no\b" /etc/ssh/sshd_config && return +# systemctl is-active ssh || return # #3444: Or use Ansible var sshd_service if check_user_pwd "{{ iiab_admin_user }}" "{{ iiab_admin_published_pwd }}" ; then # iiab-admin g0adm1n zenity --warning --width=600 --text="Published password in use by user '{{ iiab_admin_user }}'.\n\nTHIS IS A SECURITY RISK - please change its password using IIAB's Admin Console (http://box.lan/admin) -> Utilities -> Change Password.\n\nSee 'What are the default passwords?' at http://FAQ.IIAB.IO" From a0fa51578cbe2a853dca89262cb2de2fa6099b3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Dec 2022 09:56:40 -0500 Subject: [PATCH 0793/1758] matomo/tasks/install.yml: Lint --- roles/matomo/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 4edb9ce65..a85577936 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -211,6 +211,7 @@ owner: "{{ apache_user }}" group: "{{ apache_user }}" + # RECORD Matomo AS INSTALLED - name: "Set 'matomo_installed: True'" From 0125554869cd050c24f1fd1916720a09b27e4cb1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Dec 2022 18:17:13 -0500 Subject: [PATCH 0794/1758] matomo/README.adoc: Clarify KA Lite restriction --- roles/matomo/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 8ce7d6b6b..0abedbbfa 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -63,7 +63,7 @@ Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* 1. If your Internet-in-a-Box setup is without power and Internet access, it may not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. -2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. +2. One thing Matomo can't track correctly is navigation within KA Lite (Khan Academy) pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. == Credits From 37f7d3eeaf3801d93c45faafbe6b2e0a6c9f3b7b Mon Sep 17 00:00:00 2001 From: root Date: Mon, 26 Dec 2022 16:03:19 -0500 Subject: [PATCH 0795/1758] Too many global vars: put {{ systemctl_program }} to rest --- roles/kiwix/defaults/main.yml | 1 - roles/kiwix/tasks/enable-or-disable.yml | 2 +- roles/kiwix/templates/iiab-make-kiwix-lib | 4 ++-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 24c1ff0a9..2696974fd 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -57,6 +57,5 @@ kiwix_url: /kiwix kiwix_url_plus_slash: "{{ kiwix_url }}/" # /kiwix/ kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix -systemctl_program: /bin/systemctl kiwix_nginx_timeout: 600 kiwix_threads: 4 diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index c3b2d617c..6487d84a2 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -26,7 +26,7 @@ - name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) lineinfile: # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" + line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" dest: /etc/crontab when: kiwix_enabled diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib b/roles/kiwix/templates/iiab-make-kiwix-lib index e69271949..f945bf2a4 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib +++ b/roles/kiwix/templates/iiab-make-kiwix-lib @@ -25,12 +25,12 @@ if flock -n -e 200; then : else /usr/bin/iiab-make-kiwix-lib.py -f # force rebuild of library.xml fi - {{ systemctl_program }} stop kiwix-serve + /usr/bin/systemctl stop kiwix-serve if [ -f $KIWIXLIB ]; then rm $KIWIXLIB fi mv $KIWIXLIB.tmp $KIWIXLIB - {{ systemctl_program }} start kiwix-serve + /usr/bin/systemctl start kiwix-serve else echo "Can't get wait lock for iiab-make-kiwix-lib.py"; exit 1; From f9b5e74d8a19ff56364c5a67be474d4af32f8ba9 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 26 Dec 2022 18:30:03 -0500 Subject: [PATCH 0796/1758] Enable/Disable kiwix-serve 4AM daily cron (using Ansible) --- roles/kiwix/tasks/enable-or-disable.yml | 30 +++++++++++++++++++------ 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index 6487d84a2..493ec86f7 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -17,19 +17,35 @@ when: kiwix_enabled -# TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled" - # In the past kiwix-serve did not stay running, so we'd been doing this hourly. # @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in # future, whenever service fails, if this really catches all cases?? # https://github.com/iiab/iiab/issues/484#issuecomment-342151726 -- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab + +- name: Set cron to restart kiwix-serve 4AM daily, if kiwix_enabled + cron: + name: kiwix-serve daily restart + minute: "0" + hour: "4" + job: /usr/bin/systemctl restart kiwix-serve.service + user: root + cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root when: kiwix_enabled +- name: Remove 4AM daily cron, if not kiwix_enabled + cron: + name: kiwix-serve daily restart + cron_file: kiwix-serve_daily + state: absent + when: not kiwix_enabled + +# - name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) +# lineinfile: +# # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed +# line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" +# dest: /etc/crontab +# when: kiwix_enabled + # - name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) # # * * * * * user-name command to be executed # lineinfile: From f082df8ef42103d047b2df15a89615c67841f987 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Dec 2022 07:17:09 -0500 Subject: [PATCH 0797/1758] /etc/cron.d/kiwix-serve_daily instead of defaults --- roles/kiwix/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index 493ec86f7..0381ae2cd 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -29,7 +29,7 @@ hour: "4" job: /usr/bin/systemctl restart kiwix-serve.service user: root - cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root + cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root or /etc/crontab when: kiwix_enabled - name: Remove 4AM daily cron, if not kiwix_enabled From ffa16d5bfb7b640d0e30f0221f84ca9120e00663 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Dec 2022 07:34:40 -0500 Subject: [PATCH 0798/1758] #3446: Further clarify /etc/cron.d/kiwix-serve_daily instead of... --- roles/kiwix/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml index 0381ae2cd..a139a6551 100644 --- a/roles/kiwix/tasks/enable-or-disable.yml +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -29,7 +29,7 @@ hour: "4" job: /usr/bin/systemctl restart kiwix-serve.service user: root - cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root or /etc/crontab + cron_file: kiwix-serve_daily # i.e. /etc/cron.d/kiwix-serve_daily instead of /var/spool/cron/crontabs/root or /etc/cron.daily/* or /etc/crontab when: kiwix_enabled - name: Remove 4AM daily cron, if not kiwix_enabled From ca927e86ee62de95e75f72779f13e4e637808088 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Dec 2022 08:08:20 -0500 Subject: [PATCH 0799/1758] sshd/tasks/install.yml: Comment hygiene, similar to #3444 --- roles/sshd/tasks/install.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index 0be48232d..b772bdef8 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -1,11 +1,11 @@ # TODO: # -# 1) Implement sshd_port IF it's truly needed? Mentioned here as of 2020-09-24: +# 1) Implement sshd_port IF it's truly needed? Mentioned here as of 2020-12-27: # -# vars/default_vars.yml Line 212 -# roles/sshd/tasks/main.yml Lines 41-42 +# vars/default_vars.yml Line 226 +# roles/sshd/tasks/install.yml Lines 45-46 # roles/network/tasks/avahi.yml Line 46 -# roles/network/templates/gateway/iiab-gen-iptables Line 49 & 135 +# roles/network/templates/gateway/iiab-gen-iptables Line 71 & 153 # # 2) Use Ansible handler to reload ssh? @@ -20,7 +20,6 @@ regexp: '^PermitRootLogin' line: 'PermitRootLogin without-password' state: present - #when: sshd_enabled - name: mkdir /root/.ssh file: @@ -29,7 +28,6 @@ owner: root group: root mode: '0700' - #when: sshd_enabled - name: Install dummy root keys as placeholder copy: @@ -39,7 +37,6 @@ group: root mode: '0600' force: no - #when: sshd_enabled # RECORD sshd AS INSTALLED From dfaccc42aea379e69865114f4bdded18549cd908 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Dec 2022 08:11:06 -0500 Subject: [PATCH 0800/1758] Typo: Fix date in comment (ca927e86) --- roles/sshd/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index b772bdef8..86d1e9360 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -1,6 +1,6 @@ # TODO: # -# 1) Implement sshd_port IF it's truly needed? Mentioned here as of 2020-12-27: +# 1) Implement sshd_port IF it's truly needed? Mentioned here as of 2022-12-27: # # vars/default_vars.yml Line 226 # roles/sshd/tasks/install.yml Lines 45-46 From 59bd6eecfd0626ee1ed40e2b64c35b149996c6fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Dec 2022 10:19:34 -0500 Subject: [PATCH 0801/1758] Fix www_options comments: Default is "memory_limit = -1" in cli/php.ini --- roles/www_options/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 05bd3e12f..02becefc1 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -82,7 +82,7 @@ - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install @@ -122,7 +122,7 @@ - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install From 4638bc7124c37730c96263c6cf18e861466d0ede Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Dec 2022 12:15:57 -0500 Subject: [PATCH 0802/1758] Somewhat higher PHP limits for Matomo --- roles/www_options/tasks/main.yml | 20 ++++++++++---------- vars/default_vars.yml | 3 ++- vars/local_vars_large.yml | 3 ++- vars/local_vars_medium.yml | 3 ++- vars/local_vars_small.yml | 3 ++- vars/local_vars_unittest.yml | 3 ++- 6 files changed, 20 insertions(+), 15 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 02becefc1..4138c59ad 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -52,13 +52,13 @@ - debug: - msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install' + msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install' - block: # 5-STANZA BLOCK BEGINS # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -70,9 +70,9 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -84,7 +84,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # WARNING: This might cause excess use of RAM/disk or other resources! # The first 5 values below were chosen by @ericnitschke and @kananigit on @@ -98,7 +98,7 @@ # regular operation it uses: .../fpm/php.ini # And in the past it used: .../apache2/php.ini - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -110,9 +110,9 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -124,14 +124,14 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: name: php{{ php_version }}-fpm state: restarted - when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. + when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. # 'Is a "Rapid Power Off" button possible for low-electricity environments?' diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 7a2d22e57..d35902105 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -341,7 +341,7 @@ nmb_service: nmbd # Could move to roles/samba/defaults/main.yml # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -584,6 +584,7 @@ awstats_enabled: True # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: True matomo_enabled: True +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 624b01603..e6452da31 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -209,7 +209,7 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -342,6 +342,7 @@ awstats_enabled: True # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: True matomo_enabled: True +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 6e695caeb..ed29a7cfc 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -209,7 +209,7 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -342,6 +342,7 @@ awstats_enabled: True # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: True matomo_enabled: True +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 7e3092cbe..3c97b6536 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -209,7 +209,7 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -342,6 +342,7 @@ awstats_enabled: True # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: True matomo_enabled: True +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index f0fd76f47..8356deef1 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -209,7 +209,7 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: +# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' @@ -342,6 +342,7 @@ awstats_enabled: False # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: False matomo_enabled: False +# If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 From 3319e287d4ff138df1fa0c2062f88f1cf5316437 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 14:34:52 -0500 Subject: [PATCH 0803/1758] Disable trusted host check for Matomo Per 2022-12-27 IIAB community minutes 3b. --- roles/matomo/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index a85577936..e58cac922 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -211,6 +211,11 @@ owner: "{{ apache_user }}" group: "{{ apache_user }}" +- name: Don't Check for Trusted Host + ansible.builtin.lineinfile: + path: "{{ matomo_path }}/matomo/config/config.ini.php" + line: enable_trusted_host_check=0 + insertafter: "[General]" # RECORD Matomo AS INSTALLED From 34463b800fb5cc57c221e96321b68b038882bb26 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 15:02:38 -0500 Subject: [PATCH 0804/1758] Fix regex for lineinfile --- roles/matomo/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index e58cac922..76e5010c7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -214,8 +214,8 @@ - name: Don't Check for Trusted Host ansible.builtin.lineinfile: path: "{{ matomo_path }}/matomo/config/config.ini.php" - line: enable_trusted_host_check=0 - insertafter: "[General]" + line: "enable_trusted_host_check=0" + insertafter: "^\[General\]$" # RECORD Matomo AS INSTALLED From 7fb4bdde881bcd530070aca36165ead1755163a7 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 15:20:22 -0500 Subject: [PATCH 0805/1758] Escape equals for skip trusted host check --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 76e5010c7..0ad386d86 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -214,7 +214,7 @@ - name: Don't Check for Trusted Host ansible.builtin.lineinfile: path: "{{ matomo_path }}/matomo/config/config.ini.php" - line: "enable_trusted_host_check=0" + line: "enable_trusted_host_check\=0" insertafter: "^\[General\]$" # RECORD Matomo AS INSTALLED From 424f15c4d255e51404d6356c1e9e35e85dee63c1 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 15:56:14 -0500 Subject: [PATCH 0806/1758] Switch from lineinfile to ini_file lineinfile was really struggling to handle a k/v value with "=" in it. ini_file is built for precisely this file format and handles the issue effortlessly. --- roles/matomo/tasks/install.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 0ad386d86..49dc98dc7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -212,10 +212,11 @@ group: "{{ apache_user }}" - name: Don't Check for Trusted Host - ansible.builtin.lineinfile: + ini_file: path: "{{ matomo_path }}/matomo/config/config.ini.php" - line: "enable_trusted_host_check\=0" - insertafter: "^\[General\]$" + section: General + option: enable_trusted_host_check + value: 0 # RECORD Matomo AS INSTALLED From e635b25d7af0ecd1f01f8778bc3b24ff935f1ab2 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Thu, 29 Dec 2022 05:15:05 -0500 Subject: [PATCH 0807/1758] Don't make slash required in Matomo URL --- roles/matomo/templates/matomo-nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 index 21ae9ddfa..0a7b91609 100644 --- a/roles/matomo/templates/matomo-nginx.conf.j2 +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -12,6 +12,6 @@ location ~ ^/matomo(.*)\.php(.*)$ { fastcgi_param PATH_INFO $2; } -location ~ ^/matomo/ { +location ~ ^/matomo(/)? { root /library/www; } From 27b0c5b843537b8990b229e33179a1dd524d3c4c Mon Sep 17 00:00:00 2001 From: cwivagg Date: Thu, 29 Dec 2022 06:20:53 -0500 Subject: [PATCH 0808/1758] Add required PHP extensions --- roles/matomo/tasks/install.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 49dc98dc7..40d9c539d 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -10,6 +10,17 @@ # TASK [matomo : HTTP Get Welcome] *************************************************************************************************************************************** # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +# https://matomo.org/faq/on-premise/matomo-requirements/ +- name: Install Matomo's recommended PHP extensions + package: + name: + - php{{ php_version }}-curl + - php{{ php_version }}-gd + - php{{ php_version }}-cli + - php{{ php_version }}-mysql + - php{{ php_version }}-xml + - php{{ php_version }}-mbstring + - name: Start MariaDB #action: service name=mysql state=started systemd: From 81004687c822a2f9bd18dd9b8408a03a1d3cdc95 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Dec 2022 08:36:45 -0500 Subject: [PATCH 0809/1758] www_options/tasks/set-php-limits.yml run on demand (by 5 roles) --- roles/matomo/tasks/install.yml | 7 + roles/moodle/tasks/install.yml | 5 + roles/nextcloud/tasks/install.yml | 5 + roles/pbx/tasks/freepbx.yml | 5 + roles/wordpress/tasks/install.yml | 6 + roles/www_options/tasks/main.yml | 82 +--------- roles/www_options/tasks/set-php-limits.yml | 177 +++++++++++++++++++++ vars/default_vars.yml | 3 +- vars/local_vars_large.yml | 3 +- vars/local_vars_medium.yml | 3 +- vars/local_vars_small.yml | 3 +- vars/local_vars_unittest.yml | 3 +- 12 files changed, 216 insertions(+), 86 deletions(-) create mode 100644 roles/www_options/tasks/set-php-limits.yml diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index a85577936..694d34c7f 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -2,6 +2,7 @@ # Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running # from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156. + - name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/matomo already exists" meta: noop @@ -10,6 +11,12 @@ # TASK [matomo : HTTP Get Welcome] *************************************************************************************************************************************** # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} + +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + - name: Start MariaDB #action: service name=mysql state=started systemd: diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 734730cde..0ab9c921e 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,6 +17,11 @@ name: postgresql +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: # https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries # https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 1d6e135cc..eb6f350bb 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -40,6 +40,11 @@ # var: php_new +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 5480e7722..471bb4b82 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -2,6 +2,11 @@ # https://github.com/iiab/iiab/tree/master/roles/pbx#readme +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + # 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via # systemd-sysv-install, to '/etc/init.d/asterisk status' etc) is Enabled but # Not Active at this point. diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index a22710438..3dfd96cbf 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -11,6 +11,12 @@ # and security enhancements using timestamps under /library/wordpress, as these # can arise without warning when WordPress is online, since WordPress ~4.8 + +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits is undefined + + # 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: # https://make.wordpress.org/hosting/handbook/server-environment/ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 4138c59ad..dc59083f0 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -51,87 +51,7 @@ when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists -- debug: - msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install' - -- block: # 5-STANZA BLOCK BEGINS - - # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" - lineinfile: - path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" - lineinfile: - path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - # WARNING: This might cause excess use of RAM/disk or other resources! - # The first 5 values below were chosen by @ericnitschke and @kananigit on - # 2018-09-19: https://github.com/iiab/iiab/issues/1147 - - # 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional - # clauses (to reset/restore PHP's defaults) are not necessary at this time. - - # 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES* - # editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during - # regular operation it uses: .../fpm/php.ini - # And in the past it used: .../apache2/php.ini - - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" - lineinfile: - path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" - lineinfile: - path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install - - - name: Restart 'php{{ php_version }}-fpm' systemd service - systemd: - name: php{{ php_version }}-fpm - state: restarted - - when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. +# 2022-12-29: set-php-limits.yml run on demand (by roles that need it) # 'Is a "Rapid Power Off" button possible for low-electricity environments?' diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/set-php-limits.yml new file mode 100644 index 000000000..e71c22c99 --- /dev/null +++ b/roles/www_options/tasks/set-php-limits.yml @@ -0,0 +1,177 @@ +# As of 2022-12-29, this is invoked by: +# +# roles/matomo/tasks/install.yml +# roles/moodle/tasks/install.yml +# roles/nextcloud/tasks/install.yml +# roles/pbx/tasks/freepbx.yml +# roles/wordpress/tasks/install.yml + +# Ansible's ini_file would normally be best, to tweak .ini files: +# https://docs.ansible.com/ansible/latest/collections/community/general/ini_file_module.html +# +# But in this case, explanatory comments (inserted by lineinfile below) offer +# important context to implementers modifying both php.ini files after the fact. + + +# WARNING: 'nginx_high_php_limits: True' (especially!) might cause excess use of +# RAM/disk or other resources! Five original values below chosen by @kananigit +# and @ericnitschke on 2018-09-19: https://github.com/iiab/iiab/issues/1147 + +# 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional clauses +# (to reset/restore PHP's own defaults) are not necessary at this time. + +# 2021-06-28: WITH PHP 8.x, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES* +# editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during +# regular operation it uses: .../fpm/php.ini +# And in the past it used: .../apache2/php.ini + + +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + lineinfile: + path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: not nginx_high_php_limits and not moodle_install + +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + lineinfile: + path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: not nginx_high_php_limits and not moodle_install + + +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + lineinfile: + path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: nginx_high_php_limits or moodle_install + +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + lineinfile: + path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: nginx_high_php_limits or moodle_install + + +- name: Restart 'php{{ php_version }}-fpm' systemd service + systemd: + name: php{{ php_version }}-fpm + state: restarted + +- name: "Set 'set_php_limits: True' so set-php-limits.yml runs just once (per Ansible run)" + set_fact: + set_php_limits: True + + +# - debug: +# msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install' + +# - block: # 5-STANZA BLOCK BEGINS + +# # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server + +# - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +# lineinfile: +# path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# with_items: +# - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } +# - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } +# - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } +# - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } +# - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } +# - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } +# when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + +# - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +# lineinfile: +# path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# with_items: +# - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } +# - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } +# - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } +# - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } +# - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } +# - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } +# when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + +# # WARNING: This might cause excess use of RAM/disk or other resources! +# # The first 5 values below were chosen by @ericnitschke and @kananigit on +# # 2018-09-19: https://github.com/iiab/iiab/issues/1147 + +# # 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional +# # clauses (to reset/restore PHP's defaults) are not necessary at this time. + +# # 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES* +# # editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during +# # regular operation it uses: .../fpm/php.ini +# # And in the past it used: .../apache2/php.ini + +# - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +# lineinfile: +# path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# with_items: +# - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } +# - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } +# - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } +# - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } +# - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } +# - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } +# when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + +# - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +# lineinfile: +# path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# with_items: +# - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } +# - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } +# - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } +# - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } +# - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } +# - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } +# when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + +# - name: Restart 'php{{ php_version }}-fpm' systemd service +# systemd: +# name: php{{ php_version }}-fpm +# state: restarted + +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. diff --git a/vars/default_vars.yml b/vars/default_vars.yml index d35902105..57768b92d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -504,7 +504,8 @@ postgresql_enabled: False # Warning: Moodle is a serious LMS, that takes a while to install. moodle_install: False moodle_enabled: False -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index e6452da31..96a5e27f3 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -296,7 +296,8 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: True moodle_enabled: True -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index ed29a7cfc..086acca50 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -296,7 +296,8 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 3c97b6536..efda0cd4c 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -296,7 +296,8 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install. moodle_install: False moodle_enabled: False -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 8356deef1..f96fb415b 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -296,7 +296,8 @@ kiwix_enabled: False # Warning: Moodle is a serious LMS, that takes a while to install. moodle_install: False moodle_enabled: False -# If using Moodle intensively, set nginx_high_php_limits further above. +# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, +# as auto-enacted by roles/www_options/tasks/set-php-limits.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps From b597913886050e3e15511be03f11259fc232d895 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Dec 2022 09:05:19 -0500 Subject: [PATCH 0810/1758] Clarify explanation at top of set-php-limits.yml --- roles/www_options/tasks/set-php-limits.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/set-php-limits.yml index e71c22c99..345bc41f6 100644 --- a/roles/www_options/tasks/set-php-limits.yml +++ b/roles/www_options/tasks/set-php-limits.yml @@ -1,4 +1,4 @@ -# As of 2022-12-29, this is invoked by: +# 2022-12-29: This file (set-php-limits.yml) is invoked on demand, by: # # roles/matomo/tasks/install.yml # roles/moodle/tasks/install.yml From 74c680cc6d833058cc41bf2e658e0c6e33fb3383 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Thu, 29 Dec 2022 10:21:34 -0500 Subject: [PATCH 0811/1758] Update README Remove notes about trusted website check to reflect this patch, and add note about time zone. --- roles/matomo/README.adoc | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 0abedbbfa..7bef1f07e 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -41,13 +41,6 @@ Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged a Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ -WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. - -1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see `trusted_hosts[] = "192.168.64.10"`, so I copy `"192.168.64.10"`. -2. Run `sudo nano /library/www/matomo/config/config.ini.php` to edit Matomo's config file. -3. Paste or type the IP address from Step 1 to replace `"box.lan"` in the `trusted_hosts` line, which should be about line 13. When I'm done, my line 13 says `trusted_hosts[] = "192.168.64.10"` instead of `trusted_hosts[] = "box.lan"`. -4. Refresh the Matomo homepage and the warning should be gone. -5. Optionally, see the https://forum.matomo.org/t/trusted-hostname/11963[advanced tips] in https://forum.matomo.org/[Matomo's Forum]. WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) @@ -65,6 +58,9 @@ Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* 2. One thing Matomo can't track correctly is navigation within KA Lite (Khan Academy) pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. +3. Time Zones: The Matomo installer's default behavior in "Configure Matomo to track IIAB" is to pick up the system time zone when none is supplied. If this doesn't work, you can set the time zone to whatever you prefer from the Matomo home page. In testing, Matomo picked up the system time zone on a regular Multipass Ubuntu instance. However, it was unable to do so on a VirtualBox Ubuntu instance. Thus, we provide a fallback behavior "Fallback Configure Matomo to track IIAB" that picks an arbitrary time zone. The fallback fires only when the form with an empty time zone is submitted and returns a 200 status code instead of 302, indicating that form submission failed. + + == Credits Carl Wivagg From eba3225b7c7c16805e32d8da8076991a38de5122 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Dec 2022 10:29:01 -0500 Subject: [PATCH 0812/1758] Rename flag to set_php_limits_done (so it runs once at most, per Ansible run) --- roles/matomo/tasks/install.yml | 2 +- roles/moodle/tasks/install.yml | 2 +- roles/nextcloud/tasks/install.yml | 2 +- roles/pbx/tasks/freepbx.yml | 2 +- roles/wordpress/tasks/install.yml | 2 +- roles/www_options/tasks/set-php-limits.yml | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 694d34c7f..4280de403 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -14,7 +14,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined - name: Start MariaDB diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 0ab9c921e..4e39ddebe 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -19,7 +19,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index eb6f350bb..35e80a825 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -42,7 +42,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 471bb4b82..cc976e97f 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -4,7 +4,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined # 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 3dfd96cbf..b2bcd27b9 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -14,7 +14,7 @@ - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits is undefined + when: set_php_limits_done is undefined # 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/set-php-limits.yml index e71c22c99..b9ee0b0a5 100644 --- a/roles/www_options/tasks/set-php-limits.yml +++ b/roles/www_options/tasks/set-php-limits.yml @@ -89,9 +89,9 @@ name: php{{ php_version }}-fpm state: restarted -- name: "Set 'set_php_limits: True' so set-php-limits.yml runs just once (per Ansible run)" +- name: "Set 'set_php_limits_done: True' so set-php-limits.yml runs just once (per Ansible run)" set_fact: - set_php_limits: True + set_php_limits_done: True # - debug: From 2a7eba7297290f25152a6f92ffff434845e70dfc Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Dec 2022 11:48:17 -0500 Subject: [PATCH 0813/1758] Set PHP limits right after PHP reqs/recs, so each role installs smoothly --- roles/matomo/tasks/install.yml | 2 ++ roles/moodle/tasks/install.yml | 10 +++++----- roles/nextcloud/tasks/install.yml | 9 ++++----- roles/pbx/tasks/freepbx.yml | 9 ++++----- roles/wordpress/tasks/install.yml | 10 +++++----- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 4280de403..8c18720d7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,6 +12,8 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +# (Install Matomo's PHP requirements / recommendations here, e.g. 6 extensions) + - name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/set-php-limits.yml when: set_php_limits_done is undefined diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4e39ddebe..a39ba33ac 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,11 +17,6 @@ name: postgresql -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined - - # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: # https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries # https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml @@ -49,6 +44,11 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits_done is undefined + + - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.2" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 35e80a825..9352d65cc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -40,11 +40,6 @@ # var: php_new -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined - - # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -91,6 +86,10 @@ # state: present # when: php_version is version('8.0', '<') +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits_done is undefined + - name: Create dir {{ nextcloud_root_dir }} (by default 755 dirs & 644 files) file: diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index cc976e97f..45d28b2a3 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -2,11 +2,6 @@ # https://github.com/iiab/iiab/tree/master/roles/pbx#readme -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined - - # 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via # systemd-sysv-install, to '/etc/init.d/asterisk status' etc) is Enabled but # Not Active at this point. @@ -67,6 +62,10 @@ # state: present # when: php_version is version('8.0', '<') +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits_done is undefined + - name: FreePBX - Install and configure Apache - if pbx_use_apache include_tasks: apache.yml when: pbx_use_apache diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index b2bcd27b9..db9f30087 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,11 +12,6 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined - - # 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: # https://make.wordpress.org/hosting/handbook/server-environment/ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) @@ -44,6 +39,11 @@ # state: present # when: php_version is version('8.0', '<') +- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/set-php-limits.yml + when: set_php_limits_done is undefined + + - name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists file: path: "{{ downloads_dir }}/wordpress.tar.gz" From 6f06bfacd0c17458ac521af4ff4bf3152aaec9e6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 30 Dec 2022 01:15:09 +0530 Subject: [PATCH 0814/1758] Allow post-install toggling of nginx_high_php_limits --- roles/www_options/tasks/main.yml | 7 ++++++- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index dc59083f0..59754f749 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -51,7 +51,12 @@ when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists -# 2022-12-29: set-php-limits.yml run on demand (by roles that need it) +# 2022-12-29: set-php-limits.yml is ALSO attempted (on demand) by every +# /tasks/install.yml that needs it (Matomo, Moodle, Nextcloud, PBX, +# WordPress) so './runrole ' and similar are fully self-sufficient! +- name: "Run set-php-limits.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" + include_tasks: set-php-limits.yml + when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 'Is a "Rapid Power Off" button possible for low-electricity environments?' diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 57768b92d..a79ec1e13 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -346,7 +346,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 96a5e27f3..6793fe878 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 086acca50..6cfc82613 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index efda0cd4c..e12612962 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index f96fb415b..8b683f492 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf From 2c20165768cc24a0ba0adb22361189622fbd70ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Dec 2022 15:24:01 -0500 Subject: [PATCH 0815/1758] Use the new 'gitea_version: 1.18' (instead of 1.17) --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 9fb97153a..2a620f8cc 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.17 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. +gitea_version: 1.18 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. iset_suffixes: i386: 386 x86_64: amd64 From e3ef4cded0c7d4739c2f9c4b81d263702e8d7b4d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 29 Dec 2022 17:50:12 -0500 Subject: [PATCH 0816/1758] Explain #3449 set-php-limits.yml (top line summary) --- roles/www_options/tasks/set-php-limits.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/set-php-limits.yml index 67ea12966..7c64fce3e 100644 --- a/roles/www_options/tasks/set-php-limits.yml +++ b/roles/www_options/tasks/set-php-limits.yml @@ -1,4 +1,4 @@ -# 2022-12-29: This file (set-php-limits.yml) is invoked on demand, by: +# 2022-12-29: This file (set-php-limits.yml) is ALSO invoked on demand, by: # # roles/matomo/tasks/install.yml # roles/moodle/tasks/install.yml From 371146c4edb2b82aebdfce8f673648517c741c91 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 30 Dec 2022 02:29:16 -0500 Subject: [PATCH 0817/1758] 0-init/tasks/tz.yml: Why ansible_date_time.tz is a problem --- roles/0-init/tasks/tz.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/roles/0-init/tasks/tz.yml b/roles/0-init/tasks/tz.yml index 017947a05..9874b77b9 100644 --- a/roles/0-init/tasks/tz.yml +++ b/roles/0-init/tasks/tz.yml @@ -1,3 +1,21 @@ +# 2022-12-30: FYI ansible_date_time.tz provides TZ ABBREVIATIONS (equivalent +# to 'date +%Z' output) which leads to serious ambiguity -- and not just (A) +# seasonal EST/EDT ambiguities, or (B) floods of geographic synonyms for the +# very same time zone! More Seriously: (C) both commands above output "IST" +# for both Israel Standard Time (+0200) AND India Standard Time (+0530). Etc! +# +# While Ansible provides 2 other vars that (slightly) help disambiguate +# (ansible_date_time.tz_dst and ansible_date_time.tz_offset), there's a far +# better way -- which is to read the System TZ directly from Linux: +# +# timedatectl show -p "Timezone" --value +# +# This takes care of essentially everything (e.g. output "America/New_York") +# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone +# then (3) if neither exist, then "UTC" is declated (correctly!) One +# drawback: timedatectl if not easily usable within chroot environments. + + - name: "'local_tz: {{ local_tz }}' was set by ansible_date_time.tz in /opt/iiab/iiab/vars/default_vars.yml -- e.g. if Ansible finds symlink /etc/localtime -> ../usr/share/zoneinfo/America/New_York -- it will simplify that to 'EDT' (in the summer) or 'EST' (in the winter)" command: echo From abf5e08f3fe79d5c203183ab0b850dcd27aa5167 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 30 Dec 2022 02:35:10 -0500 Subject: [PATCH 0818/1758] 0-init/tasks/tz.yml: Clarify Time Zone (TZ) extraction --- roles/0-init/tasks/tz.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/tz.yml b/roles/0-init/tasks/tz.yml index 9874b77b9..39fa926a1 100644 --- a/roles/0-init/tasks/tz.yml +++ b/roles/0-init/tasks/tz.yml @@ -12,8 +12,8 @@ # # This takes care of essentially everything (e.g. output "America/New_York") # by checking (1) symlink /etc/localtime then (2) text file /etc/timezone -# then (3) if neither exist, then "UTC" is declated (correctly!) One -# drawback: timedatectl if not easily usable within chroot environments. +# then (3) if neither exist, "UTC" is declated (correctly!) One drawback: +# timedatectl if not easily usable within chroot environments. - name: "'local_tz: {{ local_tz }}' was set by ansible_date_time.tz in /opt/iiab/iiab/vars/default_vars.yml -- e.g. if Ansible finds symlink /etc/localtime -> ../usr/share/zoneinfo/America/New_York -- it will simplify that to 'EDT' (in the summer) or 'EST' (in the winter)" From a02c452110a257ee7c7623fef9f2b9d008095b68 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 30 Dec 2022 14:39:46 +0530 Subject: [PATCH 0819/1758] Store System TZ into fpm/php.ini & cli/php.ini for Matomo etc --- roles/0-init/tasks/main.yml | 13 ++++--- roles/0-init/tasks/{tz.yml => tz.yml.unused} | 18 +-------- roles/matomo/tasks/install.yml | 6 +-- roles/moodle/tasks/install.yml | 6 +-- roles/nextcloud/tasks/install.yml | 6 +-- roles/pbx/tasks/freepbx.yml | 6 +-- roles/wordpress/tasks/install.yml | 6 +-- roles/www_options/tasks/main.yml | 6 +-- .../{set-php-limits.yml => php-settings.yml} | 38 +++++++++++++++++-- vars/default_vars.yml | 7 +--- vars/local_vars_large.yml | 4 +- vars/local_vars_medium.yml | 4 +- vars/local_vars_small.yml | 4 +- vars/local_vars_unittest.yml | 4 +- 14 files changed, 71 insertions(+), 57 deletions(-) rename roles/0-init/tasks/{tz.yml => tz.yml.unused} (75%) rename roles/www_options/tasks/{set-php-limits.yml => php-settings.yml} (88%) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 7a1532898..4c02c6ca5 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -54,8 +54,9 @@ include_tasks: validate_vars.yml when: not (rpi_model | regex_search('\\bW\\b')) # Ansible require double backslashes, e.g. with \b "word boundary" anchors: https://www.regular-expressions.info/wordboundaries.html https://stackoverflow.com/questions/56869119/ansible-regular-expression-to-match-a-string-and-extract-the-line/56869801#56869801 -- name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" - include_tasks: tz.yml +# 2022-12-30: Functionality moved to www_options/tasks/php-settings.yml +# - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" +# include_tasks: tz.yml - name: Set hostname / domain (etc) in various places include_tasks: hostname.yml @@ -103,10 +104,10 @@ value: "{{ php_version }}" - option: first_run value: "{{ first_run }}" - - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist - value: "{{ local_tz }}" - - option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist - value: "{{ etc_localtime.stdout }}" + # - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist + # value: "{{ local_tz }}" + # - option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist + # value: "{{ etc_localtime.stdout }}" - option: FQDN_changed value: "{{ FQDN_changed }}" diff --git a/roles/0-init/tasks/tz.yml b/roles/0-init/tasks/tz.yml.unused similarity index 75% rename from roles/0-init/tasks/tz.yml rename to roles/0-init/tasks/tz.yml.unused index 39fa926a1..dc07f8bc4 100644 --- a/roles/0-init/tasks/tz.yml +++ b/roles/0-init/tasks/tz.yml.unused @@ -1,20 +1,4 @@ -# 2022-12-30: FYI ansible_date_time.tz provides TZ ABBREVIATIONS (equivalent -# to 'date +%Z' output) which leads to serious ambiguity -- and not just (A) -# seasonal EST/EDT ambiguities, or (B) floods of geographic synonyms for the -# very same time zone! More Seriously: (C) both commands above output "IST" -# for both Israel Standard Time (+0200) AND India Standard Time (+0530). Etc! -# -# While Ansible provides 2 other vars that (slightly) help disambiguate -# (ansible_date_time.tz_dst and ansible_date_time.tz_offset), there's a far -# better way -- which is to read the System TZ directly from Linux: -# -# timedatectl show -p "Timezone" --value -# -# This takes care of essentially everything (e.g. output "America/New_York") -# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone -# then (3) if neither exist, "UTC" is declated (correctly!) One drawback: -# timedatectl if not easily usable within chroot environments. - +# 2022-12-30: Functionality moved to www_options/tasks/php-settings.yml - name: "'local_tz: {{ local_tz }}' was set by ansible_date_time.tz in /opt/iiab/iiab/vars/default_vars.yml -- e.g. if Ansible finds symlink /etc/localtime -> ../usr/share/zoneinfo/America/New_York -- it will simplify that to 'EDT' (in the summer) or 'EST' (in the winter)" command: echo diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index ee0333d84..2938e5983 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -23,9 +23,9 @@ - php{{ php_version }}-xml - php{{ php_version }}-mbstring -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: Start MariaDB diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a39ba33ac..ec30d7f34 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -44,9 +44,9 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: True' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: True' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.2" diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 9352d65cc..8fc25cd08 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -86,9 +86,9 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: Create dir {{ nextcloud_root_dir }} (by default 755 dirs & 644 files) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 45d28b2a3..df541cd96 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -62,9 +62,9 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: FreePBX - Install and configure Apache - if pbx_use_apache include_tasks: apache.yml diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index db9f30087..cfab49cc0 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -39,9 +39,9 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/set-php-limits.yml with 'nginx_high_php_limits: False' by default" - include_tasks: roles/www_options/tasks/set-php-limits.yml - when: set_php_limits_done is undefined +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" + include_tasks: roles/www_options/tasks/php-settings.yml + when: php_settings_done is undefined - name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 59754f749..fba3379ac 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -51,11 +51,11 @@ when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists -# 2022-12-29: set-php-limits.yml is ALSO attempted (on demand) by every +# 2022-12-29: php-settings.yml is ALSO attempted (on demand) by every # /tasks/install.yml that needs it (Matomo, Moodle, Nextcloud, PBX, # WordPress) so './runrole ' and similar are fully self-sufficient! -- name: "Run set-php-limits.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" - include_tasks: set-php-limits.yml +- name: "Run php-settings.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" + include_tasks: php-settings.yml when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install diff --git a/roles/www_options/tasks/set-php-limits.yml b/roles/www_options/tasks/php-settings.yml similarity index 88% rename from roles/www_options/tasks/set-php-limits.yml rename to roles/www_options/tasks/php-settings.yml index 7c64fce3e..887b05c40 100644 --- a/roles/www_options/tasks/set-php-limits.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -1,4 +1,4 @@ -# 2022-12-29: This file (set-php-limits.yml) is ALSO invoked on demand, by: +# 2022-12-29: This file (php-settings.yml) is ALSO invoked on demand, by: # # roles/matomo/tasks/install.yml # roles/moodle/tasks/install.yml @@ -13,6 +13,38 @@ # important context to implementers modifying both php.ini files after the fact. +# 2022-12-30: FYI ansible_date_time.tz provides TZ ABBREVIATIONS (equivalent +# to 'date +%Z' output) which leads to serious ambiguity -- and not just (A) +# seasonal EST/EDT ambiguities, or (B) floods of geographic synonyms for the +# very same time zone! More Seriously: (C) both commands above output "IST" +# for both Israel Standard Time (+0200) AND India Standard Time (+0530). Etc! +# +# While Ansible provides 2 other vars that (slightly) help disambiguate +# (ansible_date_time.tz_dst and ansible_date_time.tz_offset), there's a far +# better way -- which is to read the System TZ directly from Linux: +# +# timedatectl show -p Timezone --value +# +# This takes care of essentially everything (e.g. output "America/New_York") +# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone +# then (3) if neither exist, "UTC" is declated (correctly!) One drawback: +# timedatectl if not easily usable within chroot environments. + +- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) + command: timedatectl show -p "Timezone" --value + register: tz_cli + +- name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini + ini_file: + path: "{{ item }}" + section: Date + option: date.timezone + value: "{{ tz_cli.stdout }}" # e.g. America/New_York or UTC + with_items: + - /etc/php/{{ php_version }}/fpm/php.ini + - /etc/php/{{ php_version }}/cli/php.ini + + # WARNING: 'nginx_high_php_limits: True' (especially!) might cause excess use of # RAM/disk or other resources! Five original values below chosen by @kananigit # and @ericnitschke on 2018-09-19: https://github.com/iiab/iiab/issues/1147 @@ -89,9 +121,9 @@ name: php{{ php_version }}-fpm state: restarted -- name: "Set 'set_php_limits_done: True' so set-php-limits.yml runs just once (per Ansible run)" +- name: "Set 'php_settings_done: True' so php-settings.yml runs just once (per Ansible run)" set_fact: - set_php_limits_done: True + php_settings_done: True # - debug: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a79ec1e13..9236e0899 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -72,9 +72,6 @@ admin_console_group: iiab-admin # This group & sudo log in to Admin Console. # Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("", "$6$<salt>")' -# Time Zone (php used to need timezone set). SEE: roles/0-init/tasks/tz.yml -local_tz: "{{ ansible_date_time.tz }}" - # Set these to False if you do not want to install/enable IIAB Admin Console admin_console_install: True admin_console_enabled: True @@ -346,7 +343,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -505,7 +502,7 @@ postgresql_enabled: False moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 6793fe878..3f6371a41 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -297,7 +297,7 @@ kiwix_enabled: True moodle_install: True moodle_enabled: True # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 6cfc82613..7be767773 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -297,7 +297,7 @@ kiwix_enabled: True moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index e12612962..aa084cf88 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -297,7 +297,7 @@ kiwix_enabled: True moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 8b683f492..b26a793b7 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -214,7 +214,7 @@ nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/set-php-limits.yml +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf @@ -297,7 +297,7 @@ kiwix_enabled: False moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, -# as auto-enacted by roles/www_options/tasks/set-php-limits.yml +# as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps From 322b7729d9e9713dc98379f2dd719c77c1674dbc Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 30 Dec 2022 15:19:12 +0530 Subject: [PATCH 0820/1758] www_options/tasks/php-settings.yml: Cleaner comments --- roles/www_options/tasks/php-settings.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 887b05c40..18fb606f6 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -6,12 +6,6 @@ # roles/pbx/tasks/freepbx.yml # roles/wordpress/tasks/install.yml -# Ansible's ini_file would normally be best, to tweak .ini files: -# https://docs.ansible.com/ansible/latest/collections/community/general/ini_file_module.html -# -# But in this case, explanatory comments (inserted by lineinfile below) offer -# important context to implementers modifying both php.ini files after the fact. - # 2022-12-30: FYI ansible_date_time.tz provides TZ ABBREVIATIONS (equivalent # to 'date +%Z' output) which leads to serious ambiguity -- and not just (A) @@ -26,9 +20,9 @@ # timedatectl show -p Timezone --value # # This takes care of essentially everything (e.g. output "America/New_York") -# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone -# then (3) if neither exist, "UTC" is declated (correctly!) One drawback: -# timedatectl if not easily usable within chroot environments. +# by checking (1) symlink /etc/localtime then (2) text file /etc/timezone if +# nec, then (3) if neither exist, "UTC" is declated (correctly!) Potential +# drawback: timedatectl is not easily usable within chroot environments. - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) command: timedatectl show -p "Timezone" --value @@ -116,6 +110,13 @@ when: nginx_high_php_limits or moodle_install +# To tweak .ini files, Ansible's ini_file is normally better than lineinfile: +# https://docs.ansible.com/ansible/latest/collections/community/general/ini_file_module.html +# +# But for the 6 * 4 above, explanatory comments (inserted by lineinfile) offer +# important context to implementers modifying both php.ini files after the fact. + + - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: name: php{{ php_version }}-fpm From 92926b9040820ab80e32777f28717191b9c34f9d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 30 Dec 2022 05:52:23 -0500 Subject: [PATCH 0821/1758] 0-init/tasks/hostname.yml: Remove stale comments --- roles/0-init/tasks/hostname.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index ed79ccf3b..9e3e22214 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -31,9 +31,6 @@ path: /etc/hosts regexp: '^127\.0\.0\.1' line: '127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan' - #owner: root - #group: root - #mode: 0644 # 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is # for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it From 840f1df60d4d7734d3953ae3b7954b9c2f009b45 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 30 Dec 2022 06:31:13 -0500 Subject: [PATCH 0822/1758] PR #3453 php-settings.yml: Remove unnec quotes --- roles/www_options/tasks/php-settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 18fb606f6..39a2a0bce 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -25,7 +25,7 @@ # drawback: timedatectl is not easily usable within chroot environments. - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) - command: timedatectl show -p "Timezone" --value + command: timedatectl show -p Timezone --value register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From 8f04d45fa226624e0412bc03a16a443341d21f41 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 30 Dec 2022 10:54:03 -0500 Subject: [PATCH 0823/1758] Fix comment Re: matomo/tasks/install.yml Lines 63-199 --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 2938e5983..56439de3e 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -1,6 +1,6 @@ # The sections of code interacting with the Matomo website are modified from code found at https://git.coop/webarch/matomo/. This code is distributed under # Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running -# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156. +# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 63 through 199. - name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/matomo already exists" From 9b6681b4d05ca0f961b9a8897a9c03229aa8bd65 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Jan 2023 01:39:44 -0500 Subject: [PATCH 0824/1758] Pre-release version number 'iiab_base_ver: 8.1' --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9236e0899..f452accb8 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.0 +iiab_base_ver: 8.1 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From db489402d96cb24e28bb2a616522074d903e628d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 4 Jan 2023 08:47:20 -0500 Subject: [PATCH 0825/1758] Travis CI: git mv tests tests.unused --- {tests => tests.unused}/inventory | 0 {tests => tests.unused}/test.yml | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {tests => tests.unused}/inventory (100%) rename {tests => tests.unused}/test.yml (100%) diff --git a/tests/inventory b/tests.unused/inventory similarity index 100% rename from tests/inventory rename to tests.unused/inventory diff --git a/tests/test.yml b/tests.unused/test.yml similarity index 100% rename from tests/test.yml rename to tests.unused/test.yml From 305af9a9bbca98e188c29a42ca1633e45d90b95d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 4 Jan 2023 09:04:51 -0500 Subject: [PATCH 0826/1758] Enable Lokole during MEDIUM/LARGE IIAB installs --- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f452accb8..122128278 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -420,8 +420,8 @@ jupyterhub_venv: /opt/iiab/jupyterhub jupyterhub_port: 8000 # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False -lokole_enabled: False +lokole_install: False # 2022-03-13: Python 3.9+ work +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' # Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 lokole_sim_type: LocalOnly diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 3f6371a41..1a301ed60 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -242,8 +242,8 @@ jupyterhub_install: True jupyterhub_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False # 2022-03-13: Needs work with Python 3.9+ -lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 +lokole_install: True # 2022-03-13: Python 3.9+ work +lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 7be767773..e8d8b1f5e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -242,8 +242,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False # 2022-03-13: Needs work with Python 3.9+ -lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 +lokole_install: True # 2022-03-13: Python 3.9+ work +lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index aa084cf88..aef176b4e 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -242,7 +242,7 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False # 2022-03-13: Needs work with Python 3.9+ +lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index b26a793b7..533c5657d 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -242,8 +242,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: False -lokole_enabled: False +lokole_install: False # 2022-03-13: Python 3.9+ work +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False From 06ea7a914665e2cf25105d313c2f88ee021d56d5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 4 Jan 2023 10:15:09 -0500 Subject: [PATCH 0827/1758] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index caf8b425b..8b4a07b84 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW<br>[github.com/iiab/iiab/wiki/IIAB-Contributors-Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide) +# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Technical-Contributors-Guide](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) # THANKS! From a94bc0e070543fe190e70931bb27910de6e2084b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 2 Jan 2023 00:13:35 -0600 Subject: [PATCH 0828/1758] revert to using pip for ansible on 32bit RaspOS --- scripts/ansible | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2766aec7b..1591eb275 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -129,8 +129,8 @@ fi ### > /etc/apt/sources.list.d/iiab-ansible.list # 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) -echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ - > /etc/apt/sources.list.d/iiab-ansible.list +#echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ +# > /etc/apt/sources.list.d/iiab-ansible.list # In future we might instead consider 'add-apt-repository ppa:ansible/ansible' # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined @@ -152,7 +152,7 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg # 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) -cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg +#cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg ###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' ###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" @@ -188,8 +188,13 @@ if uname -m | grep -q 64; then echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 else - echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" - $APT_PATH/apt -y --allow-downgrades install ansible-core +# echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" +# $APT_PATH/apt -y --allow-downgrades install ansible-core + pip3 config --global set global.no-cache-dir false + echo -e "\n\n'pip3 install cryptography==37.0.4' will now run:\n" + pip3 install cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org + echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" + pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 fi # (Re)running collection installs appears safe, with --force-with-deps to force From 08ade5cd1e7b4e6429fec3fd7fc1080decd3e3ac Mon Sep 17 00:00:00 2001 From: cwivagg <cwivagg@gmail.com> Date: Sat, 7 Jan 2023 07:42:17 -0500 Subject: [PATCH 0829/1758] Update matomo-nginx.conf.j2 Fix security problems noted in https://github.com/iiab/iiab/issues/3441. --- roles/matomo/templates/matomo-nginx.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 index 0a7b91609..8ec494bc0 100644 --- a/roles/matomo/templates/matomo-nginx.conf.j2 +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -10,6 +10,7 @@ location ~ ^/matomo(.*)\.php(.*)$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $2; + location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; } } location ~ ^/matomo(/)? { From ccaa118dadb03cb784562981e37bf63a5dbc0583 Mon Sep 17 00:00:00 2001 From: cwivagg <cwivagg@gmail.com> Date: Sat, 7 Jan 2023 08:27:56 -0500 Subject: [PATCH 0830/1758] Update matomo-nginx.conf.j2 Move file to higher precedence to handle non-php files as well. --- roles/matomo/templates/matomo-nginx.conf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 index 8ec494bc0..a5fdce030 100644 --- a/roles/matomo/templates/matomo-nginx.conf.j2 +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -1,3 +1,5 @@ +location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; } + location ~ ^/matomo(.*)\.php(.*)$ { alias /library/www/matomo$1.php$2; # /library/www/matomo proxy_set_header X-Real-IP $remote_addr; @@ -10,7 +12,6 @@ location ~ ^/matomo(.*)\.php(.*)$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $2; - location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; } } location ~ ^/matomo(/)? { From badf12ec284b052ac7d0f1b39fb079b936a0bc7f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 7 Jan 2023 16:39:35 -0500 Subject: [PATCH 0831/1758] Update README.md --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 64b577547..cf71d76e3 100644 --- a/README.md +++ b/README.md @@ -9,14 +9,14 @@ You can build your own tiny, affordable server (an offline digital library) for Internet-in-a-Box gives you the DIY tools to: 1. Download then drag-and-drop to arrange the [very best of the World’s Free Knowledge](https://internet-in-a-box.org/#quality-content). -2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). +2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). 3. Exchange local/indigenous knowledge with nearby communities, using our [Manage Content](https://github.com/iiab/iiab-admin-console/blob/master/roles/console/files/help/InstContent.rst#manage-content) interface and possible mesh networking. -FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support.3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* +FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* ## Installation -Install Internet-in-a-Box (IIAB) from [download.iiab.io](https://download.iiab.io/) +Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: @@ -29,7 +29,7 @@ See our [Tech Docs Wiki](https://github.com/iiab/iiab/wiki) for more about the u After you've installed the software, you should [add content](https://github.com/iiab/iiab/wiki/IIAB-Installation#add-content), which can of course take time when downloading multi-gigabyte Content Packs! -Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab.io/go/FAQ#How_do_I_customize_my_Internet-in-a-Box_home_page.3F) (typically http://box or http://box.lan) using our **drag-and-drop** Admin Console (http://box.lan/admin) &mdash; to arrange Content Packs and IIAB Apps (services) for your local community's needs. +Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab.io/go/FAQ#How_do_I_customize_my_Internet-in-a-Box_home_page%3F) (typically http://box or http://box.lan) using our **drag-and-drop** Admin Console (http://box.lan/admin) &mdash; to arrange Content Packs and IIAB Apps (services) for your local community's needs. ## Community @@ -37,12 +37,12 @@ Global community updates and videos are regularly posted to: **[@internet_in_box _Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over ["How can I help?"](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) <!-- To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide).--> -To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists.3F)" -FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components. +To learn more about our open community architecture for "offline" learning, check out ["What technical documentation exists?"](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists%3F) +FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use%3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components. *Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* From 0c93392146e11c2ef975e0f3a6e66acdb4b33a57 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 8 Jan 2023 10:59:45 -0500 Subject: [PATCH 0832/1758] scripts/ansible: Update explanatory URL --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1591eb275..26e12ac83 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -4,7 +4,7 @@ # https://stackoverflow.com/questions/9952177/whats-the-meaning-of-the-parameter-e-for-bash-shell-command-line/9952249 # PLZ SEE http://FAQ.IIAB.IO > "What is Ansible and what version should I use?" -# https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible +# https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.1] From 31bd87cd1c9f0e1654c6f57fc84ea49915480897 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 18:58:34 -0500 Subject: [PATCH 0833/1758] http://box/info/admin-console offline docs --- roles/nginx/templates/server.conf.j2 | 4 ++ .../templates/iiab-refresh-wiki-docs.sh | 69 +++++++++++-------- 2 files changed, 44 insertions(+), 29 deletions(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..3f69c3a74 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -7,6 +7,10 @@ server { index index.php index.html index.htm; + location /info { + autoindex on; # Directory listing for http://box/info/admin-console/ + } + # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 500M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 5cc9b3f54..833910d2c 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -15,23 +15,32 @@ INPUT=/tmp/iiab-wiki OUTPUT=/tmp/iiab-wiki.out DESTPATH={{ doc_root }}/info # /library/www/html/info DOCSPATH=$DESTPATH/docs # /library/www/html/info/docs +ADMINCONSOLEPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console +# Note 1: sed (below) shortens URLs to 'admin-console' +# Note 2: Depends on "autoindex on;" in roles/nginx/templates/server.conf.j2 rm -rf $INPUT rm -rf $OUTPUT mkdir -p $INPUT mkdir -p $OUTPUT mkdir -p $DOCSPATH +mkdir -p $ADMINCONSOLEPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT - for f in `ls $INPUT`; do FTRIMMED=${f%.md} if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html done - rsync -av $OUTPUT/ $DESTPATH +cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH +for f in `ls $ADMINCONSOLEPATH`; do + FTRIMMED=${f%.md} + pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html + rm $ADMINCONSOLEPATH/$f +done + # Download FAQ etc lynx -reload -source https://wiki.iiab.io/go/FAQ > $DESTPATH/FAQ.html lynx -reload -source https://wiki.iiab.io/go/Security > $DESTPATH/Security.html @@ -54,42 +63,44 @@ cp -p "{{ iiab_dir }}/roles/lokole/Lokole-IIAB_Users_Manual.pdf" $DOCSPATH # # MAKE LINKS REFER TO LOCAL ITEMS... # ...on main page (http://box/info) -sed -i -r "s|https://magazines-attachments.raspberrypi.org/books/full_pdfs/000/000/038/original/BeginnersGuide-4thEd-Eng_v2.pdf|docs/BeginnersGuide-4thEd-Eng_v2.pdf|g" $DESTPATH/index.html -sed -i -r "s|https://.*archive.org/15/items/other_doc/other_doc.pdf|docs/Raspberry_Pi_User_Guide_v4.pdf|g" $DESTPATH/index.html -sed -i -r "s|https://github.com/iiab/iiab/blob/master/roles/lokole/Lokole-IIAB_Users_Manual.pdf|docs/Lokole-IIAB_Users_Manual.pdf|g" $DESTPATH/index.html +sed -i "s|https://magazines-attachments.raspberrypi.org/books/full_pdfs/000/000/038/original/BeginnersGuide-4thEd-Eng_v2.pdf|docs/BeginnersGuide-4thEd-Eng_v2.pdf|g" $DESTPATH/index.html +sed -i "s|https://.*archive.org/15/items/other_doc/other_doc.pdf|docs/Raspberry_Pi_User_Guide_v4.pdf|g" $DESTPATH/index.html +sed -i "s|https://github.com/iiab/iiab/blob/master/roles/lokole/Lokole-IIAB_Users_Manual.pdf|docs/Lokole-IIAB_Users_Manual.pdf|g" $DESTPATH/index.html -# ...and within subpages +# ...and within main subpages for f in $DESTPATH/*.html; do sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.A-Za-z0-9]*)|\1.html|g" $f - sed -i -e "s|https://github.com/xsce/xsce/blob/release-6.2/\(.*\)\.md\">|\1.html\">|g" $f - sed -i -e "s|https://github.com/xsce/xsce/wiki/\(.*\)\">|\1.html\">|g" $f + sed -i "s|https://github.com/iiab/iiab-admin-console/tree/master/docs|admin-console|g" $f - sed -i -e "s|https://wiki.iiab.io/go/FAQ|FAQ.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/FAQ|FAQ.html|g" $f - sed -i -e "s|/go/IIAB/FAQ|FAQ.html|g" $f - sed -i -e "s|http://wiki.iiab.io/FAQ|FAQ.html|g" $f - sed -i -e "s|http://FAQ.IIAB.IO|FAQ.html|g" $f - sed -i -e "s|http://faq.iiab.io|FAQ.html|g" $f - sed -i -e "s|http://schoolserver.org/FAQ|FAQ.html|g" $f - sed -i -e "s|http://schoolserver.org/faq|FAQ.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|FAQ.html|g" $f + sed -i "s|https://github.com/xsce/xsce/blob/release-6.2/\(.*\)\.md\">|\1.html\">|g" $f + sed -i "s|https://github.com/xsce/xsce/wiki/\(.*\)\">|\1.html\">|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/Security|Security.html|g" $f - sed -i -e "s|/go/IIAB/Security|Security.html|g" $f - sed -i -e "s|http://wiki.iiab.io/Security|Security.html|g" $f + sed -i "s|https://wiki.iiab.io/go/FAQ|FAQ.html|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/FAQ|FAQ.html|g" $f + sed -i "s|/go/IIAB/FAQ|FAQ.html|g" $f + sed -i "s|http://wiki.iiab.io/FAQ|FAQ.html|g" $f + sed -i "s|http://FAQ.IIAB.IO|FAQ.html|g" $f + sed -i "s|http://faq.iiab.io|FAQ.html|g" $f + #sed -i "s|http://schoolserver.org/FAQ|FAQ.html|g" $f + #sed -i "s|http://schoolserver.org/faq|FAQ.html|g" $f + #sed -i "s|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|FAQ.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars.yml|local_vars.yml|g" $f - sed -i -e "s|/go/IIAB/local_vars.yml|local_vars.yml|g" $f - sed -i -e "s|http://wiki.iiab.io/local_vars.yml|local_vars.yml|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/Security|Security.html|g" $f + sed -i "s|/go/IIAB/Security|Security.html|g" $f + sed -i "s|http://wiki.iiab.io/Security|Security.html|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f - sed -i -e "s|/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f - sed -i -e "s|http://wiki.iiab.io/local_vars_min.yml|local_vars_min.yml|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/local_vars.yml|local_vars.yml|g" $f + sed -i "s|/go/IIAB/local_vars.yml|local_vars.yml|g" $f + sed -i "s|https://wiki.iiab.io/local_vars.yml|local_vars.yml|g" $f - sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f - sed -i -e "s|/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f - sed -i -e "s|http://wiki.iiab.io/local_vars_big.yml|local_vars_big.yml|g" $f + #sed -i "s|http://wiki.laptop.org/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f + #sed -i "s|/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f + #sed -i "s|http://wiki.iiab.io/local_vars_min.yml|local_vars_min.yml|g" $f + + #sed -i "s|http://wiki.laptop.org/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f + #sed -i "s|/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f + #sed -i "s|http://wiki.iiab.io/local_vars_big.yml|local_vars_big.yml|g" $f done exit 0 From 65cb09c67b424d28aab56547eb6b334cbf1ecfa1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:10:35 -0500 Subject: [PATCH 0834/1758] iiab-refresh-wiki-docs also needs to run w/o Admin Console --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 833910d2c..b297f7a6c 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -34,12 +34,14 @@ for f in `ls $INPUT`; do done rsync -av $OUTPUT/ $DESTPATH -cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH -for f in `ls $ADMINCONSOLEPATH`; do - FTRIMMED=${f%.md} - pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html - rm $ADMINCONSOLEPATH/$f -done +if [ -d /opt/iiab/iiab-admin-console/docs ]; then + cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH + for f in `ls $ADMINCONSOLEPATH`; do + FTRIMMED=${f%.md} + pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html + rm $ADMINCONSOLEPATH/$f + done +fi # Download FAQ etc lynx -reload -source https://wiki.iiab.io/go/FAQ > $DESTPATH/FAQ.html From 1b2930c52d8590dae3eb09c457e5d828fb5222e1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:18:01 -0500 Subject: [PATCH 0835/1758] 'cp -r' was overkill: 'cp /opt/iiab/iiab-admin-console/docs/*' suffices --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index b297f7a6c..c303b89f7 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -35,7 +35,7 @@ done rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then - cp -r /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH + cp /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH for f in `ls $ADMINCONSOLEPATH`; do FTRIMMED=${f%.md} pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html From 0ac162fdc6f1b0b25f64a5391c7b3f14aa3c5324 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:42:19 -0500 Subject: [PATCH 0836/1758] 'fancyindex on;' in nginx/templates/iiab.conf.j2 instead + box/info resiliency --- roles/nginx/templates/iiab.conf.j2 | 4 ++++ roles/nginx/templates/server.conf.j2 | 4 ---- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index b66f69cfa..c45c58ae8 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -11,6 +11,10 @@ location /local_content/ { fancyindex on; # autoindex on; } +location /info { + fancyindex on; # Directory listing for http://box/info/admin-console/ +} + location /modules/ { fancyindex on; # Enable fancy indexes. fancyindex_exact_size off; # Output human-readable file sizes. diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 3f69c3a74..84413f4e7 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -7,10 +7,6 @@ server { index index.php index.html index.htm; - location /info { - autoindex on; # Directory listing for http://box/info/admin-console/ - } - # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 500M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index c303b89f7..154fbe9dc 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -17,7 +17,7 @@ DESTPATH={{ doc_root }}/info # /library/www/html/info DOCSPATH=$DESTPATH/docs # /library/www/html/info/docs ADMINCONSOLEPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console # Note 1: sed (below) shortens URLs to 'admin-console' -# Note 2: Depends on "autoindex on;" in roles/nginx/templates/server.conf.j2 +# Note 2: Depends on "fancyindex on;" in roles/nginx/templates/iiab.conf.j2 rm -rf $INPUT rm -rf $OUTPUT @@ -36,10 +36,10 @@ rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then cp /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH - for f in `ls $ADMINCONSOLEPATH`; do + for f in `ls $ADMINCONSOLEPATH/*.md`; do FTRIMMED=${f%.md} - pandoc -s $ADMINCONSOLEPATH/$f -o $ADMINCONSOLEPATH/$FTRIMMED.html - rm $ADMINCONSOLEPATH/$f + pandoc -s $f -o $FTRIMMED.html + rm $f done fi From 0ff334eeda24702de668fc6bbdbb475e5b8c4883 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:52:34 -0500 Subject: [PATCH 0837/1758] Safer: 'cp /opt/iiab/iiab-admin-console/docs/*.md ...' --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 154fbe9dc..647e985d2 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -27,7 +27,7 @@ mkdir -p $DOCSPATH mkdir -p $ADMINCONSOLEPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT -for f in `ls $INPUT`; do +for f in `ls $INPUT`; do # Unlike below, $f does NOT include path FTRIMMED=${f%.md} if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html @@ -35,8 +35,8 @@ done rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then - cp /opt/iiab/iiab-admin-console/docs/* $ADMINCONSOLEPATH - for f in `ls $ADMINCONSOLEPATH/*.md`; do + cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINCONSOLEPATH + for f in `ls $ADMINCONSOLEPATH/*.md`; do # Unlike above, $f INCLUDES path FTRIMMED=${f%.md} pandoc -s $f -o $FTRIMMED.html rm $f From 64cd4a40a7be0d384fd433d2f93a1341dcab8d92 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:57:43 -0500 Subject: [PATCH 0838/1758] 'fancyindex_exact_size off;' human-readable for box/info --- roles/nginx/templates/iiab.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index c45c58ae8..df2fc6a94 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -13,6 +13,7 @@ location /local_content/ { location /info { fancyindex on; # Directory listing for http://box/info/admin-console/ + fancyindex_exact_size off; # Output human-readable file sizes. } location /modules/ { From d5fd98b08e18ebd067e1238dd614a5dd4411aeea Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 10 Jan 2023 23:27:21 -0500 Subject: [PATCH 0839/1758] Update iiab-refresh-wiki-docs.sh --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 647e985d2..134c51c71 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -27,7 +27,7 @@ mkdir -p $DOCSPATH mkdir -p $ADMINCONSOLEPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT -for f in `ls $INPUT`; do # Unlike below, $f does NOT include path +for f in `ls $INPUT`; do # Unlike further below, $f does NOT include path FTRIMMED=${f%.md} if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html @@ -36,7 +36,7 @@ rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINCONSOLEPATH - for f in `ls $ADMINCONSOLEPATH/*.md`; do # Unlike above, $f INCLUDES path + for f in $ADMINCONSOLEPATH/*.md; do # Unlike above, $f INCLUDES path FTRIMMED=${f%.md} pandoc -s $f -o $FTRIMMED.html rm $f From e34d84f712ba681b587684ea8543e9324e5e5a25 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 11 Jan 2023 09:57:04 -0500 Subject: [PATCH 0840/1758] Scrape RPi Image docs using ~ not : (and recurse into subdirs) --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index 134c51c71..ac03b44bf 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -69,9 +69,10 @@ sed -i "s|https://magazines-attachments.raspberrypi.org/books/full_pdfs/000/000/ sed -i "s|https://.*archive.org/15/items/other_doc/other_doc.pdf|docs/Raspberry_Pi_User_Guide_v4.pdf|g" $DESTPATH/index.html sed -i "s|https://github.com/iiab/iiab/blob/master/roles/lokole/Lokole-IIAB_Users_Manual.pdf|docs/Lokole-IIAB_Users_Manual.pdf|g" $DESTPATH/index.html -# ...and within main subpages -for f in $DESTPATH/*.html; do - sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.A-Za-z0-9]*)|\1.html|g" $f +# ...and within subpages +for f in $(find $DESTPATH -name "*.html"); do # Recursive (even if not yet nec, as of 2023-01-11) +#for f in $DESTPATH/*.html; do # Non-recursive (omits subdirs) + sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.~A-Za-z0-9]*)|\1.html|g" $f sed -i "s|https://github.com/iiab/iiab-admin-console/tree/master/docs|admin-console|g" $f From 98cff07ca3a86d237cba6204bdbd540ccde49e2f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 11 Jan 2023 10:26:57 -0500 Subject: [PATCH 0841/1758] Rename $ADMINCONSOLEPATH to $ADMINDOCSPATH --- roles/www_base/templates/iiab-refresh-wiki-docs.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_base/templates/iiab-refresh-wiki-docs.sh b/roles/www_base/templates/iiab-refresh-wiki-docs.sh index ac03b44bf..9ff61e654 100755 --- a/roles/www_base/templates/iiab-refresh-wiki-docs.sh +++ b/roles/www_base/templates/iiab-refresh-wiki-docs.sh @@ -15,7 +15,7 @@ INPUT=/tmp/iiab-wiki OUTPUT=/tmp/iiab-wiki.out DESTPATH={{ doc_root }}/info # /library/www/html/info DOCSPATH=$DESTPATH/docs # /library/www/html/info/docs -ADMINCONSOLEPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console +ADMINDOCSPATH=$DESTPATH/admin-console # /library/www/html/info/admin-console # Note 1: sed (below) shortens URLs to 'admin-console' # Note 2: Depends on "fancyindex on;" in roles/nginx/templates/iiab.conf.j2 @@ -24,7 +24,7 @@ rm -rf $OUTPUT mkdir -p $INPUT mkdir -p $OUTPUT mkdir -p $DOCSPATH -mkdir -p $ADMINCONSOLEPATH +mkdir -p $ADMINDOCSPATH git clone https://github.com/iiab/iiab.wiki.git $INPUT for f in `ls $INPUT`; do # Unlike further below, $f does NOT include path @@ -35,8 +35,8 @@ done rsync -av $OUTPUT/ $DESTPATH if [ -d /opt/iiab/iiab-admin-console/docs ]; then - cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINCONSOLEPATH - for f in $ADMINCONSOLEPATH/*.md; do # Unlike above, $f INCLUDES path + cp /opt/iiab/iiab-admin-console/docs/*.md $ADMINDOCSPATH + for f in $ADMINDOCSPATH/*.md; do # Unlike above, $f INCLUDES path FTRIMMED=${f%.md} pandoc -s $f -o $FTRIMMED.html rm $f From 5f7b8cc34ff79268e8efde6c5a1150b9aa9dbfa0 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 11 Jan 2023 14:15:00 -0500 Subject: [PATCH 0842/1758] iiab-diagnostics: Highlight /etc/iiab/install-flags sequence --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 7361e5621..f1990d25d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -145,6 +145,7 @@ if [ -s /tmp/iiab-apps-to-be-installed ]; then cat /tmp/iiab-apps-to-be-installed >> $outfile echo >> $outfile fi +cat_cmd 'ls -ltr /etc/iiab/install-flags' 'IIAB install flags' echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' echo -e '\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile From e65b03b70ad63fcffb0f0e82a2835ec9f66d6869 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Jan 2023 14:27:40 -0500 Subject: [PATCH 0843/1758] Update iiab-diagnostics.README.md per PR #3462 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index be341bb4f..a6d8a3f9e 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-245 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 0f614f1be34b0cf7ff751f8c7131850011e153b7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 12 Jan 2023 08:33:44 -0500 Subject: [PATCH 0844/1758] mediawiki/defaults/main.yml: Version 1.39.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 68a13ca74..21fd715e1 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 6d2725f63b03c971d97de132b937d38ca4247a4a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 13 Jan 2023 11:01:32 -0500 Subject: [PATCH 0845/1758] internetarchive/tasks/install.yml: Enforce Node.js <= 19.x --- roles/internetarchive/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 4ed845706..0427f816c 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 18.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 19.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('18.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 18.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('19.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 19.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" From 7b097908a9946ce3a1db76299ffc012b8e5c3d78 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 19 Jan 2023 21:56:46 -0500 Subject: [PATCH 0846/1758] Try to avoid libssl1.1, now that MongoDB can use libssl3 --- roles/mongodb/tasks/install.yml | 109 ++++++++++++++++++-------------- 1 file changed, 61 insertions(+), 48 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 54b93c71e..cb249f1bd 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -78,7 +78,8 @@ - block: - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} - shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg + #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - #args: # warn: no @@ -87,28 +88,36 @@ # Supported parameters include: removes, strip_empty_ends, _raw_params, # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." - # 2022-10-23: MongoDB only allows auto-install of Debian's x86_64, AND IN ANY - # CASE all their MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON - # ARM v8-A RPi 4, LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. - # -> CAN THIS ENTIRE STANZA BE *DELETED* -- ALWAYS USING UBUNTU REPO BELOW ? - - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }} + # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their + # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. + # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? + - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as # this was recently added to https://repo.mongodb.org/apt/debian/dists/ - repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main + #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main #filename: mongodb-org - when: is_debian and ansible_architecture == "x86_64" + when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" + #when: is_debian and ansible_architecture == "x86_64" - # 2022-10-23: RasPiOS Bullseye *MAY* FAIL when 'focal' changed to 'jammy' ? - - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} + # 2022-01-19: 64-bit RasPiOS likely not supported for now, as MongoDB 6.0's + # ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, JUST LIKE THEIR + # MongoDB 5.0 (tested 2022-06-07 ~120 lines below). + - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse + repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse + #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse #filename: mongodb-org - when: not (is_debian and ansible_architecture == "x86_64") + when: not (is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64") + #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') + #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') + #when: not (is_debian and ansible_architecture == "x86_64") # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS @@ -121,48 +130,52 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - apt_repository: - repo: deb http://security.ubuntu.com/ubuntu focal-security main - #filename: focal-security # If filename focal-security.list is preferred - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + # 2023-01-19: libssl1.1 not longer nec on Ubuntu 22.04+ (and hopefully across + # the board, on Debian 12 etc too?!) since 2022-11-15: + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 + # apt_repository: + # repo: deb http://security.ubuntu.com/ubuntu focal-security main + # #filename: focal-security # If filename focal-security.list is preferred + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 - - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - when: is_debian_12 + # - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + # apt_repository: + # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) - package: - name: libssl1.1 - state: present - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + # - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + # apt_repository: + # repo: deb http://security.debian.org/debian-security bullseye-security main + # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + # when: is_debian_12 - - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - state: absent - when: is_debian_12 + # - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) + # package: + # name: libssl1.1 + # state: present + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - state: absent - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + # - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 + # apt_repository: + # repo: deb http://security.debian.org/debian-security bullseye-security main + # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + # state: absent + # when: is_debian_12 - - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - apt_repository: - repo: deb http://security.ubuntu.com/ubuntu focal-security main - state: absent - #filename: focal-security # 100% IGNORED during repo deletion - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + # - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 + # apt_repository: + # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + # state: absent + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + + # - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 + # apt_repository: + # repo: deb http://security.ubuntu.com/ubuntu focal-security main + # state: absent + # #filename: focal-security # 100% IGNORED during repo deletion + # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 From 8f4024a0e44a65f8a044215fb46e65e67d246456 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 19 Jan 2023 22:37:27 -0500 Subject: [PATCH 0847/1758] Clarify MongoDB CAN use libssl3 on Ubuntu 22.04+ & Debian 12 --- roles/mongodb/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index cb249f1bd..336d026f6 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -130,8 +130,9 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - # 2023-01-19: libssl1.1 not longer nec on Ubuntu 22.04+ (and hopefully across - # the board, on Debian 12 etc too?!) since 2022-11-15: + # 2023-01-19: Retrofitting libssl1.1 onto Ubuntu 22.04+ and Debian 12 is no + # longer nec (certainly on x86_64, and hopefully sufficiently across the + # board?) as MongoDB can finally use libssl3 instead, since 2022-11-15: # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 From 0b23bd3ab53ba3107d893c44909cf84d39cddb11 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 19 Jan 2023 22:58:03 -0500 Subject: [PATCH 0848/1758] mongodb/tasks/install.yml: Comments more future-proof --- roles/mongodb/tasks/install.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 336d026f6..e68c89ff2 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -1,4 +1,5 @@ # MongoDB Install Docs: +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/ # https://www.mongodb.com/docs/manual/installation/ @@ -78,6 +79,7 @@ - block: - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - @@ -90,7 +92,7 @@ # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~120 lines below. + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: @@ -106,9 +108,12 @@ when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" #when: is_debian and ansible_architecture == "x86_64" - # 2022-01-19: 64-bit RasPiOS likely not supported for now, as MongoDB 6.0's - # ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, JUST LIKE THEIR - # MongoDB 5.0 (tested 2022-06-07 ~120 lines below). + # 2022-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on + # MongoDB 6.0.3 (released 2022-11-15) instructions here: + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 + # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR + # MongoDB 5.0, tested 2022-06-07 ~113 lines below). - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From b0cad086c0ea9250e7d5c8735a0359a99e8a5b06 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 19 Jan 2023 23:11:34 -0500 Subject: [PATCH 0849/1758] ASIDE: MongoDB 6.0.3+ MIGHT run on 64-bit Ubuntu on RPi --- roles/mongodb/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index e68c89ff2..2554cc3b1 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -113,7 +113,9 @@ # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR - # MongoDB 5.0, tested 2022-06-07 ~113 lines below). + # MongoDB 5.0, tested 2022-06-07 ~113 lines below). Though MongoDB 6.0.3+ on + # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: + # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From 06f8001cb7325b68b272f2f95294fb1c9f306649 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 20 Jan 2023 00:05:39 -0500 Subject: [PATCH 0850/1758] PR #3469's Debian 11 code path was also tested --- roles/mongodb/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 2554cc3b1..520ab6fe3 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -92,7 +92,7 @@ # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. Tested on Deb 11. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: From 68dfc9239bbd9f48b91806d6fc83f827a6c08524 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 20 Jan 2023 00:09:07 -0500 Subject: [PATCH 0851/1758] 2022 -> 2023: Fix PR #3469 comment typo --- roles/mongodb/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 520ab6fe3..5f1b4788c 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -108,7 +108,7 @@ when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" #when: is_debian and ansible_architecture == "x86_64" - # 2022-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on + # 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on # MongoDB 6.0.3 (released 2022-11-15) instructions here: # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 From 247e582b56ecc39cffbc7de3ac50fc73604b619d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 20 Jan 2023 00:35:35 -0500 Subject: [PATCH 0852/1758] #3469 clarif: IIAB overlays MongoDB 5.0.5 64-bit RPi binaries --- roles/mongodb/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 5f1b4788c..228fe040f 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -116,6 +116,7 @@ # MongoDB 5.0, tested 2022-06-07 ~113 lines below). Though MongoDB 6.0.3+ on # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ + # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~140 LINES BELOW!) - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From ded399934f3d4b705714b5d25caed83ca7c3aaaa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 20 Jan 2023 00:42:36 -0500 Subject: [PATCH 0853/1758] mongodb/tasks/install.yml: Clarify line numbers --- roles/mongodb/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 228fe040f..048601b16 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -92,7 +92,7 @@ # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~134 lines below. Tested on Deb 11. + # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 apt_repository: @@ -113,10 +113,10 @@ # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR - # MongoDB 5.0, tested 2022-06-07 ~113 lines below). Though MongoDB 6.0.3+ on + # MongoDB 5.0, tested 2022-06-07 ~116 lines below). Though MongoDB 6.0.3+ on # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ - # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~140 LINES BELOW!) + # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse From e9c6cffef23330c9b01b5835a36ea24e0aa884bf Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 21 Jan 2023 12:22:05 -0500 Subject: [PATCH 0854/1758] Install Moodle dev pre-release IFF PHP >= 8.3 --- roles/moodle/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index ec30d7f34..4abac732f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -49,21 +49,21 @@ when: php_settings_done is undefined -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.2" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022) - when: php_version is version('8.2', '>=') + when: php_version is version('8.3', '>=') -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.2 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: "{{ moodle_version }}" # e.g. MOODLE_401_STABLE (Moodle 4.1) - when: php_version is version('8.2', '<') + when: php_version is version('8.3', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 81bb08ffb5f31d6f7e28094058c19701fd83e688 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 24 Jan 2023 12:12:59 -0500 Subject: [PATCH 0855/1758] kolibri/tasks/install.yml: Clarify {{ kolibri_deb_url }} is just an example --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 94a8d4949..676358473 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -40,7 +40,7 @@ - name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: - deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest + deb: "{{ kolibri_deb_url }}" # e.g. https://learningequality.org/r/kolibri-deb-latest environment: KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later From 30e0169f7a613fc8e30c79c329811ddc105957e0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 27 Jan 2023 23:54:43 -0500 Subject: [PATCH 0856/1758] osm-vector-maps/tasks/install.yml: Clarify {{ osm_repo_url }}/{{ maps_branch }} --- roles/osm-vector-maps/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index ab28c7cd6..03642c274 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -29,7 +29,7 @@ - name: Download {{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json to {{ iiab_etc_path }} get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json" + url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json" # e.g. https://raw.githubusercontent.com/iiab/maps/master dest: "{{ iiab_etc_path }}" # /etc/iiab timeout: "{{ download_timeout }}" From 555c7a77119beb7cbfb3ba4278c9a8b8d14d6242 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Jan 2023 08:51:43 -0500 Subject: [PATCH 0857/1758] openvpn/defaults/main.yml: Clarify openvpn_server_real_ip etc --- roles/openvpn/defaults/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index adc23ec2b..136e01f5d 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -1,13 +1,17 @@ +# SECURITY WARNING: https://wiki.iiab.io/go/Security + # openvpn_install: True # openvpn_enabled: False -# For /etc/iiab/openvpn_handle +# Empty string on purpose since ~2016, for /etc/iiab/uuid +# SEE https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/main.yml#L5-L20 # openvpn_handle: "" # cron seems necessary on CentOS: # openvpn_cron_enabled: False # openvpn_server: xscenet.net +# openvpn_server_real_ip: 3.89.148.185 # openvpn_server_virtual_ip: 10.8.0.1 # openvpn_server_port: 1194 From 69bde5e74569817532b973b287beec50ee9caad8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Jan 2023 18:25:00 -0500 Subject: [PATCH 0858/1758] Recommend ansible-core 2.14.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 26e12ac83..48ed3ff61 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.1] -GOOD_VER=2.14.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.2] +GOOD_VER=2.14.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 611a0ac01acfb3334d83742a681955c1858d0c6b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 7 Feb 2023 21:59:41 -0500 Subject: [PATCH 0859/1758] phpMyAdmin 5.2.1 --- roles/phpmyadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index ff6343c56..b898ae5bd 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.2.0 +phpmyadmin_version: 5.2.1 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" From b0f5a85e20a4e15dac4820c6125c5377b53cf326 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 11:34:49 -0500 Subject: [PATCH 0860/1758] Update jupyterhub_config.py.j2 for JupyterHub 3.1.1 & /run/jupyterhub-proxy.pid --- .../templates/jupyterhub_config.py.j2 | 718 ++++++++++++------ 1 file changed, 501 insertions(+), 217 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index a3c5b077f..f8be9a849 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -1,5 +1,18 @@ +# 2023-02-08 for /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py : +# https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html +# +# 1) To generate this 1500+ line stub, I ran JupyterHub 3.1.1's: +# /opt/iiab/jupyterhub/bin/jupyterhub --generate-config +# 2) I manually inserted 9 of IIAB's 10 legacy custom lines below, from: +# grep ^c /opt/iiab/iiab/roles/jupyterhub/templates/jupyterhub_config.py.j2 +# 3) I added the following line on @jvonau's suggestion: (#3475) +# c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" + + # Configuration file for jupyterhub. +c = get_config() #noqa + #------------------------------------------------------------------------------ # Application(SingletonConfigurable) configuration #------------------------------------------------------------------------------ @@ -18,6 +31,53 @@ # Default: 30 # c.Application.log_level = 30 +## Configure additional log handlers. +# +# The default stderr logs handler is configured by the log_level, log_datefmt +# and log_format settings. +# +# This configuration can be used to configure additional handlers (e.g. to +# output the log to a file) or for finer control over the default handlers. +# +# If provided this should be a logging configuration dictionary, for more +# information see: +# https://docs.python.org/3/library/logging.config.html#logging-config- +# dictschema +# +# This dictionary is merged with the base logging configuration which defines +# the following: +# +# * A logging formatter intended for interactive use called +# ``console``. +# * A logging handler that writes to stderr called +# ``console`` which uses the formatter ``console``. +# * A logger with the name of this application set to ``DEBUG`` +# level. +# +# This example adds a new handler that writes to a file: +# +# .. code-block:: python +# +# c.Application.logging_config = { +# 'handlers': { +# 'file': { +# 'class': 'logging.FileHandler', +# 'level': 'DEBUG', +# 'filename': '<path/to/file>', +# } +# }, +# 'loggers': { +# '<application-name>': { +# 'level': 'DEBUG', +# # NOTE: if you don't list the default "console" +# # handler here then it will be disabled +# 'handlers': ['console', 'file'], +# }, +# } +# } +# Default: {} +# c.Application.logging_config = {} + ## Instead of starting the Application, dump configuration to stdout # Default: False # c.Application.show_config = False @@ -60,11 +120,13 @@ # Default: 30 # c.JupyterHub.activity_resolution = 30 -## Grant admin users permission to access single-user servers. +## DEPRECATED since version 2.0.0. # -# Users should be properly informed if this is enabled. +# The default admin role has full permissions, use custom RBAC scopes instead to +# create restricted administrator roles. +# https://jupyterhub.readthedocs.io/en/stable/rbac/index.html # Default: False -c.JupyterHub.admin_access = True +# c.JupyterHub.admin_access = False ## DEPRECATED since version 0.7.2, use Authenticator.admin_users instead. # Default: set() @@ -78,14 +140,23 @@ c.JupyterHub.admin_access = True # Default: False # c.JupyterHub.answer_yes = False +## The default amount of records returned by a paginated endpoint +# Default: 50 +# c.JupyterHub.api_page_default_limit = 50 + +## The maximum amount of records that can be returned at once +# Default: 200 +# c.JupyterHub.api_page_max_limit = 200 + ## PENDING DEPRECATION: consider using services # -# Dict of token:username to be loaded into the database. +# Dict of token:username to be loaded into the database. # -# Allows ahead-of-time generation of API tokens for use by externally managed -# services, which authenticate as JupyterHub users. +# Allows ahead-of-time generation of API tokens for use by externally managed services, +# which authenticate as JupyterHub users. # -# Consider using services for general services that talk to the JupyterHub API. +# Consider using services for general services that talk to the +# JupyterHub API. # Default: {} # c.JupyterHub.api_tokens = {} @@ -112,49 +183,53 @@ c.JupyterHub.admin_access = True # Currently installed: # - default: jupyterhub.auth.PAMAuthenticator # - dummy: jupyterhub.auth.DummyAuthenticator +# - null: jupyterhub.auth.NullAuthenticator # - pam: jupyterhub.auth.PAMAuthenticator # Default: 'jupyterhub.auth.PAMAuthenticator' +# c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator' c.JupyterHub.authenticator_class = 'firstuseauthenticator.FirstUseAuthenticator' ## The base URL of the entire application. # -# Add this to the beginning of all JupyterHub URLs. Use base_url to run -# JupyterHub within an existing website. +# Add this to the beginning of all JupyterHub URLs. +# Use base_url to run JupyterHub within an existing website. # -# .. deprecated: 0.9 -# Use JupyterHub.bind_url +# .. deprecated: 0.9 +# Use JupyterHub.bind_url # Default: '/' +# c.JupyterHub.base_url = '/' c.JupyterHub.base_url = '/jupyterhub' ## The public facing URL of the whole JupyterHub application. # -# This is the address on which the proxy will bind. Sets protocol, ip, base_url +# This is the address on which the proxy will bind. +# Sets protocol, ip, base_url # Default: 'http://:8000' # c.JupyterHub.bind_url = 'http://:8000' ## Whether to shutdown the proxy when the Hub shuts down. # -# Disable if you want to be able to teardown the Hub while leaving the proxy -# running. +# Disable if you want to be able to teardown the Hub while leaving the +# proxy running. # -# Only valid if the proxy was starting by the Hub process. +# Only valid if the proxy was starting by the Hub process. # -# If both this and cleanup_servers are False, sending SIGINT to the Hub will -# only shutdown the Hub, leaving everything else running. +# If both this and cleanup_servers are False, sending SIGINT to the Hub will +# only shutdown the Hub, leaving everything else running. # -# The Hub should be able to resume from database state. +# The Hub should be able to resume from database state. # Default: True # c.JupyterHub.cleanup_proxy = True ## Whether to shutdown single-user servers when the Hub shuts down. # -# Disable if you want to be able to teardown the Hub while leaving the single- -# user servers running. +# Disable if you want to be able to teardown the Hub while leaving the +# single-user servers running. # -# If both this and cleanup_proxy are False, sending SIGINT to the Hub will only -# shutdown the Hub, leaving everything else running. +# If both this and cleanup_proxy are False, sending SIGINT to the Hub will +# only shutdown the Hub, leaving everything else running. # -# The Hub should be able to resume from database state. +# The Hub should be able to resume from database state. # Default: True # c.JupyterHub.cleanup_servers = True @@ -184,33 +259,54 @@ c.JupyterHub.base_url = '/jupyterhub' # Default: False # c.JupyterHub.confirm_no_ssl = False -## Number of days for a login cookie to be valid. Default is two weeks. +## Number of days for a login cookie to be valid. +# Default is two weeks. # Default: 14 # c.JupyterHub.cookie_max_age_days = 14 ## The cookie secret to use to encrypt cookies. # -# Loaded from the JPY_COOKIE_SECRET env variable by default. +# Loaded from the JPY_COOKIE_SECRET env variable by default. # -# Should be exactly 256 bits (32 bytes). -# Default: b'' +# Should be exactly 256 bits (32 bytes). +# Default: traitlets.Undefined +# c.JupyterHub.cookie_secret = traitlets.Undefined c.JupyterHub.cookie_secret = b'helloiiabitsrainingb123456789012' ## File in which to store the cookie secret. # Default: 'jupyterhub_cookie_secret' # c.JupyterHub.cookie_secret_file = 'jupyterhub_cookie_secret' -## The location of jupyterhub data files (e.g. /usr/local/share/jupyterhub) -# Default: '/opt/iiab/jupyter/share/jupyterhub' -# c.JupyterHub.data_files_path = '/opt/iiab/jupyter/share/jupyterhub' +## Custom scopes to define. +# +# For use when defining custom roles, +# to grant users granular permissions +# +# All custom scopes must have a description, +# and must start with the prefix `custom:`. +# +# For example:: +# +# custom_scopes = { +# "custom:jupyter_server:read": { +# "description": "read-only access to a single-user server", +# }, +# } +# Default: {} +# c.JupyterHub.custom_scopes = {} -## Include any kwargs to pass to the database connection. See -# sqlalchemy.create_engine for details. +## The location of jupyterhub data files (e.g. /usr/local/share/jupyterhub) +# Default: '/opt/iiab/jupyterhub/share/jupyterhub' +# c.JupyterHub.data_files_path = '/opt/iiab/jupyterhub/share/jupyterhub' + +## Include any kwargs to pass to the database connection. +# See sqlalchemy.create_engine for details. # Default: {} # c.JupyterHub.db_kwargs = {} ## url for the database. e.g. `sqlite:///jupyterhub.sqlite` # Default: 'sqlite:///jupyterhub.sqlite' +# c.JupyterHub.db_url = 'sqlite:///jupyterhub.sqlite' c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## log all database transactions. This has A LOT of output @@ -221,8 +317,13 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: False # c.JupyterHub.debug_proxy = False -## If named servers are enabled, default name of server to spawn or open, e.g. by -# user-redirect. +## If named servers are enabled, default name of server to spawn or open when no +# server is specified, e.g. by user-redirect. +# +# Note: This has no effect if named servers are not enabled, and does _not_ +# change the existence or behavior of the default server named `''` (the empty +# string). This only affects which named server is launched when no server is +# specified, e.g. by links to `/hub/user-redirect/lab/tree/mynotebook.ipynb`. # Default: '' # c.JupyterHub.default_server_name = '' @@ -245,30 +346,28 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: traitlets.Undefined # c.JupyterHub.default_url = traitlets.Undefined -## Dict authority:dict(files). Specify the key, cert, and/or ca file for an -# authority. This is useful for externally managed proxies that wish to use -# internal_ssl. +## Dict authority:dict(files). Specify the key, cert, and/or +# ca file for an authority. This is useful for externally managed +# proxies that wish to use internal_ssl. # -# The files dict has this format (you must specify at least a cert):: +# The files dict has this format (you must specify at least a cert):: # -# { -# 'key': '/path/to/key.key', -# 'cert': '/path/to/cert.crt', -# 'ca': '/path/to/ca.crt' -# } +# { +# 'key': '/path/to/key.key', +# 'cert': '/path/to/cert.crt', +# 'ca': '/path/to/ca.crt' +# } # -# The authorities you can override: 'hub-ca', 'notebooks-ca', 'proxy-api-ca', -# 'proxy-client-ca', and 'services-ca'. +# The authorities you can override: 'hub-ca', 'notebooks-ca', +# 'proxy-api-ca', 'proxy-client-ca', and 'services-ca'. # -# Use with internal_ssl +# Use with internal_ssl # Default: {} # c.JupyterHub.external_ssl_authorities = {} -## Register extra tornado Handlers for jupyterhub. +## DEPRECATED. # -# Should be of the form ``("<regex>", Handler)`` -# -# The Hub prefix will be added, so `/my-page` will be served at `/hub/my-page`. +# If you need to register additional HTTP endpoints please use services instead. # Default: [] # c.JupyterHub.extra_handlers = [] @@ -282,6 +381,14 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: [] # c.JupyterHub.extra_log_handlers = [] +## Alternate header to use as the Host (e.g., X-Forwarded-Host) +# when determining whether a request is cross-origin +# +# This may be useful when JupyterHub is running behind a proxy that rewrites +# the Host header. +# Default: '' +# c.JupyterHub.forwarded_host_header = '' + ## Generate certs used for internal ssl # Default: False # c.JupyterHub.generate_certs = False @@ -303,19 +410,19 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: '' # c.JupyterHub.hub_bind_url = '' -## The ip or hostname for proxies and spawners to use for connecting to the Hub. +## The ip or hostname for proxies and spawners to use +# for connecting to the Hub. # -# Use when the bind address (`hub_ip`) is 0.0.0.0, :: or otherwise different -# from the connect address. +# Use when the bind address (`hub_ip`) is 0.0.0.0, :: or otherwise different +# from the connect address. # -# Default: when `hub_ip` is 0.0.0.0 or ::, use `socket.gethostname()`, otherwise -# use `hub_ip`. +# Default: when `hub_ip` is 0.0.0.0 or ::, use `socket.gethostname()`, +# otherwise use `hub_ip`. # -# Note: Some spawners or proxy implementations might not support hostnames. -# Check your spawner or proxy documentation to see if they have extra -# requirements. +# Note: Some spawners or proxy implementations might not support hostnames. Check your +# spawner or proxy documentation to see if they have extra requirements. # -# .. versionadded:: 0.8 +# .. versionadded:: 0.8 # Default: '' # c.JupyterHub.hub_connect_ip = '' @@ -346,39 +453,59 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## The ip address for the Hub process to *bind* to. # -# By default, the hub listens on localhost only. This address must be accessible -# from the proxy and user servers. You may need to set this to a public ip or '' -# for all interfaces if the proxy or user servers are in containers or on a -# different host. +# By default, the hub listens on localhost only. This address must be accessible from +# the proxy and user servers. You may need to set this to a public ip or '' for all +# interfaces if the proxy or user servers are in containers or on a different host. # -# See `hub_connect_ip` for cases where the bind and connect address should -# differ, or `hub_bind_url` for setting the full bind URL. +# See `hub_connect_ip` for cases where the bind and connect address should differ, +# or `hub_bind_url` for setting the full bind URL. # Default: '127.0.0.1' # c.JupyterHub.hub_ip = '127.0.0.1' ## The internal port for the Hub process. # -# This is the internal port of the hub itself. It should never be accessed -# directly. See JupyterHub.port for the public port to use when accessing -# jupyterhub. It is rare that this port should be set except in cases of port -# conflict. +# This is the internal port of the hub itself. It should never be accessed directly. +# See JupyterHub.port for the public port to use when accessing jupyterhub. +# It is rare that this port should be set except in cases of port conflict. # -# See also `hub_ip` for the ip and `hub_bind_url` for setting the full bind URL. +# See also `hub_ip` for the ip and `hub_bind_url` for setting the full +# bind URL. # Default: 8081 # c.JupyterHub.hub_port = 8081 +## The routing prefix for the Hub itself. +# +# Override to send only a subset of traffic to the Hub. Default is to use the +# Hub as the default route for all requests. +# +# This is necessary for normal jupyterhub operation, as the Hub must receive +# requests for e.g. `/user/:name` when the user's server is not running. +# +# However, some deployments using only the JupyterHub API may want to handle +# these events themselves, in which case they can register their own default +# target with the proxy and set e.g. `hub_routespec = /hub/` to serve only the +# hub's own pages, or even `/hub/api/` for api-only operation. +# +# Note: hub_routespec must include the base_url, if any. +# +# .. versionadded:: 1.4 +# Default: '/' +# c.JupyterHub.hub_routespec = '/' + ## Trigger implicit spawns after this many seconds. # -# When a user visits a URL for a server that's not running, they are shown a -# page indicating that the requested server is not running with a button to -# spawn the server. +# When a user visits a URL for a server that's not running, +# they are shown a page indicating that the requested server +# is not running with a button to spawn the server. # -# Setting this to a positive value will redirect the user after this many -# seconds, effectively clicking this button automatically for the users, -# automatically beginning the spawn process. +# Setting this to a positive value will redirect the user +# after this many seconds, effectively clicking this button +# automatically for the users, +# automatically beginning the spawn process. # -# Warning: this can result in errors and surprising behavior when sharing access -# URLs to actual servers, since the wrong server is likely to be started. +# Warning: this can result in errors and surprising behavior +# when sharing access URLs to actual servers, +# since the wrong server is likely to be started. # Default: 0 # c.JupyterHub.implicit_spawn_seconds = 0 @@ -398,29 +525,30 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: 10 # c.JupyterHub.init_spawners_timeout = 10 -## The location to store certificates automatically created by JupyterHub. +## The location to store certificates automatically created by +# JupyterHub. # -# Use with internal_ssl +# Use with internal_ssl # Default: 'internal-ssl' # c.JupyterHub.internal_certs_location = 'internal-ssl' ## Enable SSL for all internal communication # -# This enables end-to-end encryption between all JupyterHub components. -# JupyterHub will automatically create the necessary certificate authority and -# sign notebook certificates as they're created. +# This enables end-to-end encryption between all JupyterHub components. +# JupyterHub will automatically create the necessary certificate +# authority and sign notebook certificates as they're created. # Default: False # c.JupyterHub.internal_ssl = False -## The public facing ip of the whole JupyterHub application (specifically -# referred to as the proxy). +## The public facing ip of the whole JupyterHub application +# (specifically referred to as the proxy). # -# This is the address on which the proxy will listen. The default is to listen -# on all interfaces. This is the only address through which JupyterHub should be -# accessed by users. +# This is the address on which the proxy will listen. The default is to +# listen on all interfaces. This is the only address through which JupyterHub +# should be accessed by users. # -# .. deprecated: 0.9 -# Use JupyterHub.bind_url +# .. deprecated: 0.9 +# Use JupyterHub.bind_url # Default: '' # c.JupyterHub.ip = '' @@ -434,14 +562,36 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## Dict of 'group': ['usernames'] to load at startup. # -# This strictly *adds* groups and users to groups. +# This strictly *adds* groups and users to groups. # -# Loading one set of groups, then starting JupyterHub again with a different set -# will not remove users or groups from previous launches. That must be done -# through the API. +# Loading one set of groups, then starting JupyterHub again with a different +# set will not remove users or groups from previous launches. +# That must be done through the API. # Default: {} # c.JupyterHub.load_groups = {} +## List of predefined role dictionaries to load at startup. +# +# For instance:: +# +# load_roles = [ +# { +# 'name': 'teacher', +# 'description': 'Access to users' information and group membership', +# 'scopes': ['users', 'groups'], +# 'users': ['cyclops', 'gandalf'], +# 'services': [], +# 'groups': [] +# } +# ] +# +# All keys apart from 'name' are optional. +# See all the available scopes in the JupyterHub REST API documentation. +# +# Default roles are defined in roles.py. +# Default: [] +# c.JupyterHub.load_roles = [] + ## The date format used by logging formatters for %(asctime)s # See also: Application.log_datefmt # c.JupyterHub.log_datefmt = '%Y-%m-%d %H:%M:%S' @@ -454,6 +604,10 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # See also: Application.log_level # c.JupyterHub.log_level = 30 +## +# See also: Application.logging_config +# c.JupyterHub.logging_config = {} + ## Specify path to a logo image to override the Jupyter logo in the banner. # Default: '' # c.JupyterHub.logo_file = '' @@ -464,20 +618,62 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Setting this can limit the total resources a user can consume. # # If set to 0, no limit is enforced. +# +# Can be an integer or a callable/awaitable based on the handler object: +# +# :: +# +# def named_server_limit_per_user_fn(handler): +# user = handler.current_user +# if user and user.admin: +# return 0 +# return 5 +# +# c.JupyterHub.named_server_limit_per_user = named_server_limit_per_user_fn # Default: 0 # c.JupyterHub.named_server_limit_per_user = 0 -## File to write PID Useful for daemonizing JupyterHub. +## Expiry (in seconds) of OAuth access tokens. +# +# The default is to expire when the cookie storing them expires, +# according to `cookie_max_age_days` config. +# +# These are the tokens stored in cookies when you visit +# a single-user server or service. +# When they expire, you must re-authenticate with the Hub, +# even if your Hub authentication is still valid. +# If your Hub authentication is valid, +# logging in may be a transparent redirect as you refresh the page. +# +# This does not affect JupyterHub API tokens in general, +# which do not expire by default. +# Only tokens issued during the oauth flow +# accessing services and single-user servers are affected. +# +# .. versionadded:: 1.4 +# OAuth token expires_in was not previously configurable. +# .. versionchanged:: 1.4 +# Default now uses cookie_max_age_days so that oauth tokens +# which are generally stored in cookies, +# expire when the cookies storing them expire. +# Previously, it was one hour. +# Default: 0 +# c.JupyterHub.oauth_token_expires_in = 0 + +## File to write PID +# Useful for daemonizing JupyterHub. # Default: '' # c.JupyterHub.pid_file = '' +c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" ## The public facing port of the proxy. # -# This is the port on which the proxy will listen. This is the only port through -# which JupyterHub should be accessed by users. +# This is the port on which the proxy will listen. +# This is the only port through which JupyterHub +# should be accessed by users. # -# .. deprecated: 0.9 -# Use JupyterHub.bind_url +# .. deprecated: 0.9 +# Use JupyterHub.bind_url # Default: 8000 # c.JupyterHub.port = 8000 @@ -493,9 +689,9 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # Default: '' # c.JupyterHub.proxy_auth_token = '' -## Interval (in seconds) at which to check if the proxy is running. -# Default: 30 -# c.JupyterHub.proxy_check_interval = 30 +## DEPRECATED since version 0.8: Use ConfigurableHTTPProxy.check_running_interval +# Default: 5 +# c.JupyterHub.proxy_check_interval = 5 ## The class to use for configuring the JupyterHub proxy. # @@ -517,9 +713,9 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## Recreate all certificates used within JupyterHub on restart. # -# Note: enabling this feature requires restarting all notebook servers. +# Note: enabling this feature requires restarting all notebook servers. # -# Use with internal_ssl +# Use with internal_ssl # Default: False # c.JupyterHub.recreate_internal_certs = False @@ -538,29 +734,29 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' ## Dict of token:servicename to be loaded into the database. # -# Allows ahead-of-time generation of API tokens for use by externally managed -# services. +# Allows ahead-of-time generation of API tokens for use by externally +# managed services. # Default: {} # c.JupyterHub.service_tokens = {} ## List of service specification dictionaries. # -# A service +# A service # -# For instance:: +# For instance:: # -# services = [ -# { -# 'name': 'cull_idle', -# 'command': ['/path/to/cull_idle_servers.py'], -# }, -# { -# 'name': 'formgrader', -# 'url': 'http://127.0.0.1:1234', -# 'api_token': 'super-secret', -# 'environment': -# } -# ] +# services = [ +# { +# 'name': 'cull_idle', +# 'command': ['/path/to/cull_idle_servers.py'], +# }, +# { +# 'name': 'formgrader', +# 'url': 'http://127.0.0.1:1234', +# 'api_token': 'super-secret', +# 'environment': +# } +# ] # Default: [] # c.JupyterHub.services = [] @@ -585,21 +781,26 @@ c.JupyterHub.db_url = 'sqlite:///{{ jupyterhub_venv }}/jupyterhub.sqlite' # e.g. `c.JupyterHub.spawner_class = 'localprocess'` # # Currently installed: +# - systemd: systemdspawner.SystemdSpawner +# - systemdspawner: systemdspawner.SystemdSpawner # - default: jupyterhub.spawner.LocalProcessSpawner # - localprocess: jupyterhub.spawner.LocalProcessSpawner # - simple: jupyterhub.spawner.SimpleLocalProcessSpawner # Default: 'jupyterhub.spawner.LocalProcessSpawner' +# c.JupyterHub.spawner_class = 'jupyterhub.spawner.LocalProcessSpawner' c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' +c.SystemdSpawner.dynamic_users = True +c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}' ## Path to SSL certificate file for the public facing interface of the proxy # -# When setting this, you should also set ssl_key +# When setting this, you should also set ssl_key # Default: '' # c.JupyterHub.ssl_cert = '' ## Path to SSL key file for the public facing interface of the proxy # -# When setting this, you should also set ssl_cert +# When setting this, you should also set ssl_cert # Default: '' # c.JupyterHub.ssl_key = '' @@ -618,17 +819,18 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' ## Run single-user servers on subdomains of this host. # -# This should be the full `https://hub.domain.tld[:port]`. +# This should be the full `https://hub.domain.tld[:port]`. # -# Provides additional cross-site protections for javascript served by single- -# user servers. +# Provides additional cross-site protections for javascript served by +# single-user servers. # -# Requires `<username>.hub.domain.tld` to resolve to the same host as +# Requires `<username>.hub.domain.tld` to resolve to the same host as # `hub.domain.tld`. # -# In general, this is most easily achieved with wildcard DNS. +# In general, this is most easily achieved with wildcard DNS. # -# When using SSL (i.e. always) this also requires a wildcard SSL certificate. +# When using SSL (i.e. always) this also requires a wildcard SSL +# certificate. # Default: '' # c.JupyterHub.subdomain_host = '' @@ -644,54 +846,69 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # Default: {} # c.JupyterHub.tornado_settings = {} -## Trust user-provided tokens (via JupyterHub.service_tokens) to have good -# entropy. +## Trust user-provided tokens (via JupyterHub.service_tokens) +# to have good entropy. # -# If you are not inserting additional tokens via configuration file, this flag -# has no effect. +# If you are not inserting additional tokens via configuration file, +# this flag has no effect. # -# In JupyterHub 0.8, internally generated tokens do not pass through additional -# hashing because the hashing is costly and does not increase the entropy of -# already-good UUIDs. +# In JupyterHub 0.8, internally generated tokens do not +# pass through additional hashing because the hashing is costly +# and does not increase the entropy of already-good UUIDs. # -# User-provided tokens, on the other hand, are not trusted to have good entropy -# by default, and are passed through many rounds of hashing to stretch the -# entropy of the key (i.e. user-provided tokens are treated as passwords instead -# of random keys). These keys are more costly to check. +# User-provided tokens, on the other hand, are not trusted to have good entropy by default, +# and are passed through many rounds of hashing to stretch the entropy of the key +# (i.e. user-provided tokens are treated as passwords instead of random keys). +# These keys are more costly to check. # -# If your inserted tokens are generated by a good-quality mechanism, e.g. -# `openssl rand -hex 32`, then you can set this flag to True to reduce the cost -# of checking authentication tokens. +# If your inserted tokens are generated by a good-quality mechanism, +# e.g. `openssl rand -hex 32`, then you can set this flag to True +# to reduce the cost of checking authentication tokens. # Default: False # c.JupyterHub.trust_user_provided_tokens = False ## Names to include in the subject alternative name. # -# These names will be used for server name verification. This is useful if -# JupyterHub is being run behind a reverse proxy or services using ssl are on -# different hosts. +# These names will be used for server name verification. This is useful +# if JupyterHub is being run behind a reverse proxy or services using ssl +# are on different hosts. # -# Use with internal_ssl +# Use with internal_ssl # Default: [] # c.JupyterHub.trusted_alt_names = [] ## Downstream proxy IP addresses to trust. # -# This sets the list of IP addresses that are trusted and skipped when -# processing the `X-Forwarded-For` header. For example, if an external proxy is -# used for TLS termination, its IP address should be added to this list to -# ensure the correct client IP addresses are recorded in the logs instead of the -# proxy server's IP address. +# This sets the list of IP addresses that are trusted and skipped when processing +# the `X-Forwarded-For` header. For example, if an external proxy is used for TLS +# termination, its IP address should be added to this list to ensure the correct +# client IP addresses are recorded in the logs instead of the proxy server's IP +# address. # Default: [] # c.JupyterHub.trusted_downstream_ips = [] ## Upgrade the database automatically on start. # -# Only safe if database is regularly backed up. Only SQLite databases will be -# backed up to a local file automatically. +# Only safe if database is regularly backed up. +# Only SQLite databases will be backed up to a local file automatically. # Default: False # c.JupyterHub.upgrade_db = False +## Return 503 rather than 424 when request comes in for a non-running server. +# +# Prior to JupyterHub 2.0, we returned a 503 when any request came in for a user +# server that was currently not running. By default, JupyterHub 2.0 will return +# a 424 - this makes operational metric dashboards more useful. +# +# JupyterLab < 3.2 expected the 503 to know if the user server is no longer +# running, and prompted the user to start their server. Set this config to true +# to retain the old behavior, so JupyterLab < 3.2 can continue to show the +# appropriate UI when the user server is stopped. +# +# This option will be removed in a future release. +# Default: False +# c.JupyterHub.use_legacy_stopped_server_status_code = False + ## Callable to affect behavior of /user-redirect/ # # Receives 4 parameters: 1. path - URL path that was provided after /user- @@ -709,13 +926,17 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' #------------------------------------------------------------------------------ ## Base class for spawning single-user notebook servers. # -# Subclass this, and override the following methods: +# Subclass this, and override the following methods: # -# - load_state - get_state - start - stop - poll +# - load_state +# - get_state +# - start +# - stop +# - poll # -# As JupyterHub supports multiple users, an instance of the Spawner subclass is -# created for each user. If there are 20 JupyterHub users, there will be 20 -# instances of the subclass. +# As JupyterHub supports multiple users, an instance of the Spawner subclass +# is created for each user. If there are 20 JupyterHub users, there will be 20 +# instances of the subclass. ## Extra arguments to be passed to the single-user server. # @@ -862,12 +1083,32 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # Default: 30 # c.Spawner.http_timeout = 30 +## The URL the single-user server should connect to the Hub. +# +# If the Hub URL set in your JupyterHub config is not reachable from spawned +# notebooks, you can set differnt URL by this config. +# +# Is None if you don't need to change the URL. +# Default: None +# c.Spawner.hub_connect_url = None + ## The IP address (or hostname) the single-user server should listen on. # +# Usually either '127.0.0.1' (default) or '0.0.0.0'. +# # The JupyterHub proxy implementation should be able to send packets to this # interface. -# Default: '' -# c.Spawner.ip = '' +# +# Subclasses which launch remotely or in containers should override the default +# to '0.0.0.0'. +# +# .. versionchanged:: 2.0 +# Default changed to '127.0.0.1', from ''. +# In most cases, this does not result in a change in behavior, +# as '' was interpreted as 'unspecified', +# which used the subprocesses' own default, itself usually '127.0.0.1'. +# Default: '127.0.0.1' +# c.Spawner.ip = '127.0.0.1' ## Minimum number of bytes a single-user notebook server is guaranteed to have # available. @@ -918,6 +1159,35 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # Default: '' # c.Spawner.notebook_dir = '' +## Allowed scopes for oauth tokens issued by this server's oauth client. +# +# This sets the maximum and default scopes +# assigned to oauth tokens issued by a single-user server's +# oauth client (i.e. tokens stored in browsers after authenticating with the server), +# defining what actions the server can take on behalf of logged-in users. +# +# Default is an empty list, meaning minimal permissions to identify users, +# no actions can be taken on their behalf. +# +# If callable, will be called with the Spawner as a single argument. +# Callables may be async. +# Default: traitlets.Undefined +# c.Spawner.oauth_client_allowed_scopes = traitlets.Undefined + +## Allowed roles for oauth tokens. +# +# Deprecated in 3.0: use oauth_client_allowed_scopes +# +# This sets the maximum and default roles +# assigned to oauth tokens issued by a single-user server's +# oauth client (i.e. tokens stored in browsers after authenticating with the server), +# defining what actions the server can take on behalf of logged-in users. +# +# Default is an empty list, meaning minimal permissions to identify users, +# no actions can be taken on their behalf. +# Default: traitlets.Undefined +# c.Spawner.oauth_roles = traitlets.Undefined + ## An HTML form for options a user can specify on launching their server. # # The surrounding `<form>` element and the submit button are already provided. @@ -1021,8 +1291,8 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' ## List of SSL alt names # -# May be set in config if all spawners should have the same value(s), or set at -# runtime by Spawner that know their names. +# May be set in config if all spawners should have the same value(s), +# or set at runtime by Spawner that know their names. # Default: [] # c.Spawner.ssl_alt_names = [] @@ -1046,6 +1316,9 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' ## Set of users that will have admin rights on this JupyterHub. # +# Note: As of JupyterHub 2.0, full admin rights should not be required, and more +# precise permissions can be managed via roles. +# # Admin users have extra privileges: # - Use the admin panel to see list of users logged in # - Add / remove users in some authenticators @@ -1057,6 +1330,7 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # # Defaults to an empty set, in which case no user has admin access. # Default: set() +# c.Authenticator.admin_users = set() c.Authenticator.admin_users = set(['admin']) c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" @@ -1064,7 +1338,8 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" # # Use this with supported authenticators to restrict which users can log in. # This is an additional list that further restricts users, beyond whatever -# restrictions the authenticator has in place. +# restrictions the authenticator has in place. Any user in this list is granted +# the 'user' role on hub startup. # # If empty, does not perform any additional restriction. # @@ -1073,28 +1348,43 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" # Default: set() # c.Authenticator.allowed_users = set() -## The max age (in seconds) of authentication info before forcing a refresh of -# user auth info. +## The max age (in seconds) of authentication info +# before forcing a refresh of user auth info. # -# Refreshing auth info allows, e.g. requesting/re-validating auth tokens. +# Refreshing auth info allows, e.g. requesting/re-validating auth +# tokens. # -# See :meth:`.refresh_user` for what happens when user auth info is refreshed -# (nothing by default). +# See :meth:`.refresh_user` for what happens when user auth info is refreshed +# (nothing by default). # Default: 300 # c.Authenticator.auth_refresh_age = 300 ## Automatically begin the login process # -# rather than starting with a "Login with..." link at `/hub/login` +# rather than starting with a "Login with..." link at `/hub/login` # -# To work, `.login_url()` must give a URL other than the default `/hub/login`, -# such as an oauth handler or another automatic login handler, registered with -# `.get_handlers()`. +# To work, `.login_url()` must give a URL other than the default `/hub/login`, +# such as an oauth handler or another automatic login handler, +# registered with `.get_handlers()`. # -# .. versionadded:: 0.8 +# .. versionadded:: 0.8 # Default: False # c.Authenticator.auto_login = False +## Automatically begin login process for OAuth2 authorization requests +# +# When another application is using JupyterHub as OAuth2 provider, it sends +# users to `/hub/api/oauth2/authorize`. If the user isn't logged in already, and +# auto_login is not set, the user will be dumped on the hub's home page, without +# any context on what to do next. +# +# Setting this to true will automatically redirect users to login if they aren't +# logged in *only* on the `/hub/api/oauth2/authorize` endpoint. +# +# .. versionadded:: 1.5 +# Default: False +# c.Authenticator.auto_login_oauth2_authorize = False + ## Set of usernames that are not allowed to log in. # # Use this with supported authenticators to restrict which users can not log in. @@ -1112,36 +1402,48 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" ## Delete any users from the database that do not pass validation # -# When JupyterHub starts, `.add_user` will be called on each user in the -# database to verify that all users are still valid. +# When JupyterHub starts, `.add_user` will be called +# on each user in the database to verify that all users are still valid. # -# If `delete_invalid_users` is True, any users that do not pass validation will -# be deleted from the database. Use this if users might be deleted from an -# external system, such as local user accounts. +# If `delete_invalid_users` is True, +# any users that do not pass validation will be deleted from the database. +# Use this if users might be deleted from an external system, +# such as local user accounts. # -# If False (default), invalid users remain in the Hub's database and a warning -# will be issued. This is the default to avoid data loss due to config changes. +# If False (default), invalid users remain in the Hub's database +# and a warning will be issued. +# This is the default to avoid data loss due to config changes. # Default: False # c.Authenticator.delete_invalid_users = False ## Enable persisting auth_state (if available). # -# auth_state will be encrypted and stored in the Hub's database. This can -# include things like authentication tokens, etc. to be passed to Spawners as -# environment variables. +# auth_state will be encrypted and stored in the Hub's database. +# This can include things like authentication tokens, etc. +# to be passed to Spawners as environment variables. # -# Encrypting auth_state requires the cryptography package. +# Encrypting auth_state requires the cryptography package. # -# Additionally, the JUPYTERHUB_CRYPT_KEY environment variable must contain one -# (or more, separated by ;) 32B encryption keys. These can be either base64 or -# hex-encoded. +# Additionally, the JUPYTERHUB_CRYPT_KEY environment variable must +# contain one (or more, separated by ;) 32B encryption keys. +# These can be either base64 or hex-encoded. # -# If encryption is unavailable, auth_state cannot be persisted. +# If encryption is unavailable, auth_state cannot be persisted. # -# New in JupyterHub 0.8 +# New in JupyterHub 0.8 # Default: False # c.Authenticator.enable_auth_state = False +## Let authenticator manage user groups +# +# If True, Authenticator.authenticate and/or .refresh_user +# may return a list of group names in the 'groups' field, +# which will be assigned to the user. +# +# All group-assignment APIs are disabled if this is True. +# Default: False +# c.Authenticator.manage_groups = False + ## An optional hook function that you can implement to do some bootstrapping work # during authentication. For example, loading user account details from an # external system. @@ -1176,20 +1478,20 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" ## Force refresh of auth prior to spawn. # -# This forces :meth:`.refresh_user` to be called prior to launching a server, to -# ensure that auth state is up-to-date. +# This forces :meth:`.refresh_user` to be called prior to launching +# a server, to ensure that auth state is up-to-date. # -# This can be important when e.g. auth tokens that may have expired are passed -# to the spawner via environment variables from auth_state. +# This can be important when e.g. auth tokens that may have expired +# are passed to the spawner via environment variables from auth_state. # -# If refresh_user cannot refresh the user auth data, launch will fail until the -# user logs in again. +# If refresh_user cannot refresh the user auth data, +# launch will fail until the user logs in again. # Default: False # c.Authenticator.refresh_pre_spawn = False ## Dictionary mapping authenticator usernames to JupyterHub users. # -# Primarily used to normalize OAuth user names to local users. +# Primarily used to normalize OAuth user names to local users. # Default: {} # c.Authenticator.username_map = {} @@ -1211,29 +1513,11 @@ c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm" #------------------------------------------------------------------------------ ## Encapsulate encryption configuration # -# Use via the encryption_config singleton below. +# Use via the encryption_config singleton below. # Default: [] # c.CryptKeeper.keys = [] ## The number of threads to allocate for encryption -# Default: 4 -# c.CryptKeeper.n_threads = 4 - -#------------------------------------------------------------------------------ -# Pagination(Configurable) configuration -#------------------------------------------------------------------------------ -## Default number of entries per page for paginated results. -# Default: 100 -# c.Pagination.default_per_page = 100 - -## Maximum number of entries per page for paginated results. -# Default: 250 -# c.Pagination.max_per_page = 250 - -#------------------------------------------------------------------------------ -# Systemdspawner config -#------------------------------------------------------------------------------ -c.SystemdSpawner.dynamic_users = True -c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}' - +# Default: 2 +# c.CryptKeeper.n_threads = 2 From 872c77d7283d8ee2e94287d6d73e35a3504f4022 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 12:17:19 -0500 Subject: [PATCH 0861/1758] jupyterhub/README.md: Clarifs & new screenshots --- roles/jupyterhub/README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 583466e04..a9588d3d9 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -9,7 +9,7 @@ * [JupyterHub changelog](https://jupyterhub.readthedocs.io/en/stable/changelog.html#changelog) * Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (unfortunately the login screen doesn't make that clear, but the teacher _does not_ need to be involved!) * A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks). - * The teacher should set and protect JupyterHub's overall `Admin` password, just in case. As with student accounts, the login screen doesn't make that clear — so just log in with username `Admin` — using any password that you want to become permanent. + * The teacher should set and protect JupyterHub's overall `Admin` password, just in case. As with student accounts, the login screen unfortunately doesn't make that clear — so just log in with username `Admin` — using any password that you want to become permanent. * Individual student folders are created in `/var/lib/private/` on the Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. @@ -26,10 +26,11 @@ In some rare circumstances, it may be necessary to restart JupyterHub's systemd sudo systemctl restart jupyterhub ``` -FYI `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated with the usual formula: +FYI `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated (and deactivated) with the usual: ``` source /opt/iiab/jupyterhub/bin/activate +(jupyterhub) root@box:~# deactivate ``` Passwords are hashed using 4096 rounds of the latest Blowfish (bcrypt's $2b$ algorithm) and stored in: @@ -48,13 +49,13 @@ NOTE: This is the only way to change the password for user 'Admin', because Cont The `Admin` user (and any users given `Admin` privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below). This logs the user out, but does not remove any of their data or home directories. The user can then set a new password in the usual way — simply by logging in. Example: -1. As a user with `Admin` privilege, click **Control Panel** in the top right of your JupyterHub: +1. As a user with `Admin` privilege, click **File > Hub Control Panel** in your JupyterHub: - ![Control panel button in notebook, top right](control-panel-button1.png) + ![image](https://user-images.githubusercontent.com/2458907/217602766-ab6a9d3c-9f92-496e-a0e8-6c18a084e960.png) -2. In the Control Panel, open the **Admin** link in the top left: +2. At the top of the Control Panel, click **Admin**: - ![Admin button in control panel, top left](admin-access-button1.png) + ![image](https://user-images.githubusercontent.com/2458907/217602473-f4f9fd40-b4c1-45e1-88c5-54c6d4b604ff.png) This opens up the JupyterHub Admin page, where you can add / delete users, start / stop peoples’ servers and see who is online. From 8d3864090e5c9cd12602e62f89591f1a65dc42c8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 12:47:39 -0500 Subject: [PATCH 0862/1758] Mention /opt/iiab/jupyterhub (3.1.1) is now ~326 MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 68f909ea7..a34c1afd6 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,7 +33,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~271 MB total, after 2 Ansible calls)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~326 MB total, after 2 Ansible calls)" pip: name: - pip From 49bad59d78efcc81d57219fe303be9d25fc3db26 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 13:02:16 -0500 Subject: [PATCH 0863/1758] Cleaner explanation on top of jupyterhub_config.py.j2 --- roles/jupyterhub/templates/jupyterhub_config.py.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index f8be9a849..32daeb53b 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -1,11 +1,11 @@ -# 2023-02-08 for /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py : +# 2023-02-08 /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py update: # https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html # -# 1) To generate this 1500+ line stub, I ran JupyterHub 3.1.1's: +# 1) To generate this 1500+ line stub, I first ran JupyterHub 3.1.1's: # /opt/iiab/jupyterhub/bin/jupyterhub --generate-config -# 2) I manually inserted 9 of IIAB's 10 legacy custom lines below, from: +# 2) Then I manually inserted 9 of IIAB's 10 legacy custom lines below, from: # grep ^c /opt/iiab/iiab/roles/jupyterhub/templates/jupyterhub_config.py.j2 -# 3) I added the following line on @jvonau's suggestion: (#3475) +# 3) Finally I added the following line on @jvonau's suggestion: (#3475) # c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" From 34effae3685f962772662066d7b9902cb75a586d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 19:26:41 -0500 Subject: [PATCH 0864/1758] jupyterhub/README.md: Explain logging, via journalctl --- roles/jupyterhub/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index a9588d3d9..6cb72b2fd 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -71,6 +71,20 @@ The `Admin` user (and any users given `Admin` privilege) can reset user password _WARNING: If on login users see "500 : Internal Server Error", you may need to remove ALL files of the form_ `/run/jupyter-johndoe-singleuser` +### Logging + +To see JupyterHub's (typically very long!) log, run: + +``` +journalctl -u jupyterhub.service +``` + +Sometimes other logs might also be available, e.g.: + +``` +journalctl -u jupyter-admin-singleuser.service +``` + ### PAWS/Jupyter Notebooks for Python Beginners While PAWS is a little bit off topic, if you have an interest in Wikipedia, please do see this 23m 42s video ["Intro to PAWS/Jupyter notebooks for Python beginners"](https://www.youtube.com/watch?v=AUZkioRI-aA&list=PLeoTcBlDanyNQXBqI1rVXUqUTSSiuSIXN&index=8) by Chico Venancio, from 2021-06-01. From 7c046c100b4c8f18a27e32df9069fc0ce96b813f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 19:31:20 -0500 Subject: [PATCH 0865/1758] jupyterhub/README.md: Tighter journalctl logging tips --- roles/jupyterhub/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 6cb72b2fd..45d39ac5c 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -76,13 +76,13 @@ _WARNING: If on login users see "500 : Internal Server Error", you may need to r To see JupyterHub's (typically very long!) log, run: ``` -journalctl -u jupyterhub.service +journalctl -u jupyterhub ``` Sometimes other logs might also be available, e.g.: ``` -journalctl -u jupyter-admin-singleuser.service +journalctl -u jupyter-admin-singleuser ``` ### PAWS/Jupyter Notebooks for Python Beginners From ec9b0b5cba743d3aab4e4da718bc1071c57f6baa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 21:08:01 -0500 Subject: [PATCH 0866/1758] jupyterhub/README.md: Clarify "Hub Control Panel" --- roles/jupyterhub/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 45d39ac5c..2ec6a0730 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -43,9 +43,9 @@ Passwords are hashed using 4096 rounds of the latest Blowfish (bcrypt's $2b$ alg Users can change their password by logging in, and then visiting URL: http://box.lan/jupyterhub/auth/change-password -NOTE: This is the only way to change the password for user 'Admin', because Control Panel > Admin (below) does not permit deletion of this account. +NOTE: This is the only way to change the password for user `Admin`, because **File > Hub Control Panel > Admin** (below) does not permit deletion of this account. -### Control Panel > Admin page, to manage other accounts +### Hub Control Panel > Admin page, to manage other accounts The `Admin` user (and any users given `Admin` privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below). This logs the user out, but does not remove any of their data or home directories. The user can then set a new password in the usual way — simply by logging in. Example: From bb85ab918f1b7b607688294a141540882021a86b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Feb 2023 21:18:16 -0500 Subject: [PATCH 0867/1758] jupyterhub/README.md: File > Hub Control Panel > Admin --- roles/jupyterhub/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 2ec6a0730..a055a55f1 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -45,7 +45,7 @@ Users can change their password by logging in, and then visiting URL: http://box NOTE: This is the only way to change the password for user `Admin`, because **File > Hub Control Panel > Admin** (below) does not permit deletion of this account. -### Hub Control Panel > Admin page, to manage other accounts +### File > Hub Control Panel > Admin, to manage accounts The `Admin` user (and any users given `Admin` privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below). This logs the user out, but does not remove any of their data or home directories. The user can then set a new password in the usual way — simply by logging in. Example: From 5bced2429faaa7101dcf99d766fc99a0b8333d0c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 9 Feb 2023 21:57:19 -0500 Subject: [PATCH 0868/1758] jupyterhub_config.py.j2: Remove unused "c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}'" --- roles/jupyterhub/templates/jupyterhub_config.py.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index 32daeb53b..6ff377a7e 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -790,7 +790,6 @@ c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" # c.JupyterHub.spawner_class = 'jupyterhub.spawner.LocalProcessSpawner' c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' c.SystemdSpawner.dynamic_users = True -c.SystemdSpawner.user_workingdir = '/opt/iiab/notebooks/{USERNAME}' ## Path to SSL certificate file for the public facing interface of the proxy # From 9dd6fb252464217365e730eded145684001430c4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 9 Feb 2023 22:21:45 -0500 Subject: [PATCH 0869/1758] jupyterhub/README.md: Link to jupyterhub/systemdspawner docs --- roles/jupyterhub/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index a055a55f1..db780e595 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -13,6 +13,7 @@ * Individual student folders are created in `/var/lib/private/` on the Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. + * Linux administrators can read more about JupyterHub's [Local Users](https://github.com/jupyterhub/systemdspawner#local-users) and [c.SystemdSpawner.dynamic_users = True](https://github.com/jupyterhub/systemdspawner#dynamic_users) ### Settings From f8efc93d0a2b1ac7cdcdb05d56d6a4b20c7fefd4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 10 Feb 2023 10:01:32 -0500 Subject: [PATCH 0870/1758] Clarify jupyterhub_config.py.j2 for #3476: "8 of IIAB's 10 legacy custom lines" --- roles/jupyterhub/templates/jupyterhub_config.py.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/roles/jupyterhub/templates/jupyterhub_config.py.j2 index 6ff377a7e..5abc7deb5 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py.j2 +++ b/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -1,9 +1,9 @@ -# 2023-02-08 /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py update: +# 2023-02-10 /opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py update: # https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html # # 1) To generate this 1500+ line stub, I first ran JupyterHub 3.1.1's: # /opt/iiab/jupyterhub/bin/jupyterhub --generate-config -# 2) Then I manually inserted 9 of IIAB's 10 legacy custom lines below, from: +# 2) Then I manually inserted 8 of IIAB's 10 legacy custom lines below, from: # grep ^c /opt/iiab/iiab/roles/jupyterhub/templates/jupyterhub_config.py.j2 # 3) Finally I added the following line on @jvonau's suggestion: (#3475) # c.ConfigurableHTTPProxy.pid_file = "/run/jupyterhub-proxy.pid" From b2e0d45f2de6b0ec7b8439c181ad9dc97b1eb769 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 15 Feb 2023 16:30:31 -0500 Subject: [PATCH 0871/1758] sugarizer-server-1.5.0 --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index f43f85374..264dbfba0 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -13,7 +13,7 @@ sugarizer_dir_version: sugarizer-1.6.0 # WAS: sugarizer-1.0, sugarizer-master sugarizer_git_version: v1.6.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases -sugarizer_server_dir_version: sugarizer-server-1.4.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0 -sugarizer_server_git_version: v1.4.0 # WAS: v1.0.1, master, dev, f27bf6acd56aba6d99116ef471ca713b0f0dfed3, v1.1.0, v1.1.1, v1.2.0, v1.3.0 +sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 +sugarizer_server_git_version: v1.5.0 # WAS: v1.0.1, master, dev, f27bf6acd56aba6d99116ef471ca713b0f0dfed3, v1.1.0, v1.1.1, v1.2.0, v1.3.0, v1.4.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer-server/commits/dev # AND https://github.com/llaske/sugarizer-server/releases From 64b02509cdff6ec46a4dcb5ce393c9d77aa3e08d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 15 Feb 2023 19:04:43 -0500 Subject: [PATCH 0872/1758] Update size(s) of /opt/iiab/sugarizer-server 1.5.0 --- roles/sugarizer/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 948c128b7..5e9cf3826 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -61,7 +61,7 @@ # CLARIF: during repeat runs of "./runrole sugarizer", this git sync shows # "changed" (whereas above git sync shows "ok"). Reason: "npm install" # (below) modifies /opt/iiab/sugarizer-server/node_modules -- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~9 MB initially, ~195+ MB later) +- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~16 MB initially, ~227+ MB later) git: repo: https://github.com/llaske/sugarizer-server dest: "{{ iiab_base }}/{{ sugarizer_server_dir_version }}" From 9468d1f83a524afa0ed3c59f7195a587c18f2dca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Feb 2023 16:06:31 -0500 Subject: [PATCH 0873/1758] mediawiki/defaults/main.yml: Version 1.39.2 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 21fd715e1..8043db2fc 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 1 +mediawiki_minor_version: 2 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 7fc222d4953499f5731947665085ef3c7ef8b315 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 24 Feb 2023 16:30:47 -0500 Subject: [PATCH 0874/1758] Revert jammy to focal for MongoDB 5.0.5 collateral on arm64/aarch64 --- roles/gitea/defaults/main.yml | 2 +- roles/mongodb/defaults/main.yml | 13 ++++++++++++- roles/mongodb/tasks/install.yml | 33 ++++++++++++++++++--------------- 3 files changed, 31 insertions(+), 17 deletions(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 2a620f8cc..938b87252 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -17,7 +17,7 @@ iset_suffixes: armv6l: arm-6 armv7l: arm-6 # "arm-7" used to work, but no longer since 2019-04-20's Gitea 1.8.0: https://github.com/iiab/iiab/issues/1673 https://github.com/iiab/iiab/pull/1713 -- 2019-07-31: ARM7 support will return at some point, according to: https://github.com/go-gitea/gitea/pull/7037#issuecomment-516735216 (what about ARM8 support for RPi 4?) -gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown') }}" +gitea_iset_suffix: "{{ iset_suffixes[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" gitea_integrity_url: "{{ gitea_download_url }}.asc" diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 0cace8905..a5e2455d3 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,7 +20,18 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 6.0 # 2022-10-23: 4.4 fails on Debian 12 x86_64: +mongodb_arch_dict: + armv6l: unsupported # WAS: 3.0 + armv7l: unsupported # WAS: 3.0 + aarch64: 5.0 + i386: unsupported + x86_64: 6.0 + +mongodb_version: "{{ mongodb_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) + +#mongodb_arm64_version: 5.0 # 2023-02-24: MongoDB 6.0.4 fails to install on +# # 64-bit RasPiOS 11, as it doesn't offer libssl3. +#mongodb_amd64_version: 6.0 # 2022-10-23: 4.4 fails on Debian 12 x86_64: # "No package matching 'mongodb-org' is available". 5.0+ fail on "pre-2011" # CPU's w/o AVX, and on RPi due to MongoDB compiling these for v8.2-A (RPi 4 is # ARM v8-A). SO IIAB ALWAYS OVERLAYS andyfelong.com's 5.0.5 IF 5.0+ SPECIFIED. diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 048601b16..82fab2e9a 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -16,6 +16,9 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) +# 2023-02-24: ALL 54 LINES BELOW (e.g. for 32-bit RasPiOS) MAY NEED TO BE +# REMOVED SOON, due to Sugarizer Server 1.5.0's new MongoDB 3.2+ REQUIREMENT: +# https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170 - block: - name: Create dir /tmp/mongodb-3.0.1x (aarch32) file: @@ -71,18 +74,18 @@ # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") -# 32-bit OS's are handled above: this should handle aarch32 including 32-bit +# 32-bit OS's [WERE] handled above: this should handle aarch32 including 32-bit # Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and # 22.04+ 32-bit might fail untested, and 32-bit Intel might puke as this was # orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel # installers for a while now.) 64-bit OS's proceed below. - block: - - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} + - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg - #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg + #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | apt-key add - + #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_version }}.asc | apt-key add - #args: # warn: no # Ansible 2.14 ERROR: @@ -94,15 +97,15 @@ # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_64bit_version }}, if x86_64 Debian < 12 + - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if x86_64 Debian < 12 apt_repository: # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye # 11 and Bookworm 12 (testing branch) revert to buster for now: # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as # this was recently added to https://repo.mongodb.org/apt/debian/dists/ - repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main - #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main + #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main #filename: mongodb-org when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" @@ -117,10 +120,10 @@ # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - - name: Otherwise, install mongodb-org's Ubuntu jammy source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} + - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_version }} apt_repository: - repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_64bit_version }} multiverse - #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse + repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse #filename: mongodb-org when: not (is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64") #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') @@ -250,16 +253,16 @@ # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future command: apt-mark hold mongodb-org mongodb-org-server - when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') - - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin unarchive: remote_src: yes src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" dest: /usr/bin - when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') # end block when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" From 57326cebcefbd9ae783369fea0b2fd4df2541868 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 03:42:23 -0500 Subject: [PATCH 0875/1758] Set WiFi firmware in /lib/firmware/cypress --- roles/firmware/tasks/download.yml | 37 +++++++++++----- roles/firmware/tasks/install.yml | 46 ++++++++++++-------- roles/firmware/templates/iiab-check-firmware | 22 +++++----- vars/default_vars.yml | 6 ++- vars/local_vars_large.yml | 6 ++- vars/local_vars_medium.yml | 6 ++- vars/local_vars_small.yml | 6 ++- 7 files changed, 79 insertions(+), 50 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 949ad3583..ffbd7c6fa 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -1,23 +1,36 @@ -- name: Back up 4 OS-provided WiFi firmware files (or symlinks) to /lib/firmware/brcm/*.orig - copy: - src: /lib/firmware/brcm/{{ item }} - dest: /lib/firmware/brcm/{{ item }}.orig +# 2023-02-24: MONITOR FIRMWARE UPDATES in 3 places especially: +# +# 1. apt changelog firmware-brcm80211 +# https://github.com/RPi-Distro/firmware-nonfree +# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages +# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_* +# 2. apt changelog linux-firmware-raspi +# https://packages.ubuntu.com/search?keywords=linux-firmware-raspi +# 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml + +#- name: Back up 4 OS-provided WiFi firmware files (incl symlink contents) to /lib/firmware/cypress/*.orig +- name: Back up 4 OS-provided WiFi firmware files (or preserve symlinks) to /lib/firmware/cypress/*.orig + # copy: + # src: /lib/firmware/cypress/{{ item }} + # dest: /lib/firmware/cypress/{{ item }}.orig + # local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... + command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig with_items: - - brcmfmac43430-sdio.bin - - brcmfmac43430-sdio.clm_blob - - brcmfmac43455-sdio.bin - - brcmfmac43455-sdio.clm_blob - ignore_errors: yes + - cyfmac43430-sdio.bin + - cyfmac43430-sdio.clm_blob + - cyfmac43455-sdio.bin + - cyfmac43455-sdio.clm_blob + #ignore_errors: yes - name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: url: "{{ iiab_download_url }}/{{ item }}" - dest: /lib/firmware/brcm/ + dest: /lib/firmware/cypress/ timeout: "{{ download_timeout }}" with_items: - - brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin + - brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- SAME AS RASPIOS & UBUNTU'S https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 - - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- SAME AS RASPIOS & UBUNTU'S https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index c0fcfa532..2db1d0bbd 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -4,61 +4,69 @@ # Set 2 symlinks for RPi 3 B+ and 4 (43455) +# COMPARE: update-alternatives --display cyfmac43455-sdio.bin +# https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml#L3-L6 -- name: Populate rpi3bplus_rpi4_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/brcm) +- name: Populate rpi3bplus_rpi4_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/cypress) set_fact: rpi3bplus_rpi4_wifi_firmwares: # Dictionary keys (left side) are always strings, e.g. "19" os: - - brcmfmac43455-sdio.bin.orig - - brcmfmac43455-sdio.clm_blob.orig + - cyfmac43455-sdio.bin.orig # 2023-02-25: 7.45.241 from 2021-11-01 on Ubuntu 22.04.2 too (cyfmac43455-sdio-standard.bin) + - cyfmac43455-sdio.clm_blob.orig # On Ubuntu 22.04.2 too (brcmfmac43455-sdio.clm_blob_2021-11-17_rpi) + ub: + - cyfmac43455-sdio.bin.distrib # 2023-02-25: STALE 7.45.234 from 2021-04-15; on Ubuntu 22.04.2 NOT RasPiOS + - cyfmac43455-sdio.clm_blob.distrib # 4.7K instead of 2.7K w/ above "os" 19: - - brcmfmac43455-sdio.bin_2021-11-30_minimal - - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi + - brcmfmac43455-sdio.bin_2021-11-30_minimal # On Ubuntu 22.04.2 too (cyfmac43455-sdio-minimal.bin) + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # On Ubuntu 22.04.2 too (cyfmac43455-sdio.clm_blob) 24: - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal - - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # On Ubuntu 22.04.2 too (cyfmac43455-sdio.clm_blob) 32: - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 - - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi + - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi # 14K instead of 2.7K w/ above "os" -- name: Symlink /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43455-sdio.bin.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") file: src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][0] }}" - path: /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab + path: /lib/firmware/cypress/cyfmac43455-sdio.bin.iiab state: link force: yes -- name: Symlink /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43455-sdio.clm_blob.iiab -> {{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }} (as rpi3bplus_rpi4_wifi_firmware is "{{ rpi3bplus_rpi4_wifi_firmware }}") file: src: "{{ rpi3bplus_rpi4_wifi_firmwares[rpi3bplus_rpi4_wifi_firmware][1] }}" - path: /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab + path: /lib/firmware/cypress/cyfmac43455-sdio.clm_blob.iiab state: link force: yes # Set 2 symlinks for RPi Zero W and 3 (43430) -- name: Populate rpizerow_rpi3_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/brcm) +- name: Populate rpizerow_rpi3_wifi_firmwares dictionary (lookup table for operator-chosen .bin and .clm_blob files in /lib/firmware/cypress) set_fact: rpizerow_rpi3_wifi_firmwares: os: - - brcmfmac43430-sdio.bin.orig - - brcmfmac43430-sdio.clm_blob.orig + - cyfmac43430-sdio.bin.orig # 2023-02-25: 7.45.98 from 2021-07-19 on Ubuntu 22.04.2 too + - cyfmac43430-sdio.clm_blob.orig # On Ubuntu 22.04.2 too + ub: + - cyfmac43430-sdio.bin.distrib # 2023-02-25: STALE 7.45.98.118 from 2021-03-30; on Ubuntu 22.04.2 NOT RasPiOS + - cyfmac43430-sdio.clm_blob.distrib # Identical to above 4.7K cyfmac43430-sdio.clm_blob 30: - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 - - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 + - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 # 14K instead of 4.7K w/ above "os" & "ub" -- name: Symlink /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43430-sdio.bin.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") file: src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][0] }}" - path: /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab + path: /lib/firmware/cypress/cyfmac43430-sdio.bin.iiab state: link force: yes -- name: Symlink /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") +- name: Symlink /lib/firmware/cypress/cyfmac43430-sdio.clm_blob.iiab -> {{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }} (as rpizerow_rpi3_wifi_firmware is "{{ rpizerow_rpi3_wifi_firmware }}") file: src: "{{ rpizerow_rpi3_wifi_firmwares[rpizerow_rpi3_wifi_firmware][1] }}" - path: /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab + path: /lib/firmware/cypress/cyfmac43430-sdio.clm_blob.iiab state: link force: yes diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index b26810440..e47982069 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -14,29 +14,29 @@ iiab_var_value() { } link_fw() { - if [[ $(readlink /lib/firmware/brcm/$1) != $1.iiab ]] ; then - echo - mv /lib/firmware/brcm/$1 /lib/firmware/brcm/$1.$(date +%F-%T) - ln -s $1.iiab /lib/firmware/brcm/$1 - echo -e "\e[1mSymlinked /lib/firmware/brcm/$1 -> $1.iiab\e[0m" - touch /tmp/.fw_modified + if [[ $(readlink /lib/firmware/cypress/$1) != $1.iiab ]] ; then + echo + mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) + ln -s $1.iiab /lib/firmware/cypress/$1 + echo -e "\e[1mSymlinked /lib/firmware/cypress/$1 -> $1.iiab\e[0m" + touch /tmp/.fw_modified fi } if [[ $(iiab_var_value rpi3bplus_rpi4_wifi_firmware) != "os" ]] ; then - link_fw brcmfmac43455-sdio.bin - link_fw brcmfmac43455-sdio.clm_blob + link_fw cyfmac43455-sdio.bin + link_fw cyfmac43455-sdio.clm_blob fi if [[ $(iiab_var_value rpizerow_rpi3_wifi_firmware) != "os" ]] ; then - link_fw brcmfmac43430-sdio.bin - link_fw brcmfmac43430-sdio.clm_blob + link_fw cyfmac43430-sdio.bin + link_fw cyfmac43430-sdio.clm_blob fi if [ -f /tmp/.fw_modified ]; then bash /etc/profile.d/iiab-firmware-warn.sh else - echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/brcm appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" + echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/cypress appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" echo echo -e "\e[100;1m(No reboot appears necessary!)\e[0m" echo diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 122128278..274771ae1 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -131,9 +131,10 @@ hostapd_enabled: True # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -143,7 +144,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1a301ed60..2ea331221 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index e8d8b1f5e..a290fd426 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index aef176b4e..fed0751eb 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi From 4831fd6d7e77ff84eb61c28d609554ce9a4c7d87 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 13:55:41 -0500 Subject: [PATCH 0876/1758] CLARIF: full backup of symlinks + later "doubly timestamped" symlink contents --- roles/firmware/tasks/download.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index ffbd7c6fa..0285fda80 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -9,18 +9,18 @@ # 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml #- name: Back up 4 OS-provided WiFi firmware files (incl symlink contents) to /lib/firmware/cypress/*.orig -- name: Back up 4 OS-provided WiFi firmware files (or preserve symlinks) to /lib/firmware/cypress/*.orig +- name: Back up 4 OS-provided WiFi firmware files (or replicate symlinks) to /lib/firmware/cypress/*.orig -- NOTE that "doubly timestamped" copies (incl any symlinks' contents!) are ALSO made by iiab-check-firmware -- as firmware install completes # copy: # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig - # local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig + # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... + command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, but so far unnec) with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob - cyfmac43455-sdio.bin - cyfmac43455-sdio.clm_blob - #ignore_errors: yes + #ignore_errors: yes # 2023-02-25: Let's INTENTIONALLY surface any errors, e.g. if any future RasPiOS or Ubuntu-on-Rpi lack some of the above 4 files/links? - name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: From d09046b5015262f0c3ff483b61e4dffca3d25997 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 15:41:08 -0500 Subject: [PATCH 0877/1758] roles/firmware for WiFi hotspot: Update in-line docs --- roles/firmware/tasks/download.yml | 11 +++++---- roles/firmware/tasks/install.yml | 2 +- roles/firmware/tasks/main.yml | 24 +++++++++++-------- roles/firmware/templates/iiab-check-firmware | 8 +++---- .../templates/gateway/iiab-gen-iptables | 4 ++-- roles/openvpn/templates/iiab-support | 4 ++-- 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 0285fda80..5ef80332d 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -1,9 +1,12 @@ -# 2023-02-24: MONITOR FIRMWARE UPDATES in 3 places especially: +# 2023-02-25: MONITOR FIRMWARE UPDATES in 3 places especially... # # 1. apt changelog firmware-brcm80211 -# https://github.com/RPi-Distro/firmware-nonfree -# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages -# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_* +# https://github.com/RPi-Distro/firmware-nonfree -> debian/config/brcm80211 (brcm, cypress) +# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages (1.1MB text file, look inside for summary of latest firmware-brcm80211) +# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/ -> firmware-brcm80211_* e.g.: +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 +# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20221012-1~bpo11+1+rpt1_all.deb from 2022-11-17 # 2. apt changelog linux-firmware-raspi # https://packages.ubuntu.com/search?keywords=linux-firmware-raspi # 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 2db1d0bbd..6ce042cee 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -81,7 +81,7 @@ - { src: 'iiab-check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } - { src: 'iiab-firmware-warn.sh', dest: '/etc/profile.d/', mode: '0644' } -- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) +- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) -- creating our 2-or-4 key simlink chains e.g. /lib/firmware/cypress/X.{bin|blob} -> /lib/firmware/cypress/X.{bin|blob}.iiab -> CHOSEN-FIRMWARE-FILE-OR-LINK systemd: name: iiab-check-firmware.service daemon_reload: yes diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index 3e33890ba..dfd094acb 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -3,18 +3,22 @@ # client devices that can access your Raspberry Pi's internal WiFi hotspot. # If IIAB's already installed, you should then run 'cd /opt/iiab/iiab' and -# then 'sudo ./runrole firmware' (do run iiab-check-firmware for more tips!) - -# BACKGROUND AS OF 2022-01-10: -# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 -# https://github.com/iiab/iiab/issues/2853#issuecomment-957836892 -# https://github.com/iiab/iiab/pull/3103 -# https://github.com/RPi-Distro/firmware-nonfree/tree/bullseye/debian/config/brcm80211 (brcm, cypress) -# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 -# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 +# then 'sudo ./runrole firmware' (DO RUN iiab-check-firmware FOR MORE TIPS!) +# 2018-2023 Background & Progress: +# +# Raspberry Pi 3 used to support 32 WiFi connections but is now limited to [4-10] +# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 +# Opinions about Pi 4B/3B+ WiFi features [practical AP firmware for schools!] +# https://github.com/iiab/iiab/issues/2853#issuecomment-957836892 +# RPi WiFi hotspot firmware reliability fix, incl new/better choices for 3B+ & 4 +# https://github.com/iiab/iiab/pull/3103 +# Set WiFi firmware in /lib/firmware/cypress due to RasPiOS & Ubuntu changes +# https://github.com/iiab/iiab/pull/3482 # RISK: What USB 3.0 stick/drive patterns degrade a Raspberry Pi's 2.4GHz WiFi? -# https://github.com/iiab/iiab/issues/2638 +# https://github.com/iiab/iiab/issues/2638 + +# ► SEE "MONITOR FIRMWARE UPDATES in 3 places especially" in tasks/download.yml ◄ - name: Install firmware (for RPi internal WiFi) include_tasks: install.yml diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index e47982069..9da0135af 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -1,10 +1,10 @@ #!/bin/bash -# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml +# 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 -# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN iiab_var_value() { @@ -16,7 +16,7 @@ iiab_var_value() { link_fw() { if [[ $(readlink /lib/firmware/cypress/$1) != $1.iiab ]] ; then echo - mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) + mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) # i.e. "doubly timestamping" to preserve BOTH last-modif & moving date ln -s $1.iiab /lib/firmware/cypress/$1 echo -e "\e[1mSymlinked /lib/firmware/cypress/$1 -> $1.iiab\e[0m" touch /tmp/.fw_modified @@ -36,7 +36,7 @@ fi if [ -f /tmp/.fw_modified ]; then bash /etc/profile.d/iiab-firmware-warn.sh else - echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/cypress appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#2853.\e[0m" + echo -e "\n\e[1mWiFi Firmware links in /lib/firmware/cypress appear \e[92mCORRECT\e[0m\e[1m, per iiab/iiab#3482\e[0m" echo echo -e "\e[100;1m(No reboot appears necessary!)\e[0m" echo diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index b11cd4fca..0a8b6a80e 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -34,11 +34,11 @@ IPTABLES=/usr/sbin/iptables IPTABLES_DATA=/etc/sysconfig/iptables {% endif %} -# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml +# 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 -# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 4ba4d70a3..1d88a66b4 100755 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -10,11 +10,11 @@ DEBUG=false # Using /usr/bin/true or /usr/bin/false PLAYBOOK="install-support.yml" INVENTORY="ansible_hosts" -# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml +# 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 -# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # PARSE local_vars.yml JUST AS Ansible & /etc/openvpn/scripts/announcer DO: From ae5daf58300e2cfdff24a3bfe22c12f4a6b2c4b4 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 15:52:54 -0500 Subject: [PATCH 0878/1758] vars/local_vars_unittest.yml: Update WiFi firmware options --- vars/local_vars_unittest.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 533c5657d..721f7e457 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -74,9 +74,10 @@ hostapd_password: changeme # espec if WiFi firmware patched below? #2696 # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or -# 32 on older OS's from 2020) using EXACTLY 1 of the 4 lines below: +# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 +#rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's @@ -86,7 +87,8 @@ rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # -rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98.118 +rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 +#rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi From c591ed16c32e34f6b2cc5521caf0894cede12625 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 19:17:27 -0500 Subject: [PATCH 0879/1758] Refine PR #3481: MongoDB for aarch64 Ubuntu 22+ or Debian 12+ --- roles/mongodb/tasks/install.yml | 69 +++++++++++++++++++++++++++++---- 1 file changed, 62 insertions(+), 7 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 82fab2e9a..3f9bd1854 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -16,9 +16,9 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) -# 2023-02-24: ALL 54 LINES BELOW (e.g. for 32-bit RasPiOS) MAY NEED TO BE -# REMOVED SOON, due to Sugarizer Server 1.5.0's new MongoDB 3.2+ REQUIREMENT: -# https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170 +- debug: + msg: '9-STANZA BLOCK BELOW, RUNS *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") -- WILL LIKELY BE REMOVED SOON IN 2023, as MongoDB 3.0.1 is insufficient for Sugarizer Server 1.5.0''s new MongoDB 3.2+ REQUIREMENT: https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170' + - block: - name: Create dir /tmp/mongodb-3.0.1x (aarch32) file: @@ -72,7 +72,10 @@ - /var/log/mongodb # end block - when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") + when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + +- debug: + msg: 9-STANZA BLOCK ABOVE, RAN *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") # 32-bit OS's [WERE] handled above: this should handle aarch32 including 32-bit # Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and @@ -80,6 +83,10 @@ # orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel # installers for a while now.) 64-bit OS's proceed below. + +- debug: + msg: 15-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + - block: - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 @@ -130,6 +137,7 @@ #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') #when: not (is_debian and ansible_architecture == "x86_64") + # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix @@ -141,11 +149,52 @@ # sudo apt-get install libssl1.1 # rm /etc/apt/sources.list.d/focal-security.list - # 2023-01-19: Retrofitting libssl1.1 onto Ubuntu 22.04+ and Debian 12 is no - # longer nec (certainly on x86_64, and hopefully sufficiently across the - # board?) as MongoDB can finally use libssl3 instead, since 2022-11-15: + # 2023-02-25: RETROFITTING libssl1.1 STILL NEC on Ubuntu 22.04+ and Debian 12+ + # *IF* MongoDB < 6.0 (e.g. RPi, where MongoDB 6.0 is a complete non-starter!) + # + # Whereas libssl1.1 is thankfully NO LONGER NEC on x86_64, where MongoDB can + # finally use libssl3 instead, since 2022-11-15: # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + - debug: + msg: 5-STANZA BLOCK FOLLOWS, TO FORCE INSTALL libssl1.1 -- runs *IF* mandated mongodb_version ({{ mongodb_version }}) < 6.0 (i.e. for aarch64/arm64) on Ubuntu 22.04+ or Debian 12+ -- whereas Linux Mint should never need libssl1.1 + + - block: + + - name: Install OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + when: is_ubuntu + + - name: Install OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + when: is_debian + + - name: Force install libssl1.1 + package: + name: libssl1.1 + state: present + + - name: Remove OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + state: absent + when: is_debian + + - name: Remove OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + state: absent + when: is_ubuntu + + when: mongodb_version is version('6.0', '<') and (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_debian_12 and os_ver is version('debian-12', '>=')) + + - debug: + msg: 5-STANZA BLOCK ABOVE, RAN *IF* FORCED INSTALL OF libssl1.1 WAS NEEDED + # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 # apt_repository: # repo: deb http://security.ubuntu.com/ubuntu focal-security main @@ -189,6 +238,7 @@ # #filename: focal-security # 100% IGNORED during repo deletion # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 # apt_repository: @@ -212,6 +262,7 @@ # filename: mongodb-org # when: is_ubuntu and not is_linuxmint + - name: "Install packages: mongodb-org, mongodb-org-server" package: name: @@ -232,6 +283,7 @@ regexp: '^\s*port:' line: " port: {{ mongodb_port }}" # 27017 + # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 # ...as ARM v8-A < ARM v8.2-A ...also reveals: @@ -267,6 +319,9 @@ # end block when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" +- debug: + msg: 15-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + # 2. CONFIGURE MongoDB FOR IIAB From 314631bb3e7e1950adb6f418b211c324bea980bd Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Feb 2023 21:16:17 -0500 Subject: [PATCH 0880/1758] roles/firmware: Tighten up in-line explanations --- roles/firmware/tasks/download.yml | 10 +++++----- roles/firmware/tasks/install.yml | 2 +- roles/firmware/templates/iiab-check-firmware | 16 +++++++++++++++- roles/firmware/templates/iiab-firmware-warn.sh | 2 +- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 5ef80332d..5e4027623 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -2,22 +2,22 @@ # # 1. apt changelog firmware-brcm80211 # https://github.com/RPi-Distro/firmware-nonfree -> debian/config/brcm80211 (brcm, cypress) -# http://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages (1.1MB text file, look inside for summary of latest firmware-brcm80211) -# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/ -> firmware-brcm80211_* e.g.: +# https://archive.raspberrypi.org/debian/dists/bullseye/main/binary-arm64/Packages (1.1MB text file, look inside for summary of latest firmware-brcm80211) +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/ -> firmware-brcm80211_* e.g.: # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20190114-1+rpt11_all.deb from 2021-01-25 # https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20210315-3+rpt4_all.deb from 2021-12-06 -# http://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20221012-1~bpo11+1+rpt1_all.deb from 2022-11-17 +# https://archive.raspberrypi.org/debian/pool/main/f/firmware-nonfree/firmware-brcm80211_20221012-1~bpo11+1+rpt1_all.deb from 2022-11-17 # 2. apt changelog linux-firmware-raspi # https://packages.ubuntu.com/search?keywords=linux-firmware-raspi # 3. https://github.com/moodlebox/moodlebox/blob/main/roles/accesspoint/tasks/main.yml #- name: Back up 4 OS-provided WiFi firmware files (incl symlink contents) to /lib/firmware/cypress/*.orig -- name: Back up 4 OS-provided WiFi firmware files (or replicate symlinks) to /lib/firmware/cypress/*.orig -- NOTE that "doubly timestamped" copies (incl any symlinks' contents!) are ALSO made by iiab-check-firmware -- as firmware install completes +- name: Back up 4 OS-provided WiFi firmware files (replicate any symlinks) to /lib/firmware/cypress/*.orig -- /usr/bin/iiab-check-firmware will later do similar (e.g. as firmware install completes) -- moving 2-or-4 of these to <ORIGINAL FILENAME>.YYYY-MM-DD-HH:MM:SS ("doubly timestamping" to preserve BOTH last-modif & moving date) # copy: # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - command: cp -P /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, but so far unnec) + command: cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 6ce042cee..4f323ca72 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -81,7 +81,7 @@ - { src: 'iiab-check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } - { src: 'iiab-firmware-warn.sh', dest: '/etc/profile.d/', mode: '0644' } -- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) -- creating our 2-or-4 key simlink chains e.g. /lib/firmware/cypress/X.{bin|blob} -> /lib/firmware/cypress/X.{bin|blob}.iiab -> CHOSEN-FIRMWARE-FILE-OR-LINK +- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) -- finalizing 2-or-4 symlink chains e.g. /lib/firmware/cypress/X.{bin|blob} -> /lib/firmware/cypress/X.{bin|blob}.iiab -> CHOSEN-FIRMWARE-FILE-OR-LINK systemd: name: iiab-check-firmware.service daemon_reload: yes diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index 9da0135af..a7a36a626 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -1,5 +1,19 @@ #!/bin/bash +# The 1st time /usr/bin/iiab-check-firmware runs (at the end of +# firmware/tasks/install.yml) 2-4 lynchpin top links are put in place, +# finalizing symlink chains like: +# +# /lib/firmware/cypress/X.{bin|blob} -> +# /lib/firmware/cypress/X.{bin|blob}.iiab -> +# CHOSEN-FIRMWARE-FILE-OR-LINK +# +# Also backing up top-of-chain originals (file or link!) by moving these to: +# +# /lib/firmware/cypress/<ORIGINAL FILENAME>.YYYY-MM-DD-HH:MM:SS +# +# NOTE these are "doubly timestamped" to preserve BOTH last-modif & moving date. + # 2023-02-25: bash scripts using default_vars.yml &/or local_vars.yml # https://github.com/iiab/iiab-factory/blob/master/iiab # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 @@ -16,7 +30,7 @@ iiab_var_value() { link_fw() { if [[ $(readlink /lib/firmware/cypress/$1) != $1.iiab ]] ; then echo - mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) # i.e. "doubly timestamping" to preserve BOTH last-modif & moving date + mv /lib/firmware/cypress/$1 /lib/firmware/cypress/$1.$(date +%F-%T) ln -s $1.iiab /lib/firmware/cypress/$1 echo -e "\e[1mSymlinked /lib/firmware/cypress/$1 -> $1.iiab\e[0m" touch /tmp/.fw_modified diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index dd2c34dba..f9507496b 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -1,7 +1,7 @@ #!/bin/bash if [ -f /tmp/.fw_modified ]; then - echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" + echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#3482: PLEASE REBOOT!\e[0m" echo echo -e "If you want this warning to stop, reboot to remove /tmp/.fw_modified\n" fi From 665f403565faf330f4c62be72ac347e84b26f9cf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Feb 2023 20:20:04 -0500 Subject: [PATCH 0881/1758] pbx/README.adoc: Louder PHP 7.4 requirement WARNING! --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index bef5c3924..19022571e 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11, or Raspberry Pi OS 11 "Bullseye"]. +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 1165dc715f3dc83165750b8ed60b6c15c819b831 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Feb 2023 20:39:58 -0500 Subject: [PATCH 0882/1758] pbx/README.adoc: Will FreePBX 17 arrive by ~2024 to solve the PHP 8 dilemma? --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 19022571e..babfde19c 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 7d9e1fc62a8eaf38150c4682e2f5feaa447a6dac Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 28 Feb 2023 09:46:17 -0500 Subject: [PATCH 0883/1758] Recommend ansible-core 2.14.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 48ed3ff61..8c085a038 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.2] -GOOD_VER=2.14.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.3] +GOOD_VER=2.14.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From ba8ea3c72c99056fcaef1de989b88f277e020eeb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 1 Mar 2023 14:07:31 -0500 Subject: [PATCH 0884/1758] README.md: Fix RPi images link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cf71d76e3..a16a4437d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.i Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). -- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. +- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. Our [HOW-TO videos](https://www.youtube.com/channel/UC0cBGCxr_WPBPa3IqPVEe3g) can be very helpful and the [Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) wiki page has more intricate details e.g. if you're trying to install Internet-in-a-Box (IIAB) onto a [another Linux](https://github.com/iiab/iiab/wiki/IIAB-Platforms) that has not yet been tried. From 2786eedcb7396be77e19a897d8712a19d7cd4709 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Mar 2023 21:29:03 -0500 Subject: [PATCH 0885/1758] MongoDB: Use jammy repo on amd64 (unless Debian 11) --- roles/mongodb/tasks/install.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 3f9bd1854..8286c6aa3 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -85,7 +85,7 @@ - debug: - msg: 15-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + msg: 16-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" - block: - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} @@ -116,7 +116,11 @@ #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main #filename: mongodb-org when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" - #when: is_debian and ansible_architecture == "x86_64" + + - name: Install mongodb-org's Ubuntu jammy source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if other x86_64 OS + apt_repository: + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_version }} multiverse + when: not (is_debian and os_ver is version('debian-12', '<')) and ansible_architecture == "x86_64" # 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on # MongoDB 6.0.3 (released 2022-11-15) instructions here: @@ -127,12 +131,13 @@ # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_version }} + - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=arm64 ] for MongoDB version {{ mongodb_version }} apt_repository: - repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + repo: deb [ arch=arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse #filename: mongodb-org - when: not (is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64") + when: not ansible_architecture == "x86_64" #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') #when: not (is_debian and ansible_architecture == "x86_64") @@ -320,7 +325,7 @@ when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" - debug: - msg: 15-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + msg: 16-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) # 2. CONFIGURE MongoDB FOR IIAB From 12d7397ff746b89088ff0bac04fa0756ac80fb2a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 8 Mar 2023 00:27:22 -0500 Subject: [PATCH 0886/1758] iiab-diagnostics: Report /lib/firmware/cypress/* not brcm --- scripts/iiab-diagnostics | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f1990d25d..89ddd3311 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -110,10 +110,10 @@ function cat_cmd() { # $1 = command + params, $2 = explanation if [[ $path_cmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else - bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! - #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. + bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/cypress/*43455*' etc! + #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/cypress/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. #eval $1 >> $outfile # Should be identical to below, i.e. insufficient -- "eval" combine ARGs into a single string. - #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT globbing like 'ls -l /lib/firmware/brcm/*43455*' FAILS to output lines w/ filenames that contain spaces (ugly IFS issues!) + #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT globbing like 'ls -l /lib/firmware/cypress/*43455*' FAILS to output lines w/ filenames that contain spaces (ugly IFS issues!) fi echo >> $outfile } @@ -221,8 +221,8 @@ cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' -cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' -cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' cat_cmd 'env' 'Environment variables' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' From bdd08b9b6ddf8ae4d60ea23cdc5e95b05e48efe8 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 15 Mar 2023 17:05:46 -0400 Subject: [PATCH 0887/1758] Add Haitian Creole as Kolibri's 32nd languages --- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 2ea331221..f146713fc 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -289,7 +289,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a290fd426..bdf2b5bf0 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -289,7 +289,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index fed0751eb..1e662400a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -289,7 +289,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 721f7e457..61bc68071 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -289,7 +289,7 @@ kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: False From 4750badc4eb62273d2ffdf270b06fa73a5bab38c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 16 Mar 2023 21:28:42 -0400 Subject: [PATCH 0888/1758] Force 'pip install ansible-core' on Python 3.11+ --- scripts/ansible | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 8c085a038..47488d836 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -186,15 +186,15 @@ if uname -m | grep -q 64; then # https://github.com/iiab/iiab/pull/3022 pip3 config --global set global.no-cache-dir false echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 + pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 else # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" # $APT_PATH/apt -y --allow-downgrades install ansible-core pip3 config --global set global.no-cache-dir false echo -e "\n\n'pip3 install cryptography==37.0.4' will now run:\n" - pip3 install cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org + pip3 install --break-system-packages cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 + pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 fi # (Re)running collection installs appears safe, with --force-with-deps to force From 7ce3881f5c58800759ba009b13813de0b902b7ed Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 00:42:37 -0400 Subject: [PATCH 0889/1758] Fix PR #3491 to install ansible-core on all OS's as Python 3.11+ proliferates --- scripts/ansible | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 47488d836..b52cbe743 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -179,24 +179,22 @@ $APT_PATH/apt -y install python3-pip #$APT_PATH/apt -y --allow-downgrades install ansible-core -if uname -m | grep -q 64; then - # 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip - # cache system-wide before installing: - # https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 - # https://github.com/iiab/iiab/pull/3022 - pip3 config --global set global.no-cache-dir false - echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 -else -# echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" -# $APT_PATH/apt -y --allow-downgrades install ansible-core - pip3 config --global set global.no-cache-dir false - echo -e "\n\n'pip3 install cryptography==37.0.4' will now run:\n" - pip3 install --break-system-packages cryptography==37.0.4 # latest compatible with ansible-core available via piwheels.org - echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" - pip3 install --break-system-packages --upgrade ansible-core # ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +# 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip +# cache system-wide before installing: +# https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 +# https://github.com/iiab/iiab/pull/3022 +pip3 config --global set global.no-cache-dir false + +if ! uname -m | grep -q 64; then + # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" + # $APT_PATH/apt -y --allow-downgrades install ansible-core + echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" + pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" fi +echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new: https://github.com/pypa/pip/pull/11780 + # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support # explicit upgrading of collections (--upgrade / -U flag) in version "2.11" From 62543814da6047d0c5097d2584aaa93b935347d9 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 00:53:57 -0400 Subject: [PATCH 0890/1758] scripts/ansible FYI: pip's --break-system-packages is new (Feb 2023) --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index b52cbe743..5caf055df 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -193,7 +193,7 @@ if ! uname -m | grep -q 64; then fi echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 -pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new: https://github.com/pypa/pip/pull/11780 +pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 38e99031d73bdabcd4f657999595e0a919315472 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 17 Mar 2023 06:10:08 -0500 Subject: [PATCH 0891/1758] virtual env for ansible --- scripts/ansible | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 5caf055df..e308dac6a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -160,10 +160,10 @@ fi ###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' ###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) -echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" +#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" #echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" -$APT_PATH/apt update -$APT_PATH/apt -y install python3-pip +#$APT_PATH/apt update +#$APT_PATH/apt -y install python3-pip # 2021-07-29: # 'python3-packaging' dropped for now @@ -185,15 +185,28 @@ $APT_PATH/apt -y install python3-pip # https://github.com/iiab/iiab/pull/3022 pip3 config --global set global.no-cache-dir false -if ! uname -m | grep -q 64; then +#if ! uname -m | grep -q 64; then # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" # $APT_PATH/apt -y --allow-downgrades install ansible-core - echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" - pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" -fi +# echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" +# pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" +#fi -echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 -pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 +#echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 +#pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 + +echo -e "\napt update; apt install python3-venv" +$APT_PATH/apt update +$APT_PATH/apt -y install python3-venv + +echo -e "Create virtual envinronment for ansible" +python3 -m venv /usr/local/ansible +/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core +echo -e "Place ansible on path using symlinks" +cd /usr/local/ansible/bin +for bin in $(ls ansible*); do + ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin +done # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 007df549ab8144c6fbd2b7ba2ec75800b8b23b86 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 17 Mar 2023 17:41:04 -0500 Subject: [PATCH 0892/1758] Update scripts/ansible Co-authored-by: A Holt <holta@users.noreply.github.com> --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index e308dac6a..0b88f97f1 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -199,7 +199,7 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -echo -e "Create virtual envinronment for ansible" +echo -e "Create virtual environment for ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "Place ansible on path using symlinks" From d90227e066ff6c0d34c7fc96f9989ddefca6e8b3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 22:53:22 -0400 Subject: [PATCH 0893/1758] venv WIP: scripts/ansible & kalite/tasks/install.yml --- roles/kalite/tasks/install.yml | 2 +- scripts/ansible | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 6f359395d..5fb192475 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -15,7 +15,7 @@ name: - python2 - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - - virtualenv # For Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} + - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. diff --git a/scripts/ansible b/scripts/ansible index 0b88f97f1..d3dda04af 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -160,7 +160,7 @@ fi ###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' ###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) -#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" +#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" #echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" #$APT_PATH/apt update #$APT_PATH/apt -y install python3-pip @@ -183,7 +183,7 @@ fi # cache system-wide before installing: # https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 # https://github.com/iiab/iiab/pull/3022 -pip3 config --global set global.no-cache-dir false +#pip3 config --global set global.no-cache-dir false #if ! uname -m | grep -q 64; then # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" @@ -199,10 +199,10 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -echo -e "Create virtual environment for ansible" +echo -e "Create virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core -echo -e "Place ansible on path using symlinks" +echo -e "Create symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in $(ls ansible*); do ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin From e589bbce0f62d013553cae158cf73442a417de85 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 22:59:02 -0400 Subject: [PATCH 0894/1758] venv WIP: calibre-web/tasks/install.yml packages? --- roles/calibre-web/tasks/install.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 65a88168c..0b5e70c6d 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,6 +3,8 @@ name: - imagemagick - python3-venv + - python3-dev + - build-essential state: present - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails From cfb446479dd7183375c79efbddedef30c9ce7f46 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 17 Mar 2023 23:36:31 -0400 Subject: [PATCH 0895/1758] venv cleanups: lokole, calibre-web, pip stub for Admin Console --- roles/9-local-addons/tasks/main.yml | 5 +++++ roles/calibre-web/tasks/install.yml | 4 ++-- roles/lokole/tasks/install.yml | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index e8ab5d14b..0a2f800d5 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,6 +42,11 @@ name: pbx when: pbx_install +- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' -- SEE PR #3494 -- REMOVE THIS CODE LATER" + package: + name: python3-pip + state: present + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 0b5e70c6d..1bbb6623b 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,9 +1,9 @@ -- name: "Install packages: imagemagick, python3-venv" +- name: "Install packages: imagemagick, python3-venv, build-essential" package: name: - imagemagick - python3-venv - - python3-dev + #- python3-dev - build-essential state: present diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index a1ea1d357..82d8593ca 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,11 +2,11 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Install 14 packages for Lokole +- name: Install 13 packages for Lokole apt: name: #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact - - python3-pip + #- python3-pip - python3-venv - python3-dev - python3-bcrypt # 2019-10-14: Should work across modern Linux OS's From aad12eb928adf81f0f22d51551ad3e083a586d8a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 00:27:22 -0400 Subject: [PATCH 0896/1758] scripts/ansible: Cleaner on-screen output --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index d3dda04af..73fb028e1 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -199,10 +199,10 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -echo -e "Create virtual environment for Ansible" +echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core -echo -e "Create symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" +echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in $(ls ansible*); do ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin From 7db4dc546eee203484e8311ad5c9aa12dfd78025 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 12:25:02 -0400 Subject: [PATCH 0897/1758] Revert #3422 block of JupyterHub & Caliber-Web on 32-bit HW [should've blocked 32-bit OS's] --- roles/6-generic-apps/tasks/main.yml | 2 +- roles/9-local-addons/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 648991a4f..f43e878f3 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -29,7 +29,7 @@ - name: JUPYTERHUB include_role: name: jupyterhub - when: jupyterhub_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) + when: jupyterhub_install # UNMAINTAINED - name: LOKOLE diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 0a2f800d5..bf983a322 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -27,7 +27,7 @@ - name: CALIBRE-WEB include_role: name: calibre-web - when: calibreweb_install and ansible_machine is search("64") # 2022-11-10: Avoid installing on 32-bit, until RasPiOS fixes Rust (PR #3421) + when: calibreweb_install # KEEP NEAR THE VERY END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE From 9c28f88cb234a701ea11589582f9070710254b7a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 12:42:25 -0400 Subject: [PATCH 0898/1758] 9-local-addons: Install python3-pip 'when: admin_console_install' --- roles/9-local-addons/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index bf983a322..548fac45f 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -46,6 +46,7 @@ package: name: python3-pip state: present + when: admin_console_install - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: From 95d83000335e579f74de691d3e3b121f23308fb7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 19:57:17 -0400 Subject: [PATCH 0899/1758] 9-local-addons: Stub install python3-jinja2 for Admin Console --- roles/9-local-addons/tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 548fac45f..1b41b0dc7 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,9 +42,11 @@ name: pbx when: pbx_install -- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' -- SEE PR #3494 -- REMOVE THIS CODE LATER" +- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' SEE PR #3494 -- INSTALL python3-jinja2 FOR ADMIN CONSOLE 'js-menu : Post process the downloaded menu defs' SEE PR #3496 -- REMOVE THIS CODE LATER" package: - name: python3-pip + name: + - python3-pip + - python3-jinja2 state: present when: admin_console_install From ec855c2ff945f09aa51cc5ba955f2911f804cc5a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 20:14:03 -0400 Subject: [PATCH 0900/1758] Document "/usr/local/ansible/bin/pip3 show ansible-core" --- scripts/ansible | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ansible b/scripts/ansible index 73fb028e1..b077bdde7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -229,6 +229,7 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" +echo -e " /usr/local/ansible/bin/pip3 show ansible-core" echo -e " pip3 show ansible-core" echo -e ' apt -a list "ansible*"' echo -e " ansible-galaxy collection list\n" From cf07e3812137ad5ea1b365ed4ee13fbcf33fc60a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 18 Mar 2023 21:33:04 -0400 Subject: [PATCH 0901/1758] calibre-web/tasks/install.yml: apt pkg 'build-essential' context --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1bbb6623b..0bae3428c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -4,7 +4,7 @@ - imagemagick - python3-venv #- python3-dev - - build-essential + - build-essential # 2023-03-18: Needed (e.g. on Ubuntu 22.04) now that scripts/ansible no longer installs python3-pip state: present - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails From c195613cfeaff7f41e4f4db1027f9a8ca031f9b0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Mar 2023 09:34:27 -0400 Subject: [PATCH 0902/1758] Update pbx/README.adoc --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index babfde19c..f184df6f3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"].* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/wiki/IIAB-8.1-Release-Notes#known-issues[WARNING]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 06ea1ef2bd749bc64e3d8a46e49592571a0027e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Mar 2023 18:17:29 -0400 Subject: [PATCH 0903/1758] Tighten up 9-local-addons thx to iiab/iiab-admin-console#526 --- roles/9-local-addons/tasks/main.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 1b41b0dc7..f9ea8e20f 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,14 +42,6 @@ name: pbx when: pbx_install -- name: "INSTALL python3-pip FOR ADMIN CONSOLE 'cmdsrv : Download speedtest-cli' SEE PR #3494 -- INSTALL python3-jinja2 FOR ADMIN CONSOLE 'js-menu : Post process the downloaded menu defs' SEE PR #3496 -- REMOVE THIS CODE LATER" - package: - name: - - python3-pip - - python3-jinja2 - state: present - when: admin_console_install - - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" From abdb67d32a2628ffd7f25ff063b8f3d738fe9ee4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 19 Mar 2023 22:18:48 -0500 Subject: [PATCH 0904/1758] calibre-web - compiler and header files only when needed --- roles/calibre-web/tasks/install.yml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 0bae3428c..03356fa51 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,10 +3,17 @@ name: - imagemagick - python3-venv - #- python3-dev - - build-essential # 2023-03-18: Needed (e.g. on Ubuntu 22.04) now that scripts/ansible no longer installs python3-pip state: present +# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 +- name: "Install packages: python3-dev, gcc to compile 'netifaces'" + package: + name: + - python3-dev # header files + - gcc # compiler + state: present + when: python_version is version('3.10', '>=') + - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -44,7 +51,7 @@ # ignore_errors: True ## # Implementing this with Ansible command module for now. -- name: Download Calibre-Web dependencies (using pip) into python3 virtual environment {{ calibreweb_venv_path }} +- name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} pip: requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 @@ -95,6 +102,14 @@ backup: yes when: not appdb.stat.exists +# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 +#- name: "Uninstall packages: python3-dev, gcc used to compile 'netifaces'" +# package: +# name: +# - python3-dev # header files +# - gcc # compiler +# state: absent +# when: python_version is version('3.10', '>=') # RECORD Calibre-Web AS INSTALLED From 5bd483c28bc39cab1cfcb289f8fa1cbf4b5aac89 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Mar 2023 08:17:38 -0400 Subject: [PATCH 0905/1758] gitea/defaults/main.yml: 'gitea_version: 1.19' --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 938b87252..fff7e0b28 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.18 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. +gitea_version: 1.19 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. iset_suffixes: i386: 386 x86_64: amd64 From 7ae63f6a58064979af79304e5c54241b96412ca8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Mar 2023 10:23:46 -0400 Subject: [PATCH 0906/1758] calibre-web/tasks/install.yml: PR #3498 doc/readability --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 03356fa51..476a426be 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "Install packages: imagemagick, python3-venv, build-essential" +- name: "Install packages: imagemagick, python3-venv" package: name: - imagemagick @@ -111,6 +111,7 @@ # state: absent # when: python_version is version('3.10', '>=') + # RECORD Calibre-Web AS INSTALLED - name: "Set 'calibreweb_installed: True'" From 1b48a2666a38df779707832fda965ee15a13233b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 21 Mar 2023 10:57:19 -0400 Subject: [PATCH 0907/1758] nextcloud/tasks/install.yml: Clarify Nextcloud 26 prereqs (PHP 8.2 now works!) --- roles/nextcloud/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 8fc25cd08..0ce3cd5a3 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -41,7 +41,9 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. -# 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: +# 2023-03-21: Check the latest required AND recommended prereqs below. +# e.g. Nextcloud 26 now allows installation on PHP 8.2: +# https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/25/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation From a61e1b05905007c49626ad6258910da7bc9fc43c Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 20 Mar 2023 13:08:59 -0500 Subject: [PATCH 0908/1758] use --system-site-packages and install package to omit building 'netifaces' wheel --- roles/calibre-web/tasks/install.yml | 30 +++++++++++------------------ 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 476a426be..36c5da0c5 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,19 +1,19 @@ -- name: "Install packages: imagemagick, python3-venv" +- name: "Install packages: imagemagick, python3-venv, python3-netifaces" package: name: - imagemagick - python3-venv + - python3-netifaces state: present # https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 -- name: "Install packages: python3-dev, gcc to compile 'netifaces'" - package: - name: - - python3-dev # header files - - gcc # compiler - state: present - when: python_version is version('3.10', '>=') - +#- name: "Install packages: python3-dev, gcc to compile 'netifaces'" +# package: +# name: +# - python3-dev # header files +# - gcc # compiler +# state: present +# when: python_version is version('3.10', '>=') - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -56,7 +56,8 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv_site_packages: no - virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} + virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} --system-site-packages + # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 # source bin/activate @@ -102,15 +103,6 @@ backup: yes when: not appdb.stat.exists -# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 -#- name: "Uninstall packages: python3-dev, gcc used to compile 'netifaces'" -# package: -# name: -# - python3-dev # header files -# - gcc # compiler -# state: absent -# when: python_version is version('3.10', '>=') - # RECORD Calibre-Web AS INSTALLED From 7365b41680c7b1b7d8620019b3d5d1deb2c1e5bd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Mar 2023 08:40:29 -0400 Subject: [PATCH 0909/1758] scripts/ansible: Document new OS's PEP 668 guideline --- scripts/ansible | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index b077bdde7..2eb4cd11d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -199,6 +199,9 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv +# 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask +# that virtual environments (venv) be used to safely isolate pip installs: +# https://peps.python.org/pep-0668 echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core From 8fb14e2cf3c08aaf5e81498c66ee3bef09eae1f3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Mar 2023 16:54:30 -0400 Subject: [PATCH 0910/1758] 2-common/tasks/packages.yml: Fix {i2c-tools, python3-pip, python3-venv} docs for #3496 --- roles/2-common/tasks/packages.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 0b33dd637..b694a4194 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -12,7 +12,7 @@ #- exfat-utils # 41kB download: Ditto! See also 'ntfs-3g' below - gawk # 533kB download - htop # 109kB download: RasPiOS installs this regardless - - i2c-tools # 78kB download: RasPiOS installs this regardless -- Low-level bus/chip/register/EEPROM tools e.g. for RTC + - i2c-tools # 78kB download: Low-level bus/chip/register/EEPROM tools e.g. for RTC - logrotate # 67kB download: RasPiOS installs this regardless #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles @@ -22,8 +22,8 @@ #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics - #- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc - #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RasPiOS 10 did not. + #- python3-pip # 337kB download: 2023-03-22: Used to be installed by /opt/iiab/iiab/scripts/ansible -- which would auto-install 'python3-setuptools' and 'python3' etc + #- python3-venv # 1188kB download: 2023-03-22: Already installed by /opt/iiab/iiab/scripts/ansible -- used by roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 no longer auto-installs 'python3-venv' when you install 'python3' - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download From 96323fd1aa74767710389b1a863cadb1b84842b5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 23 Mar 2023 20:58:42 -0400 Subject: [PATCH 0911/1758] 2 vars kolibri/defaults -> default_vars; cleaner /etc/passwd homedir --- roles/kolibri/defaults/main.yml | 18 ++++++++++-------- roles/kolibri/tasks/install.yml | 1 + vars/default_vars.yml | 4 +++- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 43f412f79..53b2eaf60 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -3,11 +3,21 @@ # kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +# Kolibri folder to store its data and configuration files. +# kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri + +# kolibri_user: kolibri # Whereas a vanilla install of Kolibri auto-identifies +# and saves a 'desktop-like' user like {iiab-admin, pi} to /etc/kolibri/username +# (generally the user with lowest UID >= 1000) to allow access to USB devices: +# https://kolibri.readthedocs.io/en/latest/install.html#changing-the-owner-of-kolibri-system-service +# https://github.com/learningequality/kolibri-installer-debian/issues/115 + # kolibri_http_port: 8009 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! + # 2019-09-27: Pinning to a particular version is unfortunately NOT supported # with our new apt approach (.deb installer) at this time. # 2019-06-21: Uncomment this pinning line if you want a particular version of @@ -30,19 +40,11 @@ # Corresponding to: # https://launchpad.net/~learningequality/+archive/ubuntu/kolibri -# Kolibri folder to store its data and configuration files. -kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri - kolibri_url_without_slash: /kolibri kolibri_url: "{{ kolibri_url_without_slash }}/" # /kolibri/ kolibri_exec_path: /usr/bin/kolibri -kolibri_user: kolibri # Whereas a vanilla install of Kolibri auto-identifies -# and saves a 'desktop' user like {iiab-admin, pi} to /etc/kolibri/username, -# towards guaranteeing access to USB devices, per: -# https://kolibri.readthedocs.io/en/latest/install.html#changing-the-owner-of-kolibri-system-service - # To populate /library/kolibri with essential/minimum files and dirs. This # provisions Kolibri with facility name, admin acnt / password, preset type, # and language. You can set this to 'False' when reinstalling Kolibri: diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 676358473..d3f5958f7 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -14,6 +14,7 @@ shell: /bin/false system: yes create_home: no + home: "{{ kolibri_home }}" - name: Create directory {{ kolibri_home }} for Kolibri content, configuration, sqlite3 databases ({{ kolibri_user }}:{{ apache_user }}, by default 0755) file: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 274771ae1..f7b02b4b8 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -483,7 +483,9 @@ kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri +kolibri_user: kolibri # WARNING: https://github.com/learningequality/kolibri-installer-debian/issues/115 kolibri_http_port: 8009 # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From 2e5339fee922cc39547277e2020a4c2602a04107 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 23 Mar 2023 21:14:17 -0400 Subject: [PATCH 0912/1758] Fix doc link "Changing the owner of Kolibri system service" --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 53b2eaf60..d1529fb60 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -9,7 +9,7 @@ # kolibri_user: kolibri # Whereas a vanilla install of Kolibri auto-identifies # and saves a 'desktop-like' user like {iiab-admin, pi} to /etc/kolibri/username # (generally the user with lowest UID >= 1000) to allow access to USB devices: -# https://kolibri.readthedocs.io/en/latest/install.html#changing-the-owner-of-kolibri-system-service +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#changing-the-owner-of-kolibri-system-service # https://github.com/learningequality/kolibri-installer-debian/issues/115 # kolibri_http_port: 8009 From d8fdb75e7c95f605a09e6b7f8beb02eecb6a3084 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 24 Mar 2023 15:51:21 -0400 Subject: [PATCH 0913/1758] pbx/defaults/main.yml: Try asterisk-20-current.tar.gz --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 1ef7b8125..9d478d0d9 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -22,7 +22,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-19-current.tar.gz +asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From c44c20def3863d8dd2b38d7ec321738885bca64c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 24 Mar 2023 19:02:42 -0400 Subject: [PATCH 0914/1758] Doc updates for Asterisk 20 & remaining PHP 7.4 OS's --- roles/pbx/README.adoc | 2 +- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f184df6f3..ed2ef9819 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. *PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/wiki/IIAB-8.1-Release-Notes#known-issues[WARNING]).* diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f7b02b4b8..ec4c3f2d4 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -682,7 +682,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index f146713fc..474854821 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index bdf2b5bf0..73e01e154 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 1e662400a..42adebfea 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 61bc68071..ba081c3db 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From aa66c7e11f674abcf71215f6ede31822e022a92b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 24 Mar 2023 19:49:54 -0400 Subject: [PATCH 0915/1758] TEMPORARY PATCH: Installs older Nextcloud 25 on PHP 7.4 OS's --- roles/nextcloud/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0ce3cd5a3..ce23c1c4c 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -98,6 +98,11 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud +- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP <= 7.4 -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" + set_fact: + nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 + when: php_version is version('7.4', '<=') + - name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" From d2da3f97fad77100c675f1c386207169c0c9a3f0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 25 Mar 2023 07:28:29 -0400 Subject: [PATCH 0916/1758] pbx/README.adoc: Link to Asterisk Security Advisories --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index ed2ef9819..1edb85822 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -289,6 +289,8 @@ Please also check the "Known Issues" at the bottom of https://github.com/iiab/ii _If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ +. Please see Asterisk's Security Advisories: https://www.asterisk.org/downloads/security-advisories/ + . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + If not, the link:tasks/freepbx.yml#L175-L187[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` From 61a9427e7d9c9d579ef752a3279e5a68e3b5908c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Mar 2023 15:57:45 -0400 Subject: [PATCH 0917/1758] Clarify /library/kolibri owner recommendation --- roles/kolibri/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index d3f5958f7..a6b5e5b3d 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -158,6 +158,9 @@ become_user: "{{ kolibri_user }}" when: kolibri_provision +# 2023-03-25: Likely overkill (let's strongly consider removing this stanza?) +# Certainly, setting owner (recursively) is advised when moving /library/kolibri : +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#changing-the-owner-of-kolibri-system-service - name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? file: path: "{{ kolibri_home }}" # /library/kolibri From 031e85a62e7fb98fc2d329193896234b61c41a41 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 27 Mar 2023 14:18:50 -0400 Subject: [PATCH 0918/1758] Recommend ansible-core 2.14.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2eb4cd11d..7c5bbca8c 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.3] -GOOD_VER=2.14.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.4] +GOOD_VER=2.14.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 2a92ef46d0ee9ea28af61cdb658c73ee7bec2549 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 27 Mar 2023 17:38:12 -0400 Subject: [PATCH 0919/1758] kolibri/tasks/install.yml: Tighten up code & in-line docs --- roles/kolibri/tasks/install.yml | 196 ++++++++++++++++++-------------- 1 file changed, 113 insertions(+), 83 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index a6b5e5b3d..85b63478e 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -4,12 +4,31 @@ # https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/offline.yml # https://github.com/learningequality/pi-gen/blob/master/stage2/04-hostapd/online.yml +# Install Kolibri » Debian/Ubuntu +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html + +# Advanced management +# https://kolibri.readthedocs.io/en/latest/manage/advanced.html + +# Working with Kolibri from the command line +# https://kolibri.readthedocs.io/en/latest/manage/command_line.html + +# Customize Kolibri settings with the [ /library/kolibri/options.ini ] file +# https://kolibri.readthedocs.io/en/latest/manage/options_ini.html + +# Test Kolibri server performance +# https://kolibri.readthedocs.io/en/latest/manage/performance.html + +# Provisioning many servers +# https://kolibri.readthedocs.io/en/latest/install/provision.html + + - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" groups: - "{{ apache_user }}" - - disk + - disk # 2023-03-27: IS THIS REALLY NECESSARY? state: present shell: /bin/false system: yes @@ -39,83 +58,86 @@ dest: /etc/kolibri/daemon.conf -- name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html claims: +# "When you use the PPA installation method, upgrades to newer versions +# will be automatic, provided there is internet access available." +# +# IN REALITY: apt upgrading Kolibri is messy, as up-to-5 debconf screens prompt +# PPL WHO DON'T KNOW with the wrong default username, instead of 'kolibri' :/ +# https://github.com/learningequality/kolibri-installer-debian/pull/117 + +# 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 +- name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg + shell: | + gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 + +- name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 + +- name: Add signed Kolibri PPA 'focal' (if other/older OS's) + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" + when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) + #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) + +# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) +# apt_repository: +# repo: ppa:learningequality/kolibri +# when: is_ubuntu and not is_linuxmint + +# 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on +# Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) +# BUT equivalent Ansible command (STANZA ABOVE) failed with error... +# "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file." +# ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!) + +# 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks +# about the warning below, arising no matter if codename is 'focal' or 'jammy' +# with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version': +# +# /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release +# warnings.warn( + +# 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also +# want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg + +# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) +# apt_repository: +# repo: ppa:learningequality/kolibri +# codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? +# when: is_linuxmint_21 + +# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) +# apt_repository: +# repo: ppa:learningequality/kolibri +# codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) +# when: is_debian or is_linuxmint_20 + +- name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) + apt: + name: kolibri + when: kolibri_deb_url is undefined + # environment: + # KOLIBRI_HOME: "{{ kolibri_home }}" # 2023-03-27: These don't do a thing + # KOLIBRI_USER: "{{ kolibri_user }}" # for now. + +- name: apt install {{ kolibri_deb_url }} (if kolibri_deb_url IS defined) apt: deb: "{{ kolibri_deb_url }}" # e.g. https://learningequality.org/r/kolibri-deb-latest - environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but - KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later when: kolibri_deb_url is defined + # environment: + # KOLIBRI_HOME: "{{ kolibri_home }}" # 2023-03-27: These don't do a thing + # KOLIBRI_USER: "{{ kolibri_user }}" # for now. -- block: # ELSE... - - # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html says: - # "When you use the PPA installation method, upgrades to newer versions - # will be automatic, provided there is internet access available." - # - # IN REALITY: apt upgrading Kolibri is risky, as 3 pink/blue screens prompt - # PPL WHO DON'T KNOW TO TYPE IN things like Linux username 'kolibri' :/ #3356 - - # 2022-08-31: keyring /etc/apt/trusted.gpg DEPRECATED as detailed on #3343 - - name: Download Kolibri's apt key to /usr/share/keyrings/learningequality-kolibri.gpg - shell: | - gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 - gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 - - - name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 - - - name: Add signed Kolibri PPA 'focal' (if other/older OS's) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" - when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) - #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) - - # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) - # apt_repository: - # repo: ppa:learningequality/kolibri - # when: is_ubuntu and not is_linuxmint - - # 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on - # Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) - # BUT equivalent Ansible command (STANZA ABOVE) failed with error... - # "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file." - # ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!) - - # 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks - # about the warning below, arising no matter if codename is 'focal' or 'jammy' - # with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version': - # - # /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release - # warnings.warn( - - # 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also - # want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg - - # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) - # apt_repository: - # repo: ppa:learningequality/kolibri - # codename: jammy # CONSOLIDATE THIS SPECIAL CASE STANZA WITH UBUNTU ABOVE IN FUTURE? - # when: is_linuxmint_21 - - # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) - # apt_repository: - # repo: ppa:learningequality/kolibri - # codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) - # when: is_debian or is_linuxmint_20 - - - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri - apt: - name: kolibri - environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but - KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later - - when: kolibri_deb_url is undefined +- name: Run 'rm -rf /root/.kolibri' to remove "unavoidable" pollution created above + file: + state: absent + path: /root/.kolibri - name: 'Install from template: /etc/systemd/system/kolibri.service' template: @@ -124,8 +146,8 @@ - name: Stop 'kolibri' systemd service, for Kolibri provisioning (after daemon_reload) systemd: - name: kolibri daemon_reload: yes + name: kolibri state: stopped @@ -146,9 +168,13 @@ # become_user: "{{ kolibri_user }}" # when: kolibri_provision +# Run "kolibri manage help provisiondevice" to see CLI options, e.g.: +# --facility_settings FACILITY_SETTINGS +# JSON file containing facility settings +# --device_settings DEVICE_SETTINGS +# JSON file containing device settings - name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language' shell: > - export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" @@ -157,18 +183,22 @@ become: yes become_user: "{{ kolibri_user }}" when: kolibri_provision + environment: + KOLIBRI_HOME: "{{ kolibri_home }}" # 2023-03-27: Required! + #KOLIBRI_USER: "{{ kolibri_user }}" # 2023-03-27: Not nec due to /etc/kolibri/username ? + # 2023-03-25: Likely overkill (let's strongly consider removing this stanza?) # Certainly, setting owner (recursively) is advised when moving /library/kolibri : # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#changing-the-owner-of-kolibri-system-service -- name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? - file: - path: "{{ kolibri_home }}" # /library/kolibri - owner: "{{ kolibri_user }}" # kolibri - group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) - recurse: yes - when: kolibri_provision - +# 2023-03-27: Commented out on a provisional basis (Spring Cleaning) +# - name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? +# file: +# path: "{{ kolibri_home }}" # /library/kolibri +# owner: "{{ kolibri_user }}" # kolibri +# group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) +# recurse: yes +# when: kolibri_provision # 2019-10-07: Moved to roles/httpd/tasks/main.yml # 2019-09-29: roles/kiwix/tasks/kiwix_install.yml installs 4 Apache modules From 190ac34bd99014dad4762534fd4c7a4bc81ff542 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 28 Mar 2023 01:23:29 -0400 Subject: [PATCH 0920/1758] Mention group disk "Mostly equivalent to root access" --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 85b63478e..e27a66510 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -28,7 +28,7 @@ name: "{{ kolibri_user }}" groups: - "{{ apache_user }}" - - disk # 2023-03-27: IS THIS REALLY NECESSARY? + - disk # 2023-03-27: IS THIS REALLY NECESSARY? Unclear. "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups state: present shell: /bin/false system: yes From f878107fec98f6e5f009ed7282b288e64befa1f0 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:56:14 -0400 Subject: [PATCH 0921/1758] Toughen doc URLs with %3F (instead of .3F) --- roles/4-server-options/README.rst | 4 ++-- roles/cups/README.md | 2 +- roles/kolibri/README.rst | 2 +- roles/matomo/README.adoc | 2 +- roles/nextcloud/README.md | 2 +- roles/nodered/README.rst | 2 +- roles/osm-vector-maps/README.md | 4 ++-- roles/pbx/README.adoc | 8 ++++---- roles/pbx/README.rst.unused | 6 +++--- roles/phpmyadmin/README.md | 2 +- roles/remoteit/README.md | 4 ++-- roles/samba/README.rst | 2 +- roles/usb_lib/README.rst | 2 +- 13 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index 6355f85e7..11458d97e 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -2,7 +2,7 @@ 4-server-options README ======================= -Whereas 3-base-server installs critical packages needed by all, this 4th `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ +Whereas 3-base-server installs critical packages needed by all, this 4th `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ This includes more networking fundamentals, that may further be configured later on. @@ -11,7 +11,7 @@ Specifically, these might be installed: - Python libraries - SSH daemon - Bluetooth for Raspberry Pi -- Instant-sharing of `USB stick content <https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content.3F>`_ +- Instant-sharing of `USB stick content <https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content%3F>`_ - CUPS Printing - Samba for Windows filesystems - `www_options <https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml>`_ diff --git a/roles/cups/README.md b/roles/cups/README.md index 6cf926c88..cd727be5f 100644 --- a/roles/cups/README.md +++ b/roles/cups/README.md @@ -8,7 +8,7 @@ This can be useful if a printer is attached to your IIAB &mdash; so student/teac ## Using it -Make sure your IIAB was installed with these 2 lines in [/etc/iiab/local_vars.yml](http://faq.iiab.io/#What_is_local_vars.yml_and_how_do_I_customize_it.3F) : +Make sure your IIAB was installed with these 2 lines in [/etc/iiab/local_vars.yml](http://faq.iiab.io/#What_is_local_vars.yml_and_how_do_I_customize_it%3F) : ``` cups_install: True diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 803ad433e..ff3777519 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -24,7 +24,7 @@ Please look in `/opt/iiab/iiab/roles/kolibri/defaults/main.yml <defaults/main.ym Automatic Device Provisioning ----------------------------- -When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_) the installation will set up the following defaults:: +When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) the installation will set up the following defaults:: kolibri_facility: Kolibri-in-a-Box kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 7bef1f07e..88a558407 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -4,7 +4,7 @@ https://matomo.org/[Matomo] is a web analytics alternative to Google Analytics, == Install it -Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] +Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] One way to do that is by changing these 2 lines: diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 28aed5472..2e346a16f 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -14,7 +14,7 @@ The Nextcloud suite is divided into three main categories: ## Install It -(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F) prior to installing Internet-in-a-Box: +(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it%3F) prior to installing Internet-in-a-Box: nextcloud_install: True nextcloud_enabled: True diff --git a/roles/nodered/README.rst b/roles/nodered/README.rst index aa3dc3236..769905f7f 100644 --- a/roles/nodered/README.rst +++ b/roles/nodered/README.rst @@ -9,7 +9,7 @@ Node-RED is a flow-based development tool for visual programming developed origi Using It -------- -Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ contains:: +Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ contains:: nodered_install: True nodered_enabled: True diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index b87a11dd1..030c411b8 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -18,8 +18,8 @@ 3. Multiple Hi-Res Satellite Photo Regions can be downloaded/installed (one "square" region at a time, thankfully duplicate disk space is avoided when such "squares" overlap!) 4. Some variables have newer meanings: - 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) means install the map program and 7 basic levels of zoom (48MB for OSM + 25 MB for satellite photos). - 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) is once again standardized, solving #2484 install delays. + 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) means install the map program and 7 basic levels of zoom (48MB for OSM + 25 MB for satellite photos). + 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) is once again standardized, solving #2484 install delays. 3. `osm_vector_maps_installed` in `/etc/iiab/iiab_state.yml` means a functioning world map with 7 levels of zoom (z0-z6) has been installed — i.e. a preview of IIAB's mapping system that helps you select Maps Pack(s) and Hi-Res Satellite Photo Region(s) to download and install on your IIAB. (SEE 1. ABOVE) 5. **Drag-and-Drop Map Overlays** — try this by dragging and dropping any relevant GeoJSON file onto the IIAB Maps (http://box/maps) in your browser! For example try this GeoJSON file, to explore the shape of gerrymandered US Congressional districts: https://eric.clst.org/assets/wiki/uploads/Stuff/gz_2010_us_500_11_20m.json diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 1edb85822..360dc3499 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -34,7 +34,7 @@ https://en.wikipedia.org/wiki/FreePBX[FreePBX] is a web-based open source GUI (g Edit /etc/iiab/local_vars.yml to customize your Internet-in-a-Box? [Y/n] ---- + -Accept the challenge! Make sure your IIAB configuration file (https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]) contains: +Accept the challenge! Make sure your IIAB configuration file (https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml]) contains: + ---- pbx_install: True @@ -43,7 +43,7 @@ pbx_enabled: True + FreePBX can be used with either or both web servers, NGINX on port 80 (as is new) and/or Apache on port 83 (as is traditional). + -If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB: +If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] prior to installing IIAB: + ---- pbx_use_apache: False @@ -307,9 +307,9 @@ Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on //// == Raspberry Pi Known Issues -As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. +As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. -It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support.3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] +It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] //// diff --git a/roles/pbx/README.rst.unused b/roles/pbx/README.rst.unused index 19371b11e..867b7e876 100644 --- a/roles/pbx/README.rst.unused +++ b/roles/pbx/README.rst.unused @@ -33,7 +33,7 @@ FreePBX is a web-based open source GUI (graphical user interface) that controls Using It -------- -Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ contains:: +Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ contains:: pbx_install: True pbx_enabled: True @@ -159,9 +159,9 @@ Some useful asterisk commands and information Raspberry Pi Known Issues ------------------------- -|ss| As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a `BIG-sized <http://wiki.laptop.org/go/IIAB/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F>`_ install of IIAB 6.7 on RPi 3 or RPi 3 B+. +|ss| As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a `BIG-sized <http://wiki.laptop.org/go/IIAB/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F>`_ install of IIAB 6.7 on RPi 3 or RPi 3 B+. -It is possible that FreePBX restarts much more reliably when run on a MIN-sized install of IIAB? Please `contact us <http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support.3F>`_ if you can assist here in any way: `#1493 <https://github.com/iiab/iiab/issues/1493>`_ |se| +It is possible that FreePBX restarts much more reliably when run on a MIN-sized install of IIAB? Please `contact us <http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support%3F>`_ if you can assist here in any way: `#1493 <https://github.com/iiab/iiab/issues/1493>`_ |se| Raspberry Pi Zero W Warning --------------------------- diff --git a/roles/phpmyadmin/README.md b/roles/phpmyadmin/README.md index a742f8c9d..379812957 100644 --- a/roles/phpmyadmin/README.md +++ b/roles/phpmyadmin/README.md @@ -8,7 +8,7 @@ 2. phpMyAdmin, because it is a browser-based HTML PHP application, is limited in what it can do, and what it can access — until the "root" user creates users and access privileges, as mentioned above. (HTML servers always run with very low privileges) #### Installing phpMyAdmin -1. First, a user will need to set `phpmyadmin_install: True` and `phpmyadmin_enabled: True` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) +1. First, a user will need to set `phpmyadmin_install: True` and `phpmyadmin_enabled: True` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) 2. Then install IIAB. Or if IIAB is already installed, run: ``` cd /opt/iiab/iiab diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 5a7cf8bbb..8a58110fb 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -43,7 +43,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 2. If your IIAB software is already installed, run `sudo iiab-remoteit` then skip to Step 5. below. -3. If your IIAB software isn't yet installed, set `remoteit_install` and `remoteit_enabled` to `True` in its [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) +3. If your IIAB software isn't yet installed, set `remoteit_install` and `remoteit_enabled` to `True` in its [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) Install [IIAB software](https://download.iiab.io/) e.g. by running `sudo iiab` then follow any on-screen instructions &mdash; until "INTERNET-IN-A-BOX (IIAB) SOFTWARE INSTALL IS COMPLETE" eventually appears on screen. --> @@ -98,7 +98,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 1. Copy your remote.it account _license key_ from their Desktop Application (https://remote.it/download/) or from their Web Portal (https://remote.it) &mdash; as shown in this [screenshot](https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account#3.-user-receives-the-device-and-registers-his-account). - Paste it into your IIAB's [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) as in this example: + Paste it into your IIAB's [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) as in this example: ``` remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 diff --git a/roles/samba/README.rst b/roles/samba/README.rst index ff9296f4c..197448760 100644 --- a/roles/samba/README.rst +++ b/roles/samba/README.rst @@ -3,7 +3,7 @@ Samba README Do you want your Internet-in-a-Box (IIAB) to act as a file server for your classroom or school? -If `Samba <https://www.samba.org/samba/docs/>`_ is installed and enabled as part of your IIAB's `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_, your IIAB server can advertise a shared "public" folder, available to Windows PC's and laptops on your network. +If `Samba <https://www.samba.org/samba/docs/>`_ is installed and enabled as part of your IIAB's `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_, your IIAB server can advertise a shared "public" folder, available to Windows PC's and laptops on your network. Default Permissions ------------------- diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 439fa9c86..c27dc0e53 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L76>`_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/releases>`_ documentation: From b7ca3dcc2b46a2fca8003e951a36bc81c584a788 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 28 Mar 2023 16:22:20 -0400 Subject: [PATCH 0922/1758] New Sugarizer 1.7.0 --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 264dbfba0..925e087b6 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -9,8 +9,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -sugarizer_dir_version: sugarizer-1.6.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0 -sugarizer_git_version: v1.6.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0 +sugarizer_dir_version: sugarizer-1.7.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0 +sugarizer_git_version: v1.7.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 From 0f9c6f29f31405822fb22d4be9924eea479d52dd Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 29 Mar 2023 16:19:27 -0400 Subject: [PATCH 0923/1758] Remove KOLIBRI_USER (kolibri) secondary group 'disk' --- roles/kolibri/tasks/install.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index e27a66510..df74817e4 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -26,9 +26,8 @@ - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" - groups: - - "{{ apache_user }}" - - disk # 2023-03-27: IS THIS REALLY NECESSARY? Unclear. "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups + groups: "{{ apache_user }}" # 2023-03-29: Not really necessary (Kolibri is demonstrated to work without group 'www-data'). But it likely doesn't hurt. + #- disk # 2023-03-29: Tested to be unnec with USB sticks (with 64-bit RasPiOS). FWIW group 'disk' is "Mostly equivalent to root access" according to https://wiki.debian.org/SystemGroups state: present shell: /bin/false system: yes From 85a8dd5c8fe2b2c5ea5e9346b006ba3cd3bec3da Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Mar 2023 16:59:06 -0400 Subject: [PATCH 0924/1758] mediawiki/defaults/main.yml: Version 1.39.3 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 8043db2fc..16943b39a 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 2 +mediawiki_minor_version: 3 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From faa4145d657593a69bae1c45480b7b6e2f1f90e8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Mar 2023 17:53:29 -0500 Subject: [PATCH 0925/1758] mongodb - lockout RasPiOS-32bit --- roles/mongodb/tasks/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 748493c68..4403bed93 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -34,19 +34,19 @@ var: is_debian - debug: var: is_raspbian - -# # might be able to lift this once we know using bionic would work -# - name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64 -# fail: # FORCE IT RED THIS ONCE! -# msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) -# when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian -# ignore_errors: yes - -# ELSE... - +- debug: + var: dpkg_arch +- debug: + var: mongodb_version - block: + - name: EXIT 'mongodb' ROLE & CONTINUE, when 32bit RasPiOS is in use or 'unsupported' + fail: # FORCE IT RED THIS ONCE! + msg: ATTEMPTED MongoDB INSTALLATION WITH 32bit RasPiOS, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) + when: (mongodb_version == "unsupported") or (dpkg_arch == "armhf") + +# ELSE... - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: mongodb_installed is undefined From dcad86f6d17d86f88b92a80f5a7ffea3373546c4 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 09:39:53 -0400 Subject: [PATCH 0926/1758] Block install of MongoDB on 32-bit RasPiOS --- roles/mongodb/tasks/install.yml | 552 ++++++++++++++++---------------- roles/mongodb/tasks/main.yml | 15 +- test.yml | 10 + 3 files changed, 295 insertions(+), 282 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 8286c6aa3..eb5d8b345 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -16,66 +16,66 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) -- debug: - msg: '9-STANZA BLOCK BELOW, RUNS *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") -- WILL LIKELY BE REMOVED SOON IN 2023, as MongoDB 3.0.1 is insufficient for Sugarizer Server 1.5.0''s new MongoDB 3.2+ REQUIREMENT: https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170' +# - debug: +# msg: '9-STANZA BLOCK BELOW, RUNS *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") -- WILL LIKELY BE REMOVED SOON IN 2023, as MongoDB 3.0.1 is insufficient for Sugarizer Server 1.5.0''s new MongoDB 3.2+ REQUIREMENT: https://github.com/iiab/iiab/pull/3478#issuecomment-1444395170' -- block: - - name: Create dir /tmp/mongodb-3.0.1x (aarch32) - file: - path: /tmp/mongodb-3.0.1x - state: directory +# - block: +# - name: Create dir /tmp/mongodb-3.0.1x (aarch32) +# file: +# path: /tmp/mongodb-3.0.1x +# state: directory - - name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) - unarchive: - remote_src: yes - src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages - dest: /tmp/mongodb-3.0.1x +# - name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) +# unarchive: +# remote_src: yes +# src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages +# dest: /tmp/mongodb-3.0.1x - - name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32) - shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin +# - name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32) +# shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin - - name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) - unarchive: - remote_src: yes - src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" - dest: /tmp/mongodb-3.0.1x +# - name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) +# unarchive: +# remote_src: yes +# src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" +# dest: /tmp/mongodb-3.0.1x - - name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (aarch32) - shell: mv /tmp/mongodb-3.0.1x/tools/* /usr/bin +# - name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (aarch32) +# shell: mv /tmp/mongodb-3.0.1x/tools/* /usr/bin - - name: Create Linux group mongodb (aarch32) - group: - name: mongodb - state: present +# - name: Create Linux group mongodb (aarch32) +# group: +# name: mongodb +# state: present - - name: Create Linux user mongodb (aarch32) - user: - name: mongodb - group: mongodb # primary group - groups: mongodb - home: /var/lib/mongodb - shell: /usr/sbin/nologin +# - name: Create Linux user mongodb (aarch32) +# user: +# name: mongodb +# group: mongodb # primary group +# groups: mongodb +# home: /var/lib/mongodb +# shell: /usr/sbin/nologin - - name: Install {{ mongodb_conf }} from template (aarch32) - template: - src: mongod.conf.j2 - dest: "{{ mongodb_conf }}" # /etc/mongod.conf +# - name: Install {{ mongodb_conf }} from template (aarch32) +# template: +# src: mongod.conf.j2 +# dest: "{{ mongodb_conf }}" # /etc/mongod.conf - - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)' - file: - state: directory - path: "{{ item }}" - owner: mongodb - group: mongodb - with_items: - - /var/lib/mongodb - - /var/log/mongodb +# - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)' +# file: +# state: directory +# path: "{{ item }}" +# owner: mongodb +# group: mongodb +# with_items: +# - /var/lib/mongodb +# - /var/log/mongodb - # end block - when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) +# # end block +# when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) -- debug: - msg: 9-STANZA BLOCK ABOVE, RAN *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") +# - debug: +# msg: 9-STANZA BLOCK ABOVE, RAN *IF* 32-BIT -- i.e. not (ansible_architecture == "aarch64" or ansible_architecture == "x86_64") # 32-bit OS's [WERE] handled above: this should handle aarch32 including 32-bit # Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and @@ -84,248 +84,248 @@ # installers for a while now.) 64-bit OS's proceed below. +# - debug: +# msg: 16-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + +# - block: +- name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg + #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | apt-key add - + #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_version }}.asc | apt-key add - + #args: + # warn: no + # Ansible 2.14 ERROR: + # "Unsupported parameters for (ansible.legacy.command) module: warn. + # Supported parameters include: removes, strip_empty_ends, _raw_params, + # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." + +# 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their +# MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, +# LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. +# -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? +- name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if x86_64 Debian < 12 + apt_repository: + # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ + # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye + # 11 and Bookworm 12 (testing branch) revert to buster for now: + # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as + # this was recently added to https://repo.mongodb.org/apt/debian/dists/ + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main + #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main + #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main + #filename: mongodb-org + when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" + +- name: Install mongodb-org's Ubuntu jammy source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if other x86_64 OS + apt_repository: + repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_version }} multiverse + when: not (is_debian and os_ver is version('debian-12', '<')) and ansible_architecture == "x86_64" + +# 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on +# MongoDB 6.0.3 (released 2022-11-15) instructions here: +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 +# WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 +# IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR +# MongoDB 5.0, tested 2022-06-07 ~116 lines below). Though MongoDB 6.0.3+ on +# 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: +# https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ +# So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) +- name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=arm64 ] for MongoDB version {{ mongodb_version }} + apt_repository: + repo: deb [ arch=arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse + #filename: mongodb-org + when: not ansible_architecture == "x86_64" + #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') + #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') + #when: not (is_debian and ansible_architecture == "x86_64") + + +# 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; +# as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS +# BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix +# may be backported to 6.0, according to 2022-09-29 "official" gossip here...) +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 +# https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 +# echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list +# sudo apt-get update +# sudo apt-get install libssl1.1 +# rm /etc/apt/sources.list.d/focal-security.list + +# 2023-02-25: RETROFITTING libssl1.1 STILL NEC on Ubuntu 22.04+ and Debian 12+ +# *IF* MongoDB < 6.0 (e.g. RPi, where MongoDB 6.0 is a complete non-starter!) +# +# Whereas libssl1.1 is thankfully NO LONGER NEC on x86_64, where MongoDB can +# finally use libssl3 instead, since 2022-11-15: +# https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 + - debug: - msg: 16-STANZA BLOCK BELOW, RUNS *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + msg: 5-STANZA BLOCK FOLLOWS, TO FORCE INSTALL libssl1.1 -- runs *IF* mandated mongodb_version ({{ mongodb_version }}) < 6.0 (i.e. for aarch64/arm64) on Ubuntu 22.04+ or Debian 12+ -- whereas Linux Mint should never need libssl1.1 - block: - - name: Add mongodb.org signing key (only 64-bit available) for MongoDB version {{ mongodb_version }} - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | gpg --dearmor > /usr/share/keyrings/mongodb.gpg - #shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc | apt-key add - - #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_version }}.asc | apt-key add - - #args: - # warn: no - # Ansible 2.14 ERROR: - # "Unsupported parameters for (ansible.legacy.command) module: warn. - # Supported parameters include: removes, strip_empty_ends, _raw_params, - # _uses_shell, stdin_add_newline, creates, chdir, executable, argv, stdin." - # 2023-01-19: MongoDB only offers x86_64 for Debian, AND IN ANY CASE all their - # MongoDB 6.0's are ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4, - # LIKE THEIR MongoDB 5.0 tested 2022-06-07 ~137 lines below. Tested on Deb 11. - # -> DELETE THIS STANZA AFTER DEBIAN 12 IS SOLID -- USING UBUNTU REPO BELOW ? - - name: Install mongodb-org's Debian bullseye source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if x86_64 Debian < 12 + - name: Install OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu apt_repository: - # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ - # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye - # 11 and Bookworm 12 (testing branch) revert to buster for now: - # 2022-09-27: Changed from 'buster' to 'bullseye' (i.e. Debian 11) as - # this was recently added to https://repo.mongodb.org/apt/debian/dists/ - repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main - #repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main - #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main - #filename: mongodb-org - when: is_debian and os_ver is version('debian-12', '<') and ansible_architecture == "x86_64" + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + when: is_ubuntu - - name: Install mongodb-org's Ubuntu jammy source/repo [ arch=amd64 ] for MongoDB version {{ mongodb_version }}, if other x86_64 OS + - name: Install OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian apt_repository: - repo: deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/{{ mongodb_version }} multiverse - when: not (is_debian and os_ver is version('debian-12', '<')) and ansible_architecture == "x86_64" + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + when: is_debian - # 2023-01-19: Tested on x86_64 VM's with Ubuntu 22.04 & Debian 12. Based on - # MongoDB 6.0.3 (released 2022-11-15) instructions here: - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - # WHEREAS 64-bit Raspberry Pi is likely NOT supported for now, as MongoDB 6.0 - # IS ONLY COMPILED FOR ARM v8.2-A i.e. FAIL ON ARM v8-A RPi 4 (JUST LIKE THEIR - # MongoDB 5.0, tested 2022-06-07 ~116 lines below). Though MongoDB 6.0.3+ on - # 64-bit Ubuntu on Raspberry Pi hardware (MIGHT) hypothetically be possible: - # https://www.mongodb.com/developer/products/mongodb/mongodb-on-raspberry-pi/ - # So IIAB overlays MongoDB 5.0.5 64-bit RPi binaries for now (~141 LINES BELOW!) - - name: Otherwise, install mongodb-org's Ubuntu focal source/repo [ arch=arm64 ] for MongoDB version {{ mongodb_version }} - apt_repository: - repo: deb [ arch=arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse - #repo: deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse - #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_version }} multiverse - #filename: mongodb-org - when: not ansible_architecture == "x86_64" - #when: is_ubuntu or is_debian and os_ver is version('debian-12', '>=') - #when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint and os_ver is version('linuxmint-12', '>=') or is_debian and os_ver is version('debian-12', '>=') - #when: not (is_debian and ansible_architecture == "x86_64") - - - # 2022-10-23: Force-install MongoDB on Ubuntu 22.04+, Mint 21 & Debian 12; - # as each includes libssl3 not libssl1.1 (#3190). LATER REMOVE ALL 7 STANZAS - # BELOW, IF/WHEN MongoDB ONE DAY FINALLY SUPPORTS libssl3 ? (MongoDB 6.2 fix - # may be backported to 6.0, according to 2022-09-29 "official" gossip here...) - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/58 - # https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 - # echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list - # sudo apt-get update - # sudo apt-get install libssl1.1 - # rm /etc/apt/sources.list.d/focal-security.list - - # 2023-02-25: RETROFITTING libssl1.1 STILL NEC on Ubuntu 22.04+ and Debian 12+ - # *IF* MongoDB < 6.0 (e.g. RPi, where MongoDB 6.0 is a complete non-starter!) - # - # Whereas libssl1.1 is thankfully NO LONGER NEC on x86_64, where MongoDB can - # finally use libssl3 instead, since 2022-11-15: - # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931/90 - - - debug: - msg: 5-STANZA BLOCK FOLLOWS, TO FORCE INSTALL libssl1.1 -- runs *IF* mandated mongodb_version ({{ mongodb_version }}) < 6.0 (i.e. for aarch64/arm64) on Ubuntu 22.04+ or Debian 12+ -- whereas Linux Mint should never need libssl1.1 - - - block: - - - name: Install OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - when: is_ubuntu - - - name: Install OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - when: is_debian - - - name: Force install libssl1.1 - package: - name: libssl1.1 - state: present - - - name: Remove OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian - apt_repository: - repo: deb http://security.debian.org/debian-security bullseye-security main - #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - state: absent - when: is_debian - - - name: Remove OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu - apt_repository: - repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - state: absent - when: is_ubuntu - - when: mongodb_version is version('6.0', '<') and (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_debian_12 and os_ver is version('debian-12', '>=')) - - - debug: - msg: 5-STANZA BLOCK ABOVE, RAN *IF* FORCED INSTALL OF libssl1.1 WAS NEEDED - - # - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - # apt_repository: - # repo: deb http://security.ubuntu.com/ubuntu focal-security main - # #filename: focal-security # If filename focal-security.list is preferred - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 - - # - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - # apt_repository: - # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - - # - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - # apt_repository: - # repo: deb http://security.debian.org/debian-security bullseye-security main - # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - # when: is_debian_12 - - # - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) - # package: - # name: libssl1.1 - # state: present - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - - # - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 - # apt_repository: - # repo: deb http://security.debian.org/debian-security bullseye-security main - # #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent - # state: absent - # when: is_debian_12 - - # - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 - # apt_repository: - # repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main - # state: absent - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" - - # - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 - # apt_repository: - # repo: deb http://security.ubuntu.com/ubuntu focal-security main - # state: absent - # #filename: focal-security # 100% IGNORED during repo deletion - # when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 - - - # # Debian 10 aarch64 might work below but is blocked in main.yml - # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 - # apt_repository: - # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # filename: mongodb-org - # when: is_raspbian and ansible_architecture == "aarch64" - - # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only - # apt_repository: - # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # filename: mongodb-org - # when: is_linuxmint - - # - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only - # apt_repository: - # # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only - # # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} - # # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: - # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse - # filename: mongodb-org - # when: is_ubuntu and not is_linuxmint - - - - name: "Install packages: mongodb-org, mongodb-org-server" + - name: Force install libssl1.1 package: - name: - - mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?) - - mongodb-org-server + name: libssl1.1 state: present - - name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand - lineinfile: - path: "{{ mongodb_conf }}" # /etc/mongod.conf - regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 - line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb + - name: Remove OLD source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian + apt_repository: + repo: deb http://security.debian.org/debian-security bullseye-security main + #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent + state: absent + when: is_debian - # GRATUITOUS (port 27017 is already the default) - - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand - lineinfile: - path: "{{ mongodb_conf }}" - regexp: '^\s*port:' - line: " port: {{ mongodb_port }}" # 27017 + - name: Remove OLD source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if Ubuntu + apt_repository: + repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main + state: absent + when: is_ubuntu - - # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... - # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 - # ...as ARM v8-A < ARM v8.2-A ...also reveals: - # - # (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. - # For AMD x86_64, MongoDB 5.x requires Bulldozer or later. - # Roughly speaking, this means post-2011 CPUs with AVX instructions: - # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 - # (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from - # /var/lib/mongodb to /library/dbdata/mongodb - # (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID - # file (it may be zero bytes, but never goes away) as confirmed with - # MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now - # 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock - # (4) mongodb.service needed a more graceful way to shut down than - # 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). - # (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12 - # lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: - # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz - # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ - - - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future - command: apt-mark hold mongodb-org mongodb-org-server - when: rpi_model != "none" and mongodb_version is version('5.0', '>=') - - - name: If hardware is Raspberry Pi and mongodb_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin - unarchive: - remote_src: yes - src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" - dest: /usr/bin - when: rpi_model != "none" and mongodb_version is version('5.0', '>=') - - # end block - when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + when: mongodb_version is version('6.0', '<') and (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_debian and os_ver is version('debian-12', '>=')) - debug: - msg: 16-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) + msg: 5-STANZA BLOCK ABOVE, RAN *IF* FORCED INSTALL OF libssl1.1 WAS NEEDED + +# - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 +# apt_repository: +# repo: deb http://security.ubuntu.com/ubuntu focal-security main +# #filename: focal-security # If filename focal-security.list is preferred +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + +# - name: Install source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 +# apt_repository: +# repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + +# - name: Install source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 +# apt_repository: +# repo: deb http://security.debian.org/debian-security bullseye-security main +# #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent +# when: is_debian_12 + +# - name: Install libssl1.1 if Ubuntu 22.04+ or Mint 21 or Debian 12 (required by MongoDB below) +# package: +# name: libssl1.1 +# state: present +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 + +# - name: Remove source/repo "deb http://security.debian.org/debian-security bullseye-security main" at /etc/apt/sources.list.d/security_debian_org_debian_security.list if Debian 12 +# apt_repository: +# repo: deb http://security.debian.org/debian-security bullseye-security main +# #repo: deb https://deb.debian.org/debian-security bullseye-security main # New way, likely equivalent +# state: absent +# when: is_debian_12 + +# - name: Remove source/repo "deb http://ports.ubuntu.com/ubuntu-ports focal-security main" at /etc/apt/sources.list.d/ports_ubuntu_com_ubuntu_ports.list if ubuntu 22.04+ aarch64 +# apt_repository: +# repo: deb http://ports.ubuntu.com/ubuntu-ports focal-security main +# state: absent +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "aarch64" + +# - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ x86_64 or Mint 21 +# apt_repository: +# repo: deb http://security.ubuntu.com/ubuntu focal-security main +# state: absent +# #filename: focal-security # 100% IGNORED during repo deletion +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') and ansible_architecture == "x86_64" or is_linuxmint_21 + + +# # Debian 10 aarch64 might work below but is blocked in main.yml +# - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 +# apt_repository: +# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse +# filename: mongodb-org +# when: is_raspbian and ansible_architecture == "aarch64" + +# - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only +# apt_repository: +# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse +# filename: mongodb-org +# when: is_linuxmint + +# - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only +# apt_repository: +# # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only +# # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} +# # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: +# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse +# #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse +# filename: mongodb-org +# when: is_ubuntu and not is_linuxmint + + +- name: "Install packages: mongodb-org, mongodb-org-server" + package: + name: + - mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?) + - mongodb-org-server + state: present + +- name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + lineinfile: + path: "{{ mongodb_conf }}" # /etc/mongod.conf + regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 + line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb + +# GRATUITOUS (port 27017 is already the default) +- name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + lineinfile: + path: "{{ mongodb_conf }}" + regexp: '^\s*port:' + line: " port: {{ mongodb_port }}" # 27017 + + +# 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... +# https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 +# ...as ARM v8-A < ARM v8.2-A ...also reveals: +# +# (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. +# For AMD x86_64, MongoDB 5.x requires Bulldozer or later. +# Roughly speaking, this means post-2011 CPUs with AVX instructions: +# https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 +# (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from +# /var/lib/mongodb to /library/dbdata/mongodb +# (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID +# file (it may be zero bytes, but never goes away) as confirmed with +# MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now +# 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock +# (4) mongodb.service needed a more graceful way to shut down than +# 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). +# (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12 +# lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: +# https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz +# https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ + +- name: If hardware is Raspberry Pi and mongodb_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + command: apt-mark hold mongodb-org mongodb-org-server + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') + +- name: If hardware is Raspberry Pi and mongodb_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + unarchive: + remote_src: yes + src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" + dest: /usr/bin + when: rpi_model != "none" and mongodb_version is version('5.0', '>=') + +# # end block +# when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" + +# - debug: +# msg: 16-STANZA BLOCK ABOVE, RAN *IF* 64-BIT -- i.e. ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # ansible_machine is a bit safer than ansible_architecture (see kiwix/defaults/main.yml) # 2. CONFIGURE MongoDB FOR IIAB diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 4403bed93..c755780d3 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -34,19 +34,22 @@ var: is_debian - debug: var: is_raspbian -- debug: - var: dpkg_arch - debug: var: mongodb_version +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) + command: dpkg --print-architecture + register: dpkg_arch +- debug: + msg: "'dpkg --print-architecture' output: {{ dpkg_arch.stdout }}" + - block: - - name: EXIT 'mongodb' ROLE & CONTINUE, when 32bit RasPiOS is in use or 'unsupported' + - name: EXIT 'mongodb' ROLE, if 'dpkg --print-architecture' shows "armhf" or mongodb_version == "unsupported" or ansible_machine not found fail: # FORCE IT RED THIS ONCE! - msg: ATTEMPTED MongoDB INSTALLATION WITH 32bit RasPiOS, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) - when: (mongodb_version == "unsupported") or (dpkg_arch == "armhf") + msg: MongoDB 3.2+ (as needed by Sugarizer Server 1.5.0) is NO LONGER SUPPORTED on 32-bit Raspberry Pi OS. + when: dpkg_arch.stdout == "armhf" or mongodb_version == "unsupported" or mongodb_version == "unknown" -# ELSE... - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: mongodb_installed is undefined diff --git a/test.yml b/test.yml index ab0aeac9c..bfda3f92a 100644 --- a/test.yml +++ b/test.yml @@ -91,5 +91,15 @@ - debug: var: ansible_machine + - command: dpkg --print-architecture + register: cmd + - debug: + msg: "'dpkg --print-architecture' output: {{ cmd.stdout }}" + + - command: dpkg --print-foreign-architectures + register: cmd + - debug: + msg: "'dpkg --print-foreign-architectures' output: {{ cmd.stdout }}" + # TEST ANSIBLE COMMANDS/MODULES HERE! From cc504e34161f954331f499082ec6f5950dfc7e27 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Mar 2023 17:52:17 -0500 Subject: [PATCH 0927/1758] record dpkg --print-architecture --- roles/0-init/tasks/create_iiab_ini.yml | 2 ++ roles/0-init/tasks/main.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 239ce570d..b4cc742ec 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -43,3 +43,5 @@ value: "{{ rpi_model }}" - option: devicetree_model value: "{{ devicetree_model }}" + - option: dpkg_arch + value: "{{ dpkg_arch }}" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 4c02c6ca5..d4283dcf7 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -15,6 +15,7 @@ os_ver: "{{ ansible_local.local_facts.os_ver }}" python_version: "{{ ansible_local.local_facts.python_version }}" php_version: "{{ ansible_local.local_facts.php_version }}" + dpkg_arch: "{{ ansible_local.local_facts.dpkg_arch }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. From 4eca25a1f7907fd10dc5196e07ea2d325ef9658b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 31 Mar 2023 15:55:27 -0500 Subject: [PATCH 0928/1758] drop local_facts --- roles/0-init/tasks/create_iiab_ini.yml | 6 +++++- roles/0-init/tasks/main.yml | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index b4cc742ec..5e5920545 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -4,6 +4,10 @@ path: "{{ iiab_ini_file }}" state: touch +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) + command: dpkg --print-architecture + register: dpkg_arch + - name: Add 'location' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" @@ -44,4 +48,4 @@ - option: devicetree_model value: "{{ devicetree_model }}" - option: dpkg_arch - value: "{{ dpkg_arch }}" + value: "{{ dpkg_arch.stdout }}" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index d4283dcf7..4c02c6ca5 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -15,7 +15,6 @@ os_ver: "{{ ansible_local.local_facts.os_ver }}" python_version: "{{ ansible_local.local_facts.python_version }}" php_version: "{{ ansible_local.local_facts.php_version }}" - dpkg_arch: "{{ ansible_local.local_facts.dpkg_arch }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. From 902e377c6810aef43bf0c5128a1a5e6292780efa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 22:57:36 -0400 Subject: [PATCH 0929/1758] create_iiab_ini.yml: dpkg_foreign_arch, clarifs, typos --- roles/0-init/tasks/create_iiab_ini.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 5e5920545..e9b07e9a3 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -4,14 +4,18 @@ path: "{{ iiab_ini_file }}" state: touch -- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) command: dpkg --print-architecture register: dpkg_arch +- name: Run command 'dpkg --print-foreign-architectures' (secondary OS arch, if available) + command: dpkg --print-foreign-architectures + register: dpkg_foreign_arch + - name: Add 'location' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: location + section: initial-location option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: @@ -23,7 +27,7 @@ - name: Add 'version' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: version + section: initial-version option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: @@ -31,6 +35,10 @@ value: "{{ ansible_distribution }}" - option: arch value: "{{ ansible_architecture }}" + - option: dpkg_arch + value: "{{ dpkg_arch.stdout }}" + - option: dpkg_foreign_arch + value: "{{ dpkg_foreign_arch.stdout }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" - option: iiab_remote_url @@ -47,5 +55,3 @@ value: "{{ rpi_model }}" - option: devicetree_model value: "{{ devicetree_model }}" - - option: dpkg_arch - value: "{{ dpkg_arch.stdout }}" From f46c7d15551f58509600530be2a9c08bf2ec5dd2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 22:59:42 -0400 Subject: [PATCH 0930/1758] mongodb/tasks/main.yml: Fix 'ansible_architecture' typo --- roles/mongodb/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index c755780d3..aab67fc0f 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -37,7 +37,7 @@ - debug: var: mongodb_version -- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_archicture ~= ansible_machine is NOT enough!) +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) command: dpkg --print-architecture register: dpkg_arch - debug: From c69d6ef96c24fc3d1606c560339731cce49eedde Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 23:30:51 -0400 Subject: [PATCH 0931/1758] create_iiab_ini.yml: Try {{ os_ver }} alongside redundant/failsafe {{ ansible_facts['distribution'] }} --- roles/0-init/tasks/create_iiab_ini.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index e9b07e9a3..f6cf612f7 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -31,8 +31,10 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: + - option: os_ver + value: "{{ os_ver }}" - option: distribution - value: "{{ ansible_distribution }}" + value: "{{ ansible_facts['distribution'] }}" - option: arch value: "{{ ansible_architecture }}" - option: dpkg_arch From 4a32ba0375126e509d0200af850c6899183f827e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Mar 2023 23:39:21 -0400 Subject: [PATCH 0932/1758] create_iiab_ini.yml: Raise rpi_model & devicetree_model --- roles/0-init/tasks/create_iiab_ini.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index f6cf612f7..980a7fc1b 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -41,6 +41,10 @@ value: "{{ dpkg_arch.stdout }}" - option: dpkg_foreign_arch value: "{{ dpkg_foreign_arch.stdout }}" + - option: rpi_model + value: "{{ rpi_model }}" + - option: devicetree_model + value: "{{ devicetree_model }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" - option: iiab_remote_url @@ -53,7 +57,3 @@ value: "{{ ansible_local.local_facts.iiab_recent_tag }}" - option: install_date value: "{{ ansible_date_time.iso8601 }}" - - option: rpi_model - value: "{{ rpi_model }}" - - option: devicetree_model - value: "{{ devicetree_model }}" From e0251f0ce96f83ba084e89a3a2c0af78b6cb6b97 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 1 Apr 2023 16:28:17 -0400 Subject: [PATCH 0933/1758] Modernize Yarn install w/ signed apt/PPA key --- roles/yarn/tasks/install.yml | 49 ++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index 48628d688..e7f759a96 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,30 +1,41 @@ -- name: "Yarn | GPG" - apt_key: - url: https://dl.yarnpkg.com/debian/pubkey.gpg - state: present +- name: Yarn | Download apt key to /usr/share/keyrings/yarn.gpg + shell: curl https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn.gpg -- name: "Yarn | Ensure Debian sources list file exists" - file: - path: /etc/apt/sources.list.d/yarn.list - owner: root - mode: '0644' - state: touch +- name: Yarn | Add signed Yarn PPA to /etc/apt/sources.list.d/dl_yarnpkg_com_debian.list + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main" + #filename: yarn # If legacy filename yarn.list is preferred -- name: "Yarn | Ensure Debian package is in sources list" - lineinfile: - dest: /etc/apt/sources.list.d/yarn.list - regexp: 'deb https://dl.yarnpkg.com/debian/ stable main' - line: 'deb https://dl.yarnpkg.com/debian/ stable main' - state: present +# 2023-04-01 above avoids DEPRECATED apt-key command & associated problems: +# https://github.com/iiab/iiab/wiki/IIAB-Platforms#etcapttrustedgpg-legacy-keyring-warnings -- name: "Yarn | Update APT cache" +# - name: "Yarn | GPG" +# apt_key: +# url: https://dl.yarnpkg.com/debian/pubkey.gpg +# state: present + +# - name: "Yarn | Ensure Debian sources list file exists" +# file: +# path: /etc/apt/sources.list.d/yarn.list +# owner: root +# mode: '0644' +# state: touch + +# - name: "Yarn | Ensure Debian package is in sources list" +# lineinfile: +# dest: /etc/apt/sources.list.d/yarn.list +# regexp: 'deb https://dl.yarnpkg.com/debian/ stable main' +# line: 'deb https://dl.yarnpkg.com/debian/ stable main' +# state: present + +- name: Yarn | Update APT cache apt: update_cache: yes -- name: "Yarn | Install" +- name: Yarn | Install package: name: yarn - state: latest + #state: latest # No need to mention it, with apt # RECORD Yarn AS INSTALLED From 31a1664483bba99ff6250ef19c2afbf698248599 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 01:04:00 -0500 Subject: [PATCH 0934/1758] pbx - php7.4 only --- roles/pbx/defaults/main.yml | 2 ++ roles/pbx/tasks/main.yml | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 9d478d0d9..6be11c3c0 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -21,6 +21,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +# Allows testing on newer php versions when present in local_vars.yml +# pbx_php74_override asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 81a9dcebd..496e69ecc 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -21,6 +21,11 @@ - block: + - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" + fail: # FORCE IT RED THIS ONCE! + msg: FreePBX 16 requirs PHP 7.4 and is not available. + when: not (php_version == "7.4") and pbx_php74_override is undefined + - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: pbx_installed is undefined From 8833570a8ecf6a35b7382848c60c59bbf806cfaf Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 01:13:50 -0500 Subject: [PATCH 0935/1758] syntax --- roles/pbx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 496e69ecc..0e41ea2e6 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -24,7 +24,7 @@ - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" fail: # FORCE IT RED THIS ONCE! msg: FreePBX 16 requirs PHP 7.4 and is not available. - when: not (php_version == "7.4") and pbx_php74_override is undefined + when: php_version is version('8.0', '>') and pbx_php74_override is undefined - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml From 3d951f7249798872f6fd226774029277f7a8e394 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 01:27:00 -0500 Subject: [PATCH 0936/1758] patch for 64-bit arm installs --- roles/pbx/files/install_prereq.diff | 26 ++++++++++++++++++++++++++ roles/pbx/tasks/asterisk.yml | 6 ++++++ 2 files changed, 32 insertions(+) create mode 100644 roles/pbx/files/install_prereq.diff diff --git a/roles/pbx/files/install_prereq.diff b/roles/pbx/files/install_prereq.diff new file mode 100644 index 000000000..8a870826c --- /dev/null +++ b/roles/pbx/files/install_prereq.diff @@ -0,0 +1,26 @@ +--- install_prereq.orig 2023-04-01 01:41:56.859545082 -0500 ++++ install_prereq 2023-04-01 01:44:28.744269701 -0500 +@@ -25,7 +25,7 @@ + # Asterisk: for addons: + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libspeex-dev libspeexdsp-dev libogg-dev libvorbis-dev libasound2-dev portaudio19-dev libcurl4-openssl-dev xmlstarlet bison flex" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libpq-dev unixodbc-dev libneon27-dev libgmime-2.6-dev libgmime-3.0-dev liblua5.2-dev liburiparser-dev libxslt1-dev libssl-dev" +-PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmysqlclient-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" ++PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmariadb-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libsnmp-dev libiksemel-dev libcorosync-common-dev libcpg-dev libcfg-dev libnewt-dev libpopt-dev libical-dev libspandsp-dev" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libresample1-dev libc-client2007e-dev binutils-dev libsrtp0-dev libsrtp2-dev libgsm1-dev doxygen graphviz zlib1g-dev libldap2-dev" + PACKAGES_DEBIAN="$PACKAGES_DEBIAN libcodec2-dev libfftw3-dev libsndfile1-dev libunbound-dev" +@@ -193,8 +193,13 @@ + tocheck="${tocheck} ^${pack}$ ~P^${pack}$" + done + pkgs=$(aptitude -F '%c %p' search ${tocheck} 2>/dev/null | awk '/^p/{print $2}') ++ arch=$(uname -m) + if [ ${#pkgs} -ne 0 ]; then +- echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" ++ if [ "$arch" = "X86_64" ]; then ++ echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" ++ elif [ "$arch" = "aarch64" ]; then ++ echo $pkgs | sed -r -e "s/ ?[^ :]+:armhf//g" ++ fi + fi + } + diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 7c52248bf..f1fc7e9d5 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -55,6 +55,12 @@ # name: aptitude # state: latest +# https://github.com/iiab/iiab/issues/3489 +- name: Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 + ansible.posix.patch: + src: install_prereq.diff + dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" + - name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install args: From 6f63e73d75d0ada34b1c7a58b7f3ad183910e5f2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 02:28:46 -0500 Subject: [PATCH 0937/1758] drop part of patch for 'libmysqlclient-dev' hunk was failing not sure why but aptitude did the right thing anyway --- roles/pbx/files/install_prereq.diff | 9 --------- 1 file changed, 9 deletions(-) diff --git a/roles/pbx/files/install_prereq.diff b/roles/pbx/files/install_prereq.diff index 8a870826c..4c57bc10b 100644 --- a/roles/pbx/files/install_prereq.diff +++ b/roles/pbx/files/install_prereq.diff @@ -1,14 +1,5 @@ --- install_prereq.orig 2023-04-01 01:41:56.859545082 -0500 +++ install_prereq 2023-04-01 01:44:28.744269701 -0500 -@@ -25,7 +25,7 @@ - # Asterisk: for addons: - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libspeex-dev libspeexdsp-dev libogg-dev libvorbis-dev libasound2-dev portaudio19-dev libcurl4-openssl-dev xmlstarlet bison flex" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libpq-dev unixodbc-dev libneon27-dev libgmime-2.6-dev libgmime-3.0-dev liblua5.2-dev liburiparser-dev libxslt1-dev libssl-dev" --PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmysqlclient-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" -+PACKAGES_DEBIAN="$PACKAGES_DEBIAN libmariadb-dev libbluetooth-dev libradcli-dev freetds-dev libjack-jackd2-dev bash libcap-dev" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libsnmp-dev libiksemel-dev libcorosync-common-dev libcpg-dev libcfg-dev libnewt-dev libpopt-dev libical-dev libspandsp-dev" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libresample1-dev libc-client2007e-dev binutils-dev libsrtp0-dev libsrtp2-dev libgsm1-dev doxygen graphviz zlib1g-dev libldap2-dev" - PACKAGES_DEBIAN="$PACKAGES_DEBIAN libcodec2-dev libfftw3-dev libsndfile1-dev libunbound-dev" @@ -193,8 +193,13 @@ tocheck="${tocheck} ^${pack}$ ~P^${pack}$" done From 11817a05a4a0de794dc4be7da3aafe1bd6d9b305 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 02:33:07 -0500 Subject: [PATCH 0938/1758] True --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 6be11c3c0..cbf40897d 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -22,7 +22,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # Allows testing on newer php versions when present in local_vars.yml -# pbx_php74_override +# pbx_php74_override: True asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab From e0a734477633ef9e35d01ea68394a033cfa59706 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 02:40:30 -0500 Subject: [PATCH 0939/1758] Update roles/pbx/tasks/main.yml Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/pbx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 0e41ea2e6..05b9e8c04 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -23,7 +23,7 @@ - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" fail: # FORCE IT RED THIS ONCE! - msg: FreePBX 16 requirs PHP 7.4 and is not available. + msg: FreePBX 16 requires PHP 7.4 and is not available. when: php_version is version('8.0', '>') and pbx_php74_override is undefined - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml From 32c81bbb70106b301b0f84e7b332ca439c1dec80 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 04:31:44 -0500 Subject: [PATCH 0940/1758] Stop asterisk before installing freepbx --- roles/pbx/tasks/freepbx.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index df541cd96..ee7b4eccf 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -11,11 +11,15 @@ # 2021-08-12: Let's try to track the "official" init.d / update-rc.d # instructions ('update-rc.d -f asterisk remove') but using systemd instead, # to be more future-proof? +# 2023-04-02 The above is not true, the service is running from the asterisk install causing +# './start_asterisk start' to do nothing as the service is alredy running resulting in the +# need to use 'ignore' for 'killall -9 safe_asterisk' or './start_asterisk stop' +# Lets get rid of the red warning. - name: "FreePBX - Disable 'asterisk' systemd service, giving FreePBX full control during boot - similar to officially recommended 'update-rc.d -f asterisk remove' at: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9" systemd: daemon_reload: yes name: asterisk - #state: stopped + state: stopped enabled: no From 848a947f9ca4f94121bea53f4cb027b1e2b0e915 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 04:38:57 -0500 Subject: [PATCH 0941/1758] Fix warning during install --- roles/pbx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 2abc11405..fca7a7edd 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -36,7 +36,7 @@ - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables ignore_errors: yes # iptables installed in 2-common, but iiab-gen-tables may not be set up until roles/network runs later - + when: iiab_stage|int == 9 From e3c6d28fc4938210a5ed38828e0139d007efb89c Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 06:09:09 -0500 Subject: [PATCH 0942/1758] add prefix --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index f1fc7e9d5..b2e659fb0 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -56,7 +56,7 @@ # state: latest # https://github.com/iiab/iiab/issues/3489 -- name: Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 +- name: Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" From 09df64c05f90a48637f546f953d628a2fac6d0fe Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 06:17:21 -0500 Subject: [PATCH 0943/1758] clearer logic and remove ignore_errors --- roles/pbx/tasks/enable-or-disable.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index fca7a7edd..aa4794e3a 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -9,7 +9,7 @@ file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: not (pbx_use_apache and pbx_enabled) + when: pbx_use_apache and not pbx_enabled - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -30,12 +30,11 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: not (pbx_use_apache and pbx_enabled) + when: pbx_use_apache and not pbx_enabled ignore_errors: yes # In case Apache not installed - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables - ignore_errors: yes # iptables installed in 2-common, but iiab-gen-tables may not be set up until roles/network runs later when: iiab_stage|int == 9 @@ -84,7 +83,7 @@ path: "{{ nginx_conf_dir }}/freepbx-nginx.conf" state: absent - when: not (pbx_use_nginx and pbx_enabled) + when: pbx_use_nginx and not pbx_enabled - name: "ENACT ABOVE 3-4 SETTINGS FOR NGINX - 'pbx_use_nginx: False' might arise later, so best ALWAYS run these 2..." From 4da7a3fb58ee0cc4604741f4b8631a7d7b0140d3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 06:30:06 -0500 Subject: [PATCH 0944/1758] cover network_enabled: False --- roles/pbx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index aa4794e3a..18f424e8f 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -35,7 +35,7 @@ - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables - when: iiab_stage|int == 9 + when: iiab_stage|int == 9 and network_enabled From 4736bc38733074722b1b3dba4955802661de3995 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 07:10:13 -0500 Subject: [PATCH 0945/1758] improve comment --- roles/pbx/tasks/enable-or-disable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 18f424e8f..4b362059e 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -36,7 +36,8 @@ - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables when: iiab_stage|int == 9 and network_enabled - +# iptables installed in 1-prep via roles/network/tasks/install.yml, but iiab-gen-tables may not be set up until +# roles/network runs later and can be omitted altogether - block: From 07b310f5d5e5fb6cde2bab5f361266558a5cf549 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 08:19:20 -0500 Subject: [PATCH 0946/1758] record apache installation --- roles/pbx/tasks/apache.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index 5462a5ca5..60b15c571 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -39,3 +39,13 @@ dest: /etc/{{ apache_service }}/sites-available/freepbx.conf # apache2 owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" + +- name: "Set 'pbx_apache_installed: True'" + set_fact: + pbx_apache_installed: True + +- name: "Add 'pbx_apache_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^pbx_apache_installed' + line: 'pbx_apache_installed: True' From 912fe4c610ffefd7daaf96337c7c42507d2c2558 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 08:24:45 -0500 Subject: [PATCH 0947/1758] use pbx_apache_installed in place of pbx_use_apache pbx_use_apache is an install time option once installed the service needs to be accounted for --- roles/pbx/tasks/enable-or-disable.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 4b362059e..d3073e655 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -3,13 +3,13 @@ - name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled # http://box:83/freepbx command: a2ensite freepbx.conf - when: pbx_use_apache and pbx_enabled + when: pbx_apache_installed is defined and pbx_enabled - name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled) file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: pbx_use_apache and not pbx_enabled + when: pbx_apache_installed and not pbx_enabled - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -21,8 +21,7 @@ name: "{{ apache_service }}" # apache2 state: restarted enabled: yes - when: pbx_use_apache and pbx_enabled - ignore_errors: yes # In case Apache not installed + when: pbx_apache_installed and pbx_enabled - name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) systemd: @@ -30,8 +29,7 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: pbx_use_apache and not pbx_enabled - ignore_errors: yes # In case Apache not installed + when: pbx_apache_installed and not pbx_enabled - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables From 1fee1c6dd67e808c2c7e22fa5765afb095c2dc47 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 08:31:09 -0500 Subject: [PATCH 0948/1758] use pbx_apache_installed in place of pbx_use_apache2 --- roles/pbx/tasks/enable-or-disable.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index d3073e655..2b08d36d4 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -9,7 +9,7 @@ file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: pbx_apache_installed and not pbx_enabled + when: pbx_apache_installed is defined and not pbx_enabled - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -21,7 +21,7 @@ name: "{{ apache_service }}" # apache2 state: restarted enabled: yes - when: pbx_apache_installed and pbx_enabled + when: pbx_apache_installed is defined and pbx_enabled - name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) systemd: @@ -29,7 +29,7 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: pbx_apache_installed and not pbx_enabled + when: pbx_apache_installed is defined and not pbx_enabled - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables From 094d66e3814f8d96a8b67ed7ba287569eb6f5f92 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 08:47:07 -0500 Subject: [PATCH 0949/1758] record pbx_use_nginx pbx_use_apache --- roles/pbx/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 05b9e8c04..92074d0e0 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -48,6 +48,10 @@ value: PBX - option: description value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' + - option: pbx_use_apache + value: "{{ pbx_use_apache }}" + - option: pbx_use_nginx + value: "{{ pbx_use_nginx }}" - option: pbx_install value: "{{ pbx_install }}" - option: pbx_enabled From f2b1d2293fd87a44113db44e1dc65f12058227cb Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 09:53:28 -0500 Subject: [PATCH 0950/1758] allow in the field twiddling of pbx_use_apache post-install --- roles/pbx/tasks/apache.yml | 6 +++--- roles/pbx/tasks/freepbx.yml | 5 ----- roles/pbx/tasks/main.yml | 3 +++ 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index 60b15c571..ce83871c9 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -42,10 +42,10 @@ - name: "Set 'pbx_apache_installed: True'" set_fact: - pbx_apache_installed: True + apache_installed: True - name: "Add 'pbx_apache_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - regexp: '^pbx_apache_installed' - line: 'pbx_apache_installed: True' + regexp: '^apache_installed' + line: 'apache_installed: True' diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index ee7b4eccf..6582edc81 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -70,11 +70,6 @@ include_tasks: roles/www_options/tasks/php-settings.yml when: php_settings_done is undefined -- name: FreePBX - Install and configure Apache - if pbx_use_apache - include_tasks: apache.yml - when: pbx_use_apache - - # - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} # get_url: # url: "{{ freepbx_url }}/{{ freepbx_src_file }}" diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 92074d0e0..a76f201cd 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -18,6 +18,9 @@ fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes +- name: FreePBX - Install and configure Apache - if pbx_use_apache + include_tasks: apache.yml + when: pbx_use_apache and apache_installed is undefined - block: From 4cf1d94e0292e049bc6df0e43976696f6855c8d0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 10:02:50 -0500 Subject: [PATCH 0951/1758] allow in the field twiddling of pbx_use_apache post-install2 --- roles/pbx/tasks/enable-or-disable.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 2b08d36d4..bc41ef919 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -3,13 +3,13 @@ - name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled # http://box:83/freepbx command: a2ensite freepbx.conf - when: pbx_apache_installed is defined and pbx_enabled + when: apache_installed is defined and pbx_use_apache and pbx_enabled - name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled) file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: pbx_apache_installed is defined and not pbx_enabled + when: apache_installed is defined and (not pbx_enabled or not pbx_use_apache) - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." @@ -21,7 +21,7 @@ name: "{{ apache_service }}" # apache2 state: restarted enabled: yes - when: pbx_apache_installed is defined and pbx_enabled + when: apache_installed is defined and pbx_use_apache and pbx_enabled - name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) systemd: @@ -29,7 +29,7 @@ name: "{{ apache_service }}" state: stopped enabled: no - when: pbx_apache_installed is defined and not pbx_enabled + when: apache_installed is defined and (not pbx_use_apache or not pbx_enabled) - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables From 1eb093f064d04131b7cbd187954bb5747be44211 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 10:11:20 -0500 Subject: [PATCH 0952/1758] apache_installed --- roles/pbx/tasks/apache.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index ce83871c9..1e4e33c6b 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -40,11 +40,11 @@ owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" -- name: "Set 'pbx_apache_installed: True'" +- name: "Set 'apache_installed: True'" set_fact: apache_installed: True -- name: "Add 'pbx_apache_installed: True' to {{ iiab_state_file }}" +- name: "Add 'apache_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml regexp: '^apache_installed' From 5bbf96fff60d68a9237db8258ba5be213004a3be Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 10:30:40 -0500 Subject: [PATCH 0953/1758] Should be the last nit --- roles/pbx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index bc41ef919..2a253e5ef 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -82,7 +82,7 @@ path: "{{ nginx_conf_dir }}/freepbx-nginx.conf" state: absent - when: pbx_use_nginx and not pbx_enabled + when: not (pbx_use_nginx and pbx_enabled) - name: "ENACT ABOVE 3-4 SETTINGS FOR NGINX - 'pbx_use_nginx: False' might arise later, so best ALWAYS run these 2..." From cb1ae8d4f44d8cf69efb55f6242fdf16c8212187 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 2 Apr 2023 11:05:04 -0500 Subject: [PATCH 0954/1758] Should be in the 'block' --- roles/pbx/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index a76f201cd..544ddc733 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -18,10 +18,6 @@ fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes -- name: FreePBX - Install and configure Apache - if pbx_use_apache - include_tasks: apache.yml - when: pbx_use_apache and apache_installed is undefined - - block: - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" @@ -33,6 +29,10 @@ include_tasks: install.yml when: pbx_installed is undefined + - name: FreePBX - Install and configure Apache - if pbx_use_apache + include_tasks: apache.yml + when: pbx_use_apache and apache_installed is undefined + - name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle include_tasks: chan_dongle.yml when: asterisk_chan_dongle From 3c360d21fadd42de4cf18b02924d13d1fa3e669f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 2 Apr 2023 23:25:37 -0400 Subject: [PATCH 0955/1758] EXPERIMENTAL: asterisk_patch for RPi + prelim path to PHP 8 --- roles/pbx/defaults/main.yml | 6 ++++-- roles/pbx/tasks/apache.yml | 1 + roles/pbx/tasks/asterisk.yml | 1 + roles/pbx/tasks/enable-or-disable.yml | 17 +++++++++-------- roles/pbx/tasks/freepbx.yml | 16 ++++++++++------ roles/pbx/tasks/main.yml | 14 ++++++-------- vars/local_vars_large.yml | 2 ++ vars/local_vars_medium.yml | 2 ++ vars/local_vars_small.yml | 2 ++ vars/local_vars_unittest.yml | 2 ++ 10 files changed, 39 insertions(+), 24 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index cbf40897d..e1eae4df0 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -21,8 +21,10 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# Allows testing on newer php versions when present in local_vars.yml -# pbx_php74_override: True + +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True + asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab diff --git a/roles/pbx/tasks/apache.yml b/roles/pbx/tasks/apache.yml index 1e4e33c6b..dd05b7dc9 100644 --- a/roles/pbx/tasks/apache.yml +++ b/roles/pbx/tasks/apache.yml @@ -40,6 +40,7 @@ owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" + - name: "Set 'apache_installed: True'" set_fact: apache_installed: True diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index b2e659fb0..ff7fb3ec4 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -60,6 +60,7 @@ ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" + when: asterisk_patch is defined and asterisk_patch - name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install diff --git a/roles/pbx/tasks/enable-or-disable.yml b/roles/pbx/tasks/enable-or-disable.yml index 2a253e5ef..6b1639a37 100644 --- a/roles/pbx/tasks/enable-or-disable.yml +++ b/roles/pbx/tasks/enable-or-disable.yml @@ -1,21 +1,21 @@ - name: JUST 1 SETTING TO TURN ON/OFF FOR APACHE - whereas NGINX below has 4... meta: noop -- name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled # http://box:83/freepbx +- name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if apache_installed is defined and pbx_use_apache and pbx_enabled # http://box:83/freepbx command: a2ensite freepbx.conf when: apache_installed is defined and pbx_use_apache and pbx_enabled -- name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled) +- name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (apache_installed is defined and pbx_use_apache and pbx_enabled) file: # As 'a2dissite freepbx.conf' might not be installed path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf # apache2 state: absent - when: apache_installed is defined and (not pbx_enabled or not pbx_use_apache) + when: not (apache_installed is defined and pbx_use_apache and pbx_enabled) - name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..." meta: noop -- name: EITHER - Restart & Enable '{{ apache_service }}' systemd service - if pbx_use_apache and pbx_enabled +- name: EITHER - Restart & Enable '{{ apache_service }}' systemd service - if apache_installed is defined and pbx_use_apache and pbx_enabled systemd: daemon_reload: yes name: "{{ apache_service }}" # apache2 @@ -23,19 +23,20 @@ enabled: yes when: apache_installed is defined and pbx_use_apache and pbx_enabled -- name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled) +- name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (apache_installed is defined and pbx_use_apache and pbx_enabled) systemd: daemon_reload: yes name: "{{ apache_service }}" state: stopped enabled: no - when: apache_installed is defined and (not pbx_use_apache or not pbx_enabled) + when: not (apache_installed is defined and pbx_use_apache and pbx_enabled) + ignore_errors: yes # If Apache not installed, HIGHLIGHT IN RED FOR IMPLEMENTER/OPERATOR - name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx' command: /usr/bin/iiab-gen-iptables when: iiab_stage|int == 9 and network_enabled -# iptables installed in 1-prep via roles/network/tasks/install.yml, but iiab-gen-tables may not be set up until -# roles/network runs later and can be omitted altogether +# iptables installed in 1-prep via roles/network/tasks/install.yml, but +# iiab-gen-tables may not be set up, until/if roles/network runs later. - block: diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 6582edc81..d8632aa5b 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -11,15 +11,14 @@ # 2021-08-12: Let's try to track the "official" init.d / update-rc.d # instructions ('update-rc.d -f asterisk remove') but using systemd instead, # to be more future-proof? -# 2023-04-02 The above is not true, the service is running from the asterisk install causing -# './start_asterisk start' to do nothing as the service is alredy running resulting in the -# need to use 'ignore' for 'killall -9 safe_asterisk' or './start_asterisk stop' -# Lets get rid of the red warning. +# 2023-04-02: Disagreement remains the same as 2 years ago: +# @jvonau wants to stop service asterisk (from the asterisk install). +# @holta prefers we track Asterisk/FreePBX community's mainline/consensus. - name: "FreePBX - Disable 'asterisk' systemd service, giving FreePBX full control during boot - similar to officially recommended 'update-rc.d -f asterisk remove' at: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9" systemd: daemon_reload: yes name: asterisk - state: stopped + #state: stopped enabled: no @@ -66,10 +65,15 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" +- name: "FreePBX - Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" include_tasks: roles/www_options/tasks/php-settings.yml when: php_settings_done is undefined +- name: FreePBX - Install and configure Apache - if pbx_use_apache + include_tasks: apache.yml + when: pbx_use_apache and apache_installed is undefined + + # - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} # get_url: # url: "{{ freepbx_url }}/{{ freepbx_src_file }}" diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 544ddc733..a9b580129 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -18,21 +18,19 @@ fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes + - block: - - name: EXIT 'pbx' ROLE, if 'php_version' doesn't shows "7.4" - fail: # FORCE IT RED THIS ONCE! - msg: FreePBX 16 requires PHP 7.4 and is not available. - when: php_version is version('8.0', '>') and pbx_php74_override is undefined + - name: If PHP >= 8 is detected, loudly warn that FreePBX does not support PHP 8+ (as of April 2023) + fail: # FORCE IT RED, allowing adventurous/testing people to proceed at their own risk! + msg: 'FreePBX DOES NOT SUPPORT PHP 8+ AS OF APRIL 2023. YOU ARE PROCEEDING ENTIRELY AT YOUR OWN RISK.' + when: php_version is version('8.0', '>=') + ignore_errors: yes - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: pbx_installed is undefined - - name: FreePBX - Install and configure Apache - if pbx_use_apache - include_tasks: apache.yml - when: pbx_use_apache and apache_installed is undefined - - name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle include_tasks: chan_dongle.yml when: asterisk_chan_dongle diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 474854821..1a5c1d632 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 73e01e154..f57f6879d 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 42adebfea..7185c8a44 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index ba081c3db..f884e1021 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -422,4 +422,6 @@ pbx_install: False pbx_enabled: False pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: +# asterisk_patch: True asterisk_chan_dongle: False From 5c1b99f24060ea132b9208aeb7b8ac375455d0d6 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 2 Apr 2023 23:37:45 -0400 Subject: [PATCH 0956/1758] Global search/replace: RaspiOS -> RasPiOS --- scripts/ansible | 8 ++++---- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 7c5bbca8c..377203480 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -25,9 +25,9 @@ GOOD_VER=2.14.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED) ###if grep -q buster /etc/os-release /etc/debian_version; then -### CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros +### CODENAME=bionic # Debian 10, RasPiOS 10 & Buster-like distros ###else -### CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) +### CODENAME=focal # Debian 11+, RasPiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) ###fi # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): @@ -109,7 +109,7 @@ echo -e "(Internet-in-a-Box requests ansible-core $GOOD_VER or higher)\n" # Code above designed to work on all Linux distributions, to preserve options, # in support of any volunteer(s) wanting to port IIAB to a new Linux/distro. -if [ ! -f /etc/debian_version ]; then # e.g. RaspiOS, Ubuntu, Mint & Debian +if [ ! -f /etc/debian_version ]; then # e.g. RasPiOS, Ubuntu, Mint & Debian echo -e "\nEXITING: /etc/debian_version FILE NOT FOUND. Linux OS support info here:" echo -e " https://github.com/iiab/iiab/wiki/IIAB-Platforms\n" exit 1 @@ -140,7 +140,7 @@ fi # 2020-08-20: TEMP WORKAROUND (REVERT TO ANSIBLE 2.9.6) MITIGATING # iiab/iiab#2481 (Ansible 2.9.12 and 2.10.0's 666-TO-600 file permissions -# problem). This workaround installs 2.9.6-1ppa~disco onto RaspiOS, from +# problem). This workaround installs 2.9.6-1ppa~disco onto RasPiOS, from # https://launchpad.net/~ansible/+archive/ubuntu/ansible #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu disco main" \ # > /etc/apt/sources.list.d/iiab-ansible.list diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ec4c3f2d4..b1a48d637 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -170,7 +170,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -682,7 +682,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1a5c1d632..57d96c086 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f57f6879d..0418d39f5 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 7185c8a44..464819e62 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index f884e1021..de25ac024 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -104,7 +104,7 @@ wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so -# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while +# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RaspiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 298866de633c85e26c3a55560c2077b5bec2c171 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 2 Apr 2023 23:54:10 -0400 Subject: [PATCH 0957/1758] asterisk.yml: Clarify 'asterisk_patch: True' for RPi #3489 --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index ff7fb3ec4..28c72b855 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -56,7 +56,7 @@ # state: latest # https://github.com/iiab/iiab/issues/3489 -- name: Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for 3489 +- name: "Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for Raspberry Pi (#3489) if 'asterisk_patch: True'" ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" From 545d66dbe2e820c3881379c7467696324b5dda85 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 3 Apr 2023 00:25:48 -0400 Subject: [PATCH 0958/1758] pbx/files/install_prereq.diff: X86_64 -> x86_64 ; clean asterisk.yml --- roles/pbx/files/install_prereq.diff | 2 +- roles/pbx/tasks/asterisk.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/pbx/files/install_prereq.diff b/roles/pbx/files/install_prereq.diff index 4c57bc10b..0428b339a 100644 --- a/roles/pbx/files/install_prereq.diff +++ b/roles/pbx/files/install_prereq.diff @@ -7,7 +7,7 @@ + arch=$(uname -m) if [ ${#pkgs} -ne 0 ]; then - echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" -+ if [ "$arch" = "X86_64" ]; then ++ if [ "$arch" = "x86_64" ]; then + echo $pkgs | sed -r -e "s/ ?[^ :]+:i386//g" + elif [ "$arch" = "aarch64" ]; then + echo $pkgs | sed -r -e "s/ ?[^ :]+:armhf//g" diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 28c72b855..5c1b6747a 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -40,8 +40,6 @@ unarchive: src: "{{ downloads_dir }}/{{ asterisk_src_file }}" dest: "{{ asterisk_src_dir }}" - # owner: root - # group: root extra_opts: [--strip-components=1] creates: "{{ asterisk_src_dir }}/Makefile" From 3636d67a2c5f5dc8aa5f431c3f51fe61482618e4 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 3 Apr 2023 01:02:39 -0400 Subject: [PATCH 0959/1758] pbx/tasks/main.yml: Traditional ordering for iiab.ini --- roles/pbx/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index a9b580129..669f05277 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -49,14 +49,14 @@ value: PBX - option: description value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' - - option: pbx_use_apache - value: "{{ pbx_use_apache }}" - - option: pbx_use_nginx - value: "{{ pbx_use_nginx }}" - option: pbx_install value: "{{ pbx_install }}" - option: pbx_enabled value: "{{ pbx_enabled }}" + - option: pbx_use_apache + value: "{{ pbx_use_apache }}" + - option: pbx_use_nginx + value: "{{ pbx_use_nginx }}" rescue: From 177cf0a5afedee267fbef8d84b6a877de251c8be Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 3 Apr 2023 10:34:46 -0400 Subject: [PATCH 0960/1758] New default 'asterisk_rpi_patch: True' + documentation --- roles/pbx/README.adoc | 16 +++++++++++----- roles/pbx/defaults/main.yml | 8 ++++---- roles/pbx/tasks/asterisk.yml | 4 ++-- vars/default_vars.yml | 6 ++++-- vars/local_vars_large.yml | 8 ++++---- vars/local_vars_medium.yml | 8 ++++---- vars/local_vars_small.yml | 8 ++++---- vars/local_vars_unittest.yml | 8 ++++---- 8 files changed, 37 insertions(+), 29 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 360dc3499..a2c0d4561 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/wiki/IIAB-8.1-Release-Notes#known-issues[WARNING]).* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. @@ -41,15 +41,15 @@ pbx_install: True pbx_enabled: True ---- + -FreePBX can be used with either or both web servers, NGINX on port 80 (as is new) and/or Apache on port 83 (as is traditional). +FreePBX can be used with either or both web servers — NGINX on port 80 (http://box/freepbx) and/or using the old approach with Apache on port 83 (http://box:83/freepbx). + -If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] prior to installing IIAB: +If you still want the older Apache approach, set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F[/etc/iiab/local_vars.yml] prior to installing IIAB: + ---- -pbx_use_apache: False +pbx_use_apache: True ---- + -Or, if you want to use FreePBX with Apache alone (http://box:83/freepbx), optionally set this line in your /etc/iiab/local_vars.yml: +If you want to disable to new NGINX approach, set this line in your /etc/iiab/local_vars.yml: + ---- pbx_use_nginx: False @@ -61,6 +61,12 @@ If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/ph nginx_high_php_limits: True ---- + +As of April 2023 (https://github.com/iiab/iiab/pull/3523[PR #3523]) IIAB will patch Asterisk automatically (https://github.com/asterisk/asterisk/pull/32[PR asterisk/asterisk#32]) so it can be run experimentally on Raspberry Pi, so long as you keep this default settings: ++ +---- +asterisk_rpi_patch: True +---- ++ Optionally, you may want to enable https://github.com/wdoekes/asterisk-chan-dongle[chan_dongle], which is a channel driver for Huawei UMTS cards (e.g. 3G USB dongles) allowing regular voice calls over GSM mobile networks. You will need to configure a dongle post-install, for it to be recognized properly: + ---- diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index e1eae4df0..2cc6eece6 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -8,9 +8,12 @@ # pbx_install: False # pbx_enabled: False -# pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +# pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also # pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +# asterisk_rpi_patch: True + # asterisk_chan_dongle: False # pbx_signaling_ports_chan_sip: 5160:5161 @@ -22,9 +25,6 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True - asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 5c1b6747a..6214c0d06 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -54,11 +54,11 @@ # state: latest # https://github.com/iiab/iiab/issues/3489 -- name: "Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for Raspberry Pi (#3489) if 'asterisk_patch: True'" +- name: "Asterisk - Apply patch to {{ asterisk_src_dir }}/contrib/scripts/install_prereq for Raspberry Pi (#3489) if 'asterisk_rpi_patch: True'" ansible.posix.patch: src: install_prereq.diff dest: "{{ asterisk_src_dir }}/contrib/scripts/install_prereq" - when: asterisk_patch is defined and asterisk_patch + when: asterisk_rpi_patch - name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b1a48d637..8df87c531 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -682,13 +682,15 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False pbx_signaling_ports_chan_sip: 5160:5161 pbx_signaling_ports_chan_pjsip: 5060 diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 57d96c086..84b5ea43c 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 0418d39f5..546c9b248 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 464819e62..f29d97bd0 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index de25ac024..ce408c528 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -415,13 +415,13 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye. 64-bit RasPiOS MIGHT work: #3489 +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False -pbx_use_apache: True # 2021-08-17: Set either to 'False' if nec -- please +pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! -# 2023-04-02: If you want to try EXPERIMENTAL testing on Raspberry Pi: -# asterisk_patch: True +# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) +asterisk_rpi_patch: True asterisk_chan_dongle: False From 573516463dc2aa91012b81cce131f991eba63034 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 3 Apr 2023 10:52:58 -0400 Subject: [PATCH 0961/1758] vars files: Squeeze PBX tips back into 80-char width --- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 8df87c531..b1ad7fcdf 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -682,7 +682,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 84b5ea43c..1c1e8b7d3 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 546c9b248..8a8ae98d6 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index f29d97bd0..de02105a9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index ce408c528..e5e086fd6 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -415,7 +415,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye, or 64-bit RasPiOS IF Bullseye-based. +# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 7f0365c2f290d1e09793d2d01d670ccc57685a12 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 4 Apr 2023 07:47:42 -0500 Subject: [PATCH 0962/1758] asterisk_installed --- roles/pbx/tasks/asterisk.yml | 10 ++++++++++ roles/pbx/tasks/install.yml | 1 + 2 files changed, 11 insertions(+) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 6214c0d06..b4c1d8ea0 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -186,3 +186,13 @@ path: /etc/asterisk/asterisk.conf regexp: 'rungroup =' line: 'rungroup = asterisk' + +- name: "Set 'asterisk_installed: True'" + set_fact: + asterisk_installed: True + +- name: "Add 'asterisk_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^asterisk_installed' + line: 'asterisk_installed: True' diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index 474ddb58d..7af2c144e 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -36,6 +36,7 @@ - name: Install Asterisk include_tasks: asterisk.yml + when: asterisk_installed is undefined - name: Install FreePBX include_tasks: freepbx.yml From 1173ec0db0ff34dac32e4a85ca29456cb9521f6e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 4 Apr 2023 11:16:26 -0400 Subject: [PATCH 0963/1758] pbx/tasks/asterisk.yml: #3524 touch-up for iiab_state.yml --- roles/pbx/tasks/asterisk.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index b4c1d8ea0..bc7638191 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -187,6 +187,7 @@ regexp: 'rungroup =' line: 'rungroup = asterisk' + - name: "Set 'asterisk_installed: True'" set_fact: asterisk_installed: True From 413f7404963f679e5fbea0bd49070407d4cdda93 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 4 Apr 2023 16:22:25 -0500 Subject: [PATCH 0964/1758] RasPiOS-12 --- scripts/local_facts.fact | 3 ++- vars/raspbian-12.yml | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 vars/raspbian-12.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index e68aa93d5..ac2b73511 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -85,7 +85,8 @@ case $OS_VER in "ubuntu-2210" | \ "ubuntu-2304" | \ "linuxmint-21" | \ - "raspbian-11") + "raspbian-11" | \ + "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install ;; diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml new file mode 100644 index 000000000..e6fd2f9d5 --- /dev/null +++ b/vars/raspbian-12.yml @@ -0,0 +1,22 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_12: True +is_raspbian: True +is_raspbian_12: True + +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: ssh +# sshd_service: ssh +# systemd_location: /lib/systemd/system +# php_version: "7.4" +# postgresql_version: 13 +# python_version: "3.9" From a6b8a5bfc828149fb983153f6e12632f2880fd15 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 4 Apr 2023 18:11:39 -0400 Subject: [PATCH 0965/1758] default_vars.yml: 'is_raspbian_12: False' for PR #3525 --- vars/default_vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b1ad7fcdf..2e91080d9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -796,6 +796,7 @@ is_debian_11: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) +is_raspbian_12: False is_raspbian_11: False #is_raspbian_10: False #is_raspbian_9: False From 9f87beb9c9b5283aaa225d14dbc4d27818c3c6ad Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 5 Apr 2023 13:02:43 -0500 Subject: [PATCH 0966/1758] workaround python2 being unavailable --- roles/kalite/tasks/install.yml | 6 +++++- scripts/install_python2.sh | 25 +++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100755 scripts/install_python2.sh diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 5fb192475..6eb69859c 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,9 +17,13 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) + when: not (is_debian_12 or is_ubuntu_2304) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. +- name: Use scripts/install_python2.sh to install python2 and virtualenv + command: "{{ iiab_dir }}/scripts/install_python2.sh" + when: is_debian_12 or is_ubuntu_2304 + - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: name: setuptools==44 diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh new file mode 100755 index 000000000..c21ec2ae8 --- /dev/null +++ b/scripts/install_python2.sh @@ -0,0 +1,25 @@ +#!/bin/bash +ARCH=$(dpkg --print-architecture) +cd /tmp +case $ARCH in + "arm64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + apt install ./python2.7-minimal_2.7.18-8_arm64.deb + ;; + "amd64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_amd64.deb + apt install ./libpython2.7-minimal_2.7.18-8_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_amd64.deb + apt install ./python2.7-minimal_2.7.18-8_amd64.deb + ;; + "armhf") + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + ;; +esac +rm *.deb +apt -y install virtualenv From 9880ed1d7651a80c1e8a2ea270bf29cae54ba1cb Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 5 Apr 2023 21:00:39 -0500 Subject: [PATCH 0967/1758] .so files2 --- scripts/install_python2.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index c21ec2ae8..4ee8cd338 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -5,20 +5,26 @@ case $ARCH in "arm64") wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + apt install ./python2.7-stdlib_2.7.18-8_arm64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb apt install ./python2.7-minimal_2.7.18-8_arm64.deb ;; "amd64") wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_amd64.deb apt install ./libpython2.7-minimal_2.7.18-8_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_amd64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_amd64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_amd64.deb apt install ./python2.7-minimal_2.7.18-8_amd64.deb ;; "armhf") wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb + apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb - apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb ;; esac rm *.deb From 847751aed3068fb82887ec5e49899c2217756b87 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 6 Apr 2023 07:14:48 -0500 Subject: [PATCH 0968/1758] support Ubuntu 23.10 --- roles/kalite/tasks/install.yml | 4 ++-- scripts/local_facts.fact | 1 + vars/default_vars.yml | 1 + vars/ubuntu-2310.yml | 21 +++++++++++++++++++++ 4 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 vars/ubuntu-2310.yml diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 6eb69859c..6d0c8765e 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,12 +17,12 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: not (is_debian_12 or is_ubuntu_2304) + when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: is_debian_12 or is_ubuntu_2304 + when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index ac2b73511..27fa281fb 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -84,6 +84,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ + "ubuntu-2310" | \ "linuxmint-21" | \ "raspbian-11" | \ "raspbian-12") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 2e91080d9..4786cbe94 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -773,6 +773,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2310: False is_ubuntu_2304: False is_ubuntu_2210: False is_ubuntu_2204: False diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml new file mode 100644 index 000000000..445ae061b --- /dev/null +++ b/vars/ubuntu-2310.yml @@ -0,0 +1,21 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2310: True + +# proxy: squid +# proxy_user: proxy +# apache_service: apache2 +# apache_user: www-data +# smb_service: smbd +# nmb_service: nmbd +# systemctl_program: /bin/systemctl +# mysql_service: mariadb +# sshd_package: openssh-server +# sshd_service: ssh +# systemd_location: /lib/systemd/system +# php_version: "8.1" +# postgresql_version: 14 +# python_version: "3.10" + From af7a646002e52c5f0439a34268a725ff3391bf6b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 6 Apr 2023 16:17:44 -0500 Subject: [PATCH 0969/1758] amd64 --- scripts/install_python2.sh | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 4ee8cd338..bb7b67339 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -1,5 +1,11 @@ #!/bin/bash +# https://packages.debian.org/bullseye/libpython2.7-stdlib ARCH=$(dpkg --print-architecture) + +apt -y install virtualenv +apt -y install mime-support #transitional package +#apt -y install libffi8 + cd /tmp case $ARCH in "arm64") @@ -11,12 +17,23 @@ case $ARCH in apt install ./python2.7-minimal_2.7.18-8_arm64.deb ;; "amd64") - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_amd64.deb - apt install ./libpython2.7-minimal_2.7.18-8_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_amd64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_amd64.deb - apt install ./python2.7-minimal_2.7.18-8_amd64.deb + wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb + apt install ./libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/libf/libffi7/libffi7_3.3-5ubuntu1_amd64.deb + apt install ./libffi7_3.3-5ubuntu1_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + + wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb ;; "armhf") wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb @@ -28,4 +45,3 @@ case $ARCH in ;; esac rm *.deb -apt -y install virtualenv From cd6d04108afd493493a655549dae7e0d33035545 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 6 Apr 2023 16:56:37 -0500 Subject: [PATCH 0970/1758] arm64 --- scripts/install_python2.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index bb7b67339..28a5bb000 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -9,12 +9,23 @@ apt -y install mime-support #transitional package cd /tmp case $ARCH in "arm64") + wget http://ftp.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4_arm64.deb + apt install ./libssl1.1_1.1.1n-0+deb11u4_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb + apt install ./libffi7_3.3-6_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb apt install ./python2.7-stdlib_2.7.18-8_arm64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb apt install ./python2.7-minimal_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + apt install ./python2.7_2.7.18-8_arm64.deb ;; "amd64") wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb From 33f00a08535f905595a01d56dcfb865b7319c476 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 6 Apr 2023 17:15:33 -0500 Subject: [PATCH 0971/1758] armhf --- scripts/install_python2.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 28a5bb000..a8246da92 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -47,12 +47,24 @@ case $ARCH in apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb ;; "armhf") + wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb + apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb + + wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb + apt install ./libffi7_3.3-6_armhf.deb + + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb + + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + apt install ./python2.7_2.7.18-13.2_armhf.deb ;; esac rm *.deb From 5eac4ea24a9f5e91d66a00250a5f28fa3a1b2096 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 8 Apr 2023 02:49:06 -0500 Subject: [PATCH 0972/1758] typo and layout --- scripts/install_python2.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index a8246da92..e057d1c6a 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -19,7 +19,7 @@ case $ARCH in apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./python2.7-stdlib_2.7.18-8_arm64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb apt install ./python2.7-minimal_2.7.18-8_arm64.deb @@ -27,6 +27,7 @@ case $ARCH in wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb apt install ./python2.7_2.7.18-8_arm64.deb ;; + "amd64") wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb apt install ./libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb @@ -46,6 +47,7 @@ case $ARCH in wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb ;; + "armhf") wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb @@ -53,7 +55,6 @@ case $ARCH in wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb apt install ./libffi7_3.3-6_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb From d960b43f98f0031418b4591d491126f561b32c03 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 8 Apr 2023 13:22:58 -0400 Subject: [PATCH 0973/1758] vars/ubuntu-2310.yml: Tweak PR #3527 --- vars/ubuntu-2310.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml index 445ae061b..843810075 100644 --- a/vars/ubuntu-2310.yml +++ b/vars/ubuntu-2310.yml @@ -18,4 +18,3 @@ is_ubuntu_2310: True # php_version: "8.1" # postgresql_version: 14 # python_version: "3.10" - From 2722e1ac14f07cac3f864ecf6cb4103e059da699 Mon Sep 17 00:00:00 2001 From: root <albert@einstein.edu> Date: Sun, 9 Apr 2023 14:50:56 -0500 Subject: [PATCH 0974/1758] libssl1.1 use raspi repo --- scripts/install_python2.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index e057d1c6a..3ef5797a6 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -9,8 +9,8 @@ apt -y install mime-support #transitional package cd /tmp case $ARCH in "arm64") - wget http://ftp.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4_arm64.deb - apt install ./libssl1.1_1.1.1n-0+deb11u4_arm64.deb + wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb + apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb apt install ./libffi7_3.3-6_arm64.deb From be1708a6df221781713e567b65c78d581517263e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 9 Apr 2023 17:28:08 -0500 Subject: [PATCH 0975/1758] kalite - dup'd line typo --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index e057d1c6a..454af64d2 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -64,7 +64,7 @@ case $ARCH in wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb apt install ./python2.7_2.7.18-13.2_armhf.deb ;; esac From 9323fd897a069dc21d27264fd2b87b784ff37db9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 9 Apr 2023 21:38:21 -0500 Subject: [PATCH 0976/1758] no path --- roles/www_options/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index fba3379ac..6342bcdd0 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -13,9 +13,9 @@ mode: '0755' # Used to be run by httpd/tasks/install.yml -- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" - include_tasks: roles/httpd/tasks/homepage.yml - when: apache_installed is defined +#- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" +# include_tasks: roles/httpd/tasks/homepage.yml +# when: apache_installed is defined # Used to be run by nginx/tasks/install.yml - name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install From 0ae7073e00ce9521df5fa0426391b77f1a43878f Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 15:14:02 +0100 Subject: [PATCH 0977/1758] Update README.adoc --- roles/pbx/README.adoc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a2c0d4561..0a0c11ef1 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -156,6 +156,22 @@ image::files/linphone_setup.jpg[width='33%'] image::files/linphone_connected.jpg[width='33%'] * _If you've created more than one extension, make a call to another extension!_ If you've not yet made more than one extension, try calling an arbitrary extension, or try calling your own extension (your own phone number). ++ +Due to Linphone's inability for phones to ring when the screen is locked ,you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: + +* Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot +* Go to Account Settings * +* Add new account * +* Select *SIP ACCOUNT* + +** *Account name* is your name,eg John Doe* +** *Sip Server* is your IIAB server's IP address +** *SIP User ID* is your extension number eg 301 +** *SIP Authentification ID* is your extension number eg 301 +** *Password* is the same as above *Secret* +** *Confirm by clicking tick synbol ✓ on top right* + +* If the connection is successful, you will see a green circle next to your name [John Doe]. ** You should see activity in the *FreePBX Statistics* applet at http://box/freebx (or http://box:83/freebx) > *Dashboard* ** Connection details may also be seen in the Asterisk logs at: `/var/logs/asterisk/full` From aeacbc551fea586d1c9c4b88d07c40b75e3ac8ba Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 16:33:27 +0100 Subject: [PATCH 0978/1758] Add files via upload --- roles/pbx/files/Wave_phone_connected.png | Bin 0 -> 29085 bytes roles/pbx/files/wave_sip settings.png | Bin 0 -> 30774 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/pbx/files/Wave_phone_connected.png create mode 100644 roles/pbx/files/wave_sip settings.png diff --git a/roles/pbx/files/Wave_phone_connected.png b/roles/pbx/files/Wave_phone_connected.png new file mode 100644 index 0000000000000000000000000000000000000000..d9310b44a852130e3fc65c0de0a65c43cdd96e90 GIT binary patch literal 29085 zcmd?Rc{H2v|Nj{Tu_i=qC4$ygwJR$2wXK$}wDzcKi`uGUi=EghEwxtF@@~~$TT^Q+ zrD$nU)K2VT7ZK+6{>+*Ao%w!e=A8NCH|Na!5l*hdojcck=enM+=kxJOwAl?KHfDZi z5D3I}#aRCq2t)%19z+NOFp~M9z83gJ<8{kO7gX9Oumn5-JLz240f8zKS&r=Kf#*!_ z#`nEIAnx<051K2t&XGVM4}~lGI(INOYhM}PS{r;m37Ygj&Ydyk$RX+L_)0M^>v4g> zx*YUe2Kp7|gu^@924*m>rLT{X?|=A<2ZL$B|K#cEGBYh{)YpHl-OcT9@Ua%_OiA*p zO0gnQ*lhb`s+{^)-|S{9d-eVO__X%#i>g0WPGdc?O)i5)raT5W1z;)ZtQEf73x7)P zSGg>FfAdZvhVET#Gzxx`YdH1pm-U8BH<LFC?P8`m(lPH;k@wj6D!*K`Zuqs(pSv+A zc$2F=<VXAahK5n@iw_>M@W^nT9@5(6>C>m<>i6-O3W=DR;6?N;b93SZQ>X}V1lYZ` zMhar+$B(K1eW0G0GxY1%95Ar;)T%MSS4%X-lep~=7GYD9Vcwma_R4gblX5{_EaqdI zXJDj5L1%uVT3XrTYtF5n`wzxSMjaA0N(u_vzrw+ecS}BfvbI<6m*{K9zCY{oK1*%e z!B=Cezr{+(gCrlPy0?wJd$o@~O~!J0xKw&=ImtP{zawz?T+`J>^uW;20&otMQl2`2 zfq^Gj7o$AjB%)KJD?71wa%KzW=P|C<t|uOo8y_<zO4+||{A#Kc?7+8@N1iRNh1u`; zPFmjPe$~G`P^2a(D7c=Dl=z5taLBhMh*Lg&`b5=D%}u24ep^_0BrCN0&dT?XeO6+i z@#w%|Gs^a+mEa|%Mzpxx>c?uW2;s=TT=rT!(|vt?SoGx1uIH23hrez7*Bt-;{W~-< zv94luW;Ud{dXImRMHX+DsIixRL27tE*EILSm*d|Fo5(FHa!JIsQIJwF79hf#D!%8C zxuv;3?zJ~?O?Eeykw~V57UlSLzrJX>u%wz}E9BdWbz!uXR43X<GR}>6FN-xEkBpD2 zzx}yT5@nKo`M1_Kw#|1H=ip+RrTSB*evWe^s9wWRC}wS7R*fV7$zb6hJ*b9@LubP0 zprcu#OZKf`StC<Z)1U^=;j{(Ibxm@`2zx`iJDe+yxrF^nf4`H@UvKj<_cpe_Af0iT zhsgDSNRGUuV1JrEBb|nZ29#?sMM<Uhz{9u^MKT-fk_}H%LJsuX%1tJyAFF;LFJw|x zpVUR}NVg((=EGdlOxMvz*KdvQ&!w2we5#!oJ-HYCd=Bnym+7ZZoy7zzc$Dm8e6Eg- z-LDg03cdMai^I0*eSBLm$4fnSH3Fkeg24&n&a1^vpUJ@5Kyr`mo^1+4S8QXycwl+e z$}8u#S;$Kj+n>i%j9TT{FGjzyYaZB*1)Wgi3*u}~4u>@{FQL?z&flPB9p!%)XHyxI zBJpZzlToGv^CgGBiZthWJUn=pyNziMz~)vS5o~-4gqjgF3x&E7)TGOANbQmN^8N0M z@j4I9hTC=v?x^yc`G$W!58JGS>e~wk2|fSoJxs3unQuhVTUuPKcFGMLLSUw7a=l(A zGzm9sG*SZcVw_c@qV%!m*50rDdB!(@YyA28r9Xs5QiN>X<!#XHw7l%!lWmIS-Mg;@ zu?N$~cFjMHgk0T%C}Usc|LMt3)LfnqNknbowDh-pNiB?&yIOsl`PrGz8ozB^qpFV% zR$XOldiag=%lvCgmyvS&7nHSHN-_MMNFz4d!=42suX7IJx0r`*E3i#$bg0(I05ixk z{3vVO`&{-X#Z+^Nx)S06J@7kMbEWBxyhCJfhDOhN!-`Dp$8x51x+|TsH=D@4ZleY~ z)^k*Tb-$Tt@zo2q<QSnMx0D1gQ!Q%sUteN2wh1QPeM74V>Jar_*p25+f=zPV^MaC5 z|BbI-MS?R+Vyu!n%vFkkyYN?n`nsz627cS6*4n4)N{YBI;!dh}dhW>)@x^LIXM--g zkmh)q#`bqb>+>f&MOuGq8+R{KzB_5omI`XkcP=&^@0N{87G<Gxk9UgJit`h;n3MLJ z>7YANw1x@%Pi!xfuB~fKdAodBtJ%vJqIM0g)y*d4FitS+kGfR#;-yt4F!^b3BEd?u z@ioBJ8ST{ElP_aLLQC^>9tTtR#`>}QUnYI;Yi=bcVl-2iVr`G!xqkkA@5Rw(=a>$o z;KPl;4ga-Ht>X&nyljw1$b3#Jv}IP!y=?G?dT--qyjz`}@Q2ibaYb%hq4!OlQ|;BW zA8n~0_9YXtv4=|&rin*u$<G*_vOFT8!MwZTnww0N-(^_GP64kt+pyZWP0s{p>_MB* zC~);Hc^D5b-rlPd3XEx4p-i4MLidn|s4zKdwq_hM3o{d)qZOFBqZh^Q{ZspnOx+Z% zR+P$i_C`SG@!@dO-l*xJ5xIh9-TVO&+YcthlfT!_D%N-mYm!2sb$$vWZjIyx8&I(J zYSo5jY4Nx_0mt!zJfB8UHW8NKCEK|G>(7V8<@fg8;ScEW8Bi=KtT8bpXx%H<%aI|D zwA!DoK3v*#>}TrJDd>Z7gnim?I-yQH&YHwh)~I<j>sR=jnGaiRHAdL7{F`P4H_GK5 zIu4G%Ozg^JDmo>kowW0aH{djm4`%mlPj+pO-F-(=&-|RCQ52f@v%0p`1YC&KHlgEk zt;}RmqfyI=E$%N1qs{@N?O!#IHxntvoL#xj0ij10OJvW^<_~>o>I_n9LS2b>{Tj#R z%Rg+-CxqP1mi1vRSq`Xoc>8jjCQfFLZ=Bc6CScQG|ND{_=JQCWVn1rOwHaxmHTLYw z8j6j0fSL-X8yB^gv`@2su}PEag^_0sA31|-ydGpAkbWjuH31Z`;Xmn>7~!A7Q)6TU z)jBGN#;ke?b?XTgu)l8?o)W<MCA%#tTIiVEV|@66z+p7fL>+7TV~X8^Q?_$YR&Udx z&Tyxb*v<NHP0hHKw=f*Tu7)^;?1#|MA>^2Ql_eCRN(6AbBLdf=__>9}P6o2xbb@tb z<&TK!zLc+xluC4Jrqlb5NtZymWwnX6_DntCKTdZzPQrh57|$GeoF8vxLV8Ln)jT2h z``f&4SHHaUJ|*DfjZ;odw$H>L;B8*oubenqP#Lq25_%+lG!M>YKi*1fdR_rP_6|;$ zYqz_6BiF9F-(xP>XcXA;R~RU3Zb4&=kDF5k$EF%KXFJDEsFNpT+kHAzQa^UDib{7I z$8hO@x)C^8G<JG#B5hy@NZ78>F^N%&ofN>!DmgZJa_p0PKFh05?ZtEi&nTIg>y~>o zC%zVW_8F;qgoWRX{Y)&=83Np%xtX8dhH<79*K@=iA!^FX?T%>E-6WZ`hS|T@Tq&sv zcv$oU*U196A$gT#CvoSiQ&y|2-<mlE$JSETzfknp<n7n!$2At7jXlbAwff{c;-Yw+ zi9qK>FDS1z9S#o=+Gm%4$VT4}_LxD5bO^w`C!P;pw>GKco^EjjE1`0XmDuAO+t}4d zH1@}5<0I3pyn2-zyAz5cv~Sf|{f-#sNjEId8UFp(`8mElNmAyvAKv!x9(y6bG|vw= zjtqJh?gNi4yJmKIa=R?{ryHX*Tlu=tB=~3Tn+Kw-JM{u1d|~IE&+YU8uTatijU3kf zV<E2dW3gy|!oMs<`Rb}Bo<nmMt0u(_Cj{@(a*Na5Nm^oCj_C=PGefcpnX~HXP~~h2 z5h#>CqmJ(9`}xgd!6kZfTUBx~$@zE_>-5nn9rpxp1VR-WN4=8bH|$(|V5D_;(;S0< z-A?vtqWpca+0H}BQbK^XO%}p2@VrVTfpu}+Z(K_%P2_l%a}zAOn>Dpxdn1_Sr{6?4 zg~}ntFap8sA(qDZ)7Rzsk*JdC@`f8l??fSGwo{)Jrl#npzA1byX!@~^>7TAgAMD)c zc2c|1<an8DazU<m^P(B<n`zMD?OGn~6DKuc!nyDe)RGtLuW_jGECRT4iKamZ-!#K^ z(i(TpYb9J92d;&T(rhm8hI8(S%%IHSWjf?Fxb!uGMtP6t#Fch*sD*nzN>PDmPvDAt zWfvDke<eZq9IrxzLtxk}MwHh*_zBC3FpepQ2})ls)1q>z&JLq{C*5CuKoni#JvExF zHNm|7-JL!+=-Ah`)-ESH9fW|$2+hx+o>}5pMLPjivMkDyJ+=I?Y_DA&aoM|LTlc-$ zQ~d<IagQ2*W*~o(LOUe%t(<axUmT<&1HmSWKh~xw1S@zub@vnRn%n;N89Ex%K(TWZ z@7EE}>bQV^9?S}zjA-??h>^HS%wnc*Rxh0i%*3|u;Lg*)0_*;%|3=|Qu!mi$V$cr{ zQDl%mMA6C5ghz2YOWL#GdVo)tV$<s<+}GG3=ZNM0s~YQR`6BX?${>Y>k!9YF?tv-h z*B5v#{&+OEC8Dl$hLx{!7j*OadR)(uUAjsPDHvXm_<E_#T*k!Ckz67bH2pbo5zhJ= z!yce)HEIrHE<DDt{}kd?<%s4b^VRW6@RcL!Tv)&FDC5x#9gBkjXj3b_#(-F`UKWU~ zKU%-NaM+wU%z-<OCAQhcigR@yoIAlI)TB7!{nB?8r24Vr5=M7qYUpwriLZ8&ZG)=| zmb~UVGGebZJdIe<ZtVA#)8?xa(|)iuub4iZyjJIyD!ezV*d$Y<vl@25WpjeVa^N&u zHa)3GE$%0D^IOd2z2wC*a{aB;!i)68s~dNjq;eJ@p~%!Qf<7!<7b(vH&Vw17fORCm z7jR50N~a}J9zmb0UAOp20umC@Y@0xU-alxG1Bx5%C3Gva8ODXZE`D0vJk1b==n5yL zLqg3U=fpyhT(r^Az<+3?MgF_tw`TIw`((P7?$VWS6OjxI87Cj}lqNrW3+YHOzuNox z`+AdDU=v#Yo9#+Rk89f9{f;V{&Cyy+uQ2^=in-ux|GNTcj$tt7wuWpO+uR0jw>q%Q zYEDs?X=hTF>X2!=ZhdHH44=oX;axo9n~0TPeAL%3LU!mU`X7vz(f+iZK{ZJe14}{{ zi+nQ#3Obp1+GMYJ5j3Vg(x|_~2V-p>GzyH|wo#eT>d9Q8v*LMCsc`3<*e2pGx)s(K zV!j7QgsR*(DuL2o=P*dj+|CHlRfkFA%&FVo>LE2}UeV#n+2*T8IRtKD1p6!L{i))S zk9QM}W~b-I)MkXkj!>bx$2XmH-U<x}+3j38gxq9Y{6Z*<*3|EU>(;_vN7OcLqn)(< zO5>m7eREWP!*`hJ7)BV~UW*@rg&*Qxg6d>=hvAMPKe)rGaSHa=!YfC-$}}|g;5tj% zsT$qd;f%E3H@Oe#S$KB#y=QJ3{E7Yz&r_)rE4>&MLkMRkU0Q(#F6trZB4IH6K<?Yy z;l&`1;mGRnVq}1L*_?Q)c-fx#F{{0ds!&8sof?EaPYxp|G`8-55J9H$y&_(m)E^aP zrGLAH?>$Rz(EfyX&v)C$s#AmXwslNcF#bk~;IS&x+b(=dW^K@I?o#Nh1Vi}o=j46* zL$0wM_@M>^C1)SssaFna&4FQ49>3(hBz(ScZ?|ms>-k0%XxvMfM0hK%?%IwMID!Nx zyb}4LHf>!l*=iar(YBQ_k6=$*^e424Jvu|gk;7eI3b{3jFTm-P+`5S<$0!IZ2dxM5 z4-lGz4!vyW6P_*1HZQv8F~U4AmMdYD5L2WEP7@K3*nCKfm&y&L3w6AyqirU<Ma%=^ z+H^oA5(3TTPgsAcYLD}k&O%|)`yriSX?m<Mk=Mdf!N!kmkGs>>l7tX5%-6_WTA^@x zk+(-mO7W(1n&?+aj4gQ_u<lS@I4C+2c>|KK_ncn`qBjQ*qs7qgoB@Yv@@!(5G&`I5 z-X{L6h2ZJC!ZeK*uOCWAUQ4&$3OsyM^f#U3Jt$;qF^z-5^gUgztsNJ<K=>AI{07&z zA4Ce=zYN+J2AL!NaAt}K(xIvtX#)+A>S%ul=jrpp3K-)8VOJIoxFI&qud4UbcClme zW0ZdIK;UMq?G9rYFUkBHuj(0X5Y95j!^mEe%LY8rBbMnh6LaI3fGXGowM5~58DUKV zF{*QV_su4PPWFTLZw51R+T1{)P~sxn!ct(dR*JA7G)gXC>D&bKZMoKHPHqn2*n@MN zT*5GFa3h<825lLSDXpo%M(FX`+bJN17!3HG8x4x}-CfU%RA?D3O$<dIhBg96(+NN+ zEv2Lc5jQ-R_Sw%Mx-7j_ylhdBV74HYSP`)S6bjTqIR<|h5$!h?p1jJQsT;T55?<-G z4`zX0bp-0E0%c_Ev3m~hg=e--=0#Dk^BC0+F&0y$9GBs;k-9hQ@pcj#BJRyR&~j+N z6rGJco)ga$9xIn?ZsSqV&&b4`uo9V`<W|xKTF5;uWT_8Y17-?^6;3EkCo4JdY5s4q z0Tyj}(-Ml?dO8+@b2ZHwv@e?9b~hUbi7Pw|#wN7DRn&Rjk91%-;H+7anl{%>=4n=B zN1k9#WS9eoFDYHZa5Xnk*W4OSC&iT{$cz?)IwmtYRzk#Rk&z2xvSj%}WekdD!0V#0 zu1<-42i5D2v{;=1Ic$cP=4-UpcM<8^0=PqttEpsu83AYE@b!luI9^3F%lGHg)+67R z5_lJML>Q#IIU`fbvjFR17r!atF1Z=`TE>6=?AxMTY<GJIih~~|%Fib+TzX+zBMid1 z-~Rc#wT_O3wVau-7zVcEin2q63z(eWa<Cr>4vE)EZaK*D-`H$X)b*vs3!qXUYCYcL zjN$2We;F}qCV%+8(~XFSIlui_)e{jL0E2hOcJ^!Pc9<ZwjVGy^Uu;jfT<;cRGTKzs zFd`-Da<+Qs(lg8~tYiz3;B!TGb%7WzjDQ-+5W~Bv?fy9(Z6=B5TS&&Jf)Pe}z9S|7 zkj$9O4>Bi@J1+E!aOqYNbNmle8QpCcVguUr)!uAO`-1RXdmIvlY8Xw_IsNE=IMy9g zufXo{NRvdxe)ivw6~zPvv|Y*V5VQF4@PV!$LoKO$Q!1U|=e`AtJu;5o+=bbVri_n9 zw{Efjr|EsTj!CPR_K)<}CYclJuG80;7@p(d>z#HJW|Kd(lHjzdZecKZFt0}wMDnuV z&STqKIOQ{iSL)N}i;YdXK)Z7vMY&U9?1gL+wj~U+k18rn9wby~w_C|FH}BpFk7*g{ zSb2L3!^e9G-Q3DO6+(4goD7gT%ytXv9JX>N*CqUZHgs*v4Fj5Bu^qPd{C2((nm#tO z8L*u>`FuDb;v#<(L;m+P8^0$fdfef^>1VVj<7N4AG;unWIXIP8P^1q#sgHxZ@l3lI zD5R$XeyCQr{NX~NdxxGKh#+>rz&Vy@n(N-ml*5j^YISYOLmMI8^^!d~#?$?x^Xq`$ zCVaFb5<O>9#P(z8Z41qK2rO<<0TQ+&XB;~W->m||BW3)Dgpx`JFCC6vh3)qYTyMVN zc+&OU{)Jz?`?n7zc%hM!&=|yiH%oj^gbF7zXrNtVtJ<ZL4n$TfRG$6>Dvhs%=oY-4 zoGBn`)y#E14X|vT5zkkD0=g6?Pt<xO+NGMKBONnfem{us^7CS7q)9ssaTA4J0|Qz= z{9u{KPF&g`3(%4;+SpWfpw+nXba@A>Bhb=j_x*+`;u#MOXKiT?EB6+1BUiJ=J;pPp zUSJ(qx6XgBGXAUh;DKXH0M(*@lZ){x)T+<am7Ga~{VjDWU`pkBTl6>p6BqLN(SNI1 z{>#xqX`-1XCCeaKoiWOC+tIjI(TWE56Pl*1*cB0tT)eJ4nu$pCba&0_d6O2lW=!;m zA+L@xQgfGbk@z8<pvWD{IJ-7hrpAj<p^B*ClhCk@0XFFG_G<2^345k{ui4GgyFMxj z5{tEuHSZ0$$Mp|5&+@jmU0S+2_>#wQ7K058p8ZHydM3OjZgFzw3HFZ-yQW#$`~K~O z1>Wag<^4^!#=hN5PA9NoJY>rHh`UF4$;|Y&BZ1s)m+b*d=4-1^n?G8fbH-5fmTONn zG>r~<Y#5PB^lmA{wLczE=A-Y5{g{VZHc2b5B=chRd~E3l=|HIBfv7W-_p_IqFUc;< zw|~td{yxTsr<qfs)G@O}aM!g^FZZ%K8yJJ=V(yOXq57QTAl^F1m{nymV4GRkkmIcG zSJFbj0O8tD+iT-kDu-nhN@v7OP5pHB$efK1HzH`*<e84(_8a%V%5VqsUc%qVje*HI z_gt*q0X+zRjck}4vUFQR)9IQm^u1XrJL#Y0xot5M0;>|8C}e|OoG=tZj+oz(#wTi{ zxL_jiCx674g@x7YA}ut+#s5AbX0J|_AzZ*=69L=38l0B+zv}&_rzbmUPhyP>j~CWd zsR)2v*9+>1gmH?navFwdzW^7BCaJlVGqP5Lw?{Fv@oUwCH?|#u1HuZ5ElkW5p2-DZ z$}k|V#AE?8Ojj?ip;L%+%P+9`0+oZG784;(_gdO!rs9EUl3DP95J8{?-a57EjuQ>V z#Wy@mRlcO`*P!M_#56mGKHmHxB6guA5jPuFt5YsR%T5o2Be-e4(>MkK&Y7#vgm=+r zpK6Mp#>)39m%-~Q-g(mdB(QzC@J3PXxMytVU|ty=?IMRyW>+wVs!9)jPY13L<rJs+ z!4#x}7i@ivb|&;Q^@H6LJ@?Ei(qXKRSD??<CKzZU<#dnHa>0kfV!;rnxx|}{ayIxk zI8oYkG%VM9F+z`$utRI0Zz8t}vAH1tE3}wvqieY>vZ%Ug_U2YzDMpPTE?hhWxDJcU zu_J(I{`o|h<PQ1Pr8mpFi=;(*=z6XKMj--++j{xz?z0?ZiJSh(T#9BaW2*v9g?sw4 zT(Af?YZ7?0dst1)^sRcIk&<r0y!=b^-}{W!kGAIErha!cbp75v$D9QV&<cyaH_(4E zV$Z0)T%5n!eW7fp%RcTHr(=U8geOH7quC2J=AzQ&${d~={P6h2Wk023jcuR5clYjm ztKNY@pQ1sFrS5&LgBEBh@=;#-$vLsaotP__o5}3LXes?L5bE5({^M>@)>~82gy%x` z$Oq@cWM6!Hj`*>^Ip;MMV%GznV=fnq@ex{FqtHh)sl*rv6bglt2-c&3I~SPC+d{Zn zpunrr`KBt{vs==J1{F(sXk{>{#r^af9sPG5KU4}1+d(T6+c?)>jZ+hzU_`g#6PH+p zIif>5TH%9Yh4%*wcRQ@-vBI1vk|+A5zgTLD9Wh*r&0HR_(2XbtCXW!zV>fmF>E!2O z>y>w*u1JCK-QGcA{t>qkm73ODbZD-nd%yQD<Sf9JlO%6|?{!S!MsK)3<d%xo5D4jc zvj8~32x@*HyVNR6;a}^aksphO*OR=Yx@j-yhKsj)thcCK9Jcn!o(yvfwAgVB3}5<o zss+dHJ7v$4Ioi(fBp6s~G9d+>B_N?J7E)(zdI7bj&U1M$8h%X^C%D}Scv+O^fFFEm z`*IitCu|%lH=-?65H!%lq}Qz?PqP|!o@VIQI)3{GrO&5vP%C@7;nbjR6yvj4LAR!Y zH|_kw+~wH*1n&R+>kN`ERmh%>G(~NO1K#lDitQW?mmDj<4pZB?i^+2wLWSHAZiF#} zhUE&5jht6nQh@|Pz=LnT?oW(GMBRNdAZLVM$Z$r1o)ez-{?%HK<(yq|XPxh8Z=20y zmo}6)aJb6t2>$4o9$MbW@xs8?DLYvi)~GZ+#y6yOQ1gl=^NBjz6EGVOMn&b5)p$JO z@)N6uaM=WvGW##{a&ML4C`NE7y+z#Ge46bZvwKd2X_qEVtJ?4nv!(&sxd?~LUZ;7% z4%jVn#f#)>RxEWpALL8A&NeJ^wW97C|GiT30%Xq7?(9ZH<<^vMok<iX{a1X%BNUeo z=3)poUPBwJ(pp<0O*7SAwa)7-7OaUqwejD|%}4Wref2d*__gLAJ8w|c7&_6~G6wBv z+MbZiIpV>2>&B)^T6a|VV@HWz_3{tSQZ(ceY1ss?AmF&jL(iT2HGC#y`^QI`7kI#h zdeVY~U>1?Y^6LZoe$Bh{E@*8u?RM_?OONsK{@pb?&9H*5L?aqe==g{6&oQ%VY6<2v ze;7Rk2;>o2`X{23+Bq-o4l}pf(Fa~Ko=iCI)ud`1dOw+T(rV(KBbwI;0-C9g=FME( z>`m>2%{OPY#>%;pFF9RqXvMyd#&3BQyz1{ydzL1ml}k)1idUL1<q2=W;rlzBb~aQa zi&~u27KZ8TbNU4eC~wj7Oo`_dF6_TiOn3!{H`n7i8~;-K>3frj*<sEX4C(_s_3OdY zpM%TKCyiZkA+}CEArJe=G;tHKYVwjm<*N?^+dKXjf5MJlK01OI2y?G4h4lQfYkyr9 zcPb8adEkH<V&HKd@I54ABFxYtF=*jmwQB#ZuK}p0qcY|{3o8#Hs)(S7E+?$?K*idV zLv9z5vSa6}K$|D!mvPS8*uVgWVX!YEU}3k1uk(Tq3f`<3gV#RqYdCr|I+EZ|s2FgS zz-z+RnBQ6F$J>wGeLt;uXbm_wFM6D^SYE#qk<UZQHR;%xy;~t)iy!c?c#uBQpSVeV zKKCZq=k?rO=7eNZ<d%uwLM~#hY{Rr<7;I&#_Du_N@P5@}^6I+Y1K!<O)C?cvjLpX| zl#pgVD&VEKch}%t$@|sTDf%^I3PXO-!r11OQIy8mPa)%!eLl$6%GH|{PL-7j!@qaC zdoo(O2WXhP)NIze&Q?h(QRalE{Q8oI*y>HPGB6ODEu<^5JE@2d($&^8HVi4)pVRzn zeF0%Bn54PYR~GM|im*L%*prrX+e)Zwtboho<Zc0njpf^m`DL%2%@bOFZ3P<H=$zCy zHm2DM1)i_D21pmXVqVoL#~wW9O>F~wQM{RQPMBU;L-zB0{9Y1|;q5D3^(53*pUL+G zV;)0}Cs#R$UP*hUU)C#=^9}v#>tuM+mFdYXXWj5W!+1HQf~f<ZC6{h}u4^o;>6irf zSsqZ`Cj;;CypMP4QJf0Q#qTTbG4Zr+Bj575trM-@4)`;L@l=bh2~v{-N3(c7cCw6C zd{IsObR$FQpIV{)=xfhp@sG0`IRnofUI|z@Ee?Wt`nUElx;J5AVL!O=BDv-8Da*;j zdqH*=CU*MN24L4+P7{z30mVmsr0SchQXS&i*>c>39$^_N3qjGqsSw814<AdH#}pHz z^hV;W=I+t2Q=cL=p>8upd7%CL5?{03Tlfc!1lpL#VPKV6wrRo%pTvxBs}aJN5Xs6n zb942N7IkMZ-Z<)r3|<38M=SWOj~^3d@q0R!x(pnnuW4f3WeLF|tltHF#(z!@&343Z zmp2G#k(%i=-U{lr`Z9RGdp=-_4)#|D{I1~U2bM045!B7Zpq*AuuQ0Q`=l8Uo&c9}- zZ|#a+G_r>ngvd9ZP&f9OBmEd!Mk@CIL}~5_i~k&Lb7x9xaX!!!kVD1!Pq#)KH(<fB zj{^wbriBH3#yt?~QNZc5%;wEk#7Cdit-Hl~@mEIjSySh}EHy+|>~_D#Nmj1tB2OzB z(187P{x{uP(Q#jWT!Kc-TA#w2S3X=Q+d864jiL;ijmu8ZVrSV@4y*EnInc|7Qx)G* z#3{bZ3Bys3Ia)<^FDbk<^XXQ5v1;+<aQUMK7-Fn2lWX@~!@(ux`lU^|e}df^z*qI& zKhYZvr-<S(p`0nhjE_4X_c)iW#ZN^E{^&Rj0WIxcYvXv(`W&)Rf9R;_M2&q?qoL6G z_Z!nj0?#O`UlKbfzg1K=-l|Bq`*repGw9EBl+gOLHjNbTGew$e5_6rfp{~31yIFeP zz~~Ecn{(^DzOZo?`gZMNr85lSN8^AJ{o6%jXjmVe*S2`$`)s_*#K^Xx0L0*`Uubw9 ze#3A0%aIOkcjA=bR-4}Hmq|(~<F+mYxwL<kjHRBPG={z~<<XppgYm_`br=tW1mjo` zgd6H>b2&`YJl|6MgpPiP{Wa#e#2uWdw#Q4E6W3az`OS3CFt`lRog)=NsG(zG&@qtK zRwVi+i4vkY!YjjoB;NNJd|g~$sz1zM_zvneo*kUB^2hLwj*^o74V6i>*M>mwh~zJ2 z=#yrzLe_$o(THK0$3d&iXf59WNjzt3kV0?!i}dqz6O@e;l0Woq6q`IrUPB~OB~PDj z&K8$$cMu1t=@$PHzm-oK#VXTu4$mKgi<;j%g3mJx$p_1;ju$3kck&T1iJ4`<g>Y+= zlM@MNx+!u?2ze5JX|&kZM9d`1?#pUJtdW#nc=|p0<&LoYfHBwF?D!xw{-aEC5A2Kx zWt04O13TQK=PnEmE5?@41S;^&7eQ5<xzD>fJXJVIboug$nkPFW)Pa+j;xKzw2m$i7 zC~Gi`i8a@-^|lTSR#wpSx&dZif)eWfyi}OkFg^Rkj2nd-QURR)P;ktn<8H6kur>#D zLl;*BF)|&QqhBr#-NLq=oha803-d&`8gn7or+gI(^zVcZGnN+xBt43Ue^K8gzysxU z%s|u<C3iI&=Dp0aqU2|v!Wj#aLST%ku~QQ`=E!gz*n^bn5=NIy)|Y{o6`vGqLriU! zfYA2v4!x+bDVj-f^tL-|ifXfbpxt3h2HVdL5OWXK+PbWpvmowsX8LGWz}C0*O}Vvq zC=AG?NA*VY^MU?ry3c<&X*vvx%P(o}-f_M*m>>4C$V1<D^=@d^EDfQ0@qNk-Pq&Dr zv+qI~Z!)j<>t5Wn^f<!-C9nXjL*2r!+c$Qr<7iRh-TFDWU2C7+p+u)(p32|%EbGh7 z7z^)A6{Oiz)_z@cJ*ghLb;Bh6*1TYZ_Zbwt8`##G@2J#XIOKZ~<J12@gpU6<f<e#a zA|oBAu%|<_4i1*`dFBmh;e;2BxD5YI0f>{u92y&@L3*jS@hp0Q8JOZbFN7(r8B(fO zT<|DKkA3qqH@DCIG&}xwiN3Brzcyf<9XkFI8TX#|Jh2(LbwqO?5cE_J7xM$9+7D@) zN%C{zxd8(jh@m^^iLOPI!-7fXC5OnrnT1f6iK9oBI~^(y+Fo0Znoe%AtBYv_1g9f2 zN(MoA20SB}y)3-0>!!*=afP9N{Xb9}AkRD1uKmi&D)k;hLF1cPw*JVQA(fSeglz$N zba-z5=97mgsnYfpG(Ua1Cm>daZeQ{zK3e}uQy45=8DZH|)#8wUqvD1ru-Vsqez?TR zlLDgSrb0HrXLU_x#_nt9cCgoT+qI4CJz%lw>oRs)xcrQu%eH=!Y=l^fc-uB}11NDO ziC%Y+rmPA=!W<V0HKYY94O@NV*n}NYAH|$O>uNtj@%3$zEbs=XR(CUd0)3c4o}@ZU z5<t<^tkq6pUwpf3{wI{jrhMrio1RM(Bit^H^}k&!qqA#U7+yT$1U08R0|v}<Z>OuR z8XR)^FFk{1;JKtq&w!$AA5UTXiEmwrPOXc<yi*>qH#rPCa=@}~WP7f|QqM}_LVp7O zF{Zl<^?FG}H`J)h%RYoxPUB&ovSH%m$9Org3JP9$J2mZ+1Ha+d$)?|wwU^gqHYuM< z!XRZAe<ZLzt(K%4ylEu37A983AVBk)&H_925$*EIf`IuEKyGfZV!cHJj@0C(I^3nc zpHYSfdpIbWoR@QH^ssx+Sd3`eo+|uKy}uak9eK+=4(0LtA8<!bQT|rGQQ{tBh<T{H zJp{#?P{j}$JbiJBYK8e3A%nyqA#Bj-Bc?|;>S6r2&6hlp2KT=VXgCiTYbg4vvZ#!9 zai5d97P>WMAN42yTMy_LJ#=Y&yKmQ<6U7e><v<K?9aA>8mE$Lm_Ec<~@E4auZ_YkI zS7TVL+N$1JVU#gwl-6>>0l~ceS9IhtK&8yHb=N)uB|F|}5sePqO4vQOHQ$KQox4^v zZ2``3O0{oEdvbp8VjokPkR5dT{*T5e!54M1hl;)PnSzC56_CVU`L3BfxdSxRBLUm8 zag#S-Tlw?d-L#ltldbO~&|$<Jaq&mJTq+%L+j)e20Y~-hyp}k>KWDYN{U+^mwaeT< z#&~nXc7N^Y<k4tG*_XbC!LajZcE1m%t*0%}tJYM`raCw}+N+nD=Rk+UE%`gQ4~b7^ z;d5gJZ)N7b6_G|6U9W3J3+2e~cETTNXTK@j#u-dBk#OXp-S#W8d;2t7cA2OH+Ax|6 z1KahL$9F2yQ&%vnUUbiLCY27JW~=p8UH8*;IQyDks1r0iPjnEv^;*Joj)yf#GhsJL zMo`r0Dm+&*naJTdr&-bOBoMo`$=4(|ckH3HM;?j{%(1r`3_3}*9S^Ja_`XlUiU{q0 zAM`2%b&8q}(3lR^_B$m==+%3*I>W0St3U21PuPq@`vy-Awi7*ZjkiX{yI2ThPu?Ua zPC+%^u3Eb1d!C(i9x_|YlJFkYCUG298_Q0(G#~FJ*I#61J<`uH9CoB=+W8_UO{ndl zswp{o7Fpw!-#<vYU+Ut4m|L3Fq^Zdtr#`v5mDnGk-miyQ6B(_vQYX4*B^++zp$kOO z#5!*G>jJV-F+6tk|94)cg|K`5X|{U5ePffno-R~L+V(mnP0NEa;96$?SMKDL?E@3^ zbn$abSa|o%iuCZGUlDPMTiY?=M_;yv{j$OKfq5eGEk9<yGJf<cYjLJe)tV6$J-7J| zsRNUW8ZtSA=}JOcn@O@4#R$#Q^FQ!M_iqd6SSa2>^-h0U3U`=t9VWaKMzF|V7gfFc zk4|Nif}VBuKb*r0h_;Wu(7D=5rGot#R}x`)+Lbc(yITa(3Y>+LuF_YwOC!w=E+qZ{ zn|xD!^;T5*9te}KJbh8bPeAq_JFG3t;tNinT|dTa^FtsZT8?wG^v(=_iqL-ZqFN_Q z1`QBCZeP-g1fg3s(uSq?oA{<sj?C_|x@Z_j60bHPpQcRgPAIZO0AO9pdM7=5E@~WK zor+WJBPG28<3zA*`5I(SsZ{N0kcZl8c^j&3-)Wyx;;)2%B$O|P;Z6pTSsv;7aQ<8e zHoiTa7mmr}5suTC*G#+Q?3NA~m)sTz88G<q0U{M~0ECqm!r{B;AZKVJR3d_5!C6xl z;PdZpSmpndfMgY*<4nQjFyeZ2j_l&zj0o^v3@PYH6xuMn@m@VHed=yFMIWMSG?m*4 zY#3iNRlY7=m(c~kZEa?{XF#|dhg~19N6c(#Z1^S`eQr~n#_D&APB2azafqN-5GO^m zYbRglPki5AKnKDOUp@!(ymJBPy<<(yMq2Ct@SmhiIKgeR7QH2RUxRfl0)a3ILx&N= za1d4<=ZxfVh^V|-$*iCjGQySz8nH;#Z_`7PVCmc(=~=}ACOWw9Ms?Rj=s3@jbNttr za%+$bZBfwu#Ss0^ln#|f`~AtFCMqdPYv)IXeu3zOY(*f=AhJ}a7?)(!_@2!SL7U$B zoS{X8S2ejm7^txs5@OoHZEe?@58S@)-a92$HNKy>(}CNQ+vJ1F0cvr$E$SIy4{5g3 zgl`kn?G8h_V8@)W?w79Nk(fI0^dpV%Cmc^W*zw%q^Ws|M=(UEGQq4dSyzqXk*&CBL zq({d6zi@a69skHF0Xa^C7oOSdpp_QM2lxb5R=SJ@mzqD15Z~*#z*n(7mJ>6#`B;yp z!k~NY_lL9(I-=Y{9`$7`dAKp5utR^G>X96*Sr+vKfr(SUX{_a1v$L?)-hKD;&o&It zy3WNml|;jgc<jl4`mqbQ#Y27E@S7ct&u&>;ukAl_6>HvcUU98?k+?8zgxJGvSh`dg zoX|?^ipX<>hvcE<?SJn45E6W<GVUI>L5zKkK^h4KR+}0@<oeLWji3{Ml>jh!R%7Rf zUZDLey9pCV(sM{(@6PNGA;fZPs2xpT6|$#+*@kX%FNyJXG00g6*UQsLqKCGcj20G( z@uY|*sJ0r$@lMa@XPE>_K%J$t)G1k2Yh9CwB?LSv3HU4ns{m<@*_pq@Cp<aSBFgSB zIN!0mWw>h7Tc){-L!dF^e6E~LAH}?5$?84*+@J9Qm)_o9Y}P-fdJbWenYk^UUsuj9 zQ~ki_n!iel?>|&;%vs=X)Lr<9-V$Xas+OKkxWJj{D>4WqD^zq2lX30<%RW%@-B?{+ ze(Fq6D#M7ZMr2E8g=#M2S|7(gYq?<O)~p(^6Pgufg(C5nrS?qjMJmg;#+1JL#M1g! z-yX<tTAMEY7j^`o{wyG8PIH;_V(%olb)i-=kkInN;u$x4j4($Ncz*c9znDtwx5{OH z%eu$Wy|#76Tm~N6C8L1=9bZ`5@>)#iKEC?F=~!wy?w!T|dZ6g&|IOL?pETV10YKme zAB>KE%KPWfGC#io;4~4AE!zHSJjz}QI(-+@%ppBrPKUd&@>dd~{l)(?m;<0Rt=hu> z1D?YP*MTwX2%`rE2M25KGWi`fgjic1=SbEze%g}wD%KQqd_P0ROh&`v{-HKjP@>o2 zE|GRM4FL~t36CMX{}Lq|Y_l|yot-`O`}cfq1whxY5f8$X5$cI6suRC|yJlNwQ<uW9 zC3BkO7ptA#G&R?@nL9kXJDuJ`7v>ZEQV~Q&rz|>`PGzJibZf1Skzz$Rl0f-fTf4i_ zS#hM+>7m2x0yrXaI|9$w6A}`zvy4AC+k#u=R2u=F`s1fhyUwWV4KgaMro-ZLa$7U1 zlw>z6_|gpT>hk(^Xgy+qxU#(L@^i+3N_=2xnL<;$Uo@=<+b3Gs`0P<FE(?)6DvqpD zHN=TCiZJ56$eNm(<E_^<AxKv4I}2~l(P0+zqE^?xY`hR<6@C2VNyX{1g9tj>3{r?0 zv8{WYcj_ir*|$aR+VXU~7LAin=xkKnwwQs_%?eDR&@XNKoswpWxj~Jm>t1zaB*T~8 zA<H!<Ey^39{iFH>l`dx=8qcTLk&&4hC?suF_hYa>M`LV%8@0U_pp~A+q0div<y3Fi zLOU6>^-X*&=0a)tDQtT_%?cfKLYZ{^Q|XAkE^{MPj`!wf#<x@C+VWX_!C!#F4>bA? zEW&CO;B{S`a(o|6CI>Nes6YKB;SYF2;}W3A<g@oBJ=<E+JyZGb&b4j6;uApp9I0?v z+v<_sKf0kseNM?eA?ISl;#Y2H?A{rBQk3n|(n{Y51=!x8k$aY|jzA9Q1sv7z*GH~7 z%LiEP902FGJgGX`t8H@Kz;vpwo}E01Tx&Wxu4(7C90BI=*(r&h+aGZi#&A}OJLR<H zL4A^ZL;Z-<MoCDwc5k7tS*sZvo%@y&sMG}5?N-mHtbP8@8;%2QE%~IXe$AC(X&d}V zBvj~`c=q#`+5Ua?d#4NXS%I17dw-n9qQ!F-BZWE=eggmH{erqXJjNuRWe2qDWL^ha zF21r205A&mnLDrYSW)(i3?ZWC_Cl|hXaHb^ulA{L>?n97o-!Ull4BK>J{1opb-_|j z4ZnSPQdQsOo*SCvhyOD1hdWEytN^!$C9yK~cj283ucfWgJl4;X)2K7CvNdDRzV^01 z1lmbRejXci?5fSDtq!J%wVfKirAP7$?+jv(RG03ZZw8VAAUd;?1|pFYr`!XA__+3; zN$+9nf4TMClU_HhgZgTDm^EfP;u-1GjbH)EP)|urbz+v+xEZ^~ju~Z@sOb#k`~L{; ze#sxlaAfd^;q53v*dX=wx>>7K_REV%^}P{?PmPTe*xiq|^&a;4Q-+<TWw`0so3dhi z@^q5i=d%hhkab^CvyPeSKBZK^)2V=)E}s!yHpb$<pAzmuYaA-wFJrHO<nyrG#QqI+ zw9E^PEl{OJ^=2s#YVPDg$r`Xi*&uSyi}iY<-{sQ3K!D{6pz6o0d!x>>Uw|KL08v~E zAgsMP8$d+k^u=LEP=*^qKfy1eqX`t-wWwUsZ3H2+8VLphRN&TtYj>W8s(%O5m7cu( zy8m_K^Mx|}K>P;KD^Ps)8pz>f$u#JxY|~MtAZ9A$+4GW5Q+*EZAh(6rmd`eKai<(k zj*4MS9r7Fi9hdoQXaTIXhSrcX$z^ZMO-p??P7wtiQj}oK0nr-SU|3`u58hD$n}D=p z5umZvB^vlNB;D+_Cpy$9<R>xb8vt*vqIK(ww@-6PXYCR%<Oh>km`OPEO#tr~Kbk;I z_6Hqr?~&S|V+?0q>;P33(1diCCV-Jy!eY~bX1S-`G`Y$^To88VjBGP)V={T!yy+=G z`);fPtr3*~dY-Z#nJA<+VdR1j0U^LFIk$^$d@c)^zo2=ZPs6Xe>@Mj(Gm4vacQHTl zML$Dg=n^4I%?psA>|SLMr~`RxK1Vi(&F=DUa$*2sSRYn;x}Wz%jRZU`GbMlh`0?Xk z#XkVm_o?8sV?hqn@RT)@oo4IrDOkOOVK>Q7U#{rejF1gzk@>Q!kg4DpvxeX9)AY_; z#c}pWDQE%{vi`>G1oSSB7&=Tx8gB&7`|w4uLgkB45M6GEcbaV`NBC}ZO#AzyjVSvP zz0<&M4_E^JvLWQQHh{QRvq51?5$#~b%QeQ!vckoyZg@nQJel~)S_r~Ha*0{~314<g zL`knMiYhpZ;yQsF>00iC@|so^IbMZ%5Qa5w3Sg*}?Ur|c-8QYSC7{J@IDDtb;ZC8( z^DN~w;Mvn2prCF2hKvk;p3+mpbNDLBqO|ewDUWgZnLK`lhd7~=aiS)XtoVBddn%z~ z>7A9`Fl}c8eyRjFPkjq_(&d954TR(n<M<Q<TqB4*TnP%ucXImHFb4PsUOsakU-3s= zhN^OMg-DtqHC;3JjW;o*yB9i6Kcj<2kF31)gS|NoXHH@J^%+rB-hn)=%fAw*tye31 zWS#|^h^D_Q7i&{uC<`g`CQF?mDL;jDo%Rbc^ip9B0De9AqDwfcPDi1)IR)92$HTsR zv}pmFf0y9B`*l#55WU2~lJ64bZoi09>BcdJIz{r(roUdT8%)5ubsMQ!R6E{0btY@s z1TX&@q$$*e{H^ntJ(@6?t%D901@8Un)Zol<kX|<=AB2a>rB9W)T3HjijE$Z-yKTGO za&MA<cG(xl=1k8Ei+xqGuFVgAJXCW3N!h-NSc!_<`BqBTS2}Qn1El@55d*>8T#Ov{ zWQ9geJ_g}Itlaj^UU@D7A46L@4w+b*#&eaSTj@=9jkaxxt)6=HI5xw+4GjrKo7?Q` zZA$T5qBfhXpxEYs2v+hQ%ha?So4y>tL#l*xCnhNLXQ>Si--Mkj)P{@Ule+&A`iH5E z?T%8fq;egI!V8q(ptjzSX<><isl$Ql5Y*&=5_YmnHZc4q5ck<MT+bP&>v$nKV`U^h zf8yjW(>Nhx@PvGA+xGsOYc1aM-C~fHvuDcQfd3Z1lprmwQuzD@#N#)LX0eS`KBber zlXK_7dfKC02lOX^;(cr7T3=^{%}ZOOro5IqO|1@1a{F$8C%*cb$B8P>u>bvA8V6VW z=NM;g$d{0Ts906RaL7pCN>7DqS{OA8$f$u;T|dg{tSF={&Z}i{2X`fh;c)Y%vj|Yq zAKwr+t!gD}ihkct^lBNH-Snb(5*;%8jXO7iaIYFhkayzjHcqpJkG0fYGKG6jS!5;d zAQL*(P9+c~qpGscYTc^7TJrAXJ=uG&Z4*!%M^&qrP7Z5yvU(Cjj(7gl4?G9rO{<J! z)8n3fO7jbBfa8;a6Mvt>q$2t!Wp3AC3_<`9t^*5y^?!mnH3!l3Om>pezQo7JpX$YT zC$8*G9#frnkMwN-(Tn`0Wb}W4yZ=>>A^$SpX6fm3K}na=%NypUsQH%xH$cw-9a=FT z#0?!;z#J2|lf_I`%=9kyI(fq!rxa~&gCren`m)Gsz+W1*qdCF6kB<!L_2PUygHf&p zhF2TO*COoBcWr$8Tp`%G9U$oixshsp>PY};p8I^#*{8vQFa~v)o**v7=>E)cNPt$E z(RdhuHvL<=o)epnAZ<C>aP{^ii!S;Er=8no*n{xXOPz@T_RMdk4a-tZ(BZr2x%a*8 zAzJXM`Tk_1)QB|I?V07S+}Y66ip10l(?fC6+~!Nf7(tk3W?&a0RX%uW&Wypf9p7pj zPXJ_*uT=&t<Z2QNEcsaCLT>OZ$J11~Gn)$(WgVaX?g$C8aiC==>Cn&sO)G|%Yq|92 zAskA+Qp~LTAm9|I{gI{ryDf=nQrm?u*hw45*s7b9Q_dMYWr3q_`2eXi;2)sXjpsav zYSl-Yfh$FxGx*LLz+ys!Eik$e@cwy12hh4YH4KI&fA}Ef-|s&$yH7J7g;D1C!D42E z{|9L2s_Ue$la&vFB<eIvcYW69!2>`fDnN2tQ3P5#>lgltRDiUpz6dGvxg#S67sqhn zS!C+oZs5qNQQCL(=N+!<@S283iwXd%R4xj620%*h8I?=nX>=cP{t~z;@?ET@97l?> z=UmLJYb3O{NHD!M0B9rkn>Mt8_I2R(7^D@BlTwuB8MDEN>+1}Juy$y`7z&><3I&uC z86msTwYxy?UTcpYNe;b&G!Y<9=$}8gDy~xx`4O>i0IR^I#hGzB@FqqD;N0RyfRc_G z&<3HF^7PTgC!pD*<Nc<Md=1)Q46H0|m#a_*1A?&AltE%5cyw5;b!|B%Vn4IQaVED? znq!3nB%H-DjQT5Wbxef@aSrS4e%*;dM-D1>+K`)I+*@n4(?+?(#!inyhj20>Q+Q4+ zG}uWedtK1K%>Nqr*C=2Ix&A7?xqfllBOBQFZP?$@alV2=;}k?Mhoc<N3KR75zhe}~ zQ%D7&q_WVM_VAw>l5}W}=D~x};l_mu&o{Jo#TX=xp(28*^GdTvXfnKly*76na@~ZH zBz*}`(x*x-@N#H+xn|q*$S3_kL)cP9i0G>LARCGcPcJf^4P-EggcP5uIc<|V24USK z(v9OIqShD4G{;TD!rQpB`=`w;i?^k9Lo~M*MH?qVn?uIjn*Nr>N($Jp?iTii!wgD_ zd2D#|^fqrPwR0Tbl|#zgKkw5xWltDHpFVb3%pH>J6%G)076o$|J%n-NxzOxzbCn@g zi$rA2I?!ACODJ3*-?2fT)qY(Ecf&9U57!UFv=J0E7t$R99)v6gj|X$WL&HSR1qaV! z?zsi7SOzjj;*z!G1K+%M7t)XSMD39DWW-V#<s5ZQNR6Nzj==(hSnm4T@NzSup=Tub z5yKMjv@H!_z!^rT%N5j<T3P<iVurs=IGzf*vs$+G*!iilI%4Y`uz4;=MmnM7yq!A^ zG_26ul4(bMxbby=&n-&Mgxi|~KBSU<>;kkXA_mh&zPh9^y1k&q4FLs-;l5cq8bmk; zo{zauM%opa5ul69^ghGwxTy<MN1a2(%KIdGK%+c8Y{4Ov>15D)V!DA1gm*;=C+4hD z(rfkNk7G{4k>|#Bn9T;j?7?X9F-=GFvNu>c<+Z_}!Ix*B)wR&M(V;jCWgtw>(15da z>GzOG3_MHg*tC<9!EC2btd%OcP4Me33!*ynAW<wR@H(AElQwUH>J09<%y(8rZ0et) zoJydk`~>68cHNqJFd)L78sZHda)#XNQ!&8(=}H#0e&3Z?S*0p)Td`1URa6Ydp|6@> zf=U^`#u+}W2-H@0sdce8wX}rBc)4P$)hsMW?4ty&vOMQ}?cVw#)GQS3H(yJ31GUPS zmbHlW9LE?<&9<kzX5$b&dBfo9%F7};h<R$XSH*RN@2ING>GE(+jMuz;5_7mG|5nwe zK?pYsK3T|o>0I`uX0i<_$RLng(W?yXU&fjxj#<wKu22WhhKrQO`xEDJM|f6Awyq7m zdYIggiJud>3`q<~?!HD8wIP+=BYH=`Dbp+Y#_4R1C^EH4I3WdC(E8*G0S_6o49z$> zqq!Cj!ds<&ZJ)_Rg6HdnyD}RC4#BepIFy&Wt5v`FJl*^NbL+~PGqHfLp{w?vhNJ&s zPbv>hCxqrn#GniQW6Wp_$u&h!t(ahog#Y~>g-w-<M-Q`e)3=@P{A-Szn=CK8-rx1K ztW;u(0qk>-#b<xcl#B)j%LmpDv1#{W-$}6JIDzkVV6p$5B&>H1@R3U8=imIlX$9&2 z&v&2x^OEIHyOM-Y=VCa0%S8XCbojsX@}DLz2>^MjfL;Cn_^^fY!!FqA^gEmQ{_80I zzjZ18LzVqc@*e-k8?NNEz&dT~Q-1V2>90>3V2ajtn4sUCvTn{d{(m$b<xhwIMj8Y6 zyOo1j|3jaDZ;J09{_g)!G6E*2=-<xA|0f@chIHw&kG1E2_qhHXa6Fad=-&wc)hD0X z;%iC@hv*GXRe8zi-$|!ixrJ&yDIY6MPR(hPoNtJG!#^JWR`zau_MdNzIsMX%1sRLS zip1}q`KlJUy3;5Y4c5=Jv~2ub<Ve4}g(w%U-CjSkL)TZnR!<Y^(XwTc{$#X-RbyW` zG$7kb&bko4H};zkd|#W5S(@tU^Yp#j_pb@fpPBLL(sl3G!$W7<GDdgquM8HAlr5>7 z_o`{xru8*>#=8~G{#I6|5*gXPqP{wQu$i#bEVE3l+CX`)esbE_JU*nn$o@T~qDtl4 zDd3Zi^W45~X*)SAWb@DeQr20<HPwK9SOq~vBn&!~ew1$5KmiFUmFE%Zl9(`>35*bF z>2M%1L|VE=g945c1{=A-=w>vG<~_de$M^eoe&=@<=RWs+{jZw|BKQF^QDjJr4gN}0 zdR(LBA2{Xvb#26=i)d3mTt}XK3>i~)Tzg+qR;Ez<U+sTmBlyHH_4MgMClAJBQ$(!v zum}ph=urwe1{D_@S!=(}WRl6>JLpHrx%ohYM+zFHhu@f}>h>1P9BfIDjXB<s0A~o5 zf}&z+OG^vDQ=ov3aj}=Dr`-8l6O&8ucvwahbUdvrY9H{~ls^8FStTtiOGZ?;)MdOf zSK2%I9bhin9k8IttaXgX+9xx)XXvjbZK<wN?SZHy_hceZyy1D!X?@;IF70K&(BiwU z)ATFxY*auIpI%a3idJAWQDiO6Zt6qunjq8b<tkfqq*-9KMqOu}&qs+>lWUEQ;QsH< z+JseCc!7~ej*$WMq@=D4g{T5fy)o7E!-rEn&*(>*0aBE-ovk0Rod^WtVlRF#*U`bj zRh6{5D%AYM@kQ_5FjbCmjH1bgM{8c~?}^Fb1ux;!Km!khz}DcHVTvW_y~SAQz%Mx} z?LC%~+`#97Ht7mS0oKEDGK<W?54$w`+{)rGzf^j0h!bN+#vl~hc>TSpvzf5h=m_4j zR9N>-*1(tm!F+VehNjWCq_KeTKFNDnR)&}1h01U;Hh*1#b*+@g=dqcvmXrxK5$UL_ z(;fkMkX(`k^ie>g8V!8AU%`)N!%2W(rB(px-EQtZdp#Wthq;%&4t>qD>uSBgr4#Kg z%@;I-iz&>RLWr2X7j4;39GeHqrnPc5!d-ry3KmJb@!iEfI2+hYPpJU`YPY1mdp=R% zewaHjHa_kkX+KZ{JPC=^5^N5C)>Cf;QFB&=bNY7w9kW6kfp&Wve+aB1X<6UM=dgz3 zARTB!f`LH%At1-`Z317O?a6qp4gXtr{CF7p5@kfwJ`L$Fof=I*mF7M4Vd@bm%KS2! z_}&D;p0sXWQfDzGO$hK^zTLF@o7DtQgo68fOdv0aFB}=O79yo;y^K{&;-qW$bAw#z zBekTMX+y1sG@02>wGmI;=6{rxp^U2SCORYUl2!|{U_70IHl4wXyXINBdJ#7<kqRKC z3pY66Ju%}IQv9yfB3I`+dret=ic|O6$>bg;uK`*LHw&(Gj<?t65Km*W@EbzMuq~6q zQvqhFf4$Co$2wis1<A(!=~G3#9l%%m=N!+JusOM`A4mWit9dUr@=rOYo&sb*@2P;- zr{R>K*v5p|MvW|XCu?k23SrW&FDdqkR`nNrtW>cU&c)HCW?&ehFD!eC_mYI>WaI7@ zj2o6~9TaO3J@pF?JZs+CXv7KY;WDpB_F-*xwc?G(zQsB|;rCQh7w7c!EL@2Ogj!^e zg}8@Tv4aqKsve5$>>YaKO8f%T93$b_e~d4O-BbPcTI=cNUTnC=^K+Z`>Mh)aTwAsv zpTh?GbJl$KS8WH+H}#KInCFjQoA;7|hrEuy&qI~^@X!<^3yUo%TG}+uRf2mGXi^iG z5|}W#`>pF~$ya>|wPXa%Y!iUy`CTbAe=~J?`@5(LlHwo_y4v=?qn3^FN{CqD-u!~< z#ZJ$`-*ag)d0zt7bwu#t8vU)R&v!>7VZ*{j<^7N<$m)1SiV3MBr62V}JH==uA{2$= zGazA$Vq|zCyUZlhHo8st$A>=XSG)Bomhk6oY2k8WrEK3rIo@)ad0==OeoL{A;ppol z>N~t2HY7a!M+YJohxZ_|DR@1_j*N@}swi^fpc_c3Cm2&jw$RAsd9}n`Iv&^f{Cp+j z)e<+4waI(-Xc7^=RcqUa_|hL}CP670jdXwQto~lDB|krZI_k5BKIk}vZEmu`<Mj9S z#MsqIz&`>p$k*BNu<8`UmWsaS94+GXSzut3w2Ownkym;8Vj}6{D*ir0Bbiu9yx0L1 z+Bl^&Z8ciz_q|@<EJO()qzQG-fjvZTqQPO-va%yr)1mF@q}kp^V0oJL<#a^R8)^60 z^R|RN=z5ez6<Fk}lLcqXpi;oG4*b;T?gmAm|E~bB?~ncxs1`1lZ*-ytwAg~|3|Z&S zTmxbeu=`z>a_Elyd8|ByUY$~bJ?#1Xk_c~%UWb^31UTXj*RoZ^X*mtd3wEp-su>oq zc6^jO>Ew~&UWI`TM@o6VY-Y*#1kqtrn#LNfSNA$wG&Hx>znkaICLLVwjS;VU!{{{! z^2&9-eeW-(P@YqQLEQ>_iLKi~Zi{W_ju$AkIC{tVSak5%y-)HuyE{K+vt;xXJ7n*p zG|Yt+Wfpv~)lxP-^%^>r>2>%sgO#vcRX~~!Z*%%DMRe;xO?^N+!|Kv!qVMofJD>1| z$8KCE$Bq!jgsJ=y#bh#4Xk6S_GD?(oYCNCmEpY0sLQ8>v)W+tgC6j#_leS;D2CX{P zhuxrA_MY*4qVOonq!5%Dw--&%Zc*cqV4<(%`EpV#7AMppr@hr65@|m)F|xYO<H>(J zd{=_jayIsQ(;17JeGaFoY75Iy`_W2a#I4ma!zn>7+odGbjFIGjR;1w8rwxLV1~p<Y zQ1be0?np=R7qJ>h5Y6pme{4zl$zrbam^r+ZEZeJkzT)AX`d9Nso;bSw2=sRlR1Ob? zzEti^L`7Z1bam`t;bo6e(gm%fqt-ME@Qptj%LEjYeuZqTaeOE5&EH>QwB8~n(v#jg z`48PY9h}Y|S68(+9^sSL(p*c5AD#%ySt1NDfo*xREZ#>oCE8#U@U;z<8!d0bfq#nn zLuN21^({>0ij$uNt7QnYF*CiBGvqK-lr?(2Cp<Q)5-Y@_`{?p4U_A{8fw$^?>I&I; z2~)Qpy}#WlsJ!77y5)s&Iy>rWITO#DH&&Pb*)C}ykEHhb(zJ}XtGNmt#!k+Wg12`z zAT+%or*W}zy15(T6|)`TO@=oMPk%F6Y&`1p`1KP3xbHBb%c0(7hN?Mnc^7I~xdFqE zDU+*)mMvm*W_h^Q!sEGB78tInDvNx$^!k-Qs#mP5f{n-9Y@9tf#YYs7T2uuHZ87bV zM$RrQN@GfHi>8VT$oHqjDQVQyNEAu8V@cpyQQhSh_B~<gd*tEbEFFPD8j6xytb9`W zt6*_)i~QcyMm#b+COz6PQP$Yc|Fd>aggTGANLk0sO8sP(e=IJ$V@5?&C1eiin3Sy8 z4HlBLe&$oi_9(vmCJ+`p=|&s=8cx`Y;N_9>xl*=#9M5FH-pSYe#ohKTQ?4^;j4vw1 z`<SH^5?&~3?T!JHz5N{|v8KR0l4y5DykX^g)CLfrJW%lB+lmR*Q~M&dP+f*EVFzxQ z)Qf1vY|!j~Ljqq>6?a0$lX*D#hyr6f8QkW~*R%unaqeWZ6jNk#WMvd#<4ns7c9c4S z8mlNEk$9GkNA8!ReuYYsm~!mLd7>1ccIgv;?5Z`GJSQI3VX6b$ytB^<wlS#1?i8mj zt9eoZS){_C05uNogTF><(ezF_dcBQEtw4U<5pzM$%(44mhr~p%@iNI79-hV_Ipj3M z&X9zdqC0?crc(pynEsGAepdyQkeW95kbxp3Ha4v5m(r@7zF9ru4hxP-fy?|>m$=U4 zqR-y)@xfwmg$VOO$9dP&LZ&XkyIwzY-u+O==cD<Hi%Q*Wdaom;;%ye56RbkK<##rA z;bq$HF1?}4A>6M;*O<;}ve|)IUXl<kP4~011^{Mi2@G@C*6~(1?Rw<7z?79owjeAN zPiriXPCQEi+nCU1T3#w{Tt6M$W=aCc7hR7ur{c$U1mz`JzKJav$9b|qWYHZPCKw*B zp0_&CtpK!I_MlA(1{)kqy0x;G&@>W!)#I?U#C8;S{+ZUWUHU=NiuV)Z?-zj}Q`UP7 zR{w5YKFHZh2^Ig8a{=%Y5OxJ&su!%-FxhGm&57V0ooxjmo3HWJI-3zg=@Jbw8vg1i zrZQ?E_U~G-r8{`J=&>~;hs0)6nI=d3;L*D)%!-G^`van;HG?r!E}wl95ht!ssBVK; z)cr$v@Hac6LMQ9>1Gc<$H!(Fy_PP_}1tQ5={wF|G!~<Pfc=tR`pNcx)&0A*SS-{Zd zdfJp32dtyh7BzBRpTH)Hv~}T-ClCWBOi#($iK(V?n8P+NM1Q;ZCPd0H!|{z`SD=Wp zu#XVj3_SHCOt^+ty}$0V(G&S!jB#?OZDq^BaQFtI;A<?o?B;*H?V!7qJY*d?AZV|^ zOcUpp0Z%|QJZb->6w@vbVo<*`FqB|)rGKjq#iD|>K&p-2<i<q$hXfU|+2-U_aX?nR zliB8Ta0vqDw{Y^!5^HNnt*pUhVxU>V$t#38W`R>wa&hNG7x~UU!zXOYb5ED36!H6D z%)$kzWWSGHSG9@R05ZST#bu4X)VIp=Nb>p?5zDVOiR+(}!(leYy#d26kTh$wl)xpG zfWX1ebti4;9}g9v;~V$Yucz<Q$(rMir+kybYvr^tNRye;Z=(CJC=tQ`auUUOF$=U> zyh<My)!?4yHi@Bk)*;64NB@ORfin-c+wTzk7oy%sH_JjtwxxuvPrn--wlOKY%;y^l z*xP}9_&r~63Zm~i@>@kbWULR5rjMTS=J(VC(FJ7vY~kT5%TAzYRaiK25bR}$-tA1g z`Asi^(tx5D^I56P-H+qWajhT+K#1ya`fWcW6W{*fvru^V<Tc`Phq3*1`y=aaJS`_R zl4>#N28|aIY>yfXukkk2A#XQocI@AO_G^Zj#KU3UWBFDxC^^zy0-AlcFMYCnc75;M zgl!c52}mSsU&<J;2N-mG8~TdBJs4mr2_N0KP-1JV{HJBBk=sH`bYrCwo>E6JN=kFO zBs>@oH2-7Rp}nCjVq|GTmu}g1e0rPBf?!4S`goa7z{yXy?%aJ}hhR6J%nPEyCOafR zK~8C;4+M~+l}gl<*_87L$*jmCxox?)k{&}jVn=D&%1-rZXwdZrHEm=;5W~<8pz?Zz zlVAOl8+Gad{@$TK*b_|Ew^diB<s&9FY0^wjNtykV(9Q!O^k7Q2-1$dR%=gsM@(K@e z@>qkd9s~Z<?(kQ4_P;VcYvyf!iVv=mWHd0;{K{|(FRb?I#M0FJpACZ#__+C+yZ#Z4 zk`CPYLv*7|EnB(zt(2Co0LIwlNBZ2V-f|pW^U!x#y0>3kv&Ea!Tee1VS@r2?N<5_^ z-a!8J;`Pzm?<v%xtw*Bf6CKX3NAQk_iNk500)pOHf7K<t5Fa2_Hmc;-uR?Gd*C7lB z23P$g%2~&f{8qJLr&V_@`NQuc5Qjl^CJ&J}tyKi(*Hv#*@ytELO^7{V4T|j%XAQm+ z9WiLdz^oQQl@r7=%fQKsJd;Ozt*<|pQ@CgQE&9p8jxd#NUMzcgdGUvxC@!ama?$(4 zv~kfViPQ(bwP)Eed<xqq+)$3Tgl~Q~c%$MY_z$ct<p8hbIhm#AKC+iqcGB|i_=x7= z`E@I+G>-|}6rU+MG@j8>&{UPUZt!IO;uRI;CD6$Bpi6^gH;ZBS*tu5~6&23eSGNbf zWxVq@k`Nb~r{euafuwOnz9{4cwt1X25t?zl{e&<#SM<iqD6NqfLy5^*OI(u*)tYOk z8xhIKik0TY<n>(GEIficGA7rVHU5NgivJP`^o9AF$JjxoM<-C6f%ex{K?^|%o!y<} zokIDjH$xRtDxNhCn(7Yfr21Hw(3J|QC##y(O0;y3Sfe|=4NCmC4IG>4qwicjIEepO zR)NiyU-+78=1M0sk0pLPjv5Y5mG&VzzCa4(3Kz2BM3M4Pb+ALY*f$4BwQFSM2a*hW z`E)hnUUu}BtRD+h2<n7V(Z<RGiR}y_(ep@&`D`)4W+_tMMW_w)D&#Rf+;<mLC<*O8 z@FCVnW9<A#s`)C5^N1xmzxW4I?Jc-=Dq3vilwX)Qq{n$r5J7%#c3=J=DVG(Z>Y~#e zFXjJ<{A1hS!&9V3?70o^8Z0{G%6TvW7e!i!TPO`IJ$dUO)UiOi-K+%EWT2O<AEB(Y zi}n|hj`|ug>YtpFVh4J>;!h=5=NiNS89>Ie+*n1wmm8_kE;*~w>K!v(V7-R?*U!S` zs|SUT{5|!sHkKf|XvSX)#tN$^KeXddZP<x-Apho+)I2ojwS7J_|5c+c;_&l4`#k&c zOMwuCOx)gjU-ze1hl11wY@&v{{M#Z7H$iqMoD}AMc`=5d&0lVt5G-s~JV}4wa5n<J zKsFsKaUs=&aaId3N#hI3GVT6j;uC#0e(kjLzT}2voha&qdF?ogUA{le^sL0+b36() z^xK2fV)&$z!o|#qV4fCY@6DK+UA=KCt6Qrj-G9+hi#~i;E&R6(d(tU6`>ZS2HeE0D z$Gnn9^uUW?S32x7g@;}8=m-WJhk}=L#sU+EwSUrbXB}7FR6u%Md$gV>8teNEtI~WA zbPvS*z)Z_R1h_r+vR-58VoqSVrxxc$g?$-bcsKCPQ$mGqCh&o#{a#6JeBSC;Mus`U z^DaBLzN~nB6k@UdRl`1OIh1-e#y=lwIz2MAKICe4kx|H&<ya7~%7XGVa?~!6&fAsc z)eq7qnqh}BdXvV{a2>pH2|q1mp8<S(v?hHCMR3_Pd8ZNk74qSaLshs*zh34fG>ch& z3e|A*{InaWS8a0g@z;|SoK)PC%aP;nl-uB~9P-Y{sg`<NqJ_1zQ2EKIl!vB|M_laE z@IW(yn<QH&YiwYxZNfN=;2n<4vlUg-ao_#6>dMTqPI2}qF*fqykdgS)?m~`f{EV*z zb;0a+NkkvqU;K9P?oP?kRi+%{l9<8cw~{Jy%p)xQN2TaaCV`WPe#0*BtK#jnw^Sdi zo?KC5PHms@uN(;0P=`NT`z-KDyh@Ox?M9xn)w|#?n>(=mQ3m~l-RdJ9|L<qwKPv$< zX+#_xCVlW$gE2Y((5`r^L_bT{dHn1hB}}Hky>`Sz8=fi6n_WcGoJ;Dgs%;R;ESGjH ztwu{ZfWNBEJC60E>MjnR7oQM#P<>uF(okMYTaH#;C7&>)V%@2dZxm9U#66oQQ#aD+ z>UnbBXkc_SWS-XkVc1yJUY9XRef_;Nc@MY}raIq5b!Ol2&%J)c{HJF}$(6^)ioWZJ zDk!#Z@{2@BC9RBVl*G_4Z@r-%u`1WNB08_AqHA6B?9t_I9{h;DK(Y9fhjYU*sHf~k z<m~=!36>TvcJj9|y4T7fVUF|@?ml;9PWE##CeLoqo76IQf@m>TVBtg63z7T+A>H$I zED)<GM;GJlW4sEMonkT(Pw<VW1GP2MZ~aZ|cLn7pGu60hVWnD7<M#&UP!#t~^nVyb zLS30ZQORqH@)SoCbLg%xI+T%Ly4tw502$q{;m726T)wT~sDv)|fArE4!zZSC@{4N` zwHT9@4vihxR_-UoE-hs8BM|<i2rWCmc!sMf%v&MHLRrysxiN5!6KpdTTaL4n<mYFd z@vqW-cMb%@m<_n2abx`3C|5(AS8)GcFAIsDN6Pm1O#9;?tB(&a9wHWZ+5Xi5T8EW_ zqFyse3NJN!xq>@S&g8EFD$2J8{*0kO@tc^BZhp`GrAd(mW+*W?z)Qs;d{(5IB#naQ z6~*(>@t9!~oP>0>6w=pA1$+dcXHZkeI^A-8q8(%Qbs=5*UH1}L*@4ubI#m9`D^!2= z=3(Awzy2oM10(&tN9#J)!xK765Z`qJ4y1mg#jde2Aq|^c{DJk2@gZRJfvoDd(bC2@ zg|LTjzB$Z`@pM`qOXOF07icc!FfEg1)qGs()pLeSmYk-unvu&@-R;?FMh*upM<=+8 zl;ch;lZz)|fp9*I#9@))FfCe%#EJQq{OYpSXw1)Qgp89R3y<jwQg`mnNUmue@3r>A zR%>U6&Tu=mKMxV3?*<{giP8A9;&Z;C(o)iBYV+r?JL5_DN~;ant~5r26TD|x5t!Dr zN3jT^jcJkhVTLqf@n3qUzHU6xg?h7rMHRN*n<3V!hu50c5^qSqwP8#h<$Vc;yxh0w zMU4u$gxKT1r0%{zYS}XisO1aad~2XEVDTgc(PS<Dki(p6Pe=V-bnyHlYn+W3Yh;b* zQ`XRVr=&9ZB9W{=_B>e^1Nan;T#{~<0);_QYmH<2WcZy2i<ZetvMj?<3a=h02rdh; zMU(20&<D9Yf8LOd%4uIekS%Pj8WM@dHe5{zlaTmqqxLF5sYrCpmAE{vbMpkN*5rGR z6>pXr?Ezul?PrL#bNBE>XF;2P(%;o=i-z_ljR}{{-VL)%ypxz;li{>?;FA%apyV<S z!e|-_nItld)qUWj&?jrFPkvDgO#zL;()+bkc2%G$x-P4gwve`3;q&q$5h1mh5q=8$ zG=p?}cv~4{Ll2ia04rX7ahQg8I60$Auag27lsOkWx>Pi7+L_>SRx}0=w3E7d3j}Vy z*sU?}r>{mYEDjgU*RFC37dcM}_Yfd@MALutRoRGxte<a&b$*uJs-3|MX#kOo>0h{C z^+@%coZrDzeu>Jo?W`(i!)eWOX!$@7`1_A56(0|7Jg{4h&YfjnP$K$ZYjcGS2Wp>f z_WK*9o)M-m?10qy!SDZiuYPw*zWM6*&iusF2j7pY1M*dh_e#bd2r;Q>g5UBMfRDrt zOH5wT_4Z{b_G)Fy4ah8y^Jj^PA+JLAuG$zKNVv2CZ1D`PrQ1fA@MN<?VA1yK0RW2E zp~Hw=-zza5&hOvrlw#*?bEb}rngjO`_^=Q4+%R+ECb5+!$M03!O4jkyb^(YDt2SqR zjjQfj*S!LHv$m4zE`)#$nr+od5BBBud7hLm%f$)+S##apD7VR~b;BjT6tLOa)Iq-8 z<^N#-bxh1wmhlgol56V-R0_P@Fot^vFs2PS!`;@b(<R|Sd9&PRDM+mkInoE7_{3xl zGyPqd@#{>iKLMLu)LPs1AWvxM4=-<oE|2mYa30e9%R%(4S~ZrCV}J^vi>Ch9S3-a; zl3G)BNXz@9AGmi6>8TbSs!U~*9V<-{5<KF5;T&2{xAX2V58t$qs0{*VrnUuJ2F3Z= z14$s|<VRp0xy(7HwxiI%yPrPpkcIs`e%2`^hu(QM|K+jc(1Ox%%5@vHdt293b6d|e zqfU0%SdcW1xBObVWx*Q;c5AU$vH)T;Ko|qpRhUYPhZ|6J#xMIX-Zwmn+bZP3uv$fO z(N}eU{_xEI=rH)Ywpv7a1H^vq>G_1lTP+PjqG;RvxAKa?o9*MHHT`0q-7@XJTjKsg zC1ck!J`jCi!>=^>KD3gBPm`kpUStYAUJTn8qWb6L{&}*;P~2+pzVaqRTYBT(fa00Y zprJgPZu+f5mo}M8lz9HZqR_5l<^KHcqQ!kx9fT*0Ph87-s=eG4_cP=6=`R*-($P@d zgl^Ot3Hh8BcB$RBk;f}xlmDk`hz@L5r)T!gBZ=EoZt3P}&y)vgXN^;FzEud;%b`DB zgBEFm`=*0i>PMV2r25J-YJQgaTUUV<n(+MjAm>a|8(HPLL3Jg?Y0iwQVRLh$)tIs* zuFM;j4{j_Rc>g+0D)7Z;Ts$Zxe_^7=$c%9jy9@Uo9AUUSz{AK)IX(ET7hpmcW+jaE zQ{{fC$Fi@|c00KBOOMryo4NhIuf)15k@=VKSG*VFwfMyl{})cbR1cY#Qs6+`(d<$J z)aO(55Z;g*!F<sA`t@FJA<-PbB1iV_vi>(`(~~u13!s&wQfTyP8D@R{>a)$m+cJ)r zwkmE2P_a8-o;<Qu-#!vL0|r^7z=OVsDEbUHGz(F^=BA4GYF>&jhnURmcoY~AUpJQx z$D!s3au<S|KzHB(hNkzSU~AX*KUTlt>VkLFB}A|4++aMv65KlTiKe+3XMx=O-k)`i zJ8b{IlSN=I<XlID6~_RJ12O^jhA4VGB5_Tv?XxddX7~%JP{3T)>zP`2Ab_tCWqn{f z8O*nf_5dP(OQp|a!3TkWdrf4Vyzw$LNmG~Nqj1)ARtfgX7y8rJp9$Nk#%(Nw^G|dO z*pKgNy>w2+L8qISv=nE{c3|BHm~je^b?DI%%i*3t`o{5sS;k&Bd((EpgbW|_a)+xA zx)P;LqOJqkX(%`R6!EqW%e)|`Y@8h1X-q2hm6?xQPIK&)WCn~y9d7saAD*&tR^hmO zdekwd&f3^_*#$yE#{RqL#4e58pN+AB&RrwOC08VRe)fB>Q_dX7L4k=Qh9NlYyT`+O zQuHtSZw%DQ8k+iq($IE!AH{($Qe|(T(O$XBvaAvJY5gbNx*Bfm!0&a2qaT$Y$yn)X zG>q^atgWu<p>dAfvtK*69Dr2?%03N3Y~LdaRL-yR@bQ2TmR!uPV4Tgqv?R}d<z}zp zSzLGwZCwHbqVtos6Wf~KFCk197h#9MewX!)Ne_&dczf!R8ym$Hs&4rcDx^Sr&(C0{ z@R^U>f}^=a5#Gpi3M~l`QaCK&V8pP=bvuLMwi>6n75Dd;m7E(~XnnRJ*qKt;G*(RW zl}5-lO!U?GG2t0A0|Cke`}XSZN+87(@alF21OKk=mAof64xc`+<{K$0lLQwZhDp_G zI_Xf@I~M5va7HOEKdE)A6_z<m5Q2^P--V9nikx1gHo$&QzESjW&je?fM)YNwICX&t z4mhkN*H=`zpIv4D%37rXXPSKu|DU=J7ys_ER0~J)pW@24n6GwqeB$zJ1FJ9(-RkrG zSuGgeA4e)$lWDRuF3mh$aB8xg+>^->(XGQK7c?cfc&C}^tc|JZc*`-n7D{J^52#RB zYSz~>)07FTJhc($%l_ry8nEKEH4bl?rKeGMQ;<Y!b>+Q+yi^c<q-xJA8bZaCe&_S4 z4#iw-S>%af`^r5Kms+#}7Q&n-NVoV-EngC7K)leLs(%oa&4U9}1UGU7TgDo>F|<MX z=giN=LyF5=d%;g{2Q9~u@3(zC2k7`^C}m+EU@LPRn|5va>&m0MRU--QxYB;GPe&PA zQzH)5zEn}`cF}#F4BGYE{wM}Rijx-s^F#CP&RF*$S$VxQg2wdbr=XXw-!$Lq3_bil z<zO*@Bd5*{*)1qqce=WGsC_vr<XTM?8T!B=9{W(ik(WPGch$JH6k?rSUE1}&=@0*t zAGLj3f#@=C?<zA-49y`~D2mjuP=9tnTqa?|^YbA+?CHtPDb#kO;}xd@gpe>8-11Fr z4Et%bZsB?bTUM6U2mN&W6y@C-u$X-$7*&rh^LIvpk?gUOS!VA7z1_1p{PsLx=wQ); zBHbjj<0Ea@!Mp)!v>+c}f*vLtG*UeXBfM_Fn@k4(BMg5|Qz6BTW8)P32Xo`Mn}Q(K zKy#8j-*;8kr6hK`F(iEOD$7^L_4ods8WEa(KBl-MX+9sz=AF`;IYP8uwb8EZY!1P+ z$-`NvJct|C$w?l=nFC$oy&4ljTv?#IND42r%;jbj%VLgca)L{N1I3y~%L7s4je~D7 zUmtZgc1e$!&!f>%Igqx($0YTDg<s;kIna5|p*O$WZH+n5wX+ky3ZuC6_m0Qo_Phm? zLmkC;8$6bLO%jlM`;SACVGI7Pxp~0T&SuBcu$SC&H?FU)jO|~=--UB?kh9CxTm9}N zmt@kbrn<mxOc|v#Uu!io8pc8~1IE?{2<hW?!ReJhE}IpRdntqrUQS?gkS4|V)ojd; z##jL=6jkU{M;^~Wh@@wALY`?C3+sKVr~vCi6&s<}+Hq#mkRsa5`p($E8NMd}UF%{k zDA>y=XSu1Fr{7rtUea2cL$*IJ?JshojV$+5eNdvQ<3Nv1;H>BmUP#iT^d4uo$(jef zeKW`tCwE7SEruZ`b6T`)nSIPnDOP@LXhrXM4(Vewz69#Z+1&8RuyHaVYIezFW}b~( zSmb5^Ta>oHj)i&*$9XV6n8UcOb;wYu`C@<XMfkc!Lz$u1=L2%%mL=#DseKj+e!eWP zxuSeK{pX2pw7j(EDW1uETZTKdbPMcVg`z4!mg>qgen9JAPThRcMtALoqH$VDao&)^ zT}4I$0|FuAsG~ACG-U&g^aJ<NjVdGw@tf3*E=bq#&O)@*r`xx5U!S0OA8=@eq$PSw z!SZBu7aiAgiL^rg@0&LDOeV+Q8zAb&ZD>q38gk!i<D_E%^-s@XvY{`(a1n@9S_CSE zs1E{1S@UbFnFNsEOny|b>3U4kKm9lUIH;uoHF-LlfmGENJR7bk5IqC}=6l~CLZnb* zUs5~Ib25@edw=`%Y8ibGaHEBsP3-%VXwSdax0frc`}aaSjxs52W0rNNCJM@3Mapiv zaJMO~_1F3>b&d0ro_0&dt~UrAcLnSV9p->)s88LZrA#SSEjBb*2fAdk5)cvwm)y(p zOvecbsR-?bo)+qX{gT8T7=Q5Ann2)VoFyryCmtv85X6wi89>4h$Hz(=e_(6V(#q<w zS<xe^YAA4?LLupO1wO5-__F*3`1a#5bZ0V(?@OCZq=COiT-&E_c>!O6!5IZ?uTIXX zZoAf16u9VP!;(QD5HnqtjZ@bFdlY*1Es&SZwaU^TsODI<A?#_1m@lLRE|JX)x5CY` zC;hD%7jIW(DR(q)GCvD&HjAA3p*iv09AwbTaylfkVZ-iYwnxff?>ZWfU7wfBIzAsw z-j5Mv@^M#Qqc`}`e3na>gW2ou`{L5oAji4vj;^dX6vH^`cJEV3jNF86Q=oX6BQy=! zzQ>2;39)!t8%k^pEC_k>&aP@&;}*@;7%!EER-N^2p}OX#9*&GDZ`QTuaJYX{y7do} zm_l@=3zYC_R9Be3@xBxiE%VyC@oaaM)>doLW@f7zlL6qmN98@QZT!HlVxu>CY;PG% zk1BrIS=C8vl`05I`aMBBNanqBHrI%$-?6iF^6>j@LmC~%L;E93OCdj!@}Hhna!vo) zzo5NiP|VvqkR13uMSvt*;Fz97|0;~QTM>XwI<)wzKn3Ky<+{7;_-UafW}b)DLM)<T z9Ol~P3FZ8_+8Crois*{3xd_$x+2;ipH{-+^%JVJPdXby2TsWtS{HBolkOtrYN38FR zhTgIyQKJnT{7$T$)Imr&{nj%M`bTqt_csDr&M=>F+PWTUZZDIBZmr)xd&LoG+V#o4 z#9~{Rjwb8uzRT7<d!WQBn>BezOdd@R$(fkwWE*DmfwPuBm{~W^Qa{l5!DIb}=p3a> zN~I3U>UiBtYBm6tmi?XD6Z$(3l&s{h3VoRBop>xLHu~E4xc3-qBl1sVC&yATWIQ1x zk0<iRyUQ=@aH0Q?+`a=>L~zMOQt&7{_mM5)+Omu+l2c14uvR{;J9{o}B*}o0K96PK zm%tun@mnSKi=%9%#0#C#t2rLk96Z?y+jv{hbhCxW6Uq>OJSDod-tPb2eas_nbsjwC z|A=#kI&cxM&Cblnzy8tF{30VuHgU>zp7w%~!<><?42+gs0`pd4w4*1ros4!$U3M9x ztVRly4um3mjCljo2DCH(hExfEO}M%)zDf154Zo<^<YcEj4FVlmT}I*#pK0>)|9)v* zh3KhXto_7w^pm>e$B!4Ln1%j>eXsn?_0txKa#`SvC49=7QHdWuZvrV{)D(;`@pom^ z=~0)mGmwF3sYftlzCx8g0J7K9CE2!B(T@Yui3t4<ozgj-?>OS^`__egj-|Gk4#?3W zrZZby_s8z|09~U5a@B6nV*#6opw3{}>{|#tk^*?Wa8fK=8)QbFLWzONYU<j<n>#l! zlxxMa)`H?jUH^8O)h+m>+|uyteJq3!;g3%ATOOcz@K-rdtaQGrPnHk*#C?N8V+0tT zL#a8vzx}o9*ZhqM|J^iJlKj_T3S?`6oHFf})89pdK$Q7E)AY&3Bowf`if_}YDOvH7 zb@^|Y8Zd%R7ZYA6TsHVCLsentxuoWGdIEg<{M2b<?{EUMVcV2%U$eKFRdudJ_ECN# p6X(@!O3}+OB?s(K+PI{iTbj5{&ET&CtW><B^;}P_OvUok{{YFM$>IP2 literal 0 HcmV?d00001 diff --git a/roles/pbx/files/wave_sip settings.png b/roles/pbx/files/wave_sip settings.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a75e4b3edd423de1d36a5801781297337f26fe GIT binary patch literal 30774 zcmb5WbySmq|36AeBO`>-DWOP6*XWWGQ9*h%l9L);LmEVokWxVqr9nE!U`R?x=TN#v zH@}C^_ndpr_xnBf-gE!(ag!nA*|Ycim5X_*r$Ir=NQ#4lL!qUq`V0pLmjnj~5097- z_?KA?DH-4|T+e43$~a|%%<I4%0tY2sB^;c}B(h8B9pFBRhvq9!92~m)w|{W8o^kKt z;Q01wsVY5(TWseLg|ezmp;yn%{W%J7wALQ6gA^N6f5)*sqg4W}PvYEj`Vvjb8P54F zI)O8sUCjya^MoczOQhnr^`rNjbqfap^8twy?_72?-;nIxMB1Iq<>cgK=Bz3V_3vz_ zj*XAoYY}tMDQjtK$Ehk4S3Z4WVrqJyS~)uM*?R`p8D(ND$6w$9Z<2XA5ItXOTpuAo zWU8FNZMFaF@YRrWcycns#Ka`f$<0kqS68<+Z{g`>*7EP^>5pKh((>|?1!iYQ$353$ zH1?DQTeT;946{H{Uao*Q$4mY!a|>FrOpr~|uMV-L!L0|VPlMx_dSpH1qw6_yF$e6J zxHq6Y<}bPME61jrgU-rtTrL_{xX0B`HR3keROKBkp9Z?Qx|T-WHxsxN)I(pcsvu&{ zdwxD5YHi_@Ir54i`0(MwSy!Q6&PV^Foe#Zzy@pOs#g@%gRU;FZg8cm0?fv~X`d(^k zk$LD~x?@;;5W<0D>Cc}(!H*ul`)SWw`}I$msY$(Cw!Vp`|0};&Rr1>t35S&f;>7e9 z4*eO){>NME>jjGq*ELR~&+6Rf0+&91z5jK46-2oTV@WD+_?6@t6ig$ykNha7oNbhC zf&CSBF{mv6{l||3b@ZmbsXTv~?3n1zjkZur>f5_4AN>#4hAs3%J)p7(o2G`YU?W-= zeq`0a&o8;vd8d`>$LFspKIR!-D_s`wkBEl^?eOL7b8}*hEQ7?iFCv3R%LOk#Ffr0o zbmCJ}Bnv-Q#b{Y=k%d{YsWKDeL8*v8ErOyaR{~Lp1MMed-K)@P%vqOEaB_D%!!j1y zY;fwiI;b14RjJXq^3nOS@a2maelj6fo0dhgyUnAW^l=oDu?L!5{kifpcaY(y*L;qN z2eSK}$l%3uSnKIu&`H+$LBHrwflZ=x_pazg=oR8~E)=z;uo#LzlI7kyWg&?tx$&ht z^5FZA??Fw*IxGE|DXrK9_kxz=>4!nr2YLE8Cm}cKt!D%7g(nLk3*{O?E>5+Z&y?bb zlVkn0atM%~+ljyVllKtD;lXEpmW31OmfS)46EjH&H7HWdb4BOmF^_)k))GGH)^^>3 zUJ8%y{sMP)q-x4AzhPm4-@!_QRE1D*RDd`PqnZ?9LpxdWs(Pd(vw9@;m!TPyB%;V; z{}*r3jC<RhJmTX=Mj<dA>EDLcT<s{f;Cd!G7>tHTCu4CU8t*T7J<n8j;vn|aBipsC z^QiuAq`p*Hr(ZH#Gu3g5{s=ARK17;!!hGX&R9|6kzN(t7g6tS3x549`=&#w5DAOkm zRoUXw+hC%dp*-6DU}S++-+9aArb%xGS2BTh-5c#@a^I?L$2x+XRA1H8NwkX_M`wL) z?Pz4A^NpV7tZZlLe*8XD$>HkaWT>p|`rM`T=Xme+)ozG`y<(=F@C9%yFX*^BZ$M(o zHpOK%$9GUbH1j?r;CRZRy5(eEcE+QVqFPsSPE2;chfB0i)jl#U$A6=E>ZPgc2iMvu z`^;jS<8f1WyO+^Z$20DE=3c{UnRa5LOTSu=f0o<T&A!pLzk`8gd_NbTgsgpvcubSH zRll6rx7BU?u(ak`?a{btfWH<KEMv{K#s8?+XA&Caaxfq{q=UMg<cMN^fAvo&<X6dJ zmF3lj(UioDONwjFuzG9je(yv1yNPT;hr^ja33Kc4DdmKlPBC%S$y^%#W<@zZA6HX0 zvptX`Q>%~@Y5ke&i``u(`aFSel4E4TLSm*4Io^*&y%v1ezoy$;o{ywg1)a=EiVFSN zyzd>+==<w_y6wewUEW08kMh>(&6|=}qAh}XzVm)l^lhhV<u*x>^KWcikU=}$tFL9A z+r~ON&4VFFKP-<t3YIh!&XZ@Toa#5rnws^hjJdLM;Fy>xTq4$YLH{0F!es43G}dY~ zFSp%8`uZdH`%|WJe5QZVI0lvVo1Jdu2JB$TtvvG86M9R&dUNrJZb_a9R0qHE*(|MV z94>F%_@2pM;NStgUcYo$<PWaSkNSeoNAvulP)9H;5+zcTkQFLC7qHtRXreEFl<F`| zD|#_C6l{N2Yl#g+w9X=IrRZ~WbrNvicD3#9kf57jVFi|3znnj5UB$LX(p#)qhgv1m zV}h_<^g+-pCY$eDPTZ|0^C3b_$J5T$e~c{Ut9LTcLBMNt2E+ae_h%-&T#TT!cP^=X zE9p<Ea9JS<7xUU}IkB)W4fFvnpbP1hV*jAW`hPl0E0Cm9^|0k;H&f@loHxDv!Q>Z@ zlh{RvIya4ky<aPF*V|)*H%$Um#DmVg%1144&L`vtdGi7vGf8=Tnql$@cg^t}l%CR| zxzA{Mz$sUj_`7(Au&kFWN$$PRlwG=Q<YG`@BkpeNMVasY{>7Ag@0+C2Y$1W?7YjE# zf&&USXG1m1iL#B_Z5@P61rrtlk6vl#^@B!V|0qo>`R7~L^L*U=apQw*hjmZM7;!Re zRd+(?0P^SKd-^JG$(<DJCCh)eI6jDXR)s$V?LPMCCl$^#DXP>@I$Absa$jiuh3Id3 z!1H)Vd8CxXqFc*n&U>O}r*X6J=Y+*fU%2?HTV)qrBsSx1_hC}VWv6*ppHQ3J)mD+h zL0NyML+<)g7n){+JZ=Kt6#qzYgZd~|rq^9`<Pf;>rAw=NAI#qqj?f2ANL%xT7K<z< zn(Nug&RmM$CrGH?N!UU0%?f`2c;i*w&RjE@-lgK~%RiTm!)l*)l6jm@n=h2>CYn<Y zOWlL|h%_oGy9I(TW)=#8OPTl8a$1R!zG0D$?u=_)PEn^^V3M<e*As5xMc~pEOkkCt zPUxI<8CqLTQrHPP>mgA8HEkv!gy35gwl<U+ismn)7lw)m64Jya$h+Y<f3j*IghprC zAeI9O;+6kR)0+6HDcKUU-RWhgUZSEyBq}q>`jl9vE8X`zkz=9#;{EXQW4j{t1P?3w zV08K>%zR&k;hiAL^JLEVM9IKe{E``qjSSGeA{AL|HRR0?HmLiCFVwsjKEZ?p(S7~| zp`ycGn`^3@&}F<wS6gf}rWNdYS6|D-)TBl4aap^#vOxV^3C$pftUWo^Pdg%lO7$HP zM8KmrB`zkxKI$rNtU>2n4howQxni-=MjC6Wn!g*ryyqs*$5alk7v<&l|2v7x%1S9= z`%7}ML>aQytM#^aA^5`Uf~Br$LgYBJ(&=<>$xRMUT~mwdYcMkRe!(bWt;#6o_)bV) z4y)>a^wVfG<mSS%jWv?a8mF>waWWCl_MIc<f~I8;pS0z)+hl^%wQ0L{`*q?Q&lF1e z!>1?FlZ0*r_)i2l%uq@)AY#ItdI@v`2{SJ<E434^E@qkRB=17I1$o*~Cpiz#4@e*5 zYSvApdfRw$c`y`k#V#-}PC-LvHCeNWQo2$Ce;K5vC%ee6R22^0Lup8DFr$r!GNie# zu20&0p<f2^EL2cQ2^`NSXFfWYttUv=#>_zuf2%k}vH0wH(y0}xBF~q8oht-GAM5>S zn6l5hzZn<6Gbp<&=UZ1VmBdLY{TF2P8-O8VEyo+q^ZvURAs2=Di88&S>Qb!hd+_KT z;>;#Y>_fR7g==h5?l1Y1$<Zd9r4JsX^(3Fe4eCG7r<?m^#tnQk$e)gkSkCUG-sm6r zVyd`AmFWFVAnD^<3a0V0*~-115B0=DKcmU&Iie9q(&l_UlJh-wA@%*{TENxOsNC{5 zxO!#Yu+6P)`}lCoQ2*<~)sC+dFyKy>LjZ)3a&$6!b+WKa7_+HwUbOQp{hLBGDKsX^ zKVr#~BG|AktilEDj$CFiJgFd|lRKaDotfJd(PzMFCdwZh*C{d1-{O$%oq`m-{kJT# z@;8?Uqre+?OJB1hDLN$C7*96--h0ZsRrbON*NV6^t3-zP?rqp^CP+O}0y;T_R2)bx zHoUwvo*ZINu<IuZnM5~~FoZ&B)9R-tW=FPWP`{2yXeOdPIrVbGD})B`n`PrCj~mk@ zc8x8Bc<Lb>vcg_i38!|9)(bk>&m{dcUmy?=RXaH_Mxp6<U}MGKw8zy3d}drF*@Wc) zB-H{@y@D#vGs>|!O5$QYi#6n2g?Gm~aUwG8w}J)r#Y!SiJjQ0sedqpcLdWDc=xeRQ zm-XjLaC=K&1J|%Q1vxo1Nnd-B-*Kj2&oymi6bUSdP{0pf(M4x!3qTsUMDQhCVVp|l zsQbQB{tLpsiiaGNcg!hX(G<!v3$abLNl7BRVS^;6=FLOF_ga{d;$$<;YpASTD&8e< zfk3OEv*;^@fx4LyqAuu)WeRU9(<HrW#^hUKrcJ5ApQq-5x>#(%X>PUam!&d@1@}q1 zAU^ubU`0}-Oozy#)GG9$0dMp}4B;_MV1uq=00Nvf9RahVn*NOpwJvvLMUwbBc?Fe4 zEhcb;3JV+j@>|0J0c!Y`Nu&IiGa2;14qyBvfiJI7eFJgQd*9wn-4ltcb>%>uf;QX$ z24mo>LY#cdasKB)yGS*hh$Ha#m*VvZKjCE>x4`H4j5Cm!du)9;g9nj9Hndb12epyL z<FpeR8{!fmvI=_z?Md9FGx?i_NeyN$0c}LgRWR$#^kCd(MbdVCclhG0HRt>!;g+OO z;@SEb*HdbcWm}BUa>c+%Z(xocTVPju5cWl(rqsgeLGk{I%{4p>9@|#Jg{orTu!osb zJ}HIN)zBttm<yG4!UQW;B$trtlk|A)K9l52m_GYTN)U;**2P(6TL$K^O9EEy!Fqw2 zhPm7h`aQ<e!xv@<9h{i^)mus8B-SAa8}n>_K_-$zWJQPwzlXVbPKctfQY1U7s<3`X zdCdD*BgcWw*#-C8gaEbyov55$sXEIN>1n03>QRyp3;LU042s|baBzgOm1RF3YlQ-} zSO`)|GV!9pm6HZWQYp|eDYAv}XXNR0-*`PXijiURQG#!XIU~D$WNX)9wREbVPT|>< z%yD9;wO4%yy>pO0o#)f7WMp2VryI378?eaGN3nXZIOy-j((Go|#HokGk<-&aG1;Ny zk(f7vxuj5zab*E*;exldP7J~_8<Nf&f-?q1o$$)!<Gte<icwXb4Jj<lqNyl>DyyM_ zWwjxU{!d7)bh<MwqI=LhR8cV+QB<nQ9-TsY@EA*}$||E=Bu65Ms<G3VLEB3AgHX*3 z{fI7<Y`^hQO5P=k?5&?<hE3>NW`iRDs`t;t!4A=Q|G+7k!b!L^d%_$;z{K1-01Jy~ z@kwPSl2^`I5W703VQdsXcTdE|nd0w-XS)Y-k8nfgR9n83*}NO;Yuas<y~T-I56hdY zByDw)(5Z=IBK8rt*t^BT(_+kUgPG=q$QjL1Zi7(t0f4)8DIuqyW{9g7MTW>$4U8Hj zRt=5N07Y8`VA#A<%hC8j<5@fYN!Iq<;!=kF{$3~LiJv6rfPh&#zW^J25m#Z5S(=$m zA-H*n3<<N}wI)?u!C%T&v!?O_i>|p$RzRl!EM}DVZGxb~fzCl8<$C&#JhLd6l2vY! zSEyyZFsmv~s6ooqch0-|U`SzMmAC@=Ixi`L#3wT*OPaW>X-6h6K7A^qw1U*rw1#%& zc(LwY$xr}QTc$&3jNeqQkz{$01;TieZ35%#q9GM6et{}t;`wmgDCV9!RD?t|a;eAn z^s`r|Tl!6Hl7@hOHPes%Das3;b{KZxfeps_nHYcT1XyU4{<i@+7UqDp&ryLsFrL!j zzsVYboUYDZS72Cm#X$VBPHh6kEvQ+x5zKm2H#@R=WcAE>W#x3ow{7!?P8RwyaJ;`s zskuLRXqJ)L!Hv?sT{5{x=ddb*5;EE8ovIf@U|1yTtw0n0&VyQwCsPqU_Q&C#0~<|@ za6Z;O<ib?)HTAEts}=ql{kIX7i6J)4L!SZxV08w0tor%sDJ{5KRP=+4VHF$jT&Hd! zm1I&(U`FKyK;90up18GL9dG?sp*+IFu_wMk(zm{w16UWN>0nAhdWKi!Y(Kp%TONy| z5fq%2vR9K7>gIh0mGHu@^K7tt?;cH9p2%oNXvjk){1Qd*uY6k%a*n&-zG^Zubrq*1 zn!GbJroV+_Q&`5KIJV?m*3iAo%dG6#FM@{43GD4O?KTp_t|%lX+avE>d=|Xfi&8ig z7Rx5aS^Bns>OwY%)sKa^y!{ob$-DZvm=X`=opIFaFqG?7$MV_mT3nP>^e2Pi*%g41 zG>7C*vi0Ypv?H2qGxaGFD0W5`yWuy*4ZrEDPz_9Wl3(V;nOx?`8XxpGyJi9~n;|{Z zFT0|D$2Icb=#EH!9Yd>raIaXXm!Dh1Kf2wIE;U$n$Tr*P518w$QllEmMp7)nFHon7 zX~%F^#8WEe*f{KrxlqT?2bHXGI-7$Tjbq51(5faW59oh>leKW!J?FO}aNzmazI`^! z-oqmA)tb8J-Gd>#8Gs0%Of|z+!|E&VtYlqn(dD`Bz7{=@q<Lv0iNGDSD>Ep}<d)ZY zpu@Pf|GR}(V9qv?M!|FVjo^imF*MTame!<(KqCaa64v&uq7Yv<RTwko+PH3^GdB<8 z9UcPvYrPe)tz5W{O45$}bX_L#>B7x*o&I27%^JWv)957_irODO{1LdL=b1nI?UtJa z5atH%Ye`}@%iHGBe0=0(cHh^7WCn}e;oS@l+=g3Y<?af3jaP}XJA3_}x~M4S&+fIW zxdHwP@tb>&N1ut<_Qj~v#8}?!aagQjM#;Rx?${It4}&TP3<=1|^7A1gB*NbOjIxO$ z$1hD~(Vd*kW3Js}m~0U4_`~w&;E6@>1Q#nZN)ZOZdS*wuB0{C*M1phmK!wG{!$~k# z%#ut2@3`1F3hhnByG068q${IG*7C{Rrv?ksY<|3W-<`m;S}I*lYZDFXMSsLAR0Lqo zYp*f#h(sIPx8$F)b>8&q{3BocJuTX<yd;t%1LLC09wJ}S+0f=-XP)f=aX-&o|D%<3 zv|xscj&PPcp0rti%jE7+-qA?slpsF7C-#mF!%iM|dPto>NVqn7V;W?|mb72&4i@nC zZ4bq@5F&}-dz$2U`u&IVr5W<~J`JmlEgL!}ZlOPSK~S+aNv20a8)h6#lkS~xWuhaO zU~usFU5Hpk0o9E4v^KjO+4GmQTXFSp_IB?ndlC`u9N^OC3|o4|)|-$-=JNCCW!W3h zcgClh@w3;bXoce)0(~V-@EtW{>NumSrMFD}^x+7bX5d$Ua_J>6wOhiL_aS&Mf~`O( zXk8o9C4&X!A~{$wwtpEWc7Z{WMb_m2ImkSo8iI`uUSp?n>C}t)#rB_?Ibue2!Svo_ z-)NwJ$BZ_}E`ZZOSzd=gTNO8fB})BOf>bV~nbE9Lyck9~xQG8zB>ko2M916$JSAa< zNfxO(x8i?Ei1~8&KsDLMYsuN!`D%LpYo!nME@HFm$R_I)%=2jz6<j9jw{Ke~vQ^6E z)hm;za19UP_5z0H`SORK<7Rzq!!7_T$qnuKME~jjTg1EHno<|WhB(p0=J&cOz(%LX zb#2>Ul<T-y$pG2H=^DPCwQy=b?T{DL+;(quxlvs5o@zMWlKM{FLU8ciAazpKJNAu7 z&gCuRMPaKlC1Evhvf&70@L1=bRB-^n?yF{S%$;UW^KLFz=iiC2hQepPMs<TNhzXqO zHkd5-w0Lt;EdsG!Vo)T3`){8qKl&tk{Y;UnZ$pSAaqrYJsa%QW(D=4t$B`iQYz&N_ zRXuyzdc*|25H2V?=Ym|!6wd82=KS)9L%@KgJAPin&5zn+V$Rnt%`s#I8o8EVr{leo zbf1YybW`Q*@Iq(GJ=29POdPfsx%W~kv*GEr*fKC4kI|p9JI@e5%i_=nYxzm%GP&PD zY;7bO8PO@uqNJ`*&J;#FL=$B7#Y;kiPz^qArFm#bZW<1jR7AmZbzq<*thXd!`zTSS z$M7dGsTHb&TNTzn%^Td5{5&qYH;I1~+vt$+O#v5o<A=EM_1_`6g{^qe!Jhs_c>(<e z!R9^Xg+f8<D8DH;=WLBjIjz4W922*j;EJE{xXVx#gI7i(M<_njIb_$-T|4i;=>qUl zKy6}Plo&CPxgxSii}v|xohAOsSRgIaN3yuM;n#&1j09Qb8grb+rq5;eXwXi<<{pgs z9&anWC3SN@%ck8AvDC$9R;EemJQ7N#9!N#GG{x4&wM|9o1o{GQCT^rLs4EsFC&la= z>cdWoWkIz|M=9p6X<gVo^|jonAW$N_I0TAc!Z7iWRcJAgkZ(#uGGc+;`c3J#rr?Bg z8MZj9EN72+vFZd#W&c++loOmn2y@z;>luo0n_1g;<eo~@&s^e}9TYOH*hshxxFwDw zL3^^K67gAkX1vF0&0G1Oxb7~(c<`vFh&edPC%DbbB5VvCFYU8PLD0wywhdzMh_1~q z;+mH>3P&-GG~QI4W@EgGmA|bF@|Kx5__PD$-QuDeNnqy3YF7orY6Mb*1`}txvy;!q zT#@KA1j!7>xFF~2f9AP`AT2$4bT|NK!4ML1ktH}R?0t_^TRlkl^t{oZ?I9n}doV+y zmq+Jh;o@2nmJM1jh|UM$mqj3#=iU(|YM8{1a;qv{L1X;2gY0#K?u<jTT{K!^Wz5Mh z<RBLsfmjDzD)&hu=qzh2Cfd15)gPz)?fLGEYp%4axr4`t3ISNq$divwld{T1@+2In zqPUw6G8~8u$`}MdT>kqZ{e9Xvo%|d~Ss<0#g5Pz9PC1(L^9eV=Z5(y}H;?%r+~$_n zB)zOarRSfv6QX|5T`$phD!`$89E^@GuMfqSq`LjExbYaN(+YJLv<#Admuyn-nuT_E zIgkz`h!84xgj6-b$l%U&wM81IsRn(`RsJkUe{4`^6EgXPne0nq=Oy}9R0!|UBCxE5 z4$#9-8Sm1ckj;b;s|1Qi>35zvH1$5bYzk^m_nti^Rhn+AiP%Gl46gP`mrS9(Lp=n{ zl7`kjvxV?98ZiggU6E9lhcV^)Q(BQ%KEYV=P$6?FN_0bEkzw>doDI&S^z+z($T{6S z$Q&T|Tp1=#A|n4uId44}#NUvZndCYGcJ+CJwqUQCFsEKuyQYA)OEnKUnkx)Dqu>zr zaWVvvVB-=6-Cr_=h%sV0_yUdIEu%C(6EHh)m~ZjwT=)^rFxx0_wvTOIu83MDr-NG9 zM`$OkO{4AZ_$>QCy`>=^=#Mq#{({?_-kou?%#7W98%3=8PO_|u(17!5xdzn?j=Az( z1Cl|~Gzj5Ny3q}&qfTt6fHL3c(M|I_FBSA{{;dQj53qVbpSIX{y2!AP7b4TJkBJjc zc`NLIONO4jDbKq3cR+BsIWg2(k%xq4k!vg|(msvGS)hmyg41PpN)RUP3EyG26tu_W z^5()hZ?UffrA?L)6(t*Fb_g1b*ZPw`4AjTC(KO-yBhKKaxV&EzZPqZUwL9N3(<vM= z2bdX~2N5NJWw0|$A3)PT8urP`6IhLN3D{-y1u9>sr_akz=LEf_$Q}EyLWR<ES@~xM z>Mx*h+B5<}Y#@@we$2WN^0=o>Q+Ub3@83OzsGySa=KUx1bdp;V5gKC3!pirh2StLb zKgGj|%<!e6mV<RoK~V}<>-xd+7-jYhved&lzttQFj5PB6bUCT$`v#JrQdz*cf-L@{ zj9igV;!s|ni<j7IoyDNVFrr3Bk8J;bl&sFQs9i5@oe>Y7GGE04jlP@+%bOk!L0T5T zeC!}s(@ECg6l(bU{xE6tI=S`ws62oy(I`v_^TO&|d#XReu8`CI&p9BI?RM)<aH!&` z6a|D0zr{w$s)6kvBH<eG;N)Py<!VAJgON6~{jsR{rGETg2+vFTf2oFnGU6-uC~zMn zrbrRTId_Xi&|3z=8UZ0JFzpTP*?ynU2`u%gD@WS>N#f(KQ&U~<gbDAh*mY4XIAe~i zJV!ktrlGj4DA)h{3|WFy0tW>*1*hl^#{*Q1xfen&2Iaq5x@wppawTI}D4Eg761dml zH2E9qRxdzI(0#{?YBEaXaTM=suyQ*)nGFS4@QVAm8ezP+VbiZ;(48H%n(dhw!0F{3 z&DL4??pERw!WpCaTJR$R&f-00P^_N^iPX~Dl8MGAWSg+c3b#(^ef(0H9<e?OuoE9j z{d$lnN7_9D%k?LQY?(Xn%kXH9b+RA>oAPshE=k2il5<{$3x&a=$r80suCDtmuQ5K# zftU7kQ~*r$Vi49_k+sE)$sbRSw&2HS>Qp>`PRBEb%fs{4(hIo88<Ei8-~y&x5`0e= ztG!`s4JhK>r+8+YLFKX_zziyixGU4sY1OlEHt1`nnvq0huw-JJTkqbCRc8wU0|r5W zAS#Mo4L1@?lOC65o)Xm0IN-A8!UX}Ym2dfq@(KQZlkA==J1rCQZcMUU6%i8?dud$E zwVgEYzFmOOGEacfM909@0zm3O%(GelSyq!%@QWPDy2W1ntDDZdvi(H7Nm7_-F9407 zR%U!BrzhRzBm`sSq9c@*NDQ=}AA}LHY67m!6X1PY*7PD&qf=m2cDu%K8nBh*<yN1) zgA)L(!##vsbv8O7PJfuoaKy|2t0ak7E}(d!9=V#wtr=~H>zz(0$|$+PlPis%t|N9i zvv4hOwW@FfW3oDL`!?j3G#)BS5K6HpOT4sBoI@SsT;4EF!DgfW`Kb`0rf{JTeqG2? zuQ1=QNt~Tq4SR<$7Pg<-N#pb-!WkuncM(Ih8=;f|?R?uH`*ZsBk27Q9s|SrBvphVT z<|PM(3n%~Uv(=!zw|FW7q06joSLpm)93^YENSzK(-EfY(ik6f^j&*ZB2Xar>ZqI6w z*f;2;oQN$`x$oBxFW)5BU+gqp@e@G-n|pYEO)pz&_(bR~@FZ`ECB+T!tJG4)#xqNg z&{P0wvfqz**h`~(^9t;h<apK@V1>E({VJp^5i>8%fbIY*y$x9utN%Aj<R0;R_^Z+H zqB4Ds0!jXReDJ?d!mwWdzU3z#<Dy6P6b8)8VawfqOR(%BfwFJMlvM1l@%rp{iE-9# z*m6m@TD?p`1x}-dejh{YG2O(KC7)Ogjlu-);GfCq+A=jQJ8^|~jLL1{59Jc35k4k7 zSuO9Igleph1yFO_{wS^852KDJ8I}TM-<ChTxL~&KIGpx0Q`gLwEUn*p`KYDZW~v8e zHVXzM7iQTe*h%5U4p*lFyRR2v!p9x$_c=S-`IkYo<gCOPL^>Y1%ZMbts#D*iI+wP) z6D!OJ+>S}d<%E&;dqj;^Pb=yjX?G-Bu@r0ziaA&bWDAY;E9IQ8WzUjc`EJfXx?1_N z0H=>QNrvM^r|U{)2}<YQQNe3|66zX!YdWfbJSZMw&QCn32NqlKOV~veQD_HLwTtk^ z;4>34>m7IGY3#Bs+k`a>UT5u%^P`fpBqR+ch4_eNH|uSpAc1#|`X8e4QVJ$9k9WId zOrI*h_I3CJw9DgyBukkajISzI!HY4Y?K_I{&@!p{E8<pBk!Jp=^|XMRGmLm~$$ECF z)Nr?wf({XS1s#dTCtIz|tAKbc9LxBiDsM?5RVqQH?w7Pw*n4<4C1;8OUl&8BLNPTV z)(J<&SGHm!F#!eH!ez2rlCn_uN~TJw7_MO2O7ozC1PjF`YH3lKg^~$rh2dDxlE_(H z=zn2Xg)UN?w&UXv;NcfhxhmM-R3yQJn3gG(_S&4Pw$~CXbdA1p;o-6sH!a0fb<tE1 zkV|4>w?7%LPY(HDvDRs-G6-YV&x273sO1am@=#afcR?uFarMf{W#1R$GBg00`f~Mr z0aZ9pkQ)fMnEl^}Cyb1YVjlbmW4`+d2?^8yB2(sfa&-+*Q2}Bxq4Oz#(EKG#n?qF) z_|pH&flZ4W^Cxz&)!Kl$RdiKQK;U8-Y`M7<!5miz3O1M!f(%NqZCR0a+{r<=o}C<g z{d9-w;%p3@Cm(gEOIiU7O-`(+5F;eh&N6O|38=5|7MWeXvwg$owPE+5RaP2EHsnE) z7@ALAt^hlE3PLlHp9I+ueJ$b)qFLFCDajaj-~KtFhfgT{$8X8d1gon}&V<h{mxr<5 zQEnY2>TmBds+rndtqGb)T5vgdRhG7bjDln;L`=p1$7(iiCGMAFLQvw{uvqRwmt+J5 z?(={6K-UVS9i;RcW3mDl0Q(uDeSU}DY%y<P^_(g_&*mn>7QDPFY00qyhGLwRQ;F=< zGTMO6YmwNW+%B@O8holTE3jqrtAzREN7B4gO3t8?%(Qoz`I(ksXAHT)=T2>G+1j%@ zwf)>r3b;n@S#odmq{pDDqGX82csJ-rFJXBN<xH+M1{-b4A*mg^yy%SIq%$^nj|z)E zSv(DqO4q8%Jk9ch#cqx%SCWoGUpqTj-%_#7@lsQJ`ayxPsg*4E+*f2-2@Ik<)ufrP zHZycHAKzyJ+;V%8y{-q&_Ax{Az$EW~@Y>Ynj==C#fmX_;*+ZP00k#}iX*+p0ec~(V z*?D@~rQP@sBcUW39rh|9hj1=|4s*Vj$8_<zvUqrchbK7OS$$f-)?R&O-S6sXB51+X zz2$>Bkl=W=Jv)8u8RlVy%oqUTG9hU1NwfrZ0ieQ}BzE?azmujYj>S^+>B@BHiOG2Q zS_zM_k`h$(Q0YO5i|ezY5c}J_K%s6{TFV}iZ0h@uvJI#5;$m!-!^Kh*+i|@nm)}1V z0n9S)iNXfsk$ulQj;Y%?#EE~7_xP`Qzg3pDy5;T!&n77#ol&JLF~vOtxJuPAG`#12 zWA~i@&W;N<{H0!)ppyABSHE356NqFs5wsVwhv=E`+tb8K6TiagvPly%(JvgDfuUJ~ zV!eJW2G3H@?lAoR{<yN-u9ugK=Pu6xN3i`iCpoF#LeR-sL3_V+Xe{-~JtK?Z;Goo$ zn7~`2n-?-hK0TEGuN5%r1KCnC7uWZe%z40%@edAR@rPCJ8>z*RDN0Yi$HUlL0d-w{ zAk&keJffI{WXP}o6Y3|{EF=3vF|jUc<ks|C75=l7<2%1z9h+=arcsY|k9Sv~)Q_H; z4moLBXfS&E!u&(wP{z)L;#p>Kzgx-b2f50p-HLw68oeY#VORQ)vjTl=_nS*B`l3Lq zMi`~NNwpgLk8OkXB)&0x&I(^A*VQ`NBIxKv-u(OXg!JCO&w%8NMdRguUr?hCPl<J` zj$9v&o>a&7at~LMmr!`)6qU>iLt)hiqVz=eIM%i7_Df&hyfL8el^~?!Z11;>Mgeb| z)r-(4Ptrp@dk7dl{n#IH53V++&5+K175hcmX0d)P==>1I#nq2G;q_+*qy^oT<Wuhq zw$$PaJ%w$rws}BgJURR-6!eStVaHm=Rh(z$*;>=WmD{v^mg{T=pA{+d=k`xjG~{t- zTI+YArv(hjf0@f7LOll1tRVse8Pc5&_f*#EcY-grSKZhqI9m!*#HddwBxm0ZN?nn+ z`FYs^u?8c0{N8Z~t$?7wkMhp7L%QccMq#SyjSdSSV9x~j{dQe6!`KhB@=2Br6ri6A z@aXX*>7aXbHoanqHSEZg==&sRd3PAhgLV!mgZJ=v)3{h?-H(TV|8{(4Nh!CdSf`Y@ zE%ut%-SKST@I%{am(VP$iU(lAsD|^O-o}X<a7Xq<4W-nX-cp)nyrhV*)%~Fv_asht zp}6XMl{^eirW5=`+qo=d$arv({eoSN6tl{Vh>F#J3z#HULd^CL9MU)+C{)vlY_pY$ zSVy44a7A8W*{=7Zyk=qO+PZFH8mtF16_oWEDH|n81X7B>A6W5yydWNyS=y0~v9|%+ zKaCoJn9=CM^|7S>NhhWJ7Hc;U^4Ppcgq%A{x)In6h)*0kO-Aq5jOuASm;QWtq08xx zW({zewvKyrNqD_s)b@nQt^RXTDUP3Q?kM1(k0lvUX(~9y^s3z9U`19X1#)<$-uvzT z&mV4&u-U?o-36xnlEtu;gqXx>OF>wENB+*!p_3^GHute_MQ{>>y0;W8D?T0Wg_rrk z6?y7ExT<}Xfb%6S0kiY)7WR){ujst1og{ypK^d>AP50qLT4vZlC#8a%D_{-n;6XK) zRzP?23%?fHeU*(E=9HtNSMHPvMmN}|#@m3}k1~j;I5-aY9>E4aijOWk^o|<j`y9u_ z#NexN>5--?F}G)E(O|1Q<mqa;Sj<+3LawXxXu{RfmkV~Y|C(1eX)J8d_W&mU2;jJ2 zR;dyX-w48Ro!Cp^JaYf6ekXfuZT@LW&tsbCJixVogI;Xlfxha&M=CWo5Sj7z#&`k) z?n`*an|R!^{r#I9Jp+L@RTkUNS^Ysa9T7!Kg-Y<XrKo9T`o(Oiq{cAa3c?M7S{?IS zY)sOPE4;y>@)nM9+<s{p<ZX1HIuyC|Bn3A(4~VYqykBNm{N6-uqQ=u<kO>RR6wdHC zEEgs|9|cQ6Ju1KbwWXV2#s7@-d<4YxkcvHW>RQHwye={K9(4Cfbpa<Y`!)j!Y<fCE z9r%cHAfL#LSE<yXvVZ4Vy@a2}Pw6CaSYm){wnB0JM(>a2KfI-I97NK~Jg=&E5@iu} zk$ms;_L&LiCV#Je*UwcZ4)scQM|!$i>0XDHS)?k#tpwu#v8#JEL`Miedc@)>-c=QK zt|I>l;&B7I!{{hyW<TrDzg{N0yB{zZWWU6W9BHxRgqG9mCa|)>sM7q$ZW)*7>s7c~ z=fLNm=s%wWgac1K^l9&9KOwJ7FtB3hCZFW#*eVi7lW{-@FO0!_1(aQ2TysV<-$u&A zA5`S=c=>7`(KO3N+J^RzY`|jBdWr7nhlwYObz$(3%VoBJ4r+R*&+K8I!c{;@(*OKa zHy5m9E60h#UrYNva-exA6mnJ_a2KWP57I%URx%Q%L`PlmNk*vuy$4e?3w?7sUf23> zqJ8uWnM$S^kQNN4`K1y~2E)qsCLLDtm`CGYgavXu_xfCKd8-f)2@HUr6?==<OJ>tA zb?xhlk(LxM!@IyClho$6wZ#VjQ2!`Ny5#_ECKLLw-5ZNscE_+oYGsu(&G$51XW|e_ z!VegWeoquuS$h9@;gph`Ro~lkFep1usqqWYmets1m#?C&yR5UGBqR%iqc}&}(8O9m zZe=wk3@}h<y267YSAb~l(G@mdY7G1jS7$<xB+MDi97j5F*zc%!B=d~4S6h#zSH`S8 zUh-d#6#iX}&JBRa>2)MAoiv{8YSNcV&l9;p!qpT!fE95pR|#TU=8yMW%q(e|Z*(h( ze<Xa`LvyE*h}`}zi_BPLLM7;!%R-S=iw!OO8e?;53z&#UkNuDS7zI|mS*!RwUl+JM zAUSe(W_R%)t+EJ^%4ie(2P!4P419d7JO&=-k=sQGn={+}ZR<jZJAQib;9)b>=Pb%G zUdD$zBD=dKH6u?Ttx@tzQ<%?rUL#r-3n0QBX$r>h$8Y{>CfOKx`6I0!aM6EJTUJhn zk3Tn#?$uBu7{ndqHFJ7Z+%#5GQS-V)x~Spn)Cr9{!j7aaONZK_QkEjSukz{4Q?0g_ zGa|LpNeconfiitF0kbTR;rp?|1=1ETp}70nv)MzCS`xHhGeI{F)bG{j02B<V)^H~N zU1w^*O1e8VwQK9_VXHbyo0-{0w)ca$6WOI%6Hk&8R~~{$KkJGR!wuQzOAD#@6=8zU zdgeYJ8Tcw<^P9;%S7r!lsG3VK!alOd!Hj#f15D%t^<-WvgY^Bi!_`gU&}gX#7GPZM z=c<pXEmWS{#&eUu^OWxX7n5QGYLk|Xub8xw9{eaJ&5OY$e<z5)+Es};q)xQi;$lX} zBzc>$O=?VPK5Pqf-j^*K2<5<viO=lrQ<l-6#Z~bQ(x}QrU@D2qm{zM6S*Rp17%6SU zeFee0uB%-Q*evhtK5tFa>aTVEsJP{1p31<^7K{b`MCrHm9hPToTWro7_Y)k)^fz!+ z<#C#ys}^vrF{J~P1M-fJ17VEwKWN0q4s9TilKbBSD%vD@xz7Kk_KMuHj{oFWk~ME* z`2YQIrpehs^gQ-#5m#%ePpXe8umqpewbH(gb%!`vzeo))ELv#R$|~?He`{bw3-(X; zzkxkW-}AuCVq<n|1<Oy=$^sdH362-aUSZ`SeB-ddu4?m2#s4&_qH>__z6wf{3)8-P z%AEnibb3vvw8t&Z_<@<b>8+^*gz#_$9WSfJITihFjvpv8gUI)vUS271poqLS60{*o zL(SBIa^fcTknO}7)-qWE{agZ7e-J6;)sVw!+y000diuZ0)@0E1bT6_>xncg~MW$<= z<M2uj(*Dj4X6mBsH?eiSUCNbmibkCZt_${;wjX}^WGJL&ww##=Tc}nV6LVar>zz#w z4_K`@7k;&QX3moeO=Bm2r{$f|oEqbC>LN$jgTvumIG!cp`hAz^n1+pJz5?`C>FHp? zR4K7`AXY5$Rb7T;%7JkPd9;?Jlw?h!mftD4Jk99XVDXU~0Tz^acn`vFnSqCMT3YrN zL{?;&OE5Yi@<XcHgo6&enr7;j*?Q8ldq)1E|LRx2iBQ{R)lmGvb8j%uDDGp;9t69W zQAToHTK4*?<A8|CO7$fW*<Hyc^^ADzyJnYezEU00w%^+aBo1E$@dzY}n$lIript)@ z>m)bT$wQaS>AXY=*z_y-0}$q{|AhcCk!T3VT^+r6M-fTfDF@4vNYFu;rWfr2YgK~8 zG@oeaP>J`DMab1rf4tnqMBDWT`Mq}hDbFGK^i0Wj@<7hy6(9gt0}`)8{w_mK0$7Bz znhqkW&(0)juX79#CHr&>e<%A#aEX9p7t5XIgTa0TR}+xp7Ny}#S_KmQ{rwf9G;uCS z1WBg1yBx(_lkboY-=*9jkS^D)DhC<@!FQp6htAfPMxtWRndbWQ&&$jhW&2!>S|FBd z$MZ7N?_n<Qrp(ol2{E?Kt9PjTk;5Ac6Z@44+tyyLL@6XMx1A4`h%N9p@1EW3;KsY6 z4g)%y<#nwAAUIBc=C9dY9obqS<a<hv(V6cHmcwff1)khc3r^!b9Sxt3JM;x@H&?sC ztk}gzzk}GBb8$Sq9-A}J?2J6>c*r4-u-ihop>H#ho^Pnf34T11RF1xF5m@yKlV74} z^bgB$ZK!S?`?+lgYYRe&%vm2G$;hu`I`Q$WW>s<_&{O7OtGeYOlD)`}Q4q8ecIu8C zN#L0Mq!bbOX4J^SuPY(fjqFRi%W|~RP_F#kDHVrmoVdO@hzPUf+k6AEq3{yV@MZ>Q zft0<nfwx<!ta3;EEO^(%x%6MDUvp(oJ)U}Em`zD@N_#<}oWY_2|2)3Fs_^v1Zrg%9 zF;dh!Bos<B*hsnaNO(T<)1odrpP3E7xQ-ZpG052kBCr&N;~HSFQM9zC)(>yBz_$mo zH=adtjPoQJ^#3-&Nzn_+(KlbWG}LE~IX`!GZ=((Q%K7xa-oKOJG+<&bR#uOR6?2=F zI$;%_3_6}i6N!oFAuxb@>o5&4zm~W#*nTUXa>vK@5r%jala(UvXX*2`{5j7hEkZo+ zTPhXG|3z66Z<l~d=5nty=z)(abZfE_()W0dl=at6C7Knu8Sx3u<D~}wqU6hu;^v#D zQ>I-T8>I;Ec0moF(={CpzpqxXsDJHZ%d`0)q*qCjlRUX1n#`OU39a7(JZ@pfaj?If z;MX6xa6!}%1i^u%&C@XJ;tX}bk2Vc5hrZm^eCRxAIzN8^viAElx=@b-<KmNtwYNtT za&>}VRaYpGzuVJE-chzfg3w_>g48^W1G<q4&7>-nHbV0&CIVD%#V3^HChfzBX=V^4 zP~y*kCn&{%x*2imYY**wDk7j75vE3ui*LiL(+*3lT-oIV5eF~d!I{~%K(N@z#%IEf zCs$0c_6144lZ;YAz`DRjE=8TRYa0h&)p{DE7ji2GMCdqBQR}I^VZ-<8n!A+4!tf&A zduiasgH?D1$keqSCMMJQN(#G;4<oA)MIGXyo?7_kgoDez1z{B>4XhUoV)u2jiI)C> z(hj?&Sz8~)gD@fMUcUKYy_|*m*ptk&gSJ^=KQA$6FP;+6mt}!8U{65K9BcIcciK_Q zS&o-hIr`31q$JyPZ6pYzlB$y<^8%=I0TP&Dq0a4!p?gA-=lx$B$l$S7F5pZ?y^l!| z=K&rg<*)z$X+8cAC-VRQUF~0EPNPR0X8#f6oSgpaDQP+X;320|7GO@eEu``PivO>0 z=l-o9s`>wP2((RJ{N*GkKVVwjpDisqkSSVp<;(oA@YJ}XB8bdH1$K%NpU4$=ep!`Y z+}b*yF7=YR3@$rfNl`gBJ$<eOzWy0?w%Cjj_t2~OwCsYW?!N&%L8Ymr_}Xo?{UU`c z{(&q>q0;94-r|A+ZgFw(uRw1}VeU=equVffaZQbwxTNGvBPx-;mZT2gjBq<P={E)C zomRr*RaI5TK_y&w2Opwd{1%C?{QQ~YLwfp!2(q@OrbY;s8}-u$*XeR@H#ps`alNnx zfVV}K*Zb+~XRCSoOzzE<Kv|_8kR}X)zTL(`TN_%#>^5@#QQFy_u^yvHsnVP*G14b< zOn-cD9Cn5AqPhlVq`Uueg5=19A0?PgpyVXqayX*B{x989&#*{O_hCszc)CWaKI+~C zm35}ohl<WXpjI#l^ncp=<7KO3w=M=1ZZ2I=(NwLj>Pyav)q7e0rX2DHEZ|F#C1quU zNm;|T_Mf(wrg&PTQ<hz__-uhL3TvY4aizJb>E;Z|D9{1{#fpj1j+{+9m)qIL2hRfz zO9qSI-{e+>GJQE7&=gQc*>3w>St$beIh|FveU@B8WJ;MPleVE}N>qfDy+s__*?I$t zhs<PkxFr&ny8t~Eee%8(K){(XZW31Qp(RySk8f)Uc^c<grlkK=TM@=Dy}mcWwkpwu zfE*)vYayF@%PyEMcDDJ{yC<<JKr*QcL<glhJ2Qvj+UK|ZwOfB7E_x;e&{PX=3tZ`d zaONMU{X<VXV57LG@K#)KnyrV;e;>>i5xu%xRnRYQJ^zk&{qpzGHDDcN|0gQcC)gyA zS$Td0R193(j!yuz;MH}{r~t?q=y%?#gcfk@9rw>#`rh8&O+?l!J8c7eb3fS0D|E99 zK7VcKY80p*y`OG|S?@giLiWPqCGl-grEpYFb|5KPpFOW&hM;#e0{z0k08rcZt-dVI zlllb!<9O7qX*=yM<aALC@JlJRce~_Sq^YeLM);FIX;)sKZw5pbQY)Oydb<6cacwgH zC=6Ae2H?o-Q;~2$U|TQ`h`*_wanlAG8+lB#{6*RC69J1%%(e$aA14%yjdS}1?!E16 z5mK^lsb6Id1$Iw>&j3$3>pwD5X5RH-k(;I$N68=Eh4b;ck=rKEt;p(yB;ozfiq6#| zKLFZ0!A)5=d9v5bPCW7@B9QTMk$qvXEHcW&_{Z+qKYs+e!gnEvlD+^C7#?2%=`1}U zi&VRsv*`*5QorQz=n*Wwv%{mv%G(}-QzwO_&TTIWt!0!TKEdv`4+y}L`hCAYtBei> zA6JVxjd1S<dkko5*r|Ojk2IzOB7NWbO<gM0WL9TAXTOyJ{i~XB6X&nu<HlTopDt6{ zw9^Q2gN?s(@QVuuDq4jMqW1Ml&tJS~APToyv<qBjTF@M)(8_YDim9u*6}(4*HJM%_ zyZlJ_ZK9MheMbW65IX_pw#|0~JogbmugnA@y)9yXBeuIkc|hT5=O?q*Z>9O~qnung zW^Ectthq!c?(r#7zf@eR^Tar9|E2_iAI!vSze@}{p5nc&;|b!7A3cd6q<E7=xU5ba z0=zBH#liVXp<oC2`FhdlZ7-tceB(zGygNfh%PA&GiG50gk%6*<Mv0k31>Vd(!iTE* zV#uk~H3vY#QO_Yr`h4JlZuw<>4}j!+ZQ8A1`63l_z6<iVQZ;?B4FMPh6h4<r1qq{< zEIc~yINh2H0MPjwcbBu~Y$dD70oed{0wCpF==5AjTse>(&E=7!JRaS!0Jy)Pi~vB2 zbE7)jF;eDa`=Myi+jZrq20N_yOOx~$(s>8xhday49)PM=&szx?vGo%;(bQjR=X_@T z8hL^CCbGvH{0U_f3x8EtL)Rz`7rx|SF^gL+_yM@t#XvD@d);yO4RK{WQ1E%`BsuNK z<(tgF^yzD1lj8mEI4fq32PYXKHna7`do>wgf>QBEkSo93m;E`i6BJ4C*1brf|I|}W z4b-m};5N;5{orDzI4Z1_F%<6YeK6Z@31ri}0A^k!yHnpeiUsEHL}wRfy(+{d<?bN* zoygN}!M(R@`#2X=e7WI=8-MyvlHCcGZoOi_Ep-o=mYB4{-+kEvbQ$OWaNg~9i=K!q z-ez<OklA8m#hcI&F!qcWi6;|k{;lTzw~)(xR!VYT0C;sgIiZ4&OK%J`SpMOs0r_Z0 zcYX#@IAAHX^eNii{L&A`1Rdqd2f)clq6w2!fJy)R@M7U=-rTE^0lb&2!MZ+=at}UW zIw1z*1M`@E+SC9EC!6H~mxvU^)?Ul7_P2-Ok9tp-rw_^<=$t%3#wn^=XG!7U$4iNr z5NZpxo?^V(afu3U8<|e&=Dx6eAa_=3-oIucoE9EBJkXJ{6i9%tj~USxI;xCSxhsuo zxlgW8X4ANM7X1e2IEA&*9PR+O_4=cyuzV<H)s91{4<31hswyzt)xrUSd-x_A4^Atf zoz0xf9Py0ey=V^j@lXm8ia_Pli^49u%kVIHMcc_JC2QK|0KjN{i=4cJpKa>;^8@8E zt_`l2w6O8{3F5w6qi{h~T5gS1iI+EsQ#Ixa6&5NS4PG4;$BU<mP~U?m;SasVHE5J4 z26IMB?OWW*?Yb=;)&L}=0W>_o$vQHK!(*-5NW!G9Cqu>5OXeOX*u&^tmi&=1OHTLU zT{DqVU>wYwFZr7W`jAmFz0(+^w|<39hR8%1_>s9kvUTnw61s<bkFm4stB~7~2)mgB zL8S2T7f-)L8?a0DiZMbck?C|m+4s&wjz>1l+b$9J7K-t%iTKmajg4udJAQ9Kr7{!u zEn%)!vIvCd9wE5Xs)Rj0{WNA`)DByraI91iwO|&pjJO}4p5JjjsWH{%&2<+@XylZI zJ%>MNFtQM(eIU_RJXXTQ$TWR%$w2^q`TSV;-Q=-%!*=y}qZIiZQ9QyG6MGffk(QR~ z-wYOALMn!Nzyt`wm$$gCPy-*Oq@p&fc;;N9U~dHV<@O*LW<>Z2SEv*a$ug^%?hOy5 zVM9-9m~A<*v{4xk=Fd*jV_#(8z=ER%&_E1q?Z6vQGGw*^00uGtADGLLPzaDJ{2OmS z8{if(()-;Stxry8O=fCA%7MiHxqC?b{C^?R|G>jO4Qdid;bVoZxGOT5Rz7$SHKhrp z_pEC|Ffop@eh&*C7ht>Z#sL}dGT}aLGz`=tIi+RpMnmGMF8j1|LJy?!;FmuPeXcdm zIB8Zr1z~$6@`!LD<u3X%Og#XIy*A`Y$mzK{7ctcy!>^m5l37qwmzwdw<5FWCI<-n7 z#pWDoN%p%VO4A@h)v!Al8eg{i7Pmj``>QVaE61-QGVxUT-BMWL(_=36=~rPmNKe5& z4O|i6Tb{jq8O?=y>#o%e<4|2)OH~`p6h*K8v4xOBgoc=Dy(E?8+<;KaO{)Bo4E|e+ zz{EUhS!K8knX;mh&GD8rM1ha3A|YvsnwN&K3(*QtQ$P-}daYnTJq^H>p!X~*-Esio z3JNzPPxa%@Fzsw(byc5YAWrHLE*{dLB9?o%rw*$4PcFIGgZS<|<v}zj0Phn=`IFm; zsqhM`Y*w7(&pU|N4uAQr2Me!LRKLMW!&M{Jk2BWZ@}It59rtI}Sw{br*EvEXI#4tb zso4=4)WS65Hc9d;>O%;5W(OI0Rgz8(oQ%};Al!8vo+G<2toD$ii_V7r$%N<%-IM5p z3~bh^7Cu%4&Aa;Er|^g?M`uR`qWLhFCYNMMizfFTOc;B2l}6I(;Z7_GwzB)dn<zhE zaaG@H7g^!~FYP}lh^q7ex!l$gV8&-MSor{7b(m}P?z11t%`pcQ+9^HR?bM)ytcCto zz(KO-&GCAVhV}9n+1mF^L8DmGZc*faG>(PK70FBnBOer%#(%o!C4YvlFHj-Xz{deV zWH-L$R{{H2dIlJTqBMxD44cGXz;2eO972k>0cwulY;qy6{vU2mRXa$$9{c73=m5V? zwT(pAN`SqSNn&bGm}?H~!zp09uVFLy>>P6a?Cq`J-F|ez$rVca&EFmuAWzfR3aAkd zmKW0#a)Sz&OO&~gUTYwMebCGTUkqyv21-0~x~L(U5iS%u6G(ui=tDAHo3Y()USK@q z&5xykJvFs9oL_BuiJ{N*7Juv<RQ=-RtF8pJi3Men0c`NL3(_x_u!Tjlog4r^Da2vC z(IJIb-)9L7xZC5ClWSO$A3N&DKn<l{*f=f^SgfwE0F-GzAJ6o|+r27arvXht-H8BB z_e?n;HlMlx!H}N23je3Qvxtg1VE?^Jmo$u^bV;WuDIwh*(gF_M-8l#dNOuh&Ej_@{ z4I(mhH%NEa{qdf=x&L$SUEjsKV8LP*{FpiOJm2^{cSmIfbv@B{z{G#~p3>_db+b~i zJ?-msyQX6DYeVn-jZV}Uk&B;L%fK2!`sjPTk!%T+DLpL=A(2=#(hrbeI8D??y^t&D zQ;pl;xnLjZyc<v01taF~=2yzX(|xbAqf9tow!7s2M$_}5aQ=GY4Xj8aq6`NDX0N(U zw2y2zvFb>KQyZ2Io_*&E<k(6_TQhi3G4weH$nmF|13#tl5y6Uh2)4)8o)|(jYlQO- zxTpZg0**3bzLU7Db*A9SB^-(EkPv$FdmsE_eJXFalMD6Zc411+RYnmsRJZ5Vd-|81 zzbx=q*A$8*Um!uakU|1NAKnA=4s%=A^l#hCnFgTn@|m9(RRGDa=2<U*LYcG6VHaR4 z7h$qmlonVCAw;;h-5O+LgOC~yqHyiFrP|x+Zd1$NBL}&H7{hGY`~@Da)_kQLdhy@e zQAh{??mJ>q-!@Z;Czn&XYpk>GRq3)&Cw`VMH7hjU#rgH`)8o|cfqYLU5gxCoKD;bv z+A=&!ZNTdRwMV_;K>$YWa=B2iiCu$o%Tm5HE<ffn5Hq{he_RMP2Sx+sC!d5|AM^)U z39~C&Z+6c5L?5_t$atA>biokv55~(jW_KQV0InfY)XrQ)N%C7?nFqn|kHFCC-(ukK ztgH9$F+=CawwsB{!V%vCXFFJcwDAHuDHAHQEZUUhGCE-paTeim4a4Jl^qL1RWCD2B zD@ecA!^LKff&zr_v>-7&=99!%s(`Z8@sm?834@RUHtM&lzjV@<2V(4VJU*uRCvM!Y zP&7jLg1u`jW;9>=mJk?rcXyjD+ne!)_*THrdm~A!Hj?yj;t3ZArU64$t<CQq0qh{V z)}Q_0MA&ziZI8aqX!tKeK#q!V(oUynd|D}w_p3Ud8;Qcc&}e4>V!*+_`NnOU`YGS> z^x=76O7{4NN{#L!<}vvEsR!Q|4ta`XuoLZ>iOB@vDN>94ak;6pVfJ(Rkhjru#i^us z_|NVr-Qmt+*#06L;20cuE}J+|Nc9Lb5!g86SiFkShF`xie8w)i5F4)~@D^A<91l(i zMUU~dzl1N<{)2wFSVM8ZS!Mq7E=w9tKj>K|%VJ%D>-aLVXoTeBdq_4f(IM$-ym(O) zIY<s<ZQZ*&g5sXRC#9urv?WDQ{sAv*sf>$B&lp=UD$T4r@K_wAYbIgxEEa~*71VL^ zr$^T^a|4h)Z}+FNvi=ctUxPlZNKoOG0^{I~+uipg56O1>PD1V1F;~=`Xg2YOi0U9x zbsq(YGA4kA;k1cDMfyUHgsNu^M{kFr6QXvJIku;ux8)=?O~a;N9tK14De~!+0C<Vb z8nN*_e4a?^Pa|uF^y?6FLF~-^)xGNMD-5)_?@5zM<MZQt;O}?8ezg@>4OI4dqLZ44 zBkO)UrRio2REm&vR6+fxmxkrf+Y_W}cEoDJO8pE7@Sk44k?L{l)_u)>QDY3{!ULJ; zItzE=i!AeFZQ&JOk)8GplWmHMc81D)@<Ep^lNG%MY8cloAZiiWfAKd@)5eqRbah7k ze^!3g5VNx-KrRbNYpskF&;4&5D^=hLOY|Qd>uEZ{DhlBcud~Ghq&KEix+mRAVxW6K z{Xcl4y#M6r|HlmT-(UY9QrdqX&VL`y|4nB7|L(n!ppYg+|D<5EhSw(57yf=ov?wSp zs~ex9*Og^n(TRBT7F_2VX@6@d*h=>{RmihiQXI08LPCn+d|OkkF>4iBE{}&fmz?_k z>W5ClEX74N>jxk+%6ge%Y25i&PwhvVEtu^spDGi&7}!d2qg<DH2oo!4bjP%6{cj2o zHvM2;zR?<@!kcP2s<OB)uU>qOS3g4636I3oADsQ8=L9^jD^S2vz@ti1UCL|TnWkR} zg%*NgTd~9sZC|{}zBiGJvu<^Rkb{$T!8M+QQKGe}<+y5Tm&+8$T}kEjwO6_Hp9TPB zwq=?oPS*%s?)Sb45L#6PP-m@ncJB&meA^EZ2sP2k@$vOOW@hHu7`944RrYAom0`SQ zW8s;qw4FOO(EA}*UMZ8(+bbm+v;V#oE>6~nE8=Ch9pkN&p<Vwrc;f@5Y6F~IkDF(= zsL%J9@6kq4L|-4%WI%m=B*yW;2|Xx4GC{9No^@D9LGzQj)mIyt0zS>+iaL6}=~f0p z$l#9?jm4&rY`gKPDGsdxN$MKo*Hyzf%e|TaR}92Va~pWCx`G#3eNwHV)wF)ACjSBv z9$OX5$p5omNMb!$DDLrKq51a19tV4*xgylr4^Qxfuy25Jn|{H@`L(J&K$P3xNIf|@ z`EovUs96Q6K|SdwxZV(nYd};Z#>aJFmP53<R<*Ttg--F|)d;y}*-5-9UG1)uxe!ZL z^K*bR0lKa!OX6pnxz*sdUxfD%L@?<vlgw$b+ll`*WwvZQyWb$*@WW1wIhvn_r4F$` zd6@O8ws`ze=#&9I9Qa_qk%E1Ywv$y}W+;eicpWJpv%{G3GSs<qx-6@9%h!_*A$P;& zH<;<GTB*|~?)Memk1Gy=^|k0xyk+5|%nj|W^|l%)8543QmmAs-SU`j&v1+=?7q^-e zZVYr+=F({v>~u!RL+BX@93_4l6N$_b-8}Ki#*5YOrGB*;wfQa1N`=xYXpC>*BS;h3 zk)z=XKt^9*``<)q^46}u9=)^k(9mG=F8p~|Xzt$^BfwsIND4k2Z3$muY|~C8KFH%3 zxn6EnDay<0X@wa<GjIF2c9^ZZGwy1#Z;4zzJ@ZQ@cCsf5W;ahXwAE8LQ<7RZb0?7V z`81Q?71n7TBzfss<}*wbjZdfjzO)u}9#Anwfla$pAgx-c%vf1jA@*i!#?}Yo$DUTn zz9|ED1A7w;9+S?HGho##d=gxr#7)0oxpK86U24`Cl?Xf}<_TcyO{Va>GT|=-dInVI zdoyD!OF%dm0eBv90H2I+WD1b7)C~*_b{6x!t!%!YX<6$^%y2+vXJ^lz#Cv{5cxuyx zi+ooYj&tw|g;FYa&*2<Hy3G$QU2|fN$PHrb3>WomCU4-sPea+$JMzx+Gtl6^6QQQ! zeKDWE!RJqW`umE-O0B#Rm*=;vhl`V3Tg!DT@50W?-yPOBO=BeBzB+9M-!w9{(ivmf zYXXvprkkc7LJYz5$(r0&YE3Q8!eaHpLO?F1Ki{9@#{mLB`nugnFbwS1_#}s`!2Wrh zE=3O|-ef@AW3<ukY&QU@qf;hA&YooX#gYoZ%E;pXPAcKG<p1bPO7MqPxon`O&%7ii zhclqp@50smVHWMgCO2bS1P;u;>;wQ+!ikLg3j_-uUgts(#;cV6j;-b0L7fJFCA%$b zB@7%&taZexDso`pVuBRq-YdLv!}>8f$?4PYZ2yOAUb9|oWyb5B(fsf!wv%YkFNZt8 zg;C^NutFS}bQwI0AdJCKEfRwW$S)X@C0Hh*QRv;I$Jc)$q8Xu=Q_GJKL(2LN)+*o6 zyfic`VJ(*73zkzWM``x6k-r)1QZ6jCYf+17<Uu?quSj~iWM@ofW3rSLhj5X<`Q`Wa zyk1{@lygdea#FL(hVyPl{0+ZRaN57*y=Uf@8GgMnv-P6f8br*~yK9E-=YV28ybvo+ z#Ysep9@T9}V$$roo22#G@lzWZ2=;!_17e&l2*==`ITVY`ZrWnAG`^ojg($B8e`rmr zZKtI4#t|Xa`qRge!UP=sGh==G39|uI^IO9i%Ob_~{idfTB&{R3V%wxCeaDCV0h>(e zi7CKaW&9N#{SxA0_5~trI0l$O`)#*p+iMj9*NjV`uiE&RA$*2N*QV)0Po5w9y1rdw zfj5Rt{1zTj=V`jPye}<>S>JcpO47q1AxEKAbHR!R=v#A6#F7nX#4;F}WX@{NqWip< zX1KUks?W{f^lIJZ{9d_$%U(%#SXfKWc{m>CzE^v;1Fz<7DKkpbonX|gPbkQhXew~5 z9FZe^+$wgNn2spc|8!V;Fql}}yJKOVS}cW?XGvr7qJuo0x8sfGC4uuW$q)e-p4~H) z=pjXGAVKJ0_6mT5Xe(i64@#91@5C^{&ramQv*TcJ%`m?_-^651^#d3G5AumbmC>J| zGFkq_O(0!<DHkrb(rYSns!ef%YN8X;p`KSD#fd>qGvFIh^{s*k>j1wu#^e!L*j(}Z zHc%1DvyQ|0g6EARzJE@mzJ?@+7oBxtaX?4xj%UW3we6SC3{r6ilLfl?1_)h4&z=%1 zi%isBA-V7m2j(J_8RVByd>er<b@$^kSX;<SD_c2yLLKdgYaN^ChE^i8je%6=V4Avf z!ys=@XH;fFL1aZ6-!SWba++Lo(ZQx}ihpup(I9Vmp?%uu*HtyJ<M@bNHaIOyYtW(y zBax+0TizS`W_L-Z=&;Ul_KS*UiB)mU?gX?6Ax9Af#cWn+nDmMq*c*FjV;cPP-t1Ti z!w#8$9VlPO0^<D9w@)jk%NjI#8ohKX`-?5!&9N#N#a}Y|6oD51uNX~-8nczViZUNZ zwv(=R;65rT8%`RW&yG2i`A#PxVFv`BbPBaXD~hp<ADJxwWNas<Xhq+7%-ilPBzhtt zr1Y{qRxy+>0iwVw4sQg$6meLvWrujydo;Y*e^&4(HrIY9@u3_?9tbfkp1O+Tfcp+G zK}N6)=&&E3xFMlZRu7?4I3uyu?U5dUN~1nvD6F2n=nF5?StXMX4tp1jqGb*V!H}H% zoSmlNEnhk~_S=(fyVx>YKHf@8i9-XYw#m{CIfhTcIE~G>4*u@%_*Y?)(;v*GV?w7N z4P}JO<W;kz5+({C$s4`MR7@7qCV?+|yLz3L`bcV-1^un-xpbiY9l5ZQhqt{%{gRbP zATe65FMtBc2SnP37xBcMd~%-mr6d}HkM{h5GN6G1geR)J6!J|>PlkN17Jh$wemR*? z^y<vr$Zy-+-d2V-3pJ7LvrDh3&QIuTX<mHg@1e1=mV;lxnysN7=Q3#b$4`*RYno@+ zN<Y{UA^d^Hw0Is)5a10I;GB&fe%X=c;jub8aUFoidw_rWA}*&4A98XM)F+i0X}5oe zb=}KCH!@GE<9j|aMvE(oV1L<N#k*_Vh#_8JkdM$iA1s?lLY=cTOxJa2IAKjpSHULN z$*Ny;S>sJTkoh!nW}y|g`HrtBt<V$vaiO->@boutS*-{TXQ*dU9czou?AYfJ!{Wj` zR$JJ?Y%#fnf*Ve=>g2#zN5^F^P57UMS>sg=kh?BX<i4!RPqW@A**Tk<Xi_VXXy`~g z9kCsN!=NBB!_=+<n*KPk=^ggW8vu1t$VVFsIpnyh!5D05gA&}qCcXDh;AlNaP71{r z0Obe?#bC?w6BAI=aRBa4-sRc=d0sd*qUYP4^w2`0gCeS?tUomV))`<YT*n9SO?@5{ z4hB-}9j9_$$6=fwo2XoHwe>vdhj_pomqMx{CMpIfml4)9#%0HtM-CvLD0bFu3K1XJ zQZNcz2z?s>DasxfgqMN#pl}%Kxi?s4Vm75@SVdQRR?X@~9QWzEoSu43guSnB9q#8z z?KAl)_`5L$c={WAnbP{n!iVS@gk|`JeD)g=&U1dT)GwEHc}?DF`gU1Tku#e63AIy} zVFfF`c*ul#1iR1_Jk4ph#0d3hS3WsdmaH@nhb3E(k|%*i*eYg+qWD0ui-uoRm^dzz zaa4HvN{MZS*SvAB;<U0)Mwj9%-mfZN00*=gzWRJBQs~z`fSB|2;<RbPuGIj6@*II+ zRb#W#qx+iTy9>;4{teXk4xcI=U|Zc?RT%b)M|ZBfi^D_6_%tyF7&KAggon;lYI|Me zN4F+NerR(&rV-D@Gz-qh_KmEqH_ZcNG_?GVh;mpWyn!Z*6O$RoQd&?$mt#}i>n_1e ze=*kWFv)2chl}V@eZMoL50RH4I&NkA4#~zlPuujHik`VaY#MKAp0ZcVyMob5i|xZl zUqSQ41@)5jR4x0oOs|pjA1@c(f?dvjPK-^}?<FeDn>h%0jwp_mu+<=}7(jfJ2HSR* z2M?r6%I?wDvLh2(g<x}ExPD-Rn)!<k!tXaHt;H2((kru(##PPaAb|t&P=%f?RZ5iC zF9HKUnMX=Tg_z~$IpymF4E9BD+*Q1zDSga(Suxiyc$^f*Nu;Oq-Gpd8*j7)kb8>3J z`|<VK39r6ZKYwD3Z+Dk5tLYfxvxEHre_t~JqL;5xd!DfV)xSBw*&ll%Xn{ZRUd%g> z)IL7k7CmQq>CiO?U^@|y_e)#8DlzZ-aXoV!bN&jA7@%(#-n~^ubfhIM#iTNJ2<Nec z@Jmi{^wNJL?WH{W2y06~GgDZPyi?B}i07CLH`3!x)_@kOm69@GVl)5Y3C=WF974|X zCbRtHeNcB<h$Sr=Z<p4YKgWu*uNvpYJ0eg1(tyjhRcnN|+oeU@KteC~ZNYF@LG7sA z{n$D<UJdN|iOgtGI67-KfgQfp=yFkq3oT-3C~S0NtBBAUPjpk}`MsN>KUsC@o|GaJ z64-O<u^iSLy&m?g@2mL?<(5M*1Z^$v#3TWts4dR2Z7r{yU-y%m02)V<<QiGm1VPRs zJbWLE*7>*198RxC;fEw8<)bRX3ZZkXIk1A^uJC!Zmi-3Uu)37An8&@af9%wL>(Nyy zKwfi3I2@+Eo=!qKJ(XzOPwfUpI*hKOMvMr)JhwP<33glZbti2DY>x*CEQ2-MhK0#P z(rc=hA>_)DSAi$Fs``4oi7D@?@iv9W6ZPIOv(+RC7o=*jEoRJQSR`D?)U|}`h?k|C z7(_6i3N>jb6(tU<@7on>fEUgWQWx@XJO}Qgcwt6|ywGsh4}*IT^;*#40m+<^Sl)tK zORt8>CXS@U-XC(!?5i4SWP9$|8SLMB*ikU2T9BJLQOFa+(!)CQr{@*EJKId|=~iq; zUDa^tp|0j4w5Bwg|GJ!0`oy7<P_cca_!(6Tvu`<1(xwWD>KNQC#9h2*RPYTxKb?(2 z$6q&iQTf%@vwL}(A*OrCO`G5nb%h2uAcYGw6#wjEYGUeIkOlrWvV&?IF4^lif5}97 z5<D%LVSo{Yhx2kxEQ&C0)9tXl1VK*LR4!C)E(CrEg;&L*?QG6_I^Rc-Q=l(!oe+B( z=+)|6zM!==HwiB<#uqMgG|CO1kzXhquQ93DloGUZ-K}fH0V|a#RJMq+9bf9>++BM# zdipas2<4>k`WAZ9GT=pT<~k`4R*w(;Im{fEzb|29ojNLv?LcgfcLiy>|H{0PK}uHT z(pg(=xjgU|Q3-h-63F$SVp4(2rVgu~?*^c>uEbmOUnkzj*rFo-X><RT6#|V_2Yl-a zc*7wP_Y$?!K@}g%Z>-XsS4apa3I{(|S-yvE0sDIu<@1jHjl_K>^1<BFPeCWW<mjWc zIMDE0@$9V0WZo)HSf82LA8OWxkA7pT)wr}7BEC&q?qKq<yI7F}+-=5v==P%b;dyet z2O1hk#^P6ElQb=#zk4t{+hwF9!_FHD^fjUcoXcn-$2SMG*9K$>sn3$<T!Gmvkqe@m zZ3W`ttU6d|;l_Ex%QT^!oi@0$2~C|u0au%6y|K>Z`cVGPc!L*KIgy>jI?Pw)@vxBO zGIx3iEvhl3xNQH?be3x4HrwPchZglZtNyiNyjOi%(W1Zza^9b$#$tVE+mb(NaI9)3 z5`8)yPBLbE6&R7zybN|k5*PsYIpv$s2|x5lI@B6xbfp0ccKe6!W>#jZsr4J!3<#~Q zSmSK%RcyBe)xHLEJy$KzP48!UYw%K!E((Hzl)uqAY>AD8uDn6JSfKfw6nTmccOD6$ zXvl?kGC219yYmQVtqzQFJ@MZ6=Hl25az=~yT0*BOjj4f2@I=hFllEH?8}|Ftf0+$m z@VzGC5*@}oxA<rjNX|w9>}VWkw(!y3EYVe}#e%m4B+YCLQpHCe)$^3{?+ShtdY$GC zmFJepl9xA_?krgwdmW!&#$O8;S1y$943?aoAm1(^cv=LCgoN)d=3P$JD+{!@-W6fT zO#Ugiw^ER{ZP5}iog+r1`C6+fcFk+(S}o!)FzU;d@0zlQ7v;?~2}S}zAXOjd7p*9P z-qE|^_@ADyWv!N|;a^LzUyR=81R-!Yqa~Rs>}ax(`6-`^4XC;>uOOPlu)5iaDGk8& z4~Bq0bI<q15MpZl;}XeBCp*Sv)N2L&*PJF>gH_MyBWQKPMvr?ipn)BH?y$5i<rrOY z!2n}0|E&&!i!5i|1M#m5t;9PMBKYj@wIvv?jp)^K@M4Q8r6;{Ih|ZJ#PX!dF)Lkcw zwtz<V3OUGSjLl>oQpCL;dE1+IBSV4bcz|&kqdks~zGKl%X<9q}>*uv$fj@A^;B&;R ziq#x8`@4c~<EG!YV8>%)<nh*H@X5~Q$1glP+T<k&U!I|{eL^xsOU=+&DH};WoVPq} zSTQ<r0Ra#DQ9Bcm1zzi*FOK=JHo<_-RzS=^H6eofW2T<3%gw;Lf4h`5sHdVJic+QH zrveiX8}T8YLzjxfV*Prru}*ZM!+gpU^*dWy^zLt$$k$#+W@e-y&56*dJa9`B!HL)` z7MpCbyXQ}zS`la}FA%iq8ymn<tCf7+ciOS`k@u@fV;mpf1UnTgI`#?^xg=z85HWF` z-x;q2e<PW;OM8H>2_oPA=9mPt^q|};!k&&PI(z88Y!NelJbAXAM@?g&FCF7Xjg0(? ziz)`1EflYf98yc`=7IuvRecxko=x96QzRQX6zL~7OjJg(VRdi;bK;5OjwtWmj0C{% z>fkLd;8kR+l-)=QH!&{<mw)T6by`apZ?0ZsKKQ&#sV}jh7uWkvt8n{tM}4Wf@N80k zq_B}^Kekvom5m;fWsr>W7;5xNRG{7TaUa!K$KyE&kKY{VBU-!Ps~kGa>A+0Nz+f)8 zhaC<OhO1kW{A~Qa=73p79WRlRBS?&k86U|6TSqPRpI#j9Nwn&U;;~131<DE@D)Q=R zABEzaO^aeP)vw-v{bt&c$euJU2`me=z0^m3GCZp*+f_8nj#OZ%=Ej2q1qIr*6xI7= zF8U_ggjeN!k8IX3N@zMSLimd!#jzh8#p2h@iMU^JKIGjce%#@X_j3r6xJlAV+t4w0 zylYE2ORVMuRCkirW97ck<#@?XhVZsBdy#23(TZ%Va3?8D!}h#<;7_($9`^!k3*uz4 z3y7l{kiaJvH^Z^Zz4<e}+TFmJt>(qmo`zQJmE6?a_|?`YH|~nonM?Hr?-*3E`NPSB z(xtH^Hu6qFLB{_;D8w)MW65PdeVX~ui}R)3=_x31wQ9>x^}Qm9_s8OqDNyy!RsN3k zJ@EKMLnu+~>gU(R&RNm#@uGu)B;S&&>H*XA0<)is%Kmc^%PFd(s1DHD32z9<8Qq{2 z#eNs>e-UqZ;fO7^Od$$b(~Et5YqXRhx#Z#*Lu3dEy+%rOq>VqqJ>;D=pWw%5?|TDS z4t=S<j|Mo3T>dIG_MzGwY1g@5ge})Iupknc2i07atwYjE5V!ViabX&D(1mxp9JWo1 za^T)F0sp2^9j!R8*$=_;X^22tZRK584%zd=mKFcxstGcrvB}-CjHXnOM#5<=>PX-n zaYa|6tVBm!zh#66!F&`a_svQaKWCb<c@$>1qFDfhkC=qd|2i?b<p)=+<R@s5(-=$_ z-$)yOYW0Top+ahIiQzBisKAP;`ha+UKbkncC(S+F?Bh@*7d7{y7ys#Xm3V8O8bOwj z8?nh<S>wA)NQX!i<bVdX*HJS4E>;R5XSgc(s<sJ&dH#)28{f?{kk^@9zC2xwKWWJW z=27R-ur7R}iG7({dWc3vFnP>tR(G?U6|#_?BxS#^&ti>uEx%bCmcY<@TH(K&H!{dl z7&e$t;mcjXlI_E%`1UYsQW*z4M{JG2@P4U;l&0o&k=eL?f5RI6dXW~Vx<a;L^TQ;0 zmDH?cs5{+}ae(LnbN^W0HV|oqXt-d9U=pysEVtvDN7iG$@kW1UM``kbG}!FpFE=~e zS(Dp0v-<RU0h=U|4Y^0+1pM(wLu4o6ml9r_%n#f|{E5;z5Y)uoh08_7HAC_(WyvcE zzNm;hCyL$cA<JS@DS}Epo?h`rC*N*t>UNc*WtcSReQ)>uGH6YjdNNA;ukRN{KTvuu zHVN|Ti03$N68!|TdVK=5C)NGveUys|+8W3tzfAWOohUHJIz%QG7cTyt1NXe7tWl*% z!Qy)LGjq+Ec4E5Dv|s(U(m4I;c$xKR{y3TPoG9Z&icCVG_ma%^D!EkAw=5QDnkNsU zs@Xoio>D7Ii^-bXq*!K55v@r#V?oiOq{fSoN~FsO^!PDh)tjKetx|z|POa7fNS`_I z<mkAPLfdP*>o)V0G6jYWS~!U$1N#DNd*@v+zsY?nIG6h<|B+$#g2P${sW)UL<RhZ; z6W&jc^%ncKR&f6^^@B#R&{45->#L3`rpk(tYOI(*r=G%+l9GiKd|^b7-vNfF+3?u& z#e9emHCdEI_t=Zhkhnj}j+w@}8L)>{@y{S1bY#cs7+zWmC|5|(Z70_WiiezstPlnL zeun&OoA7>Cd5_h<v*RgxgVsJd)v4MS!|^}+S$!>F<rZqScWmYpS{TRe@(6fu(zx1$ z;Bb|hnPFPOVk);F&fXZ0ZR27N?{r9RA=s^iqgc+FrR45D@|#w(rI6l69HZ+CqaHXB z$$H=)sTIesBAFL-0pb?vFSZID;x`%R9qhRIAr2Z8e>Q|J`V^xvdqnI+R+2&;*{~7P zv#aMuQlt6R#2o7%PF{H~-}^Ud7@(NT=^fL^AfYOyO)HDYFrsdlT5NB4>@f<h=mebV z^rNkiGR)5VBQr@xT#+y^Wd?fulz=h{X)lj-Tubm&ym}!9>qlynmCqnOkKKof4v`sV zRU;QM5C-;2uIc<>X4CZm6_iK6t$~j{9~j&>G@W;oFB$&rxfEDrk7L2@nqg^BI%%;v z_qA%x16xR(Z?5Vnv<j`+p8*;DMW+ggbz|V$gmQgSt&9rntWx$FKQ%Kkim2#3=%O#W zv*u_0B=*{>&ipUf@%%DmsM2f&)(d<eqA(k2h?8JbGv`y*43Zz-N`ImkHOP#?<C6@i zjZ>OT064kl3vIHq7Vp<%&U!uL_)qkFvfsB-t+vLEywCQHMA{-PisV~BsgPJ$e!uiH z%I9d4<D6hM>zU`~YrnpGW8e!A+Sq|TD3nJ~gTZ1c^lvk4ay*~rl%INd*ukDAQM1r< z^G%9kk(0FzbGp^5F@<wCBQ;IjOYt;TD*s4}Oc_EDoQ=?(E=Q5or!3zWyORuK*X?MU zI41N^kM*0<gkj~EO_I@B^?xSQSV82k!VEPvw>j!0t-Gd?wp1~6`c@N1I|=M$Yb628 ztbh59|I|l6aIP#lF(K_YOj2{Cy`m`4UOsjbN&?T{a$2_a;FEI^_$w`tF-R#j;{7#d z@T$&hM*Hq6Do{Y7U_=KZ!1!-Q8{NkoCd*Y?%DX}v&)?x_A>kxJ9fJ7KOkSjYi*@Rg zjz%oPriwynb#F83@TSPPo}*%_<vVrVv`yaRYtlk8`Qa;hPn&@+9h-0T>aV;sopl>D zv=;>@-1WH>ttylbe{<{ePH=uuHdm}s(~X=-NyIfoqCg7HapA!Wk716+@<k@&CnGnG z7vDT2Wq*nz0|BSo=v53<l_S>qkSj%cWIGc7PmtW6-M0FnE+-tn@aIl1{l9b>lf{tD zNcR{Ii%<W&lSir$OM^+RXN%f3?NtxmnX&Fgis>MTufMyfniRu9<G>!gNz;*E4=H6i zI*5LSf~xEX-1Mm6b)D7lM>t&*Cl_@Dqu#zVDC!huhWO6olGK05zVn#T&qySu^iks+ z42PfcMkd#IETlRyeYbX8CW8h#{&-4rqlLUOGyc8KD0&^yW-;taQ_d@NEFG9-aVz~m zqufnu%H?lxE&z6**cct36sB9c!^+*7r`JSFPb(`MEGxBCUEsPIaG7esE!r~j<0-G+ zAuBFRW5l2QTbmY`oLtyD`GePD534xOa!F&hlv(&{FTL2Srxom_E}O;)wkX-25l+-j zYw!C&yzu*$iNC7KF2a*A8vWB-|L0a&k*<o|y+f=<E@C<)pDJXoqS+JD?Vp$l+aZKX zGQf3+6kHcB2gy=@Ko+~z_67aRdsf-FNmeNYx;@eiZ}8uTG^`%9-X2`Eoo+eOSR4KY ziU)t!yK3$%pqbhho@woKQSjWxoT?all<WLemAJgbg2cNn%7<7b!TZ|Uk;U69eW=h2 zx^lSd!0sS4z8bg`BzT7#*^gUJv2;N<43Wz{am9D5?3V`d(%$)eN#V!89s?T=^!{u# zLSNpoE{g+tM?P)*^Q0lsMQ`AB{iJ>Ws>}ZRhq?g5@vTUf$5GbvzN@R392wLpLif+2 z>}1!I-@_QY`|h`daR$>klARSLgPn>*;ucLL!W#qT0r(&V1@-!S%6|GbiEx~A(o2}- z_@@I}&t?F8e%E^PFRgDfV@QxaWaWWNW_XF>_&a(VehIykXnI+5x7ioxzZH*Lirb~q zethLs4|?FFSAMRC2~wgD7G#$P>t_$YJ&P;!4_$WsjTGY3ht%aOMYikFvgOVTgw+)f z55R6_jTq9NP1~)>h*BQ?vC~5ZdEf90WwWJ}!~_3}^Rq!{BiKsbm3d!3j^dRdb<6R? zx`s7Qca9hfv}~p+?M?sC3;H<moI1(eR|S1vVb6)UIpjt$kNM2&i+%2FUr;i89_6C7 zbRMOgMjGAak<Y>#PvMEw*#3ka$wk+{F!<Bf<~0n*7A?}t7v`v5Q((Rb8a4R>)LUbg zT$qOm8pW`vnCXp;(Fr(~I0gPlo4v1pDy`9TnVbt5yJ)CkN0NlC-LWB45XQ(}-&`W( z>?zRsE?*+8EmG^Cd--G&D90vGF^ySfdrnf~JK5t4P?(>56R!Mm2(W{<0hUt1l6_|k z5dRmZBSWR&qVW2c`%ue_>Qc<}IY!_YELN%eWhHjyN}Mz$__n@Be&2|SkqtuLt4MK8 zj*S=&cR7;e@(^lXa9bK)+RagNjB=s*;Svwpx&q+p%gPc=9IK3#ym%1Y&H;ICGzyQL zWNnW(k@Azx`e|P^^D8Xn()a81ZwAc$W&K;v7d7VC3M`8XdHoK`c-tk-_Pp(R&SJf^ zwV^mu6j@rk>4+T`Tm^kw8=UG7@5dIsS-2dvm+TV3x5Hu3)XfN<j;qME-XdF(2EUz} z&i1oE-EYAsQ3)0ke1&{dZ{kp~UnQjtpU9UFjp36p5zOZ}beWQ`<#4N}%%kg3M?uy! z<lH-c_o7R8)MS$+@}Wu_Q8a`kJ>%PAP<akB0jVvu-rq4iyTwp8&pE%@HG15!H~;Z6 zsQ~4go)TCdO*l2^y0JYjgYO8x4~D12;$r_e?dO;3a+Ks0(HcvPJpi3{^y9gUw2P-5 zp-wAf4e94XiMy_Wp4y?mo#M=i67nTh*RzxE`<$MFPn$lHLAO$OA@me~3d}ce_KZFY zQEDA@k2DCpydTWXLPf|m##6$v^n4IqONgT|mdn+h(n>dc;9S(3JCOyCuIPj3RWVX; z;l>Dgk)PJxeS8s-K5Fc6ED88tGf;wAm<ym+MYEjXFPt1qC`{KqGjt3+E02GvoNm(! zZaN&bbl^rnx5p4?GtP+E+)^krPq~<Isk&#r>(Kr@qUl3%Ep@@S!p`huZ9UQ;K87VL z^Pc=?bLQvI^y?iaHP@BZQOn+Q3LlTxY^QD+$<=J>iU{cNkunjqM=vvknyBf16?@`> zy8QXD1w#|d&0DQictQ}tAEO<OW#(CL;%iw!c&qKhIaq<=0S#g(?baWWA?YL$>0w@{ zVYK{-w%Bp_`plHaY{au<cX&c4N|)QfaV#aEd+5{zSXlSxh8J%D?EW@TnU^OuaEbF4 zOCVl_a6R7$`dFQfo903f6*Med1!IBpGTMMccQCP)^F4rM!R|5ju%^c`;xPkhQ|-`! zxqDzf1;y{>l_2~J9}nJKCS3I|Jtbe4a5E%6j}x!z5U6}-^{5#qJP8W_NZ}cpK|)z2 zafdE_pIa(N8t4sCRS&-!c5E^nEuhKtfbqVFs&Qlw3L=H@izNpy9jj(R;^Ax<_<NcL zshhgmdFi^#DYplT?sunucsH|}$HKa_WNClr+$JR!9*>B`_eT2)oL6(+m&hUV-4`~E zatAjR<YVSt+eR`~M|ILm(s$K{%8GrM`3u54!4)5zb}Q@Lnl5$($KW4o)LeCCOS0n; zrzG0>5i+H3rOlAc-e>&!N^*ss@B+myY>BS<dXz>jRmDLMml>;qzU}RM%*4UYVJLyg ze8!O9MU|pQy{Z#-WcsHJB9X*6Yl5(~*R(I|b!CwH8g=E7PTB)lmEY#k{IcLotiZeX zM94N>DW)+Y`NcDaB>Y-O5?i0|m)7nSmdHsltIJ&pzQmeVzIiJ;m{=Pxf}CncU?63f zbpznl4i-KwGHon6F7+#~$N5yn^ai*~adMt0h%}03)IdXmc2(M7cF@cl@uooFB+)Ye zHVqpz*d@-WiRm@1FI04uhT<e->f;A0Y?o{q(aWSYj~`{%idm4Y;A(^40@J21bo5r7 zEtYSTQ)g@_BxQFdOMf3EyGoQ5*#ESbz4y}3TptJvEiTQ!^W=F&Yp*cDm*6ayNX)x~ zUgs*h2iIar1KfR?^Q2_G-Gj@2qdeunHKcK?)ltr(w>Ufcam;M3Wvw435{TgILL@g? z$f5Y1DxVuoDXlLg9H&?BRqnhW%%0yib^uKx)s9s!d{KEvvLxP~DP4^;Y6KbBR9EMf zD}B#)r?HL%G{!f<9U5;(dy9v1aoRvu`xEr<ZbKzw=?drcF!GcHZ8g$`1fd{r*e?NH z^PhARDpZTA?QZuDF)?~Afp--3?0HUPPwUUfI7Y~+&bLc{jgm5X9aB}Em-n|X;RoyX z+(e1w{;R{TdU7@6U*tN*$mPYT*^-ovPMe2uHr;8Db#C7k)zc62sjl>tF1A?TEqqf$ z?wO>AFMu`kLfje4R6i4C`myPwS6yk`ENK|$Fc{W%8-1yM_9!iRl|7K(COd;K0>Kg@ z(P!1_E<gH~Xfy?#U;8qW7b}Bah21Z=`}+o@%L;0XL=rb{Td18YNBCK8jvn{tArXDq z>|%IB5!|=mS3dW-b9W|^VlDpZMPHfM4q3mBf;Z-(rlwGM+&+K2;&Ez~pQ*1T3^67` z-a?9FdTpZ9EremXV2BLBT#}xHzFJJ`Upd=OP98hNaVijXX6T;I`1Vo=yf7o{?w<)& zo+KtQrDFFBJaj$Rae+U*24&K>J)sLyHRTq!{Ag>4%$uw?6`<Ppvb`UPi{#Hse00J` zV|$Zk&UaNz{~=Y9EKuW%`;`0-`panh1_AU+)4(t;ny>QeTY)^>X}HsRtYfuRgpH0s zp6FrcN4T<vPSVeuJGKCwrVx;HV+|Dv_2g<kZJbV!3UzUYs_ONf?n)Pod9^@(g`6Zo z&>wx%dlrsabtOZWMCC#7PptN9AhY$9%AQ!akySOMM}npbSqy}S%*@2550R*~Gu<AY zziV^;(Zp!kM*lZ5M$#060LcRKB3o*$#?r?tnu8^x0Bb3Dc}>9QHA8Pe-W($dZbUZ$ zvSZH1DlNN@L!xpHvAbY5f>tPO?hq!tU%RHnjv(VS<o+idL60rop`CPHPxH4rbgtBV zo2|Ww@X>K!^e*0wio<k(O4$@c+<=Xv^6R4^&FKd!0v~-<R)c>#s*^rHJ%QqmEYNM0 zSLkF>wmXiKVHNv23i`M<7pw5R9nAtfv3|ksi-)usxWaSg;hf;<^4Psf{q#&!uV?E& zwC^kPAJJTq)#x;J*P=qW7rtK&HVH-aNCSU-E^gFZq{<NiF-@-AET77OhvW0b450}6 x;Qt(!`VYtF?JK|+7kUDT{^w{eb-^QA`arSzH=`gS;MVUm*-uK672?K0{|io2T`K?p literal 0 HcmV?d00001 From ad57d68b672c0d41fd660a0132439573576328d1 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 16:54:18 +0100 Subject: [PATCH 0979/1758] Add files via upload --- roles/pbx/files/Wave_sip_phone_connected.png | Bin 0 -> 23473 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/pbx/files/Wave_sip_phone_connected.png diff --git a/roles/pbx/files/Wave_sip_phone_connected.png b/roles/pbx/files/Wave_sip_phone_connected.png new file mode 100644 index 0000000000000000000000000000000000000000..88d85b1cd9bff4c5fb6c967b80a15a8e5786d78d GIT binary patch literal 23473 zcmeFYWmMbI*YDZlPJklCf)yz4?(Ve3-K{tjw*n!!TPaqgg%(S2r?_kJU<uj=cW3xN zGizq<y)S3Yef7M^$v$T#E5CKl&N*j)_h-kx(^AIAp~QLd;sw5{io%B%FJ2PAc!9!! zh4DNhRl{ua{PxoOgR<O<>Iv$<&mA-eSxwm&FQCb|_g3i7eQXaEBkvb4$lm<t^-}c% z)A5TJCQ7Obvbz4}2l<$JX37Cg>p@NAPIDEm!<voTZY#L`6gqg=OrRH9bRrgc5%l3` zX_i<7+u1U5M*zCg7eAIM@D?$sR%8xW(>O<K<K{*`HXLM~bxh{v&&_>o$ny1lV{#*1 zG415Nqwz2)?mZz{<}pMcZ9AIH-2@-19m9!=(5sk(m>U?7XMKMRb#`%q{JQ(8f1*>b z)?j^caS^&wX*e`_1>mUGXS)_c9vn1eWs$Ly#m_G+IB05WT1hXkW~y1Wt@pY+I%3_8 zZhJLzJ)ZP_h<R$$UCCUTuJx$L%&Tz_v50E^RNI;_gbB0d>^-204LI9DcYTq?*f_G6 zI-qWYaVaPiz{pKU7mDZUxy{-flhXI=2v^<DC?+%|*F&nhs><~pUUAHeJA|)|jZHHF zfo$yK8wR;4g51?<eah9jHYxz|SM~~#c6z$Qk<PdhGo|dN$$T@M5|<qGE{|y%UO)Bz zry8FC;~3*Z_t|VBIVPe8JLR^qD>z;C;K4NCFEaCsQABevEi{gMRInOx=S9B+H^72Q zFE*sF8%Ycl`y_o(@yhP~N~NAdrJa+!>e1~#lK4IU0f+ulvVL;qU~jqPZHl~eqN|TU zZ{B-s?EO#O302`kUQ8~#{7lo>^p}`xx6P=;b`g!QO;?14s=R0AP{fPh*-%Ge?esN3 zV}Ah{@>iP%jB)MUUpJ&=jObM~JL<{<5<34$lHt>8TTFiWI3CHoOnSxMr{aMGvSq6I zbA0|z!H7ZI0pSbycaWy^dWGO`jI;RVK1~U6S_H0&ddT!Y9CUfcTQilwiVJ-<0i&PQ z{UiNK?C8A1?plH^7W7ICQsysKPLB=`X%~r|UU5{opZgj+%-!0vxB1)l2MVK1rQK%@ zP3*TiXjACn*09@V>D`{0ml#6gaMijDK<3h5<Yn`*1a`PXW}4pZ5_>_#F@S*(b-w3v zD&%dSLsq#CX!J~}R&7R>403VXE|?_|A2iZ=xb&42=@n_qa!j+j#;c~&&HnD^B&DfD zU~pz9YLmbG99d0`;S!_DR;*UOUVC(^;;AW%(78&mrAH-QrDm=WzEm?s;V&|$DU81Z zckS42XG%tn=cy4?VG`ezgdy^L7-&pmo`;KVWeL?$4y3?Z-Fq)Ro7tJ&wnK|G=k@Ey z<bwr2NdQBEGGExO;L7xC#jU=&NLEUL!#zYN6a{I6=!=cC0*jLT9r`jo=kD8EL$<W6 z`Op&MzjnyLRPu_5;(JQ-nI}hjm8?R+e(llYd0>Tr0PKV%|J8_e;rxjpaCwX9)ubMP zfKn_mH}+j9u3mLU?<3TDwbkdc^QvRAAoTVxWLzRvUC)p_Nd8si-U@?fzl=zh#6^8F z*~&7N1mCO6*4_6RNLnma^H}Te@WFsAK_fxuy2LrLHqXeVwlL4ORf|KY`s0>d5WKQ> zd}2hX|6z_k;DY3yt*X;&!vH5VW$3z~y}0{fwCg^e#(RwSa@69Hk9wCvS`MvJ@RW40 z)1Ls=0ATLpqr;>0TEWa4gzkN0VY69mScrx3YD|>9tTC!%c3D`H{V92+=^m(a4V}*u z_1-`3C1@H1hDltb-osfYav=%GKEM7r(#Vs6^(;=4{hwt8I1Avy$MdpFi>C_<-=mHz zFp{?&TR-LL;`|&BEGXdSDQO-AYjl;}TEyt7NnG#-dVxL>3fxZF?Q&HFKD@oSE=uG6 ziTcKU!wxz0OaEl&>eHF&x<#$8^vqtFK*nuHVqm~sU}o{~icZ(=5$owkLQo&-RT$Lr zU!2eUk<;S8%}Q~hoQJ_=_u8BT&C77<u>A4MDatQ2^!gHcJG(?psNb>tFiBr8tgPf2 zgw|}pn%tWRL-yp0x>r8^(JYc11WF^a0|9})lLn!J<5HpZ6v>QqB7ydeOF+e_i;0Pe zZmSp4UQ8VK)0WphJ}!$;=*!0?aw_|KBBq6>rm(vvI>7aCSbv92QgKDaXp+RKib?CI zpB;CrM~&LS2$Jq2XNx=IwxiCw2w+eALZ71H(}8;!)r9i9lU|>i&fAaT_c6VZUp96x zYQj1mt_P(Xak-l5Oo81StvLqg&EtY9K^i0xuWR~wPn#PW=HjBPkL3&ckTfFin5R># zX{z6qH?@M9rF9+7ug2c#tLr(Jvm18>8Lh3`UT}`@h*8;=zuPMK*u6q~3`VB?L1O;9 zmUS~f43alfRvsih@*fn(5b}#c>FF!wF^cYNjaY3D&h0?{AQdY6X?fIjY%AVYHL=WB zQyzs;;U{`BQ<tVZRFPHK?e6KjvL-(Dts7pxuWLMC)B2C?uAe*9D(uoBj4Ti)+<B5H z%UZrD@Y%V#W#I9y>j_rfcGx-<PaAp-r|0O~7@%^muL*lV!tYJoTKcu5Zno$?Y&{h# z#_!`=Tt__I?@Bj`AGPxf?7h|bf!2LHTP9^^ULX{5d%khC>|BG7@AG(nQ`G(E9X#IR z-ny9!1r#NF|NNWoi^~np^1V#>c_dUE`Y4_qh&cBBG<7a0iIzyW`AM7s$eGr&kBFY2 zGVBhv-pF3l&WFWvVkez7u`6{Y8g$%^DKBr)?(d29^t@<aC86iB9+Du!r}di&KRKxs z?W2InAQ$9()#VUlGN_qe$rQJ1i@W%It|oNOt?fW4m)8bt7WQyK-&smS^t2<~^%_BP zMowQs0K|IbdyYRrU^QG@jH|+n^^=sc*H_=d!L4MGa@}V&EiK=3N+A~>395B>STnEa zT#*83<m09m9w0lzslv5GPt%L2KYuS2<nw2Hbykp|re$T;HnD%Oz+Jn0A@%XeqdT_I zqn6Mo5NCcv>`%-*=vbYLh3erc!sl*T%Srk-UGfk)8yga<|LO7QX_-En+PWrS+&KbB zNqnQs*m^#re&GIe=`LUL4e>N*@sQbZ)p68Nd`10qCjCT`#5?vam0#kvt?RDMGEw4k z(WYp(bGIN!&gOC7LE1U&=_<^9G>a408?W$Y%%KMm;ST_!{oToR_jPWN7TECXK$=~` z3ByD*KF-KIT_-<@2=E04C`5TL!(gs6rK$nj$IT2XF4|vs=s{1vQ3*kx=!l>0C!eSh zFLf*bW7MN7b7IMPob;1N58#)kJA0^;chhlP5)m*=?RPLmMDwJOq1~`s+{8VMuiqy= z{4?mnfdOxZlq24KAaw7zn5T0jl)m@CI^%Q?h!5F71!AEnwZCR~7!13Q&VSyNg?#?$ z-XXglk#s|tXac2HlqBQT>rcI{md6G@<DWF4QtN{oso@i3&W*RK_GX<Eoy4IXRebyK zytqQ0i~F;PtEvtVIn@C{je^x*^nw5@uusj#(#_LF#aJjrq^(AJG%&>CN$5&v09bI+ zAC`YOZwGsLsyaMPA#fRDIbM?%--q<_9SQQ2e;$i|vD6>-$#X~>NNc->wExdq6|`*F ze)oENx2G)qwc|9iW~?Ciba;QSBzYo9{IGd!{1!0p+O(e4v2Vvc+75RpD+v79XxSa{ z4kKf5h9%41ZNy=1kB>aX<#K;1$3za^UR~|F1Y3W+91FS};|w1Qx~mM43-Vns^NaHC z;060PFWRn&L|OoqqP$NgrGS*6H;>X!H<J!rv^nuIJ94RJzDssFCaClweL<&N!%I)0 zXJP#0KgKv?$NG8Ctlo(n_GAY{5-gzfc#ppE<{dVrjs!N<*E;?AVHbaBn9;&&&jnt3 zK9o*95`w+yheLP$LZh=i?6?3+0lWF+r!P%c<P5p!a!eR=aMgFL^ITV&c}wjs{>{;c z5nws0K=Yx8N%qFR3rM$o;YMe-X2!PDuO_v?RS!SkZEbS9r!!=9t=}p{O#F64b1A4M zfc5Sc|H{_l?k0c9&&@F7;VRjEqBHcNW9gwHsBV0%PaU-FdXpm~++Kn^QDx8+qC|ID zFO!TQr91bnE7QWhD+moNAq`@e!tg#DS`{L!Qixf?c&b^@a}VSRFkabKnhM9gQ6N;O zwL<67_}29FynWLog&ei5<LVEPXiE@jxRXasu^X_@S%&k>S~0+=v?vI8=Lac8kYjcG z%F?&*DL#5Uj^*%=Q<<{niq`Ee#<CPpfM2XR_V^&E<)B}($shOnbI3)vw{#-VK~YQ7 zyq+EuzkOnYG~}rZpcA}}Pg~lLOn8hC%0~qEBZDEcp)ww?sY*|a@T$KK<lEzg#gm{R zMISCQ0aDzcWQxT-L1={y|LpAJend;%nSwb+1O>9kou^2FKe_OiqGpks`&)ex?m>9M z@#QHi$#y~^x)i50fT@&XZ$1kzW$>H35x45u7RAM_0D}`RE}@{cz|f}a%dZ7)lSpRg zvy1t8vI_Td!kf9-slBq>01%vP%n>imK_Uv}`^KhN)a4;LwX^&9JZ!h7WiYgU#l?ms zz4GSnE8G0h&W8#XM>(waoFzDow>u_>t}mM?{@JsKLm~;KM8?v2^p&X{1;&h~RED%E zY41d$TTmx#xY*)|25oxd)8noa@g<3=r19fL=*;t?Hz^i=@FGOGMS$|kMcsr+VA|gJ z!~$<ahsE>jnZa>R+Pg^UYgBJ%wy`?E{KM5c5HXN4#Q9eIYQ_7YvTg#Wml!Sefj8+I zH4887Mfj$1U%s;<{KX8KX|zWSH(WtF<l$zOO(C|0V*Uh~rT!)IrdRsD*Mk$RIJQbn z;lK7u0*K3Tb|>7R@zoIW9Cxjm2R{z`KE`X+X15<J1f7T~!{R6QApvVL7N_^U2Z|1y z5c0ydDf8R=^n+sZ!jI&g8x*<1ZA->06vwijv*jJu$qmsxNu>Lr#yGRb8Ge`LvEKdB zuJ&~|ScbHufkQqQ6D$O89x*X!Ge)iB=Ye_36f4hIM$A9(^t|gjN}2Kk2|&=ttFEVz zTtR33FEVy(k)kL&!b9pi+>W2P1BTV*j%2tsYP8+87%d~t6}bc7@4;8|2(t*h-<T$2 zt59d5cZf-zBHqMD@<1o3(e0Erd!-rVzi^yr2S4ABz&@1hyV=cxdoV-Qu?C5!_TA_J zjHLc^YxL<qHfFAi5PE?<T#G=fFEQwp!cJSaeW;H6pFO<Hss{t+j{n8p6MR5}(wV=H z!Hy4L+EH`sdhop)$?hVqEYc3U{Uh5><fL%bw*KG-_$Ay9$G_YSd)$@XfS?iL4N2Pz zco|@EtrTOUd}hQnnrZfw0P}YHjX71<>08Xe88<&YHZNxj8HYnoYZs|54OM)Lb)ieu z=I(79Jh`IZ#~*Kg1syzAy@Bm~_;B>AJNX)`S!P>CL52UVxJ*&eM)|dRp&{j=gh%%0 z5shBU*cR>HBEPVwyLBKl&ZNYdM$js-oeS?ZSJ(aN)TZ|?ifqeXaeR+0D@o~>16(o= ztX>Qb8u07$Mm*lN%f_ZC+Apf=8n=@nm)`J3j;!9EDBMU#bY4$cnK8q%vN9{aShZgJ zhi{PtI97$e%T87i>EwZbej}0p<eO`n_ed|x!fwmxxx&ts!(LS;8Fbyw$qE2S4*&6V z2b@rG6P(ybd^sl;TG(#n+9k12*vrt-!k%385XLRqhN3Vl*#uK`(&M=dzB#GRV7KzR zsB#Z+7D-lJ?IjTB=tF<c5E8?hz7lqm9rhY=G9^!l&MU<uqvE(HaD83Okk#_-RY<P# z1R!cpteuyvqm0{^pA=q#Mp)dLW+dMru{W4|CgUJ2M*sSR^R%tMM(6KnWm}6Sp_|~{ zX+x8V!=zBqY5>ckdQ#p;5<cyBbBRnfpbIS3jA7JQY@(8a_*>J;Kz!1hjNN=<N=!*M zlt}DkOX{%ulcH%prsliDw#XOL{>fth%4O3-wns9%xh2K)hoFPBR7r4%$`?QQA>Q4j z=x$zcC2W>jA<ksre1kg}jw>(WXn0+s9QyC)c4*Zf`Q9yGPV0dcTofhkiObsyWTc~K zg`hDjhiKA8?+O-v{^n%Z<5?sHR8vgkKPTbR)^K`cCZFHo3SC^O)AQ-moyJgTevcrJ z4yLau4~nJ@bOcaw6x2<M!kFu|v6@PUS<s@7Pn1`*#Qv57$WD|cpc^r;-1Yk%IyJm9 z$WF7JCT)5s*hCo^@@c4RS4!Y~k$<<tn>qoq!pmbNS!R4#_kE7+uIy;d;ptR-aH&YD zSjLSq?wZv&S^TTR5KX~L+@@q@H;Cc9Va#tYT{&XGcoePxSxzKx(9?4uGyiCQSLdBv zN6z_WpZ3@M(k#WApBd|wiM-^%pK#nnblIZt6z+yZK=~B3sb9NF8cew|&_~EDofrvz zoouD|0)0RyckH`IXgh5pzm_2i?D{(#B<HK_?>X#aNbE2X@3|Yu0aaK8X6FrtnkJAh zpwIjc?McA9(3Tj&orqnCIqCKc$@<OPXcG#Z5Y+(KBmyw3hf~nivAehCx%GjQxt7~~ z&UkOkH(T)kE|bJtDc`a`zz&A3qaRj<-5SE49(4APV;8x6;0E{Y^5rljNy97pw_r@w z;j&arcKIk<+x500L==@0hi<TimNV~Nws4-EazIqTUeS2t&!#nH=|myujBCieGpr-& zz_=2V06Jss1EHmQjUPjgPMQnWg~j|8Iaa3U5wOfxij0~1jQoehXrebqWsklPG3XY= zPWLDVPRPGlOv2Ac)-h>~jd~CuulosiH!+Wush#q8O|zO=DLmIutiNJaw3Ug+&^X2X zO+2ILO%$2WIr{vCkR!a=Ml;ntj~u~s3}S~f(8ge7VNKTFKi}R$zmRvI{u+0lK%Ibp z#YAbDldY@qgxgtH20eN*`m*dwwR7D_i~GWPxrRC?&%Xb&i`(x07V{y2iyaSCmz^-e zfIS~Gn4$vFy7=z;>6Qo6zFC%dXRD4Dc~VfiVPgK~;plgilA>aAB3k*Bu8XDg;K^X8 z;c!V9o77ziDd4KE)QZob`*P}xUg*<(ZIX1B$o>2Pr-0fMuC_G6XXzxkFqpK4Bza)~ z`VTQ=2Aqfmd0^hlN|0>=df#XRFn?>S*zAmkU-ya36QjQc^S(l;iBMA=nqKz%(_l@l z`Hn}uJnig@Wnar_R-9Q7=$^ls=kOb!``}M+gqoijk0D)0@8^+m?bcgur2!U_i+O@2 z3{NRx(SJ-$!J<$5pBijG*Xxc5fZYCD38IeC0}JyEMi3wf$Nd1NsB%sn3$S*lxC|G- zcYPl0ohnLXHi-fZ<Kel2jhR|z_LHt(J-xHouaO+65py}tj=MP$Qc}ii@WuB{>K=lU z$t93JA6b*QF~w9a_cvnFF^Fj0%ml(uhax={Xu$@ZAK-)5H*8(N?NReLzP6p27hf_1 zqAw<hk2Q{a`Km?oMxPM+2|oeWVZ1!`MX!~};R~gxT}&4jaq;MA-5$HqUhANZP(W&D zZB()Yv<AVZ2WJ@$H9n|OxXO^bW<T6QtX&&8M-EXESwHd8F{Lh2pDB$XFGsLq;^jg@ z@-s(Bg{4w5A?*H}`15vt57kV;z>>BFm!L4WH|MvVUeMvVL|0U+Lv$?SaLCxbso(o| z*P~4spIlg8zLMK_#@JEG!go<}Ja50ZwVdn5>86yG8Tmfe=;OQeYfjt5!63Uq%dyGG zn-Hhw_ilWcW(z&BIV%;_-4M4M6_}NwL4lLf6hSZMOE9fS-`5Puy-J<M!NxpuntA*n z+D@2}itVoZ56Qi~?z~hxXKZZjdRy5tF9scMyvnIE>*8%EgA6}t=kpCS`_)q&^~1+q z@z*+YFB=mHS(tcqHI9cWZhDh4u+8ZE3TiQr7>5<n7B-5f4s1x3$oj46gMHJQ%$}91 z>F1cmYJPtDmDG*Ff{W1A#?M9%cyO+y%~w~mr}`>0=*llHiNunSaRyK73B`}7{kp_* z`@$F?rpB3k2dcok(fOHW7d_y@N-*-k_q@mEU?XzZFhnQh3;EKrI~=ut<)>9`=I<Xq z0x)c48mABwVUwdQ&6^6ClH+c>6rpg26td9^x}erCRYArcnpm58oe-G7<_1`oIRJ-4 zTF%hg&8QcX7Ao_x?DPGiz%?6po{gI=?F1<cm;HW)h(&_IkN5o#yes}RYtWI-W>7Qe zx>I)}q`bij=fuUKOnJ-3yV?w)UuEvlvG!tTTw0`liFSSI!0o`d4j;CXT+yHR)}Ehg z%(%l<ugMjvWRO{=Us-E(M$puFxwA?jW-T9YPwcVT1QTi#xw!j{j{9?hva0{z!&7n1 z*<9YY&v4zRWY~P3#To64aWe*R{IQ!b6wo=`<3O-zaHsWQEpsGDcKsyD52Q_VoS$`F z{mz_kEJ(>Hx$oMGE6J5oid*b)zNwQG{24SE5Nw|=TyS=ScCYv(q7VsZ9F~zl+!@<k zuLv@l_Qc(R7T5QE9p!Tq2oSaVJrEz0Y|R|8@!(G+jX@y+2WAxq(xL4`o&MuB2R7@S z-H&%=giD)L9PKK;*2>X>O^qOo_iTDS3I~UD#BD+;V}Y)@oSdAEK?`ekS2djr`j?fE z11|0dx10<!b6>RK7A6}<3UL{L;|B0{DmtPeoKC@+p))bxy#tc0G}>g?<L7_3!r-MI zZX**2cxfqZ<*Ah*T^zn=8gelQZ{yF4mN|)4?`*0KsEaSTV@YuIq@!-X7KtO+i1w%F z1E6ciIIxS0UA{C-Cg{z@)?Ze2Hc?+3yyZ;xT_!xVaB6blT3($~Z4CWK<U1PY>buQ- zSUc`k<ag6tX6#t|mY<*&KVNeG=;fUGX3lR0qm_r4)%$Di17YnoYd`L;-b3TSXinHI z2v@ZbH&)m`82=+Cdn8qxjC`plm{7G%n35NmgP>w9D+~>U$N^s5!yQ*F?*1+8C;XYj zvhdpU&JYOf3>@60m%fB1M_EXRUiShC3U$9tD~HSK8t$t59R=@-_lO3EClMN*4Qnaj zy}XSMyN*7FvPczuJ_bn556*m7?<K#!=9&FZxKAh58(#&Oq{WD`^~0A8^DX^|zxKA( zlL)jmF=((f{=j+pyELG&-RkQq3}!o;`vbOVGTP{`*JZZ`y$t+J@<Xe!DnzdWPa3hv zDXXF{ZR^a&Ud1;YRnjr3?`C49?I%UUgcjd-cR}|lGU1!9fC~sDng+hbXoG{PdK`e< zZToz8&$=dU=ZNp$@7WmA0*+wj>;EWo2?iX;oaTKI-0decq@4|Shkjk+cwwQJe+tpn zQHVCE_@`%Nc>D=4kr-AR-suab-kK1;wX=e&#b-r~<ZdRr)AlIjD5#elvACn|#U1ij zy_Y8@*__cbn38`Y2kXSeu8*0vkn!i)fWfJcRPCl~pBOG@V~5?3WSf;O_d=U_iB<gt z?fSWG3}mGch%n9|cyZEHt;YQbLS2y4?l9@19#G;V?7OTFvz5eO)&ICxm$=$FDZd*T ziRY#?m6RW&k1~%TpNOn(;~Gmpb~Tg&KFfri{K3j(MKUiS7}t=iqldMlrF;2ZSjg2X zdF88#-JrJMyst;d({Upyo!7g(h$$vFMh(w2ve8J9V<XMZs(8BmkjtgZ+l4MEQ18N- zd&@-@58CEgntB!ocHvjsM;vxVvRHp15>V;hc-ozy%LYb8WlaXVkw;}T80l&kcU7(b z*E{O3FTY(P`@~0+skWJ<kE1S^eR7X~rOESJLl<&fa<}>Mf|PhRCCQ>2sO`L4cVXw% zMnYA7ahg@Wi|w)eRpZHmtr@c|W<AlE^0t@^8k;oB-hXocd|uLyWDW-N-s4ePy^u0Y z{LOO|4(xP}mqrU;ge3EL92^`(l3|4+R&W63F2~dkx!ju<7gy+`;AC48<!b(`Z!Pp% zc!^pfaFFGArAZqX7B-UOW`y=kERUtHE@y?|^?f((l?n#T&Tz(&GWToMpbsh#&)wW( z<dyi3`neyjruKuE)wSuZSxcUpYw23fjRAjFiI?2w_gp`vUv+vrd@^iMC|UP*Y%d!Z zhb83)$7${te5``O4yKZBeD~@DxYQDNBEcTyj%7R{sLl}>W7KH#=)nCQ<fFhME9>(D za;{cXx3UR*q~s*STwlxQvr_}$fWilo!ax!9m{uD-%23G~1c<Y^FHkCDSTWkJeSFj> z?Dzo)Lh@MjT-?0cacx>7LoEMUB>@Y@EIh|}^3;&DFS$2iVV6%47m?o-!if<}LoxDH zj?UXUv3l-2l5ph!35C{g<NNFDpYqHCM<m2M80+}$>lbm8^4-INr=jx*dad)#kT-RS zX4R~kuKJG0JQzJNejK50X4vqVR$X@9nOECJp26aha>wr<f@7zQ!T0IWN6;Wst<%&g zIzuvnP`8HD?~l)dZip3MCL9+(!vu=wWPb6>Aj*9p^f(fTXML8M9LyAhrM=5QhlNV_ z!jPl8)r0)-^!fsT2ck1(nx^dG#k01)s2yFS+!2?$8P;Cj&bDxK$n#XX{vdtEZki4! zv6yy1WchS%gmt5nFFtFrBY?u}uKjJ_;WycMYs6%TCACND;dJe5<NcG<=$Z0HJIaK% z14+A}Pbb9UHyKgggTB&3Xl%k-ZKgc`+Q&7I|2VBBhE^^mS6RT^k;3i}`Q)#g1>?+Z zg_1`)0ZFB!n<-%d(i)ZaT=eJ#$|qJ)Puhm%mi}T=AGU0kZurRs{43*-HC=1-l}04Y z;@qu!#gHu#veAYGb1KkoABi?z`qyg*MCO~s0*w2*!Uqnlft%ez;NiJOj#z(^1Y*ci zk0+q@Sw{7^!i;|zE%*uM+7vZxTuD@koy1SrBZ`HxU{UY*-or3BW_f?9&h$5j1i%kj z)wKLeucAkEMNe)+?o@(SPJ+rGyuR#VImmc=Uz{!c@_1jxz^`jH_-x#_Tiu+xlHd@* zlQU8imSf6!VNlfpb;MtTyk6#LJ#!PkIoC-5KJww^0OZ!Z)gA|FC~2ifC(q+szZ{P# z(y9;E0JAH39@L5<1df$>;t&c154u&%6zitv1l)iBLR5I{ef>>J&(q?h=e;K_Or-H- z^a5gOIN*#KKd`CmYqe>L#%LZ1A*!da=&WB~U*DDcL*1C8W91gbBNFY;cmC|AJy>!* z6ZbN&h`;KE4YLQ);ExB5x~?|*4-*Hiy;uH{>|ePK^9@nY#f`l?0k0hl3RkT<j%IN+ zopDPDODH7|0sfVSZx^Jm*V-BC8Q4<DCl>;-Uj_u58eq_ewxI2hR0^z2sXWMN@XVv& zi%i%|ZO~6RfNlsaPzJ3TldL1<Spg(HF=q_#bwAs++tWVX=X04xhG>p!2JE!@DS&OF zilfEpM6Q35=Cd;MQqvdU?<=VwD#*@IXT44Rvx(YHSHs6mnqW%8Z6+PHS3%;Hv*cAx zAAE89soZ{kbiL3N^1Ix(9M)YuaTD18Z0{%7Ex~`X=6zi>@jJ(}ftfDwLKfIbOl9h_ z!V67hebq}7pQY$BMZ`gQSZ(>{g_Qy?w%kUjO|y%4XiV!9lvXkN0$}n){@}^AU`O-v z<-Kxh{G*j)aMYs3^JDowQuoVrtYTmGKeSU?niwp#Hlwc?y03Of&hK^n8%rW^{{E-0 z!~!**{_&OT;5TbR?1S2!Ur_u5fwyVE$q=5cVHTArz~-o1n6nOUbhNiW0gJ!G(#(7J z^dI#`K|$%`UxbE#X#T|_ti(rD<vPvW@=U@<>YC8He-i=Jdw$PV?<OJptP%m%>m;A( zj~2XzCEOwwnu~)HSP0rj1YH<~#3=ybvQ61|dc3pTtaM!FoYhBxKJ<N^B}0p$TRY}K z0)AMkk;z8>);<wUa2}VF5b>{kk6s9)pyX&FR@(O*JOLD)&q?8FPg5)?w~X+|RsQ-; z%GZ`Co>O{NDL0VsrnTUY{gkz}f}|7!c+?Jm4+^hhAWf8%4{P20jSAdi+1!LFGM<$| zU&KYRV*z*Zh$-=xsC)oZHyb<=bIMnoXtZU696z}!Yb;$hLMXd|<|P)C(pQ|PUCSO< zeX<8)3N$Ah;P02gqM|J)-f%6=s?F+gz7U1yry-{nTRB+A1O^D~1LR^P;mtNlYkDf7 zL4)~L(a)hKwnLupziK(J-PJ1)jT{z~B`<JfxD5we8bb2?>FskJ?Il%}Pm{V>sR<y3 z|8D;Ongd=oweK?<ALJN76r}k0_>t<*Ucm7Be`}Lt-O}Z5sfR_cr0ls0PDHJc!{QZ- zOE1%+F(j3XnSSr$^pWzvtfFCkdIdgW;{T!HVwwxrqX$vY)T)30!_6rw>L7rVisG}a z@}GhKYF-81o+B;j6)5}1sV@FcBj?ZmWwc^E+!|n|g8xg@_<z3g-`4+o0{?q9{(Cn5 z?|;*OJHvlF!~a%icy)Jsi=iI{u>SOFbo=!8FMwP^lC_Bm?7u96@znoS(EgwF?f);` z;iys`rHNti-6&s${hZY*1U_^?o{g^~Rg}<<7k&0*>MbbfRo3;J=dsYaT1c}YtoKIK zSALO&Ott781biD<Q8Q|0W|lukimWuukUe)P-q?O0eRlejaAI_HH1PowWwr&LXE2G1 zvb^NsX7NsBD@DH6V%-b&+n%jD3>Bq|q<{>EgLY63TP@b`umlw60QL%RM*)*^x5}BD z_mb^<$IE$Mx020Vu4tQ^+xPO&Dqh`tPtv-y6?M`vB}-lUFY*?E;=!lCer9w^ybEkY z4X^yS&G+tgBnV=z<2LDok=BSi`H-=_U#&x%thKSnm`u^W_AN!?eh&d*%nu(C<`BdT z7If3ANa*gbd#NCqrCuJ0dcj>2Gx@O7cn2nXBt%ZSg0<KEOI_j9$_H#r$sFdyzNP%_ zDJcnR*Tuj=Tq`#wr3h@Pll^b+hN|R2j2i9MMgD*3dHUfvm!boQJ6qObg;dw?ypNx# zxr-o`*6?V-q~6bk;a*jeESWY*#ypE)%&4vD{vd}`59^=0we#~r$fKhsweQ4iK=}NE zFi352amsOZb+xg<yF&8#H)^Bjrcy4S-7nYmHASrX<r!;bpm)M}K0nLK>qUAF^Vkl{ zc%M7>A$h{N#YM|iSX)(ffhs&WG+IDdxCwM&r_E9KCYh7BGk>g<DNAp--|OG(Pv3ng zuIugj>-j%_Xin|r?$D6`{?%s9XQfzxERNuZ+(Q=3??*GeVubCKz6J&b9h?jTo5~8! zH&6D@YM0$KHOCJrT?Z0g`|cG*gU>TZN&VhzvL}XwJm_BrJAHH`*tXybh?eaiiT7TS zIlo@vSa5Q2Ils>83Czz%&nHX#)xW8bGyO}y#@N+)zPh2>6;?Tlq}v_)DhS&d%W?hl zL$fYaTiILPyS%P6=bX1jcul@l?94yNv;w_GzO(;<un|{p@(+f#`ghxog7u54gGM*+ zvIZZG9VX|+<|Sqg$GW((%|UkY16<+9`9@vj!BtY8dyVwXyWC8@_BH*=u4+q3^G@^G z`JG)-_0@SmwJ!97e*MSk8u&sIv2H0RSRgs?uq2ssfWb%thrTHM-D@Y6adS&gY4pL$ zr_=4xgJ-w~i}d3Bk9HFodD1&4NpDC03WJ(PQg(gN_A`C7TRi*m`SK}#LAlA>2qTFJ z)7I9GAwl^~3}p}84%vqeM(|AJ3Qs0^(lZg3XY^%)o9#x){=;<kJd(F>pwnxDc&&Os z8_~gx_Yb0_jBb)0l10?k_gNf9*2z-0<utyFR=!iRm{F%+MLexpE&7gzSqkyol5n3q z2WiL^Ko3}<kp{Z=?;k-O+%p3W)(_t%Km<cH3(R4|4)+qLLyVWtnfd2vuWh_gdR<IR zOs+LX{DLrg{h2eGj<VA)AH{n0mql|k!~sf=ym;y`f91HghTWDj8z4rBTTtLtW4ES{ ztI63o9`$W`Kfms7ZSOFJwr)plPOL-AJhb=WGIM-Ou`Yk9ZAt0^%zuD&L}kk25+t%- zv#DHF;X)E0GH+ZOymuczf5h<N(%IV#0iQ|3UE;?Yes4q1B!i*j_)5;(I~`Z$k=N_; zz5ltr?#SOiWzo+pD>s*r1a%fpg#61tBBEVCe>(A`-Jv2B?G#=)Ii7#$iw7&oFHQ4j zW3qER8hyA?SvNj<IPADuOZm}DC@ld}Hw5(tT(4W8K?i3})l@`@v_Xe4j7eDdv9%1G z0zwGYuc{7Xk<WDa(lbUtbNYF6%RqyKAZ!zVfhmb2{GwUY^f~Eb7Y{UZNoUrq-AtC2 z!ji9I-QaF@b^A^yl;^jVs{FMn7Lo+>lbhMoq!^_mPs1QjQ~S9vIvlkWW$RsN67Kfq zDfoo4&Bu9;>x<y9mT2=_qtDlnYs{-9o$<Q;@XiRDPM^#Uq#z6Ij6l!?I=A0BnALhQ z<3wKISv#KZI6u4KoR~>VxE@{o%;1y$!vOW2P1<}|%$6fY{RSxh)+g6;HX$zmz4SzZ zor$*WcX^-A4-M?ZxH!se-FJcK>Dp4Fx~7DQ_p96~%m}I~cEt5FSTJBemS@EuJS5jD zLQ938h_@KMzPPvXcy~l7Ntc-MuxZA71;VIF3F!!tr3*WWw?KPu2(gq^A+-D401bTz zY&&R#?Kf{G*U9e!DNiG83>~zkAL=FVk9*;HE#A8XJBnjXA*ouY*?~i8x5SEt7ns0c zp1zaPbS<17l@-91q1NvzOGM0<+Cu*t(-yv2c@C}_($O#p&)kAIembU`sUHN$rhg1d z?B6uni>~}zL(iu8?h3_e>nbRBmVeGYt6Seh=Nmk8C2OIM$hdSDXPeydawK%P-_`fJ zQs1P@uETY$y?f_VbrU(4#0r<hnL_TGVdGo3qE~fkgs!Vxp7h-ZV)d_cisbly%`kfp z2fq>*qQJrX(-b1tHeMhpE<lUJa`{ns^^*?Z^}VUjoZjWEj&{_82pek$MlUuFKcr9r zt=#f_R##(%#&3nFl8KExi)2t$7(caHN7Yk6W=3X>PN+0dZP+6wm@e6Rd%ZBDCs>X? zV>n<^ni~rRKjl-ZIoLr!De$j2*{YREQ{cjmMuCKADJuI}0{;Y7sF3>_^$gC#8{of$ zy3YzRVV|}_0O)>LSTu|$HdOJTB+e`%JDK2|-jbwL+Dp`Vtls_qBr%Hq#NQ33PhAC3 zTKh~^MYKn9-A#S3*(Y<Ejs_M~5lTX53YHfgLcSBUH7r|M7<KknFU`1jq&r+g%EpB* zGWXy6HD%-YUJQh`m9;IYC3;te+y<M}dR6&c25ls2&YPXK!u~jrx)+9rE4E)cQe-O1 zp%%UP9FZW2BG=vivV#ovisCW!qQU|l-KJcAb2INbYt$qwVco0n3BVjETS+`ne}~IV z|I@KA8b|T|KawgPbAEol)wLWgK$()(sdy%pYbG8ml{u--mepfY@@g@P+?+z8wDI(i zFlM)wC41@C2YIkxH%VZpm>1*xDaMM`rp9bsbDTauhG~i-XjQ?y&E6G2Gm^?vq6guQ zN^=&xnfj_~j<`=Ryl0v%3^?138vY>mqwrzhp(yEt{dM<CPdn*eq&im%lgpo9`qid( z?E2LZokG8VzdKJ#EH$t#!xrw+V)X<4nrh3{3kv53>|y2x?j~j`hbC(d7Ed>kmxgc^ zlNICBKED8)^ZE?QBt>#>a@vZsV`GWRwb0yovxbsUbmyOykUz;^?8A-`=t83%jcrW> ze07|7wqH0s)rUrN=<yf8jz#-PMP#b^!dvYB#d^^M;ox(S;i3E%JEKNZsTofj8Q=}% zr({ewIycl9>mN}nd9JFkFNfsGquZ<Y+A!x|U|Go?be@2n`NCvYpb%?qO$k+UGOY9w z4c%(v1~x1fr#FwKu@dwlF>gZmXoj-~egr2uhDBudm9jZ~<3QN5pV9WE7UZki%&09x z+X20T&hwz6w+NI{BK4^Hqfx%N1?y8<BKX%n*IqEb@4ugAJLz4I%I#myelJ`4$6ol% zPAf;jsbQboun2wl<{f6#MLxweFAMdbKs5`?dV5Q-Ni5{JZUx!4)5@xb*=V_$HJSoU z3VD`bOJMBA0CoF{5!m>0JHH$tuxV*{-X>b;95(Wy3^P__4z^M`&8#P}e_Pve9uXyE zQ|zpL^xFwFeKWxL6bUv=sX@I{LOd(*`<7A=>P#AA7}l4DGKLQ)&59K0%yIbEvWlD5 zdIn>QBswwzjmr^Ms{KER`^-6MVc7t8g!a9m^$3af4*HjyvQrw*Eh68$gQn>7q6tH5 zL!-Pp4|osHu-Xa{P-HtpM@}Apf2i{Tg^Z*}rsc&=B7~<f5-ZLA(4ME>3PH_EI5R2b zR+t9NAPwj@1D02j-^KYOX_`@EWFX@!m=^$cVz~U&TV=6wC!I3%Zrl8jSyePl^*8e- zeL&vu_M8Kib;BS0!1?AgbpV@zwYDQm0eIptF4I)uOPbl=+o|2Z2Zw%8OR?|!WH#R? zxg@<BJD%nSmxC;PGeWk|S(atDwVXLJDr;tJ%#4N`jU%g0r{8{`-2#vLN>@!NvV~RB zcdfl^YWfclB-hQ4#f8TzniF=l>IeG|3dcuhFYx%KzJ%vz{q?4ZI!>Z_zKNTFNT8IZ z>ZBaK&Num`>>j!M7<O+dT`fdZ3;?qrx`>wnfM<m`P-M0vB4T4c8FW#ygep-q(u>?t z_2GBZb!K29l#O_^WnNpSzO%=(Tl_Koo~tza^sAt^KC55j>v`9sHMcs4@kZiFbAORL zl#v(8E$`N2aOW9GD*NbZdq3F9<pgknkFntIq8&f1s|dqAXsy**WCNpZD*stM=M?xk zKNq2=SK7G)JGOt3F6ZudlRo&4AB-N{-U%&ovM(%dR;_UvuSEPhUk1_$^gjL@`|GRJ zwuAy~q?YP++1YCG-9%L%(`1Lu>bmz2Fq>Rns|9@=Hb$;4+bB~D3{yH4YwUq-=`sZw z_$bO&`I*VEx4OQr@On}dHhue0Ti9cpj}Zj~Mf$MOW~Q0*T%zcrQ9qV1CNyk{_=f$C z$rPAM0btF?0@V>pcChvUb)Ik=V}t~D0N_wWw3J?mLjjXF)@ij6z&-Ps;+>KJ-B=hi zIF@_xZ@;$KO{uJN!Y3~l0`jqt=zBWC*2Zlz)%}($Qd3}&!|MfSalV-tECw!zd>?&^ zQ@mY>wF>Ye*_-t_#TQfbH*m$7ip#mLWNox;vMTzH*4)~!IVjks%=KKzhT@`N{&mM2 zahpfo+yj)E#U%&)Rg<a`+smFCdxyz9H)K!~?1xvO<XYj<t=hD{>yn%B$|;peLnEx_ zuO^VZn%o+y+!W$BSPlZ=CI8a?Zlfxz;I9<^uwPQ_SqApGPn8v@_d(7_DXAHr@CM9# z-qB2sQmh-7mkUUNA_t;@Gq0-%sRyC6i`vOblt#(B18ZSn5#?5%01Jd-AjJ=}hmwlk zGw$C!yAIM1MikZXXnza8RiAFF=@j9BrGsYtiO!I>Y4SBu+tKL6XW1h391>U0^rbgL zuV@nesmz*()F|thP3*Vjq^VdwV6eF_;e(#^+N}NR1?Rl{lUmTpHq*LvOY9P$4lD$` znsu+kAn&%9b_gA`%^lKNT*?1MRy8ZpeT)3+@~5%DgN5~;xHV;0rz)oJqQh>M3_FT~ zooLkYx!|_w)H4A?*{1mO&jj7I@m!(kk@%q$x=`fr0FnEt4Qsna3qZExnhyPv)b&PW zuPyuEmoxE&U)(4uvR<FCXj6>vl$Lx*k=E$*atV`POJhdRY^wGCU0D_tIg-7hzl55; z@Gd-0Eiim^Ne5OAdOR<Ce6tb&y+AC<FI&zG)-H-COe6yq>1}yVPfC@dKE=@gwV`Nh zvl=%{3kagEUg8Uzp4xI9t?MlMK3;okkK}A-eU<B?G;bTNM^#m_=rX!s+t^<*`*no5 zqEWAM%lua2X7td)CHnks*zKnwv|GQGq3Y-#G$5MBt!_7PcZYo3!dOr!K~3dj5beCD zXIh5ZV6WCIH4aB+U^bVTn8<K+lpLXqwieewoSKNP+eGXg!sqghX?imqabJ$lOb;5h zw-nq@UZ)J?(-#>x=*hhM1t=>J`hc{6J!2T{0NUMjVF6>1;JMHp(M-6d-_=$x?@0LI z%`^QfOqj*!E$tpKYSNQ-y?LZp6PVd?J6A){OY=;SR&q_eY#eS2(X*c=s>be%hEv=X z>yd7DOI6}h+o=V5x(xbU4o)PCzn_)gN%;7>d3Hl^5T(ExpYU50th$eU7il!i$BpTA z={K3{estUWXP;Y3vWLs1qRCfST}`Uf$k+)2<TkRC4l16^5~6Xrvh&^_(7d?(iOgD> z-+8OgO1iJ2ZQ%VK_IN!c>U%>qQR~-vBJsQpH9eQo1hmf8tQ?`}A&5enKA&bBgxn;4 ztj$bd>V3<~S2!TMUBVK>%n%h#$740@B2Ai_<2~`ctOUhZ;~&;;E#Z@Z5+#cjqKWK2 z!R}=enmj*RGR}Z4byGdGy!_jWQYp%59(KTQ&JR2IA_JVd11np&CoD88s&s2uZ|{C+ z7Lv`h)XeZvXW*WEm2f)!wvjHyOhfb<6yE0XpAxG<C^eDn;YJF#XKnz!TNwXKO;KVk z+x9=o*Rwf>e@i}F3G$t2FA-^@MGSkP6}%aIt4&RY3F9c)JO0LWk%{>SD{S{uLI{n5 z!oSFr-@m7d-$AYQ8?8g^x!mXX<kM9z6vf@Dml`$og7*GO1r<YATXT(FqX=Ex{6AJz znH$tva2(XSx0T-qmn{7PV+)B^EZ$d6{>W-te#2ehTBgY_-iQ9HBrI}{H1NTgi@^<k zPKI3N`-QvUR(=^Rn)~lJ#KA9N$<~=egpCp(JfdJDH~dzCjZ|CfL%BrF?>Y(r2}(FN zOCI15V<lu^)wdU47%jb!hxJon5RPvpu8Vtl276Hv0C-sYj6SVnXU0JVtYyA>W`2Al zz<l_*&kC0eN1dAFi^di`<o;KdYiNMF)V}tR3D`6S+ldKZg0UwUOa3JyT4p5>Sq0A$ z+)ij{aGYki+vW~)$`x|QiRkfoF<sOx=aO)TQmsfcYVi^xZ@333cOJW;3%<4iI>q&p zU%p>wW$cOBzSxi_1W&v`CRm`<xwjWhpT-0(p@*-xX9QF9)EY1BT}(wMb-3jmZ;sg4 zjpy4pNqE#qE^j%xeVVR5zr9`-U#<S-8the36=Gd?QHeZ-zDqwkYV5DNxTI<_`)W*i zaH1^Sf^OYt^?-3Ecg6mv^Yrft4d?iGrusITpv#Q+MoiOzF;Oz#Ke{^OCt~4(A~v1g z1-`_|REw9!Nw&$G6p|Dj^k>M5lZpD_b@uyRLEnS?EBTqIs3`RQYbqV`QCxWQ%}#FQ z+i~vPC18QJhw`>vaH3_JQs{!5O&{>Cd<xVi-OnThK&S@vVOuFg#j4K8Q@`czOIFpm zw^W>|u*pm%ln9cW)S`V)?)dG#e?V-l&l#i@9oE@L?=ma7^L(YFD@}Ze39O9AGYL>3 zMk2FJ+)iGMYl%P9dz3i@EnFT$VAmurDV8sfO>!-B{VC(jrB%%3)!ST=-qVg8%i3<u zy|l=4D-D>fJ17(~>&$PeLg4n%`}N1;KVMG+_1-RB+7k}Ox6~Lm<iLasO(vO5c!H{F z#Ks@80_8&OxD2-={9;1QIO4?SSK{FCW)A}gv}aPd<Z+tTS|-wFSjfhWjU+u)!ocI+ zb1)i=P96W~k*ADqFO6OHVJ7n3qChi+)ab)YQh|2HDCuPR-A1jTjYrIg@AY=bEDvO^ z$@fzF3DOs&83NNA5E&J1>PxFAcs9hzack}|;@T?&%>U(Nh4M{xX|zpWdi^^sEL3gA z!RAdvhY#sKVmK4A0WZ6asSJVIA4g-rL<=_5Ml-zcyPzDe2d1X`F;Ra8Vc~>A%imfw zZt`9p;dU!aAd+`K11ILl+e0(d^*1`C^xPQ}?HAV0At6_tcD}2nH$qFW#kc&s#`6Y{ zhWvtsiz+yQHgum%wQ<#cJm2jqXs~lhaXX?j@fpLMe%#u2fQ|JC<t`)0J&D*B8k(mB zOuBH@r20;i)}rOGR1-!IDbkg<-hNx08g^kLlBBTbvf1C(<{}*28!o<4@BeQ7LDojG z<a7W>6SWj_(pH1x;pgF6kbw7EL8ARLL<*7z(V)nJ7JhnnQp~zh=o%=+_J;HeEr6(- z(3|_WSm+h`$#M+!N&7Q37tv3&6N-TrevWQ+PD=%6nux)X7YTG1i@iQ3cS=GG@%i%H zMZix}opqFnjtwzmxyksQ`hUe`>E?06MSK7%BuP92ZF!IvJvG6R=o<^CNUIXt%uwgb zv)f&#w|B=?U0sf6JK9%7nkC~at>fl(8+1YAqTVi#dDy<YI>`NQaItH7g`vq6Wl-;H z+yjI+^K$Hgjw|AivrAynVCdC-oy+67SnkH(UzaC6)xqXyL^i6_r_u2CJV`D?RYqQB zGF9DRHZvC$tQY8mp=?ZkoUAg;RePe##;~3MfL`IIhJNis4|%5tguE1h?H$IuNJWUn z{MU97-M~D+?hCt-|9(&RdM?0%67Z;sD^JhCQ9x~X+ThFD>t!KS52qs#_`3M=9YG&? zdV#nL9`dsn(`sMl&9|~FX;S7wB0!)=QmR`_vD)ruMY7&S;5*ElzZlz*iV>u8rcj0E zGtjp|ZP&iqZ~N9AJIbH$<pM1--rHoZw>QrnZl-uayK_CI{x0pwr?s-V2i6@suLinX zAjQ<VLh<M8R!4sf<H_6BaX%NrDj&2~|B8NJuOn`-B;9e@?>k$%qMa;U62}tx)%g5u zxy}vgc+tAtCOI~$+moje(#%{8t_TFBWTsMlOif^AYDj!N>7sK3NLchQPpKTlh>*rX z3%fr}GwIm3S<&p?sQH&!Tjy=UDiG-J#)4qcceBjL824t@2=(F$6^Y*V@4ZmrUSQ}D zNC~#+FEH&~(XTQky_~L?ivvmuSt{{&$%r|EPB^Vgxo?5)G1~0}cEo3d){IueQVO5N z)ioMx6Qd&fiQSh-$mW?5Dqn4Sdp#2=xR5qEQaxn_MA44jX#|%fejLoV9!YS_m%TWZ zRmylxqGZwI(?l5X{&otr^T-NG7Pn;dalNB&ac-XH0j<W&hBe9B{@~K;f4yOcYu7#_ zITqQ&3xTx6Cq?!aOWQwSYKa$(ML)+oucnOKZr27SdVGAB`yw8;)hFwX3LdtlYEY}s z%sRC`<rKP(1?z4k!AbNnn}W@xB2qRY6!{>6#BEryS8_`m;xb?v`J~L4h`5}XW&YQ5 z^J`>dkMF*jTk0y|<g4|G=4qpscuq4yCOnhgzdjihB7&QKL-D}B_ehA-m{i&RW<4m9 zz|xniq}}Rq^7W*3f79=c1f^EHlL$3qCl>Sk>l79le`wDpCix%nf|Qyq#v5wH{>fIW z3kl2oTapnWq0kvkBcdyRE;x_rrWS_w0m_|CsE3vYIl!&b_9viAWK!V^?_nSBKw`6w zdyIEw*?zoFikJe$^*WU`C04QzHIjGLM%LS@!hv~wNPJK3u{wpUX)Ru={%7;t)bfli z=?M5L<~(Svt$%7?{!1}#;#^P*Da^$#tV6P88oe0WZ7-0qpMuSm&|z}#QFo!+epWtN zIEC-c%|+GElQ%NT8;9|vT%f98Nlu^htf+wJc&O$16C%ESF6ZHRA2w!9DHa6|yWe2F zURFzpZ&C?=GZ>@rs%VdU{|vmal{3hDPb8FSYat+mkXZ@$XRv-QL7Hg!OGSm3neCdC zPJaESV4o46w@^e&o=ICoi_%&ufdwvR-cl@x))#-@x1xMr&fg(<v$?V5!$FQnMD3B0 zv2OP)P33X=wq-DenN{Lc-xdjpWo#O^p@CEOg<nGxP>469(J3rE62rvgvs`qlp)SL? zmpaVNMYFUO7gUo#+=!H8<9@k17=?M^KM5Mz;FhvcW`PA0llbh_%W98@fh=Dn=goEL z-UW0dcXlQ0{|Ffq=Ip7#ijD0&yy{ks4`sYPPMX3?uRDFecksluN(bz9*25r`K{`Ag zh{;d^*%J|gp+Zum0CoqNMq%NR0*V<pSYTeDu~AW&_~RJoP?2g2g5xwc_QyiUU+igU zlq~TJOm;?7m3^^M#^d7&>5S=PeurhFiy93CYa_fk+2cdQ!7p*7@{$((0_j6!V_5MR z>5q9f-jM&Hukk#KWyiIN8^T8Za-8_#2mc(Stbj7XQ5N`#bp>k-|Lh}N%7t^8TR@yR zXRP2l<Q?(Gam_scvXJkrN8yXY9@EQt?5AFZx)mGEkhU_oe+YzA3)@5YCDX(+SDx># z1cl~S>&`qa4c<nkbXbpDD4jhnp3Uv%-M2BIDP?Yf`Le&M!?t8TjH_=mZtzq)z5R9f z*rbkj>nXbx(m26I#LL?)kj84i4{5wZ4(};(zkWVLnjjjUoPyVJPgpp%H)2xDh%+i= zJ_W~;LZO0Da7<e9U{ZWtA{CM`bu2Ur5sL!96fXP2K0lv=h&>m6Aqq~s9_#VZ>u`?$ zah>RYyy05BCIOhAp#kyC1;3r)jz#R@!=#+24gWMY(gDPub<)D))=XqVJkI`o0r^ip z<A^5{kK`w&K2Na{AM%v=h6d<=z&?)QYRir7u=KQ&X4ZlI2oMh#l24p7RuC@H;#$-j z<~ztgtV4vFyD(fIxNeLm^^Q2=XcrvAs^U1}8S7GrYo3f<z;8IO)-ks*knXXdx5q`e zWuo<DK3pT)TFf4NVuRiB;0oK+<87p+H9SXxm~82GK`pjeW2xEJZ7f^4wb?c|6l}c@ zRr=bBwrtC4yK~u-*4tcXTY9~W%1zebR!W_Ba!jJeALH>q_h%rNjU8^Zj3^{z7==b9 zqd+Jeo<!v-NN%fLf5Y|Rp(GkSlXMi$VBvY3DEQc$Jihet&=4tP!o&~$^GcDw{~<O? zmX}|CdDzEs3LaCOb3@qU4Dq6p#vYjK^5ZVVjlB542S1QkL{B4m6iw&Yn}<f}``P9( zb9#T^9QKjEeL=hq6V{XucgQG@PkriBAs&<`WyCu9%5Z=<#(3hFvLS7R#gezXVUbZb z<PYbOe*E%G3gr~?W{jZxi6__K=M!K4@|VLyX6)l8!6!fY$q+ZJMdB3dmH!cM(iY<F z!iWD@E-{UOzmdQ{epm+QdBk$8;DNI+j}hMJZno&Y)wXoiS}QlT+gHBzecR|lP;P0q z4Lx2DC$v~^wb3@LFWF7EKVqGJ{yi&u?AJ?{+Qvq=(&o&zx`XB!Z`j>lth25%_iEZb z>}Kor@OypO)a#Z{uOI6RuF3j+KX+|-APy-REh9chLd7A&S(14a63<fbo=+ag;&E~I zQDE<T-}^%EKttj-B0|9PA>aJwH|^YW&$U}`xivg8&(o~*THpA_H|$40`cZg<ocsG< z`qGy|*gPW7TndjW^TZ()gqQKs2&gFB4H?Udx;x@KTe%jubFaGkD!b$@mxNotQ>RP~ z78q&c30@v0=k60f2jIolKmF-XLxUn8zV)qdg$m5GB;+A^iQ5;1M&<FR5#q2UiSGp$ zTo7*Ivi*fGd?DmD$64}nAnrDO<ttwakBYzPO>eU0Pc64AzkOvmhcf;4x4#|INZByF z_}~XW7{a3Lcz-LxIaX=J0*FFE_)M~LbAbHjk$u*=rAr4#oWA?r?}qU^4+N6;STMu~ z@%i+pKOOeRa{buHJ{BHR;8_};u;w`7P!GvFe)2&XV^LDx?E9yG`ln#oQ5U&`McgP~ zAdYc;PpOtOYijg{-tXafV_v>`t@XR`%{=TNJN5a;TelmpcP%a14{yA~es%8(D|8%e z53Js5H{JJ$RU7Bn%Jp09u1A)6Lq6E<U%uI%*w|xFbv4*`Z~U$O<nD)UX{pgB9Wm3s ze#0Yn^`gag>ykCLs<**9>)P#yzx<6o@Wd)UcVpAsFenyXj4Iywc%DB~8yor@$%sON z5|iol3cxx~H1dcv8Owfd2~x2r%vZeP6(Q44JMFa4JH6ozZwLjCUqmN<T!{;_j-`SK zF+`%0zV@}R4ULUw83^-=E3ODn$zmN)XjE_>3>$BV1A-U@6hT|@)CxQ2oO8l9ap2{^ zRL)B;y);xRdP^)bCM`(^4U#8DN#hA896xxAn~Fz;+*d^L!kXeOVOS<KG#by<S6?00 zX_SaJf=|Q2+9bX_xJ5eN`HpvnbTLe$>}hm7(TXV1czB@e;)^d1jg)ette>f;-&3$I zuzV;FIvgwuu7gOEpVTutHaanWZB2T(jm<fvgEUZYsE3@(@4n~^SSJk9LLEeGu(bd2 zAOA6kBIoi>7Cy&8=SP_M#UJS-&sZma!#jB0Qi*kDZ)gawiu9qSuNNBXY{uLvwsPH8 zyZin}ZRt~;cF-X+?9nCbZT?|Lcn3Bkw3QQ1IK+Co%l5MK5B4@V(b`)l*vZGW+p2Z_ zAuijyI=%d+*^4eX(H?sIX`AI?EV^f@z3$@kY+H|yo!lD9cy`2fU~<PqJM55yt)sPQ zJWbMAPmVt`d-bC|8Uc>X!XX^=KolgVEWc%l-)-To;#5Wokj$iU#U3kM$oElTG$JY| zJs@F{`J6*R<8R}pjbR`DxW=T8NrO+ke*gR54`MdnaBbpEV_-d2M1EsKW&Y?#KN>0y z=^@SdBX39#@gzN@pS%MmYU!zBB^#?o_Dpb{7zgr=r#IjF*0<WV*IpZXRpLoUz^!=F zNLp!>ln;%C#uh~g0YXf$0uW8Yj&*`OU>|wJ{;^CSb%N^v@gvV)_qx~FHP>7d>RrrJ z>Kg0(x*9RzH$w;j)+F<Jq>*|=TIdY<fg)u@zEICdEBV21rD&|=8`qvVVPeQPEG;II z36stM;bMtDKKDu7Mnj(u6PfI+_qbR3tG4)|Cv5h#N%niMILjV;;2z^K6Fz7)p;)$q zrnJ}zhtIVMo*i}DH&~qyd)g}f)>hr_0~oUjzHII9w3&@no6%6QwtlmgzO6Q+(QIa0 zlWkpXw&saPZAx>U9XhMQjy-%H_lfMz+iwjMw)LKsC2xDAdv6(0NT?)Kj@SrT=Sfw1 zB6?yfBae$?D&P3a8|`zS`&{U$C~OLnOvV}^V)P7{&WI1z2xcf1js}YbLvMhI%+rXx zUf}hwf4zO?GoJ}V1k6o7DZu9(DD3fu3PR<@kp?Q+%U}L-`}oH{9)@tdlY@#yg?-O^ z-V++p8E2jmDidiXpXj|1M8Y6EDlAL#6t^#kc||_c2(Us}zVVH33}yI|m%JqW_>iF^ zjfsYdb%6!O5R$mFAIpV(SS<ABSe-Ob{9<7;<oN1WzZ$}40-AJ>6>)NtAJCD%{1^|h z#<Jk)S}X@d1dEmz6n*K7UkV~f8DL!zPu{8Gwpn;8nK>(l)0~f(VC~|ca(>NgUK2VC zo<^n|$sa_B^T<oC`}3dwJctOE8TEqmsl&7pmU~M}YqO`VXr*4a+?$Ga@QkVU+na8% zFMZ;RcK)d++WZc)6AznX_uu*p`_1*&*!;;&cK9?Gkg^YHetC->JfUFgAG^mMS@f_A zNWUH2npsQF2AfgeYt!l~b`aYx66Zhf80%j1q@8~Bd~0;Eaj&-Mrt56QV-MRICm+vm z0&VN&P1fXfv)_$^y=BBFTdDX|42&Hr6g?74M1^ByHknyV93yg!3c&LhJgJBOsM;)J zj|SX2<&kB!afA{5aII*yu%F|EJ)Xqt#`v+05MV`7nW%JBRF;SWc|zRS4&!9f<Lf+T z&64nlGv~97+ZUD<kcOD|#3Nc-IF6C8#0y9hBEd0)ljSEq@d>-^vdcm_vrRgPKb-|( zQ8wg3ZMm@=t1{x@M_!agxbZ1x@|f$zYm=8TPe~6;;)*{SdaSqjiFv^~>BfI78$^TQ z4xJrCHHNTUC#DT3f7S^f7t=}|iTSfvl)OFpIdx5~wza3%>RQ{w)2Q9tZSnr5$1M_` z`(*6nnraPRB^$kdHM&(%Dtp}gP|=4YJSSKtPQHg<4tsRMaH-@6$iqACe9-C}o9(Gp zPutPQ9BYTppJL&eHV=Sqt=_|&(Bx&;*OPxZt1zOC5jxSBR+b|Q37JHOlaaA80o$?Q z*iYe5Xi;1!DEt7K8w)%7rBbqtJu?*|R#eW5=TP|UuMLaqvK&tcKV}j|#jHPZAYD<^ zSjI*Z^MVRX1B>T!95{C{-SJK9d6LEzuFD@HP5ffH#QcoQxS#ySx|%h6R=CAYoUsU* zFX4RrkT%LOraM$3cWkqtAud+sSd|fB5>~7Wz&aup>rfOF{ML#~ET<Sp!og4U$1<j! z<KewBUE6HR<S9WgV!C1*z!8U7_JoIvafl+eH#8NzzE{fLc)jCw<tTey^Oj--55K}) zH1|W3=GJT-8zoPlOGL5Whk0~NUbbFA!*<EzTJSXWPzK%}c@sS)TwlkXwtm~RrPG>P z+HA_Sj_^`x!YjE*PxN6=|MnhhZg7EhDJqjzPy0yhm5@NpWLzu=_5o%mjcg?F%Q^V< zPzLty%+PDFjQcq^u1A0Sn%e8KjB$zEz;<ok40jGo(nmJzE-%KCcwMNCPc7`PjrUOE zIk8+k<%4mr4KrSAch^b6gJVt#h-(zB821=AT&$CW=^-k<8vW)k8s9bk5YrHsao=Ft zhxi{0>iOM^2N{GU{2JHA3n7VV@MA7@9$6QOJRu={SROI0Rra~nky{ePlRD-n=9?Bi zdKJ#*Ja122hh6T9h!AblEfRdt^^rroZ+aw#3dzVS;6%?uGZ>ypL?E6sQo|W~jYvE< zUbFVtzNGfLwQ(6Pu94x+VHwUFAuq;~-NmPtq46FH$6~ypHtxfvad+2A!h<H<7*_-V z;&!}dSogmem%zYk^y_Q+4kw-$iRaaxAHp2)H`M=F;QBGp$@+B=2EU%$Kj8r~tb=-f z7gP12n=g5fT7k#u{XBl5%iWiJiHHyyX=Lg7L%^ifmxP)BvX^k&GW9VHOP+e=7smN- zZ#XOWKN_A{34{>i#z6abhX~?WMO1Q!wcxf1zWjgw%!fZd>~UGCb>Xphci0p=JDT_o zf#84al5iFRf{1Y~jz#eaZtswg2(ceQ7{XA(8*eTdc~g%LF$nK;b?cuczmf44A6zax zJG=ah8X0k~K{j}LHP|@0&q0eNFmN`z<MF*jLL$WeB(&*)#v6uCxF{lSJ0KvwL_~t+ z;eHqb1s9}ehzrA`9gdJg7@Y4eS}B8;%Agy)h=7Ddi2X=xyty?1-Xwh^HuhXRa!Z6E z4SsS-3G(7+GCZkqyKHkyI2Vxtsma5R;x#B7L?CX*eS40CM2P(fpVG^C9DoK+<F0yp z=C*Cc+w*`h1aZi$KFpcW;5lc9%dLyt<swnzJj@_RE-Fz<uw?v14?lB111?;5hud4Y zx)5T&u|otPZ`j<v<=#xRINYWP4k5u;?K!y%0y5yD<&j$-`R(0&VwLa)M8w@re*@P= z#PZ{NM;?12gh)U_B7{grLL!7nMnWQlNJc_3#>7Xlaq;&c{5E9hW7lH*iNC{%Wg*57 z<?a|jMJ*5fIyU|y7V%)oFGJ%mMcKzP3XI(NIH>)h9r+($l_184;&}WJ>Hi{#0~MAf z@6DhB^K*CJ@e$vN!S`YKc{lsXce(L#lmo9BAfIEI@PaKdc974t6z0vFm+_8DF?wRA z#$K>?n-^WLS-U2@oQG{J6o@^i7<<TD-UP?n+pq!=6W$ZU`$ELnz+2`bq0UQ4(s6^D z{{m4+c<Bx=hvqHpym5<t@g+Nm3CG3wKpykT&(DAU^WhbY2n$2cDB>cWC?w=HXpUqI z;JqwVQr;^XGZxX{eWAP)6-$Jk5qQH^oKKM(9|wGfg7?x=9^|*Ik?}<q$runTFM<K_ zJ-2+#ju$2)DpY1Fb@UqrM~pq>Ept+Q*M=84dr??Vcm5H2F*XdfNF*fV44<!9zI^%M zJ4d6SNJz#HCRcgSEN_Qr(iLlvp(Jx9Vr-C*>|?M}xFt*_Mnu>Sf->-JVKKH~35KOt z@Y*4z#CvSf9LYWg(LhA{`uhf~k^C*_RCxW3{U1X|K754*f@Q)jck*8%GWOKwsVtIl zCQJbOAGd#*kVRNzW{)4y@`%<5`H!Gr6~;L%kq#C~6cUztAZ?tXBJ)9VCjSr*Dl-*Z zj1S~D0z$n;JaEeIv1h1mD2K-xDsh|}iKt?aFNjIBNTO9D#)m<xWd8j5A(v}2duYZF zR}lNNaQNK>!vmSB;y{3og<<dhx;;JIsATBA+U?=ihwU0i3M9h5==LT2ZiUH8iHJB* zpe|FVsoVRCk=pOjeS6Zz2ZiLBPG);|0mfq^xv>CCB;L*w;y{DCJr=)G9<Kcjb;B{- zv5~fG*LRw1eWpNweZ%d4CgOQ1PQOnP2RhX8;p+b0xV>d}=MCLgyS?*z!TvvB8CTao S>CycF0000<MNUMnLSTaTM%WDi literal 0 HcmV?d00001 From 35c503945a9ea2ad39017fb6034d9567248c37a8 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 16:55:59 +0100 Subject: [PATCH 0980/1758] Delete Wave_phone_connected.png --- roles/pbx/files/Wave_phone_connected.png | Bin 29085 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 roles/pbx/files/Wave_phone_connected.png diff --git a/roles/pbx/files/Wave_phone_connected.png b/roles/pbx/files/Wave_phone_connected.png deleted file mode 100644 index d9310b44a852130e3fc65c0de0a65c43cdd96e90..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29085 zcmd?Rc{H2v|Nj{Tu_i=qC4$ygwJR$2wXK$}wDzcKi`uGUi=EghEwxtF@@~~$TT^Q+ zrD$nU)K2VT7ZK+6{>+*Ao%w!e=A8NCH|Na!5l*hdojcck=enM+=kxJOwAl?KHfDZi z5D3I}#aRCq2t)%19z+NOFp~M9z83gJ<8{kO7gX9Oumn5-JLz240f8zKS&r=Kf#*!_ z#`nEIAnx<051K2t&XGVM4}~lGI(INOYhM}PS{r;m37Ygj&Ydyk$RX+L_)0M^>v4g> zx*YUe2Kp7|gu^@924*m>rLT{X?|=A<2ZL$B|K#cEGBYh{)YpHl-OcT9@Ua%_OiA*p zO0gnQ*lhb`s+{^)-|S{9d-eVO__X%#i>g0WPGdc?O)i5)raT5W1z;)ZtQEf73x7)P zSGg>FfAdZvhVET#Gzxx`YdH1pm-U8BH<LFC?P8`m(lPH;k@wj6D!*K`Zuqs(pSv+A zc$2F=<VXAahK5n@iw_>M@W^nT9@5(6>C>m<>i6-O3W=DR;6?N;b93SZQ>X}V1lYZ` zMhar+$B(K1eW0G0GxY1%95Ar;)T%MSS4%X-lep~=7GYD9Vcwma_R4gblX5{_EaqdI zXJDj5L1%uVT3XrTYtF5n`wzxSMjaA0N(u_vzrw+ecS}BfvbI<6m*{K9zCY{oK1*%e z!B=Cezr{+(gCrlPy0?wJd$o@~O~!J0xKw&=ImtP{zawz?T+`J>^uW;20&otMQl2`2 zfq^Gj7o$AjB%)KJD?71wa%KzW=P|C<t|uOo8y_<zO4+||{A#Kc?7+8@N1iRNh1u`; zPFmjPe$~G`P^2a(D7c=Dl=z5taLBhMh*Lg&`b5=D%}u24ep^_0BrCN0&dT?XeO6+i z@#w%|Gs^a+mEa|%Mzpxx>c?uW2;s=TT=rT!(|vt?SoGx1uIH23hrez7*Bt-;{W~-< zv94luW;Ud{dXImRMHX+DsIixRL27tE*EILSm*d|Fo5(FHa!JIsQIJwF79hf#D!%8C zxuv;3?zJ~?O?Eeykw~V57UlSLzrJX>u%wz}E9BdWbz!uXR43X<GR}>6FN-xEkBpD2 zzx}yT5@nKo`M1_Kw#|1H=ip+RrTSB*evWe^s9wWRC}wS7R*fV7$zb6hJ*b9@LubP0 zprcu#OZKf`StC<Z)1U^=;j{(Ibxm@`2zx`iJDe+yxrF^nf4`H@UvKj<_cpe_Af0iT zhsgDSNRGUuV1JrEBb|nZ29#?sMM<Uhz{9u^MKT-fk_}H%LJsuX%1tJyAFF;LFJw|x zpVUR}NVg((=EGdlOxMvz*KdvQ&!w2we5#!oJ-HYCd=Bnym+7ZZoy7zzc$Dm8e6Eg- z-LDg03cdMai^I0*eSBLm$4fnSH3Fkeg24&n&a1^vpUJ@5Kyr`mo^1+4S8QXycwl+e z$}8u#S;$Kj+n>i%j9TT{FGjzyYaZB*1)Wgi3*u}~4u>@{FQL?z&flPB9p!%)XHyxI zBJpZzlToGv^CgGBiZthWJUn=pyNziMz~)vS5o~-4gqjgF3x&E7)TGOANbQmN^8N0M z@j4I9hTC=v?x^yc`G$W!58JGS>e~wk2|fSoJxs3unQuhVTUuPKcFGMLLSUw7a=l(A zGzm9sG*SZcVw_c@qV%!m*50rDdB!(@YyA28r9Xs5QiN>X<!#XHw7l%!lWmIS-Mg;@ zu?N$~cFjMHgk0T%C}Usc|LMt3)LfnqNknbowDh-pNiB?&yIOsl`PrGz8ozB^qpFV% zR$XOldiag=%lvCgmyvS&7nHSHN-_MMNFz4d!=42suX7IJx0r`*E3i#$bg0(I05ixk z{3vVO`&{-X#Z+^Nx)S06J@7kMbEWBxyhCJfhDOhN!-`Dp$8x51x+|TsH=D@4ZleY~ z)^k*Tb-$Tt@zo2q<QSnMx0D1gQ!Q%sUteN2wh1QPeM74V>Jar_*p25+f=zPV^MaC5 z|BbI-MS?R+Vyu!n%vFkkyYN?n`nsz627cS6*4n4)N{YBI;!dh}dhW>)@x^LIXM--g zkmh)q#`bqb>+>f&MOuGq8+R{KzB_5omI`XkcP=&^@0N{87G<Gxk9UgJit`h;n3MLJ z>7YANw1x@%Pi!xfuB~fKdAodBtJ%vJqIM0g)y*d4FitS+kGfR#;-yt4F!^b3BEd?u z@ioBJ8ST{ElP_aLLQC^>9tTtR#`>}QUnYI;Yi=bcVl-2iVr`G!xqkkA@5Rw(=a>$o z;KPl;4ga-Ht>X&nyljw1$b3#Jv}IP!y=?G?dT--qyjz`}@Q2ibaYb%hq4!OlQ|;BW zA8n~0_9YXtv4=|&rin*u$<G*_vOFT8!MwZTnww0N-(^_GP64kt+pyZWP0s{p>_MB* zC~);Hc^D5b-rlPd3XEx4p-i4MLidn|s4zKdwq_hM3o{d)qZOFBqZh^Q{ZspnOx+Z% zR+P$i_C`SG@!@dO-l*xJ5xIh9-TVO&+YcthlfT!_D%N-mYm!2sb$$vWZjIyx8&I(J zYSo5jY4Nx_0mt!zJfB8UHW8NKCEK|G>(7V8<@fg8;ScEW8Bi=KtT8bpXx%H<%aI|D zwA!DoK3v*#>}TrJDd>Z7gnim?I-yQH&YHwh)~I<j>sR=jnGaiRHAdL7{F`P4H_GK5 zIu4G%Ozg^JDmo>kowW0aH{djm4`%mlPj+pO-F-(=&-|RCQ52f@v%0p`1YC&KHlgEk zt;}RmqfyI=E$%N1qs{@N?O!#IHxntvoL#xj0ij10OJvW^<_~>o>I_n9LS2b>{Tj#R z%Rg+-CxqP1mi1vRSq`Xoc>8jjCQfFLZ=Bc6CScQG|ND{_=JQCWVn1rOwHaxmHTLYw z8j6j0fSL-X8yB^gv`@2su}PEag^_0sA31|-ydGpAkbWjuH31Z`;Xmn>7~!A7Q)6TU z)jBGN#;ke?b?XTgu)l8?o)W<MCA%#tTIiVEV|@66z+p7fL>+7TV~X8^Q?_$YR&Udx z&Tyxb*v<NHP0hHKw=f*Tu7)^;?1#|MA>^2Ql_eCRN(6AbBLdf=__>9}P6o2xbb@tb z<&TK!zLc+xluC4Jrqlb5NtZymWwnX6_DntCKTdZzPQrh57|$GeoF8vxLV8Ln)jT2h z``f&4SHHaUJ|*DfjZ;odw$H>L;B8*oubenqP#Lq25_%+lG!M>YKi*1fdR_rP_6|;$ zYqz_6BiF9F-(xP>XcXA;R~RU3Zb4&=kDF5k$EF%KXFJDEsFNpT+kHAzQa^UDib{7I z$8hO@x)C^8G<JG#B5hy@NZ78>F^N%&ofN>!DmgZJa_p0PKFh05?ZtEi&nTIg>y~>o zC%zVW_8F;qgoWRX{Y)&=83Np%xtX8dhH<79*K@=iA!^FX?T%>E-6WZ`hS|T@Tq&sv zcv$oU*U196A$gT#CvoSiQ&y|2-<mlE$JSETzfknp<n7n!$2At7jXlbAwff{c;-Yw+ zi9qK>FDS1z9S#o=+Gm%4$VT4}_LxD5bO^w`C!P;pw>GKco^EjjE1`0XmDuAO+t}4d zH1@}5<0I3pyn2-zyAz5cv~Sf|{f-#sNjEId8UFp(`8mElNmAyvAKv!x9(y6bG|vw= zjtqJh?gNi4yJmKIa=R?{ryHX*Tlu=tB=~3Tn+Kw-JM{u1d|~IE&+YU8uTatijU3kf zV<E2dW3gy|!oMs<`Rb}Bo<nmMt0u(_Cj{@(a*Na5Nm^oCj_C=PGefcpnX~HXP~~h2 z5h#>CqmJ(9`}xgd!6kZfTUBx~$@zE_>-5nn9rpxp1VR-WN4=8bH|$(|V5D_;(;S0< z-A?vtqWpca+0H}BQbK^XO%}p2@VrVTfpu}+Z(K_%P2_l%a}zAOn>Dpxdn1_Sr{6?4 zg~}ntFap8sA(qDZ)7Rzsk*JdC@`f8l??fSGwo{)Jrl#npzA1byX!@~^>7TAgAMD)c zc2c|1<an8DazU<m^P(B<n`zMD?OGn~6DKuc!nyDe)RGtLuW_jGECRT4iKamZ-!#K^ z(i(TpYb9J92d;&T(rhm8hI8(S%%IHSWjf?Fxb!uGMtP6t#Fch*sD*nzN>PDmPvDAt zWfvDke<eZq9IrxzLtxk}MwHh*_zBC3FpepQ2})ls)1q>z&JLq{C*5CuKoni#JvExF zHNm|7-JL!+=-Ah`)-ESH9fW|$2+hx+o>}5pMLPjivMkDyJ+=I?Y_DA&aoM|LTlc-$ zQ~d<IagQ2*W*~o(LOUe%t(<axUmT<&1HmSWKh~xw1S@zub@vnRn%n;N89Ex%K(TWZ z@7EE}>bQV^9?S}zjA-??h>^HS%wnc*Rxh0i%*3|u;Lg*)0_*;%|3=|Qu!mi$V$cr{ zQDl%mMA6C5ghz2YOWL#GdVo)tV$<s<+}GG3=ZNM0s~YQR`6BX?${>Y>k!9YF?tv-h z*B5v#{&+OEC8Dl$hLx{!7j*OadR)(uUAjsPDHvXm_<E_#T*k!Ckz67bH2pbo5zhJ= z!yce)HEIrHE<DDt{}kd?<%s4b^VRW6@RcL!Tv)&FDC5x#9gBkjXj3b_#(-F`UKWU~ zKU%-NaM+wU%z-<OCAQhcigR@yoIAlI)TB7!{nB?8r24Vr5=M7qYUpwriLZ8&ZG)=| zmb~UVGGebZJdIe<ZtVA#)8?xa(|)iuub4iZyjJIyD!ezV*d$Y<vl@25WpjeVa^N&u zHa)3GE$%0D^IOd2z2wC*a{aB;!i)68s~dNjq;eJ@p~%!Qf<7!<7b(vH&Vw17fORCm z7jR50N~a}J9zmb0UAOp20umC@Y@0xU-alxG1Bx5%C3Gva8ODXZE`D0vJk1b==n5yL zLqg3U=fpyhT(r^Az<+3?MgF_tw`TIw`((P7?$VWS6OjxI87Cj}lqNrW3+YHOzuNox z`+AdDU=v#Yo9#+Rk89f9{f;V{&Cyy+uQ2^=in-ux|GNTcj$tt7wuWpO+uR0jw>q%Q zYEDs?X=hTF>X2!=ZhdHH44=oX;axo9n~0TPeAL%3LU!mU`X7vz(f+iZK{ZJe14}{{ zi+nQ#3Obp1+GMYJ5j3Vg(x|_~2V-p>GzyH|wo#eT>d9Q8v*LMCsc`3<*e2pGx)s(K zV!j7QgsR*(DuL2o=P*dj+|CHlRfkFA%&FVo>LE2}UeV#n+2*T8IRtKD1p6!L{i))S zk9QM}W~b-I)MkXkj!>bx$2XmH-U<x}+3j38gxq9Y{6Z*<*3|EU>(;_vN7OcLqn)(< zO5>m7eREWP!*`hJ7)BV~UW*@rg&*Qxg6d>=hvAMPKe)rGaSHa=!YfC-$}}|g;5tj% zsT$qd;f%E3H@Oe#S$KB#y=QJ3{E7Yz&r_)rE4>&MLkMRkU0Q(#F6trZB4IH6K<?Yy z;l&`1;mGRnVq}1L*_?Q)c-fx#F{{0ds!&8sof?EaPYxp|G`8-55J9H$y&_(m)E^aP zrGLAH?>$Rz(EfyX&v)C$s#AmXwslNcF#bk~;IS&x+b(=dW^K@I?o#Nh1Vi}o=j46* zL$0wM_@M>^C1)SssaFna&4FQ49>3(hBz(ScZ?|ms>-k0%XxvMfM0hK%?%IwMID!Nx zyb}4LHf>!l*=iar(YBQ_k6=$*^e424Jvu|gk;7eI3b{3jFTm-P+`5S<$0!IZ2dxM5 z4-lGz4!vyW6P_*1HZQv8F~U4AmMdYD5L2WEP7@K3*nCKfm&y&L3w6AyqirU<Ma%=^ z+H^oA5(3TTPgsAcYLD}k&O%|)`yriSX?m<Mk=Mdf!N!kmkGs>>l7tX5%-6_WTA^@x zk+(-mO7W(1n&?+aj4gQ_u<lS@I4C+2c>|KK_ncn`qBjQ*qs7qgoB@Yv@@!(5G&`I5 z-X{L6h2ZJC!ZeK*uOCWAUQ4&$3OsyM^f#U3Jt$;qF^z-5^gUgztsNJ<K=>AI{07&z zA4Ce=zYN+J2AL!NaAt}K(xIvtX#)+A>S%ul=jrpp3K-)8VOJIoxFI&qud4UbcClme zW0ZdIK;UMq?G9rYFUkBHuj(0X5Y95j!^mEe%LY8rBbMnh6LaI3fGXGowM5~58DUKV zF{*QV_su4PPWFTLZw51R+T1{)P~sxn!ct(dR*JA7G)gXC>D&bKZMoKHPHqn2*n@MN zT*5GFa3h<825lLSDXpo%M(FX`+bJN17!3HG8x4x}-CfU%RA?D3O$<dIhBg96(+NN+ zEv2Lc5jQ-R_Sw%Mx-7j_ylhdBV74HYSP`)S6bjTqIR<|h5$!h?p1jJQsT;T55?<-G z4`zX0bp-0E0%c_Ev3m~hg=e--=0#Dk^BC0+F&0y$9GBs;k-9hQ@pcj#BJRyR&~j+N z6rGJco)ga$9xIn?ZsSqV&&b4`uo9V`<W|xKTF5;uWT_8Y17-?^6;3EkCo4JdY5s4q z0Tyj}(-Ml?dO8+@b2ZHwv@e?9b~hUbi7Pw|#wN7DRn&Rjk91%-;H+7anl{%>=4n=B zN1k9#WS9eoFDYHZa5Xnk*W4OSC&iT{$cz?)IwmtYRzk#Rk&z2xvSj%}WekdD!0V#0 zu1<-42i5D2v{;=1Ic$cP=4-UpcM<8^0=PqttEpsu83AYE@b!luI9^3F%lGHg)+67R z5_lJML>Q#IIU`fbvjFR17r!atF1Z=`TE>6=?AxMTY<GJIih~~|%Fib+TzX+zBMid1 z-~Rc#wT_O3wVau-7zVcEin2q63z(eWa<Cr>4vE)EZaK*D-`H$X)b*vs3!qXUYCYcL zjN$2We;F}qCV%+8(~XFSIlui_)e{jL0E2hOcJ^!Pc9<ZwjVGy^Uu;jfT<;cRGTKzs zFd`-Da<+Qs(lg8~tYiz3;B!TGb%7WzjDQ-+5W~Bv?fy9(Z6=B5TS&&Jf)Pe}z9S|7 zkj$9O4>Bi@J1+E!aOqYNbNmle8QpCcVguUr)!uAO`-1RXdmIvlY8Xw_IsNE=IMy9g zufXo{NRvdxe)ivw6~zPvv|Y*V5VQF4@PV!$LoKO$Q!1U|=e`AtJu;5o+=bbVri_n9 zw{Efjr|EsTj!CPR_K)<}CYclJuG80;7@p(d>z#HJW|Kd(lHjzdZecKZFt0}wMDnuV z&STqKIOQ{iSL)N}i;YdXK)Z7vMY&U9?1gL+wj~U+k18rn9wby~w_C|FH}BpFk7*g{ zSb2L3!^e9G-Q3DO6+(4goD7gT%ytXv9JX>N*CqUZHgs*v4Fj5Bu^qPd{C2((nm#tO z8L*u>`FuDb;v#<(L;m+P8^0$fdfef^>1VVj<7N4AG;unWIXIP8P^1q#sgHxZ@l3lI zD5R$XeyCQr{NX~NdxxGKh#+>rz&Vy@n(N-ml*5j^YISYOLmMI8^^!d~#?$?x^Xq`$ zCVaFb5<O>9#P(z8Z41qK2rO<<0TQ+&XB;~W->m||BW3)Dgpx`JFCC6vh3)qYTyMVN zc+&OU{)Jz?`?n7zc%hM!&=|yiH%oj^gbF7zXrNtVtJ<ZL4n$TfRG$6>Dvhs%=oY-4 zoGBn`)y#E14X|vT5zkkD0=g6?Pt<xO+NGMKBONnfem{us^7CS7q)9ssaTA4J0|Qz= z{9u{KPF&g`3(%4;+SpWfpw+nXba@A>Bhb=j_x*+`;u#MOXKiT?EB6+1BUiJ=J;pPp zUSJ(qx6XgBGXAUh;DKXH0M(*@lZ){x)T+<am7Ga~{VjDWU`pkBTl6>p6BqLN(SNI1 z{>#xqX`-1XCCeaKoiWOC+tIjI(TWE56Pl*1*cB0tT)eJ4nu$pCba&0_d6O2lW=!;m zA+L@xQgfGbk@z8<pvWD{IJ-7hrpAj<p^B*ClhCk@0XFFG_G<2^345k{ui4GgyFMxj z5{tEuHSZ0$$Mp|5&+@jmU0S+2_>#wQ7K058p8ZHydM3OjZgFzw3HFZ-yQW#$`~K~O z1>Wag<^4^!#=hN5PA9NoJY>rHh`UF4$;|Y&BZ1s)m+b*d=4-1^n?G8fbH-5fmTONn zG>r~<Y#5PB^lmA{wLczE=A-Y5{g{VZHc2b5B=chRd~E3l=|HIBfv7W-_p_IqFUc;< zw|~td{yxTsr<qfs)G@O}aM!g^FZZ%K8yJJ=V(yOXq57QTAl^F1m{nymV4GRkkmIcG zSJFbj0O8tD+iT-kDu-nhN@v7OP5pHB$efK1HzH`*<e84(_8a%V%5VqsUc%qVje*HI z_gt*q0X+zRjck}4vUFQR)9IQm^u1XrJL#Y0xot5M0;>|8C}e|OoG=tZj+oz(#wTi{ zxL_jiCx674g@x7YA}ut+#s5AbX0J|_AzZ*=69L=38l0B+zv}&_rzbmUPhyP>j~CWd zsR)2v*9+>1gmH?navFwdzW^7BCaJlVGqP5Lw?{Fv@oUwCH?|#u1HuZ5ElkW5p2-DZ z$}k|V#AE?8Ojj?ip;L%+%P+9`0+oZG784;(_gdO!rs9EUl3DP95J8{?-a57EjuQ>V z#Wy@mRlcO`*P!M_#56mGKHmHxB6guA5jPuFt5YsR%T5o2Be-e4(>MkK&Y7#vgm=+r zpK6Mp#>)39m%-~Q-g(mdB(QzC@J3PXxMytVU|ty=?IMRyW>+wVs!9)jPY13L<rJs+ z!4#x}7i@ivb|&;Q^@H6LJ@?Ei(qXKRSD??<CKzZU<#dnHa>0kfV!;rnxx|}{ayIxk zI8oYkG%VM9F+z`$utRI0Zz8t}vAH1tE3}wvqieY>vZ%Ug_U2YzDMpPTE?hhWxDJcU zu_J(I{`o|h<PQ1Pr8mpFi=;(*=z6XKMj--++j{xz?z0?ZiJSh(T#9BaW2*v9g?sw4 zT(Af?YZ7?0dst1)^sRcIk&<r0y!=b^-}{W!kGAIErha!cbp75v$D9QV&<cyaH_(4E zV$Z0)T%5n!eW7fp%RcTHr(=U8geOH7quC2J=AzQ&${d~={P6h2Wk023jcuR5clYjm ztKNY@pQ1sFrS5&LgBEBh@=;#-$vLsaotP__o5}3LXes?L5bE5({^M>@)>~82gy%x` z$Oq@cWM6!Hj`*>^Ip;MMV%GznV=fnq@ex{FqtHh)sl*rv6bglt2-c&3I~SPC+d{Zn zpunrr`KBt{vs==J1{F(sXk{>{#r^af9sPG5KU4}1+d(T6+c?)>jZ+hzU_`g#6PH+p zIif>5TH%9Yh4%*wcRQ@-vBI1vk|+A5zgTLD9Wh*r&0HR_(2XbtCXW!zV>fmF>E!2O z>y>w*u1JCK-QGcA{t>qkm73ODbZD-nd%yQD<Sf9JlO%6|?{!S!MsK)3<d%xo5D4jc zvj8~32x@*HyVNR6;a}^aksphO*OR=Yx@j-yhKsj)thcCK9Jcn!o(yvfwAgVB3}5<o zss+dHJ7v$4Ioi(fBp6s~G9d+>B_N?J7E)(zdI7bj&U1M$8h%X^C%D}Scv+O^fFFEm z`*IitCu|%lH=-?65H!%lq}Qz?PqP|!o@VIQI)3{GrO&5vP%C@7;nbjR6yvj4LAR!Y zH|_kw+~wH*1n&R+>kN`ERmh%>G(~NO1K#lDitQW?mmDj<4pZB?i^+2wLWSHAZiF#} zhUE&5jht6nQh@|Pz=LnT?oW(GMBRNdAZLVM$Z$r1o)ez-{?%HK<(yq|XPxh8Z=20y zmo}6)aJb6t2>$4o9$MbW@xs8?DLYvi)~GZ+#y6yOQ1gl=^NBjz6EGVOMn&b5)p$JO z@)N6uaM=WvGW##{a&ML4C`NE7y+z#Ge46bZvwKd2X_qEVtJ?4nv!(&sxd?~LUZ;7% z4%jVn#f#)>RxEWpALL8A&NeJ^wW97C|GiT30%Xq7?(9ZH<<^vMok<iX{a1X%BNUeo z=3)poUPBwJ(pp<0O*7SAwa)7-7OaUqwejD|%}4Wref2d*__gLAJ8w|c7&_6~G6wBv z+MbZiIpV>2>&B)^T6a|VV@HWz_3{tSQZ(ceY1ss?AmF&jL(iT2HGC#y`^QI`7kI#h zdeVY~U>1?Y^6LZoe$Bh{E@*8u?RM_?OONsK{@pb?&9H*5L?aqe==g{6&oQ%VY6<2v ze;7Rk2;>o2`X{23+Bq-o4l}pf(Fa~Ko=iCI)ud`1dOw+T(rV(KBbwI;0-C9g=FME( z>`m>2%{OPY#>%;pFF9RqXvMyd#&3BQyz1{ydzL1ml}k)1idUL1<q2=W;rlzBb~aQa zi&~u27KZ8TbNU4eC~wj7Oo`_dF6_TiOn3!{H`n7i8~;-K>3frj*<sEX4C(_s_3OdY zpM%TKCyiZkA+}CEArJe=G;tHKYVwjm<*N?^+dKXjf5MJlK01OI2y?G4h4lQfYkyr9 zcPb8adEkH<V&HKd@I54ABFxYtF=*jmwQB#ZuK}p0qcY|{3o8#Hs)(S7E+?$?K*idV zLv9z5vSa6}K$|D!mvPS8*uVgWVX!YEU}3k1uk(Tq3f`<3gV#RqYdCr|I+EZ|s2FgS zz-z+RnBQ6F$J>wGeLt;uXbm_wFM6D^SYE#qk<UZQHR;%xy;~t)iy!c?c#uBQpSVeV zKKCZq=k?rO=7eNZ<d%uwLM~#hY{Rr<7;I&#_Du_N@P5@}^6I+Y1K!<O)C?cvjLpX| zl#pgVD&VEKch}%t$@|sTDf%^I3PXO-!r11OQIy8mPa)%!eLl$6%GH|{PL-7j!@qaC zdoo(O2WXhP)NIze&Q?h(QRalE{Q8oI*y>HPGB6ODEu<^5JE@2d($&^8HVi4)pVRzn zeF0%Bn54PYR~GM|im*L%*prrX+e)Zwtboho<Zc0njpf^m`DL%2%@bOFZ3P<H=$zCy zHm2DM1)i_D21pmXVqVoL#~wW9O>F~wQM{RQPMBU;L-zB0{9Y1|;q5D3^(53*pUL+G zV;)0}Cs#R$UP*hUU)C#=^9}v#>tuM+mFdYXXWj5W!+1HQf~f<ZC6{h}u4^o;>6irf zSsqZ`Cj;;CypMP4QJf0Q#qTTbG4Zr+Bj575trM-@4)`;L@l=bh2~v{-N3(c7cCw6C zd{IsObR$FQpIV{)=xfhp@sG0`IRnofUI|z@Ee?Wt`nUElx;J5AVL!O=BDv-8Da*;j zdqH*=CU*MN24L4+P7{z30mVmsr0SchQXS&i*>c>39$^_N3qjGqsSw814<AdH#}pHz z^hV;W=I+t2Q=cL=p>8upd7%CL5?{03Tlfc!1lpL#VPKV6wrRo%pTvxBs}aJN5Xs6n zb942N7IkMZ-Z<)r3|<38M=SWOj~^3d@q0R!x(pnnuW4f3WeLF|tltHF#(z!@&343Z zmp2G#k(%i=-U{lr`Z9RGdp=-_4)#|D{I1~U2bM045!B7Zpq*AuuQ0Q`=l8Uo&c9}- zZ|#a+G_r>ngvd9ZP&f9OBmEd!Mk@CIL}~5_i~k&Lb7x9xaX!!!kVD1!Pq#)KH(<fB zj{^wbriBH3#yt?~QNZc5%;wEk#7Cdit-Hl~@mEIjSySh}EHy+|>~_D#Nmj1tB2OzB z(187P{x{uP(Q#jWT!Kc-TA#w2S3X=Q+d864jiL;ijmu8ZVrSV@4y*EnInc|7Qx)G* z#3{bZ3Bys3Ia)<^FDbk<^XXQ5v1;+<aQUMK7-Fn2lWX@~!@(ux`lU^|e}df^z*qI& zKhYZvr-<S(p`0nhjE_4X_c)iW#ZN^E{^&Rj0WIxcYvXv(`W&)Rf9R;_M2&q?qoL6G z_Z!nj0?#O`UlKbfzg1K=-l|Bq`*repGw9EBl+gOLHjNbTGew$e5_6rfp{~31yIFeP zz~~Ecn{(^DzOZo?`gZMNr85lSN8^AJ{o6%jXjmVe*S2`$`)s_*#K^Xx0L0*`Uubw9 ze#3A0%aIOkcjA=bR-4}Hmq|(~<F+mYxwL<kjHRBPG={z~<<XppgYm_`br=tW1mjo` zgd6H>b2&`YJl|6MgpPiP{Wa#e#2uWdw#Q4E6W3az`OS3CFt`lRog)=NsG(zG&@qtK zRwVi+i4vkY!YjjoB;NNJd|g~$sz1zM_zvneo*kUB^2hLwj*^o74V6i>*M>mwh~zJ2 z=#yrzLe_$o(THK0$3d&iXf59WNjzt3kV0?!i}dqz6O@e;l0Woq6q`IrUPB~OB~PDj z&K8$$cMu1t=@$PHzm-oK#VXTu4$mKgi<;j%g3mJx$p_1;ju$3kck&T1iJ4`<g>Y+= zlM@MNx+!u?2ze5JX|&kZM9d`1?#pUJtdW#nc=|p0<&LoYfHBwF?D!xw{-aEC5A2Kx zWt04O13TQK=PnEmE5?@41S;^&7eQ5<xzD>fJXJVIboug$nkPFW)Pa+j;xKzw2m$i7 zC~Gi`i8a@-^|lTSR#wpSx&dZif)eWfyi}OkFg^Rkj2nd-QURR)P;ktn<8H6kur>#D zLl;*BF)|&QqhBr#-NLq=oha803-d&`8gn7or+gI(^zVcZGnN+xBt43Ue^K8gzysxU z%s|u<C3iI&=Dp0aqU2|v!Wj#aLST%ku~QQ`=E!gz*n^bn5=NIy)|Y{o6`vGqLriU! zfYA2v4!x+bDVj-f^tL-|ifXfbpxt3h2HVdL5OWXK+PbWpvmowsX8LGWz}C0*O}Vvq zC=AG?NA*VY^MU?ry3c<&X*vvx%P(o}-f_M*m>>4C$V1<D^=@d^EDfQ0@qNk-Pq&Dr zv+qI~Z!)j<>t5Wn^f<!-C9nXjL*2r!+c$Qr<7iRh-TFDWU2C7+p+u)(p32|%EbGh7 z7z^)A6{Oiz)_z@cJ*ghLb;Bh6*1TYZ_Zbwt8`##G@2J#XIOKZ~<J12@gpU6<f<e#a zA|oBAu%|<_4i1*`dFBmh;e;2BxD5YI0f>{u92y&@L3*jS@hp0Q8JOZbFN7(r8B(fO zT<|DKkA3qqH@DCIG&}xwiN3Brzcyf<9XkFI8TX#|Jh2(LbwqO?5cE_J7xM$9+7D@) zN%C{zxd8(jh@m^^iLOPI!-7fXC5OnrnT1f6iK9oBI~^(y+Fo0Znoe%AtBYv_1g9f2 zN(MoA20SB}y)3-0>!!*=afP9N{Xb9}AkRD1uKmi&D)k;hLF1cPw*JVQA(fSeglz$N zba-z5=97mgsnYfpG(Ua1Cm>daZeQ{zK3e}uQy45=8DZH|)#8wUqvD1ru-Vsqez?TR zlLDgSrb0HrXLU_x#_nt9cCgoT+qI4CJz%lw>oRs)xcrQu%eH=!Y=l^fc-uB}11NDO ziC%Y+rmPA=!W<V0HKYY94O@NV*n}NYAH|$O>uNtj@%3$zEbs=XR(CUd0)3c4o}@ZU z5<t<^tkq6pUwpf3{wI{jrhMrio1RM(Bit^H^}k&!qqA#U7+yT$1U08R0|v}<Z>OuR z8XR)^FFk{1;JKtq&w!$AA5UTXiEmwrPOXc<yi*>qH#rPCa=@}~WP7f|QqM}_LVp7O zF{Zl<^?FG}H`J)h%RYoxPUB&ovSH%m$9Org3JP9$J2mZ+1Ha+d$)?|wwU^gqHYuM< z!XRZAe<ZLzt(K%4ylEu37A983AVBk)&H_925$*EIf`IuEKyGfZV!cHJj@0C(I^3nc zpHYSfdpIbWoR@QH^ssx+Sd3`eo+|uKy}uak9eK+=4(0LtA8<!bQT|rGQQ{tBh<T{H zJp{#?P{j}$JbiJBYK8e3A%nyqA#Bj-Bc?|;>S6r2&6hlp2KT=VXgCiTYbg4vvZ#!9 zai5d97P>WMAN42yTMy_LJ#=Y&yKmQ<6U7e><v<K?9aA>8mE$Lm_Ec<~@E4auZ_YkI zS7TVL+N$1JVU#gwl-6>>0l~ceS9IhtK&8yHb=N)uB|F|}5sePqO4vQOHQ$KQox4^v zZ2``3O0{oEdvbp8VjokPkR5dT{*T5e!54M1hl;)PnSzC56_CVU`L3BfxdSxRBLUm8 zag#S-Tlw?d-L#ltldbO~&|$<Jaq&mJTq+%L+j)e20Y~-hyp}k>KWDYN{U+^mwaeT< z#&~nXc7N^Y<k4tG*_XbC!LajZcE1m%t*0%}tJYM`raCw}+N+nD=Rk+UE%`gQ4~b7^ z;d5gJZ)N7b6_G|6U9W3J3+2e~cETTNXTK@j#u-dBk#OXp-S#W8d;2t7cA2OH+Ax|6 z1KahL$9F2yQ&%vnUUbiLCY27JW~=p8UH8*;IQyDks1r0iPjnEv^;*Joj)yf#GhsJL zMo`r0Dm+&*naJTdr&-bOBoMo`$=4(|ckH3HM;?j{%(1r`3_3}*9S^Ja_`XlUiU{q0 zAM`2%b&8q}(3lR^_B$m==+%3*I>W0St3U21PuPq@`vy-Awi7*ZjkiX{yI2ThPu?Ua zPC+%^u3Eb1d!C(i9x_|YlJFkYCUG298_Q0(G#~FJ*I#61J<`uH9CoB=+W8_UO{ndl zswp{o7Fpw!-#<vYU+Ut4m|L3Fq^Zdtr#`v5mDnGk-miyQ6B(_vQYX4*B^++zp$kOO z#5!*G>jJV-F+6tk|94)cg|K`5X|{U5ePffno-R~L+V(mnP0NEa;96$?SMKDL?E@3^ zbn$abSa|o%iuCZGUlDPMTiY?=M_;yv{j$OKfq5eGEk9<yGJf<cYjLJe)tV6$J-7J| zsRNUW8ZtSA=}JOcn@O@4#R$#Q^FQ!M_iqd6SSa2>^-h0U3U`=t9VWaKMzF|V7gfFc zk4|Nif}VBuKb*r0h_;Wu(7D=5rGot#R}x`)+Lbc(yITa(3Y>+LuF_YwOC!w=E+qZ{ zn|xD!^;T5*9te}KJbh8bPeAq_JFG3t;tNinT|dTa^FtsZT8?wG^v(=_iqL-ZqFN_Q z1`QBCZeP-g1fg3s(uSq?oA{<sj?C_|x@Z_j60bHPpQcRgPAIZO0AO9pdM7=5E@~WK zor+WJBPG28<3zA*`5I(SsZ{N0kcZl8c^j&3-)Wyx;;)2%B$O|P;Z6pTSsv;7aQ<8e zHoiTa7mmr}5suTC*G#+Q?3NA~m)sTz88G<q0U{M~0ECqm!r{B;AZKVJR3d_5!C6xl z;PdZpSmpndfMgY*<4nQjFyeZ2j_l&zj0o^v3@PYH6xuMn@m@VHed=yFMIWMSG?m*4 zY#3iNRlY7=m(c~kZEa?{XF#|dhg~19N6c(#Z1^S`eQr~n#_D&APB2azafqN-5GO^m zYbRglPki5AKnKDOUp@!(ymJBPy<<(yMq2Ct@SmhiIKgeR7QH2RUxRfl0)a3ILx&N= za1d4<=ZxfVh^V|-$*iCjGQySz8nH;#Z_`7PVCmc(=~=}ACOWw9Ms?Rj=s3@jbNttr za%+$bZBfwu#Ss0^ln#|f`~AtFCMqdPYv)IXeu3zOY(*f=AhJ}a7?)(!_@2!SL7U$B zoS{X8S2ejm7^txs5@OoHZEe?@58S@)-a92$HNKy>(}CNQ+vJ1F0cvr$E$SIy4{5g3 zgl`kn?G8h_V8@)W?w79Nk(fI0^dpV%Cmc^W*zw%q^Ws|M=(UEGQq4dSyzqXk*&CBL zq({d6zi@a69skHF0Xa^C7oOSdpp_QM2lxb5R=SJ@mzqD15Z~*#z*n(7mJ>6#`B;yp z!k~NY_lL9(I-=Y{9`$7`dAKp5utR^G>X96*Sr+vKfr(SUX{_a1v$L?)-hKD;&o&It zy3WNml|;jgc<jl4`mqbQ#Y27E@S7ct&u&>;ukAl_6>HvcUU98?k+?8zgxJGvSh`dg zoX|?^ipX<>hvcE<?SJn45E6W<GVUI>L5zKkK^h4KR+}0@<oeLWji3{Ml>jh!R%7Rf zUZDLey9pCV(sM{(@6PNGA;fZPs2xpT6|$#+*@kX%FNyJXG00g6*UQsLqKCGcj20G( z@uY|*sJ0r$@lMa@XPE>_K%J$t)G1k2Yh9CwB?LSv3HU4ns{m<@*_pq@Cp<aSBFgSB zIN!0mWw>h7Tc){-L!dF^e6E~LAH}?5$?84*+@J9Qm)_o9Y}P-fdJbWenYk^UUsuj9 zQ~ki_n!iel?>|&;%vs=X)Lr<9-V$Xas+OKkxWJj{D>4WqD^zq2lX30<%RW%@-B?{+ ze(Fq6D#M7ZMr2E8g=#M2S|7(gYq?<O)~p(^6Pgufg(C5nrS?qjMJmg;#+1JL#M1g! z-yX<tTAMEY7j^`o{wyG8PIH;_V(%olb)i-=kkInN;u$x4j4($Ncz*c9znDtwx5{OH z%eu$Wy|#76Tm~N6C8L1=9bZ`5@>)#iKEC?F=~!wy?w!T|dZ6g&|IOL?pETV10YKme zAB>KE%KPWfGC#io;4~4AE!zHSJjz}QI(-+@%ppBrPKUd&@>dd~{l)(?m;<0Rt=hu> z1D?YP*MTwX2%`rE2M25KGWi`fgjic1=SbEze%g}wD%KQqd_P0ROh&`v{-HKjP@>o2 zE|GRM4FL~t36CMX{}Lq|Y_l|yot-`O`}cfq1whxY5f8$X5$cI6suRC|yJlNwQ<uW9 zC3BkO7ptA#G&R?@nL9kXJDuJ`7v>ZEQV~Q&rz|>`PGzJibZf1Skzz$Rl0f-fTf4i_ zS#hM+>7m2x0yrXaI|9$w6A}`zvy4AC+k#u=R2u=F`s1fhyUwWV4KgaMro-ZLa$7U1 zlw>z6_|gpT>hk(^Xgy+qxU#(L@^i+3N_=2xnL<;$Uo@=<+b3Gs`0P<FE(?)6DvqpD zHN=TCiZJ56$eNm(<E_^<AxKv4I}2~l(P0+zqE^?xY`hR<6@C2VNyX{1g9tj>3{r?0 zv8{WYcj_ir*|$aR+VXU~7LAin=xkKnwwQs_%?eDR&@XNKoswpWxj~Jm>t1zaB*T~8 zA<H!<Ey^39{iFH>l`dx=8qcTLk&&4hC?suF_hYa>M`LV%8@0U_pp~A+q0div<y3Fi zLOU6>^-X*&=0a)tDQtT_%?cfKLYZ{^Q|XAkE^{MPj`!wf#<x@C+VWX_!C!#F4>bA? zEW&CO;B{S`a(o|6CI>Nes6YKB;SYF2;}W3A<g@oBJ=<E+JyZGb&b4j6;uApp9I0?v z+v<_sKf0kseNM?eA?ISl;#Y2H?A{rBQk3n|(n{Y51=!x8k$aY|jzA9Q1sv7z*GH~7 z%LiEP902FGJgGX`t8H@Kz;vpwo}E01Tx&Wxu4(7C90BI=*(r&h+aGZi#&A}OJLR<H zL4A^ZL;Z-<MoCDwc5k7tS*sZvo%@y&sMG}5?N-mHtbP8@8;%2QE%~IXe$AC(X&d}V zBvj~`c=q#`+5Ua?d#4NXS%I17dw-n9qQ!F-BZWE=eggmH{erqXJjNuRWe2qDWL^ha zF21r205A&mnLDrYSW)(i3?ZWC_Cl|hXaHb^ulA{L>?n97o-!Ull4BK>J{1opb-_|j z4ZnSPQdQsOo*SCvhyOD1hdWEytN^!$C9yK~cj283ucfWgJl4;X)2K7CvNdDRzV^01 z1lmbRejXci?5fSDtq!J%wVfKirAP7$?+jv(RG03ZZw8VAAUd;?1|pFYr`!XA__+3; zN$+9nf4TMClU_HhgZgTDm^EfP;u-1GjbH)EP)|urbz+v+xEZ^~ju~Z@sOb#k`~L{; ze#sxlaAfd^;q53v*dX=wx>>7K_REV%^}P{?PmPTe*xiq|^&a;4Q-+<TWw`0so3dhi z@^q5i=d%hhkab^CvyPeSKBZK^)2V=)E}s!yHpb$<pAzmuYaA-wFJrHO<nyrG#QqI+ zw9E^PEl{OJ^=2s#YVPDg$r`Xi*&uSyi}iY<-{sQ3K!D{6pz6o0d!x>>Uw|KL08v~E zAgsMP8$d+k^u=LEP=*^qKfy1eqX`t-wWwUsZ3H2+8VLphRN&TtYj>W8s(%O5m7cu( zy8m_K^Mx|}K>P;KD^Ps)8pz>f$u#JxY|~MtAZ9A$+4GW5Q+*EZAh(6rmd`eKai<(k zj*4MS9r7Fi9hdoQXaTIXhSrcX$z^ZMO-p??P7wtiQj}oK0nr-SU|3`u58hD$n}D=p z5umZvB^vlNB;D+_Cpy$9<R>xb8vt*vqIK(ww@-6PXYCR%<Oh>km`OPEO#tr~Kbk;I z_6Hqr?~&S|V+?0q>;P33(1diCCV-Jy!eY~bX1S-`G`Y$^To88VjBGP)V={T!yy+=G z`);fPtr3*~dY-Z#nJA<+VdR1j0U^LFIk$^$d@c)^zo2=ZPs6Xe>@Mj(Gm4vacQHTl zML$Dg=n^4I%?psA>|SLMr~`RxK1Vi(&F=DUa$*2sSRYn;x}Wz%jRZU`GbMlh`0?Xk z#XkVm_o?8sV?hqn@RT)@oo4IrDOkOOVK>Q7U#{rejF1gzk@>Q!kg4DpvxeX9)AY_; z#c}pWDQE%{vi`>G1oSSB7&=Tx8gB&7`|w4uLgkB45M6GEcbaV`NBC}ZO#AzyjVSvP zz0<&M4_E^JvLWQQHh{QRvq51?5$#~b%QeQ!vckoyZg@nQJel~)S_r~Ha*0{~314<g zL`knMiYhpZ;yQsF>00iC@|so^IbMZ%5Qa5w3Sg*}?Ur|c-8QYSC7{J@IDDtb;ZC8( z^DN~w;Mvn2prCF2hKvk;p3+mpbNDLBqO|ewDUWgZnLK`lhd7~=aiS)XtoVBddn%z~ z>7A9`Fl}c8eyRjFPkjq_(&d954TR(n<M<Q<TqB4*TnP%ucXImHFb4PsUOsakU-3s= zhN^OMg-DtqHC;3JjW;o*yB9i6Kcj<2kF31)gS|NoXHH@J^%+rB-hn)=%fAw*tye31 zWS#|^h^D_Q7i&{uC<`g`CQF?mDL;jDo%Rbc^ip9B0De9AqDwfcPDi1)IR)92$HTsR zv}pmFf0y9B`*l#55WU2~lJ64bZoi09>BcdJIz{r(roUdT8%)5ubsMQ!R6E{0btY@s z1TX&@q$$*e{H^ntJ(@6?t%D901@8Un)Zol<kX|<=AB2a>rB9W)T3HjijE$Z-yKTGO za&MA<cG(xl=1k8Ei+xqGuFVgAJXCW3N!h-NSc!_<`BqBTS2}Qn1El@55d*>8T#Ov{ zWQ9geJ_g}Itlaj^UU@D7A46L@4w+b*#&eaSTj@=9jkaxxt)6=HI5xw+4GjrKo7?Q` zZA$T5qBfhXpxEYs2v+hQ%ha?So4y>tL#l*xCnhNLXQ>Si--Mkj)P{@Ule+&A`iH5E z?T%8fq;egI!V8q(ptjzSX<><isl$Ql5Y*&=5_YmnHZc4q5ck<MT+bP&>v$nKV`U^h zf8yjW(>Nhx@PvGA+xGsOYc1aM-C~fHvuDcQfd3Z1lprmwQuzD@#N#)LX0eS`KBber zlXK_7dfKC02lOX^;(cr7T3=^{%}ZOOro5IqO|1@1a{F$8C%*cb$B8P>u>bvA8V6VW z=NM;g$d{0Ts906RaL7pCN>7DqS{OA8$f$u;T|dg{tSF={&Z}i{2X`fh;c)Y%vj|Yq zAKwr+t!gD}ihkct^lBNH-Snb(5*;%8jXO7iaIYFhkayzjHcqpJkG0fYGKG6jS!5;d zAQL*(P9+c~qpGscYTc^7TJrAXJ=uG&Z4*!%M^&qrP7Z5yvU(Cjj(7gl4?G9rO{<J! z)8n3fO7jbBfa8;a6Mvt>q$2t!Wp3AC3_<`9t^*5y^?!mnH3!l3Om>pezQo7JpX$YT zC$8*G9#frnkMwN-(Tn`0Wb}W4yZ=>>A^$SpX6fm3K}na=%NypUsQH%xH$cw-9a=FT z#0?!;z#J2|lf_I`%=9kyI(fq!rxa~&gCren`m)Gsz+W1*qdCF6kB<!L_2PUygHf&p zhF2TO*COoBcWr$8Tp`%G9U$oixshsp>PY};p8I^#*{8vQFa~v)o**v7=>E)cNPt$E z(RdhuHvL<=o)epnAZ<C>aP{^ii!S;Er=8no*n{xXOPz@T_RMdk4a-tZ(BZr2x%a*8 zAzJXM`Tk_1)QB|I?V07S+}Y66ip10l(?fC6+~!Nf7(tk3W?&a0RX%uW&Wypf9p7pj zPXJ_*uT=&t<Z2QNEcsaCLT>OZ$J11~Gn)$(WgVaX?g$C8aiC==>Cn&sO)G|%Yq|92 zAskA+Qp~LTAm9|I{gI{ryDf=nQrm?u*hw45*s7b9Q_dMYWr3q_`2eXi;2)sXjpsav zYSl-Yfh$FxGx*LLz+ys!Eik$e@cwy12hh4YH4KI&fA}Ef-|s&$yH7J7g;D1C!D42E z{|9L2s_Ue$la&vFB<eIvcYW69!2>`fDnN2tQ3P5#>lgltRDiUpz6dGvxg#S67sqhn zS!C+oZs5qNQQCL(=N+!<@S283iwXd%R4xj620%*h8I?=nX>=cP{t~z;@?ET@97l?> z=UmLJYb3O{NHD!M0B9rkn>Mt8_I2R(7^D@BlTwuB8MDEN>+1}Juy$y`7z&><3I&uC z86msTwYxy?UTcpYNe;b&G!Y<9=$}8gDy~xx`4O>i0IR^I#hGzB@FqqD;N0RyfRc_G z&<3HF^7PTgC!pD*<Nc<Md=1)Q46H0|m#a_*1A?&AltE%5cyw5;b!|B%Vn4IQaVED? znq!3nB%H-DjQT5Wbxef@aSrS4e%*;dM-D1>+K`)I+*@n4(?+?(#!inyhj20>Q+Q4+ zG}uWedtK1K%>Nqr*C=2Ix&A7?xqfllBOBQFZP?$@alV2=;}k?Mhoc<N3KR75zhe}~ zQ%D7&q_WVM_VAw>l5}W}=D~x};l_mu&o{Jo#TX=xp(28*^GdTvXfnKly*76na@~ZH zBz*}`(x*x-@N#H+xn|q*$S3_kL)cP9i0G>LARCGcPcJf^4P-EggcP5uIc<|V24USK z(v9OIqShD4G{;TD!rQpB`=`w;i?^k9Lo~M*MH?qVn?uIjn*Nr>N($Jp?iTii!wgD_ zd2D#|^fqrPwR0Tbl|#zgKkw5xWltDHpFVb3%pH>J6%G)076o$|J%n-NxzOxzbCn@g zi$rA2I?!ACODJ3*-?2fT)qY(Ecf&9U57!UFv=J0E7t$R99)v6gj|X$WL&HSR1qaV! z?zsi7SOzjj;*z!G1K+%M7t)XSMD39DWW-V#<s5ZQNR6Nzj==(hSnm4T@NzSup=Tub z5yKMjv@H!_z!^rT%N5j<T3P<iVurs=IGzf*vs$+G*!iilI%4Y`uz4;=MmnM7yq!A^ zG_26ul4(bMxbby=&n-&Mgxi|~KBSU<>;kkXA_mh&zPh9^y1k&q4FLs-;l5cq8bmk; zo{zauM%opa5ul69^ghGwxTy<MN1a2(%KIdGK%+c8Y{4Ov>15D)V!DA1gm*;=C+4hD z(rfkNk7G{4k>|#Bn9T;j?7?X9F-=GFvNu>c<+Z_}!Ix*B)wR&M(V;jCWgtw>(15da z>GzOG3_MHg*tC<9!EC2btd%OcP4Me33!*ynAW<wR@H(AElQwUH>J09<%y(8rZ0et) zoJydk`~>68cHNqJFd)L78sZHda)#XNQ!&8(=}H#0e&3Z?S*0p)Td`1URa6Ydp|6@> zf=U^`#u+}W2-H@0sdce8wX}rBc)4P$)hsMW?4ty&vOMQ}?cVw#)GQS3H(yJ31GUPS zmbHlW9LE?<&9<kzX5$b&dBfo9%F7};h<R$XSH*RN@2ING>GE(+jMuz;5_7mG|5nwe zK?pYsK3T|o>0I`uX0i<_$RLng(W?yXU&fjxj#<wKu22WhhKrQO`xEDJM|f6Awyq7m zdYIggiJud>3`q<~?!HD8wIP+=BYH=`Dbp+Y#_4R1C^EH4I3WdC(E8*G0S_6o49z$> zqq!Cj!ds<&ZJ)_Rg6HdnyD}RC4#BepIFy&Wt5v`FJl*^NbL+~PGqHfLp{w?vhNJ&s zPbv>hCxqrn#GniQW6Wp_$u&h!t(ahog#Y~>g-w-<M-Q`e)3=@P{A-Szn=CK8-rx1K ztW;u(0qk>-#b<xcl#B)j%LmpDv1#{W-$}6JIDzkVV6p$5B&>H1@R3U8=imIlX$9&2 z&v&2x^OEIHyOM-Y=VCa0%S8XCbojsX@}DLz2>^MjfL;Cn_^^fY!!FqA^gEmQ{_80I zzjZ18LzVqc@*e-k8?NNEz&dT~Q-1V2>90>3V2ajtn4sUCvTn{d{(m$b<xhwIMj8Y6 zyOo1j|3jaDZ;J09{_g)!G6E*2=-<xA|0f@chIHw&kG1E2_qhHXa6Fad=-&wc)hD0X z;%iC@hv*GXRe8zi-$|!ixrJ&yDIY6MPR(hPoNtJG!#^JWR`zau_MdNzIsMX%1sRLS zip1}q`KlJUy3;5Y4c5=Jv~2ub<Ve4}g(w%U-CjSkL)TZnR!<Y^(XwTc{$#X-RbyW` zG$7kb&bko4H};zkd|#W5S(@tU^Yp#j_pb@fpPBLL(sl3G!$W7<GDdgquM8HAlr5>7 z_o`{xru8*>#=8~G{#I6|5*gXPqP{wQu$i#bEVE3l+CX`)esbE_JU*nn$o@T~qDtl4 zDd3Zi^W45~X*)SAWb@DeQr20<HPwK9SOq~vBn&!~ew1$5KmiFUmFE%Zl9(`>35*bF z>2M%1L|VE=g945c1{=A-=w>vG<~_de$M^eoe&=@<=RWs+{jZw|BKQF^QDjJr4gN}0 zdR(LBA2{Xvb#26=i)d3mTt}XK3>i~)Tzg+qR;Ez<U+sTmBlyHH_4MgMClAJBQ$(!v zum}ph=urwe1{D_@S!=(}WRl6>JLpHrx%ohYM+zFHhu@f}>h>1P9BfIDjXB<s0A~o5 zf}&z+OG^vDQ=ov3aj}=Dr`-8l6O&8ucvwahbUdvrY9H{~ls^8FStTtiOGZ?;)MdOf zSK2%I9bhin9k8IttaXgX+9xx)XXvjbZK<wN?SZHy_hceZyy1D!X?@;IF70K&(BiwU z)ATFxY*auIpI%a3idJAWQDiO6Zt6qunjq8b<tkfqq*-9KMqOu}&qs+>lWUEQ;QsH< z+JseCc!7~ej*$WMq@=D4g{T5fy)o7E!-rEn&*(>*0aBE-ovk0Rod^WtVlRF#*U`bj zRh6{5D%AYM@kQ_5FjbCmjH1bgM{8c~?}^Fb1ux;!Km!khz}DcHVTvW_y~SAQz%Mx} z?LC%~+`#97Ht7mS0oKEDGK<W?54$w`+{)rGzf^j0h!bN+#vl~hc>TSpvzf5h=m_4j zR9N>-*1(tm!F+VehNjWCq_KeTKFNDnR)&}1h01U;Hh*1#b*+@g=dqcvmXrxK5$UL_ z(;fkMkX(`k^ie>g8V!8AU%`)N!%2W(rB(px-EQtZdp#Wthq;%&4t>qD>uSBgr4#Kg z%@;I-iz&>RLWr2X7j4;39GeHqrnPc5!d-ry3KmJb@!iEfI2+hYPpJU`YPY1mdp=R% zewaHjHa_kkX+KZ{JPC=^5^N5C)>Cf;QFB&=bNY7w9kW6kfp&Wve+aB1X<6UM=dgz3 zARTB!f`LH%At1-`Z317O?a6qp4gXtr{CF7p5@kfwJ`L$Fof=I*mF7M4Vd@bm%KS2! z_}&D;p0sXWQfDzGO$hK^zTLF@o7DtQgo68fOdv0aFB}=O79yo;y^K{&;-qW$bAw#z zBekTMX+y1sG@02>wGmI;=6{rxp^U2SCORYUl2!|{U_70IHl4wXyXINBdJ#7<kqRKC z3pY66Ju%}IQv9yfB3I`+dret=ic|O6$>bg;uK`*LHw&(Gj<?t65Km*W@EbzMuq~6q zQvqhFf4$Co$2wis1<A(!=~G3#9l%%m=N!+JusOM`A4mWit9dUr@=rOYo&sb*@2P;- zr{R>K*v5p|MvW|XCu?k23SrW&FDdqkR`nNrtW>cU&c)HCW?&ehFD!eC_mYI>WaI7@ zj2o6~9TaO3J@pF?JZs+CXv7KY;WDpB_F-*xwc?G(zQsB|;rCQh7w7c!EL@2Ogj!^e zg}8@Tv4aqKsve5$>>YaKO8f%T93$b_e~d4O-BbPcTI=cNUTnC=^K+Z`>Mh)aTwAsv zpTh?GbJl$KS8WH+H}#KInCFjQoA;7|hrEuy&qI~^@X!<^3yUo%TG}+uRf2mGXi^iG z5|}W#`>pF~$ya>|wPXa%Y!iUy`CTbAe=~J?`@5(LlHwo_y4v=?qn3^FN{CqD-u!~< z#ZJ$`-*ag)d0zt7bwu#t8vU)R&v!>7VZ*{j<^7N<$m)1SiV3MBr62V}JH==uA{2$= zGazA$Vq|zCyUZlhHo8st$A>=XSG)Bomhk6oY2k8WrEK3rIo@)ad0==OeoL{A;ppol z>N~t2HY7a!M+YJohxZ_|DR@1_j*N@}swi^fpc_c3Cm2&jw$RAsd9}n`Iv&^f{Cp+j z)e<+4waI(-Xc7^=RcqUa_|hL}CP670jdXwQto~lDB|krZI_k5BKIk}vZEmu`<Mj9S z#MsqIz&`>p$k*BNu<8`UmWsaS94+GXSzut3w2Ownkym;8Vj}6{D*ir0Bbiu9yx0L1 z+Bl^&Z8ciz_q|@<EJO()qzQG-fjvZTqQPO-va%yr)1mF@q}kp^V0oJL<#a^R8)^60 z^R|RN=z5ez6<Fk}lLcqXpi;oG4*b;T?gmAm|E~bB?~ncxs1`1lZ*-ytwAg~|3|Z&S zTmxbeu=`z>a_Elyd8|ByUY$~bJ?#1Xk_c~%UWb^31UTXj*RoZ^X*mtd3wEp-su>oq zc6^jO>Ew~&UWI`TM@o6VY-Y*#1kqtrn#LNfSNA$wG&Hx>znkaICLLVwjS;VU!{{{! z^2&9-eeW-(P@YqQLEQ>_iLKi~Zi{W_ju$AkIC{tVSak5%y-)HuyE{K+vt;xXJ7n*p zG|Yt+Wfpv~)lxP-^%^>r>2>%sgO#vcRX~~!Z*%%DMRe;xO?^N+!|Kv!qVMofJD>1| z$8KCE$Bq!jgsJ=y#bh#4Xk6S_GD?(oYCNCmEpY0sLQ8>v)W+tgC6j#_leS;D2CX{P zhuxrA_MY*4qVOonq!5%Dw--&%Zc*cqV4<(%`EpV#7AMppr@hr65@|m)F|xYO<H>(J zd{=_jayIsQ(;17JeGaFoY75Iy`_W2a#I4ma!zn>7+odGbjFIGjR;1w8rwxLV1~p<Y zQ1be0?np=R7qJ>h5Y6pme{4zl$zrbam^r+ZEZeJkzT)AX`d9Nso;bSw2=sRlR1Ob? zzEti^L`7Z1bam`t;bo6e(gm%fqt-ME@Qptj%LEjYeuZqTaeOE5&EH>QwB8~n(v#jg z`48PY9h}Y|S68(+9^sSL(p*c5AD#%ySt1NDfo*xREZ#>oCE8#U@U;z<8!d0bfq#nn zLuN21^({>0ij$uNt7QnYF*CiBGvqK-lr?(2Cp<Q)5-Y@_`{?p4U_A{8fw$^?>I&I; z2~)Qpy}#WlsJ!77y5)s&Iy>rWITO#DH&&Pb*)C}ykEHhb(zJ}XtGNmt#!k+Wg12`z zAT+%or*W}zy15(T6|)`TO@=oMPk%F6Y&`1p`1KP3xbHBb%c0(7hN?Mnc^7I~xdFqE zDU+*)mMvm*W_h^Q!sEGB78tInDvNx$^!k-Qs#mP5f{n-9Y@9tf#YYs7T2uuHZ87bV zM$RrQN@GfHi>8VT$oHqjDQVQyNEAu8V@cpyQQhSh_B~<gd*tEbEFFPD8j6xytb9`W zt6*_)i~QcyMm#b+COz6PQP$Yc|Fd>aggTGANLk0sO8sP(e=IJ$V@5?&C1eiin3Sy8 z4HlBLe&$oi_9(vmCJ+`p=|&s=8cx`Y;N_9>xl*=#9M5FH-pSYe#ohKTQ?4^;j4vw1 z`<SH^5?&~3?T!JHz5N{|v8KR0l4y5DykX^g)CLfrJW%lB+lmR*Q~M&dP+f*EVFzxQ z)Qf1vY|!j~Ljqq>6?a0$lX*D#hyr6f8QkW~*R%unaqeWZ6jNk#WMvd#<4ns7c9c4S z8mlNEk$9GkNA8!ReuYYsm~!mLd7>1ccIgv;?5Z`GJSQI3VX6b$ytB^<wlS#1?i8mj zt9eoZS){_C05uNogTF><(ezF_dcBQEtw4U<5pzM$%(44mhr~p%@iNI79-hV_Ipj3M z&X9zdqC0?crc(pynEsGAepdyQkeW95kbxp3Ha4v5m(r@7zF9ru4hxP-fy?|>m$=U4 zqR-y)@xfwmg$VOO$9dP&LZ&XkyIwzY-u+O==cD<Hi%Q*Wdaom;;%ye56RbkK<##rA z;bq$HF1?}4A>6M;*O<;}ve|)IUXl<kP4~011^{Mi2@G@C*6~(1?Rw<7z?79owjeAN zPiriXPCQEi+nCU1T3#w{Tt6M$W=aCc7hR7ur{c$U1mz`JzKJav$9b|qWYHZPCKw*B zp0_&CtpK!I_MlA(1{)kqy0x;G&@>W!)#I?U#C8;S{+ZUWUHU=NiuV)Z?-zj}Q`UP7 zR{w5YKFHZh2^Ig8a{=%Y5OxJ&su!%-FxhGm&57V0ooxjmo3HWJI-3zg=@Jbw8vg1i zrZQ?E_U~G-r8{`J=&>~;hs0)6nI=d3;L*D)%!-G^`van;HG?r!E}wl95ht!ssBVK; z)cr$v@Hac6LMQ9>1Gc<$H!(Fy_PP_}1tQ5={wF|G!~<Pfc=tR`pNcx)&0A*SS-{Zd zdfJp32dtyh7BzBRpTH)Hv~}T-ClCWBOi#($iK(V?n8P+NM1Q;ZCPd0H!|{z`SD=Wp zu#XVj3_SHCOt^+ty}$0V(G&S!jB#?OZDq^BaQFtI;A<?o?B;*H?V!7qJY*d?AZV|^ zOcUpp0Z%|QJZb->6w@vbVo<*`FqB|)rGKjq#iD|>K&p-2<i<q$hXfU|+2-U_aX?nR zliB8Ta0vqDw{Y^!5^HNnt*pUhVxU>V$t#38W`R>wa&hNG7x~UU!zXOYb5ED36!H6D z%)$kzWWSGHSG9@R05ZST#bu4X)VIp=Nb>p?5zDVOiR+(}!(leYy#d26kTh$wl)xpG zfWX1ebti4;9}g9v;~V$Yucz<Q$(rMir+kybYvr^tNRye;Z=(CJC=tQ`auUUOF$=U> zyh<My)!?4yHi@Bk)*;64NB@ORfin-c+wTzk7oy%sH_JjtwxxuvPrn--wlOKY%;y^l z*xP}9_&r~63Zm~i@>@kbWULR5rjMTS=J(VC(FJ7vY~kT5%TAzYRaiK25bR}$-tA1g z`Asi^(tx5D^I56P-H+qWajhT+K#1ya`fWcW6W{*fvru^V<Tc`Phq3*1`y=aaJS`_R zl4>#N28|aIY>yfXukkk2A#XQocI@AO_G^Zj#KU3UWBFDxC^^zy0-AlcFMYCnc75;M zgl!c52}mSsU&<J;2N-mG8~TdBJs4mr2_N0KP-1JV{HJBBk=sH`bYrCwo>E6JN=kFO zBs>@oH2-7Rp}nCjVq|GTmu}g1e0rPBf?!4S`goa7z{yXy?%aJ}hhR6J%nPEyCOafR zK~8C;4+M~+l}gl<*_87L$*jmCxox?)k{&}jVn=D&%1-rZXwdZrHEm=;5W~<8pz?Zz zlVAOl8+Gad{@$TK*b_|Ew^diB<s&9FY0^wjNtykV(9Q!O^k7Q2-1$dR%=gsM@(K@e z@>qkd9s~Z<?(kQ4_P;VcYvyf!iVv=mWHd0;{K{|(FRb?I#M0FJpACZ#__+C+yZ#Z4 zk`CPYLv*7|EnB(zt(2Co0LIwlNBZ2V-f|pW^U!x#y0>3kv&Ea!Tee1VS@r2?N<5_^ z-a!8J;`Pzm?<v%xtw*Bf6CKX3NAQk_iNk500)pOHf7K<t5Fa2_Hmc;-uR?Gd*C7lB z23P$g%2~&f{8qJLr&V_@`NQuc5Qjl^CJ&J}tyKi(*Hv#*@ytELO^7{V4T|j%XAQm+ z9WiLdz^oQQl@r7=%fQKsJd;Ozt*<|pQ@CgQE&9p8jxd#NUMzcgdGUvxC@!ama?$(4 zv~kfViPQ(bwP)Eed<xqq+)$3Tgl~Q~c%$MY_z$ct<p8hbIhm#AKC+iqcGB|i_=x7= z`E@I+G>-|}6rU+MG@j8>&{UPUZt!IO;uRI;CD6$Bpi6^gH;ZBS*tu5~6&23eSGNbf zWxVq@k`Nb~r{euafuwOnz9{4cwt1X25t?zl{e&<#SM<iqD6NqfLy5^*OI(u*)tYOk z8xhIKik0TY<n>(GEIficGA7rVHU5NgivJP`^o9AF$JjxoM<-C6f%ex{K?^|%o!y<} zokIDjH$xRtDxNhCn(7Yfr21Hw(3J|QC##y(O0;y3Sfe|=4NCmC4IG>4qwicjIEepO zR)NiyU-+78=1M0sk0pLPjv5Y5mG&VzzCa4(3Kz2BM3M4Pb+ALY*f$4BwQFSM2a*hW z`E)hnUUu}BtRD+h2<n7V(Z<RGiR}y_(ep@&`D`)4W+_tMMW_w)D&#Rf+;<mLC<*O8 z@FCVnW9<A#s`)C5^N1xmzxW4I?Jc-=Dq3vilwX)Qq{n$r5J7%#c3=J=DVG(Z>Y~#e zFXjJ<{A1hS!&9V3?70o^8Z0{G%6TvW7e!i!TPO`IJ$dUO)UiOi-K+%EWT2O<AEB(Y zi}n|hj`|ug>YtpFVh4J>;!h=5=NiNS89>Ie+*n1wmm8_kE;*~w>K!v(V7-R?*U!S` zs|SUT{5|!sHkKf|XvSX)#tN$^KeXddZP<x-Apho+)I2ojwS7J_|5c+c;_&l4`#k&c zOMwuCOx)gjU-ze1hl11wY@&v{{M#Z7H$iqMoD}AMc`=5d&0lVt5G-s~JV}4wa5n<J zKsFsKaUs=&aaId3N#hI3GVT6j;uC#0e(kjLzT}2voha&qdF?ogUA{le^sL0+b36() z^xK2fV)&$z!o|#qV4fCY@6DK+UA=KCt6Qrj-G9+hi#~i;E&R6(d(tU6`>ZS2HeE0D z$Gnn9^uUW?S32x7g@;}8=m-WJhk}=L#sU+EwSUrbXB}7FR6u%Md$gV>8teNEtI~WA zbPvS*z)Z_R1h_r+vR-58VoqSVrxxc$g?$-bcsKCPQ$mGqCh&o#{a#6JeBSC;Mus`U z^DaBLzN~nB6k@UdRl`1OIh1-e#y=lwIz2MAKICe4kx|H&<ya7~%7XGVa?~!6&fAsc z)eq7qnqh}BdXvV{a2>pH2|q1mp8<S(v?hHCMR3_Pd8ZNk74qSaLshs*zh34fG>ch& z3e|A*{InaWS8a0g@z;|SoK)PC%aP;nl-uB~9P-Y{sg`<NqJ_1zQ2EKIl!vB|M_laE z@IW(yn<QH&YiwYxZNfN=;2n<4vlUg-ao_#6>dMTqPI2}qF*fqykdgS)?m~`f{EV*z zb;0a+NkkvqU;K9P?oP?kRi+%{l9<8cw~{Jy%p)xQN2TaaCV`WPe#0*BtK#jnw^Sdi zo?KC5PHms@uN(;0P=`NT`z-KDyh@Ox?M9xn)w|#?n>(=mQ3m~l-RdJ9|L<qwKPv$< zX+#_xCVlW$gE2Y((5`r^L_bT{dHn1hB}}Hky>`Sz8=fi6n_WcGoJ;Dgs%;R;ESGjH ztwu{ZfWNBEJC60E>MjnR7oQM#P<>uF(okMYTaH#;C7&>)V%@2dZxm9U#66oQQ#aD+ z>UnbBXkc_SWS-XkVc1yJUY9XRef_;Nc@MY}raIq5b!Ol2&%J)c{HJF}$(6^)ioWZJ zDk!#Z@{2@BC9RBVl*G_4Z@r-%u`1WNB08_AqHA6B?9t_I9{h;DK(Y9fhjYU*sHf~k z<m~=!36>TvcJj9|y4T7fVUF|@?ml;9PWE##CeLoqo76IQf@m>TVBtg63z7T+A>H$I zED)<GM;GJlW4sEMonkT(Pw<VW1GP2MZ~aZ|cLn7pGu60hVWnD7<M#&UP!#t~^nVyb zLS30ZQORqH@)SoCbLg%xI+T%Ly4tw502$q{;m726T)wT~sDv)|fArE4!zZSC@{4N` zwHT9@4vihxR_-UoE-hs8BM|<i2rWCmc!sMf%v&MHLRrysxiN5!6KpdTTaL4n<mYFd z@vqW-cMb%@m<_n2abx`3C|5(AS8)GcFAIsDN6Pm1O#9;?tB(&a9wHWZ+5Xi5T8EW_ zqFyse3NJN!xq>@S&g8EFD$2J8{*0kO@tc^BZhp`GrAd(mW+*W?z)Qs;d{(5IB#naQ z6~*(>@t9!~oP>0>6w=pA1$+dcXHZkeI^A-8q8(%Qbs=5*UH1}L*@4ubI#m9`D^!2= z=3(Awzy2oM10(&tN9#J)!xK765Z`qJ4y1mg#jde2Aq|^c{DJk2@gZRJfvoDd(bC2@ zg|LTjzB$Z`@pM`qOXOF07icc!FfEg1)qGs()pLeSmYk-unvu&@-R;?FMh*upM<=+8 zl;ch;lZz)|fp9*I#9@))FfCe%#EJQq{OYpSXw1)Qgp89R3y<jwQg`mnNUmue@3r>A zR%>U6&Tu=mKMxV3?*<{giP8A9;&Z;C(o)iBYV+r?JL5_DN~;ant~5r26TD|x5t!Dr zN3jT^jcJkhVTLqf@n3qUzHU6xg?h7rMHRN*n<3V!hu50c5^qSqwP8#h<$Vc;yxh0w zMU4u$gxKT1r0%{zYS}XisO1aad~2XEVDTgc(PS<Dki(p6Pe=V-bnyHlYn+W3Yh;b* zQ`XRVr=&9ZB9W{=_B>e^1Nan;T#{~<0);_QYmH<2WcZy2i<ZetvMj?<3a=h02rdh; zMU(20&<D9Yf8LOd%4uIekS%Pj8WM@dHe5{zlaTmqqxLF5sYrCpmAE{vbMpkN*5rGR z6>pXr?Ezul?PrL#bNBE>XF;2P(%;o=i-z_ljR}{{-VL)%ypxz;li{>?;FA%apyV<S z!e|-_nItld)qUWj&?jrFPkvDgO#zL;()+bkc2%G$x-P4gwve`3;q&q$5h1mh5q=8$ zG=p?}cv~4{Ll2ia04rX7ahQg8I60$Auag27lsOkWx>Pi7+L_>SRx}0=w3E7d3j}Vy z*sU?}r>{mYEDjgU*RFC37dcM}_Yfd@MALutRoRGxte<a&b$*uJs-3|MX#kOo>0h{C z^+@%coZrDzeu>Jo?W`(i!)eWOX!$@7`1_A56(0|7Jg{4h&YfjnP$K$ZYjcGS2Wp>f z_WK*9o)M-m?10qy!SDZiuYPw*zWM6*&iusF2j7pY1M*dh_e#bd2r;Q>g5UBMfRDrt zOH5wT_4Z{b_G)Fy4ah8y^Jj^PA+JLAuG$zKNVv2CZ1D`PrQ1fA@MN<?VA1yK0RW2E zp~Hw=-zza5&hOvrlw#*?bEb}rngjO`_^=Q4+%R+ECb5+!$M03!O4jkyb^(YDt2SqR zjjQfj*S!LHv$m4zE`)#$nr+od5BBBud7hLm%f$)+S##apD7VR~b;BjT6tLOa)Iq-8 z<^N#-bxh1wmhlgol56V-R0_P@Fot^vFs2PS!`;@b(<R|Sd9&PRDM+mkInoE7_{3xl zGyPqd@#{>iKLMLu)LPs1AWvxM4=-<oE|2mYa30e9%R%(4S~ZrCV}J^vi>Ch9S3-a; zl3G)BNXz@9AGmi6>8TbSs!U~*9V<-{5<KF5;T&2{xAX2V58t$qs0{*VrnUuJ2F3Z= z14$s|<VRp0xy(7HwxiI%yPrPpkcIs`e%2`^hu(QM|K+jc(1Ox%%5@vHdt293b6d|e zqfU0%SdcW1xBObVWx*Q;c5AU$vH)T;Ko|qpRhUYPhZ|6J#xMIX-Zwmn+bZP3uv$fO z(N}eU{_xEI=rH)Ywpv7a1H^vq>G_1lTP+PjqG;RvxAKa?o9*MHHT`0q-7@XJTjKsg zC1ck!J`jCi!>=^>KD3gBPm`kpUStYAUJTn8qWb6L{&}*;P~2+pzVaqRTYBT(fa00Y zprJgPZu+f5mo}M8lz9HZqR_5l<^KHcqQ!kx9fT*0Ph87-s=eG4_cP=6=`R*-($P@d zgl^Ot3Hh8BcB$RBk;f}xlmDk`hz@L5r)T!gBZ=EoZt3P}&y)vgXN^;FzEud;%b`DB zgBEFm`=*0i>PMV2r25J-YJQgaTUUV<n(+MjAm>a|8(HPLL3Jg?Y0iwQVRLh$)tIs* zuFM;j4{j_Rc>g+0D)7Z;Ts$Zxe_^7=$c%9jy9@Uo9AUUSz{AK)IX(ET7hpmcW+jaE zQ{{fC$Fi@|c00KBOOMryo4NhIuf)15k@=VKSG*VFwfMyl{})cbR1cY#Qs6+`(d<$J z)aO(55Z;g*!F<sA`t@FJA<-PbB1iV_vi>(`(~~u13!s&wQfTyP8D@R{>a)$m+cJ)r zwkmE2P_a8-o;<Qu-#!vL0|r^7z=OVsDEbUHGz(F^=BA4GYF>&jhnURmcoY~AUpJQx z$D!s3au<S|KzHB(hNkzSU~AX*KUTlt>VkLFB}A|4++aMv65KlTiKe+3XMx=O-k)`i zJ8b{IlSN=I<XlID6~_RJ12O^jhA4VGB5_Tv?XxddX7~%JP{3T)>zP`2Ab_tCWqn{f z8O*nf_5dP(OQp|a!3TkWdrf4Vyzw$LNmG~Nqj1)ARtfgX7y8rJp9$Nk#%(Nw^G|dO z*pKgNy>w2+L8qISv=nE{c3|BHm~je^b?DI%%i*3t`o{5sS;k&Bd((EpgbW|_a)+xA zx)P;LqOJqkX(%`R6!EqW%e)|`Y@8h1X-q2hm6?xQPIK&)WCn~y9d7saAD*&tR^hmO zdekwd&f3^_*#$yE#{RqL#4e58pN+AB&RrwOC08VRe)fB>Q_dX7L4k=Qh9NlYyT`+O zQuHtSZw%DQ8k+iq($IE!AH{($Qe|(T(O$XBvaAvJY5gbNx*Bfm!0&a2qaT$Y$yn)X zG>q^atgWu<p>dAfvtK*69Dr2?%03N3Y~LdaRL-yR@bQ2TmR!uPV4Tgqv?R}d<z}zp zSzLGwZCwHbqVtos6Wf~KFCk197h#9MewX!)Ne_&dczf!R8ym$Hs&4rcDx^Sr&(C0{ z@R^U>f}^=a5#Gpi3M~l`QaCK&V8pP=bvuLMwi>6n75Dd;m7E(~XnnRJ*qKt;G*(RW zl}5-lO!U?GG2t0A0|Cke`}XSZN+87(@alF21OKk=mAof64xc`+<{K$0lLQwZhDp_G zI_Xf@I~M5va7HOEKdE)A6_z<m5Q2^P--V9nikx1gHo$&QzESjW&je?fM)YNwICX&t z4mhkN*H=`zpIv4D%37rXXPSKu|DU=J7ys_ER0~J)pW@24n6GwqeB$zJ1FJ9(-RkrG zSuGgeA4e)$lWDRuF3mh$aB8xg+>^->(XGQK7c?cfc&C}^tc|JZc*`-n7D{J^52#RB zYSz~>)07FTJhc($%l_ry8nEKEH4bl?rKeGMQ;<Y!b>+Q+yi^c<q-xJA8bZaCe&_S4 z4#iw-S>%af`^r5Kms+#}7Q&n-NVoV-EngC7K)leLs(%oa&4U9}1UGU7TgDo>F|<MX z=giN=LyF5=d%;g{2Q9~u@3(zC2k7`^C}m+EU@LPRn|5va>&m0MRU--QxYB;GPe&PA zQzH)5zEn}`cF}#F4BGYE{wM}Rijx-s^F#CP&RF*$S$VxQg2wdbr=XXw-!$Lq3_bil z<zO*@Bd5*{*)1qqce=WGsC_vr<XTM?8T!B=9{W(ik(WPGch$JH6k?rSUE1}&=@0*t zAGLj3f#@=C?<zA-49y`~D2mjuP=9tnTqa?|^YbA+?CHtPDb#kO;}xd@gpe>8-11Fr z4Et%bZsB?bTUM6U2mN&W6y@C-u$X-$7*&rh^LIvpk?gUOS!VA7z1_1p{PsLx=wQ); zBHbjj<0Ea@!Mp)!v>+c}f*vLtG*UeXBfM_Fn@k4(BMg5|Qz6BTW8)P32Xo`Mn}Q(K zKy#8j-*;8kr6hK`F(iEOD$7^L_4ods8WEa(KBl-MX+9sz=AF`;IYP8uwb8EZY!1P+ z$-`NvJct|C$w?l=nFC$oy&4ljTv?#IND42r%;jbj%VLgca)L{N1I3y~%L7s4je~D7 zUmtZgc1e$!&!f>%Igqx($0YTDg<s;kIna5|p*O$WZH+n5wX+ky3ZuC6_m0Qo_Phm? zLmkC;8$6bLO%jlM`;SACVGI7Pxp~0T&SuBcu$SC&H?FU)jO|~=--UB?kh9CxTm9}N zmt@kbrn<mxOc|v#Uu!io8pc8~1IE?{2<hW?!ReJhE}IpRdntqrUQS?gkS4|V)ojd; z##jL=6jkU{M;^~Wh@@wALY`?C3+sKVr~vCi6&s<}+Hq#mkRsa5`p($E8NMd}UF%{k zDA>y=XSu1Fr{7rtUea2cL$*IJ?JshojV$+5eNdvQ<3Nv1;H>BmUP#iT^d4uo$(jef zeKW`tCwE7SEruZ`b6T`)nSIPnDOP@LXhrXM4(Vewz69#Z+1&8RuyHaVYIezFW}b~( zSmb5^Ta>oHj)i&*$9XV6n8UcOb;wYu`C@<XMfkc!Lz$u1=L2%%mL=#DseKj+e!eWP zxuSeK{pX2pw7j(EDW1uETZTKdbPMcVg`z4!mg>qgen9JAPThRcMtALoqH$VDao&)^ zT}4I$0|FuAsG~ACG-U&g^aJ<NjVdGw@tf3*E=bq#&O)@*r`xx5U!S0OA8=@eq$PSw z!SZBu7aiAgiL^rg@0&LDOeV+Q8zAb&ZD>q38gk!i<D_E%^-s@XvY{`(a1n@9S_CSE zs1E{1S@UbFnFNsEOny|b>3U4kKm9lUIH;uoHF-LlfmGENJR7bk5IqC}=6l~CLZnb* zUs5~Ib25@edw=`%Y8ibGaHEBsP3-%VXwSdax0frc`}aaSjxs52W0rNNCJM@3Mapiv zaJMO~_1F3>b&d0ro_0&dt~UrAcLnSV9p->)s88LZrA#SSEjBb*2fAdk5)cvwm)y(p zOvecbsR-?bo)+qX{gT8T7=Q5Ann2)VoFyryCmtv85X6wi89>4h$Hz(=e_(6V(#q<w zS<xe^YAA4?LLupO1wO5-__F*3`1a#5bZ0V(?@OCZq=COiT-&E_c>!O6!5IZ?uTIXX zZoAf16u9VP!;(QD5HnqtjZ@bFdlY*1Es&SZwaU^TsODI<A?#_1m@lLRE|JX)x5CY` zC;hD%7jIW(DR(q)GCvD&HjAA3p*iv09AwbTaylfkVZ-iYwnxff?>ZWfU7wfBIzAsw z-j5Mv@^M#Qqc`}`e3na>gW2ou`{L5oAji4vj;^dX6vH^`cJEV3jNF86Q=oX6BQy=! zzQ>2;39)!t8%k^pEC_k>&aP@&;}*@;7%!EER-N^2p}OX#9*&GDZ`QTuaJYX{y7do} zm_l@=3zYC_R9Be3@xBxiE%VyC@oaaM)>doLW@f7zlL6qmN98@QZT!HlVxu>CY;PG% zk1BrIS=C8vl`05I`aMBBNanqBHrI%$-?6iF^6>j@LmC~%L;E93OCdj!@}Hhna!vo) zzo5NiP|VvqkR13uMSvt*;Fz97|0;~QTM>XwI<)wzKn3Ky<+{7;_-UafW}b)DLM)<T z9Ol~P3FZ8_+8Crois*{3xd_$x+2;ipH{-+^%JVJPdXby2TsWtS{HBolkOtrYN38FR zhTgIyQKJnT{7$T$)Imr&{nj%M`bTqt_csDr&M=>F+PWTUZZDIBZmr)xd&LoG+V#o4 z#9~{Rjwb8uzRT7<d!WQBn>BezOdd@R$(fkwWE*DmfwPuBm{~W^Qa{l5!DIb}=p3a> zN~I3U>UiBtYBm6tmi?XD6Z$(3l&s{h3VoRBop>xLHu~E4xc3-qBl1sVC&yATWIQ1x zk0<iRyUQ=@aH0Q?+`a=>L~zMOQt&7{_mM5)+Omu+l2c14uvR{;J9{o}B*}o0K96PK zm%tun@mnSKi=%9%#0#C#t2rLk96Z?y+jv{hbhCxW6Uq>OJSDod-tPb2eas_nbsjwC z|A=#kI&cxM&Cblnzy8tF{30VuHgU>zp7w%~!<><?42+gs0`pd4w4*1ros4!$U3M9x ztVRly4um3mjCljo2DCH(hExfEO}M%)zDf154Zo<^<YcEj4FVlmT}I*#pK0>)|9)v* zh3KhXto_7w^pm>e$B!4Ln1%j>eXsn?_0txKa#`SvC49=7QHdWuZvrV{)D(;`@pom^ z=~0)mGmwF3sYftlzCx8g0J7K9CE2!B(T@Yui3t4<ozgj-?>OS^`__egj-|Gk4#?3W zrZZby_s8z|09~U5a@B6nV*#6opw3{}>{|#tk^*?Wa8fK=8)QbFLWzONYU<j<n>#l! zlxxMa)`H?jUH^8O)h+m>+|uyteJq3!;g3%ATOOcz@K-rdtaQGrPnHk*#C?N8V+0tT zL#a8vzx}o9*ZhqM|J^iJlKj_T3S?`6oHFf})89pdK$Q7E)AY&3Bowf`if_}YDOvH7 zb@^|Y8Zd%R7ZYA6TsHVCLsentxuoWGdIEg<{M2b<?{EUMVcV2%U$eKFRdudJ_ECN# p6X(@!O3}+OB?s(K+PI{iTbj5{&ET&CtW><B^;}P_OvUok{{YFM$>IP2 From 273c1fd2571634f3c7fcc27427852ff5b003a615 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:06:02 +0100 Subject: [PATCH 0983/1758] Update README.adoc --- roles/pbx/README.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 0a0c11ef1..064911399 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -170,8 +170,11 @@ Due to Linphone's inability for phones to ring when the screen is locked ,you ca ** *SIP Authentification ID* is your extension number eg 301 ** *Password* is the same as above *Secret* ** *Confirm by clicking tick synbol ✓ on top right* ++ +image::files/wave_sip settings.png[width='33%'] * If the connection is successful, you will see a green circle next to your name [John Doe]. +image::files/Wave_sip_phone_connected.png[width='33%'] ** You should see activity in the *FreePBX Statistics* applet at http://box/freebx (or http://box:83/freebx) > *Dashboard* ** Connection details may also be seen in the Asterisk logs at: `/var/logs/asterisk/full` From 0d900a32abdb1eee4643f5cf042d380b67220c38 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:08:48 +0100 Subject: [PATCH 0984/1758] Update README.adoc --- roles/pbx/README.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 064911399..85f76de56 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -174,6 +174,7 @@ Due to Linphone's inability for phones to ring when the screen is locked ,you ca image::files/wave_sip settings.png[width='33%'] * If the connection is successful, you will see a green circle next to your name [John Doe]. ++ image::files/Wave_sip_phone_connected.png[width='33%'] ** You should see activity in the *FreePBX Statistics* applet at http://box/freebx (or http://box:83/freebx) > *Dashboard* From 0695907bc0a77cb7b7160d80086eb00e2212e4aa Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:31:32 +0100 Subject: [PATCH 0985/1758] Update README.adoc --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 85f76de56..f6a168cb6 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -169,7 +169,7 @@ Due to Linphone's inability for phones to ring when the screen is locked ,you ca ** *SIP User ID* is your extension number eg 301 ** *SIP Authentification ID* is your extension number eg 301 ** *Password* is the same as above *Secret* -** *Confirm by clicking tick synbol ✓ on top right* +** *Confirm by clicking tick symbol ✓ on top right* + image::files/wave_sip settings.png[width='33%'] From 660f2f094086501b8c263c1e122fad1e385a3263 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 10 Apr 2023 12:34:21 -0400 Subject: [PATCH 0986/1758] pbx/README.adoc copyedits/suggestions for review --- roles/pbx/README.adoc | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f6a168cb6..7be24bec4 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -157,23 +157,23 @@ image::files/linphone_connected.jpg[width='33%'] * _If you've created more than one extension, make a call to another extension!_ If you've not yet made more than one extension, try calling an arbitrary extension, or try calling your own extension (your own phone number). + -Due to Linphone's inability for phones to ring when the screen is locked ,you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: +Due to Linphone's inability for phones to ring when the screen is locked, you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: -* Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot -* Go to Account Settings * -* Add new account * -* Select *SIP ACCOUNT* +** Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot +** Go to Account Settings +** Add new account +** Select *SIP ACCOUNT* -** *Account name* is your name,eg John Doe* -** *Sip Server* is your IIAB server's IP address -** *SIP User ID* is your extension number eg 301 -** *SIP Authentification ID* is your extension number eg 301 -** *Password* is the same as above *Secret* -** *Confirm by clicking tick symbol ✓ on top right* -+ +*** *Account name* is your name, e.g. John Doe* +*** *Sip Server* is your IIAB server's IP address +*** *SIP User ID* is your extension number, e.g. 301 +*** *SIP Authentification ID* is your extension number, e.g. 301 +*** *Password* is the same as above *Secret* +*** *Confirm by clicking tick symbol ✓ (top right) ++ image::files/wave_sip settings.png[width='33%'] -* If the connection is successful, you will see a green circle next to your name [John Doe]. +** If the connection is successful, you will see a green circle next to your name [John Doe]. + image::files/Wave_sip_phone_connected.png[width='33%'] From 28345650f9504429e67343269f23c8a632c824d4 Mon Sep 17 00:00:00 2001 From: EMG70 <52469992+EMG70@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:36:47 +0100 Subject: [PATCH 0987/1758] Update README.adoc --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7be24bec4..8d8dc3dc3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -157,7 +157,7 @@ image::files/linphone_connected.jpg[width='33%'] * _If you've created more than one extension, make a call to another extension!_ If you've not yet made more than one extension, try calling an arbitrary extension, or try calling your own extension (your own phone number). + -Due to Linphone's inability for phones to ring when the screen is locked, you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_appapp], on an Android phone. After you open the app, follow these steps: +Due to Linphone's inability for phones to ring when the screen is locked, you can alternatively use a softphone (SIP) app on your smartphone or laptop called Wave Lite. In this example we will use the [https://wiki.zenitel.com/wiki/Grandstream_Wave_Lite_mobile_app], on an Android phone. After you open the app, follow these steps: ** Connect your smartphone or laptop to the *Internet in a Box* WiFi hotspot ** Go to Account Settings From b75b5a65e46fd61b74be4ebb451b500cfb1cff95 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 10 Apr 2023 13:06:45 -0400 Subject: [PATCH 0988/1758] pbx/README.adoc: Copyedit tweak --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 8d8dc3dc3..f92f2836f 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -164,7 +164,7 @@ Due to Linphone's inability for phones to ring when the screen is locked, you ca ** Add new account ** Select *SIP ACCOUNT* -*** *Account name* is your name, e.g. John Doe* +*** *Account name* is your name, e.g. John Doe *** *Sip Server* is your IIAB server's IP address *** *SIP User ID* is your extension number, e.g. 301 *** *SIP Authentification ID* is your extension number, e.g. 301 From f27a34708a2a3f1a8cda115268641a6347096e28 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 08:27:28 -0500 Subject: [PATCH 0989/1758] FUTURE python2 - use bullseye for armhf --- scripts/install_python2.sh | 106 ++++++++++++++++++++----------------- 1 file changed, 58 insertions(+), 48 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 9ca66c156..4a9c0f20c 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -4,68 +4,78 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv apt -y install mime-support #transitional package -#apt -y install libffi8 +# libpython2.7-stdlib from ubuntu-22.04 used in amd64 is compiled against libssl3 and libffi8 +# `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - "arm64") - wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb - apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_arm64.deb + #"amd64") + #wget http://mirrors.edge.kernel.org/ubuntu/pool/main/libf/libffi/libffi8_3.4.2-4_amd64.deb + #apt install ./libffi8_3.4.2-4_amd64.deb - wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb - apt install ./libffi7_3.3-6_arm64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - apt install ./python2.7-minimal_2.7.18-8_arm64.deb + #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + #;; - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - apt install ./python2.7_2.7.18-8_arm64.deb - ;; - - "amd64") - wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb - apt install ./libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/libf/libffi7/libffi7_3.3-5ubuntu1_amd64.deb - apt install ./libffi7_3.3-5ubuntu1_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + #"arm64") + #wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb + #apt install ./libffi7_3.3-6_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + #apt install ./python2.7-minimal_2.7.18-8_arm64.deb + + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + #apt install ./python2.7_2.7.18-8_arm64.deb + #;; + + "arm64"|"amd64") + apt -y install libffi8 + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +EOF ;; +# assume armhf is from raspbian "armhf") - wget http://archive.raspberrypi.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb - apt install ./libssl1.1_1.1.1n-0+deb11u4+rpt1_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb + #apt install ./libffi7_3.3-6_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb - apt install ./libffi7_3.3-6_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb + #apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb - apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb + #apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb - apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb + #apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb - apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - - wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb - apt install ./python2.7_2.7.18-13.2_armhf.deb + #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb + #apt install ./python2.7_2.7.18-13.2_armhf.deb + #rm *.deb + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb http://raspbian.raspberrypi.org/raspbian/ bullseye main +deb http://archive.raspberrypi.org/debian/ bullseye main +EOF ;; esac -rm *.deb + +apt update +apt -y install python2 +rm /etc/apt/sources.list.d/python2.list +apt update From c17cf8dcc8685d2c399f741ecb698ee28be9c50d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 08:38:37 -0500 Subject: [PATCH 0990/1758] FUTURE python2 - use jammy for armhf on ubuntu --- scripts/install_python2.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 4a9c0f20c..12afe891d 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -43,6 +43,7 @@ case $ARCH in #apt install ./python2.7_2.7.18-8_arm64.deb #;; +# trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu "arm64"|"amd64") apt -y install libffi8 cat << EOF >> /etc/apt/sources.list.d/python2.list @@ -51,7 +52,6 @@ deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF ;; -# assume armhf is from raspbian "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb #apt install ./libffi7_3.3-6_armhf.deb @@ -68,10 +68,18 @@ EOF #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb #apt install ./python2.7_2.7.18-13.2_armhf.deb #rm *.deb - cat << EOF >> /etc/apt/sources.list.d/python2.list + + if [ -f /etc/rpi-issue ]; then + cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://raspbian.raspberrypi.org/raspbian/ bullseye main deb http://archive.raspberrypi.org/debian/ bullseye main EOF + else + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb http://ports.ubuntu.com/ jammy main universe +deb http://ports.ubuntu.com/ jammy-updates main universe +EOF + fi ;; esac From 29d0f0bf902ed8d7ceedfa44f83cace5a780330c Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 09:29:22 -0500 Subject: [PATCH 0991/1758] notes and dependencies --- scripts/install_python2.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 12afe891d..8e3aaf70b 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -5,7 +5,7 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv apt -y install mime-support #transitional package -# libpython2.7-stdlib from ubuntu-22.04 used in amd64 is compiled against libssl3 and libffi8 +# libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in @@ -45,7 +45,7 @@ case $ARCH in # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu "arm64"|"amd64") - apt -y install libffi8 + apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe @@ -69,12 +69,15 @@ EOF #apt install ./python2.7_2.7.18-13.2_armhf.deb #rm *.deb +# armhf compile flags differ between RasPiOS and Ubuntu +# libssl1.1 would be available via bullseye if/when needed if [ -f /etc/rpi-issue ]; then cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://raspbian.raspberrypi.org/raspbian/ bullseye main deb http://archive.raspberrypi.org/debian/ bullseye main EOF else + apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe From 57833472a9eee5a3037d077204a9e97a9d853c2e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 10:09:05 -0500 Subject: [PATCH 0992/1758] media-types --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 8e3aaf70b..8b6ee9536 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -3,7 +3,7 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv -apt -y install mime-support #transitional package +apt -y install media-types # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` From 32d40f038d32fe4864920de20538666a5d086d4a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 10:57:39 -0500 Subject: [PATCH 0993/1758] more notes --- scripts/install_python2.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 8b6ee9536..ae672bf43 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -1,8 +1,12 @@ #!/bin/bash +# https://packages.debian.org/search?keywords=libpython2.7-stdlib&searchon=names&suite=all&section=all # https://packages.debian.org/bullseye/libpython2.7-stdlib +# https://packages.ubuntu.com/search?keywords=libpython2.7-stdlib&searchon=names&suite=all&section=all +# https://packages.ubuntu.com/jammy-updates/libpython2.7-stdlib ARCH=$(dpkg --print-architecture) apt -y install virtualenv +# https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 apt -y install media-types # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 From 5253c31d93f04977b23cf167b5ef474ea740ad5d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 13:36:40 -0500 Subject: [PATCH 0994/1758] bookworm armhf --- scripts/install_python2.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index ae672bf43..a04b876d0 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -74,13 +74,7 @@ EOF #rm *.deb # armhf compile flags differ between RasPiOS and Ubuntu -# libssl1.1 would be available via bullseye if/when needed - if [ -f /etc/rpi-issue ]; then - cat << EOF >> /etc/apt/sources.list.d/python2.list -deb http://raspbian.raspberrypi.org/raspbian/ bullseye main -deb http://archive.raspberrypi.org/debian/ bullseye main -EOF - else + if ! [ -f /etc/rpi-issue ]; then apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe @@ -92,5 +86,5 @@ esac apt update apt -y install python2 -rm /etc/apt/sources.list.d/python2.list +rm /etc/apt/sources.list.d/python2.list || true apt update From 6e08ff35ebbd763d4ffde111babec8fa7a49c5de Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 22:21:01 -0500 Subject: [PATCH 0995/1758] switch back to explicit dependencies --- scripts/install_python2.sh | 74 ++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 40 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index a04b876d0..61475e24c 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -7,54 +7,50 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 -apt -y install media-types +apt -y install media-types libffi8 libssl3 # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - #"amd64") - #wget http://mirrors.edge.kernel.org/ubuntu/pool/main/libf/libffi/libffi8_3.4.2-4_amd64.deb - #apt install ./libffi8_3.4.2-4_amd64.deb + "arm64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + apt install ./python2.7-minimal_2.7.18-8_arm64.deb - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + apt install ./python2.7_2.7.18-8_arm64.deb + rm *.deb + ;; - #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb - #;; + "amd64") + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #"arm64") - #wget http://ftp.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_arm64.deb - #apt install ./libffi7_3.3-6_arm64.deb + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - #apt install ./python2.7-minimal_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - #apt install ./python2.7_2.7.18-8_arm64.deb - #;; + wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + rm *.deb + ;; # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu - "arm64"|"amd64") - apt -y install libffi8 libssl3 - cat << EOF >> /etc/apt/sources.list.d/python2.list -deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe -EOF - ;; +# "arm64"|"amd64") +# apt -y install +# cat << EOF >> /etc/apt/sources.list.d/python2.list +#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +#EOF +# ;; "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb @@ -75,16 +71,14 @@ EOF # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then - apt -y install libffi8 libssl3 cat << EOF >> /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF fi + apt update + apt -y install python2 + rm /etc/apt/sources.list.d/python2.list || true + apt update ;; esac - -apt update -apt -y install python2 -rm /etc/apt/sources.list.d/python2.list || true -apt update From f95db00faf64e3e7ff11a8af2e573e404449807a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 22:34:00 -0500 Subject: [PATCH 0996/1758] switch order for easier diff --- scripts/install_python2.sh | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 61475e24c..3d8595b3b 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -13,21 +13,6 @@ apt -y install media-types libffi8 libssl3 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - "arm64") - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - apt install ./python2.7-minimal_2.7.18-8_arm64.deb - - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - apt install ./python2.7_2.7.18-8_arm64.deb - rm *.deb - ;; - "amd64") wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb @@ -43,6 +28,21 @@ case $ARCH in rm *.deb ;; + "arm64") + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + apt install ./python2.7-minimal_2.7.18-8_arm64.deb + + wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + apt install ./python2.7_2.7.18-8_arm64.deb + rm *.deb + ;; + # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu # "arm64"|"amd64") # apt -y install From e6c4170f7c817eb481dce2e53d1924b294729fb5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 23:13:25 -0500 Subject: [PATCH 0997/1758] pending feedback keyring --- scripts/install_python2.sh | 56 +++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 3d8595b3b..72c08c5ef 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -13,44 +13,44 @@ apt -y install media-types libffi8 libssl3 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - "amd64") - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #"amd64") + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb + #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb - rm *.deb + #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb + #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb + #rm *.deb ;; - "arm64") - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb + #"arm64") + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb + #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb + #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - apt install ./python2.7-minimal_2.7.18-8_arm64.deb + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb + #apt install ./python2.7-minimal_2.7.18-8_arm64.deb - wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - apt install ./python2.7_2.7.18-8_arm64.deb - rm *.deb - ;; + #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb + #apt install ./python2.7_2.7.18-8_arm64.deb + #rm *.deb + #;; # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu -# "arm64"|"amd64") -# apt -y install -# cat << EOF >> /etc/apt/sources.list.d/python2.list -#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe -#EOF -# ;; + "arm64"|"amd64") + apt -y install ubuntu-keyring + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +EOF + ;; "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb From 3aaeca991e0903457b0f33d117ad274bb9207999 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 23:18:53 -0500 Subject: [PATCH 0998/1758] using repos --- scripts/install_python2.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 72c08c5ef..3da8acb84 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -76,9 +76,10 @@ deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF fi - apt update - apt -y install python2 - rm /etc/apt/sources.list.d/python2.list || true - apt update ;; esac + +apt update +apt -y install python2 +rm /etc/apt/sources.list.d/python2.list || true +apt update From 3e10fa7bf9e4e5fb49cea41ece852dbf7c89cc1c Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Apr 2023 23:20:42 -0500 Subject: [PATCH 0999/1758] forgot a # --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 3da8acb84..083904e03 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -26,7 +26,7 @@ case $ARCH in #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb #rm *.deb - ;; + #;; #"arm64") #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb From df3590fb47d7db3568425c4c8590ef512793a6a9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 01:08:39 -0500 Subject: [PATCH 1000/1758] thoughts going forward --- roles/kalite/tasks/install.yml | 9 +++++++++ scripts/install_python2.sh | 16 +++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 6d0c8765e..674b18f03 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -20,6 +20,15 @@ when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. +#- name: Install Ubuntu keyrings on Debian +# get_url: +# url: +# dest: /etc/apt/keyrings/ +# mode: 0644 +# timeout: "{{ download_timeout }}" +# when: is_debian_12 + +# use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 083904e03..3caa3f52e 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -45,10 +45,19 @@ case $ARCH in # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu "arm64"|"amd64") - apt -y install ubuntu-keyring + #apt -y install ubuntu-keyring cat << EOF >> /etc/apt/sources.list.d/python2.list -deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +# gave 404 errors on U23.04 x86_64 VM +#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe + +# works on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe + +# keys for Debian future work maybe +#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe +#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe EOF ;; @@ -72,6 +81,7 @@ EOF # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then cat << EOF >> /etc/apt/sources.list.d/python2.list +# these might change deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF From ba2d00fd5af000ecad53c93a72895871cc01a3e2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 01:29:23 -0500 Subject: [PATCH 1001/1758] split the arm64/amd64 repos --- scripts/install_python2.sh | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 3caa3f52e..f7d119742 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -13,7 +13,7 @@ apt -y install media-types libffi8 libssl3 # `apt info libpython2.7-stdlib` cd /tmp case $ARCH in - #"amd64") + "amd64") #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb @@ -26,9 +26,14 @@ case $ARCH in #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb #rm *.deb - #;; + # works on U23.04 x86_64 VM + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe +EOF + ;; - #"arm64") + "arm64") #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb @@ -41,25 +46,21 @@ case $ARCH in #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb #apt install ./python2.7_2.7.18-8_arm64.deb #rm *.deb - #;; + # gave 404 errors on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm + cat << EOF >> /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe +EOF + ;; # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu - "arm64"|"amd64") - #apt -y install ubuntu-keyring - cat << EOF >> /etc/apt/sources.list.d/python2.list -# gave 404 errors on U23.04 x86_64 VM -#deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe -#deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe - -# works on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm -deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe -deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe - +# "arm64"|"amd64") +# cat << EOF >> /etc/apt/sources.list.d/python2.list # keys for Debian future work maybe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe -EOF - ;; +#EOF +# ;; "armhf") #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb From 1738f7c54040784e0cf33a69565fb273be9a51c0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 01:38:04 -0500 Subject: [PATCH 1002/1758] always overwrite --- scripts/install_python2.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f7d119742..f7f494b43 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -27,7 +27,7 @@ case $ARCH in #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb #rm *.deb # works on U23.04 x86_64 VM - cat << EOF >> /etc/apt/sources.list.d/python2.list + cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe EOF @@ -47,7 +47,7 @@ EOF #apt install ./python2.7_2.7.18-8_arm64.deb #rm *.deb # gave 404 errors on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm - cat << EOF >> /etc/apt/sources.list.d/python2.list + cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF @@ -55,7 +55,7 @@ EOF # trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu # "arm64"|"amd64") -# cat << EOF >> /etc/apt/sources.list.d/python2.list +# cat << EOF > /etc/apt/sources.list.d/python2.list # keys for Debian future work maybe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe #deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe @@ -81,7 +81,7 @@ EOF # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then - cat << EOF >> /etc/apt/sources.list.d/python2.list + cat << EOF > /etc/apt/sources.list.d/python2.list # these might change deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe From ca4cd1a2606cdb07c5d314ce3efc7b8c439b33e2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 01:58:41 -0500 Subject: [PATCH 1003/1758] apt export --- scripts/install_python2.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f7f494b43..a18a3d316 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -3,6 +3,7 @@ # https://packages.debian.org/bullseye/libpython2.7-stdlib # https://packages.ubuntu.com/search?keywords=libpython2.7-stdlib&searchon=names&suite=all&section=all # https://packages.ubuntu.com/jammy-updates/libpython2.7-stdlib +export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) apt -y install virtualenv From 191ba3912995239964a9a49322075587ae38bd24 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 02:28:05 -0500 Subject: [PATCH 1004/1758] seems to be always installed --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index a18a3d316..cf51e4cd3 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -8,7 +8,7 @@ ARCH=$(dpkg --print-architecture) apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 -apt -y install media-types libffi8 libssl3 +#apt -y install media-types libffi8 libssl3 # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` From fbb614b1c66c1b92c8714be6a1c6b7164fd8761e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Apr 2023 08:45:56 -0500 Subject: [PATCH 1005/1758] cleanup --- scripts/install_python2.sh | 63 ++++++++------------------------------ 1 file changed, 12 insertions(+), 51 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index cf51e4cd3..d61b125d7 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -3,6 +3,16 @@ # https://packages.debian.org/bullseye/libpython2.7-stdlib # https://packages.ubuntu.com/search?keywords=libpython2.7-stdlib&searchon=names&suite=all&section=all # https://packages.ubuntu.com/jammy-updates/libpython2.7-stdlib + +# payload to be installed: +# libpython2-stdlib +# libpython2.7-minimal +# libpython2.7-stdlib +# python2-minimal +# python2.7-minimal +# python2.7 +# python2 + export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) @@ -15,18 +25,6 @@ apt -y install virtualenv cd /tmp case $ARCH in "amd64") - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - #apt install ./libpython2.7-stdlib_2.7.18-13ubuntu2_amd64.deb - - #wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7-minimal_2.7.18-13ubuntu2_amd64.deb - - #wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python2.7/python2.7_2.7.18-13ubuntu2_amd64.deb - #apt install ./python2.7_2.7.18-13ubuntu2_amd64.deb - #rm *.deb # works on U23.04 x86_64 VM cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe @@ -35,18 +33,6 @@ EOF ;; "arm64") - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-8_arm64.deb - #apt install ./libpython2.7-minimal_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-8_arm64.deb - #apt install ./libpython2.7-stdlib_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7-minimal_2.7.18-8_arm64.deb - #apt install ./python2.7-minimal_2.7.18-8_arm64.deb - - #wget http://ftp.debian.org/debian/pool/main/p/python2.7/python2.7_2.7.18-8_arm64.deb - #apt install ./python2.7_2.7.18-8_arm64.deb - #rm *.deb # gave 404 errors on U23.04 x86_64 VM need to circle back to U23.04 arm64 and confirm cat << EOF > /etc/apt/sources.list.d/python2.list deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe @@ -54,36 +40,11 @@ deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF ;; -# trusted is used for Debian and RasPiOS as the keys would be missing for Ubuntu -# "arm64"|"amd64") -# cat << EOF > /etc/apt/sources.list.d/python2.list -# keys for Debian future work maybe -#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy main universe -#deb [signed-by=/usr/share/keyrings/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ jammy-updates main universe -#EOF -# ;; - "armhf") - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/libf/libffi/libffi7_3.3-6_armhf.deb - #apt install ./libffi7_3.3-6_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-minimal_2.7.18-13.2_armhf.deb - #apt install ./libpython2.7-minimal_2.7.18-13.2_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/libpython2.7-stdlib_2.7.18-13.2_armhf.deb - #apt install ./libpython2.7-stdlib_2.7.18-13.2_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7-minimal_2.7.18-13.2_armhf.deb - #apt install ./python2.7-minimal_2.7.18-13.2_armhf.deb - - #wget http://raspbian.raspberrypi.org/raspbian/pool/main/p/python2.7/python2.7_2.7.18-13.2_armhf.deb - #apt install ./python2.7_2.7.18-13.2_armhf.deb - #rm *.deb - -# armhf compile flags differ between RasPiOS and Ubuntu + # armhf compile flags differ between RasPiOS and Ubuntu if ! [ -f /etc/rpi-issue ]; then + # these might change cat << EOF > /etc/apt/sources.list.d/python2.list -# these might change deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe EOF From a1aaf70975c83cc7cab64935932b7ea0098f4f62 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 14 Apr 2023 08:50:23 -0500 Subject: [PATCH 1006/1758] 2210 2304 fixed https://bugs.launchpad.net/bugs/1951586 --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 6757846d3..918e66ebe 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -26,7 +26,7 @@ fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 -if [ -f /run/netplan/wpa-$IFACE.conf ]; then +if [ -f /run/netplan/wpa-$IFACE.conf ] && ! $(grep country /run/netplan/wpa-$IFACE.conf); then NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` echo "cover netplan lack of country=" From bb95816c793392a868439dd063655558b4ac5686 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 04:31:03 -0500 Subject: [PATCH 1007/1758] use country value in hostapd if present --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 918e66ebe..2370c152f 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -26,11 +26,16 @@ fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 -if [ -f /run/netplan/wpa-$IFACE.conf ] && ! $(grep country /run/netplan/wpa-$IFACE.conf); then +if [ -f /run/netplan/wpa-$IFACE.conf ] && $(grep country /run/netplan/wpa-$IFACE.conf); then + REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') + sed -i -e "s/^country.*/country=$REG_DOM/" /etc/hostapd/hostapd.conf.iiab + cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf +else NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` echo "cover netplan lack of country=" - sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry=US|' /run/netplan/wpa-$IFACE.conf + sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf + fi # IIAB hint for NetworkManager # could scrape /etc/NetworkManager/system-connections/ looking for ssid From 2f321dc0a464f2cce71809e4b4379c4176270a62 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 05:23:42 -0500 Subject: [PATCH 1008/1758] use 'iw reg get' in hostapd if present --- roles/network/tasks/sysd-netd-debian.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index f1b860d85..2be2772df 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -87,6 +87,17 @@ systemd: daemon_reload: yes +- name: Detect WiFi country code in use + command: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: discovered_wireless_iface != "none" + +- name: Set Wifi Region country code for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM }}" + when: REG_DOM is defined and REG_DOM.stdout | length > 0 + - name: Clone wifi if needed systemd: name: iiab-clone-wifi From 7845a8bddc2d7abd3ef80a04cd2cf3b3a877aea2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 05:55:50 -0500 Subject: [PATCH 1009/1758] hints for iiab-hotspot-on|off --- roles/network/templates/hostapd/iiab-hotspot-off | 4 +++- roles/network/templates/hostapd/iiab-hotspot-on | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index eb5951c6b..98fb9dbf2 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -38,6 +38,8 @@ fi echo -e "\nPlease reboot to enable upstream WiFi access.\n" exit 0 {% endif %} +#is_raspbian +{% endif %} #wifi_up_down {% endif %} -{% endif %} +#network_enabled diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 04d551774..3f809bf44 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -46,7 +46,10 @@ systemctl enable hostapd echo -e "\nPlease reboot to activate hostapd feature.\n" exit 0 {% endif %} +#is_raspbian +{% endif %} #wifi_up_down {% endif %} +#can_be_ap {% endif %} -{% endif %} +#network_enabled From 4089be6b253b237820f669e11226032f2e82125b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 08:31:52 -0500 Subject: [PATCH 1010/1758] always remove old virtual environment --- roles/calibre-web/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 36c5da0c5..3c8e4345e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -22,6 +22,11 @@ line: ' <policy domain="coder" rights="read" pattern="PDF" />' state: present +- name: Remove previous virtual environment {{ calibreweb_venv_path }} + file: + path: "{{ calibreweb_venv_path }}" + state: absent + - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: state: directory From 061a96a5adb85cd490987841ec536b2f612e26e8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 13:43:16 -0500 Subject: [PATCH 1011/1758] positional ordering --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 3c8e4345e..7ffb5a32e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -61,7 +61,7 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv_site_packages: no - virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} --system-site-packages + virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 From 3ae4627956429bf7916c4e2b97b6962312e706e3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 19:20:11 -0500 Subject: [PATCH 1012/1758] use shell --- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 2be2772df..680b8316e 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -88,14 +88,14 @@ daemon_reload: yes - name: Detect WiFi country code in use - command: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True when: discovered_wireless_iface != "none" - name: Set Wifi Region country code for hostapd when present set_fact: - host_country_code: "{{ REG_DOM }}" + host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM is defined and REG_DOM.stdout | length > 0 - name: Clone wifi if needed From e63028f8eeb3d9d711e7cf8add5c9458a81a9f22 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Apr 2023 19:38:48 -0500 Subject: [PATCH 1013/1758] record --- roles/network/tasks/restart.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 1576a2af3..074ec5086 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -14,6 +14,16 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled +- name: Record host_country_code_applied in network of iiab_ini_file + ini_file: + dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: host_country_code_applied + value: "{{ host_country_code }}" + - name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed template: owner: root From 7a31b02a6720e642baf4b76d68c4995176729503 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 17 Apr 2023 13:58:21 -0400 Subject: [PATCH 1014/1758] Allow rescue/continue if CUPS or Samba installs fail --- roles/2-common/tasks/packages.yml | 6 ++--- roles/cups/tasks/main.yml | 45 ++++++++++++++++++------------- roles/samba/tasks/main.yml | 45 ++++++++++++++++++------------- 3 files changed, 55 insertions(+), 41 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index b694a4194..ad80ef98b 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, plocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events @@ -16,12 +16,12 @@ - logrotate # 67kB download: RasPiOS installs this regardless #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles - #- mlocate # 92kB download - - plocate # 97kB download: Faster & smaller than locate & mlocate #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics + #- mlocate # 92kB download + - plocate # 97kB download: Faster & smaller than locate & mlocate #- python3-pip # 337kB download: 2023-03-22: Used to be installed by /opt/iiab/iiab/scripts/ansible -- which would auto-install 'python3-setuptools' and 'python3' etc #- python3-venv # 1188kB download: 2023-03-22: Already installed by /opt/iiab/iiab/scripts/ansible -- used by roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 no longer auto-installs 'python3-venv' when you install 'python3' - rsync # 351kB download: RasPiOS installs this regardless diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index 2c9531814..a709ac090 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -23,26 +23,33 @@ quiet: yes -- name: Install CUPS if 'cups_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: cups_installed is undefined +- block: + - name: Install CUPS if 'cups_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: cups_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'cups' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: cups + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: CUPS + - option: description + value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."' + - option: cups_install + value: "{{ cups_install }}" + - option: cups_enabled + value: "{{ cups_enabled }}" -- name: Add 'cups' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: cups - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: CUPS - - option: description - value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."' - - option: cups_install - value: "{{ cups_install }}" - - option: cups_enabled - value: "{{ cups_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index 801d725f4..12d06f2d4 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Samba if 'samba_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: samba_installed is undefined +- block: + - name: Install Samba if 'samba_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: samba_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'samba' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: samba + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Samba + - option: description + value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."' + - option: samba_install + value: "{{ samba_install }}" + - option: samba_enabled + value: "{{ samba_enabled }}" -- name: Add 'samba' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: samba - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Samba - - option: description - value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."' - - option: samba_install - value: "{{ samba_install }}" - - option: samba_enabled - value: "{{ samba_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error From f79f4c0f46cfc23b8eb8be56ffd8e241d0a0e5cd Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 18 Apr 2023 16:08:08 -0500 Subject: [PATCH 1015/1758] clearer logic --- .../templates/hostapd/iiab-test-wifi.j2 | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 2370c152f..e358d4dbb 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -26,17 +26,22 @@ fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 -if [ -f /run/netplan/wpa-$IFACE.conf ] && $(grep country /run/netplan/wpa-$IFACE.conf); then - REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') - sed -i -e "s/^country.*/country=$REG_DOM/" /etc/hostapd/hostapd.conf.iiab - cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf -else - NETPLAN=1 +if [ -f /run/netplan/wpa-$IFACE.conf ]; then SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` - echo "cover netplan lack of country=" - sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf - + REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') + if [ -z "$REG_DOM" ]; then + NETPLAN=1 + echo "cover netplan wifi client lack of country=" + sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf + else + echo "set hostapd wifi country to $REG_DOM" + if [ -f /etc/hostapd/hostapd.conf.iiab ]; then + sed -i 's|^country.*|country=$REG_DOM|' /etc/hostapd/hostapd.conf.iiab + cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf + fi + fi fi + # IIAB hint for NetworkManager # could scrape /etc/NetworkManager/system-connections/ looking for ssid if [ -f /etc/iiab/iiab.env ]; then From ff905ef5d878f830271bb0b16adf253640bf0f54 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 18 Apr 2023 23:35:43 -0500 Subject: [PATCH 1016/1758] dispatcher has a call to alter hostapd.conf --- roles/network/tasks/restart.yml | 8 ++++++++ roles/network/tasks/sysd-netd-debian.yml | 6 ------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 074ec5086..0e1ccd980 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -36,6 +36,14 @@ - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } when: can_be_ap +- name: Enable & Restart networkd-dispatcher.service + systemd: + name: networkd-dispatcher + state: restarted + enabled: yes + masked: no + when: systemd_networkd_active + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: name: hostapd diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 680b8316e..e1b73db61 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -118,9 +118,3 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service - systemd: - name: networkd-dispatcher - state: restarted - enabled: yes - masked: no From 27c3b1b9a08406e84ce27b3acb441a595c69e1c6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 18 Apr 2023 23:33:56 -0500 Subject: [PATCH 1017/1758] Just set and let the next stanza in main handle the call --- roles/network/tasks/NM-debian.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index d5dad9ffc..200911a91 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -71,8 +71,9 @@ when: wan_ip != "dhcp" - name: Use systemd-networkd to handle br0 - include_tasks: sysd-netd-debian.yml - when: iiab_lan_iface == "br0" and not systemd_networkd_active + set_fact: + systemd_networkd_active: True + when: iiab_lan_iface == "br0" - name: Reload systemd systemd: From 5341cc6ca20af8ac0522736725f550f09723d7e5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 19 Apr 2023 10:38:50 -0500 Subject: [PATCH 1018/1758] typo, use double quotes, always restart netplan wifi --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 6 +++--- roles/network/templates/hostapd/netd-disp2 | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index e358d4dbb..39ae8caa8 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -29,14 +29,14 @@ fi if [ -f /run/netplan/wpa-$IFACE.conf ]; then SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') + NETPLAN=1 if [ -z "$REG_DOM" ]; then - NETPLAN=1 echo "cover netplan wifi client lack of country=" - sed -i 's|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|' /run/netplan/wpa-$IFACE.conf + sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf else echo "set hostapd wifi country to $REG_DOM" if [ -f /etc/hostapd/hostapd.conf.iiab ]; then - sed -i 's|^country.*|country=$REG_DOM|' /etc/hostapd/hostapd.conf.iiab + sed -i "s|^country.*|country_code=$REG_DOM|" /etc/hostapd/hostapd.conf.iiab cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf fi fi diff --git a/roles/network/templates/hostapd/netd-disp2 b/roles/network/templates/hostapd/netd-disp2 index 78e258627..7b9218899 100644 --- a/roles/network/templates/hostapd/netd-disp2 +++ b/roles/network/templates/hostapd/netd-disp2 @@ -13,6 +13,9 @@ if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then systemctl stop wpa_supplicant systemctl restart hostapd systemctl start wpa_supplicant + if [ -f /run/netplan/wpa-wlan0.conf ]; then + systemctl restart netplan-wpa-wlan0.service + fi else echo "Upstream Channel greater than 13 or is the same - not changing hostapd.conf" fi From 3c3affb16a907e46e0ef32fdf8f0ac9f4a15bfb7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 19 Apr 2023 10:44:39 -0500 Subject: [PATCH 1019/1758] softcode --- roles/network/templates/hostapd/netd-disp2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/netd-disp2 b/roles/network/templates/hostapd/netd-disp2 index 7b9218899..e6a8fca72 100644 --- a/roles/network/templates/hostapd/netd-disp2 +++ b/roles/network/templates/hostapd/netd-disp2 @@ -13,8 +13,8 @@ if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then systemctl stop wpa_supplicant systemctl restart hostapd systemctl start wpa_supplicant - if [ -f /run/netplan/wpa-wlan0.conf ]; then - systemctl restart netplan-wpa-wlan0.service + if [ -f /run/netplan/wpa-$IFACE.conf ]; then + systemctl restart netplan-wpa-$IFACE.service fi else echo "Upstream Channel greater than 13 or is the same - not changing hostapd.conf" From b286d9d6e940195d7d6dbc58479d0a98489c5ed8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 19 Apr 2023 10:46:45 -0500 Subject: [PATCH 1020/1758] easier diff --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 39ae8caa8..205f77fc7 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -27,9 +27,9 @@ fi # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 if [ -f /run/netplan/wpa-$IFACE.conf ]; then + NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') - NETPLAN=1 if [ -z "$REG_DOM" ]; then echo "cover netplan wifi client lack of country=" sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf From d831f057692c82b4da7c0185178126d83b59427d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 20 Apr 2023 10:02:34 -0500 Subject: [PATCH 1021/1758] NM ssid detection --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 205f77fc7..c3a49a847 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -22,10 +22,10 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` fi -# covers netplan's bugs workaround # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 # https://bugs.launchpad.net/netplan/+bug/1951586 # WiFi country code progress on arm64 OS's discussed on #3078 +# covers netplan systemd use on server with bug workarounds if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` @@ -50,8 +50,14 @@ if [ -f /etc/iiab/iiab.env ]; then SSID=$CLIENT_SSID fi fi + +# NetworkManager +if [[ $SSID == "NA" ]]; then + SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) +fi echo "ssid is $SSID" -if [[ $SSID == "" ]] || [[ $SSID == "NA" ]]; then + +if [[ $SSID == "" ]]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" From 908c8f495136c19e7f420bddea6265b95c52d27d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 20 Apr 2023 10:43:18 -0500 Subject: [PATCH 1022/1758] tighten up when to install ap0 file --- roles/network/tasks/NM-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 200911a91..9cb2cf1db 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -22,7 +22,7 @@ dest: /etc/NetworkManager/conf.d/ap0-manage.conf src: network/ap0-manage.conf mode: 0644 - when: wifi_up_down + when: discovered_wireless_iface != "none" and wifi_up_down - name: Copy manage.conf for NetworkManager when wifi_up_down False template: From 4fe56e787efbaa120aa1c1be2b9f2447ab72773f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 20 Apr 2023 10:43:55 -0500 Subject: [PATCH 1023/1758] tighten up when to run wifi detection --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 3df0f2c36..7f5bd34a4 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -12,7 +12,7 @@ - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel - when: discovered_wireless_iface != "none" + when: has_wifi_gateway is defined - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: From 8aaa459d9c7bd29d8bae6dbfb334b982b602998a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 20 Apr 2023 12:56:14 -0500 Subject: [PATCH 1024/1758] restarting seems excessive just use start --- roles/network/templates/network/dnsmasq.sh.j2 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/network/dnsmasq.sh.j2 b/roles/network/templates/network/dnsmasq.sh.j2 index 00df42bf3..6a7f7179a 100755 --- a/roles/network/templates/network/dnsmasq.sh.j2 +++ b/roles/network/templates/network/dnsmasq.sh.j2 @@ -1,7 +1,6 @@ #!/bin/bash if [ "$IFACE" == "{{ iiab_lan_iface }}" ]; then - echo "Restarting dnsmasq in 5 seconds" - /bin/sleep 5 && /bin/systemctl --no-block restart dnsmasq.service - echo "Restarted dnsmasq" + /bin/systemctl --no-block start dnsmasq.service + echo "Started dnsmasq" fi From 07a63f3b8a57e5d7633ae637a4fca5e4a8861ce7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 09:59:29 -0400 Subject: [PATCH 1025/1758] Tighten up templates/hostapd/iiab-hotspot-off just a bit? --- roles/network/templates/hostapd/iiab-hotspot-off | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 98fb9dbf2..0b917b4df 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -11,13 +11,11 @@ systemctl disable iiab-clone-wifi.service systemctl disable iiab-wifi-test.service systemctl stop iiab-clone-wifi.service echo " IIAB hotspot access point Disabled" -exit 0 +#exit 0 {% else %} {% if is_raspbian %} # hotspot-off before ap0_updown sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf -systemctl disable hostapd -systemctl stop hostapd #systemctl disable dnsmasq #systemctl stop dnsmasq systemctl daemon-reload @@ -35,8 +33,8 @@ systemctl restart dhcpcd if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf fi -echo -e "\nPlease reboot to enable upstream WiFi access.\n" -exit 0 +echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" +#exit 0 {% endif %} #is_raspbian {% endif %} From d1a7ab2b74adaf09599e726ec5e23d27d43ff155 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 10:03:57 -0400 Subject: [PATCH 1026/1758] Tighten up templates/hostapd/iiab-hotspot-on just a bit? --- roles/network/templates/hostapd/iiab-hotspot-on | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 3f809bf44..bd7c4fa0e 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -14,8 +14,7 @@ sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} systemctl enable iiab-clone-wifi.service systemctl enable hostapd systemctl enable iiab-wifi-test.service -echo -e "\nPlease reboot to activate hostapd feature.\n" -exit 0 +#exit 0 {% else %} {% if is_raspbian %} # just do what we have always done in hotspot-on @@ -38,13 +37,12 @@ systemctl start dnsmasq # ip link set dev wlan0 promisc off #fi {% else %} -#ubuntu +#ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then sed -i -e "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf fi systemctl enable hostapd -echo -e "\nPlease reboot to activate hostapd feature.\n" -exit 0 +#exit 0 {% endif %} #is_raspbian {% endif %} @@ -53,3 +51,5 @@ exit 0 #can_be_ap {% endif %} #network_enabled + +echo -e "\nPlease reboot to activate hostapd feature.\n" From cdc77b121ccda228401de111edf9b404cc1dbaa8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 10:06:54 -0400 Subject: [PATCH 1027/1758] Clarifying templates/hostapd/iiab-hotspot-off ? --- roles/network/templates/hostapd/iiab-hotspot-off | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 0b917b4df..e59c18ebe 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -13,6 +13,7 @@ systemctl stop iiab-clone-wifi.service echo " IIAB hotspot access point Disabled" #exit 0 {% else %} +echo " IIAB hotspot access point Disabled" {% if is_raspbian %} # hotspot-off before ap0_updown sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf @@ -29,7 +30,7 @@ systemctl restart dhcpcd # ip link set dev wlan0 promisc on #fi {% else %} -#ubuntu +#ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf fi From 319b75fe7d30083d58ff28ab6c1e61a9552533e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 11:50:04 -0400 Subject: [PATCH 1028/1758] iiab-hotspot-off: sed "-e" flag optional --- roles/network/templates/hostapd/iiab-hotspot-off | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index e59c18ebe..25a5053be 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -3,7 +3,7 @@ echo -e "Networking role disabled\n" echo -e "For details, see: https://github.com/iiab/iiab/pull/3302\n" {% else %} -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} +sed -i "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} systemctl disable hostapd systemctl stop hostapd {% if wifi_up_down %} @@ -16,7 +16,7 @@ echo " IIAB hotspot access point Disabled" echo " IIAB hotspot access point Disabled" {% if is_raspbian %} # hotspot-off before ap0_updown -sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf +sed -i "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf #systemctl disable dnsmasq #systemctl stop dnsmasq systemctl daemon-reload @@ -32,7 +32,7 @@ systemctl restart dhcpcd {% else %} #ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then - sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf + sed -i "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf fi echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" #exit 0 From 9ed5cd53c7aa020f75332a2cd8e69d9e1516e719 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Apr 2023 11:50:51 -0400 Subject: [PATCH 1029/1758] iiab-hotspot-on: sed "-e" flag optional --- roles/network/templates/hostapd/iiab-hotspot-on | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index bd7c4fa0e..03ca2d4ae 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -9,7 +9,7 @@ echo -e "If you add Wi-Fi hardware, run 'cd /opt/iiab/iiab' then 'sudo ./iiab-ne echo -e "For details, see: https://github.com/iiab/iiab/pull/3179\n" exit 1 {% else %} -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} +sed -i "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} systemctl enable iiab-clone-wifi.service systemctl enable hostapd @@ -19,7 +19,7 @@ systemctl enable iiab-wifi-test.service {% if is_raspbian %} # just do what we have always done in hotspot-on cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf -sed -i -e "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf +sed -i "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf # shut down wlan0 in case connected to network ip link set wlan0 down systemctl enable hostapd @@ -39,7 +39,7 @@ systemctl start dnsmasq {% else %} #ubuntu (or Mint, or pure Debian?) if [ -f /etc/NetworkManager/conf.d/wifi-manage.conf ]; then - sed -i -e "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf + sed -i "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf fi systemctl enable hostapd #exit 0 From 262ca468e977740764b0a0fc26dfa496c687c124 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 22 Apr 2023 22:05:01 -0500 Subject: [PATCH 1030/1758] tighten up when to run wifi detection more --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 7f5bd34a4..e46f810b9 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -12,7 +12,7 @@ - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel - when: has_wifi_gateway is defined + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: From 0c037b276305621f19fbd5cd6abd72dad90c1f41 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 01:24:20 -0500 Subject: [PATCH 1031/1758] \[], echo, run netplan restart sooner, NM wait, move hostapd restart --- .../templates/hostapd/iiab-test-wifi.j2 | 37 +++++++++++-------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index c3a49a847..50f34fae2 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -9,11 +9,13 @@ SSID="NA" # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then + echo "systemd-network" SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` fi -# covers raspbian +# covers stock raspbian if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then + echo "RasPiOS" RASPBIAN=1 if /usr/sbin/rfkill list wifi | grep -q "Soft blocked: yes" ; then echo "unblocking WiFi" @@ -28,10 +30,11 @@ fi # covers netplan systemd use on server with bug workarounds if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 + echo "Netplan systemd" SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') if [ -z "$REG_DOM" ]; then - echo "cover netplan wifi client lack of country=" + echo "cover netplan wifi client lack of country= setting to {{ host_country_code }}" sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf else echo "set hostapd wifi country to $REG_DOM" @@ -52,12 +55,14 @@ if [ -f /etc/iiab/iiab.env ]; then fi # NetworkManager -if [[ $SSID == "NA" ]]; then +if [ $SSID == "NA" ] && [ ! -z $(pgrep NetworkManager) ]; then + echo "NetworkManager" + sleep 15 SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) fi echo "ssid is $SSID" -if [[ $SSID == "" ]]; then +if [ $SSID == "" ]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" @@ -76,14 +81,23 @@ for result in $FREQ; do echo "channel $result is 5Ghz - ignoring" fi done + echo "Using $FREQ2 for $SSID" -if [[ $FREQ2 == "" ]]; then + +if [ $NETPLAN -eq 1 ]; then + echo "Netplan2" + # This is more of a netplan workaround should go away. + /bin/systemctl restart netplan-wpa-$IFACE.service +fi + +if [ $FREQ2 == "" ]; then echo "Couldn't find frequency to use exiting" if [ $NETPLAN -eq 1 ]; then - echo "Netplan2" + echo "Netplan3" fi exit 0 fi + # ubuntu on boot exits at this point timing - issue with wpa_cli and scanning CHAN=$(($FREQ2 - 2407 )) CHAN=$(($CHAN / 5 )) @@ -94,14 +108,7 @@ if [ $CHAN -ne $HOSTAPD ]; then echo "Editing Hostapd for channel $CHAN" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf + /bin/systemctl --no-block restart hostapd fi -systemctl stop wpa_supplicant -systemctl stop hostapd -systemctl start hostapd -systemctl start wpa_supplicant -if [ $NETPLAN -eq 1 ]; then - echo "Netplan3" - # This is more of a netplan workaround should go away. - systemctl restart netplan-wpa-$IFACE.service -fi + exit 0 From b17cab4794c3189decab7deb35d7dd7186a7a948 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 01:25:24 -0500 Subject: [PATCH 1032/1758] run after NM and netplan --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 682680a07..6f86b7e34 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -2,11 +2,11 @@ Description=IIAB find channel freq for ssid After=wpa_supplicant.service Wants=wpa_supplicant.service +After=NetworkManager.service +After=netplan-wpa-{{ discovered_wireless_iface }}.service Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service -Before=NetworkManager.service -Before=netplan-wpa-{{ discovered_wireless_iface }}.service Before=network.target [Service] From 472fdfd1527aae807fed80544fe30b382b5f00d6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 01:59:52 -0500 Subject: [PATCH 1033/1758] style --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 50f34fae2..5b90cd691 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -62,7 +62,7 @@ if [ $SSID == "NA" ] && [ ! -z $(pgrep NetworkManager) ]; then fi echo "ssid is $SSID" -if [ $SSID == "" ]; then +if [ -z $SSID ]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" @@ -90,7 +90,7 @@ if [ $NETPLAN -eq 1 ]; then /bin/systemctl restart netplan-wpa-$IFACE.service fi -if [ $FREQ2 == "" ]; then +if [ -z $FREQ2 ]; then echo "Couldn't find frequency to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan3" @@ -109,6 +109,7 @@ if [ $CHAN -ne $HOSTAPD ]; then cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf /bin/systemctl --no-block restart hostapd + echo "Restarted hostapd" fi exit 0 From a6cd9ded51d1e0233a06c4b2581e6fff4c7e0198 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 02:03:16 -0500 Subject: [PATCH 1034/1758] replace backtics --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 5b90cd691..0b92ca259 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -10,7 +10,7 @@ SSID="NA" # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then echo "systemd-network" - SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` + SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi # covers stock raspbian @@ -21,7 +21,7 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then echo "unblocking WiFi" rfkill unblock wifi fi - SSID=`grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` + SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi # https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1862760 @@ -31,7 +31,7 @@ fi if [ -f /run/netplan/wpa-$IFACE.conf ]; then NETPLAN=1 echo "Netplan systemd" - SSID=`grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//` + SSID=$(grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') if [ -z "$REG_DOM" ]; then echo "cover netplan wifi client lack of country= setting to {{ host_country_code }}" @@ -71,7 +71,7 @@ if [ -z $SSID ]; then fi wpa_cli -i $IFACE scan > /dev/null sleep 2 -FREQ=`wpa_cli -i $IFACE scan_results | grep $SSID | awk '{print $2}'` +FREQ=$(wpa_cli -i $IFACE scan_results | grep $SSID | awk '{print $2}') for result in $FREQ; do echo "frequency is $result for $SSID" if [ $result -lt 2485 ] && [ $result -gt 2407 ]; then @@ -102,7 +102,7 @@ fi CHAN=$(($FREQ2 - 2407 )) CHAN=$(($CHAN / 5 )) echo "channel is $CHAN for $SSID" -HOSTAPD=`grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` +HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" if [ $CHAN -ne $HOSTAPD ]; then echo "Editing Hostapd for channel $CHAN" From d7d6404c534d2314e6e62681b4079ab505da6c2b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 08:02:57 -0500 Subject: [PATCH 1035/1758] tighten up country code detection --- roles/network/tasks/rpi_debian.yml | 2 ++ roles/network/tasks/sysd-netd-debian.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 4dbcd97ee..29b6e0591 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -39,6 +39,7 @@ shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' register: country_code ignore_errors: True + when: wifi_up_down and can_be_ap - name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf set_fact: @@ -52,6 +53,7 @@ line: country={{ host_country_code }} when: country_code is defined and country_code.stdout | length == 0 +# This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill shell: rfkill unblock 0 ignore_errors: True diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index e1b73db61..6051971b9 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -91,7 +91,7 @@ shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True - when: discovered_wireless_iface != "none" + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Set Wifi Region country code for hostapd when present set_fact: From 348974be6fab3b0a11b986a3da98f7c3437a48a4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 08:21:09 -0500 Subject: [PATCH 1036/1758] stdout country code detection --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 6051971b9..5f66db11c 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -96,7 +96,7 @@ - name: Set Wifi Region country code for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM is defined and REG_DOM.stdout | length > 0 + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - name: Clone wifi if needed systemd: From a49a0680d35c3530919363f25c20a94d069d3c58 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 12:23:33 -0500 Subject: [PATCH 1037/1758] drop NA --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 0b92ca259..b312867c2 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -2,7 +2,7 @@ IFACE={{ discovered_wireless_iface }} RASPBIAN=0 NETPLAN=0 -SSID="NA" +SSID="" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. None # of the backends that use wpa_supplicant should be active yet based on the Before= After= lines # in the iiab-wifi-test.service unit file. @@ -55,7 +55,7 @@ if [ -f /etc/iiab/iiab.env ]; then fi # NetworkManager -if [ $SSID == "NA" ] && [ ! -z $(pgrep NetworkManager) ]; then +if [ -z $SSID ] && [ ! -z $(pgrep NetworkManager) ]; then echo "NetworkManager" sleep 15 SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) From c49adcf39596b7b39f673c24db605fd9837e3537 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 13:53:05 -0500 Subject: [PATCH 1038/1758] borrow some bits from iiab-clone-wifi --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 6f86b7e34..4b3a5472c 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,5 +1,9 @@ [Unit] Description=IIAB find channel freq for ssid +Requires=network-pre.target +BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=iiab-clone-wifi.service After=wpa_supplicant.service Wants=wpa_supplicant.service After=NetworkManager.service From bc4850a09c1d8544fbfa81d939d0543566d408dc Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 13:55:37 -0500 Subject: [PATCH 1039/1758] RasPiOS could be running NM backend, test if dhcpcd is running, drop rfkill --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index b312867c2..2fc85a962 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -3,9 +3,12 @@ IFACE={{ discovered_wireless_iface }} RASPBIAN=0 NETPLAN=0 SSID="" -# when we get here br0 should be available and dbus wpa_supplicant was started if enabled. None -# of the backends that use wpa_supplicant should be active yet based on the Before= After= lines -# in the iiab-wifi-test.service unit file. +# when we get here br0 should be available and dbus wpa_supplicant was started if enabled. Some +# of the backends that use wpa_supplicant should be active based on the Before= After= lines in +# the iiab-wifi-test.service unit file. + +echo "iiab-test-wifi called" +echo "running pid $$" # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then @@ -14,13 +17,9 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then fi # covers stock raspbian -if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ]; then +if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ ! -z $(pgrep dhcpcd) ]; then echo "RasPiOS" RASPBIAN=1 - if /usr/sbin/rfkill list wifi | grep -q "Soft blocked: yes" ; then - echo "unblocking WiFi" - rfkill unblock wifi - fi SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi From cf67d4c9d775861dd475db877defa808b42a6932 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 14:56:10 -0500 Subject: [PATCH 1040/1758] netplan-systemd staging --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 4b3a5472c..23223c854 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -3,6 +3,8 @@ Description=IIAB find channel freq for ssid Requires=network-pre.target BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +After=network-pre.target + After=iiab-clone-wifi.service After=wpa_supplicant.service Wants=wpa_supplicant.service @@ -11,7 +13,6 @@ After=netplan-wpa-{{ discovered_wireless_iface }}.service Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service -Before=network.target [Service] Type=oneshot From ef6486b09b929c863af4f2d3830c775e8a638f67 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 23 Apr 2023 16:11:03 -0500 Subject: [PATCH 1041/1758] grouping, recording, staging --- roles/network/tasks/computed_services.yml | 19 ----------- roles/network/tasks/hostapd.yml | 40 +++++++++++++++++++++++ roles/network/tasks/main.yml | 5 +-- roles/network/tasks/restart.yml | 10 ------ roles/network/tasks/sysd-netd-debian.yml | 11 ------- 5 files changed, 43 insertions(+), 42 deletions(-) diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 9527ed7d3..2a113ce15 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -81,22 +81,3 @@ value: "{{ dnsmasq_enabled }}" - option: no_net_restart value: "{{ no_net_restart }}" - - option: hostapd_enabled - value: "{{ hostapd_enabled }}" - - option: host_ssid - value: "{{ host_ssid }}" - - option: host_wifi_mode - value: "{{ host_wifi_mode }}" - - option: host_channel - value: "{{ host_channel }}" - -- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} - ini_file: - dest: "{{ iiab_ini_file }}" - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index e46f810b9..7f732f73f 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,6 +9,17 @@ enabled: no when: not hostapd_enabled +- name: Detect WiFi country code in use + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set Wifi Region country code for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel @@ -88,3 +99,32 @@ regexp: '^HOSTAPD_ENABLED=*' line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}' state: present + +- name: Record host_country_code_applied and host_channel in network of {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: hostapd_enabled + value: "{{ hostapd_enabled }}" + - option: host_ssid + value: "{{ host_ssid }}" + - option: host_wifi_mode + value: "{{ host_wifi_mode }}" + - option: host_country_code_applied + value: "{{ host_country_code }}" + - option: host_channel + value: "{{ host_channel }}" + +- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: client_wifi_channel + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index f00939911..9e2954892 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -61,8 +61,6 @@ # when: squid_install and FQDN_changed and iiab_stage|int == 9 #### Start services - - name: hostapd - include_tasks: hostapd.yml - name: computed_services include_tasks: computed_services.yml - name: enable_services @@ -94,6 +92,9 @@ #when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 #### end network layout + - name: hostapd + include_tasks: hostapd.yml + - name: Restart services include_tasks: restart.yml diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 0e1ccd980..0d33f210f 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -14,16 +14,6 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled -- name: Record host_country_code_applied in network of iiab_ini_file - ini_file: - dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: host_country_code_applied - value: "{{ host_country_code }}" - - name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed template: owner: root diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 5f66db11c..1681f6cf7 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -87,17 +87,6 @@ systemd: daemon_reload: yes -- name: Detect WiFi country code in use - shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" - register: REG_DOM - ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - -- name: Set Wifi Region country code for hostapd when present - set_fact: - host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - - name: Clone wifi if needed systemd: name: iiab-clone-wifi From d738fdc1efe5140358ed0f89be2dcb65bb14a8d5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 01:10:03 -0500 Subject: [PATCH 1042/1758] use dash in place of bash, drop last bashism --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 2fc85a962..cbebb3439 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh IFACE={{ discovered_wireless_iface }} RASPBIAN=0 NETPLAN=0 @@ -44,15 +44,6 @@ if [ -f /run/netplan/wpa-$IFACE.conf ]; then fi fi -# IIAB hint for NetworkManager -# could scrape /etc/NetworkManager/system-connections/ looking for ssid -if [ -f /etc/iiab/iiab.env ]; then - source /etc/iiab/iiab.env - if [ ! -z $CLIENT_SSID ]; then - SSID=$CLIENT_SSID - fi -fi - # NetworkManager if [ -z $SSID ] && [ ! -z $(pgrep NetworkManager) ]; then echo "NetworkManager" From 995bc6308bbc76de5ae29d029b358df1e6ec747a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 01:12:37 -0500 Subject: [PATCH 1043/1758] drop unused assignment --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index cbebb3439..6693090ae 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -19,7 +19,6 @@ fi # covers stock raspbian if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ ! -z $(pgrep dhcpcd) ]; then echo "RasPiOS" - RASPBIAN=1 SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi From cb86366b134d016ff7ebec29fc8e3031bba9f7f3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 01:38:56 -0500 Subject: [PATCH 1044/1758] shellcheck --- .../templates/hostapd/iiab-test-wifi.j2 | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 6693090ae..948c8bd2a 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -1,6 +1,5 @@ #!/bin/sh IFACE={{ discovered_wireless_iface }} -RASPBIAN=0 NETPLAN=0 SSID="" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. Some @@ -17,7 +16,7 @@ if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then fi # covers stock raspbian -if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ ! -z $(pgrep dhcpcd) ]; then +if [ -f /etc/wpa_supplicant/wpa_supplicant.conf ] && [ -n "$(pgrep dhcpcd)" ]; then echo "RasPiOS" SSID=$(grep ssid /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) fi @@ -44,14 +43,14 @@ if [ -f /run/netplan/wpa-$IFACE.conf ]; then fi # NetworkManager -if [ -z $SSID ] && [ ! -z $(pgrep NetworkManager) ]; then +if [ -z "$SSID" ] && [ -n "$(pgrep NetworkManager)" ]; then echo "NetworkManager" sleep 15 SSID=$(iw $IFACE info | grep ssid | awk '{print $2}' ) fi echo "ssid is $SSID" -if [ -z $SSID ]; then +if [ -z "$SSID" ]; then echo "Couldn't find ssid $SSID to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan1" @@ -60,10 +59,10 @@ if [ -z $SSID ]; then fi wpa_cli -i $IFACE scan > /dev/null sleep 2 -FREQ=$(wpa_cli -i $IFACE scan_results | grep $SSID | awk '{print $2}') +FREQ=$(wpa_cli -i $IFACE scan_results | grep "$SSID" | awk '{print $2}') for result in $FREQ; do echo "frequency is $result for $SSID" - if [ $result -lt 2485 ] && [ $result -gt 2407 ]; then + if [ "$result" -lt 2485 ] && [ "$result" -gt 2407 ]; then FREQ2=$result break else @@ -79,7 +78,7 @@ if [ $NETPLAN -eq 1 ]; then /bin/systemctl restart netplan-wpa-$IFACE.service fi -if [ -z $FREQ2 ]; then +if [ -z "$FREQ2" ]; then echo "Couldn't find frequency to use exiting" if [ $NETPLAN -eq 1 ]; then echo "Netplan3" @@ -88,12 +87,12 @@ if [ -z $FREQ2 ]; then fi # ubuntu on boot exits at this point timing - issue with wpa_cli and scanning -CHAN=$(($FREQ2 - 2407 )) -CHAN=$(($CHAN / 5 )) +CHAN=$((FREQ2 - 2407 )) +CHAN=$((CHAN / 5 )) echo "channel is $CHAN for $SSID" HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" -if [ $CHAN -ne $HOSTAPD ]; then +if [ "$CHAN" -ne "$HOSTAPD" ]; then echo "Editing Hostapd for channel $CHAN" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf From 04ce0a9d7fb9cf7ec45e64f1be25b27f1cc2f2c4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 09:17:07 -0500 Subject: [PATCH 1045/1758] netplan2 --- .../templates/hostapd/iiab-test-wifi.j2 | 29 ++++++++++++++----- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 948c8bd2a..2df652560 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -5,6 +5,7 @@ SSID="" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. Some # of the backends that use wpa_supplicant should be active based on the Before= After= lines in # the iiab-wifi-test.service unit file. +# https://github.com/iiab/iiab/pull/3542#issuecomment-1519647266 echo "iiab-test-wifi called" echo "running pid $$" @@ -31,6 +32,7 @@ if [ -f /run/netplan/wpa-$IFACE.conf ]; then SSID=$(grep ssid /run/netplan/wpa-$IFACE.conf | awk -F = '{print $2}' | sed -r s/\"// | sed -r s/\"//) REG_DOM=$(grep country /run/netplan/wpa-$IFACE.conf | awk -F = '{ print $2 }') if [ -z "$REG_DOM" ]; then + NETPLAN=2 echo "cover netplan wifi client lack of country= setting to {{ host_country_code }}" sed -i "s|ctrl_interface=/run/wpa_supplicant|&\ncountry={{ host_country_code }}|" /run/netplan/wpa-$IFACE.conf else @@ -52,11 +54,28 @@ echo "ssid is $SSID" if [ -z "$SSID" ]; then echo "Couldn't find ssid $SSID to use exiting" - if [ $NETPLAN -eq 1 ]; then + if [ $NETPLAN -gt 0 ]; then echo "Netplan1" fi exit 0 fi + +if [ $NETPLAN -gt 0 ]; then + echo "Netplan2" + wpa_processes=$(ps -A | grep wpa_supplicant | wc -l) + if [ $wpa_processes -eq 1 ]; then + # This is more of a netplan workaround should go away. + echo "Starting netplan wifi" + NETPLAN=2 + else + echo "Restarting netplan wifi" + fi + # This one handles the changing of the country code from above + if [ $NETPLAN -eq 2 ]; then + /bin/systemctl restart netplan-wpa-$IFACE.service + sleep 2 + fi +fi wpa_cli -i $IFACE scan > /dev/null sleep 2 FREQ=$(wpa_cli -i $IFACE scan_results | grep "$SSID" | awk '{print $2}') @@ -72,15 +91,9 @@ done echo "Using $FREQ2 for $SSID" -if [ $NETPLAN -eq 1 ]; then - echo "Netplan2" - # This is more of a netplan workaround should go away. - /bin/systemctl restart netplan-wpa-$IFACE.service -fi - if [ -z "$FREQ2" ]; then echo "Couldn't find frequency to use exiting" - if [ $NETPLAN -eq 1 ]; then + if [ $NETPLAN -gt 0 ]; then echo "Netplan3" fi exit 0 From e1722645c5e516326edee6e1103c9240b0de9437 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 10:25:46 -0500 Subject: [PATCH 1046/1758] shellcheck and whitespace --- scripts/ansible | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 377203480..fa92cae32 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -96,7 +96,7 @@ echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" -if [ $(command -v ansible) ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" +if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ") # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: #CURR_VER=$(ansible --version | head -1 | awk '{print $2}') @@ -201,14 +201,13 @@ $APT_PATH/apt -y install python3-venv # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask # that virtual environments (venv) be used to safely isolate pip installs: -# https://peps.python.org/pep-0668 +# https://peps.python.org/pep-0668 echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" -cd /usr/local/ansible/bin -for bin in $(ls ansible*); do - ln -sf /usr/local/ansible/bin/$bin /usr/local/bin/$bin +for bin in /usr/local/ansible/bin/ansible*; do + ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" done # (Re)running collection installs appears safe, with --force-with-deps to force From 544a1f29598f0a1bfaab49ea3b67a15c65c0e92d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 10:34:54 -0500 Subject: [PATCH 1047/1758] https://github.com/iiab/iiab/issues/3547 --- scripts/ansible | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index fa92cae32..76a00b777 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -204,6 +204,12 @@ $APT_PATH/apt -y install python3-venv # https://peps.python.org/pep-0668 echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible + +# Same detection as local_facts.fact https://github.com/iiab/iiab/issues/3547 +if [ -f /etc/rpi-issue ] && [ "$(dpkg --print-architecture)" = armhfp ]; then + /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 +fi + /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" for bin in /usr/local/ansible/bin/ansible*; do From a17103f14fc8006daa26cbcc0d987c0a53fd874b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:46:24 +0100 Subject: [PATCH 1048/1758] Explain & lint templates/hostapd/iiab-test-wifi.j2 --- adm-run-roles-tmp.yml | 15 +++++++++++++++ .../templates/hostapd/iiab-test-wifi.j2 | 19 +++++++++++++++---- 2 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 adm-run-roles-tmp.yml diff --git a/adm-run-roles-tmp.yml b/adm-run-roles-tmp.yml new file mode 100644 index 000000000..8f6888707 --- /dev/null +++ b/adm-run-roles-tmp.yml @@ -0,0 +1,15 @@ +--- +- hosts: all + become: yes + + vars_files: + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml + + roles: + - { role: 0-init } + - { role: captiveportal } + - { role: lokole } + - { role: network } diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 948c8bd2a..1fe9d09ff 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -1,4 +1,17 @@ #!/bin/sh + +# 2023-04-24 PR #3542 / PR #3549 context: +# "systemd-network" "RasPiOS" have files with the client wifi info within them, +# those can be parsed for the ssid without needing the related service running +# first. +# "Netplan systemd" "NetworkManager" need to be running to be able to parse for +# the ssid, from the generated config file for "Netplan systemd" and from the +# running environment for "NetworkManager". +# "iiab-wifi-test.service" acts as a bit of a traffic cop keeping the ordering +# of the services more deterministic when active and tries to catch a channel +# mismatch between client wifi's current setting and what is contained within +# hostapd.conf early in the boot process. + IFACE={{ discovered_wireless_iface }} NETPLAN=0 SSID="" @@ -87,8 +100,8 @@ if [ -z "$FREQ2" ]; then fi # ubuntu on boot exits at this point timing - issue with wpa_cli and scanning -CHAN=$((FREQ2 - 2407 )) -CHAN=$((CHAN / 5 )) +CHAN=$((FREQ2 - 2407)) +CHAN=$((CHAN / 5)) echo "channel is $CHAN for $SSID" HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" @@ -99,5 +112,3 @@ if [ "$CHAN" -ne "$HOSTAPD" ]; then /bin/systemctl --no-block restart hostapd echo "Restarted hostapd" fi - -exit 0 From 78c22d3df58ac39abb5ec66bdc937c2b77d60611 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 24 Apr 2023 13:07:24 -0400 Subject: [PATCH 1049/1758] scripts/ansible: 2.14.5, cryptography==40.0.1 on armhf, for-loop fix --- scripts/ansible | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 76a00b777..ed368d1e6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.4] -GOOD_VER=2.14.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.5] +GOOD_VER=2.14.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -205,14 +205,21 @@ $APT_PATH/apt -y install python3-venv echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible -# Same detection as local_facts.fact https://github.com/iiab/iiab/issues/3547 -if [ -f /etc/rpi-issue ] && [ "$(dpkg --print-architecture)" = armhfp ]; then +# "if not ubuntu" (covers RasPiOC & Debian) would also work, but is overbroad: +# if ! grep -qi ubuntu /etc/os-release; then +# +# if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then +# +# 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. +# Release problems chart: https://www.piwheels.org/project/cryptography/ +if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" -for bin in /usr/local/ansible/bin/ansible*; do +cd /usr/local/ansible/bin +for bin in ansible*; do ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" done From 78603de7e6e3b1b99395f039b97c7da1ab937c5e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 12:23:56 -0500 Subject: [PATCH 1050/1758] capture running code --- .../templates/hostapd/iiab-test-wifi.j2 | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index 2df652560..25c61b3a2 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -61,21 +61,25 @@ if [ -z "$SSID" ]; then fi if [ $NETPLAN -gt 0 ]; then - echo "Netplan2" - wpa_processes=$(ps -A | grep wpa_supplicant | wc -l) - if [ $wpa_processes -eq 1 ]; then + echo "Netplan2 sleep 10" + sleep 10 + wifi_processes=$(ps -A | grep wpa_supplicant | wc -l) + if [ $wifi_processes -eq 1 ]; then # This is more of a netplan workaround should go away. - echo "Starting netplan wifi" + echo "Problem - Now Starting netplan wifi" NETPLAN=2 else - echo "Restarting netplan wifi" + echo "Not Restarting netplan wifi sleep 20" + sleep 20 fi # This one handles the changing of the country code from above if [ $NETPLAN -eq 2 ]; then - /bin/systemctl restart netplan-wpa-$IFACE.service - sleep 2 + echo "Restarting netplan-wpa-$IFACE sleep 20" + /bin/systemctl --no-block restart netplan-wpa-$IFACE.service + sleep 20 fi fi +sleep 10 wpa_cli -i $IFACE scan > /dev/null sleep 2 FREQ=$(wpa_cli -i $IFACE scan_results | grep "$SSID" | awk '{print $2}') @@ -99,9 +103,8 @@ if [ -z "$FREQ2" ]; then exit 0 fi -# ubuntu on boot exits at this point timing - issue with wpa_cli and scanning -CHAN=$((FREQ2 - 2407 )) -CHAN=$((CHAN / 5 )) +CHAN=$((FREQ2 - 2407)) +CHAN=$((CHAN / 5)) echo "channel is $CHAN for $SSID" HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" @@ -112,5 +115,3 @@ if [ "$CHAN" -ne "$HOSTAPD" ]; then /bin/systemctl --no-block restart hostapd echo "Restarted hostapd" fi - -exit 0 From ba9e9ee01ae133a6d17125e5c7e4bebd29b3e821 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 12:27:00 -0500 Subject: [PATCH 1051/1758] capture running service --- .../templates/hostapd/iiab-wifi-test.service.j2 | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 23223c854..8d99e4a85 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,16 +1,10 @@ [Unit] Description=IIAB find channel freq for ssid -Requires=network-pre.target -BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=network-pre.target - -After=iiab-clone-wifi.service -After=wpa_supplicant.service -Wants=wpa_supplicant.service +Requisite=sys-subsystem-net-devices-wlan0.device +Requisite=iiab-clone-wifi.service +Requisite=wpa_supplicant.service After=NetworkManager.service After=netplan-wpa-{{ discovered_wireless_iface }}.service -Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service From 088537b9b86b117d7529249cc09af66100744166 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 12:42:16 -0500 Subject: [PATCH 1052/1758] clean up netd-disp2 --- roles/network/templates/hostapd/netd-disp2 | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/roles/network/templates/hostapd/netd-disp2 b/roles/network/templates/hostapd/netd-disp2 index e6a8fca72..2e39b26c2 100644 --- a/roles/network/templates/hostapd/netd-disp2 +++ b/roles/network/templates/hostapd/netd-disp2 @@ -2,20 +2,15 @@ if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then echo "NET-DISP-WiFi $IFACE $STATE" # If we are here we have a dhcp ip address - CHAN=`iw $IFACE info|grep channel|cut -d' ' -f2` + CHAN=$(iw "$IFACE" info|grep channel|cut -d' ' -f2) echo "Using channel $CHAN for carrier" - HOSTAPD=`grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` + HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" if [ $CHAN -ne $HOSTAPD ] && [ $CHAN -lt 14 ]; then echo "Editing Hostapd for channel $CHAN" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf - sed -i -e "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf - systemctl stop wpa_supplicant + sed -i "s/^channel.*/channel=$CHAN/" /etc/hostapd/hostapd.conf systemctl restart hostapd - systemctl start wpa_supplicant - if [ -f /run/netplan/wpa-$IFACE.conf ]; then - systemctl restart netplan-wpa-$IFACE.service - fi else echo "Upstream Channel greater than 13 or is the same - not changing hostapd.conf" fi From bfbb4f06f2891ef0894e64e52c33b56a4d5031cc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 24 Apr 2023 13:48:24 -0400 Subject: [PATCH 1053/1758] Delete adm-run-roles-tmp.yml --- adm-run-roles-tmp.yml | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 adm-run-roles-tmp.yml diff --git a/adm-run-roles-tmp.yml b/adm-run-roles-tmp.yml deleted file mode 100644 index 8f6888707..000000000 --- a/adm-run-roles-tmp.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: all - become: yes - - vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml - - roles: - - { role: 0-init } - - { role: captiveportal } - - { role: lokole } - - { role: network } From 25e44b3385ad3674c3e9f69e3295ab8029d153aa Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 24 Apr 2023 12:53:09 -0500 Subject: [PATCH 1054/1758] service set start timeout --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 8d99e4a85..450844b98 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -9,6 +9,7 @@ Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service [Service] +TimeoutStartSec=120 Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/iiab-test-wifi From fb2a9c82222f39c3d1a839454b335e71a1ee1ea1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 24 Apr 2023 14:02:35 -0400 Subject: [PATCH 1055/1758] Revert c49adcf "borrow some bits from iiab-clone-wifi" (& preserve cf67d4c "netplan-systemd staging" ?) --- .../templates/hostapd/iiab-wifi-test.service.j2 | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 23223c854..1110a9a21 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,11 +1,13 @@ [Unit] Description=IIAB find channel freq for ssid -Requires=network-pre.target -BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device -After=network-pre.target -After=iiab-clone-wifi.service +# 2023-04-24 PR #3549: c49adcf went too far and broke netplan-systemd +#Requires=network-pre.target +#BindsTo=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +#After=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device +#After=iiab-clone-wifi.service + +After=network-pre.target After=wpa_supplicant.service Wants=wpa_supplicant.service After=NetworkManager.service @@ -13,6 +15,7 @@ After=netplan-wpa-{{ discovered_wireless_iface }}.service Before=hostapd.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service +#Before=network.target [Service] Type=oneshot From 40e4b9cce9df8872ba7ad3339401256bb2c919b4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 25 Apr 2023 10:31:28 -0500 Subject: [PATCH 1056/1758] softcode --- roles/network/templates/hostapd/iiab-wifi-test.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 555bf06f6..baa73eed6 100644 --- a/roles/network/templates/hostapd/iiab-wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -1,6 +1,6 @@ [Unit] Description=IIAB find channel freq for ssid -Requisite=sys-subsystem-net-devices-wlan0.device +Requisite=sys-subsystem-net-devices-{{ discovered_wireless_iface }}.device Requisite=iiab-clone-wifi.service Requisite=wpa_supplicant.service From 18fe41b9c60d4dba5148a2f57ff16d3201dc7039 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Apr 2023 15:44:14 -0400 Subject: [PATCH 1057/1758] moodle_version: MOODLE_402_STABLE (for Moodle 4.2) --- roles/moodle/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 6c3e6db16..57f48e4a6 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,10 +8,10 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2022-11-27: Currently testing Moodle's master branch is mandatory if your -# OS PHP >= 8.2, see moodle/tasks/install.yml for detail! OR, *IF* your -# OS PHP < 8.2, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_401_STABLE # Moodle 4.1 LTS +# 2023-04-25: Currently testing Moodle's master branch is mandatory if your +# OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your +# OS PHP < 8.3, then {{ moodle_version }} will be attempted: +moodle_version: MOODLE_402_STABLE # Moodle 4.2 #moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From cac14ee4bbf8c5c686965ca6bde1f361c7dc38e9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Apr 2023 15:46:43 -0400 Subject: [PATCH 1058/1758] moodle/tasks/install.yml: Update comments for Moodle 4.2 --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4abac732f..c449b6c4e 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -30,7 +30,7 @@ #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - #- php{{ php_version }}-exif # 2022-11-27: Recommended by Moodle 4.1, required by Moodle 4.2 (for image metadata, rotation, etc?) apt package(s) NOT REQUIRED as it's somehow already installed with PHP's core, as confirmed by 'php -m' & 'php -i' on Ubuntu 22.04 and RasPiOS. + #- php{{ php_version }}-exif # 2022-11-27: Recommended by Moodle 4.1, possibly required by Moodle 4.2 (for image metadata, rotation, etc?) apt package(s) NOT REQUIRED as it's somehow already installed with PHP's core, as confirmed by 'php -m' & 'php -i' on Ubuntu 22.04 and RasPiOS. - php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml @@ -62,7 +62,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_401_STABLE (Moodle 4.1) + version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2) when: php_version is version('8.3', '<') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From fda10dbe66864fa90644bc4a405c979c8d4ef202 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 26 Apr 2023 06:43:28 -0500 Subject: [PATCH 1059/1758] jupyterhub use --system-site-packages for psutils --- roles/jupyterhub/tasks/install.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index a34c1afd6..223985f5b 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,11 +13,16 @@ when: nodejs_installed is undefined -- name: "Install package: python3-venv" +- name: "Install package: python3-psutil" package: - name: python3-venv + name: python3-psutil state: present +- name: Remove previous virtual environment {{ jupyterhub_venv }} + file: + path: "{{ jupyterhub_venv }}" + state: absent + - name: Make 3 directories to hold JupyterHub config file: state: directory @@ -41,7 +46,7 @@ - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 @@ -58,7 +63,7 @@ - ipywidgets virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" + virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir" - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" From eacfec8c91ef603909d8a3dd94c1cd4070bde0ad Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 26 Apr 2023 06:45:27 -0500 Subject: [PATCH 1060/1758] remove python3-venv from roles --- roles/calibre-web/tasks/install.yml | 1 - roles/lokole/tasks/install.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7ffb5a32e..29affb3d2 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -2,7 +2,6 @@ package: name: - imagemagick - - python3-venv - python3-netifaces state: present diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 82d8593ca..bf4e64e7f 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -7,7 +7,6 @@ name: #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact #- python3-pip - - python3-venv - python3-dev - python3-bcrypt # 2019-10-14: Should work across modern Linux OS's #- bcrypt does not exist on Ubuntu 19.10 From dc35445c9c45edad6752ca60f61cc7dbe0acc2ff Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 26 Apr 2023 07:17:40 -0500 Subject: [PATCH 1061/1758] remove nodesource.list if failed --- roles/nodejs/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 3990e10b3..08b08bdb9 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -94,6 +94,12 @@ # warn: no # creates: /etc/apt/sources.list.d/nodesource.list +- name: Remove /etc/apt/sources.list.d/nodesource.list if install failed above + file: + path: /etc/apt/sources.list.d/nodesource.list + state: absent + when: curl_nodesource.failed + - name: Install latest Node.js -- includes /usr/bin/npm if nodesource installed above package: #name: nodejs={{ nodejs_version }} From 4bd5d1e9f638bdfb04c5c275ccf84f9768168acf Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 26 Apr 2023 07:20:13 -0500 Subject: [PATCH 1062/1758] verbage in other roles --- roles/calibre-web/tasks/install.yml | 2 +- roles/lokole/tasks/install.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 29affb3d2..285d138a1 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "Install packages: imagemagick, python3-venv, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - imagemagick diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index bf4e64e7f..f26457f87 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,7 +2,7 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Install 13 packages for Lokole +- name: Install 12 packages for Lokole apt: name: #- python3 # 2022-12-21: IIAB pre-req, see scripts/local_facts.fact From cc0a32cd676bf61a4aa736de76184f1c477e94dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Apr 2023 17:48:07 -0400 Subject: [PATCH 1063/1758] matomo/tasks/nginx.yml: Remove stale refs to box/maps --- roles/matomo/tasks/nginx.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/nginx.yml b/roles/matomo/tasks/nginx.yml index 8d432ee8c..46465dffb 100644 --- a/roles/matomo/tasks/nginx.yml +++ b/roles/matomo/tasks/nginx.yml @@ -1,10 +1,10 @@ -- name: Enable http://box/maps & http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template +- name: Enable http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template template: src: matomo-nginx.conf.j2 dest: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d when: matomo_enabled -- name: Disable http://box/maps & http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf +- name: Disable http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf file: path: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d state: absent From fc46f34f653d86b90128c9b59098de978f1336db Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Apr 2023 17:51:03 -0400 Subject: [PATCH 1064/1758] matomo/tasks/main.yml: Explanation for nginx.yml was stale! --- roles/matomo/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml index eec80e81a..b99de06e7 100644 --- a/roles/matomo/tasks/main.yml +++ b/roles/matomo/tasks/main.yml @@ -21,7 +21,7 @@ - block: - - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + - name: Enable/Disable/Reload NGINX for Matomo include_tasks: nginx.yml - name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml From 8eb29a9edea2b99833473c786c23bd660472d764 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Apr 2023 18:57:05 -0400 Subject: [PATCH 1065/1758] rpi_debian.yml: Fix both "country_code is defined" -> "country_code.stdout is defined" --- roles/network/tasks/rpi_debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 29b6e0591..247b969df 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -44,14 +44,14 @@ - name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf set_fact: host_country_code: "{{ country_code.stdout }}" - when: country_code is defined and country_code.stdout | length > 0 + when: country_code.stdout is defined and country_code.stdout | length > 0 - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} - when: country_code is defined and country_code.stdout | length == 0 + when: country_code.stdout is defined and country_code.stdout | length == 0 # This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill From df08ecfef6e6615cf171592caa90334224296ab4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 27 Apr 2023 07:49:40 -0400 Subject: [PATCH 1066/1758] "Couldn't find an UPSTREAM SSID in files like wpa_supplicant.conf" --- roles/network/templates/hostapd/iiab-test-wifi.j2 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-test-wifi.j2 b/roles/network/templates/hostapd/iiab-test-wifi.j2 index d364c5a5f..709a92fbb 100755 --- a/roles/network/templates/hostapd/iiab-test-wifi.j2 +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -5,7 +5,7 @@ # those can be parsed for the ssid without needing the related service running # first. # "Netplan systemd" "NetworkManager" need to be running to be able to parse for -# the ssid, from the generated config file for "Netplan systemd" and from the +# the ssid, from the generated config file for "Netplan systemd" and from the # running environment for "NetworkManager". # "iiab-wifi-test.service" acts as a bit of a traffic cop keeping the ordering # of the services more deterministic when active and tries to catch a channel @@ -66,7 +66,9 @@ fi echo "ssid is $SSID" if [ -z "$SSID" ]; then - echo "Couldn't find ssid $SSID to use exiting" + echo "Couldn't find an UPSTREAM SSID in files like wpa_supplicant.conf -- so exiting." + echo "CLARIF: This is normal when UPSTREAM WIFI is not active, as there would be no" + echo "UPSTREAM SSID to extract, e.g. if 'wifi_up_down: False'" if [ $NETPLAN -gt 0 ]; then echo "Netplan1" fi From 1884f484aeb35e370f792b7fc675bf46878418b4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 27 Apr 2023 10:40:04 -0500 Subject: [PATCH 1067/1758] iiab-clone-wifi needs template from hostapd - record wifi_up_down --- roles/network/tasks/hostapd.yml | 14 ++++++++++++++ roles/network/tasks/restart.yml | 18 ++++++------------ roles/network/tasks/rpi_debian.yml | 6 ------ roles/network/tasks/sysd-netd-debian.yml | 7 ------- 4 files changed, 20 insertions(+), 25 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 7f732f73f..4d64bf843 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -100,6 +100,18 @@ line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}' state: present +- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed + template: + owner: root + group: root + mode: 0644 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } + when: can_be_ap + - name: Record host_country_code_applied and host_channel in network of {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini @@ -113,6 +125,8 @@ value: "{{ host_ssid }}" - option: host_wifi_mode value: "{{ host_wifi_mode }}" + - option: wifi_up_down + value: "{{ wifi_up_down }}" - option: host_country_code_applied value: "{{ host_country_code }}" - option: host_channel diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 0d33f210f..ec1dda7b6 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -14,18 +14,6 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled -- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed - template: - owner: root - group: root - mode: 0644 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } - when: can_be_ap - - name: Enable & Restart networkd-dispatcher.service systemd: name: networkd-dispatcher @@ -34,6 +22,12 @@ masked: no when: systemd_networkd_active +- name: Clone wifi if needed + systemd: + name: iiab-clone-wifi + state: restarted + when: wifi_up_down and can_be_ap and ansible_ap0 is undefined + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: name: hostapd diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 247b969df..fc02dccd7 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -78,12 +78,6 @@ systemd: daemon_reload: yes -- name: Clone wifi if needed - systemd: - name: iiab-clone-wifi - state: restarted - when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - - name: Restart the networking service if appropriate systemd: name: networking diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 1681f6cf7..391494382 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -87,12 +87,6 @@ systemd: daemon_reload: yes -- name: Clone wifi if needed - systemd: - name: iiab-clone-wifi - state: restarted - when: wifi_up_down and can_be_ap and ansible_ap0 is undefined - - name: Enable & Restart systemd-networkd.service systemd: name: systemd-networkd @@ -106,4 +100,3 @@ state: restarted enabled: yes masked: no - From 84f3ee80734e2c14e1458643e9bc0040c2ddcafe Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 29 Apr 2023 13:30:40 -0400 Subject: [PATCH 1068/1758] pbx/README.adoc: Link to #3556 PHP 8 speculation --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f92f2836f..7cab471dc 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3557]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 38083b431464875ac60d25df6106d6dcda5239a0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 29 Apr 2023 13:32:22 -0400 Subject: [PATCH 1069/1758] pbx/README.adoc: Fix typo (link to #3556) --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7cab471dc..a9c8b3087 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3557]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 0324dfb918c010cce3bf88246ecac57dff6ae7a4 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 14:25:30 -0400 Subject: [PATCH 1070/1758] Revert to Moodle 4.1 if PHP 7 + toughen Moodle/Nextcloud --- roles/moodle/tasks/install.yml | 36 +++++++++++++++++++++++++------ roles/nextcloud/tasks/install.yml | 4 ++-- 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index c449b6c4e..a3cd511de 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -49,13 +49,27 @@ when: php_settings_done is undefined -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" - git: - repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle - dest: "{{ moodle_base }}" # /opt/iiab/moodle - depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022) - when: php_version is version('8.3', '>=') +- name: Does /opt/iiab/moodle exist? + stat: + path: /opt/iiab/moodle + register: opt_iiab_moodle + +# 2023-04-30: Allows re-running (e.g. 'sudo iiab') if git clone was already +# begun, avoiding this error: (arises from 'www-data' ownership) +# "Failed to set a new url https://github.com/moodle/moodle for origin: +# fatal: detected dubious ownership in repository at '/opt/iiab/moodle' +# To add an exception for this directory, call: +# git config --global --add safe.directory /opt/iiab/moodle" + +- name: If /opt/iiab/moodle exists, move it to /tmp/opt-iiab-moodle.old (TO BE DELETED ON NEXT BOOT) -- allows re-running if git clone (below) was already begun + shell: rm -rf /tmp/opt-iiab-moodle.old && mv /opt/iiab/moodle /tmp/opt-iiab-moodle.old + when: opt_iiab_moodle.stat.exists + + +- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER MOODLE 4.1 LTS ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" + set_fact: + moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS + when: php_version is version('8.0', '<') - name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 git: @@ -65,6 +79,14 @@ version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2) when: php_version is version('8.3', '<') +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" + git: + repo: "{{ moodle_repo_url }}" + dest: "{{ moodle_base }}" + depth: 1 + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023) + when: php_version is version('8.3', '>=') + - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: path: "{{ moodle_base }}" diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ce23c1c4c..843cf84bc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -98,10 +98,10 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP <= 7.4 -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" +- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" set_fact: nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 - when: php_version is version('7.4', '<=') + when: php_version is version('8.0', '<') - name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: From d768757f7affeab24184714628bc19686c886404 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 17:33:51 -0400 Subject: [PATCH 1071/1758] network/tasks/install.yml: Clarify 4 sysctl defaults --- roles/network/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 08a749707..c41f88a09 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -55,11 +55,11 @@ name: "{{ item.name }}" value: "{{ item.value }}" with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } + - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet; Default: 0 + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2 + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1 #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled; Default: 0 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 6e493c9131bfd9ac2c2ca310220a6bd9c660d5e6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 18:42:08 -0400 Subject: [PATCH 1072/1758] network/tasks/install.yml: Clarify 4 sysctl vars --- roles/network/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index c41f88a09..bb8b9592f 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -55,11 +55,11 @@ name: "{{ item.name }}" value: "{{ item.value }}" with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet; Default: 0 - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2 - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1 - #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled; Default: 0 + - { name: 'net.ipv4.ip_forward', value: '1' } # Default: 0. Masquerading LAN->Internet + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router); Default: 1 + #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 47a771f8c176f4370c4846601fcd30eae30e8352 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 18:43:11 -0400 Subject: [PATCH 1073/1758] network/tasks/install.yml: Remove typo in comment --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index bb8b9592f..232b67ddc 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -57,7 +57,7 @@ with_items: - { name: 'net.ipv4.ip_forward', value: '1' } # Default: 0. Masquerading LAN->Internet - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router); Default: 1 + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router) #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET From e044de856abb7359074968194305c1773bc88f79 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 30 Apr 2023 19:15:44 -0400 Subject: [PATCH 1074/1758] Enable sysctl's IPv6 during Munin install/enable, so munin-node.service starts --- roles/munin/tasks/enable-or-disable.yml | 12 ++++++++++++ roles/munin/tasks/install.yml | 12 ++++++++++++ roles/network/tasks/install.yml | 2 +- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/roles/munin/tasks/enable-or-disable.yml b/roles/munin/tasks/enable-or-disable.yml index 1b0d3ac28..fce74cae5 100644 --- a/roles/munin/tasks/enable-or-disable.yml +++ b/roles/munin/tasks/enable-or-disable.yml @@ -1,3 +1,9 @@ +# SEE ALSO roles/network/tasks/install.yml +- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 0 + - name: Enable & Start 'munin-node' systemd service systemd: name: munin-node @@ -6,6 +12,12 @@ state: started when: munin_enabled +# SEE ALSO roles/network/tasks/install.yml +- name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 1 + - name: Disable & Stop 'munin-node' systemd service systemd: name: munin-node diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 7d439ff5a..a889ff15b 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,3 +1,9 @@ +# SEE ALSO roles/network/tasks/install.yml +- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 0 + - name: "Install 5 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra, python3-passlib" package: name: @@ -9,6 +15,12 @@ - python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below state: present +# SEE ALSO roles/network/tasks/install.yml +- name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 1 + - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd htpasswd: path: /etc/munin/munin-htpasswd diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 232b67ddc..71aa2a1eb 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -59,7 +59,7 @@ - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router) #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6. SEE ALSO: roles/munin/tasks/install.yml & enable-and-disable.yml #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 21a7d70c7e625f51c6b6c7b5011781b6576137ec Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 1 May 2023 11:21:39 -0400 Subject: [PATCH 1075/1758] Toughen up vnStat: Mitigate #3539 db errors, stop using 2011's /etc/vnstat.conf, etc --- roles/vnstat/tasks/install.yml | 39 +++++++++++++------ .../{vnstat.conf.j2 => vnstat.conf.j2.unused} | 0 test.yml | 8 +++- 3 files changed, 33 insertions(+), 14 deletions(-) rename roles/vnstat/templates/{vnstat.conf.j2 => vnstat.conf.j2.unused} (100%) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 84bec243c..f1d65ada9 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,21 +1,36 @@ -# Similar code block in roles/network/tasks/detected_network.yml -- name: "Setting iiab_wan_iface to '{{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" - set_fact: - iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" - when: ansible_default_ipv4.gateway is defined - - - name: Install 'vnstat' package package: name: vnstat state: present -- name: Install /etc/vnstat.conf from template - template: - src: vnstat.conf.j2 - dest: /etc/vnstat.conf - mode: '0744' +# Similar code block in roles/network/tasks/detected_network.yml (line ~35) and roles/network/tasks/computed_network.yml (lines ~74 and ~110) +- name: "Setting iiab_wan_iface to '{{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" + set_fact: + iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: ansible_default_ipv4.gateway is defined + +# 2023-05-01: Probably no longer nec, as line 'Interface ""' in /etc/vnstat.conf automatically selects the default interface +- name: Insert 'Interface "{{ iiab_wan_iface }}"' into /etc/vnstat.conf + lineinfile: + path: /etc/vnstat.conf + regexp: '^Interface ' + line: 'Interface "{{ iiab_wan_iface }}"' + +# - name: Install /etc/vnstat.conf from template +# template: +# src: vnstat.conf.j2 +# dest: /etc/vnstat.conf +# mode: '0744' + + +# 2023-05-01: https://github.com/vergoh/vnstat/issues/134#issuecomment-663836557 +- name: 'Precautionary Start & Enable of vnstat.service, to mitigate intermittent #3539 (''Failed to open database "/var/lib/vnstat/vnstat.db" in read-only mode'') during WAN db creation just below' + systemd: + name: vnstat + daemon_reload: true + state: started + enabled: true - name: Create database for WAN to collect vnStat data shell: /usr/bin/vnstat -i {{ iiab_wan_iface }} diff --git a/roles/vnstat/templates/vnstat.conf.j2 b/roles/vnstat/templates/vnstat.conf.j2.unused similarity index 100% rename from roles/vnstat/templates/vnstat.conf.j2 rename to roles/vnstat/templates/vnstat.conf.j2.unused diff --git a/test.yml b/test.yml index bfda3f92a..8eb2e9be0 100644 --- a/test.yml +++ b/test.yml @@ -27,11 +27,15 @@ - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini descriptions for azuracast, captiveportal, mosquitto, munin, nodejs, osm-vector-maps, sshd debug: - msg: '"''"' # FAILS: '"\'"' + msg: '"''"' # OR: '''' FAILS: '"\'"' - name: BACKSLASH to escape double quotes... "'\"'" e.g. cups/tasks/install.yml debug: - msg: "'\"'" # FAILS: "'""'" + msg: "'\"'" # OR: "\"" FAILS: "'""'" + + - name: "Entire string must be enclosed in quotes if using ' #' Space-then-Pound/Hash sequence -- or right side will be a comment! e.g. roles/vnstat/install.yml" + debug: + msg: "Left side # Right side" - name: a shows "VARIABLE IS NOT DEFINED!" -- whereas b (w/o whitespace) AND c (with space) AND d (with tab, STRICTLY DISALLOWED IN YAML BY ansible-core 2.11.6) showed null (without quotes!) -- whereas e (singlequotes) and f (doublequotes) show "" empty string set_fact: From 423eecc29363a07dce8310d1396a614350212031 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 1 May 2023 11:41:04 -0400 Subject: [PATCH 1076/1758] CLARIF: Let's use apt version of /etc/vnstat.conf (not 2011-era template) --- roles/vnstat/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index f1d65ada9..70e4f56cc 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -10,7 +10,7 @@ iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" when: ansible_default_ipv4.gateway is defined -# 2023-05-01: Probably no longer nec, as line 'Interface ""' in /etc/vnstat.conf automatically selects the default interface +# 2023-05-01: Probably no longer nec, as line 'Interface ""' in /etc/vnstat.conf (as installed by apt) automatically selects the default interface - name: Insert 'Interface "{{ iiab_wan_iface }}"' into /etc/vnstat.conf lineinfile: path: /etc/vnstat.conf From 7b214064faf69e54e61e43f08cd7f61bc18d426d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 1 May 2023 18:46:27 -0400 Subject: [PATCH 1077/1758] Allow multiple (timestamped) backups of WiFi firmware originals --- roles/firmware/tasks/download.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 5e4027623..c2927c0f9 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -17,7 +17,7 @@ # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - command: cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) + shell: mv /lib/firmware/cypress/{{ item }}.orig /lib/firmware/cypress/{{ item }}.orig.$(date +%F-%T) || true && cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob From 38a292227d91ef03e1ba91c43786b030aaf9d5a5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 1 May 2023 20:29:49 -0400 Subject: [PATCH 1078/1758] Clarify PR #3564 (pre-download WiFi firmware backups) --- roles/firmware/tasks/download.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index c2927c0f9..abda2e6b4 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -17,7 +17,12 @@ # src: /lib/firmware/cypress/{{ item }} # dest: /lib/firmware/cypress/{{ item }}.orig # #local_follow: False # FAILS TO PRESERVE LINKS (ansible/ansible#74777) e.g. /lib/firmware/cypress/cyfmac43455-sdio.bin -> /etc/alternatives/cyfmac43455-sdio.bin -> ... - shell: mv /lib/firmware/cypress/{{ item }}.orig /lib/firmware/cypress/{{ item }}.orig.$(date +%F-%T) || true && cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig # "cp -P" == "cp --no-dereference" sufficient to replicate these symlinks and files ("cp -d" & "cp -a" are incrementally stronger, and so probably can't hurt) + # 2023-05-01 CLARIF OF BELOW: + # 1) Even if 'mv' fails, no matter it'll continue to 'cp' below + # 2) 'cp -P' == 'cp --no-dereference' sufficient to replicate these symlinks and files ('cp -d' & 'cp -a' are incrementally stronger, and so probably can't hurt) + shell: | + mv /lib/firmware/cypress/{{ item }}.orig /lib/firmware/cypress/{{ item }}.orig.$(date +%F-%T) + cp -a /lib/firmware/cypress/{{ item }} /lib/firmware/cypress/{{ item }}.orig with_items: - cyfmac43430-sdio.bin - cyfmac43430-sdio.clm_blob From 7e1dff54d2c25ac6f60c2cccf0b05f62a8959544 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 3 May 2023 03:52:39 -0400 Subject: [PATCH 1079/1758] scripts/ansible: Fix typo in comment --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index ed368d1e6..0fc8f611e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -205,7 +205,7 @@ $APT_PATH/apt -y install python3-venv echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible -# "if not ubuntu" (covers RasPiOC & Debian) would also work, but is overbroad: +# "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: # if ! grep -qi ubuntu /etc/os-release; then # # if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then From 139696fa3136a7060a665410a4d9cce5955b2dbf Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 3 May 2023 17:00:02 -0400 Subject: [PATCH 1080/1758] If 32-bit OS, bypass Sugarizer & Explain during iiab-install --- roles/7-edu-apps/tasks/main.yml | 15 ++++++++++++++- roles/mongodb/tasks/main.yml | 9 ++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 8f223b1fd..c5f15e117 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -40,10 +40,23 @@ name: pathagar when: pathagar_install is defined and pathagar_install +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3422 and #3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) + command: dpkg --print-architecture + register: dpkg_arch + when: sugarizer_install + +- name: Explain bypassing of Sugarizer install if 32-bit OS + fail: # FORCE IT RED THIS ONCE! + msg: "BYPASSING SUGARIZER INSTALL ATTEMPT, as Sugarizer Server 1.5.0 requires MongoDB 3.2+ which is NO LONGER SUPPORTED on 32-bit Raspberry Pi OS. 'dpkg --print-architecture' output for your OS: {{ dpkg_arch.stdout }}" + when: sugarizer_install and not dpkg_arch.stdout is search("64") + ignore_errors: True + - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install + when: sugarizer_install and dpkg_arch.stdout is search("64") - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index aab67fc0f..1dc712a0a 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -37,7 +37,9 @@ - debug: var: mongodb_version -- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3422 and #3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) command: dpkg --print-architecture register: dpkg_arch - debug: @@ -45,10 +47,11 @@ - block: - - name: EXIT 'mongodb' ROLE, if 'dpkg --print-architecture' shows "armhf" or mongodb_version == "unsupported" or ansible_machine not found + - name: EXIT 'mongodb' ROLE, if 'dpkg --print-architecture' appears to be 32-bit (i.e. does not contain "64") or mongodb_version == "unsupported" or ansible_machine not found fail: # FORCE IT RED THIS ONCE! msg: MongoDB 3.2+ (as needed by Sugarizer Server 1.5.0) is NO LONGER SUPPORTED on 32-bit Raspberry Pi OS. - when: dpkg_arch.stdout == "armhf" or mongodb_version == "unsupported" or mongodb_version == "unknown" + when: not dpkg_arch.stdout is search("64") or mongodb_version == "unsupported" or mongodb_version == "unknown" + #when: dpkg_arch.stdout == "armhf" or mongodb_version == "unsupported" or mongodb_version == "unknown" - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml From 1939ad22e186ff3524e1faa6e8d39351c4d7acaf Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 6 May 2023 00:48:07 -0400 Subject: [PATCH 1081/1758] GHA Stub: .github/workflows/10min-iiab-test-install.yml --- .github/workflows/10min-iiab-test-install.yml | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 .github/workflows/10min-iiab-test-install.yml diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml new file mode 100644 index 000000000..3aa1d159a --- /dev/null +++ b/.github/workflows/10min-iiab-test-install.yml @@ -0,0 +1,53 @@ +name: '"10 min" IIAB test install' +# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 + +# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html +on: [push, pull_request, workflow_dispatch] + +# on: +# push: +# +# pull_request: +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# +# # Set your workflow to run every day of the week from Monday to Friday at 6:00 UTC +# schedule: +# - cron: "0 6 * * 1-5" + +jobs: + test-install: + runs-on: ubuntu-latest + steps: + - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + - name: Check out repository code + uses: actions/checkout@v3 + - run: echo "🍏 This job's status is ${{ job.status }}." + - name: GitHub Actions "runner" environment + run: | + whoami # runner + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + # ls + # ls $GITHUB_WORKSPACE + # ls ${{ github.workspace }} + # ls -la /opt # az, containerd, google, hostedtoolcache, microsoft, mssql-tools, pipx, pipx_bin, post-generation, runner, vsts + # apt update + # apt dist-upgrade -y + # apt autoremove -y + - name: Set up /opt/iiab/iiab + run: | + mkdir /opt/iiab + mv $GITHUB_WORKSPACE /opt/iiab + mkdir $GITHUB_WORKSPACE # OR SUBSEQUENT STEPS WILL FAIL ('working-directory: /opt/iiab/iiab' hacks NOT worth it!) + - name: Set up /etc/iiab/local_vars.yml + run: | + sudo mkdir /etc/iiab + # touch /etc/iiab/local_vars.yml + sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + - run: sudo /opt/iiab/iiab/scripts/ansible + - run: sudo ./iiab-install + working-directory: /opt/iiab/iiab + - run: iiab-summary + - run: cat /etc/iiab/iiab_state.yml From cb36d2b02fd80e7cc6a16dad105fa6e8fa056e1c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 May 2023 11:05:39 -0400 Subject: [PATCH 1082/1758] Try aarch64 version of kiwix-tools 3.5.0+ --- roles/kiwix/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 2696974fd..92cd15e26 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -31,7 +31,7 @@ kiwix_arch_dict: x86_64: x86_64 armv6l: armhf armv7l: armhf - aarch64: armhf + aarch64: aarch64 # ansible_architecture might also work, if not quite as well: # https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 From 5eab78b6bf2498e9c4dc08e7a34663304b8d9121 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 May 2023 19:23:46 -0400 Subject: [PATCH 1083/1758] Clarify kiwix/defaults/main.yml as kiwix-tools & RasPiOS evolve --- roles/kiwix/defaults/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 92cd15e26..286d09440 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# INSTRUCTIONS TO REINSTALL Kiwix: -# (1) VERIFY THESE VARS IN /etc/iiab/local_vars.yml +# ONLINE UPGRADE INSTRUCTIONS: +# (1) VERIFY VARS IN /etc/iiab/local_vars.yml # kiwix_install: True # kiwix_enabled: True -# (2) RUN: cd /opt/iiab/iiab; ./runrole --reinstall kiwix +# (2) RUN: cd /opt/iiab/iiab; sudo ./runrole --reinstall kiwix # FYI /library/zims contains 3 important things: @@ -25,13 +25,13 @@ kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ #kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ #kiwix_base_url: "{{ iiab_download_url }}/" # e.g. https://download.iiab.io/packages/ -kiwix_arch_dict: - #i386: - i686: i586 - x86_64: x86_64 - armv6l: armhf - armv7l: armhf - aarch64: aarch64 +kiwix_arch_dict: # 'dpkg --print-architecture' key would be: + #i386: # ? + i686: i586 # ? + x86_64: x86_64 # amd64 + armv6l: armhf # arm6l + armv7l: armhf # arm7l BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574 + aarch64: aarch64 # arm64 BEWARE: "32-bit" RasPiOS suddenly boots 64-bit kernel since March 2023 -- #3516, explained at https://github.com/iiab/iiab/pull/3422#issuecomment-1533441463 # ansible_architecture might also work, if not quite as well: # https://stackoverflow.com/questions/66828315/what-is-the-difference-between-ansible-architecture-and-ansible-machine-on-a/66828837#66828837 From e227fdc29e7f37991d184f6eac9a98e1245ea494 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 May 2023 22:22:01 -0400 Subject: [PATCH 1084/1758] roles/kiwix/README.rst: Clarify proxying --- roles/kiwix/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/README.rst b/roles/kiwix/README.rst index e635be2de..db77fd05e 100644 --- a/roles/kiwix/README.rst +++ b/roles/kiwix/README.rst @@ -14,7 +14,7 @@ Locations - Your ZIM files go in ``/library/zims/content`` - Your ZIM index files used to go in directories under ``/library/zims/index`` (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!) -- The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats) +- The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats, Matomo, ETC) - Use URL http://box:3000/kiwix if you want to avoid the proxy Your ``/library/zims/library.xml`` (containing essential metadata for the ZIM files you've installed) can be regenerated if necessary, by running: From b1a219bcae70fa7ee656dfa10d5cd8fb1886a9e0 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 14 May 2023 09:06:29 -0400 Subject: [PATCH 1085/1758] Revert to kiwix-tools 3.4.0 if armhf 3.5.0 downloads --- roles/kiwix/defaults/main.yml | 6 +++--- roles/kiwix/tasks/install.yml | 10 ++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 286d09440..3d3472f1a 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -25,12 +25,12 @@ kiwix_base_url: https://download.kiwix.org/release/kiwix-tools/ #kiwix_base_url: https://download.kiwix.org/nightly/2022-10-04/ #kiwix_base_url: "{{ iiab_download_url }}/" # e.g. https://download.iiab.io/packages/ -kiwix_arch_dict: # 'dpkg --print-architecture' key would be: +kiwix_arch_dict: # 'dpkg --print-architecture' key would be: (to mitigate #3516 in future, if truly nec?) #i386: # ? i686: i586 # ? x86_64: x86_64 # amd64 - armv6l: armhf # arm6l - armv7l: armhf # arm7l BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574 + armv6l: armhf # armhf + armv7l: armhf # armhf BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574, PR #3576 aarch64: aarch64 # arm64 BEWARE: "32-bit" RasPiOS suddenly boots 64-bit kernel since March 2023 -- #3516, explained at https://github.com/iiab/iiab/pull/3422#issuecomment-1533441463 # ansible_architecture might also work, if not quite as well: diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 8a95d52ba..b28f3636e 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -19,6 +19,14 @@ timeout: "{{ download_timeout }}" register: kiwix_dl # PATH /opt/iiab/downloads + ACTUAL filename put in kiwix_dl.dest, for unarchive ~28 lines below +- name: "2023-05-14: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" + get_url: + url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz + dest: "{{ downloads_dir }}" + timeout: "{{ download_timeout }}" + register: kiwix_dl + when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" + - name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) stat: path: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix @@ -58,6 +66,8 @@ src: "{{ kiwix_dl.dest }}" # See ~28 lines above, e.g. /opt/iiab/downloads/kiwix-tools_linux-x86_64-3.3.0-1.tar.gz dest: "{{ kiwix_path }}/bin" extra_opts: --strip-components=1 + owner: root # 2023-05-14: When unpacking let's avoid bogus owner/group, + group: root # arising from UID/GID on Kiwix's build machine. # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU From e3bb5c1ed59ca1bbcf1755d608e68d3a8a933b9c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 May 2023 20:29:43 -0400 Subject: [PATCH 1086/1758] Update debian-12.yml --- vars/debian-12.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/debian-12.yml b/vars/debian-12.yml index abdbf891b..3b51e4478 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -15,6 +15,6 @@ is_debian_12: True # sshd_package: openssh-server # sshd_service: ssh # systemd_location: /lib/systemd/system -# php_version: "8.1" +# php_version: "8.2" # postgresql_version: 15 -# python_version: "3.10" +# python_version: "3.11" From a23faea688f42498255d208e16b013330005682c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 May 2023 20:31:46 -0400 Subject: [PATCH 1087/1758] Update ubuntu-2304.yml --- vars/ubuntu-2304.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml index 07ed43529..72bb3d960 100644 --- a/vars/ubuntu-2304.yml +++ b/vars/ubuntu-2304.yml @@ -16,5 +16,5 @@ is_ubuntu_2304: True # sshd_service: ssh # systemd_location: /lib/systemd/system # php_version: "8.1" -# postgresql_version: 14 -# python_version: "3.10" +# postgresql_version: 15 +# python_version: "3.11" From 1157bb0f248804169fb9ca01e966fceab197cb7a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 May 2023 20:32:46 -0400 Subject: [PATCH 1088/1758] Update raspbian-12.yml --- vars/raspbian-12.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml index e6fd2f9d5..9fa4b1e75 100644 --- a/vars/raspbian-12.yml +++ b/vars/raspbian-12.yml @@ -17,6 +17,6 @@ is_raspbian_12: True # sshd_package: ssh # sshd_service: ssh # systemd_location: /lib/systemd/system -# php_version: "7.4" -# postgresql_version: 13 -# python_version: "3.9" +# php_version: "8.2" +# postgresql_version: 15 +# python_version: "3.11" From 9f866078a0ac9d7405a1088926084cc46cf7b91c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 May 2023 20:33:43 -0400 Subject: [PATCH 1089/1758] Update ubuntu-2310.yml --- vars/ubuntu-2310.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml index 843810075..ed40633df 100644 --- a/vars/ubuntu-2310.yml +++ b/vars/ubuntu-2310.yml @@ -15,6 +15,6 @@ is_ubuntu_2310: True # sshd_package: openssh-server # sshd_service: ssh # systemd_location: /lib/systemd/system -# php_version: "8.1" -# postgresql_version: 14 -# python_version: "3.10" +# php_version: "8.2" +# postgresql_version: 15 +# python_version: "3.11" From 687c497669384fdf9908d438055d93b267d7ece8 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 15 May 2023 14:03:21 -0400 Subject: [PATCH 1090/1758] Recommend ansible-core 2.15.0 --- iiab-install | 4 ++-- scripts/ansible | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/iiab-install b/iiab-install index 532cbf81d..2be185afc 100755 --- a/iiab-install +++ b/iiab-install @@ -10,8 +10,8 @@ ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forc CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' -MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.11.12 # 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 +MIN_ANSIBLE_VER=2.13.9 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false diff --git a/scripts/ansible b/scripts/ansible index 0fc8f611e..d117ca996 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.5] -GOOD_VER=2.14.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.0] +GOOD_VER=2.15.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 7f714e7c65d4de4497137c51fb0ae071353ca139 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 15 May 2023 16:51:08 -0400 Subject: [PATCH 1091/1758] Fix PR #3576, allowing regular Kiwix installs too! --- roles/kiwix/tasks/install.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index b28f3636e..0adaeef36 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -24,7 +24,17 @@ url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz dest: "{{ downloads_dir }}" timeout: "{{ download_timeout }}" - register: kiwix_dl + #register: kiwix_dl # CLOBBERS kiwix_dl.dest WHEN THIS STANZA DOES NOT RUN :/ + when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" + +# Ansible does not allow changing individuals subfields in a dictionary, but +# this crude hack works, overwriting the entire kiwix_dl dictionary var with +# the single (needed) key/value pair. (Or "register: tmp_dl" could be set +# above, if its other [subfields, key/value pairs, etc] really mattered...) +- name: "2023-05-15: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" + set_fact: + kiwix_dl: + dest: /opt/iiab/downloads/kiwix-tools_linux-armhf-3.4.0.tar.gz when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" - name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) From 58961b862c203d3152338b6e7e3e0849c0b55b38 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 15 May 2023 17:53:44 -0400 Subject: [PATCH 1092/1758] More consistent punctuation in local_vars files --- vars/default_vars.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4786cbe94..fc2826b03 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -502,7 +502,7 @@ kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk postgresql_install: False postgresql_enabled: False -# Warning: Moodle is a serious LMS, that takes a while to install. +# Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index de02105a9..35514ab81 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -295,7 +295,7 @@ kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu kiwix_install: True kiwix_enabled: True -# Warning: Moodle is a serious LMS, that takes a while to install. +# Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index e5e086fd6..4cc01a9c6 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -295,7 +295,7 @@ kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu kiwix_install: False kiwix_enabled: False -# Warning: Moodle is a serious LMS, that takes a while to install. +# Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, From ea2dc1ae62eb6e2ae27e10855e210550c8726385 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Acevedo=20=28Neomatrix=29?= <josuecevedo@gmail.com> Date: Mon, 15 May 2023 20:53:35 -0600 Subject: [PATCH 1093/1758] GitHub Actions .github/workflows/10min-iiab-test-install-raspbian.yml for CI/CD & QA (#1) * add .github/workflows/10min-iiab-test-install-raspbian.yml --- .../10min-iiab-test-install-raspbian.yml | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/workflows/10min-iiab-test-install-raspbian.yml diff --git a/.github/workflows/10min-iiab-test-install-raspbian.yml b/.github/workflows/10min-iiab-test-install-raspbian.yml new file mode 100644 index 000000000..b92a3caf1 --- /dev/null +++ b/.github/workflows/10min-iiab-test-install-raspbian.yml @@ -0,0 +1,69 @@ +name: '"10 min" IIAB raspbian test install' +# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 + +# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html +on: [push, pull_request, workflow_dispatch] + +# on: +# push: +# +# pull_request: +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# +# # Set your workflow to run every day of the week from Monday to Friday at 6:00 UTC +# schedule: +# - cron: "0 6 * * 1-5" + +jobs: + test-install: + runs-on: ubuntu-latest + strategy: + matrix: + arch: [aarch64] + include: + #- target: zero_raspbian + # cpu: arm1176 + # cpu_info: cpuinfo/raspberrypi_zero_w + # base_image: raspbian_lite:latest + #- target: zero_raspios + # cpu: arm1176 + # cpu_info: cpuinfo/raspberrypi_zero_w + # base_image: raspios_lite:latest + #- target: zero2_raspios + # cpu: cortex-a7 + # cpu_info: cpuinfo/raspberrypi_zero2_w + # base_image: raspios_lite:latest + - arch: aarch64 + cpu: cortex-a53 + cpu_info: cpuinfo/raspberrypi_zero2_w_arm64 + base_image: raspios_lite_arm64:latest + steps: + #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + #- name: Check out repository code + - uses: actions/checkout@v2 + - uses: pguyot/arm-runner-action@v2 + with: + image_additional_mb: 1024 + base_image: ${{ matrix.base_image }} + cpu: ${{ matrix.cpu }} + cpu_info: ${{ matrix.cpu_info }} + copy_repository_path: /opt/iiab/iiab + commands: | + test `uname -m` = ${{ matrix.arch }} + grep Model /proc/cpuinfo + echo "🍏 This job's status is ${{ job.status }}." + whoami # runner + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + sudo apt-get update -y --allow-releaseinfo-change + sudo apt-get install --no-install-recommends -y git + ls /opt/iiab/iiab + sudo mkdir /etc/iiab + sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + sudo /opt/iiab/iiab/scripts/ansible + sudo ./iiab-install + cd /opt/iiab/iiab + iiab-summary + cat /etc/iiab/iiab_state.yml From 0812cc4bc3290572d657dad9cb3f11102b55f319 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Acevedo=20=28Neomatrix=29?= <josuecevedo@gmail.com> Date: Mon, 15 May 2023 21:02:00 -0600 Subject: [PATCH 1094/1758] Update 10min-iiab-test-install-raspbian.yml change 'target' to 'arch' --- .github/workflows/10min-iiab-test-install-raspbian.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install-raspbian.yml b/.github/workflows/10min-iiab-test-install-raspbian.yml index b92a3caf1..35dfa9f5e 100644 --- a/.github/workflows/10min-iiab-test-install-raspbian.yml +++ b/.github/workflows/10min-iiab-test-install-raspbian.yml @@ -21,17 +21,17 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [aarch64] + arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] include: - #- target: zero_raspbian + #- arch: zero_raspbian # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspbian_lite:latest - #- target: zero_raspios + #- arch: zero_raspios # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspios_lite:latest - #- target: zero2_raspios + #- arch: zero2_raspios # cpu: cortex-a7 # cpu_info: cpuinfo/raspberrypi_zero2_w # base_image: raspios_lite:latest From 23ef49f7dffa091de387aeaebd29c8b318b36337 Mon Sep 17 00:00:00 2001 From: codeneomatrix <josuecevedo@gmail.com> Date: Mon, 15 May 2023 23:16:04 -0600 Subject: [PATCH 1095/1758] change namefile --- ...aspbian.yml => 30min-iiab-test-install-raspios.yml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename .github/workflows/{10min-iiab-test-install-raspbian.yml => 30min-iiab-test-install-raspios.yml} (91%) diff --git a/.github/workflows/10min-iiab-test-install-raspbian.yml b/.github/workflows/30min-iiab-test-install-raspios.yml similarity index 91% rename from .github/workflows/10min-iiab-test-install-raspbian.yml rename to .github/workflows/30min-iiab-test-install-raspios.yml index 35dfa9f5e..bdb7a082f 100644 --- a/.github/workflows/10min-iiab-test-install-raspbian.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -1,4 +1,4 @@ -name: '"10 min" IIAB raspbian test install' +name: '"30 min" IIAB test install raspios' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html @@ -21,17 +21,17 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] + arch: [aarch64] include: - #- arch: zero_raspbian + #- target: zero_raspbian # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspbian_lite:latest - #- arch: zero_raspios + #- target: zero_raspios # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspios_lite:latest - #- arch: zero2_raspios + #- target: zero2_raspios # cpu: cortex-a7 # cpu_info: cpuinfo/raspberrypi_zero2_w # base_image: raspios_lite:latest From 8e9401dbe85c3816f087347c6eb06ac457ac8860 Mon Sep 17 00:00:00 2001 From: codeneomatrix <josuecevedo@gmail.com> Date: Mon, 15 May 2023 23:17:51 -0600 Subject: [PATCH 1096/1758] update file --- .github/workflows/30min-iiab-test-install-raspios.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index bdb7a082f..1262fed71 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -21,17 +21,17 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [aarch64] + arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] include: - #- target: zero_raspbian + #- arch: zero_raspbian # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspbian_lite:latest - #- target: zero_raspios + #- arch: zero_raspios # cpu: arm1176 # cpu_info: cpuinfo/raspberrypi_zero_w # base_image: raspios_lite:latest - #- target: zero2_raspios + #- arch: zero2_raspios # cpu: cortex-a7 # cpu_info: cpuinfo/raspberrypi_zero2_w # base_image: raspios_lite:latest From 8339e46c5d181964bae4a73694e4948f6e6d8ed5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 16 May 2023 01:42:22 -0400 Subject: [PATCH 1097/1758] Set rpi_model from /proc/cpuinfo for QEMU --- scripts/local_facts.fact | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 27fa281fb..4debf731a 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -113,8 +113,9 @@ tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp -grep -iq raspberry /proc/device-tree/model && - RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') +grep -iq raspberry /proc/cpuinfo && + RPI_MODEL=$(grep -i raspberry /proc/cpuinfo | sed 's/.*: //') + #RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') # /proc/device-tree/model e.g. 'Parallels ARM Virtual Machine' identical to... # /sys/firmware/devicetree/base/model (also true on RPi hardware!) From 95cb6f415c778f0406b56e4d0abfcd5f79eeadf7 Mon Sep 17 00:00:00 2001 From: codeneomatrix <josuecevedo@gmail.com> Date: Tue, 16 May 2023 10:16:53 -0600 Subject: [PATCH 1098/1758] update actions/checkout to v3.1.0 --- .github/workflows/10min-iiab-test-install.yml | 2 +- .github/workflows/30min-iiab-test-install-raspios.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 3aa1d159a..0926191af 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -23,7 +23,7 @@ jobs: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - name: Check out repository code - uses: actions/checkout@v3 + uses: actions/checkout@v3.1.0 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index 1262fed71..e1cb81c17 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -43,7 +43,7 @@ jobs: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." #- name: Check out repository code - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.1.0 - uses: pguyot/arm-runner-action@v2 with: image_additional_mb: 1024 From 9ca80db3fad692b12f6a41dd3cc7b9d297ed4a20 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 19 May 2023 15:45:38 -0400 Subject: [PATCH 1099/1758] 'pip install virtualenv==20.21.1' for KA Lite on Ubuntu 23.10 --- roles/kalite/tasks/install.yml | 4 ++-- scripts/install_python2.sh | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 674b18f03..09f9858dc 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -38,7 +38,7 @@ name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv virtualenv_site_packages: no - virtualenv_command: /usr/bin/virtualenv + virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) @@ -50,7 +50,7 @@ version: "{{ kalite_version }}" virtualenv: "{{ kalite_venv }}" virtualenv_site_packages: no - virtualenv_command: /usr/bin/virtualenv + virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index d61b125d7..f4cf75a19 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -16,7 +16,12 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) -apt -y install virtualenv +# Older version http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb +# unfortunately drags in newer 20.23+ version of python3-virtualenv, preventing Python 2. +# So let's try pip: (which installs to /usr/local/bin) +apt -y install python3-pip +pip install virtualenv==20.21.1 --break-system-packages +#apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 #apt -y install media-types libffi8 libssl3 From e1df2a50613ece4a31d4babf76a1ff29abc64b2f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 19 May 2023 16:38:32 -0400 Subject: [PATCH 1100/1758] kalite/tasks/install.yml: Force Python 2 if Debian > 11 or Ubuntu > 22.04 --- roles/kalite/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 09f9858dc..f17a3353c 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,7 +17,8 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) + when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_12, and is more future-proof than... + #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. #- name: Install Ubuntu keyrings on Debian @@ -31,7 +32,8 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 + when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_12, and is more future-proof than... + #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: From b61053cc3a842f860e93ecec1a4ed360b76500e1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 19 May 2023 17:38:34 -0400 Subject: [PATCH 1101/1758] kalite/tasks/install.yml: Fix typos "is_linuxmint_21" --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index f17a3353c..2300de138 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,7 +17,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_12, and is more future-proof than... + when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_21, and is more future-proof than... #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. @@ -32,7 +32,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_12, and is more future-proof than... + when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_21, and is more future-proof than... #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 From 6dec23b6c3238d851b7c29cecacaaf774917c15e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 19 May 2023 17:48:16 -0400 Subject: [PATCH 1102/1758] scripts/install_python2.sh: Explain pip install of older virtualenv --- scripts/install_python2.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f4cf75a19..b12eccf58 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -16,9 +16,12 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) -# Older version http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb -# unfortunately drags in newer 20.23+ version of python3-virtualenv, preventing Python 2. -# So let's try pip: (which installs to /usr/local/bin) +# 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer +# supports Python 2. Older version from Ubuntu 23.04 seemed plausible... +# http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb +# ...but drags in newer 20.23+ version of python3-virtualenv, leaving us +# with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. +# Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: apt -y install python3-pip pip install virtualenv==20.21.1 --break-system-packages #apt -y install virtualenv From e8a3129f13855866f4bc417e19d3fa0704283d41 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 20 May 2023 08:53:45 -0400 Subject: [PATCH 1103/1758] Further clarify kalite/tasks/install.yml --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 2300de138..a819a2cee 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -17,7 +17,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_debian_11 or is_ubuntu_2204 # Covers is_linuxmint_21, and is more future-proof than... + when: is_debian_11 or is_ubuntu_2204 # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. @@ -32,7 +32,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_linuxmint_21, and is more future-proof than... + when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 From 5b4f4d79e62c3dc078bcdeaab441ea91c1529f9a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 May 2023 11:09:03 -0400 Subject: [PATCH 1104/1758] Begin transition to 'nodejs_version: 20.x' --- roles/internetarchive/tasks/install.yml | 6 +++--- roles/nodejs/README.md | 10 +++++----- vars/default_vars.yml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 0427f816c..8932c3f26 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 19.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 20.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('19.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 19.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('20.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 20.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 7a151adc6..33c6bcb02 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -8,15 +8,15 @@ Nodesource.com often supports Debian long before each Debian release, whereas fo For late-breaking details on Nodesource.com support for your particular Linux OS, keep an eye on: - https://github.com/nodesource/distributions#deb -- https://deb.nodesource.com/node_18.x/dists/ - - https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/ - - https://nodejs.org/dist/latest-v18.x/ +- https://deb.nodesource.com/node_20.x/dists/ + - https://deb.nodesource.com/node_20.x/pool/main/n/nodejs/ + - https://nodejs.org/dist/latest-v20.x/ - https://deb.nodesource.com/node_19.x/dists/ - https://deb.nodesource.com/node_19.x/pool/main/n/nodejs/ - https://nodejs.org/dist/latest-v19.x/ - _ETC!_ -If Nodesource.com does not yet support your Linux OS and IIAB's asked to install Node.js &mdash; IIAB will then [fall back](https://github.com/iiab/iiab/blob/15a689e30b4eea325e4bb8d35e19990dd8062fbc/roles/nodejs/tasks/install.yml#L103-L107) to: (running the equivalent of) +If Nodesource.com does not yet support your Linux OS and IIAB's asked to install Node.js &mdash; IIAB will then [fall back](https://github.com/iiab/iiab/blob/91a5cd33f34d5d2a55e75bf0cdc85bcd9d7b4821/roles/nodejs/tasks/install.yml#L103-L107) to: (running the equivalent of) ``` sudo apt install nodejs npm @@ -41,7 +41,7 @@ On the original Raspberry Pi Zero W (ARMv6) however: Node.js applications like I If necessary, run `sudo apt purge nodejs npm` then `sudo rm /etc/apt/sources.list.d/nodesource.list` then `sudo apt update` and then attempt to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/install.yml) _on the Raspberry Pi Zero W itself_ (`cd /opt/iiab/iiab` then `sudo ./runrole --reinstall nodejs`). -Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) &mdash; if that is your preference, consider a more recent version like: https://nodejs.org/dist/latest-v18.x/ +Earlier, some preferred installing the tar file version mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617) &mdash; if that is your preference, consider a more recent version like: https://nodejs.org/dist/latest-v20.x/ Either way, you'll (likely) then also need to run: `sudo apt install npm` diff --git a/vars/default_vars.yml b/vars/default_vars.yml index fc2826b03..11e13f7dc 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -443,7 +443,7 @@ mosquitto_port: 1883 # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -nodejs_version: 18.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20 +nodejs_version: 20.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 7209bcd97d98bf1177def425ecccd95a27296b62 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 20 May 2023 17:33:37 -0400 Subject: [PATCH 1105/1758] install_python2.sh: Summarize messy virtualenv options --- scripts/install_python2.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index b12eccf58..c4ad4b897 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -15,12 +15,11 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) - # 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer -# supports Python 2. Older version from Ubuntu 23.04 seemed plausible... +# supports Python 2. Older versions from Ubuntu 22.04 (#3583) & 23.04 like... # http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb -# ...but drags in newer 20.23+ version of python3-virtualenv, leaving us -# with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. +# ...unfortunately drag in newer 20.23+ version of python3-virtualenv, leaving +# us with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. # Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: apt -y install python3-pip pip install virtualenv==20.21.1 --break-system-packages From a55c033a1668c3f7f77b00902ad98f0fb91bfd0a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 20 May 2023 17:35:03 -0400 Subject: [PATCH 1106/1758] Update install_python2.sh --- scripts/install_python2.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index c4ad4b897..5e0089f3b 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -15,6 +15,7 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) + # 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer # supports Python 2. Older versions from Ubuntu 22.04 (#3583) & 23.04 like... # http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb From 4e430da1a9868c6709d2973747eb5a9a1fb7b930 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 May 2023 20:30:27 -0400 Subject: [PATCH 1107/1758] Pin python3-platformdirs & python3-virtualenv to 22.04 for Python 2 on 23.10 ? --- scripts/install_python2.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 5e0089f3b..01269fda9 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -22,8 +22,9 @@ ARCH=$(dpkg --print-architecture) # ...unfortunately drag in newer 20.23+ version of python3-virtualenv, leaving # us with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. # Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: -apt -y install python3-pip -pip install virtualenv==20.21.1 --break-system-packages +#apt -y install python3-pip +#pip install virtualenv==20.21.1 --break-system-packages +# #apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 #apt -y install media-types libffi8 libssl3 @@ -61,6 +62,12 @@ EOF esac apt update +# 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less +# fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) +apt -y install python3-platformdirs=2.5.1-1 +apt-mark hold python3-platformdirs +apt -y install python3-virtualenv=20.13.0+ds-2 +apt-mark hold virtualenv apt -y install python2 rm /etc/apt/sources.list.d/python2.list || true apt update From 352ddcf6953bbbef9157890846e181e3ed1b9069 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 May 2023 07:52:17 -0400 Subject: [PATCH 1108/1758] install_python2.sh: Clarify virtualenv (22.04 for now, 23.04 later?) --- scripts/install_python2.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 01269fda9..7d0de2062 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -68,6 +68,8 @@ apt -y install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs apt -y install python3-virtualenv=20.13.0+ds-2 apt-mark hold virtualenv +# 2023-05-21 PR #3587: Above 4 lines should really install a more recent +# version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? apt -y install python2 rm /etc/apt/sources.list.d/python2.list || true apt update From 842bf91f764754f80c569712a85a613eb318a363 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 May 2023 08:25:39 -0400 Subject: [PATCH 1109/1758] install_python2.sh: Honor Bookworm's built-in virtualenv --- scripts/install_python2.sh | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 7d0de2062..f7e0bbd90 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -62,14 +62,18 @@ EOF esac apt update -# 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less -# fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) -apt -y install python3-platformdirs=2.5.1-1 -apt-mark hold python3-platformdirs -apt -y install python3-virtualenv=20.13.0+ds-2 -apt-mark hold virtualenv -# 2023-05-21 PR #3587: Above 4 lines should really install a more recent -# version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? +if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) need this. Ubuntu 23.04 tolerates it. + # 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less + # fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) + apt -y install python3-platformdirs=2.5.1-1 + apt-mark hold python3-platformdirs + apt -y install python3-virtualenv=20.13.0+ds-2 + apt-mark hold virtualenv + # 2023-05-21 PR #3587: Above 4 lines should really install a more recent + # version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? +else + apt -y install virtualenv # Debian 12 & RasPiOS 12 are A-Ok with built-in virtualenv 20.17.1 (<= 20.21.1) +fi apt -y install python2 rm /etc/apt/sources.list.d/python2.list || true apt update From 987fd7324f3bbb58212261cfc070cd3faa6d2e33 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 May 2023 09:18:25 -0400 Subject: [PATCH 1110/1758] install_python2.sh: Clarify pip & apt virtualenv options --- scripts/install_python2.sh | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index f7e0bbd90..50089b4e1 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -17,13 +17,20 @@ export DEBIAN_FRONTEND=noninteractive ARCH=$(dpkg --print-architecture) # 2023-05-19: #3573 -> PR #3582: Ubuntu 23.10's virtualenv 20.23 no longer -# supports Python 2. Older versions from Ubuntu 22.04 (#3583) & 23.04 like... +# supports Python 2. Root cause is virtualenv 20.22.0 (2023-04-19) which +# removed Python 2 support: https://virtualenv.pypa.io/en/latest/changelog.html +# Unfortunately older versions from Ubuntu 22.04 (#3583) & 23.04 like... # http://launchpadlibrarian.net/651276954/virtualenv_20.19.0+ds-1_all.deb -# ...unfortunately drag in newer 20.23+ version of python3-virtualenv, leaving +# ...can drag in newer 20.23+ version of python3-virtualenv, leaving # us with /usr/bin/virtualenv 20.23 once again, i.e. preventing Python 2. # Whereas pip (which installs /usr/local/bin/virtualvenv) at least works: -#apt -y install python3-pip -#pip install virtualenv==20.21.1 --break-system-packages +# +#iif grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) needs this. Ubuntu 23.04 tolerates it. +# apt -y install python3-pip +# pip install virtualenv==20.21.1 --break-system-packages +#else +# apt -y install virtualenv # Debian 12 & RasPiOS 12 are A-Ok with built-in virtualenv 20.17.1 (<= 20.21.1) +#fi # #apt -y install virtualenv # https://github.com/iiab/iiab/pull/3535#issuecomment-1503626474 @@ -62,7 +69,7 @@ EOF esac apt update -if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) need this. Ubuntu 23.04 tolerates it. +if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) needs this. Ubuntu 23.04 tolerates it. # 2023-05-20: 4 lines below borrow from Ubuntu 22.04: (Is this really less # fragile than the pip approach ~40 lines above, in preparing for 24.04 ?) apt -y install python3-platformdirs=2.5.1-1 From 56d27330636cc456d8296564801c998f05f75bcf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 22 May 2023 11:56:18 -0400 Subject: [PATCH 1111/1758] TEMPORARILY revert ansible-core 2.15.0 to 2.14.6 for #3588 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index d117ca996..838fdb538 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -216,7 +216,7 @@ if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi -/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core +/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core==2.14.6 # 2023-05-22: TEMPORARILY REVERT FROM 2.15.0 UNTIL ansible/ansible#80863 FIXED (e.g. for FreePBX, #3588) echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do From 8ae4f020e988c4eb3f55dd0105af957c13365d4b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 22 May 2023 17:47:29 -0400 Subject: [PATCH 1112/1758] Refine PR #3590 to document ansible-core 2.14.6 recommendation --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 838fdb538..3ae46a4c9 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.0] -GOOD_VER=2.15.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.6] +GOOD_VER=2.14.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From a57710c117a3f1b627e79d98d780e7b23d763ce7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 26 May 2023 21:47:14 -0400 Subject: [PATCH 1113/1758] local_vars_medium.yml: Avoid Lokole for now due to #3572 --- vars/local_vars_medium.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 8a8ae98d6..776d94614 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -244,8 +244,8 @@ jupyterhub_install: False jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: True # 2022-03-13: Python 3.9+ work -lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 +lokole_install: False # 2022-03-13: Python 3.9+ work +lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False From fc524462baefb7e35498a793f5d28a5b42d12b0d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 27 May 2023 03:26:04 -0400 Subject: [PATCH 1114/1758] Record approx disk usage for 45 roles (to iiab.ini) --- roles/awstats/tasks/install.yml | 16 ++++++++++++++++ roles/azuracast/tasks/install.yml | 16 ++++++++++++++++ roles/calibre-web/tasks/install.yml | 16 ++++++++++++++++ roles/calibre/tasks/install.yml | 16 ++++++++++++++++ roles/captiveportal/tasks/install.yml | 16 ++++++++++++++++ roles/cups/tasks/install.yml | 16 ++++++++++++++++ roles/gitea/tasks/install.yml | 16 ++++++++++++++++ roles/gitea/tasks/main.yml | 2 +- roles/iiab-admin/tasks/main.yml | 16 ++++++++++++++++ roles/internetarchive/tasks/install.yml | 16 ++++++++++++++++ roles/jupyterhub/tasks/install.yml | 16 ++++++++++++++++ roles/kalite/tasks/install.yml | 16 ++++++++++++++++ roles/kiwix/tasks/install.yml | 16 ++++++++++++++++ roles/kolibri/tasks/install.yml | 16 ++++++++++++++++ roles/lokole/tasks/install.yml | 16 ++++++++++++++++ roles/matomo/tasks/install.yml | 16 ++++++++++++++++ roles/mediawiki/tasks/install.yml | 16 ++++++++++++++++ roles/minetest/tasks/install.yml | 20 +++++++++++++++++--- roles/mongodb/tasks/install.yml | 16 ++++++++++++++++ roles/monit/tasks/install.yml | 16 ++++++++++++++++ roles/moodle/tasks/install.yml | 16 ++++++++++++++++ roles/mosquitto/tasks/install.yml | 16 ++++++++++++++++ roles/munin/tasks/install.yml | 16 ++++++++++++++++ roles/mysql/tasks/install.yml | 16 ++++++++++++++++ roles/network/tasks/install.yml | 16 ++++++++++++++++ roles/nextcloud/tasks/install.yml | 16 ++++++++++++++++ roles/nextcloud/tasks/main.yml | 2 +- roles/nginx/tasks/install.yml | 16 ++++++++++++++++ roles/nodejs/tasks/install.yml | 20 ++++++++++++++++++++ roles/nodered/tasks/install.yml | 16 ++++++++++++++++ roles/openvpn/tasks/install.yml | 16 ++++++++++++++++ roles/osm-vector-maps/tasks/install.yml | 16 ++++++++++++++++ roles/pbx/tasks/install.yml | 16 ++++++++++++++++ roles/phpmyadmin/tasks/install.yml | 16 ++++++++++++++++ roles/postgresql/tasks/install.yml | 16 ++++++++++++++++ roles/pylibs/tasks/main.yml | 16 ++++++++++++++++ roles/remoteit/tasks/install.yml | 16 ++++++++++++++++ roles/samba/tasks/install.yml | 16 ++++++++++++++++ roles/sshd/tasks/install.yml | 17 +++++++++++++++++ roles/sugarizer/tasks/install.yml | 16 ++++++++++++++++ roles/transmission/tasks/install.yml | 16 ++++++++++++++++ roles/usb_lib/tasks/install.yml | 17 +++++++++++++++++ roles/vnstat/tasks/install.yml | 16 ++++++++++++++++ roles/wordpress/tasks/install.yml | 20 ++++++++++++++++++++ roles/wordpress/tasks/main.yml | 6 ------ roles/www_base/tasks/main.yml | 17 +++++++++++++++++ roles/www_options/tasks/main.yml | 16 ++++++++++++++++ roles/yarn/tasks/install.yml | 16 ++++++++++++++++ 48 files changed, 734 insertions(+), 11 deletions(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index f88e7174c..5585c19ca 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: 'Install package: awstats' package: name: awstats @@ -93,6 +98,17 @@ # RECORD AWStats AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'awstats_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: awstats + option: awstats_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'awstats_installed: True'" set_fact: awstats_installed: True diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 8ce9474d2..741e164f5 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -25,6 +25,11 @@ # 5. Run './runrole --reinstall azuracast' in /opt/iiab/iiab +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: AzuraCast - Make config directory {{ azuracast_host_dir }} file: path: "{{ azuracast_host_dir }}" @@ -102,6 +107,17 @@ # RECORD AzuraCast AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'azuracast_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: azuracast + option: azuracast_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'azuracast_installed: True'" set_fact: azuracast_installed: True diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 285d138a1..674880514 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: imagemagick, python3-netifaces" package: name: @@ -110,6 +115,17 @@ # RECORD Calibre-Web AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'calibreweb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre-web + option: calibreweb_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'calibreweb_installed: True'" set_fact: calibreweb_installed: True diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index 6a435c968..7646167a4 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. APT INSTALL CALIBRE 4.12+ or 5.12+ (calibre, calibredb, calibre-server etc) ON ALL OS'S - name: "Install OS's latest packages: calibre, calibre-bin" @@ -79,6 +84,17 @@ # 5. RECORD Calibre AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'calibre_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre + option: calibre_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'calibre_installed: True'" set_fact: calibre_installed: True diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index ab25d50b6..791d516fa 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: python3-dateutil, python3-jinja2" package: name: @@ -51,6 +56,17 @@ # RECORD Captive Portal AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'captiveportal_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: captiveportal + option: captiveportal_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'captiveportal_installed: True'" set_fact: captiveportal_installed: True diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 12296cfe5..e080b68cf 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -2,6 +2,11 @@ # (OR ANY MEMBER OF LINUX GROUP 'lpadmin') AS SET UP BELOW... +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 'cups' package package: name: cups @@ -124,6 +129,17 @@ # RECORD CUPS AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'cups_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: cups + option: cups_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'cups_installed: True'" set_fact: cups_installed: True diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 02dfa7cda..59f9d0be9 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. Prepare to install Gitea: create user and directory structure - name: Shut down existing Gitea instance (if we're reinstalling) @@ -105,6 +110,17 @@ # 5. RECORD Gitea AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'gitea_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: gitea + option: gitea_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'gitea_installed: True'" set_fact: gitea_installed: True diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 4fbd7359e..335911c96 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -27,7 +27,7 @@ - include_tasks: enable-or-disable.yml - - name: Add 'gitea' to list of services at {{ iiab_ini_file }} + - name: Add 'gitea' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: gitea diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 09a408aa4..f9d6d38a5 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -2,6 +2,11 @@ # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install text-mode packages, useful during remote access: lynx, screen" package: name: @@ -35,6 +40,17 @@ # RECORD iiab-admin AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'iiab_admin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: iiab-admin + option: iiab_admin_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'iiab_admin_installed: True'" set_fact: iiab_admin_installed: True diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 0427f816c..9f67851cf 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -30,6 +30,11 @@ state: present +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2. CREATE 2 DIRS, WIPE /opt/iiab/internetarchive/node_modules & RUN YARN - name: mkdir {{ internetarchive_dir }} @@ -64,6 +69,17 @@ # 4. RECORD Internet Archive AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'internetarchive_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: internetarchive + option: internetarchive_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'internetarchive_installed: True'" set_fact: internetarchive_installed: True diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 223985f5b..eeffed232 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,6 +13,11 @@ when: nodejs_installed is undefined +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install package: python3-psutil" package: name: python3-psutil @@ -104,6 +109,17 @@ # RECORD JupyterHub AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'jupyterhub_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: jupyterhub + option: jupyterhub_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'jupyterhub_installed: True'" set_fact: jupyterhub_installed: True diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index a819a2cee..dc802f8cc 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Download {{ kalite_requirements }} to {{ pip_packages_dir }}/kalite.txt get_url: url: "{{ kalite_requirements }}" @@ -105,6 +110,17 @@ # RECORD KA Lite AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'kalite_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kalite + option: kalite_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'kalite_installed: True'" set_fact: kalite_installed: True diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 0adaeef36..e8a606b13 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -6,6 +6,11 @@ when: kiwix_arch == "unsupported" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. PUT IN PLACE: /opt/iiab/downloads/kiwix-tools_linux-*.tar.gz, move /opt/iiab/kiwix/bin aside if nec, create essential dirs, and test.zim if nec (library.xml is created later, by enable-or-disable.yml) # 2022-10-04: get_url might be removed in future (unarchive below can handle @@ -118,6 +123,17 @@ # 5. RECORD Kiwix AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'kiwix_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kiwix + option: kiwix_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'kiwix_installed: True'" set_fact: kiwix_installed: True diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index df74817e4..3b5826f6c 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -23,6 +23,11 @@ # https://kolibri.readthedocs.io/en/latest/install/provision.html +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk user: name: "{{ kolibri_user }}" @@ -209,6 +214,17 @@ # RECORD Kolibri AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'kolibri_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kolibri + option: kolibri_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'kolibri_installed: True'" set_fact: kolibri_installed: True diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index f26457f87..5f8c76d4f 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,6 +2,11 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 12 packages for Lokole apt: name: @@ -133,6 +138,17 @@ # RECORD Lokole AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'lokole_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: lokole + option: lokole_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'lokole_installed: True'" set_fact: lokole_installed: True diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 56439de3e..97c321d83 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,6 +12,11 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # https://matomo.org/faq/on-premise/matomo-requirements/ - name: Install Matomo's recommended PHP extensions package: @@ -239,6 +244,17 @@ # RECORD Matomo AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'matomo_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: matomo + option: matomo_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'matomo_installed: True'" set_fact: matomo_installed: True diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 145c1dc3d..b5af608c1 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # https://www.mediawiki.org/wiki/Manual:Installation_requirements#PHP - name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml' package: @@ -95,6 +100,17 @@ # RECORD MediaWiki AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mediawiki_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mediawiki + option: mediawiki_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mediawiki_installed: True'" set_fact: mediawiki_installed: True diff --git a/roles/minetest/tasks/install.yml b/roles/minetest/tasks/install.yml index 1850eda84..e9e9982b9 100644 --- a/roles/minetest/tasks/install.yml +++ b/roles/minetest/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Check for Minetest world file ({{ minetest_world_dir }}/world.mt) stat: path: "{{ minetest_world_dir }}/world.mt" @@ -7,9 +12,6 @@ file: state: directory path: /library/games - # owner: root - # group: root - # mode: '0755' - include_tasks: minetest_install.yml when: not minetest_world.stat.exists @@ -35,8 +37,20 @@ url: https://content.minetest.net/packages/sfan5/worldedit/releases/13367/download/ when: minetest_default_game == "minetest" + # RECORD Minetest AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'minetest_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: minetest + option: minetest_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'minetest_installed: True'" set_fact: minetest_installed: True diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index eb5d8b345..8efb7d91d 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -4,6 +4,11 @@ # https://www.mongodb.com/docs/manual/installation/ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. INSTALL MongoDB PACKAGES AND/OR BINARIES # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so @@ -367,6 +372,17 @@ # 3. RECORD MongoDB AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mongodb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mongodb + option: mongodb_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mongodb_installed: True'" set_fact: mongodb_installed: True diff --git a/roles/monit/tasks/install.yml b/roles/monit/tasks/install.yml index bc6173468..7dd9802d1 100644 --- a/roles/monit/tasks/install.yml +++ b/roles/monit/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 'monit' package package: name: monit @@ -35,6 +40,17 @@ # RECORD Monit AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'monit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: monit + option: monit_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'monit_installed: True'" set_fact: monit_installed: True diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a3cd511de..cb19f242c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,6 +17,11 @@ name: postgresql +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: # https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries # https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml @@ -189,6 +194,17 @@ # RECORD Moodle AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'moodle_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: moodle + option: moodle_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'moodle_installed: True'" set_fact: moodle_installed: True diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml index 6ba7fd0d0..5f1fdde01 100644 --- a/roles/mosquitto/tasks/install.yml +++ b/roles/mosquitto/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: mosquitto, mosquitto-clients" package: name: "{{ item }}" @@ -32,6 +37,17 @@ # RECORD Mosquitto AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mosquitto_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mosquitto + option: mosquitto_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mosquitto_installed: True'" set_fact: mosquitto_installed: True diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index a889ff15b..cb6460c9f 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # SEE ALSO roles/network/tasks/install.yml - name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 sysctl: @@ -44,6 +49,17 @@ # RECORD Munin AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'munin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: munin + option: munin_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'munin_installed: True'" set_fact: munin_installed: True diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index ceff65c66..3abfc3d30 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql, python3-pymysql' package: name: @@ -61,6 +66,17 @@ # RECORD MySQL AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'mysql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mysql + option: mysql_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'mysql_installed: True'" set_fact: mysql_installed: True diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 71aa2a1eb..10ed94b5e 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. - name: Install dnsmasq -- configure LATER in 'network', after Stage 9 @@ -101,6 +106,17 @@ # RECORD Network AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'network_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: network + option: network_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'network_installed: True'" set_fact: network_installed: True diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 843cf84bc..ee1bed19f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # CHECK FOR PHP VERSION AUTOMATICALLY, TO DETERMINE WHICH NEXTCLOUD TO INSTALL. # INSPIRED BY: github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml @@ -119,6 +124,17 @@ # RECORD Nextcloud AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nextcloud_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nextcloud + option: nextcloud_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nextcloud_installed: True'" set_fact: nextcloud_installed: True diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index d98ae5b27..1308da347 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -31,7 +31,7 @@ - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: Nextcloud + section: nextcloud option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index d9f3c4dda..a9e4c0b6c 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Stop & Disable '{{ apache_service }}' systemd service, in case it exists systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml @@ -66,6 +71,17 @@ # RECORD NGINX AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nginx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nginx + option: nginx_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nginx_installed: True'" set_fact: nginx_installed: True diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 08b08bdb9..fcc6aaaea 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -1,3 +1,12 @@ +# Lokole PDF (User's Guide) gets copied for offline use (http://box/info) here: +# https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 + + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 1. TEST IF Node.js ALEADY INSTALLED & IF SO WARN IT'LL BE REPLACED # 2019-02-03: BELOW TESTS IF 'nodejs' VERSION IS ALREADY INSTALLED: @@ -161,6 +170,17 @@ # 3. RECORD Node.js AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nodejs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodejs + option: nodejs_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nodejs_installed: True'" set_fact: nodejs_installed: True diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 7ee0a7d73..70a213087 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -23,6 +23,11 @@ # when: nodejs_version != "12.x" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & # Ubermix that often include an older version of Node-RED. Brutal, as this # removes customizations on graphical desktop OS's e.g. Raspbian Desktop's: @@ -138,6 +143,17 @@ # RECORD Node-RED AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'nodered_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodered + option: nodered_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'nodered_installed: True'" set_fact: nodered_installed: True diff --git a/roles/openvpn/tasks/install.yml b/roles/openvpn/tasks/install.yml index cbe2e36af..4241fa723 100644 --- a/roles/openvpn/tasks/install.yml +++ b/roles/openvpn/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages: ncat, nmap, openvpn, sudo" package: name: @@ -100,6 +105,17 @@ # RECORD OpenVPN AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'openvpn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: openvpn + option: openvpn_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'openvpn_installed: True'" set_fact: openvpn_installed: True diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 03642c274..17a82b5b4 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" package: state: present @@ -196,6 +201,17 @@ # RECORD OSM Vector Maps AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'osm_vector_maps_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: osm-vector-maps + option: osm_vector_maps_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'osm_vector_maps_installed: True'" set_fact: osm_vector_maps_installed: True diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index 7af2c144e..934d1dbe3 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -22,6 +22,11 @@ # when: nodejs_version != "12.x" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2021-08-09: Moved to roles/pbx/tasks/apache.yml # - name: "Set 'apache_install: True' and 'apache_enabled: True'" @@ -44,6 +49,17 @@ # RECORD PBX AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'pbx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: pbx + option: pbx_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'pbx_installed: True'" set_fact: pbx_installed: True diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index 345927a04..6c5ccc499 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Download {{ phpmyadmin_dl_url }} to {{ downloads_dir }} get_url: url: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.0.4/phpMyAdmin-5.0.4-all-languages.zip @@ -48,6 +53,17 @@ # RECORD phpMyAdmin AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'phpmyadmin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: phpmyadmin + option: phpmyadmin_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'phpmyadmin_installed: True'" set_fact: phpmyadmin_installed: True diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 214f8b028..f16a06b8d 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: 'Install packages: postgresql, postgresql-client, python3-psycopg2' package: name: @@ -90,6 +95,17 @@ # RECORD PostgreSQL AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'postgresql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: postgresql + option: postgresql_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'postgresql_installed: True'" set_fact: postgresql_installed: True diff --git a/roles/pylibs/tasks/main.yml b/roles/pylibs/tasks/main.yml index f7ffa0f1d..aecabbeb8 100644 --- a/roles/pylibs/tasks/main.yml +++ b/roles/pylibs/tasks/main.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install iiab lib files template: src: "{{ item.src }}" @@ -13,6 +18,17 @@ # RECORD pylibs AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'pylibs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: pylibs + option: pylibs_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'pylibs_installed: True'" set_fact: pylibs_installed: True diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 360cb7397..6f2bedae6 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # - name: Fail if architecture remoteit_device_suffix == "unknown" # fail: # msg: "Could not find a remote.it Device Package (.deb) for CPU architecture \"{{ ansible_architecture }}\"" @@ -124,6 +129,17 @@ # RECORD remote.it AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'remoteit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: remoteit + option: remoteit_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'remoteit_installed: True'" set_fact: remoteit_installed: True diff --git a/roles/samba/tasks/install.yml b/roles/samba/tasks/install.yml index 4b804168f..6c2b47fa0 100644 --- a/roles/samba/tasks/install.yml +++ b/roles/samba/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Create smb user: {{ smbuser }}" user: name: "{{ smbuser }}" @@ -31,6 +36,17 @@ # RECORD Samba AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'samba_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: samba + option: samba_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'samba_installed: True'" set_fact: samba_installed: True diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index 86d1e9360..20e8b4bf5 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -9,6 +9,12 @@ # # 2) Use Ansible handler to reload ssh? + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install ssh daemon using package: {{ sshd_package }}" package: name: "{{ sshd_package }}" @@ -41,6 +47,17 @@ # RECORD sshd AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'sshd_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: sshd + option: sshd_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'sshd_installed: True'" set_fact: sshd_installed: True diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 5e9cf3826..95206dc7a 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -27,6 +27,11 @@ # when: nodejs_version != "12.x" +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2. DOWNLOAD+LINK /opt/iiab/sugarizer - name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~740 MB) @@ -232,6 +237,17 @@ # 6. RECORD Sugarizer AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'sugarizer_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: sugarizer + option: sugarizer_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'sugarizer_installed: True'" set_fact: sugarizer_installed: True diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 015116b82..17a87d1c0 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: "Install BitTorrent packages: transmission-daemon, transmission-cli" package: name: @@ -55,6 +60,17 @@ # RECORD Transmission AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'transmission_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: transmission + option: transmission_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'transmission_installed: True'" set_fact: transmission_installed: True diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 6510ab336..bea8638ee 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,6 +7,12 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Does systemd-udevd.service exist stat: path: "{{ systemd_location }}/systemd-udevd.service" @@ -87,6 +93,17 @@ # RECORD 'USB_LIB' AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'usb_lib_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: usb_lib + option: usb_lib_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'usb_lib_installed: True'" set_fact: usb_lib_installed: True diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 70e4f56cc..0d34e5cfc 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Install 'vnstat' package package: name: vnstat @@ -42,6 +47,17 @@ # RECORD vnStat AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'vnstat_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: vnstat + option: vnstat_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'vnstat_installed: True'" set_fact: vnstat_installed: True diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index cfab49cc0..449891e37 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,6 +12,15 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + +- name: Provision MySQL DB + include_tasks: setup.yml + + # 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: # https://make.wordpress.org/hosting/handbook/server-environment/ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) @@ -131,6 +140,17 @@ # RECORD WordPress AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'wordpress_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: wordpress + option: wordpress_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'wordpress_installed: True'" set_fact: wordpress_installed: True diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index aa93c6672..106343a84 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -23,19 +23,13 @@ - block: - - name: Provision MySQL DB for WordPress, if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: setup.yml - when: wordpress_installed is undefined # and not installing - - name: Install WordPress if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: wordpress_installed is undefined - - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - - name: Add 'wordpress' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 0f557148f..8e278d60b 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,6 +1,12 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. + +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # 2021-06-27: Antifragile roles can become less brittle by fully declaring # their own dependencies (i.e. for modularity, separation-of-concerns, # encapsulation, compartmentalization, scope sanity, etc). @@ -54,6 +60,17 @@ # RECORD www_base AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'www_base_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: www_base + option: www_base_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'www_base_installed: True'" set_fact: www_base_installed: True diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 6342bcdd0..eea007b7f 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -2,6 +2,11 @@ # Role "www_options" runs here, probably in 4-SERVER-OPTIONS. +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + # HOMEPAGE - name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.) @@ -119,6 +124,17 @@ # RECORD www_options AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'www_options_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: www_options + option: www_options_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'www_options_installed: True'" set_fact: www_options_installed: True diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index e7f759a96..5d8e3a258 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,3 +1,8 @@ +- name: Record (initial) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + + - name: Yarn | Download apt key to /usr/share/keyrings/yarn.gpg shell: curl https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn.gpg @@ -40,6 +45,17 @@ # RECORD Yarn AS INSTALLED +- name: Record (final) available disk space + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add 'yarn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: yarn + option: yarn_disk_usage + value: "{{ df1.stdout|int - df2.stdout|int }}" + - name: "Set 'yarn_installed: True'" set_fact: yarn_installed: True From 3c5b071c25deb46ef5ec57c0937af557b4549bb3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 27 May 2023 14:07:13 -0400 Subject: [PATCH 1115/1758] Estimate IIAB software disk usage, in /etc/iiab/iiab.ini 'summary' section --- roles/0-init/tasks/create_iiab_ini.yml | 19 +++++++++++++------ roles/9-local-addons/tasks/main.yml | 15 +++++++++++++++ 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 980a7fc1b..002e09225 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -1,7 +1,11 @@ -# workaround for fact that auto create does not work on iiab_ini_file (/etc/iiab/iiab.ini) +- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }}) to later estimate iiab_software_disk_usage + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df1 + +# workaround for fact that auto create does not work on iiab_ini_file - name: Create {{ iiab_ini_file }} file: - path: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini state: touch - name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NOT enough!) @@ -12,10 +16,11 @@ command: dpkg --print-foreign-architectures register: dpkg_foreign_arch -- name: Add 'location' variable values to {{ iiab_ini_file }} + +- name: Add 'summary' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: initial-location + section: summary option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: @@ -23,11 +28,13 @@ value: "{{ iiab_base }}" - option: iiab_dir value: "{{ iiab_dir }}" + - option: disk_space_a_priori + value: "{{ df1.stdout }}" -- name: Add 'version' variable values to {{ iiab_ini_file }} +- name: Add 'initial-versions' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: initial-version + section: initial-versions option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index f9ea8e20f..7070973c6 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,6 +42,21 @@ name: pbx when: pbx_install +- name: Read 'disk_space_a_priori' from /etc/iiab/iiab.ini + set_fact: + df1: "{{ lookup('ansible.builtin.ini', 'disk_space_a_priori', section='summary', file=iiab_ini_file) }}" + +- name: Record currently available disk space, to compare with original 'disk_space_a_priori' + shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' + register: df2 + +- name: Add ESTIMATED 'iiab_software_disk_usage = {{ df1|int - df2.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: summary + option: iiab_software_disk_usage + value: "{{ df1|int - df2.stdout|int }}" + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" From 7205219292258593234a9a6a22fa7f7096d89017 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 27 May 2023 15:24:13 -0400 Subject: [PATCH 1116/1758] create_iiab_ini.yml: Rename iiab.ini section to 'initial' --- roles/0-init/tasks/create_iiab_ini.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 002e09225..98c195b67 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -31,10 +31,10 @@ - option: disk_space_a_priori value: "{{ df1.stdout }}" -- name: Add 'initial-versions' variable values to {{ iiab_ini_file }} +- name: Add 'initial' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" - section: initial-versions + section: initial option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: From e06f833c6b1bebfc07e9ac607562c5011a3c7c79 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 27 May 2023 15:47:51 -0400 Subject: [PATCH 1117/1758] Explain saving disk_space_a_priori to iiab.ini --- roles/0-init/tasks/create_iiab_ini.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 98c195b67..6e3e08a73 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -1,4 +1,4 @@ -- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }}) to later estimate iiab_software_disk_usage +- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }} below) to later estimate iiab_software_disk_usage shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' register: df1 From efa974b26a51c36565df0df5085b2d572cecf205 Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Sat, 27 May 2023 14:52:30 -0600 Subject: [PATCH 1118/1758] add iiab size --- scripts/iiab-item-size.py | 128 ++++++++++++++++++++++++++++++++++++++ scripts/iiab-size.py | 44 +++++++++++++ 2 files changed, 172 insertions(+) create mode 100644 scripts/iiab-item-size.py create mode 100644 scripts/iiab-size.py diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py new file mode 100644 index 000000000..c4727a221 --- /dev/null +++ b/scripts/iiab-item-size.py @@ -0,0 +1,128 @@ +#!/usr/bin/python3 +# Creates json files for presets + +import os, sys, syslog +from datetime import date +import pwd, grp +import shutil +import argparse +import sqlite3 +import iiab.iiab_lib as iiab +import iiab.adm_lib as adm +import requests +import json + +all_menu_defs = adm.get_all_menu_defs() + +def main(): + parser = argparse.ArgumentParser(description="Get size for item.") + parser.add_argument("name", help="Name item.") + + # menu_dir + args = parser.parse_args() + + name = args.name + + content= get_item_size(name) + + #print('size: ',iiab.human_readable(content["size"])) + print(f'content ', content) + + sys.exit() + +def get_zims_size_from_header(url): + #url = 'https://download.kiwix.org/zim/other/mdwiki_en_all_2023-03.zim' + response = requests.head(url, allow_redirects=True) + size = 0 + if (response.status_code == 200): + size = int(response.headers.get('Content-Length', 0)) + return size + +def get_zims_size_from_file(name): + data_output = {} + data_output['download_url']= '' + data_output['size'] = 0 + + with open('/etc/iiab/kiwix_catalog.json') as json_file: + data = json.load(json_file)['zims'] + result = { data[element]['perma_ref']: data[element] for element in list(data.keys())} + if result.get(name) is not None: + data_output['download_url']= result[name]['download_url'] + data_output['size']= (int(result[name].get('size',0)) * 1024) + 1023 + return data_output + +def get_zims_size(name): + data = get_zims_size_from_file(name) + #if data['size'] <= 1023: + # data['size'] = get_zims_size_from_header(data['download_url']) + return data + +def get_oer2go_size_from_file(name): + data_output = {} + data_output['download_url']= '' + data_output['size'] = 0 + + with open('/etc/iiab/oer2go_catalog.json') as json_file: + data = json.load(json_file)['modules'] + if data.get(name) is not None: + data_output['download_url']= data[name]['rsync_url'] + data_output['size']= (int(data[name].get('ksize',0)) * 1024) + 1023 + return data_output + +def get_map_size_from_file(name): + data_output = {} + data_output['download_url']= '' + data_output['size'] = 0 + + with open('/etc/iiab/map-catalog.json') as json_file: + data = json.load(json_file)['base'] + result = { data[element]['perma_ref']: data[element] for element in list(data.keys())} + if result.get(name) is not None: + data_output['download_url']= result[name]['archive_url'] + data_output['size']= (int(result[name].get('size',0))) + 1023 + return data_output + + +def get_item_size(name_input): + return [get_size(element) for element in [name_input]] + +def get_items_size(name_input): + return [get_size(element) for element in name_input] + +def element_unknown(name): + return {"size":0} + +def build_otput(name, type_element, function): + data = function(name) + if data['size']== 0: + print(name, "element",type_element,"not found") + + return { + "name": name + ,"type": type_element + ,"size": data['size'] + } + +def get_size(name_input): + if name_input in all_menu_defs: + info = all_menu_defs[name_input] + intended_use = info["intended_use"] + + if intended_use == "html": + name_element = info["moddir"] + return build_otput(name_element, "module", get_oer2go_size_from_file) + + elif intended_use == "zim": + name_element = info["zim_name"] + return build_otput(name_element, "zim", get_zims_size) + + elif intended_use == "webroot": + name_element = info["name"] + return build_otput(name_element, "map", get_map_size_from_file) + + return build_otput(name_input, "unknown", element_unknown) + +# Now start the application +if __name__ == "__main__": + main() + diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py new file mode 100644 index 000000000..851119089 --- /dev/null +++ b/scripts/iiab-size.py @@ -0,0 +1,44 @@ +#!/usr/bin/python3 +# Creates json files for presets + +import os, sys, syslog +from datetime import date +import pwd, grp +import shutil +import argparse +import sqlite3 +import iiab.iiab_lib as iiab +import iiab.adm_lib as adm +import requests +import json +import importlib +from functools import reduce +iiab_item_size = importlib.import_module("iiab-item-size") + +def main(): + parser = argparse.ArgumentParser(description="Read menu file for get size.") + parser.add_argument("menuFile", help="Is the menu file.") + # menu_dir + args = parser.parse_args() + + menu_file = args.menuFile + if not os.path.exists(menu_file): + print('Menu file ' + menu_file + ' not found.') + exit(1) + + total_size= content_from_menu(menu_file) + + print('total: ',iiab.human_readable(total_size)) + print(f'total (bytes): ', total_size) + + sys.exit() + +def content_from_menu(menu_file): + menu = adm.read_json(menu_file) + items = iiab_item_size.get_items_size(menu["menu_items_1"]) + total_size = reduce(lambda accumulator,item: accumulator+int(item['size']), items, 0) + return total_size + +# Now start the application +if __name__ == "__main__": + main() From 87bdd3fa0cf4cce79429facf93b90f4e7e4ac000 Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Mon, 29 May 2023 21:47:48 -0600 Subject: [PATCH 1119/1758] update function get_size --- scripts/iiab-item-size.py | 79 +++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 12 deletions(-) diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py index c4727a221..e7f8d486d 100644 --- a/scripts/iiab-item-size.py +++ b/scripts/iiab-item-size.py @@ -95,7 +95,7 @@ def element_unknown(name): def build_otput(name, type_element, function): data = function(name) if data['size']== 0: - print(name, "element",type_element,"not found") + print(name, ": the size of this",type_element,"element is unknown") return { "name": name @@ -103,22 +103,77 @@ def build_otput(name, type_element, function): ,"size": data['size'] } + +intended_use_dict = { + "azuracast":{ + "name":"name" + ,"type":"azuracast" + ,"function":element_unknown + } + ,"calibre":{ + "name":"name" + ,"type":"calibre" + ,"function":element_unknown + } + ,"external":{ + "name":"name" + ,"type":"external" + ,"function":element_unknown + } + ,"html":{ + "name":"moddir" + ,"type":"module" + ,"function":get_oer2go_size_from_file + } + ,"info":{ + "name":"name" + ,"type":"info" + ,"function":element_unknown + } + ,"internetarchive":{ + "name":"name" + ,"type":"internetarchive" + ,"function":element_unknown + } + ,"kalite":{ + "name":"name" + ,"type":"kalite" + ,"function":element_unknown + } + ,"kolibri":{ + "name":"name" + ,"type":"kolibri" + ,"function":element_unknown + } + ,"map":{ + "name":"name" + ,"type":"map" + ,"function":get_map_size_from_file + } + ,"webroot":{ + "name":"name" + ,"type":"webroot" + ,"function":element_unknown + } + ,"zim":{ + "name":"zim_name" + ,"type":"zim" + ,"function":get_zims_size + } +} + + def get_size(name_input): if name_input in all_menu_defs: info = all_menu_defs[name_input] intended_use = info["intended_use"] - if intended_use == "html": - name_element = info["moddir"] - return build_otput(name_element, "module", get_oer2go_size_from_file) - - elif intended_use == "zim": - name_element = info["zim_name"] - return build_otput(name_element, "zim", get_zims_size) - - elif intended_use == "webroot": - name_element = info["name"] - return build_otput(name_element, "map", get_map_size_from_file) + try: + data_intend = intended_use_dict[intended_use] + name_element = info[data_intend["name"]] + return build_otput(name_element, data_intend["type"], data_intend["function"]) + except: + pass return build_otput(name_input, "unknown", element_unknown) From c22a713ec414b963ae19819f041870854624c136 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 30 May 2023 16:15:03 -0400 Subject: [PATCH 1120/1758] scripts/iiab-item-size.py: Clarify PR #3594 --- scripts/iiab-item-size.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py index e7f8d486d..6e1261ba3 100644 --- a/scripts/iiab-item-size.py +++ b/scripts/iiab-item-size.py @@ -1,5 +1,6 @@ #!/usr/bin/python3 -# Creates json files for presets +# Auto-calculate IIAB + EduPack disk space needs, in advance [& design review] +# https://github.com/iiab/iiab/pull/3594 import os, sys, syslog from datetime import date @@ -180,4 +181,3 @@ def get_size(name_input): # Now start the application if __name__ == "__main__": main() - From 7cecb4d89bdd277ac432a03d1f0fdec90aacadcd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 30 May 2023 16:16:46 -0400 Subject: [PATCH 1121/1758] scripts/iiab-size.py: Clarify PR #3594 --- scripts/iiab-size.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py index 851119089..c44e7034b 100644 --- a/scripts/iiab-size.py +++ b/scripts/iiab-size.py @@ -1,5 +1,6 @@ #!/usr/bin/python3 -# Creates json files for presets +# Auto-calculate IIAB + EduPack disk space needs, in advance [& design review] +# https://github.com/iiab/iiab/pull/3594 import os, sys, syslog from datetime import date From a9585365c019891299632463d01cc9517e57cb18 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Jun 2023 19:33:01 -0400 Subject: [PATCH 1122/1758] transmission/README.rst: Add "Docs" section --- roles/transmission/README.rst | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 40f6e38fc..2112fc778 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -103,7 +103,19 @@ More advanced configuration and status are in directory ``/var/lib/transmission- stats.json torrents/ -These are further explained in https://github.com/transmission/transmission/wiki/Configuration-Files (to align with the above, apt package transmission-daemon sets user debian-transmission's home directory to ``/var/lib/transmission-daemon`` in /etc/passwd). +These are further explained in |ss| https://github.com/transmission/transmission/wiki/Configuration-Files |se| (to align with the above, apt package transmission-daemon sets user debian-transmission's home directory to ``/var/lib/transmission-daemon`` in /etc/passwd). + +Docs +---- + +As of June 2023, these docs appear to be the most up-to-date: + +- https://github.com/transmission/transmission/tree/main/docs + - https://github.com/transmission/transmission/blob/main/docs/Configuration-Files.md + - https://github.com/transmission/transmission/blob/main/docs/Headless-Usage.md +- https://wiki.archlinux.org/title/transmission (updated regularly) +- https://cli-ck.io/transmission-cli-user-guide/ (2016 but still useful) +- https://trac.transmissionbt.com/wiki (2006-2019) Logging ------- From 30c54e844804c70afa6c9a1312b7369b757a469e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Jun 2023 19:43:54 -0400 Subject: [PATCH 1123/1758] transmission/tasks/install.yml: Remove stale comment --- roles/transmission/tasks/install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 17a87d1c0..7f64d0e70 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -16,7 +16,6 @@ path: "{{ transmission_download_dir }}" # /library/transmission owner: "{{ transmission_user }}" # debian-transmission group: "{{ transmission_group }}" # debian-transmission - # mode: '0755' - name: Stop 'transmission-daemon' systemd service, before modifying its settings systemd: From 03531dfdecf4025304ba6241e354799756b19727 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Acevedo=20=28Neomatrix=29?= <josuecevedo@gmail.com> Date: Wed, 7 Jun 2023 21:58:51 -0600 Subject: [PATCH 1124/1758] GitHub Actions .github/workflows/30min-iiab-test-install-debian12.yml for CI/CD & QA (#2) * add debian12 --- .../30min-iiab-test-install-debian12.yml | 58 +++++++++++++++++++ .../30min-iiab-test-install-raspios.yml | 2 +- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/30min-iiab-test-install-debian12.yml diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml new file mode 100644 index 000000000..e98618e20 --- /dev/null +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -0,0 +1,58 @@ +name: '"30 min" IIAB test install debian 12' +# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 + +# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html +on: [push, pull_request, workflow_dispatch] + +# on: +# push: +# +# pull_request: +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# +# # Set your workflow to run every day of the week from Monday to Friday at 6:00 UTC +# schedule: +# - cron: "0 6 * * 1-5" + +jobs: + test-install: + runs-on: ubuntu-latest + strategy: + matrix: + arch: [debian12] + include: + - arch: debian12 + cpu: cortex-a7 + cpu_info: cpuinfo/raspberrypi_3b + base_image: https://raspi.debian.net/daily/raspi_3_bookworm.img.xz + # source https://raspi.debian.net/daily-images/ + steps: + #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + #- name: Check out repository code + - uses: actions/checkout@v3.1.0 + - uses: pguyot/arm-runner-action@v2 + with: + image_additional_mb: 1024 + base_image: ${{ matrix.base_image }} + cpu: ${{ matrix.cpu }} + cpu_info: ${{ matrix.cpu_info }} + copy_repository_path: /opt/iiab/iiab + commands: | + #test `uname -m` = ${{ matrix.arch }} + grep Model /proc/cpuinfo + echo "🍏 This job's status is ${{ job.status }}." + whoami # runner + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + apt-get update -y --allow-releaseinfo-change + apt-get install --no-install-recommends -y git + ls /opt/iiab/iiab + mkdir /etc/iiab + cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + /opt/iiab/iiab/scripts/ansible + ./iiab-install + cd /opt/iiab/iiab + iiab-summary + cat /etc/iiab/iiab_state.yml diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index e1cb81c17..dea22ffa6 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -52,7 +52,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - test `uname -m` = ${{ matrix.arch }} + #test `uname -m` = ${{ matrix.arch }} grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 249d6fd24d0b3bde959df21532cc65752e66fa11 Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:08:00 -0600 Subject: [PATCH 1125/1758] echo hostnamectl --- .github/workflows/30min-iiab-test-install-debian12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index e98618e20..ac139cd76 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,7 +41,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - #test `uname -m` = ${{ matrix.arch }} + echo "${{ hostnamectl }}" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 815f098475c02e65ce3851274422ff56e117b67e Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:13:52 -0600 Subject: [PATCH 1126/1758] update hostnamectl --- .github/workflows/30min-iiab-test-install-debian12.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index ac139cd76..f73f5d93b 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -27,6 +27,7 @@ jobs: cpu: cortex-a7 cpu_info: cpuinfo/raspberrypi_3b base_image: https://raspi.debian.net/daily/raspi_3_bookworm.img.xz + os: linux # source https://raspi.debian.net/daily-images/ steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." @@ -41,7 +42,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "${{ hostnamectl }}" + echo "$(hostnamectl)"" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 28d51dd064dbc3a5710f5b1bac0a3e524127c443 Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:17:09 -0600 Subject: [PATCH 1127/1758] remove OS parameter --- .github/workflows/30min-iiab-test-install-debian12.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index f73f5d93b..f9b3ea8bc 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -27,7 +27,6 @@ jobs: cpu: cortex-a7 cpu_info: cpuinfo/raspberrypi_3b base_image: https://raspi.debian.net/daily/raspi_3_bookworm.img.xz - os: linux # source https://raspi.debian.net/daily-images/ steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." From ba404ac0f9197335b93e42e8876ae7da267e314d Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:20:54 -0600 Subject: [PATCH 1128/1758] remove quote --- .github/workflows/30min-iiab-test-install-debian12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index f9b3ea8bc..1584642a5 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,7 +41,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "$(hostnamectl)"" + echo "$(hostnamectl)" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From bac736d6166fff71963995141b1f87385bb0034c Mon Sep 17 00:00:00 2001 From: neomatrixcode <josuecevedo@gmail.com> Date: Thu, 8 Jun 2023 12:27:31 -0600 Subject: [PATCH 1129/1758] add uname --- .github/workflows/30min-iiab-test-install-debian12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 1584642a5..a7c5d1249 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,7 +41,7 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "$(hostnamectl)" + echo "$(uname -srm)" grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." whoami # runner From 81ba0fc7b797b69a0427fd47e8b1a8ed5229de9b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 14:49:07 -0400 Subject: [PATCH 1130/1758] GHA: Try recording more 'runner context' on top of job --- .github/workflows/30min-iiab-test-install-debian12.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index a7c5d1249..1262fac8d 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -41,9 +41,11 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | - echo "$(uname -srm)" - grep Model /proc/cpuinfo echo "🍏 This job's status is ${{ job.status }}." + echo -e "Complete 'runner context':\n{{ $matrix }}" + uname -srm + hostnamectl + grep Model /proc/cpuinfo whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} apt-get update -y --allow-releaseinfo-change From dddd7ce0b4e351f4ddce46fc2316de00c2f6ae68 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:04:52 -0400 Subject: [PATCH 1131/1758] GHA: Try dumping runner contexts --- .../30min-iiab-test-install-debian12.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 1262fac8d..0753cd422 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -32,7 +32,23 @@ jobs: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." #- name: Check out repository code + - name: Dump GitHub context + env: + GITHUB_CONTEXT: ${{ toJSON(github) }} + run: echo "$GITHUB_CONTEXT" + - name: Dump matrix context + env: + MATRIX_CONTEXT: ${{ toJSON(matrix) }} + run: echo "$MATRIX_CONTEXT" - uses: actions/checkout@v3.1.0 + - name: Dump GitHub context + env: + GITHUB_CONTEXT: ${{ toJSON(github) }} + run: echo "$GITHUB_CONTEXT" + - name: Dump matrix context + env: + MATRIX_CONTEXT: ${{ toJSON(matrix) }} + run: echo "$MATRIX_CONTEXT" - uses: pguyot/arm-runner-action@v2 with: image_additional_mb: 1024 @@ -44,7 +60,6 @@ jobs: echo "🍏 This job's status is ${{ job.status }}." echo -e "Complete 'runner context':\n{{ $matrix }}" uname -srm - hostnamectl grep Model /proc/cpuinfo whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} From 751931a917e61baa07905bf5561307d4a4c960ed Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:14:46 -0400 Subject: [PATCH 1132/1758] GHA: Try tightening up, with 'uname -a' --- .../30min-iiab-test-install-debian12.yml | 20 +++++-------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 0753cd422..2ae59027d 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -31,24 +31,15 @@ jobs: steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - #- name: Check out repository code - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJSON(github) }} - run: echo "$GITHUB_CONTEXT" + #- name: Dump GitHub context (typically almost 500 lines) + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: echo "$GITHUB_CONTEXT" - name: Dump matrix context env: MATRIX_CONTEXT: ${{ toJSON(matrix) }} run: echo "$MATRIX_CONTEXT" - uses: actions/checkout@v3.1.0 - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJSON(github) }} - run: echo "$GITHUB_CONTEXT" - - name: Dump matrix context - env: - MATRIX_CONTEXT: ${{ toJSON(matrix) }} - run: echo "$MATRIX_CONTEXT" - uses: pguyot/arm-runner-action@v2 with: image_additional_mb: 1024 @@ -58,8 +49,7 @@ jobs: copy_repository_path: /opt/iiab/iiab commands: | echo "🍏 This job's status is ${{ job.status }}." - echo -e "Complete 'runner context':\n{{ $matrix }}" - uname -srm + uname -a # uname -srm grep Model /proc/cpuinfo whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} From 935cc5606ec62da574a5dc145d4b703ba9546a0f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:23:01 -0400 Subject: [PATCH 1133/1758] Similarly update 10min-iiab-test-install.yml --- .github/workflows/10min-iiab-test-install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 0926191af..16cddfcd9 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -22,11 +22,16 @@ jobs: steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + #- name: Dump GitHub context (typically almost 500 lines) + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: echo "$GITHUB_CONTEXT" - name: Check out repository code uses: actions/checkout@v3.1.0 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | + uname -a whoami # runner pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} # ls From 4d6bdaf808a27a3a1b571df8410329d7b99bd0ca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:25:48 -0400 Subject: [PATCH 1134/1758] Update 10min-iiab-test-install.yml --- .github/workflows/10min-iiab-test-install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 16cddfcd9..2e567f984 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -31,9 +31,9 @@ jobs: - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | - uname -a - whoami # runner - pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + uname -a # uname -srm + whoami # Typically 'runner' instead of 'root' + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} # ls # ls $GITHUB_WORKSPACE # ls ${{ github.workspace }} From feccd64b4ac3bf378f43158bc92ab768f1cd92aa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:26:25 -0400 Subject: [PATCH 1135/1758] Update 30min-iiab-test-install-debian12.yml --- .github/workflows/30min-iiab-test-install-debian12.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-debian12.yml index 2ae59027d..d61230890 100644 --- a/.github/workflows/30min-iiab-test-install-debian12.yml +++ b/.github/workflows/30min-iiab-test-install-debian12.yml @@ -49,10 +49,10 @@ jobs: copy_repository_path: /opt/iiab/iiab commands: | echo "🍏 This job's status is ${{ job.status }}." - uname -a # uname -srm grep Model /proc/cpuinfo - whoami # runner - pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + uname -a # uname -srm + whoami # Typically 'root' instead of 'runner' + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} apt-get update -y --allow-releaseinfo-change apt-get install --no-install-recommends -y git ls /opt/iiab/iiab From 0170835529ed660f8a0b64ff87231fdd91bf6eaa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:30:47 -0400 Subject: [PATCH 1136/1758] Try 30min-iiab-test-install-raspios.yml like -debian12.yml --- .../30min-iiab-test-install-raspios.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios.yml index dea22ffa6..ea89758ed 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios.yml @@ -42,7 +42,14 @@ jobs: steps: #- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." #- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - #- name: Check out repository code + #- name: Dump GitHub context (typically almost 500 lines) + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: echo "$GITHUB_CONTEXT" + - name: Dump matrix context + env: + MATRIX_CONTEXT: ${{ toJSON(matrix) }} + run: echo "$MATRIX_CONTEXT" - uses: actions/checkout@v3.1.0 - uses: pguyot/arm-runner-action@v2 with: @@ -52,11 +59,12 @@ jobs: cpu_info: ${{ matrix.cpu_info }} copy_repository_path: /opt/iiab/iiab commands: | + echo "🍏 This job's status is ${{ job.status }}." #test `uname -m` = ${{ matrix.arch }} grep Model /proc/cpuinfo - echo "🍏 This job's status is ${{ job.status }}." - whoami # runner - pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} + uname -a # uname -srm + whoami # Typically 'root' instead of 'runner' + pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} sudo apt-get update -y --allow-releaseinfo-change sudo apt-get install --no-install-recommends -y git ls /opt/iiab/iiab From 10ab5dc91b6feba1db9819a59e134e3944656041 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:32:20 -0400 Subject: [PATCH 1137/1758] Rename 30min-iiab-test-install-debian12.yml to 30min-iiab-test-install-deb12-on-rpi3.yml --- ...all-debian12.yml => 30min-iiab-test-install-deb12-on-rpi3.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{30min-iiab-test-install-debian12.yml => 30min-iiab-test-install-deb12-on-rpi3.yml} (100%) diff --git a/.github/workflows/30min-iiab-test-install-debian12.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml similarity index 100% rename from .github/workflows/30min-iiab-test-install-debian12.yml rename to .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml From 0845b9b484cef79523971f3514eb6b190b5fa3cb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:47:42 -0400 Subject: [PATCH 1138/1758] Likewise update job name to "deb12 on rpi3" --- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index d61230890..9940b2781 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install debian 12' +name: '"30 min" IIAB test install deb12 on rpi3' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html From 3f63c0b4dd407d75d283a868340828f34e2a1aed Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 10 Jun 2023 09:10:47 -0400 Subject: [PATCH 1139/1758] Clean df syntax, for each app's disk usage in iiab.ini --- roles/0-init/tasks/create_iiab_ini.yml | 6 +++--- roles/9-local-addons/tasks/main.yml | 12 ++++++------ roles/awstats/tasks/install.yml | 12 ++++++------ roles/azuracast/tasks/install.yml | 12 ++++++------ roles/calibre-web/tasks/install.yml | 12 ++++++------ roles/calibre/tasks/install.yml | 12 ++++++------ roles/captiveportal/tasks/install.yml | 12 ++++++------ roles/cups/tasks/install.yml | 12 ++++++------ roles/gitea/tasks/install.yml | 12 ++++++------ roles/iiab-admin/tasks/main.yml | 12 ++++++------ roles/internetarchive/tasks/install.yml | 12 ++++++------ roles/jupyterhub/tasks/install.yml | 12 ++++++------ roles/kalite/tasks/install.yml | 12 ++++++------ roles/kiwix/tasks/install.yml | 12 ++++++------ roles/kolibri/tasks/install.yml | 12 ++++++------ roles/lokole/tasks/install.yml | 12 ++++++------ roles/matomo/tasks/install.yml | 12 ++++++------ roles/mediawiki/tasks/install.yml | 12 ++++++------ roles/minetest/tasks/install.yml | 12 ++++++------ roles/mongodb/tasks/install.yml | 12 ++++++------ roles/monit/tasks/install.yml | 12 ++++++------ roles/moodle/tasks/install.yml | 12 ++++++------ roles/mosquitto/tasks/install.yml | 12 ++++++------ roles/munin/tasks/install.yml | 12 ++++++------ roles/mysql/tasks/install.yml | 12 ++++++------ roles/network/tasks/install.yml | 12 ++++++------ roles/nextcloud/tasks/install.yml | 12 ++++++------ roles/nginx/tasks/install.yml | 12 ++++++------ roles/nodejs/tasks/install.yml | 12 ++++++------ roles/nodered/tasks/install.yml | 12 ++++++------ roles/openvpn/tasks/install.yml | 12 ++++++------ roles/osm-vector-maps/tasks/install.yml | 12 ++++++------ roles/pbx/tasks/install.yml | 12 ++++++------ roles/phpmyadmin/tasks/install.yml | 12 ++++++------ roles/postgresql/tasks/install.yml | 12 ++++++------ roles/pylibs/tasks/main.yml | 12 ++++++------ roles/remoteit/tasks/install.yml | 12 ++++++------ roles/samba/tasks/install.yml | 12 ++++++------ roles/sshd/tasks/install.yml | 12 ++++++------ roles/sugarizer/tasks/install.yml | 12 ++++++------ roles/transmission/tasks/install.yml | 12 ++++++------ roles/usb_lib/tasks/install.yml | 12 ++++++------ roles/vnstat/tasks/install.yml | 12 ++++++------ roles/wordpress/tasks/install.yml | 12 ++++++------ roles/www_base/tasks/main.yml | 12 ++++++------ roles/www_options/tasks/main.yml | 12 ++++++------ roles/yarn/tasks/install.yml | 12 ++++++------ 47 files changed, 279 insertions(+), 279 deletions(-) diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index 6e3e08a73..75b2b338f 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -1,5 +1,5 @@ -- name: Record disk_space_a_priori (permanently, into {{ iiab_ini_file }} below) to later estimate iiab_software_disk_usage - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record disk_used_a_priori (permanently, into {{ iiab_ini_file }} below) to later estimate iiab_software_disk_usage + shell: df -B1 --output=used / | tail -1 register: df1 # workaround for fact that auto create does not work on iiab_ini_file @@ -28,7 +28,7 @@ value: "{{ iiab_base }}" - option: iiab_dir value: "{{ iiab_dir }}" - - option: disk_space_a_priori + - option: disk_used_a_priori value: "{{ df1.stdout }}" - name: Add 'initial' variable values to {{ iiab_ini_file }} diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 7070973c6..ac657cd5c 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -42,20 +42,20 @@ name: pbx when: pbx_install -- name: Read 'disk_space_a_priori' from /etc/iiab/iiab.ini +- name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini set_fact: - df1: "{{ lookup('ansible.builtin.ini', 'disk_space_a_priori', section='summary', file=iiab_ini_file) }}" + df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}" -- name: Record currently available disk space, to compare with original 'disk_space_a_priori' - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record currently used disk space, to compare with original 'disk_used_a_priori' + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add ESTIMATED 'iiab_software_disk_usage = {{ df1|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add ESTIMATED 'iiab_software_disk_usage = {{ df2.stdout|int - df1|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: summary option: iiab_software_disk_usage - value: "{{ df1|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1|int }}" - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 5585c19ca..24a005c74 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -98,16 +98,16 @@ # RECORD AWStats AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'awstats_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'awstats_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: awstats option: awstats_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'awstats_installed: True'" set_fact: diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 741e164f5..bd25d96fb 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -25,8 +25,8 @@ # 5. Run './runrole --reinstall azuracast' in /opt/iiab/iiab -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -107,16 +107,16 @@ # RECORD AzuraCast AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'azuracast_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'azuracast_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: azuracast option: azuracast_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'azuracast_installed: True'" set_fact: diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 674880514..ebeefb6d7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -115,16 +115,16 @@ # RECORD Calibre-Web AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'calibreweb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'calibreweb_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: calibre-web option: calibreweb_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'calibreweb_installed: True'" set_fact: diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index 7646167a4..82218ada0 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -84,16 +84,16 @@ # 5. RECORD Calibre AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'calibre_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'calibre_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: calibre option: calibre_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'calibre_installed: True'" set_fact: diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index 791d516fa..b76ad39b0 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -56,16 +56,16 @@ # RECORD Captive Portal AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'captiveportal_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'captiveportal_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: captiveportal option: captiveportal_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'captiveportal_installed: True'" set_fact: diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index e080b68cf..e4e2e04ed 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -2,8 +2,8 @@ # (OR ANY MEMBER OF LINUX GROUP 'lpadmin') AS SET UP BELOW... -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -129,16 +129,16 @@ # RECORD CUPS AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'cups_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'cups_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: cups option: cups_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'cups_installed: True'" set_fact: diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 59f9d0be9..c46abbdab 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -110,16 +110,16 @@ # 5. RECORD Gitea AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'gitea_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'gitea_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: gitea option: gitea_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'gitea_installed: True'" set_fact: diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index f9d6d38a5..fabe0bffe 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -2,8 +2,8 @@ # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -40,16 +40,16 @@ # RECORD iiab-admin AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'iiab_admin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'iiab_admin_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: iiab-admin option: iiab_admin_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'iiab_admin_installed: True'" set_fact: diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 9f67851cf..0d36c09c8 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -30,8 +30,8 @@ state: present -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -69,16 +69,16 @@ # 4. RECORD Internet Archive AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'internetarchive_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'internetarchive_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: internetarchive option: internetarchive_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'internetarchive_installed: True'" set_fact: diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index eeffed232..8d7273215 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,8 +13,8 @@ when: nodejs_installed is undefined -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -109,16 +109,16 @@ # RECORD JupyterHub AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'jupyterhub_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'jupyterhub_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: jupyterhub option: jupyterhub_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'jupyterhub_installed: True'" set_fact: diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index dc802f8cc..7df40364d 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -110,16 +110,16 @@ # RECORD KA Lite AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'kalite_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'kalite_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: kalite option: kalite_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'kalite_installed: True'" set_fact: diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index e8a606b13..3ad37ba2c 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -6,8 +6,8 @@ when: kiwix_arch == "unsupported" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -123,16 +123,16 @@ # 5. RECORD Kiwix AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'kiwix_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'kiwix_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: kiwix option: kiwix_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'kiwix_installed: True'" set_fact: diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 3b5826f6c..f0a06d292 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -23,8 +23,8 @@ # https://kolibri.readthedocs.io/en/latest/install/provision.html -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -214,16 +214,16 @@ # RECORD Kolibri AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'kolibri_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'kolibri_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: kolibri option: kolibri_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'kolibri_installed: True'" set_fact: diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 5f8c76d4f..a002268fc 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -2,8 +2,8 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -138,16 +138,16 @@ # RECORD Lokole AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'lokole_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'lokole_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: lokole option: lokole_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'lokole_installed: True'" set_fact: diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 97c321d83..d6f8060a4 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,8 +12,8 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -244,16 +244,16 @@ # RECORD Matomo AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'matomo_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'matomo_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: matomo option: matomo_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'matomo_installed: True'" set_fact: diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index b5af608c1..204fc0c45 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -100,16 +100,16 @@ # RECORD MediaWiki AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mediawiki_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mediawiki_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mediawiki option: mediawiki_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mediawiki_installed: True'" set_fact: diff --git a/roles/minetest/tasks/install.yml b/roles/minetest/tasks/install.yml index e9e9982b9..9c00a10c2 100644 --- a/roles/minetest/tasks/install.yml +++ b/roles/minetest/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -40,16 +40,16 @@ # RECORD Minetest AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'minetest_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'minetest_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: minetest option: minetest_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'minetest_installed: True'" set_fact: diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 8efb7d91d..10c2f39f5 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -4,8 +4,8 @@ # https://www.mongodb.com/docs/manual/installation/ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -372,16 +372,16 @@ # 3. RECORD MongoDB AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mongodb_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mongodb_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mongodb option: mongodb_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mongodb_installed: True'" set_fact: diff --git a/roles/monit/tasks/install.yml b/roles/monit/tasks/install.yml index 7dd9802d1..8d523c653 100644 --- a/roles/monit/tasks/install.yml +++ b/roles/monit/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -40,16 +40,16 @@ # RECORD Monit AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'monit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'monit_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: monit option: monit_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'monit_installed: True'" set_fact: diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index cb19f242c..570e782b7 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,8 +17,8 @@ name: postgresql -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -194,16 +194,16 @@ # RECORD Moodle AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'moodle_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'moodle_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: moodle option: moodle_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'moodle_installed: True'" set_fact: diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml index 5f1fdde01..d4b7271a0 100644 --- a/roles/mosquitto/tasks/install.yml +++ b/roles/mosquitto/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -37,16 +37,16 @@ # RECORD Mosquitto AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mosquitto_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mosquitto_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mosquitto option: mosquitto_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mosquitto_installed: True'" set_fact: diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index cb6460c9f..4366a19d8 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -49,16 +49,16 @@ # RECORD Munin AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'munin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'munin_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: munin option: munin_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'munin_installed: True'" set_fact: diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 3abfc3d30..87bcd9c1a 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -66,16 +66,16 @@ # RECORD MySQL AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'mysql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'mysql_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: mysql option: mysql_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'mysql_installed: True'" set_fact: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 10ed94b5e..188713b8f 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -106,16 +106,16 @@ # RECORD Network AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'network_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'network_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: network option: network_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'network_installed: True'" set_fact: diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ee1bed19f..4262bddc5 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -124,16 +124,16 @@ # RECORD Nextcloud AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nextcloud_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nextcloud_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nextcloud option: nextcloud_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nextcloud_installed: True'" set_fact: diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index a9e4c0b6c..b45920dd1 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -71,16 +71,16 @@ # RECORD NGINX AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nginx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nginx_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nginx option: nginx_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nginx_installed: True'" set_fact: diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index fcc6aaaea..830b1e002 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -2,8 +2,8 @@ # https://github.com/iiab/iiab/blob/master/roles/www_base/templates/iiab-refresh-wiki-docs.sh#L51-L52 -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -170,16 +170,16 @@ # 3. RECORD Node.js AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nodejs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nodejs_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nodejs option: nodejs_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nodejs_installed: True'" set_fact: diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 70a213087..b7c711ac5 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -23,8 +23,8 @@ # when: nodejs_version != "12.x" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -143,16 +143,16 @@ # RECORD Node-RED AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'nodered_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'nodered_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: nodered option: nodered_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'nodered_installed: True'" set_fact: diff --git a/roles/openvpn/tasks/install.yml b/roles/openvpn/tasks/install.yml index 4241fa723..53f5dc7f2 100644 --- a/roles/openvpn/tasks/install.yml +++ b/roles/openvpn/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -105,16 +105,16 @@ # RECORD OpenVPN AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'openvpn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'openvpn_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: openvpn option: openvpn_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'openvpn_installed: True'" set_fact: diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 17a82b5b4..f46016ebc 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -201,16 +201,16 @@ # RECORD OSM Vector Maps AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'osm_vector_maps_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'osm_vector_maps_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: osm-vector-maps option: osm_vector_maps_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'osm_vector_maps_installed: True'" set_fact: diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index 934d1dbe3..ef9dea71d 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -22,8 +22,8 @@ # when: nodejs_version != "12.x" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -49,16 +49,16 @@ # RECORD PBX AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'pbx_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'pbx_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: pbx option: pbx_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'pbx_installed: True'" set_fact: diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index 6c5ccc499..7d510de69 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -53,16 +53,16 @@ # RECORD phpMyAdmin AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'phpmyadmin_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'phpmyadmin_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: phpmyadmin option: phpmyadmin_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'phpmyadmin_installed: True'" set_fact: diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index f16a06b8d..f07cf943d 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -95,16 +95,16 @@ # RECORD PostgreSQL AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'postgresql_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'postgresql_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: postgresql option: postgresql_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'postgresql_installed: True'" set_fact: diff --git a/roles/pylibs/tasks/main.yml b/roles/pylibs/tasks/main.yml index aecabbeb8..9283c44f3 100644 --- a/roles/pylibs/tasks/main.yml +++ b/roles/pylibs/tasks/main.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -18,16 +18,16 @@ # RECORD pylibs AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'pylibs_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'pylibs_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: pylibs option: pylibs_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'pylibs_installed: True'" set_fact: diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 6f2bedae6..4610f63fc 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -129,16 +129,16 @@ # RECORD remote.it AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'remoteit_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'remoteit_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: remoteit option: remoteit_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'remoteit_installed: True'" set_fact: diff --git a/roles/samba/tasks/install.yml b/roles/samba/tasks/install.yml index 6c2b47fa0..1ebc623ed 100644 --- a/roles/samba/tasks/install.yml +++ b/roles/samba/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -36,16 +36,16 @@ # RECORD Samba AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'samba_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'samba_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: samba option: samba_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'samba_installed: True'" set_fact: diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml index 20e8b4bf5..b5b3271bc 100644 --- a/roles/sshd/tasks/install.yml +++ b/roles/sshd/tasks/install.yml @@ -10,8 +10,8 @@ # 2) Use Ansible handler to reload ssh? -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -47,16 +47,16 @@ # RECORD sshd AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'sshd_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'sshd_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: sshd option: sshd_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'sshd_installed: True'" set_fact: diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 95206dc7a..e0f973037 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -27,8 +27,8 @@ # when: nodejs_version != "12.x" -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -237,16 +237,16 @@ # 6. RECORD Sugarizer AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'sugarizer_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'sugarizer_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: sugarizer option: sugarizer_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'sugarizer_installed: True'" set_fact: diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 7f64d0e70..90c133511 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -59,16 +59,16 @@ # RECORD Transmission AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'transmission_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'transmission_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: transmission option: transmission_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'transmission_installed: True'" set_fact: diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index bea8638ee..5db37908b 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -8,8 +8,8 @@ # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -93,16 +93,16 @@ # RECORD 'USB_LIB' AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'usb_lib_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'usb_lib_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: usb_lib option: usb_lib_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'usb_lib_installed: True'" set_fact: diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index 0d34e5cfc..46db71ddd 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -47,16 +47,16 @@ # RECORD vnStat AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'vnstat_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'vnstat_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: vnstat option: vnstat_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'vnstat_installed: True'" set_fact: diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 449891e37..38fb08180 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,8 +12,8 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -140,16 +140,16 @@ # RECORD WordPress AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'wordpress_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'wordpress_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: wordpress option: wordpress_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'wordpress_installed: True'" set_fact: diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 8e278d60b..8efe11472 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -2,8 +2,8 @@ # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -60,16 +60,16 @@ # RECORD www_base AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'www_base_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'www_base_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: www_base option: www_base_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'www_base_installed: True'" set_fact: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index eea007b7f..9e41f6e76 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -2,8 +2,8 @@ # Role "www_options" runs here, probably in 4-SERVER-OPTIONS. -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -124,16 +124,16 @@ # RECORD www_options AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'www_options_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'www_options_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: www_options option: www_options_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'www_options_installed: True'" set_fact: diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index 5d8e3a258..331a10474 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,5 +1,5 @@ -- name: Record (initial) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 register: df1 @@ -45,16 +45,16 @@ # RECORD Yarn AS INSTALLED -- name: Record (final) available disk space - shell: df -PB1 $(findmnt / -o SOURCE -n) | awk 'NR==2 {print $4}' +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 register: df2 -- name: Add 'yarn_disk_usage = {{ df1.stdout|int - df2.stdout|int }}' to {{ iiab_ini_file }} +- name: Add 'yarn_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: yarn option: yarn_disk_usage - value: "{{ df1.stdout|int - df2.stdout|int }}" + value: "{{ df2.stdout|int - df1.stdout|int }}" - name: "Set 'yarn_installed: True'" set_fact: From e5a9cee54fb749cd87b9cb3a74f97d89bd60bb88 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 11 Jun 2023 07:59:09 -0400 Subject: [PATCH 1140/1758] Stub support for upcoming Debian 13 "Trixie" pre-releases --- scripts/local_facts.fact | 1 + vars/debian-13.yml | 5 +++++ vars/default_vars.yml | 1 + vars/ubuntu-2310.yml | 15 --------------- 4 files changed, 7 insertions(+), 15 deletions(-) create mode 100644 vars/debian-13.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 4debf731a..885fbec8e 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -81,6 +81,7 @@ OS_VER="$OS-$VERSION_ID" case $OS_VER in "debian-11" | \ "debian-12" | \ + "debian-13" | \ "ubuntu-2204" | \ "ubuntu-2210" | \ "ubuntu-2304" | \ diff --git a/vars/debian-13.yml b/vars/debian-13.yml new file mode 100644 index 000000000..09ef89f68 --- /dev/null +++ b/vars/debian-13.yml @@ -0,0 +1,5 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_13: True diff --git a/vars/default_vars.yml b/vars/default_vars.yml index fc2826b03..5502204b9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -790,6 +790,7 @@ is_linuxmint_21: False is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) +is_debian_13: False is_debian_12: False is_debian_11: False #is_debian_10: False diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml index ed40633df..165a64a46 100644 --- a/vars/ubuntu-2310.yml +++ b/vars/ubuntu-2310.yml @@ -3,18 +3,3 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2310: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: openssh-server -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" From 73f1d6cf8e64ca3335e6b82d3146477cfa6504dd Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 11 Jun 2023 21:33:35 -0400 Subject: [PATCH 1141/1758] WIP: Try 'transmission_compile_latest: True' --- roles/transmission/README.rst | 5 ++- roles/transmission/defaults/main.yml | 1 + roles/transmission/tasks/install.yml | 48 ++++++++++++++++++++++++++-- vars/default_vars.yml | 1 + vars/local_vars_large.yml | 1 + vars/local_vars_medium.yml | 1 + vars/local_vars_small.yml | 1 + vars/local_vars_unittest.yml | 1 + 8 files changed, 56 insertions(+), 3 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 2112fc778..80af71b96 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -111,10 +111,13 @@ Docs As of June 2023, these docs appear to be the most up-to-date: - https://github.com/transmission/transmission/tree/main/docs + - https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md - https://github.com/transmission/transmission/blob/main/docs/Configuration-Files.md + - https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md - https://github.com/transmission/transmission/blob/main/docs/Headless-Usage.md -- https://wiki.archlinux.org/title/transmission (updated regularly) - https://cli-ck.io/transmission-cli-user-guide/ (2016 but still useful) + - https://github.com/transmission/transmission#command-line-interface-notes ("``transmission-cli`` is deprecated and exists primarily to support older hardware dependent upon it. In almost all instances, ``transmission-remote`` should be used instead.") +- https://wiki.archlinux.org/title/transmission (updated regularly) - https://trac.transmissionbt.com/wiki (2006-2019) Logging diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index f6763f593..96fd188d4 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -1,6 +1,7 @@ # Transmission is a BitTorrent downloader for large Content Packs etc # transmission_install: False # transmission_enabled: False +# transmission_compile_latest: True # transmission_username: Admin # transmission_password: changeme diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 90c133511..eaf211bfa 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -10,6 +10,47 @@ - transmission-cli state: present + +- block: + + - name: "TRY TO COMPILE & INSTALL very latest Transmission, installing ~5 binaries in /usr/local/bin to take precedence over above binaries in /usr/bin (attempt surgery on systemd unit file from apt install above!)" + meta: noop + + # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#on-unix + - name: apt install build-essential cmake libcurl4-openssl-dev libssl-dev # git python3 + package: + name: + - build-essential + - cmake + - libcurl4-openssl-dev + - libssl-dev + state: present + + # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time + - name: Git clone latest to /opt/iiab/transmission + git: + repo: https://github.com/transmission/transmission + dest: /opt/iiab/transmission + #version: 4.0.x # Otherwise default branch 'main' + depth: 1 + force: yes + + - name: Compile & Install (CAN TAKE 10+ MINUTES, OR MUCH MORE ON A RASPBERRY PI!) + shell: | + cd /opt/iiab/transmission + git submodule update --init --recursive + mkdir build + cd build + cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo .. + make + make install + + - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service changing /usr/bin/transmission* to /usr/local/bin/transmission* + command: sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml + + when: transmission_compile_latest + + - name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }} file: state: directory @@ -23,7 +64,10 @@ state: stopped ignore_errors: yes -- name: Back up prior /etc/transmission-daemon/settings.json (original file from apt, or new symlink contents) to /etc/transmission-daemon/settings.json.old* +# 'transmission-daemon -d' (--dump-settings) CAN GENERATE A NEW settings.json +# ...then customize ~8 var lines to create a new templates/settings.json.j2 + +- name: Back up prior /etc/transmission-daemon/settings.json (file originally from apt, or new symlink contents) to /etc/transmission-daemon/settings.json.old* copy: src: /etc/transmission-daemon/settings.json dest: /etc/transmission-daemon/settings.json.old @@ -52,7 +96,7 @@ - name: "Reverse Transmission's fragile OOTB symlink -- instead we establish /etc/transmission-daemon/settings.json -> /var/lib/transmission-daemon/.config/transmission-daemon/settings.json -- REASON: /etc/transmission-daemon/settings.json was intermittently being IGNORED, as Transmission sometimes breaks its own symlink from /var/lib/transmission-daemon/.config/transmission-daemon/settings.json (by turning it into a file instead)" file: path: /etc/transmission-daemon/settings.json - src: /var/lib/transmission-daemon/.config/transmission-daemon/settings.json + src: /var/lib/transmission-daemon/.config/transmission-daemon/settings.json # Symlink /var/lib/transmission-daemon/home/settings.json also points to this state: link force: yes diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 5502204b9..47a03b1aa 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -543,6 +543,7 @@ sugarizer_port: 8089 # Transmission is a BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False +transmission_compile_latest: True transmission_username: Admin transmission_password: changeme diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1c1e8b7d3..7a98cfa37 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -320,6 +320,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 776d94614..237063f15 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -320,6 +320,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 35514ab81..83c58e62a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -320,6 +320,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 4cc01a9c6..940142665 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -320,6 +320,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False +transmission_compile_latest: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: From d03ff5d6298fb3b26be9522feaa02774b9c00c52 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 11 Jun 2023 22:17:46 -0400 Subject: [PATCH 1142/1758] Hint: use transmission-remote NOT deprecated transmission-cli --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index eaf211bfa..280d210f7 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -13,7 +13,7 @@ - block: - - name: "TRY TO COMPILE & INSTALL very latest Transmission, installing ~5 binaries in /usr/local/bin to take precedence over above binaries in /usr/bin (attempt surgery on systemd unit file from apt install above!)" + - name: "TRY TO COMPILE & INSTALL very latest Transmission, installing ~5 binaries in /usr/local/bin to take precedence over above ~6 binaries in /usr/bin (attempt surgery on systemd unit file from apt install above!)" meta: noop # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#on-unix From beae3643b9898aaf7adbc34c25b0c4f6e7158307 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 11 Jun 2023 22:37:23 -0400 Subject: [PATCH 1143/1758] transmission-daemon.service: --log-error -> --log-level=error --- roles/transmission/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 280d210f7..4ab86a05d 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -45,8 +45,10 @@ make make install - - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service changing /usr/bin/transmission* to /usr/local/bin/transmission* - command: sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml + - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service (1) changing --log-error to --log-level=error (2) changing /usr/bin/transmission* to /usr/local/bin/transmission* + shell: | + sed -i 's/--log-error/--log-level=error/' /lib/systemd/system/transmission-daemon.service # --log-error deprecated since 2020 + sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml when: transmission_compile_latest From 122a84588a9af4a763d67e8c1330cf150c21faf2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 00:44:14 -0400 Subject: [PATCH 1144/1758] transmission/tasks/install.yml: Clarify compile link --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 4ab86a05d..d0266f9dd 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -26,7 +26,6 @@ - libssl-dev state: present - # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - name: Git clone latest to /opt/iiab/transmission git: repo: https://github.com/transmission/transmission @@ -35,6 +34,7 @@ depth: 1 force: yes + # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - name: Compile & Install (CAN TAKE 10+ MINUTES, OR MUCH MORE ON A RASPBERRY PI!) shell: | cd /opt/iiab/transmission From 7f09784fe187fd34e6ee922a195656e4ee1f92ec Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 00:48:31 -0400 Subject: [PATCH 1145/1758] 'transmission-daemon --log-level=error' since ~2020 --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index d0266f9dd..61b3ec4f4 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -47,7 +47,7 @@ - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service (1) changing --log-error to --log-level=error (2) changing /usr/bin/transmission* to /usr/local/bin/transmission* shell: | - sed -i 's/--log-error/--log-level=error/' /lib/systemd/system/transmission-daemon.service # --log-error deprecated since 2020 + sed -i 's/--log-error/--log-level=error/' /lib/systemd/system/transmission-daemon.service # --log-error deprecated since ~2020 sed -i 's#/usr/bin/transmission#/usr/local/bin/transmission#' /lib/systemd/system/transmission-daemon.service # daemon_reload handled by enable-or-disable.yml when: transmission_compile_latest From 71010c0feed88d73e370ffd349d7d50a98a7c0d7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 00:51:20 -0400 Subject: [PATCH 1146/1758] Clarify 'git clone https://github.com/transmission/transmission' --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 61b3ec4f4..2fc2fde70 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -26,7 +26,7 @@ - libssl-dev state: present - - name: Git clone latest to /opt/iiab/transmission + - name: Git clone https://github.com/transmission/transmission to /opt/iiab/transmission git: repo: https://github.com/transmission/transmission dest: /opt/iiab/transmission From 16ba23bf3e5c5e7df1c71a76a04156fccb8143bc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 01:00:58 -0400 Subject: [PATCH 1147/1758] transmission/README.rst: Link to transmission-rpc docs --- roles/transmission/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 80af71b96..90048c596 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -115,6 +115,8 @@ As of June 2023, these docs appear to be the most up-to-date: - https://github.com/transmission/transmission/blob/main/docs/Configuration-Files.md - https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md - https://github.com/transmission/transmission/blob/main/docs/Headless-Usage.md + - https://github.com/transmission/transmission/blob/main/docs/rpc-spec.md + - https://transmission-rpc.readthedocs.io - https://cli-ck.io/transmission-cli-user-guide/ (2016 but still useful) - https://github.com/transmission/transmission#command-line-interface-notes ("``transmission-cli`` is deprecated and exists primarily to support older hardware dependent upon it. In almost all instances, ``transmission-remote`` should be used instead.") - https://wiki.archlinux.org/title/transmission (updated regularly) From 9df95cedf8b9bd9cddc8e7a77ca875bdd5c7c79a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 01:31:19 -0400 Subject: [PATCH 1148/1758] transmission/README.rst: Overhaul logging instructions --- roles/transmission/README.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 90048c596..8df899064 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -125,14 +125,14 @@ As of June 2023, these docs appear to be the most up-to-date: Logging ------- -To turn on logging and/or record the Process ID (PID), follow these instructions: https://pawelrychlicki.pl/Home/Details/59/transmission-daemon-doesnt-create-a-log-file-nor-a-pid-file-ubuntu-server-1804 +Increase logging by changing transmission-daemon's ``--log-level=error`` to ``--log-level=debug`` in ``/lib/systemd/system/transmission-daemon.service`` -This gives permissions to user ``debian-transmission`` — if you use these 3 lines in ``/lib/systemd/system/transmission-daemon.service`` : +(Options are: ``critical``, ``error``, ``warn``, ``info``, ``debug`` or ``trace``) -:: +Then run:: - RuntimeDirectory=transmission-daemon - LogsDirectory=transmission-daemon - ExecStart=/usr/bin/transmission-daemon -f --log-error --log-debug --logfile /var/log/transmission-daemon/transmission.log --pid-file /run/transmission-daemon/transmission.pid + systemctl daemon-reload + systemctl restart transmission-daemon + journalctl -eu transmission-daemon Noting that one should not normally edit files in ``/lib`` or ``/usr/lib`` — systemd has a command for customizing unit files: ``systemctl edit --full transmission-daemon.service`` From 2c8423394690bafc9e9cdefe4e856626818b1452 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 09:59:31 -0400 Subject: [PATCH 1149/1758] Compiling Transmission requires 'apt install libsystemd-dev' --- roles/transmission/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 2fc2fde70..570b9cd8a 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -17,13 +17,15 @@ meta: noop # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#on-unix - - name: apt install build-essential cmake libcurl4-openssl-dev libssl-dev # git python3 + # https://github.com/transmission/transmission/issues/5362 tips thanks to @tearfur + - name: apt install build-essential cmake libcurl4-openssl-dev libssl-dev libsystemd-dev # git python3 package: name: - build-essential - cmake - libcurl4-openssl-dev - libssl-dev + - libsystemd-dev state: present - name: Git clone https://github.com/transmission/transmission to /opt/iiab/transmission From 251694f2f257db3870c0acce09fb2f70760073ca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 12:56:36 -0400 Subject: [PATCH 1150/1758] Free up disk (~1.6 GB) after Transmission compile --- roles/transmission/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 570b9cd8a..20dc9a5f2 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -37,7 +37,7 @@ force: yes # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - - name: Compile & Install (CAN TAKE 10+ MINUTES, OR MUCH MORE ON A RASPBERRY PI!) + - name: Compile, install & remove detritus (CAN TAKE 50 MINUTES OR MORE ON A RASPBERRY PI 4!) shell: | cd /opt/iiab/transmission git submodule update --init --recursive @@ -46,6 +46,8 @@ cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo .. make make install + cd + rm -rf /opt/iiab/transmission # 2023-06-12: Frees up 1.1 GB on 32-bit RasPiOS. Frees up 1.6 GB on 64-bit RasPiOS. - name: Attempt surgery on /lib/systemd/system/transmission-daemon.service (1) changing --log-error to --log-level=error (2) changing /usr/bin/transmission* to /usr/local/bin/transmission* shell: | From 934f2c1799cdc2ac6a6ab8a4e1b97ab0a8e449cc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 14:25:12 -0400 Subject: [PATCH 1151/1758] Kiwix support for 'armv6l: armv6' & 'armv7l: armv8' (tentative!) --- roles/kiwix/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 3d3472f1a..0010929c9 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -29,8 +29,8 @@ kiwix_arch_dict: # 'dpkg --print-architecture' key would be: (to mitigate # #i386: # ? i686: i586 # ? x86_64: x86_64 # amd64 - armv6l: armhf # armhf - armv7l: armhf # armhf BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574, PR #3576 + armv6l: armv6 # armhf + armv7l: armv8 # armhf BEWARE: armhf version of kiwix-tools suddenly FAILS on 64-bit RasPiOS, since 3.5.0 released 2023-04-28 -- #3574, PR #3576 aarch64: aarch64 # arm64 BEWARE: "32-bit" RasPiOS suddenly boots 64-bit kernel since March 2023 -- #3516, explained at https://github.com/iiab/iiab/pull/3422#issuecomment-1533441463 # ansible_architecture might also work, if not quite as well: From 21ca31877878465f2ffca4a0334ad1c702aa222e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 14:29:47 -0400 Subject: [PATCH 1152/1758] Revert May's kiwix-tools armhf 3.5.0 workaround to 3.4.0 --- roles/kiwix/tasks/install.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 3ad37ba2c..a78f71d21 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -24,23 +24,23 @@ timeout: "{{ download_timeout }}" register: kiwix_dl # PATH /opt/iiab/downloads + ACTUAL filename put in kiwix_dl.dest, for unarchive ~28 lines below -- name: "2023-05-14: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" - get_url: - url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz - dest: "{{ downloads_dir }}" - timeout: "{{ download_timeout }}" - #register: kiwix_dl # CLOBBERS kiwix_dl.dest WHEN THIS STANZA DOES NOT RUN :/ - when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" - -# Ansible does not allow changing individuals subfields in a dictionary, but -# this crude hack works, overwriting the entire kiwix_dl dictionary var with -# the single (needed) key/value pair. (Or "register: tmp_dl" could be set -# above, if its other [subfields, key/value pairs, etc] really mattered...) -- name: "2023-05-15: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" - set_fact: - kiwix_dl: - dest: /opt/iiab/downloads/kiwix-tools_linux-armhf-3.4.0.tar.gz - when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" +# - name: "2023-05-14: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" +# get_url: +# url: https://download.kiwix.org/release/kiwix-tools/kiwix-tools_linux-armhf-3.4.0.tar.gz +# dest: "{{ downloads_dir }}" +# timeout: "{{ download_timeout }}" +# #register: kiwix_dl # CLOBBERS kiwix_dl.dest WHEN THIS STANZA DOES NOT RUN :/ +# when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" +# +# # Ansible does not allow changing individuals subfields in a dictionary, but +# # this crude hack works, overwriting the entire kiwix_dl dictionary var with +# # the single (needed) key/value pair. (Or "register: tmp_dl" could be set +# # above, if its other [subfields, key/value pairs, etc] really mattered...) +# - name: "2023-05-15: TEMPORARY PATCH REVERTING TO KIWIX-TOOLS 3.4.0 IF BUGGY 32-BIT (armhf) VERSION 3.5.0 IS DETECTED -- #3574" +# set_fact: +# kiwix_dl: +# dest: /opt/iiab/downloads/kiwix-tools_linux-armhf-3.4.0.tar.gz +# when: kiwix_dl.dest == "/opt/iiab/downloads/kiwix-tools_linux-armhf-3.5.0.tar.gz" - name: Does {{ kiwix_path }}/bin already exist? (as a directory, symlink or file) stat: From c4e94c5be04831b862da0e387cb4eb6300113b1c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 22:08:51 -0400 Subject: [PATCH 1153/1758] kiwix/defaults/main.yml: Update redirect doc link --- roles/kiwix/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 0010929c9..52e881796 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -42,6 +42,7 @@ kiwix_arch: "{{ kiwix_arch_dict[ansible_machine] | default('unsupported') }}" # Latest official kiwix-tools release, per Kiwix permalink redirects: # https://www.kiwix.org/en/downloads/kiwix-serve/ # https://github.com/kiwix/container-images/issues/236 +# https://github.com/kiwix/kiwix-tools/issues/623 kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}.tar.gz" #kiwix_tar_gz: "kiwix-tools_linux-{{ kiwix_arch }}-3.3.0-1.tar.gz" # Version can be hard-coded if you prefer (as was done til 2022-10-04) From 87d3bccd25cad912c72c0e91987a793ac401011f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 12 Jun 2023 23:08:57 -0400 Subject: [PATCH 1154/1758] remote.it workaround for incoming ICMP firewalls e.g. GitHub Actions --- roles/remoteit/tasks/enable-or-disable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml index 5fba120ca..0023e0b17 100644 --- a/roles/remoteit/tasks/enable-or-disable.yml +++ b/roles/remoteit/tasks/enable-or-disable.yml @@ -33,7 +33,7 @@ # service, that they removed from 4.15.2 device packages on 2022-09-07. # (Either way, the job below never deletes /etc/remoteit/registration) -- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don''t already have a license key in /etc/remoteit/registration) -- FYI this spawns 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' +- name: 'Run /usr/share/remoteit/refresh.sh to put a claim code in /etc/remoteit/config.json (if you don''t already have a license key in /etc/remoteit/registration) -- FYI this should spawn 2 "child" services/daemons: schannel & e.g. remoteit@80:00:01:7F:7E:00:56:36.service' command: /usr/share/remoteit/refresh.sh when: remoteit_enabled @@ -59,6 +59,7 @@ name: schannel enabled: no state: stopped + ignore_errors: yes # 2023-06-12: Let's make these rare-but-unavoidable errors RED very intentionally, as below. Thanks to @neomatrixcode for surfacing this GitHub Actions problem, likely arising from inbound ICMP being blocked during remote.it install and/or above refresh.sh setup: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#cloud-hosts-used-by-github-hosted-runners when: not remoteit_enabled - name: Stop & Disable "Remote tcp connection services" remoteit@* found in /etc/systemd/system/multi-user.target.wants/ e.g. remoteit@80:00:01:7F:7E:00:56:36.service From b3f284c35a82b033707441978e2b08ec96910fbd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 13 Jun 2023 00:33:45 -0400 Subject: [PATCH 1155/1758] Update/clarify remote.it's latest pricing/plans --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 8a58110fb..218094d06 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [October 2022](https://remote.it/pricing/), 5 IIAB devices can be managed for free, and an unlimited number can be managed for $10/month. +As of [June 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From 8387cd94a3a82aef1ff04cdd10f40add8da5325a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 15 Jun 2023 09:01:38 -0400 Subject: [PATCH 1156/1758] nextcloud/tasks/install.yml: Clarify Nextcloud 27 reqs --- roles/nextcloud/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 4262bddc5..090c184fc 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -46,12 +46,12 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. -# 2023-03-21: Check the latest required AND recommended prereqs below. -# e.g. Nextcloud 26 now allows installation on PHP 8.2: +# 2023-03-21 & 2023-06-15: Check latest required AND recommended prereqs below. +# e.g. Nextcloud 26 now works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0 # https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/25/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/26/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From 36c5caecd1612f59e60641f806da0088f3ba7c0c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 20 Jun 2023 13:41:41 -0400 Subject: [PATCH 1157/1758] Recommend ansible-core 2.15.1 --- scripts/ansible | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 3ae46a4c9..2a9be4a75 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.14.6] -GOOD_VER=2.14.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.1] +GOOD_VER=2.15.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -216,7 +216,8 @@ if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi -/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core==2.14.6 # 2023-05-22: TEMPORARILY REVERT FROM 2.15.0 UNTIL ansible/ansible#80863 FIXED (e.g. for FreePBX, #3588) +# 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) +/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do From ed73e94b460baff5d8e36f365f8c3bc2deb72c5a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 20 Jun 2023 14:44:25 -0400 Subject: [PATCH 1158/1758] freepbx.yml: Interim use of 'nohup' for ansible 2.15.x regression --- roles/pbx/tasks/freepbx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index d8632aa5b..521ecedc5 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -238,7 +238,7 @@ chdir: "{{ freepbx_src_dir }}" creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx with_items: - - ./start_asterisk start + - nohup ./start_asterisk start # 2023-06-20: Interim use of 'nohup' until ansible 2.15.x solves regression ansible/ansible#80863 - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} From c6316c1df7cf78c6a23a03f8faab784377f9ff5a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 20 Jun 2023 15:24:15 -0400 Subject: [PATCH 1159/1758] freepbx.yml: Clarify 2-step FreePBX install (1st stab) --- roles/pbx/tasks/freepbx.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 521ecedc5..5a44d86fd 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -232,7 +232,8 @@ dest: /etc/asterisk/cdr_mysql.conf -- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) +# 2023-05-21: Asterisk is normally OFF at this point (but that doesn't matter, either way!) +- name: FreePBX - 2-step install - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) command: "{{ item }}" args: chdir: "{{ freepbx_src_dir }}" From 822c4c2e08c7d0a7282bd425546c08585427be49 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 21 Jun 2023 09:21:39 -0400 Subject: [PATCH 1160/1758] Interim hack to start Asterisk til ansible-core 2.15.x recovers --- roles/pbx/tasks/freepbx.yml | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 5a44d86fd..daa2f4e3c 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -232,16 +232,30 @@ dest: /etc/asterisk/cdr_mysql.conf -# 2023-05-21: Asterisk is normally OFF at this point (but that doesn't matter, either way!) -- name: FreePBX - 2-step install - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) - command: "{{ item }}" +# 2023-05-21: Asterisk is in fact normally OFF at this point (shouldn't matter!) +# - name: FreePBX - Spawn 'nohup ./start_asterisk start' in {{ freepbx_src_dir }} +# command: nohup ./start_asterisk start +# args: +# chdir: "{{ freepbx_src_dir }}" + +# 2023-06-21: Interim use of 'nohup' didn't quite solve ansible 2.15.x +# regression ansible/ansible#80863, which led to PR's #3588 and #3604. +- name: FreePBX - INTERIM USE OF 'systemctl start asterisk' TIL ANSIBLE FIXES 2.15.x REGRESSION ansible/ansible#80863 -- 'nohup ./start_asterisk start' ALSO DOESN'T WORK WITH 2.15.0 AND 2.15.1 + systemd: + name: asterisk + state: started + #enabled: yes + +# 2023-06-21: Commands to try to see if Asterisk has started & stabilized? +# pidof asterisk +# /usr/sbin/asterisk -rx 'core show version' +# journalctl -eu asterisk + +- name: FreePBX - WAIT 5 SECONDS TO SIMULATE './start_asterisk start' (REQUIRED DUE TO ABOVE ANSIBLE BUG) THEN install FreePBX to {{ freepbx_install_dir }} - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) + shell: sleep 5 && ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} args: chdir: "{{ freepbx_src_dir }}" - creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx - with_items: - - nohup ./start_asterisk start # 2023-06-20: Interim use of 'nohup' until ansible 2.15.x solves regression ansible/ansible#80863 - - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} - # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} + #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 From ea3bb783cc65c23258c2d3acb7242bc1974c3bd8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 21 Jun 2023 09:53:43 -0400 Subject: [PATCH 1161/1758] Clarify freepbx.yml hack, to start Asterisk (awaiting ansible-core 2.15.x fix) --- roles/pbx/tasks/freepbx.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index daa2f4e3c..8ca2cd83f 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -240,18 +240,18 @@ # 2023-06-21: Interim use of 'nohup' didn't quite solve ansible 2.15.x # regression ansible/ansible#80863, which led to PR's #3588 and #3604. -- name: FreePBX - INTERIM USE OF 'systemctl start asterisk' TIL ANSIBLE FIXES 2.15.x REGRESSION ansible/ansible#80863 -- 'nohup ./start_asterisk start' ALSO DOESN'T WORK WITH 2.15.0 AND 2.15.1 +- name: FreePBX - INTERIM USE OF 'systemctl start asterisk' TIL ANSIBLE FIXES 2.15.x REGRESSION ansible/ansible#80863 -- AS EVEN 'nohup ./start_asterisk start' DOESN'T WORK WITH 2.15.0 AND 2.15.1 systemd: name: asterisk state: started #enabled: yes -# 2023-06-21: Commands to try to see if Asterisk has started & stabilized? +# 2023-06-21: Commands to try, to see if Asterisk has started & stabilized? # pidof asterisk # /usr/sbin/asterisk -rx 'core show version' # journalctl -eu asterisk -- name: FreePBX - WAIT 5 SECONDS TO SIMULATE './start_asterisk start' (REQUIRED DUE TO ABOVE ANSIBLE BUG) THEN install FreePBX to {{ freepbx_install_dir }} - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) +- name: FreePBX - WAIT 5 SECONDS TO SIMULATE './start_asterisk start' (REQUIRED DUE TO ABOVE ANSIBLE BUG) THEN... install FreePBX to {{ freepbx_install_dir }} - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) shell: sleep 5 && ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} args: chdir: "{{ freepbx_src_dir }}" From cf724194f81d683b76980510cc26e3ad971447b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 22 Jun 2023 08:00:11 -0400 Subject: [PATCH 1162/1758] Update nextcloud/README.md PHP & prereq links --- roles/nextcloud/README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 2e346a16f..6b4622bcf 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike> -(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini: +(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : - upload_max_filesize - post_max_size @@ -34,10 +34,13 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi - max_input_time - max_input_vars (Moodle 3.11+ requires 5000+ with PHP 8+) -Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/main.yml#L53-L133) +FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle requires). -(4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/php-settings.yml#L55-L110) +(4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: + +- https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml From d7ec19a70b0455b1d07bb2b75528600b1403543a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 22 Jun 2023 08:07:04 -0400 Subject: [PATCH 1163/1758] Fix doc link to www_options/tasks/php-settings.yml --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 6b4622bcf..adea58ee9 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -36,7 +36,7 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle requires). -Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/php-settings.yml#L55-L110) +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/php-settings.yml#L55-L110](../www_options/tasks/php-settings.yml#L55-L110) (4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: From dd2ed569511c5703ccb7c1d019a98bdf855ee048 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 22 Jun 2023 09:27:57 -0400 Subject: [PATCH 1164/1758] nextcloud/README.md: Strike ownyourbits.com (site died) --- roles/nextcloud/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index adea58ee9..64747521b 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -60,8 +60,8 @@ Do not install the [Nextcloud News](https://apps.nextcloud.com/apps/news) app (a Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? -- https://ownyourbits.com/nextcloudpi/ -- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ +- ~https://ownyourbits.com/nextcloudpi/~ +- ~https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/~ - https://github.com/nextcloud/nextcloudpi Please [contact us](https://internet-in-a-box.org/contributing.html) if you can help! From 55caae4eec5d4c17a23f169907410e78847844e3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Jun 2023 05:00:22 -0400 Subject: [PATCH 1165/1758] README.md: Link to FAQ "quick install" tips --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a16a4437d..f2485c06c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible3F)) as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 9b57d39bf5535caf9fbea04358b1afefab740daa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Jun 2023 05:01:54 -0400 Subject: [PATCH 1166/1758] README.md: Fix typo in URL --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f2485c06c..633e0b392 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible3F)) as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 586bfc5cb1abf6b4333a21d3fa89695f115432dc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Jun 2023 09:23:09 -0400 Subject: [PATCH 1167/1758] nodejs/README.md: Soften 64-bit "Zero 2 W" warning --- roles/nodejs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md index 33c6bcb02..7e2716bc9 100644 --- a/roles/nodejs/README.md +++ b/roles/nodejs/README.md @@ -35,7 +35,7 @@ sudo ./runrole --reinstall nodejs Raspberry Pi Zero W Warning --------------------------- -UPDATE: The Zero 2 W released 2021-10-28 is 64-bit (ARMv7) so may or may not have such serious problems... +UPDATE: The Zero 2 W released 2021-10-28 is 64-bit (ARMv7) so may not have such serious problems... On the original Raspberry Pi Zero W (ARMv6) however: Node.js applications like Internet Archive, JupyterHub, Node-RED, PBX (Asterisk/FreePBX) and Sugarizer won't work — if you installed Node.js while on Raspberry Pi 3, 3 B+ (ARMv7) or Raspberry Pi 4 (ARMv8). From 4be4ac68d435492229f278787ac82810e7fe4f66 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 27 Jun 2023 17:02:11 -0400 Subject: [PATCH 1168/1758] usb_lib/tasks/install.yml: Fix exFAT doc URL --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 5db37908b..e0699a652 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -78,7 +78,7 @@ # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... -# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml#L22-L23 +# SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 - name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf lineinfile: regexp: '^FILESYSTEMS=.*' From 712b26c4025608c1eaf3c8f0afb483295f3d95dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:29:13 -0400 Subject: [PATCH 1169/1758] MediaWiki 1.40.0 (new release) --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 16943b39a..aa695a65c 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.39 # "1.35" also works -mediawiki_minor_version: 3 +mediawiki_major_version: 1.40 # "1.35" also works +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 975ce2f54e1fee82ba6412641b47a51ac078921d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 2 Jul 2023 14:06:22 -0400 Subject: [PATCH 1170/1758] PR #3605: Add "1.40" quotes for trailing zero --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index aa695a65c..22cd060ad 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.40 # "1.35" also works +mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" From 6cf233b33201ff4c583f5bdc4e843042529cb42b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 12:11:10 -0400 Subject: [PATCH 1171/1758] calibre-web-nginx.conf.j2: Quote all 3 URL params --- roles/calibre-web/templates/calibre-web-nginx.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/templates/calibre-web-nginx.conf.j2 b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 index d1f2da25b..2ebfe47fe 100644 --- a/roles/calibre-web/templates/calibre-web-nginx.conf.j2 +++ b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 @@ -5,7 +5,7 @@ location {{ calibreweb_url1 }}/ { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url1 }}; + proxy_set_header X-Script-Name "{{ calibreweb_url1 }}"; proxy_pass http://127.0.0.1:8083; } @@ -14,7 +14,7 @@ location {{ calibreweb_url2 }}/ { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url2 }}; + proxy_set_header X-Script-Name "{{ calibreweb_url2 }}"; proxy_pass http://127.0.0.1:8083; } @@ -23,6 +23,6 @@ location {{ calibreweb_url3 }}/ { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name {{ calibreweb_url3 }}; + proxy_set_header X-Script-Name "{{ calibreweb_url3 }}"; proxy_pass http://127.0.0.1:8083; } From 65295a100c07d1779da839b071643b82f122b22a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 22:30:01 -0400 Subject: [PATCH 1172/1758] Softcode calibreweb_repo_url in install.yml --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index ebeefb6d7..17640c3ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -45,7 +45,7 @@ ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 - name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: - repo: https://github.com/janeczku/calibre-web.git + repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes depth: 1 From 8df3848b96319daaebf5c3c5d6a9b7bf403c7f6a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 22:31:51 -0400 Subject: [PATCH 1173/1758] Softcode calibreweb_repo_url in defaults/main.yml --- roles/calibre-web/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 7abab0bd8..250deeaf6 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -14,6 +14,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 calibreweb_venv_path: /usr/local/calibre-web-py3 From 41f4617a4f70cdbf2d78291b7e120254d28fc6b1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 22:42:16 -0400 Subject: [PATCH 1174/1758] calibre-web/tasks/install.yml: Mention 0.6.20 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 17640c3ed..24f44d0f7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -49,7 +49,7 @@ dest: "{{ calibreweb_venv_path }}" force: yes depth: 1 - version: "{{ calibreweb_version }}" # e.g. master, 0.6.17 + version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 ## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) #- name: Download calibre-web dependencies into vendor subdirectory. From 303498a9d18591864a55a6c82ad735b359be7e17 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 23:01:55 -0400 Subject: [PATCH 1175/1758] Note {{ calibreweb_repo_url }} in Ansible output for #3606 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 24f44d0f7..b8a735587 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -43,7 +43,7 @@ - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 -- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) +- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From c8307501e5e3498a12fcc5392dfa8a4ce9214f69 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jul 2023 23:18:31 -0400 Subject: [PATCH 1176/1758] www_options/tasks/main.yml: Clarify iiab_home_url --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 9e41f6e76..a78b1f7f3 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -12,7 +12,7 @@ - name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.) file: state: directory - path: "{{ doc_root }}{{ iiab_home_url }}" # /library/www/html/home + path: "{{ doc_root }}{{ iiab_home_url }}" # e.g. /library/www/html/home owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: '0755' From c28e5e6a6724417a82f032d9d48f8cb690c253ff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jul 2023 11:16:30 -0400 Subject: [PATCH 1177/1758] calibre-web/tasks/install.yml: Install ffmpeg not just imagemagick --- roles/calibre-web/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index b8a735587..62d55f32f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -6,6 +6,7 @@ - name: "Install packages: imagemagick, python3-netifaces" package: name: + - ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved! - imagemagick - python3-netifaces state: present From e7b314334a283a4ae1cb23b4a8017d4c4f3cec59 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jul 2023 11:20:17 -0400 Subject: [PATCH 1178/1758] Clarify install of ffmpeg during Calibre-Web install --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62d55f32f..36f1ae5e6 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,7 +3,7 @@ register: df1 -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install packages: ffmpeg, imagemagick, python3-netifaces" package: name: - ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved! From c657581e69a08fb78aab04aed0c43fa691a7be56 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jul 2023 14:50:53 -0400 Subject: [PATCH 1179/1758] calibre-web/tasks/install.yml: Update + clean comments! --- roles/calibre-web/tasks/install.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 36f1ae5e6..1c0a9505f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -19,6 +19,7 @@ # - gcc # compiler # state: present # when: python_version is version('3.10', '>=') + - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -43,7 +44,13 @@ - "{{ calibreweb_config }}" # /library/calibre-web/config - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 -## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 +# FYI since May 2021, Calibre-Web (major releases) can be installed with pip: +# https://pypi.org/project/calibreweb/ +# https://github.com/janeczku/calibre-web/issues/456 +# https://github.com/janeczku/calibre-web/issues/677 +# https://github.com/janeczku/calibre-web/pull/927 +# https://github.com/janeczku/calibre-web/pull/1459 + - name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web @@ -52,15 +59,6 @@ depth: 1 version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 -## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) -#- name: Download calibre-web dependencies into vendor subdirectory. -# pip: -# requirements: "{{ calibreweb_path }}/requirements.txt" -# chdir: "{{ calibreweb_path }}" -# extra_args: '--target vendor' -# ignore_errors: True -## -# Implementing this with Ansible command module for now. - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} pip: requirements: "{{ calibreweb_venv_path }}/requirements.txt" From 31644737ae90cf6b8a6e9bb41116e7a152c8a1ee Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 16 Jul 2023 16:02:11 -0400 Subject: [PATCH 1180/1758] New Gitea release 1.20 --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index fff7e0b28..1bbdb828c 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.19 # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. +gitea_version: "1.20" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 831fdad5dd013c9ea6c06fb04ba390e8ae96c42b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 16 Jul 2023 18:21:42 -0400 Subject: [PATCH 1181/1758] Patch app.ini.j2 for Gitea 1.20 --- roles/gitea/defaults/main.yml | 2 +- roles/gitea/tasks/install.yml | 6 +++--- roles/gitea/templates/app.ini.j2 | 28 +++++++++++++++++++++------- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 1bbdb828c..e2311c804 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -19,7 +19,7 @@ iset_suffixes: gitea_iset_suffix: "{{ iset_suffixes[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) -gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" +gitea_download_url: "https://dl.gitea.com/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" gitea_integrity_url: "{{ gitea_download_url }}.asc" gitea_root_directory: "{{ content_base }}/gitea" # /library/gitea diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index c46abbdab..592e148f3 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -48,10 +48,10 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~108 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" - dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16 + dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.20 mode: 0775 timeout: "{{ download_timeout }}" @@ -63,7 +63,7 @@ - name: Verify Gitea binary with GPG signature shell: | - gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }} + gpg --keyserver keys.openpgp.org --recv {{ gitea_gpg_key }} gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }} ignore_errors: yes diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2 index 00d503fdb..98add8b15 100644 --- a/roles/gitea/templates/app.ini.j2 +++ b/roles/gitea/templates/app.ini.j2 @@ -2,7 +2,8 @@ ; Copy required sections to your own app.ini (default is custom/conf/app.ini) ; and modify as needed. -; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation. +; see https://docs.gitea.com/administration/config-cheat-sheet for additional documentation. +; https://docs.gitea.com/next/administration/config-cheat-sheet ; App name that shows in every page title APP_NAME = {{ gitea_display_name }} @@ -23,9 +24,11 @@ DEFAULT_PRIVATE = last ; Global limit of repositories per user, applied at creation time. -1 means no limit MAX_CREATION_LIMIT = -1 ; Mirror sync queue length, increase if mirror syncing starts hanging -MIRROR_QUEUE_LENGTH = 1000 +; 2023-07-16 ERROR: MIRROR_QUEUE_LENGTH = 1000 +; `[repository].MIRROR_QUEUE_LENGTH`. Use new options in `[queue.mirror]` ; Patch test queue length, increase if pull request patch testing starts hanging -PULL_REQUEST_QUEUE_LENGTH = 1000 +; 2023-07-16 ERROR: PULL_REQUEST_QUEUE_LENGTH = 1000 +; `[repository].PULL_REQUEST_QUEUE_LENGTH`. Use new options in `[queue.pr_patch_checker]` ; Preferred Licenses to place at the top of the List ; The name here must match the filename in conf/license or custom/conf/license PREFERRED_LICENSES = Apache License 2.0,MIT License @@ -201,13 +204,22 @@ PPROF_DATA_PATH = data/tmp/pprof LANDING_PAGE = home ; Enables git-lfs support. true or false, default is false. LFS_START_SERVER = false -; Where your lfs files reside, default is data/lfs. -LFS_CONTENT_PATH = {{ gitea_lfs_root }} ; LFS authentication secret, change this yourself LFS_JWT_SECRET = ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. LFS_HTTP_AUTH_EXPIRY = 20m +; lfs [Large File Storage] storage will override storage +; +[lfs] +;STORAGE_TYPE = local +; +; Where your lfs files reside, default is data/lfs. +PATH = {{ gitea_lfs_root }} +; +; override the minio base path if storage type is minio +;MINIO_BASE_PATH = lfs/ + ; Define allowed algorithms and their minimum key length (use -1 to disable a type) [ssh.minimum_key_sizes] ED25519 = 256 @@ -240,7 +252,8 @@ ISSUE_INDEXER_PATH = indexers/issues.bleve ; repo indexer by default disabled, since it uses a lot of disk space REPO_INDEXER_ENABLED = false REPO_INDEXER_PATH = indexers/repos.bleve -UPDATE_BUFFER_LEN = 20 +; 2023-07-16 ERROR: UPDATE_BUFFER_LEN = 20 +; `[indexer].UPDATE_BUFFER_LEN`. Use new options in `[queue.issue_indexer]` MAX_FILE_SIZE = 1048576 [admin] @@ -360,7 +373,8 @@ PAGING_NUM = 10 [mailer] ENABLED = false ; Buffer length of channel, keep it as it is if you don't know what it is. -SEND_BUFFER_LEN = 100 +; 2023-07-16 ERROR: SEND_BUFFER_LEN = 100 +; `[mailer].SEND_BUFFER_LEN`. Use new options in `[queue.mailer]` ; Name displayed in mail title SUBJECT = %(APP_NAME)s ; Mail server From 89148e8214803ea78c20ae666e8a967dd0eb9acf Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 16 Jul 2023 18:38:54 -0400 Subject: [PATCH 1182/1758] Clarify bogus PGP signing of Gitea binary downloads --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 592e148f3..957da4822 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -61,7 +61,7 @@ dest: "{{ gitea_checksum_path }}" timeout: "{{ download_timeout }}" -- name: Verify Gitea binary with GPG signature +- name: Verify Gitea binary with GPG signature ("BAD signature" FALSE ALARMS continue as of 2023-07-16, despite their claims at https://docs.gitea.com/installation/install-from-binary#verify-gpg-signature) shell: | gpg --keyserver keys.openpgp.org --recv {{ gitea_gpg_key }} gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }} From ff6a0cf4d8f92b1fc580d7c23f79ccb31ad4d460 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Jul 2023 22:35:02 -0400 Subject: [PATCH 1183/1758] Recommend ansible-core 2.15.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2a9be4a75..be37b2556 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.1] -GOOD_VER=2.15.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.2] +GOOD_VER=2.15.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 8df708d47393f2c9e24f1469432d054056e9d672 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Jul 2023 22:40:26 -0400 Subject: [PATCH 1184/1758] iiab-install: MIN_ANSIBLE_VER=2.13.11 alongside PR #3610 --- iiab-install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-install b/iiab-install index 2be185afc..bd7185f41 100755 --- a/iiab-install +++ b/iiab-install @@ -10,8 +10,8 @@ ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forc CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' -MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.9 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 +MIN_ANSIBLE_VER=2.13.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 17413fd5703514c19389106628fe306715b3e3cc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Jul 2023 19:15:19 -0400 Subject: [PATCH 1185/1758] calibre-web/README.rst: Outline log levels --- roles/calibre-web/README.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 44df76aa4..cc8fb2b3b 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -56,6 +56,12 @@ You can manage the backend Calibre-Web server with these systemd commands:: systemctl status calibre-web systemctl stop calibre-web +Errors and warnings can be seen if you run:: + + journalctl -u calibre-web + +Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's web **Configuration > Basic Configuration > Logfile Configuration**. + Configuration ------------- From db7d85c50c82d75d462b8002f6b58a8c51659557 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 22 Jul 2023 19:18:55 -0400 Subject: [PATCH 1186/1758] calibre-web/README.rst: Tidy up / clarify --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index cc8fb2b3b..418e4a57a 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -60,7 +60,7 @@ Errors and warnings can be seen if you run:: journalctl -u calibre-web -Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's web **Configuration > Basic Configuration > Logfile Configuration**. +Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration** (details below). Configuration ------------- From 64cdb3869c09b3ac0495faa810b72fb71e774dcc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 24 Jul 2023 22:55:16 -0400 Subject: [PATCH 1187/1758] venv pip requirements.txt tips (e.g. for Calibre-Web) --- roles/calibre-web/tasks/install.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1c0a9505f..96bdda124 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -68,12 +68,13 @@ # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 -# source bin/activate -# python3 -m pip list ('pip list' probably sufficient, likewise below) +# source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) +# python3 -m pip list ('pip list' sufficient *IF* path set above!) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt # deactivate -# https://pip.pypa.io/en/latest/user_guide/#requirements-files +# https://pip.pypa.io/en/stable/user_guide/#requirements-files +# https://pip.pypa.io/en/latest/reference/requirements-file-format/ - name: Install /etc/systemd/system/calibre-web.service from template template: From 3934563ad689456061c400aeb5ea81eb86fd1dce Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 04:28:14 -0400 Subject: [PATCH 1188/1758] Remote.It CLI can no longer coexist with remoteit Device Package --- roles/remoteit/tasks/install.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 4610f63fc..f8905e7ee 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -118,13 +118,18 @@ msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" when: remoteit_arch == "unknown" -- name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) - get_url: - url: "{{ remoteit_cli_url }}" - dest: /usr/bin/remoteit - mode: 0755 - force: yes - timeout: "{{ download_timeout }}" +# 2023-07-26: Remote.It CLI used to coexist fine with their "Device Package" +# e.g. it worked with remoteit apt package 4.17.12 in Q2 2023. +# But no longer--with remoteit apt package 4.18.4 (in Q3 2023) which fails to +# install with error: "Device Package cannot coexist with Remote.It CLI" +# +# - name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) +# get_url: +# url: "{{ remoteit_cli_url }}" # e.g. https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux +# dest: /usr/bin/remoteit +# mode: 0755 +# force: yes +# timeout: "{{ download_timeout }}" # RECORD remote.it AS INSTALLED From 9ac22d65ef87b68329bf77415ac43a84aaae93ca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 04:34:11 -0400 Subject: [PATCH 1189/1758] Remote.It CLI can no longer coexist with remoteit Device Package --- roles/remoteit/defaults/main.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml index 5acf6b379..0011567bd 100644 --- a/roles/remoteit/defaults/main.yml +++ b/roles/remoteit/defaults/main.yml @@ -41,16 +41,19 @@ # SEE https://www.remote.it/download-list # https://www.remote.it/download-list?products=cli to refine arch/URL below # BUT https://docs.remote.it/software/cli/overview can be useful OR stale :/ -remoteit_arch_dict: - armv6: arm-v6 - armv6l: arm-v6 - armv7: arm-v7 - armv7l: arm-v7 - armv8: aarch64 - aarch64: aarch64 - x86_64: x86_64 -remoteit_arch: "{{ remoteit_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) -remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux +# +# 2023-07-26: Remote.It CLI can no longer coexist with their "Device Package" +# SEE remoteit/tasks/install.yml Line ~121. +# remoteit_arch_dict: +# armv6: arm-v6 +# armv6l: arm-v6 +# armv7: arm-v7 +# armv7l: arm-v7 +# armv8: aarch64 +# aarch64: aarch64 +# x86_64: x86_64 +# remoteit_arch: "{{ remoteit_arch_dict[ansible_machine] | default('unknown') }}" # A bit safer than ansible_architecture (see kiwix/defaults/main.yml) +# remoteit_cli_url: https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux # OPTION #1: Run 'sudo iiab-remoteit' after IIAB is installed. From aeb7b60ca7ef3f89a523b29b00712167fe9c8734 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 04:36:46 -0400 Subject: [PATCH 1190/1758] remoteit/tasks/install.yml: Fully excise remote.it CLI --- roles/remoteit/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index f8905e7ee..8d8874f2e 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -113,16 +113,16 @@ mode: 0755 -- name: Fail if architecture remoteit_arch == "unknown" - fail: - msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" - when: remoteit_arch == "unknown" - # 2023-07-26: Remote.It CLI used to coexist fine with their "Device Package" # e.g. it worked with remoteit apt package 4.17.12 in Q2 2023. # But no longer--with remoteit apt package 4.18.4 (in Q3 2023) which fails to # install with error: "Device Package cannot coexist with Remote.It CLI" # +# - name: Fail if architecture remoteit_arch == "unknown" +# fail: +# msg: "Could not find a remote.it CLI binary for CPU architecture \"{{ ansible_architecture }}\"" +# when: remoteit_arch == "unknown" +# # - name: Download OPTIONAL {{ remoteit_cli_url }} (CLI) to /usr/bin/remoteit (755) # get_url: # url: "{{ remoteit_cli_url }}" # e.g. https://downloads.remote.it/cli/latest/remoteit.{{ remoteit_arch }}-linux From c62d986316186821c0f23727bb96fda7e007de1c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 05:02:44 -0400 Subject: [PATCH 1191/1758] remoteit/README.md: CLI can no longer coexist w/ Device Package --- roles/remoteit/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 218094d06..5a6eb663c 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [June 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [July 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" @@ -14,13 +14,13 @@ For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> " 2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. - COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage + 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist](https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage <!-- ### Install remote.it onto an IIAB + register it + authorize services/ports --> ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports <!-- ### OPTION #1: Run `sudo iiab-remoteit` to enable remote.it --> -Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is already installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package. +Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is already installed on your IIAB, most important. 1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB: @@ -158,7 +158,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s <!-- "auto-registration" of remote.it, and other more advanced configuration options, see: --> - https://docs.remote.it - - https://docs.remote.it/developer-tools/cli-usage + - ~https://docs.remote.it/developer-tools/cli-usage~ - https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account - https://support.remote.it - https://support.remote.it/hc/en-us/categories/360003417511-Getting-Started From 8acf624c52c8975a8f1598e8e3fd99297a10feda Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 05:28:12 -0400 Subject: [PATCH 1192/1758] remoteit/README.md: Fix doc URL for #3611 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 5a6eb663c..a6d5774a6 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -14,7 +14,7 @@ For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> " 2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. - 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist](https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage + 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist]([https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132](https://github.com/iiab/iiab/blob/9d27ff04184fc971b0a8737ba0d14b69d433a5ad/roles/remoteit/tasks/install.yml#L116-L132)) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage <!-- ### Install remote.it onto an IIAB + register it + authorize services/ports --> ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports From ff5fc18f183ed4c457dcfcbb56087b325e9f99af Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 05:29:35 -0400 Subject: [PATCH 1193/1758] remoteit/README.md: Really fix doc URL for #3611 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index a6d5774a6..43395bdc7 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -14,7 +14,7 @@ For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> " 2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional. - 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist]([https://github.com/iiab/iiab/blob/remoteit-remove-cli/roles/remoteit/tasks/install.yml#L116-L132](https://github.com/iiab/iiab/blob/9d27ff04184fc971b0a8737ba0d14b69d433a5ad/roles/remoteit/tasks/install.yml#L116-L132)) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage + 2023-07-26 WARNING: IIAB no longer installs the `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), as it can [no longer coexist](https://github.com/iiab/iiab/blob/9d27ff04184fc971b0a8737ba0d14b69d433a5ad/roles/remoteit/tasks/install.yml#L116-L132) with the core `remoteit` Device Package. Whereas in the past the remote.it CLI had offered [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device): "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage <!-- ### Install remote.it onto an IIAB + register it + authorize services/ports --> ### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports From 8b628f96024b415c970348a30df69d040715f618 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 06:43:04 -0400 Subject: [PATCH 1194/1758] calibre-web/README.rst: Clarify ebook-convert may need ~1GB --- roles/calibre-web/README.rst | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 418e4a57a..d55cd0949 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -18,16 +18,18 @@ e-books using an existing Calibre database. Teachers can upload e-books, adjust e-book metadata, and create custom e-book collections ("bookshelves"): https://github.com/janeczku/calibre-web#about -This Ansible role installs Calibre-Web as part of your Internet-in-a-Box (IIAB) -as a possible alternative to Calibre. +This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for +your Internet-in-a-Box (IIAB). -*WARNING: Calibre-Web depends on Calibre's own* ``/usr/bin/ebook-convert`` *program, -so we strongly recommend you also install Calibre during your IIAB -installation!* +*NOTE: Calibre-Web takes advantage of Calibre's own +`/usr/bin/ebook-convert <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ +program if that's installed — so consider installing Calibre during your IIAB +installation — if you tolerate the weighty ~1 GB (of graphical OS libraries) +that Calibre mandates!* -Please note Calibre-Web's Ansible playbook is ``/opt/iiab/iiab/roles/calibre-web`` -whereas its Ansible variables ``calibreweb_*`` do **not** include the dash, -per Ansible recommendations. +Please note Calibre-Web's Ansible playbook is +``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables +``calibreweb_*`` do **not** include the dash, per Ansible recommendations. Using It -------- From 71dfda824b6c12e2ecb51160b0cb4f36ef0577bd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 26 Jul 2023 06:45:44 -0400 Subject: [PATCH 1195/1758] calibre-web/README.rst: URL syntax cleanup --- roles/calibre-web/README.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d55cd0949..011f422eb 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -21,11 +21,11 @@ https://github.com/janeczku/calibre-web#about This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for your Internet-in-a-Box (IIAB). -*NOTE: Calibre-Web takes advantage of Calibre's own +*NOTE: Calibre-Web takes advantage of Calibre's own* `/usr/bin/ebook-convert <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ -program if that's installed — so consider installing Calibre during your IIAB -installation — if you tolerate the weighty ~1 GB (of graphical OS libraries) -that Calibre mandates!* +*program if that's installed — so consider also installing Calibre during your +IIAB installation — if you tolerate the weighty ~1 GB (of graphical OS +libraries) that Calibre mandates!* Please note Calibre-Web's Ansible playbook is ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables From 93d99f9d0ab08d6dadc908bc65506622e9120e38 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 4 Aug 2023 18:51:35 -0400 Subject: [PATCH 1196/1758] calibre-web/README.rst: Clarify "Configuration" buttons --- roles/calibre-web/README.rst | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 011f422eb..a1bf69260 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -14,9 +14,9 @@ Calibre-Web README ================== Calibre-Web provides a clean interface for browsing, reading and downloading -e-books using an existing Calibre database. Teachers can upload e-books, -adjust e-book metadata, and create custom e-book collections ("bookshelves"): -https://github.com/janeczku/calibre-web#about +e-books using a `Calibre <https://calibre-ebook.com/whats-new>`_ database. +Teachers can upload e-books, adjust e-book metadata, and create custom e-book +collections ("bookshelves"): https://github.com/janeczku/calibre-web#about This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for your Internet-in-a-Box (IIAB). @@ -62,19 +62,25 @@ Errors and warnings can be seen if you run:: journalctl -u calibre-web -Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration** (details below). +Log verbosity level can be +`adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ +within Calibre-Web's **Configuration > Basic Configuration > Logfile +Configuration** (details below). Configuration ------------- -To configure Calibre-Web, log in as user 'Admin' then click 'Admin' on top. -Check 'Configuration' options near the bottom of the page. +To configure Calibre-Web browse to http://box/books then click **Guest** to log +in as user **Admin** (default passwords above!) -Critical settings are stored in:: +Then click the leftmost **Admin** button to administer — considering all 3 +**Configuration** buttons further below. + +These critical settings are stored in:: /library/calibre-web/config/app.db -Your e-book metadata is stored in a Calibre-style database:: +Whereas your e-book metadata is stored in a Calibre-style database:: /library/calibre-web/metadata.db From fc75b456bddb6e77b7f57361377a30e7d973b63b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 4 Aug 2023 22:29:48 -0400 Subject: [PATCH 1197/1758] calibre-web/README.rst: Refine links --- roles/calibre-web/README.rst | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index a1bf69260..dfc34c648 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -14,12 +14,15 @@ Calibre-Web README ================== Calibre-Web provides a clean interface for browsing, reading and downloading -e-books using a `Calibre <https://calibre-ebook.com/whats-new>`_ database. +e-books using a `Calibre database <https://manual.calibre-ebook.com/db_api.html>`_. Teachers can upload e-books, adjust e-book metadata, and create custom e-book -collections ("bookshelves"): https://github.com/janeczku/calibre-web#about +collections ("bookshelves"): -This Ansible role installs Calibre-Web, as a modern alternative to Calibre, for -your Internet-in-a-Box (IIAB). +https://github.com/janeczku/calibre-web#about + +This Ansible role installs Calibre-Web, as a modern alternative to +`Calibre <https://calibre-ebook.com/whats-new>`_, +for your Internet-in-a-Box (IIAB). *NOTE: Calibre-Web takes advantage of Calibre's own* `/usr/bin/ebook-convert <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ @@ -29,7 +32,7 @@ libraries) that Calibre mandates!* Please note Calibre-Web's Ansible playbook is ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables -``calibreweb_*`` do **not** include the dash, per Ansible recommendations. +``calibreweb_*`` do **not** include the dash. Using It -------- From 86610263193d3880711e8d45635362f9a462a1f3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 08:01:51 -0400 Subject: [PATCH 1198/1758] calibre-web/README.rst: Overhaul intro --- roles/calibre-web/README.rst | 45 +++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index dfc34c648..8e816ef14 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -13,26 +13,39 @@ Calibre-Web README ================== -Calibre-Web provides a clean interface for browsing, reading and downloading -e-books using a `Calibre database <https://manual.calibre-ebook.com/db_api.html>`_. -Teachers can upload e-books, adjust e-book metadata, and create custom e-book -collections ("bookshelves"): +This Ansible role installs +`Calibre-Web <https://github.com/janeczku/calibre-web#readme>`_ as a modern +client-server alternative to Calibre, for your +`Internet-in-a-Box (IIAB) <https://internet-in-a-box.org>`_. -https://github.com/janeczku/calibre-web#about +Calibre-Web provides a clean web interface for students to browse, read and +download e-books using a +`Calibre-compatible database <https://manual.calibre-ebook.com/db_api.html>`_. -This Ansible role installs Calibre-Web, as a modern alternative to -`Calibre <https://calibre-ebook.com/whats-new>`_, -for your Internet-in-a-Box (IIAB). +Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" +collections — to help students build the best local library! -*NOTE: Calibre-Web takes advantage of Calibre's own* -`/usr/bin/ebook-convert <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ -*program if that's installed — so consider also installing Calibre during your -IIAB installation — if you tolerate the weighty ~1 GB (of graphical OS -libraries) that Calibre mandates!* +.. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg -Please note Calibre-Web's Ansible playbook is -``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables -``calibreweb_*`` do **not** include the dash. +🍒 GURU TIPS 🍒 + +* Calibre-Web takes advantage of Calibre's own `/usr/bin/ebook-convert + <https://manual.calibre-ebook.com/generated/en/ebook-convert.html>`_ program + if that's installed — so consider also installing + `Calibre <https://calibre-ebook.com/whats-new>`_ during your IIAB + installation — *if you tolerate the weighty ~1 GB (of graphical OS libraries) + that Calibre mandates!* + +* If you choose to also install Calibre (e.g. by running + ``sudo apt install calibre``) then you'll get useful e-book + importing/organizing tools like + `/usr/bin/calibredb <https://manual.calibre-ebook.com/generated/en/calibredb.html>`_. + +* WARNING: Calibre-Web's Ansible playbook is + ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables (in + `/etc/iiab/local_vars.yml + <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) + ``calibreweb_*`` do **not** include the dash. Using It -------- From 31c9ef6297aadc887d98ee2f648a5d92dd8b224c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 08:20:39 -0400 Subject: [PATCH 1199/1758] calibre-web/README.rst: Clarify hyphen mess! --- roles/calibre-web/README.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 8e816ef14..ef80c67d4 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -41,11 +41,11 @@ collections — to help students build the best local library! importing/organizing tools like `/usr/bin/calibredb <https://manual.calibre-ebook.com/generated/en/calibredb.html>`_. -* WARNING: Calibre-Web's Ansible playbook is - ``/opt/iiab/iiab/roles/calibre-web`` whereas its Ansible variables (in - `/etc/iiab/local_vars.yml +* WARNING: Calibre-Web's Ansible role (playbook) is + ``/opt/iiab/iiab/roles/calibre-web`` which contains a hyphen, whereas its + Ansible variables (in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) - ``calibreweb_*`` do **not** include the dash. + ``calibreweb_*`` do **not** contain a hyphen! Using It -------- From 11a978b1daf0c89cb4f5d5167f487b0b070a4fc7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 12:00:20 -0400 Subject: [PATCH 1200/1758] scripts/ansible: Install cryptography 40.0.1 on ALL 32-bit arch's --- scripts/ansible | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index be37b2556..0e61dc7f2 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -212,7 +212,8 @@ python3 -m venv /usr/local/ansible # # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ -if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM +#if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM +if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 fi From ceccade90ccd494c754ba75501636f26931c9606 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 13:30:13 -0400 Subject: [PATCH 1201/1758] scripts/ansible: Update doc links --- scripts/ansible | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0e61dc7f2..d8285f680 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -33,23 +33,24 @@ GOOD_VER=2.15.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags -# https://github.com/ansible/ansible/releases (OLD) +# https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.15 +# https://github.com/ansible/ansible/blob/stable-2.15/changelogs/CHANGELOG-v2.15.rst # https://github.com/ansible/ansible/commits/stable-2.14 # https://github.com/ansible/ansible/blob/stable-2.14/changelogs/CHANGELOG-v2.14.rst # https://github.com/ansible/ansible/commits/stable-2.13 # https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst # https://github.com/ansible/ansible/commits/stable-2.12 # https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-v2.12.rst -# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_12.rst # https://pypi.org/project/ansible-core/ -# https://pypi.org/project/ansible-base/ -# https://releases.ansible.com/ansible-core/ +# https://pypi.org/project/ansible-base/ (OLD) +# https://releases.ansible.com/ansible-core/ (OLD) # https://releases.ansible.com/ansible-base/ (OLD) # https://launchpad.net/~ansible # https://launchpad.net/~ansible-gha # https://launchpad.net/~ansible/+archive/ubuntu/ansible # https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 (OLD) -# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ +# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible-core/ # FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743) From b439aa77245aac9fa94b9cd4e49821d123099754 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 5 Aug 2023 14:18:28 -0400 Subject: [PATCH 1202/1758] calibre-web/README.rst: 2 tiny copyedit cleanups --- roles/calibre-web/README.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index ef80c67d4..3957ccd24 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -43,9 +43,9 @@ collections — to help students build the best local library! * WARNING: Calibre-Web's Ansible role (playbook) is ``/opt/iiab/iiab/roles/calibre-web`` which contains a hyphen, whereas its - Ansible variables (in `/etc/iiab/local_vars.yml + Ansible variables ``calibreweb_*`` (in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) - ``calibreweb_*`` do **not** contain a hyphen! + do **not** contain a hyphen! Using It -------- @@ -134,7 +134,7 @@ manually:: cd /usr/local/calibre-web-py3 git pull -This older way *is no longer recommended*:: +This older way is *no longer recommended*:: cd /opt/iiab/iiab ./iiab-install --reinstall # OR: ./iiab-configure From 6fce6c784798ea655c8f4594277ba9ad1310a65a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 10:59:38 -0400 Subject: [PATCH 1203/1758] calibre-web/README.rst: New 'Install It' section --- roles/calibre-web/README.rst | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 3957ccd24..6e167a9e4 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -41,16 +41,25 @@ collections — to help students build the best local library! importing/organizing tools like `/usr/bin/calibredb <https://manual.calibre-ebook.com/generated/en/calibredb.html>`_. -* WARNING: Calibre-Web's Ansible role (playbook) is - ``/opt/iiab/iiab/roles/calibre-web`` which contains a hyphen, whereas its - Ansible variables ``calibreweb_*`` (in `/etc/iiab/local_vars.yml - <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_) - do **not** contain a hyphen! +Install It +---------- + +Install Calibre-Web by setting these 2 variables in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_:: + + calibreweb_install: True + calibreweb_enabled: True + +Then install IIAB (`download.iiab.io <https://download.iiab.io>`_). Or if IIAB's already installed, run:: + + cd /opt/iiab/iiab + sudo ./runrole calibre-web + +NOTE: Calibre-Web's Ansible role (playbook) in `/opt/iiab/iiab/roles <https://github.com/iiab/iiab/tree/master/roles>`_ is ``calibre-web`` which contains a hyphen — *whereas its Ansible variables* ``calibreweb_*`` *do NOT contain a hyphen!* Using It -------- -After installation, try out Calibre-Web at http://box/books (or box.lan/books). +Try Calibre-Web on your own IIAB by browsing to http://box/books (or box.lan/books). Typically students access it without a password (to read and download books) whereas teachers add books using an administrative account, as follows:: From 318ef5aade5a9e4ecba65f989d7cd35432048319 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 11:38:19 -0400 Subject: [PATCH 1204/1758] calibre-web/README.rst: Clarify password recovery --- roles/calibre-web/README.rst | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 6e167a9e4..9ac41ff27 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -59,19 +59,23 @@ NOTE: Calibre-Web's Ansible role (playbook) in `/opt/iiab/iiab/roles <https://gi Using It -------- -Try Calibre-Web on your own IIAB by browsing to http://box/books (or box.lan/books). +Try Calibre-Web on your own IIAB by browsing to http://box/books (or http://box.lan/books). -Typically students access it without a password (to read and download books) -whereas teachers add books using an administrative account, as follows:: +*Students* access it without a password (to read and download books). + +*Teachers* add and arrange books using an administrative account, by clicking **Guest** then logging in with:: Username: Admin Password: changeme -If the default configuration is not found, the Calibre-Web server creates a -new settings file with calibre-web's own default administrative account:: +🍒 GURU TIPS 🍒 - Username: admin - Password: admin123 +* If Calibre-Web's configuration file (app.db) goes missing, the administrative account will revert to:: + + Username: admin + Password: admin123 + +* If you lose your password, you can change it with the ``-s [username]:[newpassword]`` command-line option: https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password Backend ------- From 77b6f79213aa8dc694442f864b3be8d7cc2c62b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 13:02:59 -0400 Subject: [PATCH 1205/1758] calibre-web/README.rst: Touchups --- roles/calibre-web/README.rst | 40 ++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9ac41ff27..9168a5f03 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -23,7 +23,7 @@ download e-books using a `Calibre-compatible database <https://manual.calibre-ebook.com/db_api.html>`_. Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" -collections — to help students build the best local library! +collections — to help students build the best local community library! .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg @@ -77,25 +77,6 @@ Try Calibre-Web on your own IIAB by browsing to http://box/books (or http://box. * If you lose your password, you can change it with the ``-s [username]:[newpassword]`` command-line option: https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password -Backend -------- - -You can manage the backend Calibre-Web server with these systemd commands:: - - systemctl enable calibre-web - systemctl restart calibre-web - systemctl status calibre-web - systemctl stop calibre-web - -Errors and warnings can be seen if you run:: - - journalctl -u calibre-web - -Log verbosity level can be -`adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ -within Calibre-Web's **Configuration > Basic Configuration > Logfile -Configuration** (details below). - Configuration ------------- @@ -119,6 +100,25 @@ See also:: Finally, take note of Calibre-Web's `FAQ <https://github.com/janeczku/calibre-web/wiki/FAQ>`_ and official docs on its `Runtime Configuration Options <https://github.com/janeczku/calibre-web/wiki/Configuration>`_ and `Command Line Interface <https://github.com/janeczku/calibre-web/wiki/Command-Line-Interface>`_. +Backend +------- + +You can manage the backend Calibre-Web server with these systemd commands:: + + systemctl enable calibre-web + systemctl restart calibre-web + systemctl status calibre-web + systemctl stop calibre-web + +Errors and warnings can be seen if you run:: + + journalctl -u calibre-web + +Log verbosity level can be +`adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ +within Calibre-Web's **Configuration > Basic Configuration > Logfile +Configuration** (details below). + Back Up Everything ------------------ From 7b807b4bb0bfd9759727b75d488367a2542972b3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 13:18:36 -0400 Subject: [PATCH 1206/1758] calibre-web/README.rst: Clarify need to run as root --- roles/calibre-web/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9168a5f03..458d8132e 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -110,6 +110,8 @@ You can manage the backend Calibre-Web server with these systemd commands:: systemctl status calibre-web systemctl stop calibre-web +Run all commands `as root <https://unix.stackexchange.com/questions/3063/how-do-i-run-a-command-as-the-system-administrator-root>`_. + Errors and warnings can be seen if you run:: journalctl -u calibre-web @@ -136,7 +138,7 @@ But first: back up your content **and** settings, as explained above. **Also move your /library/calibre-web/config/app.db AND/OR /library/calibre-web/metadata.db out of the way — if you're sure you want to fully reset your Calibre-Web settings (to install defaults) AND/OR remove all -e-book metadata! Then run**:: +e-book metadata! Then run, as root**:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web From 6a0ad0c5ae9521a604269a2b2dd8cbf2de13ce46 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 14:52:28 -0400 Subject: [PATCH 1207/1758] calibre-web/README.rst: Tighten up systemctl examples --- roles/calibre-web/README.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 458d8132e..1076f7ce8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -103,12 +103,11 @@ Finally, take note of Calibre-Web's `FAQ <https://github.com/janeczku/calibre-we Backend ------- -You can manage the backend Calibre-Web server with these systemd commands:: +You can manage the backend Calibre-Web server with systemd commands like:: - systemctl enable calibre-web - systemctl restart calibre-web systemctl status calibre-web systemctl stop calibre-web + systemctl restart calibre-web Run all commands `as root <https://unix.stackexchange.com/questions/3063/how-do-i-run-a-command-as-the-system-administrator-root>`_. From b3e682f24e59cf0d16797b946a08e186fa6adef9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 14:59:53 -0400 Subject: [PATCH 1208/1758] calibre-web/README.rst: Fix to "details above" --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 1076f7ce8..37be1bcc0 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -118,7 +118,7 @@ Errors and warnings can be seen if you run:: Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's **Configuration > Basic Configuration > Logfile -Configuration** (details below). +Configuration** (details above). Back Up Everything ------------------ From 79a22d5af6b55f8e441d058eaa5c3fc4ab4c5b12 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 15:57:15 -0400 Subject: [PATCH 1209/1758] calibre-web/README.rst: Try for < 80 chars for source readability --- roles/calibre-web/README.rst | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 37be1bcc0..d213dc9fa 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -44,38 +44,48 @@ collections — to help students build the best local community library! Install It ---------- -Install Calibre-Web by setting these 2 variables in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_:: +Install Calibre-Web by setting these 2 variables in +`/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_:: calibreweb_install: True calibreweb_enabled: True -Then install IIAB (`download.iiab.io <https://download.iiab.io>`_). Or if IIAB's already installed, run:: +Then install IIAB (`download.iiab.io <https://download.iiab.io>`_). Or if +IIAB's already installed, run:: cd /opt/iiab/iiab sudo ./runrole calibre-web -NOTE: Calibre-Web's Ansible role (playbook) in `/opt/iiab/iiab/roles <https://github.com/iiab/iiab/tree/master/roles>`_ is ``calibre-web`` which contains a hyphen — *whereas its Ansible variables* ``calibreweb_*`` *do NOT contain a hyphen!* +NOTE: Calibre-Web's Ansible role (playbook) in +`/opt/iiab/iiab/roles <https://github.com/iiab/iiab/tree/master/roles>`_ is +``calibre-web`` which contains a hyphen — *whereas its Ansible variables* +``calibreweb_*`` *do NOT contain a hyphen!* Using It -------- -Try Calibre-Web on your own IIAB by browsing to http://box/books (or http://box.lan/books). +Try Calibre-Web on your own IIAB by browsing to http://box/books (or +http://box.lan/books). *Students* access it without a password (to read and download books). -*Teachers* add and arrange books using an administrative account, by clicking **Guest** then logging in with:: +*Teachers* add and arrange books using an administrative account, by clicking +**Guest** then logging in with:: Username: Admin Password: changeme 🍒 GURU TIPS 🍒 -* If Calibre-Web's configuration file (app.db) goes missing, the administrative account will revert to:: +* If Calibre-Web's configuration file (app.db) goes missing, the administrative + account will revert to:: Username: admin Password: admin123 -* If you lose your password, you can change it with the ``-s [username]:[newpassword]`` command-line option: https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password +* If you lose your password, you can change it with the + ``-s [username]:[newpassword]`` command-line option: + https://github.com/janeczku/calibre-web/wiki/FAQ#what-do-i-do-if-i-lose-my-admin-password Configuration ------------- @@ -98,7 +108,12 @@ See also:: /library/calibre-web/metadata_db_prefs_backup.json -Finally, take note of Calibre-Web's `FAQ <https://github.com/janeczku/calibre-web/wiki/FAQ>`_ and official docs on its `Runtime Configuration Options <https://github.com/janeczku/calibre-web/wiki/Configuration>`_ and `Command Line Interface <https://github.com/janeczku/calibre-web/wiki/Command-Line-Interface>`_. +Finally, take note of Calibre-Web's +`FAQ <https://github.com/janeczku/calibre-web/wiki/FAQ>`_ and official docs on +its +`Runtime Configuration Options <https://github.com/janeczku/calibre-web/wiki/Configuration>`_ +and +`Command Line Interface <https://github.com/janeczku/calibre-web/wiki/Command-Line-Interface>`_. Backend ------- @@ -109,7 +124,8 @@ You can manage the backend Calibre-Web server with systemd commands like:: systemctl stop calibre-web systemctl restart calibre-web -Run all commands `as root <https://unix.stackexchange.com/questions/3063/how-do-i-run-a-command-as-the-system-administrator-root>`_. +Run all commands +`as root <https://unix.stackexchange.com/questions/3063/how-do-i-run-a-command-as-the-system-administrator-root>`_. Errors and warnings can be seen if you run:: From 61f3d4a9c20fb930365fbda9c2a11f42b9da8d90 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 6 Aug 2023 21:52:06 -0400 Subject: [PATCH 1210/1758] calibre-web/README.rst: Small refinements --- roles/calibre-web/README.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d213dc9fa..d8f89c591 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -140,15 +140,15 @@ Back Up Everything ------------------ Please back up the entire folder ``/library/calibre-web`` before upgrading — -as it contains your Calibre-Web content **and** settings! +as it contains your Calibre-Web content **and** configuration settings! Upgrading --------- -Reinstalling Calibre-Web automatically upgrades to the latest version if your +"Reinstalling" Calibre-Web automatically installs the latest version — if your Internet-in-a-Box (IIAB) is online. -But first: back up your content **and** settings, as explained above. +But first: back up your content **and** configuration settings, as explained above. **Also move your /library/calibre-web/config/app.db AND/OR /library/calibre-web/metadata.db out of the way — if you're sure you want to From 50cded27f2f11b00871b65bf00d37e96499479bb Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 10 Aug 2023 03:32:08 -0400 Subject: [PATCH 1211/1758] scripts/ansible: python3-cryptography for 32-bit i386 e.g. i686 --- scripts/ansible | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index d8285f680..ab6aa16bb 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -213,9 +213,14 @@ python3 -m venv /usr/local/ansible # # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ -#if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM -if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! - /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 +if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! + if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 + else + # 2023-08-10: Installs cryptography 38.0.4 on Debian 12.1 when + # `dpkg --print-architecture` is i386 e.g. `uname -m` is i686 + $APT_PATH/apt -y install python3-cryptography + fi fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) From 6c648cbd9bd40d3eccec6fc775d39266864374bc Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 10 Aug 2023 03:54:18 -0400 Subject: [PATCH 1212/1758] Clarify 'apt install python3-cryptography' for i386 Ansible --- scripts/ansible | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ab6aa16bb..fc78d36b6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -217,8 +217,9 @@ if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 else - # 2023-08-10: Installs cryptography 38.0.4 on Debian 12.1 when - # `dpkg --print-architecture` is i386 e.g. `uname -m` is i686 + # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # `dpkg --print-architecture` was i386 and `uname -m` was i686: $APT_PATH/apt -y install python3-cryptography fi fi From 8a323c6799704aa49cb8387e5f4095bb2d21b869 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 10 Aug 2023 05:15:26 -0400 Subject: [PATCH 1213/1758] scripts/install_python2.sh: Bullseye apt sources for i386 Debian --- scripts/install_python2.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 50089b4e1..d186c8cbe 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -63,6 +63,16 @@ EOF cat << EOF > /etc/apt/sources.list.d/python2.list deb http://ports.ubuntu.com/ jammy main universe deb http://ports.ubuntu.com/ jammy-updates main universe +EOF + fi + ;; + + "i386") + # Building on scripts/ansible fix PR #3615 + if grep -q '^ID=debian$' /etc/os-release; then + cat << EOF > /etc/apt/sources.list.d/python2.list +deb http://deb.debian.org/debian bullseye main contrib non-free +deb http://deb.debian.org/debian bullseye-updates main contrib non-free EOF fi ;; From ba596cb5a3737648e829f9726e75d2af353334e3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 10 Aug 2023 22:54:02 -0400 Subject: [PATCH 1214/1758] Brute Force 'apt install ansible-core' on 32-bit legacy i386 --- scripts/ansible | 57 +++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index fc78d36b6..1673273b6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -200,37 +200,42 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -# 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask -# that virtual environments (venv) be used to safely isolate pip installs: -# https://peps.python.org/pep-0668 -echo -e "\nCreate virtual environment for Ansible" -python3 -m venv /usr/local/ansible +if [[ $(dpkg --print-architecture) == i386 ]]; then + # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 + # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! + $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 +else + # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask + # that virtual environments (venv) be used to safely isolate pip installs: + # https://peps.python.org/pep-0668 + echo -e "\nCreate virtual environment for Ansible" + python3 -m venv /usr/local/ansible -# "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: -# if ! grep -qi ubuntu /etc/os-release; then -# -# if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then -# -# 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. -# Release problems chart: https://www.piwheels.org/project/cryptography/ -if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! + # "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: + # if ! grep -qi ubuntu /etc/os-release; then + # + # if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then + # + # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. + # Release problems chart: https://www.piwheels.org/project/cryptography/ + # if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 - else - # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # `dpkg --print-architecture` was i386 and `uname -m` was i686: - $APT_PATH/apt -y install python3-cryptography + # else + # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # $APT_PATH/apt -y install python3-cryptography fi -fi -# 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) -/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core -echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" -cd /usr/local/ansible/bin -for bin in ansible*; do - ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" -done + # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) + /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core + echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" + cd /usr/local/ansible/bin + for bin in ansible*; do + ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" + done +fi # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 2c38bf505cc7d98ee1ea91402328302465d43bff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 11 Aug 2023 18:22:31 -0400 Subject: [PATCH 1215/1758] iiab-diagnostics: Change pastebin service (sprunge.us -> paste2.org) --- scripts/iiab-diagnostics | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 89ddd3311..a74dba058 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -265,10 +265,11 @@ echo -e "\e[1m" if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " #pastebinit -b dpaste.com < $outfile - pastebinit -b sprunge.us < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs + #pastebinit -b sprunge.us < $outfile + pastebinit -b paste2.org < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b sprunge.us < $outfile" + echo -e " pastebinit -b paste2.org < $outfile" fi echo -e "\e[0m" From 8ce25a7a205d3d56dda04de1870b72bea82c3388 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 11 Aug 2023 20:37:24 -0400 Subject: [PATCH 1216/1758] iiab-diagnostics: Change pastebin service (paste2.org -> dpaste.com) --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a74dba058..8eef6f39b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -264,12 +264,12 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " - #pastebinit -b dpaste.com < $outfile - #pastebinit -b sprunge.us < $outfile - pastebinit -b paste2.org < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs + #pastebinit -b sprunge.us < $outfile # Stopped working mid-2023 + #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins + pastebinit -b dpaste.com < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b paste2.org < $outfile" + echo -e " pastebinit -b dpaste.com < $outfile" fi echo -e "\e[0m" From e2948a99faaa641d85b434bb56c2a62329f13862 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 12 Aug 2023 11:22:04 -0400 Subject: [PATCH 1217/1758] iiab-diagnostics.README.md: sprunge.us -> dpaste.com for #3619 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index a6d8a3f9e..abe6b22c8 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b dpaste.com < /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From 62e5c0ccb33fa2d64600446892ff7ab6fdc5959e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 14 Aug 2023 15:40:00 -0400 Subject: [PATCH 1218/1758] scripts/ansible: Recommend ansible-core 2.15.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1673273b6..1e6f2c38a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.2] -GOOD_VER=2.15.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.3] +GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 4508a94528bd1b69429ff89d4a749d7177a05e84 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 14 Aug 2023 15:54:49 -0400 Subject: [PATCH 1219/1758] local_facts.fact: Deprecate support for EOL'd Ubuntu 22.10 --- scripts/local_facts.fact | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 885fbec8e..f4f86cb17 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -70,6 +70,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2004" | \ #"ubuntu-2104" | \ #"ubuntu-2110" | \ + #"ubuntu-2210" | \ #"linuxmint-20" | \ #"raspbian-8" | \ #"raspbian-9" | \ @@ -83,7 +84,6 @@ case $OS_VER in "debian-12" | \ "debian-13" | \ "ubuntu-2204" | \ - "ubuntu-2210" | \ "ubuntu-2304" | \ "ubuntu-2310" | \ "linuxmint-21" | \ From d3c3a63db36f05525eebde44e602f198f60b7654 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 15 Aug 2023 17:37:16 -0400 Subject: [PATCH 1220/1758] local_facts.fact: Welcome Ubuntu 24.04 testing starting in Oct/Nov --- scripts/local_facts.fact | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index f4f86cb17..aab8e81a2 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -86,6 +86,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2304" | \ "ubuntu-2310" | \ + "ubuntu-2404" | \ "linuxmint-21" | \ "raspbian-11" | \ "raspbian-12") From 14fc8a1cce285114cde44d088ad293d035acb116 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 17 Aug 2023 15:02:03 -0400 Subject: [PATCH 1221/1758] nextcloud/tasks/install.yml: Revise disk space estimate to ~591 MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 090c184fc..0d82351d5 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -108,7 +108,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~543 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 35006bff5fbfc832e8840d916da58e5272ddf2f8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 09:35:56 -0400 Subject: [PATCH 1222/1758] nextcloud/tasks/install.yml: Clarify ~162MB d/l unpacks to ~555MB --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0d82351d5..dafff5ad4 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -108,7 +108,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~140 MB) to {{ nextcloud_root_dir }} (~519 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~162 MB) to {{ nextcloud_root_dir }} (~555 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 3a37ab385d60b452a62fc5fed12e99972b1d52ce Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 09:42:26 -0400 Subject: [PATCH 1223/1758] sugarizer/tasks/install.yml: Note ~748MB /opt/iiab/sugarizer-1.7.0 --- roles/sugarizer/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index e0f973037..c37b4c6de 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -34,7 +34,7 @@ # 2. DOWNLOAD+LINK /opt/iiab/sugarizer -- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~740 MB) +- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~748 MB) git: repo: https://github.com/llaske/sugarizer dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}" From d0158ec50b18268cc89f9d2f9bca55143e608ba3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 10:27:04 -0400 Subject: [PATCH 1224/1758] Force nginx_high_php_limits / 'memory_limit = 512M' if 'nextcloud_install: True' --- roles/nginx/templates/server.conf.j2 | 4 ++-- roles/www_options/tasks/php-settings.yml | 12 ++++++------ vars/default_vars.yml | 9 +++++---- vars/local_vars_large.yml | 9 +++++---- vars/local_vars_medium.yml | 9 +++++---- vars/local_vars_small.yml | 9 +++++---- vars/local_vars_unittest.yml | 9 +++++---- 7 files changed, 33 insertions(+), 28 deletions(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..53eddef18 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -10,8 +10,8 @@ server { # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 500M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: - # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 - # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 + # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L90-L91 + # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L104-L105 # 2. 'client_max_body_size 512M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 client_max_body_size 500M; diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 39a2a0bce..3cdd2b887 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -64,7 +64,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install + when: not nginx_high_php_limits and not moodle_install and not nextcloud_install - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: @@ -78,10 +78,10 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: not nginx_high_php_limits and not moodle_install + when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -93,9 +93,9 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install + when: nginx_high_php_limits or moodle_install or nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle or INTENSIVE use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -107,7 +107,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - when: nginx_high_php_limits or moodle_install + when: nginx_high_php_limits or moodle_install or nextcloud_install # To tweak .ini files, Ansible's ini_file is normally better than lineinfile: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 509a52028..f9d208d5e 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -340,11 +340,12 @@ nmb_service: nmbd # Could move to roles/samba/defaults/main.yml # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7a98cfa37..95226d852 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 237063f15..78eaaf4f9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 83c58e62a..3ee17ff7a 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 940142665..0a6ed4a72 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -211,11 +211,12 @@ samba_enabled: False # roles/www_options HANDLES THE 3 VARS BELOW: -# For schools using Moodle, or intensively using Matomo/Nextcloud/PBX/WordPress: +# Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' -# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively +# force this, via roles/www_options & roles/moodle & roles/nextcloud +# WARNING: This might cause excess use of RAM/disk or other resources! +# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf From 3f1d25bb44273b06d29ac4ab5e0834dab127db8f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 10:45:33 -0400 Subject: [PATCH 1225/1758] Also run php-settings.yml if nginx_high_php_limits --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index a78b1f7f3..d41607982 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -61,7 +61,7 @@ # WordPress) so './runrole <ROLE>' and similar are fully self-sufficient! - name: "Run php-settings.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" include_tasks: php-settings.yml - when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From 34091ba16dfd17c350c5af7a9011fd635c287790 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 15:55:28 -0400 Subject: [PATCH 1226/1758] 'apt install gpg' required on Debian 12+ for apt installs of gitea, kolibri, mongodb, yarn --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index ad80ef98b..1e594131b 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 17 common packages: acpid, bzip2, cron, curl, gawk, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 18 common packages: acpid, bzip2, cron, curl, gawk, gpg, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events @@ -11,6 +11,7 @@ #- exfat-fuse # 28kB download: 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out #- exfat-utils # 41kB download: Ditto! See also 'ntfs-3g' below - gawk # 533kB download + - gpg # 884kB download: Debian 12+ (especially!) require this for apt installs of gitea, kolibri, mongodb, yarn - htop # 109kB download: RasPiOS installs this regardless - i2c-tools # 78kB download: Low-level bus/chip/register/EEPROM tools e.g. for RTC - logrotate # 67kB download: RasPiOS installs this regardless From 25d8d6a0c8357624829d391d6dc19fcaf913fe20 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 24 Aug 2023 18:50:44 -0400 Subject: [PATCH 1227/1758] nextcloud/tasks/install.yml: Mention 'nginx_high_php_limits: True' behavior #3624 --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index dafff5ad4..f512fcad7 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -93,7 +93,7 @@ # state: present # when: php_version is version('8.0', '<') -- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default" +- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: True' by default" include_tasks: roles/www_options/tasks/php-settings.yml when: php_settings_done is undefined From 1c74b55a7fa87f36d601f878fb51a40a1ec2dcaf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 30 Aug 2023 07:47:28 -0400 Subject: [PATCH 1228/1758] iiab-diagnostics: Include Node.js and npm versions --- scripts/iiab-diagnostics | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 8eef6f39b..75d9a2e52 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -224,6 +224,8 @@ cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' cat_cmd 'env' 'Environment variables' +cat_cmd 'node -v' 'Node.js version' +cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From 2b1a8f548aee36f174269119dc46f4d2eacf62a6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 30 Aug 2023 07:51:28 -0400 Subject: [PATCH 1229/1758] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index abe6b22c8..4a26c3076 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-246 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-248 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 1afd6f81e93f53478e1e4a569bc7a02975e207ef Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:08:36 -0400 Subject: [PATCH 1230/1758] default_vars.yml: sudo iiab-network --- vars/default_vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f9d208d5e..062a2f749 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -193,7 +193,7 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network # dnsmasq - handles DHCP and DNS dnsmasq_install: True @@ -209,7 +209,7 @@ dnsmasq_enabled: True #named_enabled: False block_DNS: False -# Enable in local_vars.yml AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable in local_vars.yml AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False # UNMAINTAINED as of October 2017: https://github.com/iiab/iiab/pull/382 @@ -250,7 +250,7 @@ openvpn_server_port: 1194 # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From c046ac72bb67388f816f10132c37b45326b7ab31 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:15:07 -0400 Subject: [PATCH 1231/1758] local_vars_unittest.yml: sudo iiab-network --- vars/local_vars_unittest.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 0a6ed4a72..9fd0605a6 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: UNITTEST - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From 251c92539e9b5b98fb720958b5142a27e6dda11b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:16:57 -0400 Subject: [PATCH 1232/1758] local_vars_small.yml: sudo iiab-network --- vars/local_vars_small.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 3ee17ff7a..be689cd52 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: SMALL - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From a609f3041afd8b47615cc3a27b589aad7c2d8c8c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:18:28 -0400 Subject: [PATCH 1233/1758] local_vars_medium.yml: sudo iiab-network --- vars/local_vars_medium.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 78eaaf4f9..829b6fb6c 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: MEDIUM-sized - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From afa0a497bebc1c0088f01d19469983ff28100db3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 31 Aug 2023 20:20:13 -0400 Subject: [PATCH 1234/1758] local_vars_large.yml: sudo iiab-network --- vars/local_vars_large.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 95226d852..c1ce47ec6 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -124,9 +124,9 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables -# And then run: cd /opt/iiab/iiab; ./iiab-network +# And then run: sudo iiab-network -# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +# Enable AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False @@ -154,7 +154,7 @@ openvpn_handle: LARGE - Put Your Name Here # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run -# "cd /opt/iiab/iiab; sudo ./iiab-network"). Design under discussion: #2876 +# "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From 7430573573111267baeb14bd2097081335f84381 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 6 Sep 2023 15:12:32 -0400 Subject: [PATCH 1235/1758] local_vars_large.yml: Set Lokole to False/False due to mkwvconf --- vars/local_vars_large.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c1ce47ec6..7b108429f 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -245,8 +245,8 @@ jupyterhub_install: True jupyterhub_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca -lokole_install: True # 2022-03-13: Python 3.9+ work -lokole_enabled: True # https://github.com/iiab/iiab/issues/3132 +lokole_install: False # 2023-09-06: wheel for mkwvconf still +lokole_enabled: False # missing from Ubuntu 23.10 (#3572) # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: True From b9a5a67c7499ad7dd635736ffb0e1eadebeb9d22 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 6 Sep 2023 16:38:11 -0400 Subject: [PATCH 1236/1758] nodejs/tasks/install.yml: nodesource.com requires NEW install method --- roles/nodejs/tasks/install.yml | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 830b1e002..96e1ec9df 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -95,27 +95,39 @@ # apt install ./nodejs_18.11.0-deb-1nodesource1_amd64.deb # SMARTER + CLEANER THAN: dpkg -i nodejs_18... # echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml -- name: Try 'curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list - shell: curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - +- name: Try NEW (since August 2023) approach setting up /etc/apt/keyrings/nodesource.gpg and /etc/apt/sources.list.d/nodesource.list -- per https://github.com/nodesource/distributions#installation-instructions + shell: | + mkdir -p /etc/apt/keyrings + rm -f /etc/apt/keyrings/nodesource.gpg + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main" > /etc/apt/sources.list.d/nodesource.list register: curl_nodesource ignore_errors: yes - #args: - # warn: no - # creates: /etc/apt/sources.list.d/nodesource.list -- name: Remove /etc/apt/sources.list.d/nodesource.list if install failed above +# 2023-09-06: OBSOLETE as nodesource.com no longer supports https://deb.nodesource.com/node_{{ nodejs_version }}/dists/ +# - name: Try 'curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list +# shell: curl -fsSL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - +# register: curl_nodesource +# ignore_errors: yes +# #args: +# # warn: no +# # creates: /etc/apt/sources.list.d/nodesource.list + +- name: Remove /etc/apt/sources.list.d/nodesource.list if above failed file: path: /etc/apt/sources.list.d/nodesource.list state: absent when: curl_nodesource.failed -- name: Install latest Node.js -- includes /usr/bin/npm if nodesource installed above - package: +- name: Install Node.js -- also includes /usr/bin/npm if nodesource.list installed above + apt: #name: nodejs={{ nodejs_version }} name: nodejs state: latest # Equivalent to 'state: present' ? + update_cache: yes -- name: Also install latest npm (OS's) if nodesource failed to install above -- i.e. if OS not yet supported by https://github.com/nodesource/distributions#deb and https://deb.nodesource.com/node_{{ nodejs_version }}/dists/ +# Also run 'npm install -g npm' later, if you truly want the LATEST! +- name: Also install latest npm (OS's) if nodesource failed to install above -- i.e. if OS not yet supported by https://github.com/nodesource/distributions package: name: npm state: latest # Equivalent to 'state: present' ? From 5193ea2a44f8700efbac230bdd792fc8b1ca28ac Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 7 Sep 2023 17:32:53 -0400 Subject: [PATCH 1237/1758] scripts/ansible: Eval piwheels / cryptography fix on 32-bit "RasPiOS 12" --- scripts/ansible | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1e6f2c38a..5f68a0dbe 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -219,14 +219,17 @@ else # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ # if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! - if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 - # else - # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # # `dpkg --print-architecture` was i386 and `uname -m` was i686: - # $APT_PATH/apt -y install python3-cryptography - fi + # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates + # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) + # on pre-release 32-bit RasPiOS 12... (#3526) + # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + # /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 + # # else + # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # # $APT_PATH/apt -y install python3-cryptography + # fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core From 5da0b600579cd422c9e82f1a49acc533c0947973 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 7 Sep 2023 22:15:56 -0400 Subject: [PATCH 1238/1758] iiab-diagnostics: pastebinit service back to sprunge.us --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 75d9a2e52..49927c881 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -265,13 +265,13 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " - #pastebinit -b sprunge.us < $outfile # Stopped working mid-2023 + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023) #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins - pastebinit -b dpaste.com < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs + #pastebinit -b dpaste.com < $outfile # Claims 1,000,000 character maximum pastebin size, but not reliable else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b dpaste.com < $outfile" + echo -e " pastebinit -b sprunge.us < $outfile" fi echo -e "\e[0m" From d585def5d338f1fca3fd6cdb24c6392bbcaedff1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 7 Sep 2023 22:17:35 -0400 Subject: [PATCH 1239/1758] iiab-diagnostics.README.md: Change dpaste.com back to sprunge.us --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 4a26c3076..1d0feab6c 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b dpaste.com < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From 8ef8752ad7fb2f819d903deab8afb954dfdc43b0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 11:37:32 -0400 Subject: [PATCH 1240/1758] scripts/ansible: Evaluate 'apt install ansible-core' on 32-bit RasPiOS --- scripts/ansible | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1e6f2c38a..af31ca78d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -200,7 +200,12 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -if [[ $(dpkg --print-architecture) == i386 ]]; then +# 2023-09-08: 'apt install ansible-core' is overweight, but @EMG70 is trying it +# on "32-bit" RasPiOS 12 too (regardless if it boot 32-bit or 64-bit kernel). +# Ugly hack sufficient across the board, on all OS's purporting to be 32-bit? +# (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) +if ! dpkg --print-architecture | grep -q 64; then +#if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 From b38b45e27ce34b1e5e849a194fc82b44517e349d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 11:55:37 -0400 Subject: [PATCH 1241/1758] scripts/ansible: Clarify 'apt install ansible-core' test on "32-bit" OS's --- scripts/ansible | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index af31ca78d..1c9ac3c4d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -201,9 +201,11 @@ $APT_PATH/apt update $APT_PATH/apt -y install python3-venv # 2023-09-08: 'apt install ansible-core' is overweight, but @EMG70 is trying it -# on "32-bit" RasPiOS 12 too (regardless if it boot 32-bit or 64-bit kernel). -# Ugly hack sufficient across the board, on all OS's purporting to be 32-bit? -# (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) +# on "32-bit" RasPiOS 12 too (regardless if it boots 32-bit or 64-bit kernel, +# i.e. whether or not booting a 32-bit kernel thanks to 'arm_64bit=0' in +# /boot/config.txt per #3516). +# IN SHORT: Ugly hack sufficient across the board, on all OS's purporting to be +# 32-bit ? (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) if ! dpkg --print-architecture | grep -q 64; then #if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 From 9c7c689a55aff29090ada36b1320dcf24987f435 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 12:43:30 -0400 Subject: [PATCH 1242/1758] iiab-summary: 'uname -n' hostname + 'uname -m' kernel arch for RasPiOS --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 2e1da90a7..75102048d 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -64,7 +64,7 @@ else echo "$(cat /etc/issue.net) $(cat /etc/debian_version)" fi echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $(dpkg --print-architecture) Arch2: $(dpkg --print-foreign-architectures)" -uname -rvp +uname -nrvm echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) if [ -f /proc/device-tree/model ]; then cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo From f363494625a83c569b8069851e0bd2534ee6b85d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 16:05:09 -0400 Subject: [PATCH 1243/1758] Force 'apt install ansible-core' on "32-bit" IFF "Debian 12+" --- scripts/ansible | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1c9ac3c4d..d0535bda7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -200,13 +200,12 @@ echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv -# 2023-09-08: 'apt install ansible-core' is overweight, but @EMG70 is trying it -# on "32-bit" RasPiOS 12 too (regardless if it boots 32-bit or 64-bit kernel, -# i.e. whether or not booting a 32-bit kernel thanks to 'arm_64bit=0' in -# /boot/config.txt per #3516). -# IN SHORT: Ugly hack sufficient across the board, on all OS's purporting to be -# 32-bit ? (If so, similar to 32-bit Debian 12 on Intel/AMD a month ago...) -if ! dpkg --print-architecture | grep -q 64; then +# 2023-09-08 PR #3634: 'apt install ansible-core' is overweight, but works on +# "32-bit" RasPiOS 12 (@EMG70 set 'arm_64bit=0' in /boot/config.txt per #3516 +# to force boot its 32-bit kernel; its 64-bit kernel should work too!) +# IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's +# (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). +if ! dpkg --print-architecture | grep -q 64 && ! grep -q 11 /etc/debian_version; then #if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! From 14f2f8be69184ee108a6fbb1c1a4ea346969be58 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 17:03:10 -0400 Subject: [PATCH 1244/1758] scripts/ansible: Comment out stale tips RE: ansible-base & /etc/apt --- scripts/ansible | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index d0535bda7..931eb8e80 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -89,10 +89,10 @@ echo -e "RECOMMENDED PREREQUISITES:" echo -e "(1) Verify you're online" echo -e "(2) Remove all prior versions of Ansible using..." echo -e " 'apt purge ansible-core' and/or 'pip3 uninstall ansible-core' and/or" -echo -e " 'apt purge ansible-base' and/or 'pip3 uninstall ansible-base' and/or" +#echo -e " 'apt purge ansible-base' and/or 'pip3 uninstall ansible-base' and/or" echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'" -echo -e "(3) Remove all lines containing 'ansible' from..." -echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" +#echo -e "(3) Remove all lines containing 'ansible' from..." +#echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" From eb09a04bd99c71f082c986fab794158f6f1cfc61 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 17:10:23 -0400 Subject: [PATCH 1245/1758] scripts/ansible: Mention "+packages" PPA URL --- scripts/ansible | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ansible b/scripts/ansible index 931eb8e80..da7d9ed89 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -49,6 +49,7 @@ GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://launchpad.net/~ansible # https://launchpad.net/~ansible-gha # https://launchpad.net/~ansible/+archive/ubuntu/ansible +# https://launchpad.net/~ansible/+archive/ubuntu/ansible/+packages # https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible-core/ From f527807bb83b70ed61a669d70ab0d7b1234f6f06 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Sep 2023 18:56:55 -0400 Subject: [PATCH 1246/1758] scripts/ansible: Document 'pipx install ansible-core' --- scripts/ansible | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index da7d9ed89..692850f7b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -215,6 +215,12 @@ else # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask # that virtual environments (venv) be used to safely isolate pip installs: # https://peps.python.org/pep-0668 + + # 2023-09-08: NEW WAY ANSIBLE RECOMMENDS? https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html + # $APT_PATH/apt -y install pipx # Typically adds 50+ packages! + # pipx install ansible-core + # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible + echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible From 42e3485023535bd11c8d107bf87b531ea8a6cc3d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 09:07:32 -0400 Subject: [PATCH 1247/1758] Verify apt package 'ansible-core' is truly available on "32-bit" --- scripts/ansible | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 692850f7b..2bb8168b9 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -206,7 +206,10 @@ $APT_PATH/apt -y install python3-venv # to force boot its 32-bit kernel; its 64-bit kernel should work too!) # IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). -if ! dpkg --print-architecture | grep -q 64 && ! grep -q 11 /etc/debian_version; then +# 2023-09-10: Even safer test than querying for Debian 12+ -- verify that apt +# package ansible-core is truly available: +if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then +#if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then #if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! From ee20455bd7edc6278190e4df8acb352fb04e5fbe Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 09:20:54 -0400 Subject: [PATCH 1248/1758] scripts/ansible: Clarify PR #3637 test for apt pkg ansible-core --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 2bb8168b9..fa5b704cf 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -206,8 +206,8 @@ $APT_PATH/apt -y install python3-venv # to force boot its 32-bit kernel; its 64-bit kernel should work too!) # IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). -# 2023-09-10: Even safer test than querying for Debian 12+ -- verify that apt -# package ansible-core is truly available: +# 2023-09-10 PR #3637: Even safer test than querying for Debian 12+ -- verify +# that apt package ansible-core is truly available: if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then #if [[ $(dpkg --print-architecture) == i386 ]]; then From 05372f85081824cef0fce73461aa3a00ebca0687 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 21:03:27 -0400 Subject: [PATCH 1249/1758] scripts/ansible: Interim /etc/pip.conf for "32-bit" RasPiOS 12 --- scripts/ansible | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 10dc82a93..ead6b392e 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -227,6 +227,17 @@ else echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible + # 2023-09-10: Work around #3526 "32-bit" RasPiOS 12 pre-release issue... + # 'Package issue: cryptography 41.0.3 leads to cffi 1.15.1 failure on + # "32-bit" Raspberry Pi OS [REASON: /etc/pip.conf missing on some Bookworm + # pre-releases' == https://github.com/piwheels/packages/issues/390 + if ! [ -f /etc/pip.conf ] && [ -f /etc/rpi-issue ]; then + cat > /etc/pip.conf << EOF +[global] +extra-index-url=https://www.piwheels.org/simple +EOF + fi + # "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: # if ! grep -qi ubuntu /etc/os-release; then # From 7191d52a5da570ca9d025ac1ae140c7da95cda8b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 21:32:13 -0400 Subject: [PATCH 1250/1758] Revert #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 --- scripts/ansible | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ead6b392e..1b3f41535 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -208,9 +208,10 @@ $APT_PATH/apt -y install python3-venv # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). # 2023-09-10 PR #3637: Even safer test than querying for Debian 12+ -- verify # that apt package ansible-core is truly available: -if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then +#if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then -#if [[ $(dpkg --print-architecture) == i386 ]]; then +# 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 +if [[ $(dpkg --print-architecture) == i386 ]]; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 From 1986126701954c10912ba5be2e35b58b7948a591 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 10 Sep 2023 21:44:12 -0400 Subject: [PATCH 1251/1758] apt instead of pip IFF "i386" AND ansible-core apt installable --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 1b3f41535..ee289b99b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -211,7 +211,7 @@ $APT_PATH/apt -y install python3-venv #if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then # 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 -if [[ $(dpkg --print-architecture) == i386 ]]; then +if [[ $(dpkg --print-architecture) == "i386" ]] && apt-cache show ansible-core > /dev/null; then # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 From c85c292a5e852ad7491466e829860b13b70c5bc1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 00:54:05 -0400 Subject: [PATCH 1252/1758] install_python2.sh: ports.ubuntu.com apt sources for "32-bit" RasPiOS 12 --- scripts/install_python2.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index d186c8cbe..43db6f8ef 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -38,7 +38,8 @@ ARCH=$(dpkg --print-architecture) # libpython2.7-stdlib from ubuntu-22.04 used in amd64|arm64|armhf is compiled against libssl3 and libffi8 # `apt info libpython2.7-stdlib` -cd /tmp +#cd /tmp + case $ARCH in "amd64") # works on U23.04 x86_64 VM @@ -58,12 +59,16 @@ EOF "armhf") # armhf compile flags differ between RasPiOS and Ubuntu - if ! [ -f /etc/rpi-issue ]; then - # these might change + if [ -f /etc/rpi-issue ] && ! grep -q 11 /etc/issue; then # RasPiOS 12+ / Bookworm+ cat << EOF > /etc/apt/sources.list.d/python2.list -deb http://ports.ubuntu.com/ jammy main universe -deb http://ports.ubuntu.com/ jammy-updates main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy main universe +deb [trusted=yes] http://ports.ubuntu.com/ jammy-updates main universe EOF +# elif ! [ -f /etc/rpi-issue ]; then # Ubuntu/Debian on armhf not supported +# cat << EOF > /etc/apt/sources.list.d/python2.list +# deb http://ports.ubuntu.com/ jammy main universe +# deb http://ports.ubuntu.com/ jammy-updates main universe +# EOF fi ;; From 821f1448b132c9ad08c88c1f3e6ed0ca1fc30bbe Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 01:51:40 -0400 Subject: [PATCH 1253/1758] CLARIF: apt-not-pip on 32-bit i386 for ansible-core --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ee289b99b..1b42305ae 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -212,8 +212,8 @@ $APT_PATH/apt -y install python3-venv #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then # 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 if [[ $(dpkg --print-architecture) == "i386" ]] && apt-cache show ansible-core > /dev/null; then - # 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547 - # rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED! + # 2023-08-10 #3613/#3615/#3617: apt-not-pip kludge for legacy 32-bit i386 + # (DEBIAN 12+ ETC) avoids #3547 rust/wheels/cryptography compiling mess! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 else # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask From 9d4ae8966be9b8e2b7638fdcd3a4d5fdf00ddcd4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 09:39:17 -0400 Subject: [PATCH 1254/1758] jupyterhub/README.md: Steer implementers away from 32-bit OS's! --- roles/jupyterhub/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index db780e595..6a48cacf5 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -1,5 +1,7 @@ ## JupyterHub programming environment with student Notebooks +### CAUTION: Internet-in-a-Box (IIAB) does not support JupyterHub on 32-bit OS's, where installation will likely fail ([#3639](https://github.com/iiab/iiab/issues/3639)). + #### Secondary schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their own blog-like "Jupyter Notebooks." * Jupyter Notebooks are widely used in the scientific community: @@ -10,7 +12,7 @@ * Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (unfortunately the login screen doesn't make that clear, but the teacher _does not_ need to be involved!) * A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks). * The teacher should set and protect JupyterHub's overall `Admin` password, just in case. As with student accounts, the login screen unfortunately doesn't make that clear — so just log in with username `Admin` — using any password that you want to become permanent. -* Individual student folders are created in `/var/lib/private/` on the Internet-in-a-Box (IIAB) server: +* Individual student folders are created in `/var/lib/private/` on your Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. * Linux administrators can read more about JupyterHub's [Local Users](https://github.com/jupyterhub/systemdspawner#local-users) and [c.SystemdSpawner.dynamic_users = True](https://github.com/jupyterhub/systemdspawner#dynamic_users) From 28cfb9cf47f6a62d05edfc733b4a193bfdf24295 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 18:25:08 -0400 Subject: [PATCH 1255/1758] Recommend ansible-core 2.15.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index ee289b99b..5f44a6700 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.3] -GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.4] +GOOD_VER=2.15.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From b184897d1e715dca58a69509c38723effa3ad279 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Sep 2023 18:26:26 -0400 Subject: [PATCH 1256/1758] iiab-install: Set MIN_ANSIBLE_VER=2.13.12 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index bd7185f41..c6a8eb361 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.13.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 0e30549e432299f728e131cbc1bd60446933b098 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Sep 2023 12:34:13 -0400 Subject: [PATCH 1257/1758] Nextcloud 27.1.0 download & /library/www/nextcloud sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f512fcad7..ce62729c8 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -108,7 +108,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~162 MB) to {{ nextcloud_root_dir }} (~555 MB initially, sometimes ~591 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~606 MB initially, sometimes ~642 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 6333c707b824e222c69bc9cb952a4b5af0afb23d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Sep 2023 18:42:29 -0400 Subject: [PATCH 1258/1758] README.md: Refine quotation marks --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 633e0b392..2fcb5085c 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ # Internet-in-a-Box (IIAB) -[Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) is a "learning hotspot" that brings the Internet's crown jewels -(Wikipedia in any language, thousands of Khan Academy videos, zoomable OpenStreetMap, electronic books, WordPress journaling, Toys from Trash electronics projects, ETC) to those without Internet. +[Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) is a “learning hotspot” that brings the Internet's crown jewels +(Wikipedia in any language, thousands of Khan Academy videos, zoomable OpenStreetMap, electronic books, WordPress journaling, “Toys from Trash” electronics projects, ETC) to those without Internet. You can build your own tiny, affordable server (an offline digital library) for your school, your medical clinic, your prison, your region and/or your very own family — accessible with any nearby smartphone, tablet or laptop. @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. ["Is a quick installation possible?"](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. @@ -37,14 +37,14 @@ Global community updates and videos are regularly posted to: **[@internet_in_box _Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over ["How can I help?"](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) <!-- To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide).--> -To learn more about our open community architecture for "offline" learning, check out ["What technical documentation exists?"](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists%3F) +To learn more about our open community architecture for “offline” learning, check out [“What technical documentation exists?”](https://wiki.iiab.io/go/FAQ#What_technical_documentation_exists%3F) FYI we use [Ansible](https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use%3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components. -*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* +*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as “Sneakernet-of-Alexandria” distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* ## Versions From 4a700cc351789589fdf0bb91263567a676973a62 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 18 Sep 2023 09:51:50 -0400 Subject: [PATCH 1259/1758] 2-common/tasks/packages.yml: 'apt install lshw' --- roles/2-common/tasks/packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 1e594131b..95b227d95 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,6 +1,6 @@ # 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: "Install 18 common packages: acpid, bzip2, cron, curl, gawk, gpg, htop, i2c-tools, logrotate, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 19 common packages: acpid, bzip2, cron, curl, gawk, gpg, htop, i2c-tools, logrotate, lshw, pandoc, pastebinit, plocate, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # 55kB download: Daemon for ACPI (power mgmt) events @@ -15,6 +15,7 @@ - htop # 109kB download: RasPiOS installs this regardless - i2c-tools # 78kB download: Low-level bus/chip/register/EEPROM tools e.g. for RTC - logrotate # 67kB download: RasPiOS installs this regardless + - lshw # 257kB download: For 'lshw -C network' in iiab-diagnostics #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 From 97f1038ab7703ab3d33c2196a8c8230a1ff05221 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 18 Sep 2023 10:00:33 -0400 Subject: [PATCH 1260/1758] scripts/iiab-diagnostics: 'lshw -C network' --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 49927c881..adbaa73ea 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -200,6 +200,7 @@ cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' cat_cmd 'blkid' 'Mount point details' cat_file /etc/fstab +cat_cmd 'lshw -C network' 'Network hardware/interfaces' cat_cmd 'ip addr' 'Network interfaces' cat_cmd 'ifconfig' 'Network interfaces (old view)' cat_cmd 'ip route' 'Routing table' From 91fcc6ff07c3407a3320c450ba27b9f44c3b18c3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 18 Sep 2023 10:02:45 -0400 Subject: [PATCH 1261/1758] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 1d0feab6c..6f3b4fed0 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -68,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-248 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 470b64bc5acf2d9d53be0847d53caa38c6e73a6d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 18 Sep 2023 10:04:04 -0400 Subject: [PATCH 1262/1758] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 6f3b4fed0..7216e8feb 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -64,8 +64,6 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Include a description of the symptoms, and how to reproduce the problem. -4. If you don't understand Step 3, email everything to bugs@iiab.io instead. - ## Source Code Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From a8772498cbab4834677e8fbdfb4c1770b98b7c21 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 26 Sep 2023 13:02:00 -0400 Subject: [PATCH 1263/1758] install_python2.sh: apt-mark hold python3-virtualenv --- scripts/install_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_python2.sh b/scripts/install_python2.sh index 43db6f8ef..b9d0d2bed 100755 --- a/scripts/install_python2.sh +++ b/scripts/install_python2.sh @@ -90,7 +90,7 @@ if grep -qi ubuntu /etc/os-release; then # Ubuntu 23.10+ (and Mint 22+ ?) nee apt -y install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs apt -y install python3-virtualenv=20.13.0+ds-2 - apt-mark hold virtualenv + apt-mark hold python3-virtualenv # 2023-09-26: 'apt-mark hold virtualenv' was definitely insufficient on Ubuntu 23.10 # 2023-05-21 PR #3587: Above 4 lines should really install a more recent # version of virtualenv, probably from 'lunar' (Ubuntu 23.04) ? else From ca19c18b80fa9975838e38f724b78e308264f609 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 27 Sep 2023 11:20:04 -0400 Subject: [PATCH 1264/1758] mediawiki/defaults/main.yml: Security release 1.40.1 ETA 2023-09-28 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 22cd060ad..ddad4f10c 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 488e2fbe0d1fdfe6f4c2b212e7e849b570cb1023 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 30 Sep 2023 19:49:04 -0400 Subject: [PATCH 1265/1758] scripts/ansible: Install cryptography==41.0.3 if dpkg arch armhf --- scripts/ansible | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 19717a95c..554720f3b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -250,14 +250,14 @@ EOF # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) - # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - # /usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1 - # # else - # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # # `dpkg --print-architecture` was i386 and `uname -m` was i686: - # # $APT_PATH/apt -y install python3-cryptography - # fi + if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # 2023-09-30: 41.0.4 fails for now, see #3650 + # else + # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # $APT_PATH/apt -y install python3-cryptography + fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core From efdf693621d4fc2e3e2588631da6728cabcf55fb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 30 Sep 2023 20:32:32 -0400 Subject: [PATCH 1266/1758] scripts/ansible: Also 'apt install libffi-dev python3-dev' on armhf --- scripts/ansible | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 554720f3b..8b8e95eb7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -251,7 +251,8 @@ EOF # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # 2023-09-30: 41.0.4 fails for now, see #3650 + $APT_PATH/apt -y install libffi-dev python3-dev # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 + /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # else # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where From 8f12c34b1c686d78ec0959fe4743e8c44d42ded0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 30 Sep 2023 21:31:33 -0400 Subject: [PATCH 1267/1758] munin/tasks/install.yml: Fix Ansible quotes around #3434 --- roles/munin/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 4366a19d8..f6b23e619 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -4,7 +4,7 @@ # SEE ALSO roles/network/tasks/install.yml -- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434 +- name: "TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434" sysctl: name: net.ipv6.conf.all.disable_ipv6 value: 0 From 6c9e684841433cfc816440fee238d86258a4c96f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 13:46:03 -0400 Subject: [PATCH 1268/1758] scripts/ansible: pip install --prefer-binary ansible-core --- scripts/ansible | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 8b8e95eb7..b1226f0d3 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -250,18 +250,24 @@ EOF # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) - if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM - $APT_PATH/apt -y install libffi-dev python3-dev # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 - /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 - # else - # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! - # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where - # `dpkg --print-architecture` was i386 and `uname -m` was i686: - # $APT_PATH/apt -y install python3-cryptography - fi + # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM + # # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 + # $APT_PATH/apt -y install libffi-dev python3-dev + # /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 + # # else + # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! + # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where + # # `dpkg --print-architecture` was i386 and `uname -m` was i686: + # # $APT_PATH/apt -y install python3-cryptography + # fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) - /usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core + # 2023-10-01 #3650: --prefer-binary or --only-binary ensure you get wheels, + # even if they're not the very latest release -- thereby avoiding compiling + # messes -- and obviating the need for these 2: (above, both commented out) + # - 'install libffi-dev python3-dev' + # - painstaking pinning of cryptography or cffi (etc) to older version numbers + /usr/local/ansible/bin/python3 -m pip install --prefer-binary --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do From d55e61c32b990c39f94a11b70802e059aafd2b18 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 13:55:33 -0400 Subject: [PATCH 1269/1758] scripts/ansible: Clean up explanation of --prefer-binary --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b1226f0d3..b3a110960 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -265,8 +265,8 @@ EOF # 2023-10-01 #3650: --prefer-binary or --only-binary ensure you get wheels, # even if they're not the very latest release -- thereby avoiding compiling # messes -- and obviating the need for these 2: (above, both commented out) - # - 'install libffi-dev python3-dev' - # - painstaking pinning of cryptography or cffi (etc) to older version numbers + # - 'apt -y install libffi-dev python3-dev' + # - painstaking pinning of cryptography or cffi (etc) to older version #s /usr/local/ansible/bin/python3 -m pip install --prefer-binary --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin From 3b70f38544f0703606852569f0ab95ea789ac222 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 18:34:19 -0400 Subject: [PATCH 1270/1758] 32-bit fixes (CWeb, JHub, Moodle) + defer IArchive --- roles/9-local-addons/tasks/main.yml | 15 ++++++++++++++- roles/calibre-web/tasks/install.yml | 3 ++- roles/jupyterhub/tasks/install.yml | 4 ++-- roles/moodle/tasks/install.yml | 10 ++++++++-- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index ac657cd5c..075752bec 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -14,10 +14,23 @@ name: captiveportal when: captiveportal_install +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) + command: dpkg --print-architecture + register: dpkg_arch + when: internetarchive_install + +- name: Explain bypassing of Internet Archive install if 32-bit OS + fail: # FORCE IT RED THIS ONCE! + msg: "BYPASSING INTERNET ARCHIVE PER https://github.com/iiab/iiab/issues/3641 -- 'dpkg --print-architecture' output for your OS: {{ dpkg_arch.stdout }}" + when: internetarchive_install and not dpkg_arch.stdout is search("64") + ignore_errors: True + - name: INTERNETARCHIVE include_role: name: internetarchive - when: internetarchive_install + when: internetarchive_install and dpkg_arch.stdout is search("64") - name: MINETEST include_role: diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 96bdda124..f1eac71ec 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -63,8 +63,9 @@ pip: requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 8d7273215..4e23f9ccc 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -53,7 +53,7 @@ virtualenv_site_packages: no virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) - extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 + extra_args: "--no-cache-dir --prefer-binary" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 # 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below) # fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) @@ -69,7 +69,7 @@ virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" - extra_args: "--no-cache-dir" + extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" template: diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 570e782b7..1406a6e38 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -71,10 +71,16 @@ when: opt_iiab_moodle.stat.exists -- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER MOODLE 4.1 LTS ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" +# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and +# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3516 +- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!) + command: dpkg --print-architecture + register: dpkg_arch + +- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO INSTALLING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022" set_fact: moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS - when: php_version is version('8.0', '<') + when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") - name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 git: From 542198376637edaf6cbd0562a833af66273963d6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 21:40:55 -0400 Subject: [PATCH 1271/1758] transmission/README.rst: Clarify 4.0.4+ compile slowness & 4.1 soon? --- roles/transmission/README.rst | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 8df899064..4b95b3309 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -15,20 +15,23 @@ Transmission README Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form). All these incarnations feature a very simple and intuitive interface, on top on an efficient, cross-platform backend: https://transmissionbt.com -Transmission is intended to download KA Lite content to Internet-in-a-Box (IIAB) from places like https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. +Transmission is intended to download content like KA Lite to Internet-in-a-Box (IIAB), from places like https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO Caution ------- -Usage of Transmission consumes significant Internet data and system resources. -Caveat emptor! (That's Latin for "Buyer Beware") +In order to make the latest features available to you as October 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_, which painfully can take most of an hour. + +We hope that `Transmission 4.1 <https://github.com/transmission/transmission/milestone/13>`_ install options improve soon for 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_) eliminating this install-time slowness! + +Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") Using It -------- -Install Transmission by setting 'transmission_install' and 'transmission_enabled' to True in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: +Install Transmission by setting ``transmission_install: True`` and ``transmission_enabled: True`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: cd /opt/iiab/iiab ./runrole transmission From 67235691099c767c2cb018c060edd85add85433b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 22:00:37 -0400 Subject: [PATCH 1272/1758] transmission/README.rst: "2023 Caution" re: slow compile --- roles/transmission/README.rst | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 4b95b3309..f868f7f9e 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -19,14 +19,16 @@ Transmission is intended to download content like KA Lite to Internet-in-a-Box ( For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO -Caution -------- +2023 Caution +------------ -In order to make the latest features available to you as October 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_, which painfully can take most of an hour. +In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. -We hope that `Transmission 4.1 <https://github.com/transmission/transmission/milestone/13>`_ install options improve soon for 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_) eliminating this install-time slowness! +Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should install quickly starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_) eliminating this install-time slowness! -Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") +Finally, if you want to quickly install a very old version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. + +.. Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") Using It -------- From 7905e30f22a59618cdb16020668a941e75c8e6a2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 1 Oct 2023 22:50:08 -0400 Subject: [PATCH 1273/1758] transmission/README.rst: "2023 Caution" grammar touch-ups --- roles/transmission/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index f868f7f9e..e8bf3f7a7 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -24,9 +24,9 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. -Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should install quickly starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_) eliminating this install-time slowness! +Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_). -Finally, if you want to quickly install a very old version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. +Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. .. Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") From aad284b3c6a3f65aa7c17458b3f70e5d5f2649c2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Oct 2023 15:27:45 -0400 Subject: [PATCH 1274/1758] transmission/README.rst: Link to Debian 12 docs --- roles/transmission/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index e8bf3f7a7..7e68d1325 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -24,7 +24,7 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. -Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_). +Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. From beb34f8eee6b4db28b6ffa2147c82aa526b977ff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Oct 2023 19:01:34 -0400 Subject: [PATCH 1275/1758] nextcloud/README.md: Quick cleanup & update --- roles/nextcloud/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 64747521b..07556d4a2 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike> -(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : +(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : - upload_max_filesize - post_max_size @@ -38,11 +38,11 @@ FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/php-settings.yml#L55-L110](../www_options/tasks/php-settings.yml#L55-L110) -(4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +(4) Verify system requirements and recommendations for the [latest version Nextcloud](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule): - https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml ## Using It From 332c968c5213acc437412637affc77a149cf13fb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Oct 2023 19:28:07 -0400 Subject: [PATCH 1276/1758] nextcloud/README.md: Clarify PHP/RAM/disk warning --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 07556d4a2..b33ca98ea 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike> -(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` : +(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure: - upload_max_filesize - post_max_size From 3ef3a4cfa124c02d9419e5a5af0db993b61d67ff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 3 Oct 2023 08:47:20 -0400 Subject: [PATCH 1277/1758] nextcloud/README.md: Clarify automatic 'nginx_high_php_limits: True' --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index b33ca98ea..e74518b32 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike> -(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure: +(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP, and is effectively auto-enabled for Nextcloud ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure: - upload_max_filesize - post_max_size From 667c07048bbb1f55bb822e9cbbda1a70f8830aa9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 5 Oct 2023 14:43:30 -0400 Subject: [PATCH 1278/1758] moodle/install.yml CLARIF: Reverting to 4.1 LTS is not guaranteed --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 1406a6e38..f1a5a7cbd 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -77,7 +77,7 @@ command: dpkg --print-architecture register: dpkg_arch -- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO INSTALLING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022" +- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO TRYING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022" set_fact: moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") From 03d49be4a03ccf86dd28e817c611c4e97a94358e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 5 Oct 2023 16:52:23 -0400 Subject: [PATCH 1279/1758] iiab-expand-rootfs DOC: raspi-config nonint do_expand_rootfs --- roles/1-prep/templates/iiab-expand-rootfs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index a1fd06772..f6c75b46e 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -14,6 +14,9 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config + # 2023-10-05: Official new RPi instructions: + # sudo raspi-config nonint do_expand_rootfs + # https://www.raspberrypi.com/documentation/computers/configuration.html#expand-filesystem-nonint raspi-config --expand-rootfs # REQUIRES A REBOOT rm -f /.expand-rootfs /.resize-rootfs reboot # In future, we might warn interactive users that a reboot is coming? From 2e919694cfb43f43f2177f752d84b4e1469b6793 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Oct 2023 12:07:12 -0400 Subject: [PATCH 1280/1758] Recommend ansible-core 2.15.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b3a110960..105a737c1 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.4] -GOOD_VER=2.15.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.5] +GOOD_VER=2.15.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From eea8b086ee8d71d2e81ba2474bae1e6a4cf678e0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Oct 2023 12:12:14 -0400 Subject: [PATCH 1281/1758] iiab-install: Set MIN_ANSIBLE_VER=2.13.13 w/ #3654 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index c6a8eb361..3b7811308 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.13.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From f3d30d6187d97e514107f9f0cfc8270511d48cda Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:32:35 -0400 Subject: [PATCH 1282/1758] moodle_version: MOODLE_403_STABLE (Moodle 4.3) --- roles/moodle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 57f48e4a6..4597665b1 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -11,7 +11,7 @@ # 2023-04-25: Currently testing Moodle's master branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_402_STABLE # Moodle 4.2 +moodle_version: MOODLE_403_STABLE # Moodle 4.3 #moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From ca34259402c5dc11bdabb74a9d1878c1195e6d2f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:35:34 -0400 Subject: [PATCH 1283/1758] For now, install Moodle 4.4dev if PHP >= 8.3 --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index f1a5a7cbd..9edbafca3 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -87,7 +87,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2) + version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) when: php_version is version('8.3', '<') - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" @@ -95,7 +95,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023) + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From 1016a49edd1afa4d66c0b0220e52cc0a5b19651d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:58:29 -0400 Subject: [PATCH 1284/1758] moodle/tasks/install.yml: Note new Moodle 4.3 disk footprint(s) --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 9edbafca3..eb6ec62d5 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -82,7 +82,7 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.3 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle @@ -90,7 +90,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From de83ed694f94e9a5da25ce4d9958ae5dcd0b2fc5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 15:13:28 -0400 Subject: [PATCH 1285/1758] Links: RasPiOS Bookworm doc for Python with venv --- roles/calibre-web/tasks/install.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index f1eac71ec..d8f2c6f94 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -67,6 +67,10 @@ virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 +# 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) +# https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi +# https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments + # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 # source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) From 60763fab8e41ee126a21af250cb6639203cbaed3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 11 Oct 2023 15:15:33 -0400 Subject: [PATCH 1286/1758] scripts/ansible links: RasPiOS Bookworm doc for Python with venv --- scripts/ansible | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 105a737c1..6af471008 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -225,6 +225,10 @@ else # pipx install ansible-core # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible + # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) + # https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi + # https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments + echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible From e1ccb6c3285e7e78e9cc88365d9394393ed12957 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 20:39:38 -0500 Subject: [PATCH 1287/1758] Update install.yml moving --- roles/network/tasks/install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 188713b8f..df473eae1 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -31,7 +31,6 @@ - libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - netmask # 25kB download: Handy utility -- helps determine network masks - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP From cf47363316f718e8b491459de0a346daf2d9116d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 20:46:45 -0500 Subject: [PATCH 1288/1758] Update sysd-netd-debian.yml rework for RasPiOS --- roles/network/tasks/sysd-netd-debian.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 391494382..32734a77b 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,4 +1,11 @@ # sysd-netd-debian.yml +- name: 'Install systemd-networkd, systemd-resolved, networkd-dispatcher + package: + name: + - systemd-networkd + - systemd-resolved + - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes + - name: Copy the bridge script - Creates br0 template: dest: /etc/systemd/network/IIAB-Bridge.netdev From 4c8ca30769770e04f5f3be9bc4451df93cc851af Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 20:57:55 -0500 Subject: [PATCH 1289/1758] Update sysd-netd-debian.yml --- roles/network/tasks/sysd-netd-debian.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 32734a77b..1613f9a4c 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -2,8 +2,6 @@ - name: 'Install systemd-networkd, systemd-resolved, networkd-dispatcher package: name: - - systemd-networkd - - systemd-resolved - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes - name: Copy the bridge script - Creates br0 From b81d3365de75d1dfa31c38cf457c28be15a2f239 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 20:58:28 -0500 Subject: [PATCH 1290/1758] Update sysd-netd-debian.yml --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 1613f9a4c..3a815008d 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,5 +1,5 @@ # sysd-netd-debian.yml -- name: 'Install systemd-networkd, systemd-resolved, networkd-dispatcher +- name: 'Install networkd-dispatcher package: name: - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes From 7055165f7705326b0499e97ceb199de4d2685307 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 21:13:07 -0500 Subject: [PATCH 1291/1758] Update sysd-netd-debian.yml --- roles/network/tasks/sysd-netd-debian.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 3a815008d..0a734aa44 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -4,6 +4,12 @@ name: - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes +- name: 'Install networkd-resolved + package: + name: + - networkd-resolved + when: is_raspbian and os_ver is version('raspbian-12', '>=') + - name: Copy the bridge script - Creates br0 template: dest: /etc/systemd/network/IIAB-Bridge.netdev From cdd88d20c55e5c7c9d45b5d2b045c7ff60ff09a7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 11 Oct 2023 21:19:02 -0500 Subject: [PATCH 1292/1758] Update sysd-netd-debian.yml 'systemd' --- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 0a734aa44..3fe944511 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -4,10 +4,10 @@ name: - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes -- name: 'Install networkd-resolved +- name: 'Install systemd-resolved for RasPiOS package: name: - - networkd-resolved + - systemd-resolved when: is_raspbian and os_ver is version('raspbian-12', '>=') - name: Copy the bridge script - Creates br0 From 6f397c63a9f8629a6b7952b80fca4b77a59d0fa1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 14 Oct 2023 15:32:50 -0400 Subject: [PATCH 1293/1758] sysd-netd-debian.yml: Install systemd-resolved (if available) --- roles/network/tasks/main.yml | 4 ++-- roles/network/tasks/sysd-netd-debian.yml | 19 ++++++++++++------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 9e2954892..7a1e6d5f5 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -75,13 +75,13 @@ - name: NetworkManager in use include_tasks: NM-debian.yml when: network_manager_active - #when: is_debuntu and network_manager_active - name: systemd-networkd in use include_tasks: sysd-netd-debian.yml when: systemd_networkd_active - #when: is_debuntu and systemd_networkd_active + #when: systemd_networkd_active and not network_manager_active # 2023-10-11: NOT the right way to solve #3657 (systemd-resolved issue on RasPiOS 12+) as this would damage Ubuntu/Mint. + # 2023-10-11: Should rpi_debian.yml go away in future, now that RasPiOS Bookworm uses NetworkManager? - name: Raspbian can use dhcpcd only with no N-M or SYS-NETD active include_tasks: rpi_debian.yml when: is_raspbian and not network_manager_active diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 3fe944511..7fb0e26c9 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,14 +1,19 @@ # sysd-netd-debian.yml -- name: 'Install networkd-dispatcher +- name: Install networkd-dispatcher package: - name: - - networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes + name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes -- name: 'Install systemd-resolved for RasPiOS +# 2023-10-14 #3657, #3658, #3659: New RasPiOS 12/Bookworm issue. +# FWIW Ubuntu >= 22.10 offers 'systemd-resolved' as a distinct apt package. +# Whereas Ubuntu <= 22.04 bundled the functionality within apt package 'systemd' +# Debian 12/Bookworm (like Ubuntu >= 22.10) offers it as a distinct package: +# https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#systemd-resolved +- name: Install systemd-resolved (or intentionally show red error then continue, if apt package not available) package: - name: - - systemd-resolved - when: is_raspbian and os_ver is version('raspbian-12', '>=') + name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm + ignore_errors: yes + #shell: apt -y install systemd-resolved || true + #when: is_raspbian and os_ver is version('raspbian-12', '>=') - name: Copy the bridge script - Creates br0 template: From bbef784d8011f2c23e9097820ee012f43edd367f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 14 Oct 2023 15:45:51 -0400 Subject: [PATCH 1294/1758] sysd-netd-debian.yml: Clean comment spacing --- roles/network/tasks/sysd-netd-debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 7fb0e26c9..9868d5b96 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -1,7 +1,7 @@ # sysd-netd-debian.yml - name: Install networkd-dispatcher package: - name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes + name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes # 2023-10-14 #3657, #3658, #3659: New RasPiOS 12/Bookworm issue. # FWIW Ubuntu >= 22.10 offers 'systemd-resolved' as a distinct apt package. @@ -10,7 +10,7 @@ # https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#systemd-resolved - name: Install systemd-resolved (or intentionally show red error then continue, if apt package not available) package: - name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm + name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm ignore_errors: yes #shell: apt -y install systemd-resolved || true #when: is_raspbian and os_ver is version('raspbian-12', '>=') From 820ad422399275b5168e509f2cfbcf4e9c8bbd6f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Oct 2023 09:29:14 -0400 Subject: [PATCH 1295/1758] calibre-web/README.rst: Remove useless "details above" --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d8f89c591..6b2884065 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -134,7 +134,7 @@ Errors and warnings can be seen if you run:: Log verbosity level can be `adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_ within Calibre-Web's **Configuration > Basic Configuration > Logfile -Configuration** (details above). +Configuration**. Back Up Everything ------------------ From 70a139b643ee25e7489c822a8f20307f3863c08f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 27 Oct 2023 14:31:21 -0400 Subject: [PATCH 1296/1758] Support Ubuntu 24.04 pre-releases --- vars/default_vars.yml | 1 + vars/ubuntu-2404.yml | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 vars/ubuntu-2404.yml diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 062a2f749..a9845e447 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -775,6 +775,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2404: False is_ubuntu_2310: False is_ubuntu_2304: False is_ubuntu_2210: False diff --git a/vars/ubuntu-2404.yml b/vars/ubuntu-2404.yml new file mode 100644 index 000000000..d5355dcd0 --- /dev/null +++ b/vars/ubuntu-2404.yml @@ -0,0 +1,5 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2404: True From 0c09a2d46de833794294b3721786c7932d15781e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 27 Oct 2023 19:31:14 -0400 Subject: [PATCH 1297/1758] Rename ubuntu-2210.yml to ubuntu-2210.yml.unused --- vars/{ubuntu-2210.yml => ubuntu-2210.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{ubuntu-2210.yml => ubuntu-2210.yml.unused} (100%) diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml.unused similarity index 100% rename from vars/ubuntu-2210.yml rename to vars/ubuntu-2210.yml.unused From 19cd6be03d5081a54ba8c46050fe8f571f7c1f82 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:31:12 -0400 Subject: [PATCH 1298/1758] calibre-web/README.rst: http://box/live/stats lists Python deps / versions --- roles/calibre-web/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 6b2884065..584f2d409 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -136,6 +136,8 @@ Log verbosity level can be within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration**. +Finally, http://box/live/stats (Calibre-Web's About page) can be a very useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the version number of each that's installed). + Back Up Everything ------------------ From 6d5c211f929b210cac25da5a32e1d73775914926 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:34:33 -0400 Subject: [PATCH 1299/1758] calibre-web/README.rst: Clean http://box/live/stats explanation --- roles/calibre-web/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 584f2d409..d63a36c5a 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -136,7 +136,9 @@ Log verbosity level can be within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration**. -Finally, http://box/live/stats (Calibre-Web's About page) can be a very useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the version number of each that's installed). +Finally, http://box/live/stats (Calibre-Web's **About** page) can be a very +useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the +version number of each that's installed). Back Up Everything ------------------ From 53a74c77a777eae7aa127edab90d7d73bc201c54 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:37:16 -0400 Subject: [PATCH 1300/1758] calibre-web/README.rst: Link to Calibre-Web wiki (deps) --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index d63a36c5a..f947c4a02 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -137,8 +137,8 @@ within Calibre-Web's **Configuration > Basic Configuration > Logfile Configuration**. Finally, http://box/live/stats (Calibre-Web's **About** page) can be a very -useful list of ~42 Calibre-Web dependencies (mostly Python packages, and the -version number of each that's installed). +useful list of ~42 `Calibre-Web dependencies <https://github.com/janeczku/calibre-web/wiki/Dependencies-in-Calibre-Web-Linux-and-Windows>`_ +(mostly Python packages, and the version number of each that's installed). Back Up Everything ------------------ From 699adb9c5a5c2a21e17eecb31dd696698f0c52a4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 4 Nov 2023 08:24:39 -0400 Subject: [PATCH 1301/1758] calibre-web/tasks/install.yml: Full clone for now (community testing) --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index d8f2c6f94..7f778a38f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes - depth: 1 + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From 8def5c98cf101b18ba39389609aacc104d430e21 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 09:44:12 -0500 Subject: [PATCH 1302/1758] Doc: pipx option to install pkg globally for multi-user access --- scripts/ansible | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 6af471008..78baa8013 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -224,6 +224,8 @@ else # $APT_PATH/apt -y install pipx # Typically adds 50+ packages! # pipx install ansible-core # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible + # Or, to install package globally for multi-user access: (pypa/pipx#754) + # PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install ansible-core # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) # https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi From 402ce97d1dc3cde5cd15868f7c272c95c1ec397d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 12:14:46 -0500 Subject: [PATCH 1303/1758] Install MySQL/MariaDB on-demand--for MediaWiki, WordPress, Matomo &/or Admin Console --- roles/0-init/tasks/validate_vars.yml | 6 +-- roles/3-base-server/README.rst | 13 +++++- roles/3-base-server/tasks/main.yml | 11 +++-- roles/9-local-addons/tasks/main.yml | 18 ++++++++ roles/matomo/tasks/install.yml | 15 +++++++ roles/mediawiki/tasks/install.yml | 15 +++++++ roles/munin/tasks/install.yml | 5 ++- roles/mysql/tasks/enable-or-disable.yml | 15 +++++++ roles/mysql/tasks/main.yml | 57 +++++++++++-------------- roles/wordpress/tasks/install.yml | 15 +++++++ vars/default_vars.yml | 11 +++-- 11 files changed, 133 insertions(+), 48 deletions(-) create mode 100644 roles/mysql/tasks/enable-or-disable.yml diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f5277d2d9..a369fca5c 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -64,7 +64,7 @@ # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -76,7 +76,7 @@ - admin_console #- nginx # MANDATORY #- apache # Unmaintained - former dependency - #- mysql # MANDATORY + - mysql # Dependency - excluded from _installed check below - squid - cups - samba @@ -155,7 +155,7 @@ that: "{{ item }}_install or {{ item }}_installed is undefined" fail_msg: "DISALLOWED: '{{ item }}_install: False' (e.g. in /etc/iiab/local_vars.yml) WHEN '{{ item }}_installed' is defined (e.g. in /etc/iiab/iiab_state.yml) -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 files especially, and other places variables are defined?" quiet: yes - when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies + when: item != 'mysql' and item != 'postgresql' and item != 'mongodb' and item != 'nodejs' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" - name: 'DISALLOW "XYZ_install: True" if deprecated' diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index e458d7be0..ed80399ba 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -1,10 +1,21 @@ +.. |ss| raw:: html + + <strike> + +.. |se| raw:: html + + </strike> + +.. |nbsp| unicode:: 0xA0 + :trim: + ==================== 3-base-server README ==================== This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including: -- `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). This IIAB role also installs apt package: +- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| (NEW of 2023-11-05, MySQL / MariaDB is instead installed on demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.) This IIAB role also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 5e2e7355d..89d0610be 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,10 +3,13 @@ - name: ...IS BEGINNING ===================================== meta: noop -- name: MYSQL + CORE PHP - include_role: - name: mysql - #when: mysql_install +# 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every +# IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, +# MediaWiki, WordPress &/or Admin Console. +# - name: MYSQL + CORE PHP +# include_role: +# name: mysql +# #when: mysql_install # 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles: # diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 075752bec..257797dbd 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -55,6 +55,24 @@ name: pbx when: pbx_install + +- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)' + set_fact: + mysql_install: True + mysql_enabled: True + when: admin_console_install + +- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)' + include_role: + name: mysql + when: admin_console_install + +- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)' + fail: + msg: "Admin Console install cannot proceed, as MySQL / MariaDB is not installed." + when: admin_console_install and mysql_installed is undefined + + - name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini set_fact: df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}" diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index d6f8060a4..1df6c32b4 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -12,6 +12,21 @@ # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "Matomo install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 204fc0c45..e89afdcd9 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,3 +1,18 @@ +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "MediaWiki install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index f6b23e619..3895b7bf9 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -32,7 +32,7 @@ name: "{{ munin_username}}" # Admin password: "{{ munin_password }}" # changeme -- name: If MySQL is enabled, let Munin monitor it +- name: If MySQL is installed, let Munin monitor it copy: src: "{{ item }}" dest: /etc/munin/plugins/ @@ -44,7 +44,8 @@ - /usr/share/munin/plugins/mysql_queries - /usr/share/munin/plugins/mysql_slowqueries - /usr/share/munin/plugins/mysql_threads - when: mysql_enabled + when: mysql_installed + #when: mysql_enabled # RECORD Munin AS INSTALLED diff --git a/roles/mysql/tasks/enable-or-disable.yml b/roles/mysql/tasks/enable-or-disable.yml new file mode 100644 index 000000000..ac06c0c8c --- /dev/null +++ b/roles/mysql/tasks/enable-or-disable.yml @@ -0,0 +1,15 @@ +- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled + systemd: + name: "{{ mysql_service }}" + daemon_reload: yes + state: started + enabled: yes + when: mysql_enabled + +# We had to start MySQL in order to configure it, now turn if off if not enabled +- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled + systemd: + name: "{{ mysql_service }}" + enabled: no + state: stopped + when: not mysql_enabled diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 789d406c1..d91bbce14 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -26,40 +26,33 @@ var: mysql_installed -- name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mysql_installed is undefined +- block: + - name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mysql_installed is undefined -- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled - systemd: - name: "{{ mysql_service }}" - daemon_reload: yes - state: started - enabled: yes - when: mysql_enabled + - include_tasks: enable-or-disable.yml -# We had to start MySQL in order to configure it, now turn if off if not enabled -- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled - systemd: - name: "{{ mysql_service }}" - enabled: no - state: stopped - when: not mysql_enabled + - name: Add 'mysql' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mysql + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: MySQL + - option: description + value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."' + - option: mysql_install + value: "{{ mysql_install }}" + - option: mysql_enabled + value: "{{ mysql_enabled }}" + rescue: -- name: Add 'mysql' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mysql - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: MySQL - - option: description - value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."' - - option: mysql_install - value: "{{ mysql_install }}" - - option: mysql_enabled - value: "{{ mysql_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 38fb08180..fb4aca021 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -12,6 +12,21 @@ # can arise without warning when WordPress is online, since WordPress ~4.8 +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "WordPress install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a9845e447..4557d815a 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -265,12 +265,11 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER -# 2020-09-24: MySQL / MariaDB is MANDATORY but still evolving - please see: -# https://github.com/iiab/iiab/blob/master/roles/mysql/tasks/install.yml -# https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml -# THESE 2 LEGACY VARS ARE PRESERVED BUT HAVE NO EFFECT: -mysql_install: True -mysql_enabled: True +# 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every +# IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, +# MediaWiki, WordPress &/or Admin Console. BOTH VALUES BELOW INITIALLY IGNORED: +mysql_install: False +mysql_enabled: False mysql_service: mariadb # 2020-09-24: NGINX is MANDATORY but still evolving - please see: From 58d992328455aaa1d4fa17e605af7931028f1708 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 12:53:46 -0500 Subject: [PATCH 1304/1758] roles/3-base-server/README.rst: Explain MySQL / MariaDB change --- roles/3-base-server/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index ed80399ba..4c03f3f8d 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -15,7 +15,7 @@ This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including: -- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| (NEW of 2023-11-05, MySQL / MariaDB is instead installed on demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.) This IIAB role also installs apt package: +- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** From 27cc66b87e6f351c5896d393c065e23312b56e06 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 12:58:05 -0500 Subject: [PATCH 1305/1758] 0-init/tasks/validate_vars.yml: Cleaner ordering of mysql within 45 --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index a369fca5c..3617715dd 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -76,7 +76,6 @@ - admin_console #- nginx # MANDATORY #- apache # Unmaintained - former dependency - - mysql # Dependency - excluded from _installed check below - squid - cups - samba @@ -85,6 +84,7 @@ - gitea - jupyterhub - lokole + - mysql # Dependency - excluded from _installed check below - mediawiki - mosquitto - nodejs # Dependency - excluded from _installed check below From aabfd5de9b48b561629dc250cafd7353a1b1ffb9 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 13:25:52 -0500 Subject: [PATCH 1306/1758] Move Munin install: 8-mgmt-tools -> 9-local-addons --- roles/8-mgmt-tools/tasks/main.yml | 5 ----- roles/9-local-addons/tasks/main.yml | 7 +++++++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 61ac785ad..8771b66a0 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -23,11 +23,6 @@ name: monit when: monit_install -- name: MUNIN - include_role: - name: munin - when: munin_install - - name: PHPMYADMIN include_role: name: phpmyadmin diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 257797dbd..337a74445 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -73,6 +73,13 @@ when: admin_console_install and mysql_installed is undefined +# 2023-11-05: Moved from Stage 8, as it acts on mysql_installed (that might be set just above!) +- name: MUNIN + include_role: + name: munin + when: munin_install + + - name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini set_fact: df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}" From a10384c9f1ea7ddf98ebe39b8f2576ea0cb41572 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 16:54:48 -0500 Subject: [PATCH 1307/1758] scripts/ansible: Recommend ansible-core 2.16.0 ETA 2023-11-06 --- scripts/ansible | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 78baa8013..48d337b19 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.5] -GOOD_VER=2.15.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.0] +GOOD_VER=2.16.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.15.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.16 +# https://github.com/ansible/ansible/blob/stable-2.16/changelogs/CHANGELOG-v2.16.rst # https://github.com/ansible/ansible/commits/stable-2.15 # https://github.com/ansible/ansible/blob/stable-2.15/changelogs/CHANGELOG-v2.15.rst # https://github.com/ansible/ansible/commits/stable-2.14 From 11257daf2a80029055e3b94fec997feef25b8b41 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 5 Nov 2023 16:56:30 -0500 Subject: [PATCH 1308/1758] iiab-install: Set MIN_ANSIBLE_VER=2.14.11 (2.13 EOL on 2023-11-06) --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 3b7811308..bc887d659 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.13.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 9f3ca844ff9b979de97c78365256f5f946bd4bf3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 6 Nov 2023 12:12:51 -0500 Subject: [PATCH 1309/1758] roles/nextcloud: Install prereq MySQL / MariaDB --- roles/3-base-server/README.rst | 2 +- roles/3-base-server/tasks/main.yml | 2 +- roles/nextcloud/tasks/install.yml | 15 +++++++++++++++ vars/default_vars.yml | 3 ++- 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 4c03f3f8d..579977f55 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -15,7 +15,7 @@ This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including: -- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: +- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 89d0610be..96cee56a9 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -5,7 +5,7 @@ # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, WordPress &/or Admin Console. +# MediaWiki, Nextcloud, WordPress &/or Admin Console. # - name: MYSQL + CORE PHP # include_role: # name: mysql diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ce62729c8..f62a080be 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -1,3 +1,18 @@ +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "Nextcloud install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4557d815a..4f89f695a 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -267,7 +267,8 @@ pi_swap_file_size: 1024 # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, WordPress &/or Admin Console. BOTH VALUES BELOW INITIALLY IGNORED: +# MediaWiki, Nextcloud, WordPress &/or Admin Console. SO BOTH VALUES BELOW ARE +# INITIALLY IGNORED: mysql_install: False mysql_enabled: False mysql_service: mariadb From 8d97dd9addfeb9502397889f3a6da82e84227b61 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Nov 2023 12:47:44 -0500 Subject: [PATCH 1310/1758] nextcloud/tasks/install.yml: Disk space estimates for /library/www/nextcloud --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f62a080be..2eef6290f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -123,7 +123,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~606 MB initially, sometimes ~642 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~607 MB initially, sometimes ~643 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From ba9fa67aaa678581671476aba3626e8ddd2d8bd5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Nov 2023 13:47:34 -0500 Subject: [PATCH 1311/1758] nextcloud-nginx.conf.j2: Patch both 'oc[ms]-provider' to 'ocs-provider' --- roles/nextcloud/templates/nextcloud-nginx.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 index a1d1a53b3..285c6c8e2 100644 --- a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 +++ b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 @@ -85,7 +85,7 @@ location ^~ {{ nextcloud_url }} { deny all; } - location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { + location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; @@ -102,7 +102,7 @@ location ^~ {{ nextcloud_url }} { fastcgi_request_buffering off; } - location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) { + location ~ ^\/nextcloud\/(?:updater|ocs-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } From 128088ea90e93601b894b22a3ef119f708df1fcc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Nov 2023 13:52:07 -0500 Subject: [PATCH 1312/1758] Desupport EOL'd Nextcloud 25, a year after its PHP 7 was (also!) EOL'd --- roles/nextcloud/tasks/install.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 2eef6290f..09b72749f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -118,10 +118,12 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" - set_fact: - nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 - when: php_version is version('8.0', '<') +# Nextcloud 25 EOL was 2023-10-01: https://endoflife.date/nextcloud +# https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule#eol-versions +#- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022" +# set_fact: +# nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 +# when: php_version is version('8.0', '<') - name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~607 MB initially, sometimes ~643 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: From afbddd16c46bcfd33b7f699191a204be67a0e8f0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 14 Nov 2023 10:07:38 -0500 Subject: [PATCH 1313/1758] gitea/defaults/main.yml: gitea_version: "1.21" --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index e2311c804..c318acfd7 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: "1.20" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. +gitea_version: "1.21" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 5b7297999b1850d2ba5f1133f32fdfeacd4e548c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 14 Nov 2023 10:12:49 -0500 Subject: [PATCH 1314/1758] gitea/tasks/install.yml: Mention Gitea 1.21 --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 957da4822..d61aa76c1 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -51,7 +51,7 @@ - name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" - dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.20 + dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.21 mode: 0775 timeout: "{{ download_timeout }}" From acf125f46d3eff3ac7550faeb3d00711d73131a6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 14 Nov 2023 11:43:32 -0500 Subject: [PATCH 1315/1758] gitea/tasks/install.yml: Doc ~134MB /library/gitea for #3671 --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index d61aa76c1..eed1559f8 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -48,7 +48,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~134 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.21 From c968abc77205649707ae6874e5db833f1ee0e081 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 15:56:45 -0500 Subject: [PATCH 1316/1758] pbx/default/main.yml: Try Asterisk 21 and FreePBX 17 --- roles/pbx/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 2cc6eece6..f7173c2b3 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,13 +26,13 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-20-current.tar.gz +asterisk_src_file: asterisk-21-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From 5e127a7cd7f2d5e415d2aa7a52b08a1715e90f5d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:00:36 -0500 Subject: [PATCH 1317/1758] default_vars.yml: 'asterisk_rpi_patch: False' safer --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4f89f695a..b7a197cb0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -692,7 +692,7 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False pbx_signaling_ports_chan_sip: 5160:5161 pbx_signaling_ports_chan_pjsip: 5060 From 409dace2e7263040e5ff7135afa3ba63b5f50f88 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:38:25 -0500 Subject: [PATCH 1318/1758] local_vars_unittest.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 9fd0605a6..59c80a0e2 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 01bec789fb9aa139f29408ac4a982c2b6b543584 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:39:22 -0500 Subject: [PATCH 1319/1758] local_vars_small.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_small.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index be689cd52..6765c20d5 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 4ca14a75fcaefc11a2afbc746dcb1a500de16529 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:40:05 -0500 Subject: [PATCH 1320/1758] local_vars_medium.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 829b6fb6c..4ed3e7e3e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 20e42b37224df77b1e243cc1468bc30571d2ccf5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:40:51 -0500 Subject: [PATCH 1321/1758] local_vars_large.yml: 'asterisk_rpi_patch: False' --- vars/local_vars_large.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7b108429f..c679b30f9 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -425,5 +425,5 @@ pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) -asterisk_rpi_patch: True +asterisk_rpi_patch: False asterisk_chan_dongle: False From 356c2bd1717b54ac9b83c10cf842d7d71f501e04 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:05:03 -0500 Subject: [PATCH 1322/1758] asterisk.yml w/o 'menuselect --enable app_macro' --- roles/pbx/tasks/asterisk.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index bc7638191..f5ce31b26 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -83,8 +83,8 @@ creates: menuselect.makeopts - name: Asterisk - Do a bit of menuselect configuration - command: menuselect/menuselect --enable app_macro --enable format_mp3 menuselect.makeopts - # 2021-08-06: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed? + command: menuselect/menuselect --enable format_mp3 menuselect.makeopts + # 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed? # command: > # menuselect/menuselect --enable app_macro --enable format_mp3 # --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722 From 93b381804ef65e093e2a4378ec2339cd2214b38b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:20:23 -0500 Subject: [PATCH 1323/1758] pbx/tasks/install.yml: Install MySQL / MariaDB --- roles/pbx/tasks/install.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index ef9dea71d..5c49dfa14 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -22,6 +22,21 @@ # when: nodejs_version != "12.x" +- name: "Set 'mysql_install: True' and 'mysql_enabled: True'" + set_fact: + mysql_install: True + mysql_enabled: True + +- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB) + include_role: + name: mysql + +- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined' + fail: + msg: "PBX install cannot proceed, as MySQL / MariaDB is not installed." + when: mysql_installed is undefined + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 From cf69b6438d5f8555503b5022de6b93c36683f4f7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:26:34 -0500 Subject: [PATCH 1324/1758] default_vars.yml: Clarify PBX need for MySQL --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b7a197cb0..ea4130c3c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -267,8 +267,8 @@ pi_swap_file_size: 1024 # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, Nextcloud, WordPress &/or Admin Console. SO BOTH VALUES BELOW ARE -# INITIALLY IGNORED: +# MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console. +# SO BOTH VALUES BELOW ARE INITIALLY IGNORED: mysql_install: False mysql_enabled: False mysql_service: mariadb From f2851ad9c4fa03c5945914f1551fabcb3e5570ec Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:28:27 -0500 Subject: [PATCH 1325/1758] 3-base-server: Clarify PBX need for MySQL --- roles/3-base-server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 96cee56a9..efe1c93e2 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -5,7 +5,7 @@ # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, -# MediaWiki, Nextcloud, WordPress &/or Admin Console. +# MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console. # - name: MYSQL + CORE PHP # include_role: # name: mysql From 3d6450a1887b692dffe2486dadb19aab1c789aa1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:42:53 -0500 Subject: [PATCH 1326/1758] pbx/tasks/asterisk.yml: Clarify 7 (not 6) --- roles/pbx/tasks/asterisk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index f5ce31b26..1721d69d2 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -84,7 +84,7 @@ - name: Asterisk - Do a bit of menuselect configuration command: menuselect/menuselect --enable format_mp3 menuselect.makeopts - # 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed? + # 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 7 others (BELOW) aren't needed? # command: > # menuselect/menuselect --enable app_macro --enable format_mp3 # --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722 From de1f5ed44ab0ce6f1c3c442f226d660ff9006650 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 19 Nov 2023 17:47:30 -0500 Subject: [PATCH 1327/1758] 3-base-server/README.rst: Clarify PBX needs MySQL --- roles/3-base-server/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 579977f55..1f22db3a2 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -15,7 +15,7 @@ This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including: -- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: +- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** - `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** From 022569fc612d5bc0614d0c67e0095c73f6793076 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Nov 2023 01:29:16 -0500 Subject: [PATCH 1328/1758] Revert to 'freepbx_git_branch: release/16.0' for now --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f7173c2b3..c93a9781a 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -32,7 +32,7 @@ asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From e9655ad79801f8ea50c4ddf64fee252897a4f6e6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Nov 2023 01:57:32 -0500 Subject: [PATCH 1329/1758] Revert to 'asterisk_src_file: asterisk-20-current.tar.gz' for now --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index c93a9781a..2cc6eece6 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,7 +26,7 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-21-current.tar.gz +asterisk_src_file: asterisk-20-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From c82709eaba75d972c412fcc84de461695fdc62ba Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Nov 2023 02:24:28 -0500 Subject: [PATCH 1330/1758] README.adoc: Comment out PR #3523 & var `asterisk_rpi_patch` --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a9c8b3087..727118015 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -61,12 +61,14 @@ If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/ph nginx_high_php_limits: True ---- + +//// As of April 2023 (https://github.com/iiab/iiab/pull/3523[PR #3523]) IIAB will patch Asterisk automatically (https://github.com/asterisk/asterisk/pull/32[PR asterisk/asterisk#32]) so it can be run experimentally on Raspberry Pi, so long as you keep this default settings: + ---- asterisk_rpi_patch: True ---- + +//// Optionally, you may want to enable https://github.com/wdoekes/asterisk-chan-dongle[chan_dongle], which is a channel driver for Huawei UMTS cards (e.g. 3G USB dongles) allowing regular voice calls over GSM mobile networks. You will need to configure a dongle post-install, for it to be recognized properly: + ---- From f2fd0fda9a461d59a7072f356a410a55d1b25ce2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 Nov 2023 02:33:15 -0500 Subject: [PATCH 1331/1758] pbx/defaults/main.yml: Try Asterisk 21 and FreePBX 17 --- roles/pbx/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 2cc6eece6..f7173c2b3 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,13 +26,13 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-20-current.tar.gz +asterisk_src_file: asterisk-21-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From 7b1b6eca723da732352ea4bed4d3b3f1dce190d0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 23 Nov 2023 14:52:17 -0500 Subject: [PATCH 1332/1758] README.rst: Transmission 4.1 ETA early 2024 --- roles/transmission/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 7e68d1325..944f3883f 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -24,7 +24,7 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. -Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). +Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in early 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. From a3c7955b1b6a0b3d63bceac95b94e51bd31a063a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Nov 2023 15:01:07 -0500 Subject: [PATCH 1333/1758] remoteit/README.md: Link to their pricing --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 43395bdc7..051d3b7f5 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [July 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From 13467a8b92160b3924c3522e554424d71884d92a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 29 Nov 2023 16:44:29 -0500 Subject: [PATCH 1334/1758] Calibre-Web prereqs for audio/video + set app.db log to /var/log/calibre-web.log --- roles/calibre-web/files/app.db | Bin 94208 -> 126976 bytes roles/calibre-web/tasks/enable-or-disable.yml | 18 +++++++++++++++++- roles/calibre-web/tasks/install.yml | 15 ++++++++++++--- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/files/app.db b/roles/calibre-web/files/app.db index 31a8b716a1427cd61610ed5f5c68253fe452aea8..01c0f038338a22ada9d7caaceb4b65880e84d183 100644 GIT binary patch delta 3325 zcmcgu+i%;}8Rt>#h_<6LUg9c=<CzKC*utn-q^?}yX0oH%PJET^HY)~DhvbpWh$3lT zWIKkZ%31O>4Dm96F9Wva4=CUSnD;Vt*jpd_(moZ)(}3=!0}2EK2CO?|ElR$m=w3$X z2t42UeILL3`96Hv{o%{-lfnLJf*^+R>cZ;`Ui==D9GE6<nt$lVyAbsX{}aR1zo}O* z`sqhhc;F)5U%c?5fAK5o1-<x^+Iy1g31OPY9P-IezY)S`UlG(R>Px);2NfbiFaEXA z`*QRn;ym#+LH+!VwaDk^{@nLP@2`4(M?MZeIQzHmt?o=$A@nh5V!$u<nx7neGz*Gn z4(c4R$ll$n;czq>1;32CU;h~FUmL0FqApllnlwUBEG*0x^7HiV!cX(7vnzBNsuptp zxB%XAzv2OX@b`DXXTUSAxYwNjO{qIdtP}Xhf=9$-yjXCD`jmP`J=<%p_Wu6d#c*_J z2>hjb@YW=lAO}ZkP*DW~TGobc$^sgpmu*wgDhxg1^3!0jafBr4T3M+GstgUmLT3F` z#*#16QXZfZJu|;jm?{(l-Ai1CV^gU_qQuaLI4lO4g1u#6`0`wSb{6xr@r^dJ;>)%5 zD$+{yo#lnLM@ri}p1ectB&aH)i3G<{<P!Z}zBoCZFSd`-rj1MuVxx7_K1IV^BA0AS zYY4XKST>T^bj!8^acu?LP(emz=%}`!LapM!3byC)<D<z~n*ploX*@bsyMu!}<Y?f4 zm$1QY{Y_L+utKJQJb#o<q(`C+_2VQ#37IyIl)V-x)Yhg$u#c{yts~GzN9>McYp5n- zJsg|~f-c@i5_adI#ixFtiVR0o%3DWNX>02kst#qLteZ6$xVn+=P{7`_nGGZwOj+a@ zS(m)E$<(TKMmHRbk;Df~Ed`m1QpWEX3hQ_;G6qg(y;5OR#b>WEz9LLb7Zv8dQDNYN z4Q9=*sf>KT&RF#dQ!`SGrz<{bY$WkE$&^(nF@`BIx@=?NS;mmPkC<2hsxYQq_L!Xx z4>_75=`s?^ii$K?!=XK1$6lZ;X${GaiUiAsI7qhQ0XvJP;Z=Mo<p~b3vSUJ9(Qy@Y zB7Gq1mrH=GAPr$G5=33E3X+a14d?K8DiW~Zs4B>6d_OJ|;o{T$4ERpzHDp5>+E5Uo zRCSEgbvdkKzbQ4mu4L${B5j=nv+d*wI#^B71nlvOm+dFqlj{gjz@a%_8ox$*<J*oG zfK`3twb)}&$1uJx)H0Byz*CBuoo}0HA<KGA)H}@b!mTPb1$T&3O!BUcOYY)02p>GW z3w{Ltv<SM-cSlGfLhd*JbMDF`2gpPmknw9%=};sx1^`JmsR#+i-QQ|p<VJ*ykj)i* zmy-Rfp~!`PGJ>DoInu+CWDn@^ANOMoJipvKR)^-8s#nGiJ8~S??oGURO&$EYQOSGH zg!)0IxKPR8&8nO4EA?D_J-wcpg2g-Xv?@;4t@?XKU7KHDim%+`oa)l#2bp_CQPLLe zyEDa~*-J8uQXAFyWMWI==M&ECJ(ycftSc+4D@Ji?d>lL>i0vK7m)R`ja&e9m<#>uu zuyH=s;H5Ycb7fiP_;Nzzho9ocjI{q-i@DwIG5=GG>FOmT_^t=kCP8iPH#Mr!>;~OL z&u)av@RBTx2{|L86oMR|DnkjTS)R}GQnt)x`4pc`=TMqWWD;qZ;Sz|=WRi)LoJ1Km zo62xfCMiLb5YtIEmE>6#u?V3w6j2Vcaw1uVskF#*<uuBnRGH_}D3cb`JzO@;aVfE! zcxKSg|Jik(3{lGjwL>lMH>ap~M?>d{=n&4O{?G+4S^CK-2U)hJ|HQw)z;&b<-(c5o z?=%U}Pedc3=1ipj%pvya)8SfZd*?abMgJh&M+54eH>#0hWVp}lo9UzXo4tLZkwN#< zTi_bWdH2u{N3M9g8#jj@#x94W0|Vf3+J>TvyhCqYoh%meD+PKbKQUXNuY08H^r-vg zIJi0KwdvLcHkwJr7+=GH!g7fiW9ljj#uTR27Frm_t-T8_tEzvQw}_)$jIk6MiO>}4 z3fgG3CFc0N5HKWT_)JrfEZDGOwa5(i67D|7h;CvETy@89fuZ+3;dm^wZ9KnO{)EK% zW2COBTY|NQ)H<^KnX+xb>io>oYJnd0Oph_Goo{z6MzEL8MhnAkEeS5o*=x8>YTmHO z2Csv=Z$`t>;bHJ_+jnws5WHMD;_iU#{*}X{C9XEb-Vzi!@Ce=8<4tXW#d!biIM7M) zM#Z)T7-AwzR~_$0JVI{Wyq&zQ+f5dr-9z8TnXoc5S8(T3V9>2)!9}6v0#A)tZ>%}@ zW;i-F26ktB1B0m?N5Q*NtrLXHM+`o3>>KV5<-iSBO@mwc=EOia`u5vkcPhwI96`U& Yd#TxazjQ=u=Sd*&Limu+)pB6rzoLm6iU0rr delta 748 zcmZ8f&ubG=5Z>8My4$szx1o)Tjlpf9Hj!4-ScR5KyNOF18aHihJ@isH?W07KP05dn z6`^Ymy@(h*>|dY<1tBdo7e(n^#e;_)gj_sGa}Ww8P*C5lqz4BE-uJ!ln_-68YOq@k z_jAA3Pf?UavK?Y|=xVp0x;%N{CKR9(`@@G$c0qiKJUya7AdQwNWTK^-siCm}8c|Y! z76dQd-6@cmF5_a!$WP&%p2<Q#HrD^>+3aHwDM_HsxZq{}>8$Dp$nAXum)rs9m_o;- zMHA5+?6#78<5G(f=?zMFhrXa!!o9AIGe7vByoY<we(I>Z-?)yL*UTCb{6ej&d6%v* zRWt2Et&Z<C^9j_|Q7Ce}`H*ELNrK9}wLbwhYkUkQ>)&p`0fZ`Rz)C(JY>$-mbQYJ3 zxL_w8OR36&DlaI}geu#N^>qv+Yv&OBQJL>FGAs8DJ%{BxN-8#^q=MH+LqmjjW<4cG zB4LLu<g-}5eM?Cs;@W~Ov-%Y1vBV~v3lo&hujoY3E){V+#mp*B>xJcw41ORJn>wwg z9P3;Y&W{pTPA`=UczGpnl(12fqse4KRWw_&ij53jT`uWs#dcB0xzz+8V|U-a2^Xwd z69O7Ri&}hsQI&)3k(};r(wWC$Vl!%NRu2BxHLl6Q@Q^$b3h|*q#+p5ZJ}zRf%QZ;b z=;8oF?u4^%$37Sr(@S|ag^8}W<Z&8ovS$9K`4`?ERtf~*Wx4)n3Zk5qj=<UaXAL4y zKMF&N*_#8m==N-q5;b$((_3L6N(}=y+&6uV+}#xbjx&+KfnfFLV9-Tz0%zrOutRn| HZosp@Y-_?J diff --git a/roles/calibre-web/tasks/enable-or-disable.yml b/roles/calibre-web/tasks/enable-or-disable.yml index b196176f9..c15fda0da 100644 --- a/roles/calibre-web/tasks/enable-or-disable.yml +++ b/roles/calibre-web/tasks/enable-or-disable.yml @@ -23,12 +23,28 @@ dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d when: calibreweb_enabled +- name: If enabling with Calibre-Web enhanced for large audio/video "books" too, also append onto calibre-web-nginx.conf AND symlink /library/www/html/calibre-web -> /library/calibre-web (WIP) + shell: | + if [ -f {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf ]; then + cat {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf >> {{ nginx_conf_dir }}/calibre-web-nginx.conf + ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web + fi + when: calibreweb_enabled + + - name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf file: - path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d + path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" state: absent when: not calibreweb_enabled +- name: If disabling, also remove symlink /library/www/html/calibre-web (WIP) + file: + path: "{{ doc_root }}/calibre-web" # /library/www/html + state: absent + when: not calibreweb_enabled + + - name: Restart 'nginx' systemd service systemd: name: nginx diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7f778a38f..7f6644980 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -3,10 +3,9 @@ register: df1 -- name: "Install packages: ffmpeg, imagemagick, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - - ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved! - imagemagick - python3-netifaces state: present @@ -57,7 +56,17 @@ dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing - version: "{{ calibreweb_version }}" # e.g. master, 0.6.20 + version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 + +- name: If Calibre-Web is being enhanced with audio/video "books" too, install additional prereqs (CAN TAKE 3+ MINUTES, WIP) + shell: | + if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then + apt install ffmpeg pipx -y + pipx install xklb + ln -s /root/.local/bin/lb /usr/local/bin/lb + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper + chmod a+x /usr/local/bin/lb-wrapper + fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} pip: From 4714b06d119bc0e3eb4f6cddbdfcb9db465fd330 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Nov 2023 21:27:41 -0500 Subject: [PATCH 1335/1758] calibre-web/tasks/install.yml: Better xklb & yt-dlp symlinks --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 7f6644980..453a7f8bd 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -63,7 +63,8 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y pipx install xklb - ln -s /root/.local/bin/lb /usr/local/bin/lb + ln -sf /root/.local/bin/lb /usr/local/bin/lb + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper chmod a+x /usr/local/bin/lb-wrapper fi From e705ad6cd454701a48aa805879bb5ceeeacb4e37 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 13:25:48 -0500 Subject: [PATCH 1336/1758] calibre-web/defaults/main.yml: Set 'calibreweb_venv_wipe: True' --- roles/calibre-web/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 250deeaf6..4512e4e53 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -17,6 +17,7 @@ calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 +calibreweb_venv_wipe: True calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" From 02471e9402efcce1658c01d2c57c1596651bacc4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 14:21:30 -0500 Subject: [PATCH 1337/1758] calibre-web/tasks/install.yml: Enact calibreweb_venv_wipe & clone as nec --- roles/calibre-web/tasks/install.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 453a7f8bd..4f6ce8f65 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -27,10 +27,16 @@ line: ' <policy domain="coder" rights="read" pattern="PDF" />' state: present -- name: Remove previous virtual environment {{ calibreweb_venv_path }} +- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" file: path: "{{ calibreweb_venv_path }}" state: absent + when: calibreweb_venv_wipe + +- name: Does {{ calibreweb_venv_path }} exist? + stat: + path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + register: calibreweb_venv - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: @@ -41,7 +47,7 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + - "{{ calibreweb_venv_path }}" # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -50,13 +56,14 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 + when: not calibreweb_venv.stat.exists - name: If Calibre-Web is being enhanced with audio/video "books" too, install additional prereqs (CAN TAKE 3+ MINUTES, WIP) shell: | From da785cb8c4f7c027f1a6a0b001ec4d183128acd7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 14:24:45 -0500 Subject: [PATCH 1338/1758] New default 'calibreweb_venv_wipe: False' for TDD! --- roles/calibre-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 4512e4e53..1ae41bef8 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -17,7 +17,7 @@ calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 -calibreweb_venv_wipe: True +calibreweb_venv_wipe: False # 2024-12-04: NEW default TDD (Test-Driven Dev!) calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" From 5feecc022ec59c4bdfd8515a935d8c7df6cc20c0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 15:06:18 -0500 Subject: [PATCH 1339/1758] calibre-web/tasks/install.yml: Auto-upgrade xklb & yt-dlp for TDD --- roles/calibre-web/tasks/install.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 4f6ce8f65..5bc947a99 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,13 +65,17 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install additional prereqs (CAN TAKE 3+ MINUTES, WIP) +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs (CAN TAKE 3+ MINUTES, WIP) shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y - pipx install xklb - ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if lb --version; then + pipx upgrade --include-injected xklb + else + pipx install xklb + ln -sf /root/.local/bin/lb /usr/local/bin/lb + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper chmod a+x /usr/local/bin/lb-wrapper fi From 47da9a9cbaaf1983a2f1e269ac6cd3396adaa456 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 15:28:58 -0500 Subject: [PATCH 1340/1758] calibre-web/defaults/main.yml: Fix typo "2023-12-04" --- roles/calibre-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 1ae41bef8..d4b2765a4 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -17,7 +17,7 @@ calibreweb_repo_url: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 -calibreweb_venv_wipe: False # 2024-12-04: NEW default TDD (Test-Driven Dev!) +calibreweb_venv_wipe: False # 2023-12-04: NEW default TDD (Test-Driven Dev!) calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" From a546c5132aef0f7a661a18b34e21327a6267527e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 16:54:05 -0500 Subject: [PATCH 1341/1758] Recommend ansible-core 2.16.1 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 48d337b19..0caaaef87 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.0] -GOOD_VER=2.16.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.1] +GOOD_VER=2.16.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From af9597d5b25e4f2b7322e830ffb0f856a71e8283 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 17:11:07 -0500 Subject: [PATCH 1342/1758] iiab-install: Set MIN_ANSIBLE_VER=2.14.12 (2.13 EOL on 2023-11-06) --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index bc887d659..e09527224 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.11 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 9f00b7b41b69efe80641944b2b24c0dbee393c8e Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 4 Dec 2023 18:01:55 -0500 Subject: [PATCH 1343/1758] validate_vars.yml: ansible-core 2.16.1 req 'loop' not 'with_items' w/ 'assert' templating --- roles/0-init/tasks/validate_vars.yml | 42 ++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 3617715dd..383f911a3 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -158,20 +158,38 @@ when: item != 'mysql' and item != 'postgresql' and item != 'mongodb' and item != 'nodejs' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" + +- name: Set vars_deprecated_list for 4+ vars ("XYZ_install") to be checked + set_fact: + vars_deprecated_list: + - dhcpd # Deprecated + - named # Deprecated + - wondershaper # Deprecated + - dansguardian # Deprecated + #- xo_services # Unmaintained + #- activity_server # Unmaintained + #- ejabberd_xs # Unmaintained + #- idmgr # Unmaintained + #- dokuwiki # Unmaintained + #- ejabberd # Unmaintained + #- elgg # Unmaintained + - name: 'DISALLOW "XYZ_install: True" if deprecated' assert: that: "{{ item }}_install is undefined or not {{ item }}_install" fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" quiet: yes - with_items: - - dhcpd # Deprecated - - named # Deprecated - - wondershaper # Deprecated - - dansguardian # Deprecated - #- xo_services # Unmaintained - #- activity_server # Unmaintained - #- ejabberd_xs # Unmaintained - #- idmgr # Unmaintained - #- dokuwiki # Unmaintained - #- ejabberd # Unmaintained - #- elgg # Unmaintained + loop: "{{ vars_deprecated_list }}" + # 2023-12-04: ansible-core 2.16.1 suddenly no longer allows 'assert' with + # 'with_items' below (whereas 'loop' construct above works!) BACKGROUND: + # + # 'due to mitigation of security issue CVE-2023-5764 in ansible-core 2.16.1, + # conditional expressions with embedded template blocks can fail with the + # message “Conditional is marked as unsafe, and cannot be evaluated.”' + # https://docs.ansible.com/ansible-core/2.16/porting_guides/porting_guide_core_2.16.html#playbook + # + # with_items: + # - dhcpd # Deprecated + # - named # Deprecated + # - wondershaper # Deprecated + # - dansguardian # Deprecated From a6bafe833a017db2e5e0c5b50039d12104410f35 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 5 Dec 2023 16:51:13 -0500 Subject: [PATCH 1344/1758] enable-or-disable.yml: Avoid NGINX symlink /library/www/html/calibre-web --- roles/calibre-web/tasks/enable-or-disable.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/enable-or-disable.yml b/roles/calibre-web/tasks/enable-or-disable.yml index c15fda0da..493703dc7 100644 --- a/roles/calibre-web/tasks/enable-or-disable.yml +++ b/roles/calibre-web/tasks/enable-or-disable.yml @@ -27,7 +27,8 @@ shell: | if [ -f {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf ]; then cat {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf >> {{ nginx_conf_dir }}/calibre-web-nginx.conf - ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web + # 2023-12-05: Not needed as a result of PR iiab/calibre-web#57 + # ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web fi when: calibreweb_enabled From c2a1ad2e4685b446a7bb9f95d9cc02112dd22e0e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Dec 2023 22:59:18 -0500 Subject: [PATCH 1345/1758] Install /usr/local/bin/lb-wrapper.greedy for Calibre-Web testing --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5bc947a99..65d4ac69d 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -76,8 +76,8 @@ ln -sf /root/.local/bin/lb /usr/local/bin/lb ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi - cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/lb-wrapper - chmod a+x /usr/local/bin/lb-wrapper + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ + chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From 1972f4763c54d7888676a8746a5af86dd98744ce Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Dec 2023 16:01:11 -0500 Subject: [PATCH 1346/1758] Recommend ansible-core 2.16.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0caaaef87..0a268c480 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.1] -GOOD_VER=2.16.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.2] +GOOD_VER=2.16.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 9bcbee3202b5596aba94cc757f23824d9f520185 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 11 Dec 2023 16:02:51 -0500 Subject: [PATCH 1347/1758] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.13 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index e09527224..7b8738c4d 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From a4f9cba1bb7038bfa57ce77229a9397f1ce8f633 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 15 Dec 2023 16:58:17 -0500 Subject: [PATCH 1348/1758] nextcloud/tasks/install.yml: Mention Nextcloud 28.0.0 size/space --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 09b72749f..f8d47c6f5 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -125,7 +125,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~607 MB initially, sometimes ~643 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~652 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From c4738b007ed360a9f17fab9f9de231ce3943ffc3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Dec 2023 00:29:08 -0500 Subject: [PATCH 1349/1758] nextcloud/tasks/install.yml: Clarify install & upgrade realities --- roles/nextcloud/tasks/install.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f8d47c6f5..963045f4e 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -61,12 +61,15 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. -# 2023-03-21 & 2023-06-15: Check latest required AND recommended prereqs below. -# e.g. Nextcloud 26 now works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0 +# December 2023: Check latest required AND recommended prereqs below! +# e.g. Nextcloud 26 works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0; Nextcloud 28 works with PHP 8.3 # https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/26/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html +# https://docs.nextcloud.com/server/28/admin_manual/installation/ +# 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN +# gets badly stuck if its web-based upgrade process is attempted :/ +# https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From d70b36533508632b6b166ca096a17f5002ae55f3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Dec 2023 15:31:10 -0500 Subject: [PATCH 1350/1758] transmission/tasks/install.yml: Warn about 60+ min compile --- roles/transmission/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml index 20dc9a5f2..ae3c8cd72 100644 --- a/roles/transmission/tasks/install.yml +++ b/roles/transmission/tasks/install.yml @@ -37,7 +37,7 @@ force: yes # https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md#building-transmission-from-git-first-time - - name: Compile, install & remove detritus (CAN TAKE 50 MINUTES OR MORE ON A RASPBERRY PI 4!) + - name: Compile, install & remove detritus (CAN TAKE 60+ MINUTES ON RASPBERRY PI 4!) shell: | cd /opt/iiab/transmission git submodule update --init --recursive From c90c85acafd3f461b47b89b7051f7acb640555c7 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 16 Dec 2023 23:51:24 -0500 Subject: [PATCH 1351/1758] Use Wayland compositor's ~/.config/wayfire.ini to show pop-ups & browser on boot --- roles/iiab-admin/tasks/pwd-warnings.yml | 36 ++++++++-------- ...-iiab.sh.j2 => iiab-pwdwarn-profile.sh.j2} | 0 ...xde-iiab.sh.j2 => iiab-pwdwarn-wayfire.j2} | 0 roles/network/tasks/install.yml | 2 +- roles/network/tasks/netwarn.yml | 29 ++++++------- .../netwarn/{netwarn => iiab-netwarn} | 10 +++-- .../netwarn/netwarn-iiab-network.desktop | 2 +- roles/www_options/tasks/main.yml | 42 +++++++++++-------- 8 files changed, 67 insertions(+), 54 deletions(-) rename roles/iiab-admin/templates/{sshpwd-profile-iiab.sh.j2 => iiab-pwdwarn-profile.sh.j2} (100%) rename roles/iiab-admin/templates/{sshpwd-lxde-iiab.sh.j2 => iiab-pwdwarn-wayfire.j2} (100%) rename roles/network/templates/netwarn/{netwarn => iiab-netwarn} (72%) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index e63c8841b..c052c270c 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -2,34 +2,36 @@ # AND roles/network/tasks/netwarn.yml FOR iiab-network -- name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default +- name: Install /etc/profile.d/iiab-pwdwarn-profile.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default template: - src: sshpwd-profile-iiab.sh.j2 - dest: /etc/profile.d/sshpwd-profile-iiab.sh + src: iiab-pwdwarn-profile.sh.j2 + dest: /etc/profile.d/iiab-pwdwarn-profile.sh mode: '0644' -- name: Is /etc/xdg/lxsession/LXDE-pi a directory? +- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: - path: /etc/xdg/lxsession/LXDE-pi - register: lx + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini + register: wayfire_ini -- name: "If so, install from template: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh" +- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-wayfire" template: - src: sshpwd-lxde-iiab.sh.j2 - dest: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh + src: iiab-pwdwarn-wayfire.j2 + dest: /usr/local/sbin/iiab-pwdwarn-wayfire mode: '0755' - when: lx.stat.isdir is defined and lx.stat.isdir # and is_raspbian + when: wayfire_ini.stat.exists -# 2019-03-07: This popup (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) does +# 2019-03-07: This pop-up (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) did # not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop # (or pprompt.desktop as Raspbian has working since 2018-11-13!) Too bad as it -# would be really nice to standardize this popup across Ubermix & all distros.. +# would be really nice to standardize pop-ups across Ubermix & all distros... # Is this a permissions/security issue presumably? Official autostart spec is: # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /etc/xdg/lxsession/LXDE-pi/autostart to trigger popups - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - line: "@/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh" - when: lx.stat.isdir is defined and lx.stat.isdir # and is_raspbian +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger pop-ups + ini_file: + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin + section: autostart + option: iiab-pwdwarn-wayfire + value: /usr/local/sbin/iiab-pwdwarn-wayfire + when: wayfire_ini.stat.exists diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-profile.sh.j2 similarity index 100% rename from roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-profile.sh.j2 diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 similarity index 100% rename from roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index df473eae1..680b95233 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -99,7 +99,7 @@ - roles/network/templates/gateway/iiab-internet-on # Invoked by 1-prep (so full path needed) - roles/network/templates/gateway/iiab-internet-off # Invoked by 1-prep (so full path needed) -- name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' +- name: 'Install /usr/local/sbin/iiab-netwarn for pop-ups on boot, if iiab-network should be run' include_tasks: roles/network/tasks/netwarn.yml # Invoked by 1-prep (so full path needed) diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index c1f687e28..2ce6aaac0 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -1,21 +1,22 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/www_options/tasks/main.yml FOR browser -# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/netwarn but for -# ssh sessions (across all OS's/distros/window managers) might also make sense? +# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/iiab-netwarn but for +# shell / ssh logins (across all OS's/distros/window managers) might also make sense? -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? +- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_pi_autostart_present + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini + register: wayfire_ini -- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/local/sbin/netwarn$' - line: '/usr/local/sbin/netwarn' - when: lxde_pi_autostart_present.stat.exists +- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/wayfire.ini + ini_file: + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin + section: autostart + option: iiab-netwarn + value: /usr/local/sbin/iiab-netwarn + when: wayfire_ini.stat.exists # mate desktop detection based on 'register: nd_dir' in enable_services @@ -39,9 +40,9 @@ # (Let's insert those here if so, and refine the 'when:' line below.) -- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn' +- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/iiab-netwarn' template: - src: roles/network/templates/netwarn/netwarn # Invoked by 1-prep (so full path needed) + src: roles/network/templates/netwarn/iiab-netwarn # Invoked by 1-prep (so full path needed) dest: /usr/local/sbin/ mode: 0755 - when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir) + when: wayfire_ini.stat.exists or (mate_dir.stat.exists and mate_dir.stat.isdir) diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/iiab-netwarn similarity index 72% rename from roles/network/templates/netwarn/netwarn rename to roles/network/templates/netwarn/iiab-netwarn index a8f7a7916..617310646 100755 --- a/roles/network/templates/netwarn/netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -1,8 +1,12 @@ #!/bin/bash -# CONFUSING BUT FYI: Commands below run *strictly sequentially* when this -# script (/usr/local/sbin/netwarn) is invoked by autostart during OS boot. -# This allows return codes to be meaningful, at each successive step. +# CONFUSING BUT FYI: Steps below run *strictly sequentially* when this script +# (/usr/local/sbin/iiab-netwarn) is run on boot, triggered by either autostart: +# https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html +# ...or by Wayland compositor Wayfire's ~/.config/wayfire.ini for RasPiOS 12+: +# https://github.com/WayfireWM/wayfire/wiki/Configuration#autostart +# +# This allows return codes ($rc) to be meaningful, at each successive step. # (As of July 2022, this is tested to work well with Ubuntu Mate and "Raspberry # Pi OS with desktop" on Raspberry Pi 4!) # diff --git a/roles/network/templates/netwarn/netwarn-iiab-network.desktop b/roles/network/templates/netwarn/netwarn-iiab-network.desktop index 35547ee41..f109f88b0 100644 --- a/roles/network/templates/netwarn/netwarn-iiab-network.desktop +++ b/roles/network/templates/netwarn/netwarn-iiab-network.desktop @@ -4,7 +4,7 @@ Comment[en_US]=iiab-network Name[en_CA]=iiab-network Comment[en_CA]=iiab-network Type=Application -Exec=/usr/local/sbin/netwarn +Exec=/usr/local/sbin/iiab-netwarn Hidden=false Name=iiab-network Comment=iiab-network diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index d41607982..1d5b642e0 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,29 +31,35 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network -- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) +- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_pi_autostart_present + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini + register: wayfire_ini -- name: Does /usr/bin/chromium exist? (check for browser filename change) +- name: Does /usr/bin/chromium-browser exist? stat: - path: /usr/bin/chromium - register: chromium_present + path: /usr/bin/chromium-browser + register: chromium_browser -- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium-browser' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: lxde_pi_autostart_present.stat.exists and not chromium_present.stat.exists +# - name: Does /usr/bin/chromium exist? (check for browser filename change) +# stat: +# path: /usr/bin/chromium +# register: chromium_present -- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart - lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium --disable-restore-session-state http://box/home' - when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists +- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini + ini_file: + path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin + section: autostart + option: chromium-browser + value: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: wayfire_ini.stat.exists and chromium_browser.stat.exists + +# - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart +# lineinfile: +# path: /etc/xdg/lxsession/LXDE-pi/autostart +# regexp: '^/usr/bin/chromium' +# line: '/usr/bin/chromium --disable-restore-session-state http://box/home' +# when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists # 2022-12-29: php-settings.yml is ALSO attempted (on demand) by every From 16ef96f0f5e5a6d9e83bc76a1a216f1ad569ee43 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 00:42:18 -0500 Subject: [PATCH 1352/1758] nextcloud/tasks/install.yml: Clarify 655MB /library/www/nextcloud --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 963045f4e..a25dd59c1 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -128,7 +128,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~652 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~655 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 73f0fa6ff84d6007339d88a2aa5eb4d2d6c3f6e1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 07:16:59 -0500 Subject: [PATCH 1353/1758] Update iiab-netwarn explanation for PR #3685 --- roles/network/templates/netwarn/iiab-netwarn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/netwarn/iiab-netwarn b/roles/network/templates/netwarn/iiab-netwarn index 617310646..b20d18fc6 100755 --- a/roles/network/templates/netwarn/iiab-netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -11,8 +11,8 @@ # Pi OS with desktop" on Raspberry Pi 4!) # # IN CONTRAST: return codes below are NOT MEANINGFUL when this script is -# invoked from a regularly graphical desktop session -- so make sure to test -# during an actual OS boot-up, with autostart! +# invoked manually after boot from a regular graphical desktop session -- so +# make sure to test (either kind of) "autostart" during actual OS boot-up! if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then exit From 017e55a70aa450aca780b003b54de0de10fa9d7e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 12:29:53 -0500 Subject: [PATCH 1354/1758] moodle/tasks/install.yml: Update URL for cron doc --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index eb6ec62d5..19e53b9cc 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -174,7 +174,7 @@ # 2021-11-19: Resolves Moodle error https://github.com/iiab/iiab/issues/3024 - name: Set cron job to run /opt/iiab/moodle/admin/cli/cron.php every minute (* * * * *) in /var/spool/cron/crontabs/www-data -- per https://docs.moodle.org/310/en/Cron cron: - name: https://docs.moodle.org/310/en/Cron + name: https://docs.moodle.org/en/Cron user: www-data job: "/usr/bin/php /opt/iiab/moodle/admin/cli/cron.php >/dev/null" From 1a8fd72df684e35cf6a55a6a9c080f03bbdb14c9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 12:33:35 -0500 Subject: [PATCH 1355/1758] moodle/tasks/install.yml: Link to CLI upgrade instructions --- roles/moodle/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 19e53b9cc..343a8eb29 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -6,6 +6,9 @@ # 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini # (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) +# 2023-12-17: Upgrade instructions via CLI +# https://docs.moodle.org/en/Administration_via_command_line + - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: From a7b58da07944230d55f88a3d9f4473aee073407c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 12:40:23 -0500 Subject: [PATCH 1356/1758] moodle/tasks/install.yml: Concrete CLI upgrade example --- roles/moodle/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 343a8eb29..af1c25f81 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -8,6 +8,12 @@ # 2023-12-17: Upgrade instructions via CLI # https://docs.moodle.org/en/Administration_via_command_line +# +# cd /opt/iiab/moodle +# sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable +# git pull +# sudo -u www-data /usr/bin/php admin/cli/upgrade.php +# sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" From b0f1cccd372342f5a56678ac3ed25e7fbd2d01e1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 12:56:54 -0500 Subject: [PATCH 1357/1758] moodle/tasks/install.yml: Fix CLI upgrade example --- roles/moodle/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index af1c25f81..d9d25867f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -9,9 +9,10 @@ # 2023-12-17: Upgrade instructions via CLI # https://docs.moodle.org/en/Administration_via_command_line # +# EXAMPLE: # cd /opt/iiab/moodle # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull +# git pull https://github.com/moodle/moodle MOODLE_403_STABLE # sudo -u www-data /usr/bin/php admin/cli/upgrade.php # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From f8155c23afa0cf66590205bf47d983e1d6140efa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 13:45:55 -0500 Subject: [PATCH 1358/1758] moodle/tasks/install.yml: Refine Moodle CLI upgrade tips --- roles/moodle/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index d9d25867f..4b2709c3e 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -11,8 +11,9 @@ # # EXAMPLE: # cd /opt/iiab/moodle +# cp -p config.php ~/config.php.MOODLE_BKP # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull https://github.com/moodle/moodle MOODLE_403_STABLE +# git pull # OR IF NEC: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # OR RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . # sudo -u www-data /usr/bin/php admin/cli/upgrade.php # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From b5d3a7658a7e5f1c6ef37a330fdfac59a4718222 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Dec 2023 15:11:01 -0500 Subject: [PATCH 1359/1758] moodle/tasks/install.yml: Clarify 'git pull' options for CLI upgrade --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4b2709c3e..f59be7a47 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -13,7 +13,7 @@ # cd /opt/iiab/moodle # cp -p config.php ~/config.php.MOODLE_BKP # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull # OR IF NEC: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # OR RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . +# git pull # Might fail due to original clone with '--depth 1' ? So this too may fail: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # IF SO, RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . # sudo -u www-data /usr/bin/php admin/cli/upgrade.php # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From 120a5701b9965e17c0533a9d424faaa7763640f7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Dec 2023 13:22:22 -0500 Subject: [PATCH 1360/1758] 1-prep/templates/iiab-expand-rootfs: Clarify partition shrinking/expanding --- roles/1-prep/templates/iiab-expand-rootfs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index f6c75b46e..89d2bd552 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -8,10 +8,16 @@ # Verifies that rootfs is the last partition. +# RELATED: +# 1. https://github.com/iiab/iiab-factory/blob/master/box/rpi/min-sd +# 2. https://github.com/iiab/iiab-factory/blob/master/box/rpi/cp-sd +# 3. https://github.com/iiab/iiab-factory/blob/master/box/rpi/xz-json-sd +# OR https://github.com/iiab/iiab-factory/blob/master/box/rpi/exp-sd + if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then echo "$0: Expanding rootfs partition" - if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS + if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS -- WARNING: their fdisk-centric approach of course FAILS with "Hybrid MBR" or GPT partition tables, as required by any drive > 2TB :/ # 2022-02-17: Uses do_expand_rootfs() from: # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config # 2023-10-05: Official new RPi instructions: @@ -35,7 +41,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then fi # Expand partition - growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? + growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk (assuming MBR). They really should transition to gdisk, as required by any drive > 2TB. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future? rc=$? # Make Return Code visible, for 'bash -x' resize2fs $ROOT_PART rc=$? # Make RC visible (as above) From d46d5d12d799eadcd87bd7fb7bf2d3e57017a1a2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 20 Dec 2023 10:31:13 -0500 Subject: [PATCH 1361/1758] moodle/tasks/install.yml: Clarify CLI-based Moodle upgrade tips --- roles/moodle/tasks/install.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index f59be7a47..7a33421ae 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -11,10 +11,13 @@ # # EXAMPLE: # cd /opt/iiab/moodle -# cp -p config.php ~/config.php.MOODLE_BKP # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable -# git pull # Might fail due to original clone with '--depth 1' ? So this too may fail: git pull https://github.com/moodle/moodle MOODLE_403_STABLE --no-rebase # IF SO, RESCUE config.php AFTER RECLONE: cd .. ; mv moodle moodle.bkp ; git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 ; cd moodle ; cp ../moodle.bkp/config.php . -# sudo -u www-data /usr/bin/php admin/cli/upgrade.php +# cd /opt/iiab +# mv moodle moodle.bkp +# git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 # As a regular 'git pull' will likely fail, due to original clone's '--depth 1' -- but no worries: total clone download is just ~100 MB, which expands to ~400 MB +# cp moodle.bkp/config.php moodle/ +# cd moodle +# sudo -u www-data /usr/bin/php admin/cli/upgrade.php # Or later log in to Moodle, to complete the upgrade (i.e. click "Continue" 4-5 times) # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable From a7ed9f7dcd152b185944ce24d14ba1805f1820f2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:28:38 -0500 Subject: [PATCH 1362/1758] www_options/tasks/php-settings.yml: Set 2 vars to 10000M when nginx_high_php_limits or moodle_install or nextcloud_install --- roles/www_options/tasks/php-settings.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 3cdd2b887..46955cf16 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -52,7 +52,7 @@ # And in the past it used: .../apache2/php.ini -- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -66,7 +66,7 @@ - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -81,28 +81,28 @@ when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install or nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' } From d4846589eaf8411788a6b3c3bf47bbabd3501713 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 21 Dec 2023 13:55:43 -0500 Subject: [PATCH 1363/1758] mediawiki/defaults/main.yml: New version 1.41.0 --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index ddad4f10c..77a233ac1 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 1 +mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 2261c6c9f0bf0efedb0a2225d76296f9ea2b771f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 05:17:45 -0500 Subject: [PATCH 1364/1758] nextcloud/tasks/install.yml: Clarify need for manual upgrade --- roles/nextcloud/tasks/install.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index a25dd59c1..0aafe7426 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -67,9 +67,12 @@ # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html # https://docs.nextcloud.com/server/28/admin_manual/installation/ + # 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN -# gets badly stuck if its web-based upgrade process is attempted :/ +# gets badly stuck (PHP timeouts, leading to FALSE instructions erroneously +# asking tou to wait) if its web-based upgrade process is attempted :/ # https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html + - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: From f8748e12fb05e4edd3b26c8b38cb3fa59336398a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 08:40:02 -0500 Subject: [PATCH 1365/1758] pbx/README.adoc: Sadly PHP 7.4 still required --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 727118015..a69906f01 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,9 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of December 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) &mdash; sadly this remains true in December 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From efc3b2fa87003bf07f7e672d919dd775e069e605 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 09:49:58 -0500 Subject: [PATCH 1366/1758] nextcloud/tasks/install.yml: Typo in CLI upgrade tips --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 0aafe7426..d82f040bb 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -70,7 +70,7 @@ # 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN # gets badly stuck (PHP timeouts, leading to FALSE instructions erroneously -# asking tou to wait) if its web-based upgrade process is attempted :/ +# asking you to wait) if its web-based upgrade process is attempted :/ # https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) From edc08173b3a1d7555bb4bed199df39f0bd3f2a9e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 10:01:33 -0500 Subject: [PATCH 1367/1758] iiab-admin/tasks/pwd-warnings.yml: Clarify ~/.config/wayfire.ini --- roles/iiab-admin/tasks/pwd-warnings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index c052c270c..46d091bec 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -28,7 +28,7 @@ # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger pop-ups +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger iiab-pwdwarn-wayfire (& pop-up as nec) ini_file: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin section: autostart From 4c8baa3b170a584e92a15691ce557b60b8fa9420 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 15:25:44 -0500 Subject: [PATCH 1368/1758] calibre-web/README.rst --- roles/calibre-web/README.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index f947c4a02..f9993ae65 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,6 +25,10 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! +**NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ +**then you can also add YouTube and Vimeo videos (ETC!) to your community's or +family's learning library!** + .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg 🍒 GURU TIPS 🍒 From a120f79ed54766c1ac56d933b1f4f4db8852366d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 15:29:49 -0500 Subject: [PATCH 1369/1758] calibre-web/README.rst: Link to new IIAB's DIY Video Library --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index f9993ae65..9aa3992ab 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -26,7 +26,7 @@ Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! **NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ -**then you can also add YouTube and Vimeo videos (ETC!) to your community's or +**then you can also add YouTube and Vimeo videos (ETC) to your community's or family's learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 4ed99abf6e55746b05ab484ee4883e52e608a9d9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 22 Dec 2023 17:27:42 -0500 Subject: [PATCH 1370/1758] calibre-web/README.rst: Grammar fix --- roles/calibre-web/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9aa3992ab..807eba1b8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -26,7 +26,7 @@ Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! **NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ -**then you can also add YouTube and Vimeo videos (ETC) to your community's or +**then you can also add YouTube and Vimeo videos (ETC) to your community or family's learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 1b4456377770ab0f9693a2787a1c52eb22841303 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 24 Dec 2023 09:05:30 -0500 Subject: [PATCH 1371/1758] calibre-web/tasks/install.yml: Disk footprints for /usr/local/calibre-web-py3 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 65d4ac69d..30e7bc288 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From 7b7e17491fa9bfa0216d83ecfc3bebeee827a6fc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 27 Dec 2023 07:47:36 -0500 Subject: [PATCH 1372/1758] transmission/README.rst: Clarify we compile 4.0.5+ --- roles/transmission/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 944f3883f..9907c63d8 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -22,7 +22,7 @@ For example, once KA Lite videos and thumbnails are confirmed downloaded, copy t 2023 Caution ------------ -In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.4+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. +In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.5+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in early 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). From 624827ea15abda5d35412519e3705c96a2170ffb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 30 Dec 2023 19:05:09 -0500 Subject: [PATCH 1373/1758] calibre-web/tasks/install.yml: Fix yt-dlp pipx path --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 30e7bc288..75474a33c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -74,7 +74,7 @@ else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy From a06ec8c88ef28d49ac638c6e62ee5cca26b11347 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 19:25:04 -0500 Subject: [PATCH 1374/1758] transmission/README.rst: Transmission 4.x Preview (Optional) --- roles/transmission/README.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 9907c63d8..727197b56 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -19,14 +19,14 @@ Transmission is intended to download content like KA Lite to Internet-in-a-Box ( For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO -2023 Caution ------------- +Transmission 4.x Preview (Optional) +----------------------------------- -In order to make the latest features available to you as of Q4 2023, Internet-in-a-Box compiles the very latest `Transmission 4.0.5+ <https://github.com/transmission/transmission/commits/main>`_ as you install it, which unfortunately can take most of an hour. +2023-12-31: To make the `latest Transmission features <https://github.com/transmission/transmission/commits/main>`_ available to you, Internet-in-a-Box can compile the very latest (above and beyond `Transmission 4.x+ official releases <https://github.com/transmission/transmission/releases>`_). Just note this can take most of an hour, and is not without risk! -Thankfully `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again install quickly, starting sometime soon in early 2024 (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_). +If you decide you want this, set ``transmission_compile_latest: True`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing Transmission, as explained below. -Finally, if instead you want to quickly install an older version of Transmission (e.g. version 3.0 from May 2020) then set ``transmission_compile_latest: False`` in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ prior to installing. +NOTE: Later in 2024, fast auto-installation of `Transmission 4.1+ <https://github.com/transmission/transmission/milestones>`_ should once again hopefully become mainline (`#5585 <https://github.com/transmission/transmission/discussions/5585>`_, `PR #5866 <https://github.com/transmission/transmission/pull/5866>`_) just as in recent years with Transmission 3.0 (originally from May, 2020). .. Transmission can consume significant Internet data and system resources. Caveat emptor! (That's Latin for "Buyer Beware") From 16d21c9d2d2cf7114c23d3a1ac34f1d37994cd3c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 19:29:24 -0500 Subject: [PATCH 1375/1758] Change default to 'transmission_compile_latest: False' --- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 96fd188d4..ab6c3211b 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -1,7 +1,7 @@ # Transmission is a BitTorrent downloader for large Content Packs etc # transmission_install: False # transmission_enabled: False -# transmission_compile_latest: True +# transmission_compile_latest: False # transmission_username: Admin # transmission_password: changeme diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bfdd2eee3..bbfee1525 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -544,7 +544,7 @@ sugarizer_port: 8089 # Transmission is a BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False -transmission_compile_latest: True +transmission_compile_latest: False transmission_username: Admin transmission_password: changeme diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index d5e014e61..9059d9ca0 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -321,7 +321,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 21ba95409..dcf291dd1 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -321,7 +321,7 @@ sugarizer_enabled: True # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 2df6b1655..88c2c2a89 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -321,7 +321,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 07367888e..5b82be988 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -321,7 +321,7 @@ sugarizer_enabled: False # BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False -transmission_compile_latest: True +transmission_compile_latest: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: From ff3b23376b13c41eb4529a237415f183f6a30785 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 20:23:44 -0500 Subject: [PATCH 1376/1758] Desupport Bullseye (Debian 11, RasPiOS 11) & Ubuntu 23.04 --- scripts/local_facts.fact | 10 +++++----- vars/{debian-11.yml => debian-11.yml.unused} | 0 vars/default_vars.yml | 12 ++++++------ vars/{raspbian-11.yml => raspbian-11.yml.unused} | 0 vars/{ubuntu-2304.yml => ubuntu-2304.yml.unused} | 0 5 files changed, 11 insertions(+), 11 deletions(-) rename vars/{debian-11.yml => debian-11.yml.unused} (100%) rename vars/{raspbian-11.yml => raspbian-11.yml.unused} (100%) rename vars/{ubuntu-2304.yml => ubuntu-2304.yml.unused} (100%) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index aab8e81a2..24a3f044e 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -63,6 +63,7 @@ OS_VER="$OS-$VERSION_ID" #"debian-8" | \ #"debian-9" | \ #"debian-10" | \ + #"debian-11" | \ #"ubuntu-16" | \ #"ubuntu-17" | \ #"ubuntu-18" | \ @@ -71,24 +72,23 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2104" | \ #"ubuntu-2110" | \ #"ubuntu-2210" | \ + #"ubuntu-2304" | \ #"linuxmint-20" | \ #"raspbian-8" | \ #"raspbian-9" | \ #"raspbian-10" | \ + #"raspbian-11" | \ -# 2021-09-27: With Debian 12 (Bookworm) pre-releases, please manually add -# this line to its /etc/os-release before installing IIAB: VERSION_ID="12" +# 2023-12-31: With Debian 13 (Trixie) pre-releases, please manually add +# this line to its /etc/os-release before installing IIAB: VERSION_ID="13" case $OS_VER in - "debian-11" | \ "debian-12" | \ "debian-13" | \ "ubuntu-2204" | \ - "ubuntu-2304" | \ "ubuntu-2310" | \ "ubuntu-2404" | \ "linuxmint-21" | \ - "raspbian-11" | \ "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install diff --git a/vars/debian-11.yml b/vars/debian-11.yml.unused similarity index 100% rename from vars/debian-11.yml rename to vars/debian-11.yml.unused diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bbfee1525..3654e2eee 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -777,12 +777,12 @@ is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS is_ubuntu: False # Covers: Ubuntu, Linux Mint is_ubuntu_2404: False is_ubuntu_2310: False -is_ubuntu_2304: False -is_ubuntu_2210: False +#is_ubuntu_2304: False +#is_ubuntu_2210: False is_ubuntu_2204: False #is_ubuntu_2110: False #is_ubuntu_2104: False -is_ubuntu_2004: False +#is_ubuntu_2004: False #is_ubuntu_19: False #is_ubuntu_18: False #is_ubuntu_17: False @@ -790,19 +790,19 @@ is_ubuntu_2004: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_21: False -is_linuxmint_20: False +#is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) is_debian_13: False is_debian_12: False -is_debian_11: False +#is_debian_11: False #is_debian_10: False #is_debian_9: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) is_raspbian_12: False -is_raspbian_11: False +#is_raspbian_11: False #is_raspbian_10: False #is_raspbian_9: False #is_raspbian_8: False diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml.unused similarity index 100% rename from vars/raspbian-11.yml rename to vars/raspbian-11.yml.unused diff --git a/vars/ubuntu-2304.yml b/vars/ubuntu-2304.yml.unused similarity index 100% rename from vars/ubuntu-2304.yml rename to vars/ubuntu-2304.yml.unused From 3dd3d868ad94bd063caccb26dbb26398cb774c9a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 21:00:11 -0500 Subject: [PATCH 1377/1758] kalite/tasks/install.yml: Tough aging vars is_debian_11, is_ubuntu_2204 --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 7df40364d..bcf667d43 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -22,7 +22,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_debian_11 or is_ubuntu_2204 # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: (is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204) # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. @@ -37,7 +37,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: not ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 From 0b53b959211c47faff96aa4e35698aa4755d5ebf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 21:19:22 -0500 Subject: [PATCH 1378/1758] matomo/tasks/install.yml: "Download and Extract (~3 min)" --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 1df6c32b4..7de697f49 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -67,7 +67,7 @@ priv: "{{ matomo_db_name }}.*:ALL" #login_unix_socket: /var/run/mysqld/mysqld.sock -- name: Download and Extract Matomo (~1 min) +- name: Download and Extract Matomo (~3 min) unarchive: src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz dest: "{{ matomo_path }}" # e.g. /library/www From fcb17974136eada8f4843d6d031e2ccdb844a330 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 21:39:27 -0500 Subject: [PATCH 1379/1758] LICENSING.md: Update date --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index 53bc9d1ef..33776a06e 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2022, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2024, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From aba3cde8e46dc605f5f73834e3f1205f939bc586 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 22:56:48 -0500 Subject: [PATCH 1380/1758] default_vars.yml: Launch 8.2 release cycle --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3654e2eee..ff422e820 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.1 +iiab_base_ver: 8.2 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From ebf35d9680a633f4ddc39962b4aedef12e5859ad Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 23:37:51 -0500 Subject: [PATCH 1381/1758] Calibre-Web w/ experimental support for video/audio/images --- roles/calibre-web/README.rst | 6 +++--- roles/calibre-web/defaults/main.yml | 2 +- roles/calibre-web/tasks/install.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 807eba1b8..a31e0b5ff 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,9 +25,9 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! -**NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ -**then you can also add YouTube and Vimeo videos (ETC) to your community or -family's learning library!** +**NEW AS OF JANUARY 2024: `IIAB's experimental new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ +**also lets you add YouTube and Vimeo videos (and local videos, e.g. from +teachers' phones) for indigenous/local/family learning libraries!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index d4b2765a4..3e99725a9 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -14,7 +14,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -calibreweb_repo_url: https://github.com/janeczku/calibre-web +calibreweb_repo_url: https://github.com/iiab/calibre-web # Or use upstream: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 calibreweb_venv_wipe: False # 2023-12-04: NEW default TDD (Test-Driven Dev!) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 75474a33c..51968b469 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -58,7 +58,7 @@ - name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: - repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web + repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing From 7887e4f8cb9ceb575b4ef16bc7698f8dd4224e42 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 31 Dec 2023 23:57:58 -0500 Subject: [PATCH 1382/1758] Touch up calibre-web/README.rst --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index a31e0b5ff..42162c818 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,9 +25,9 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! -**NEW AS OF JANUARY 2024: `IIAB's experimental new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ +**NEW AS OF JANUARY 2024:** `IIAB's experimental new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_ **also lets you add YouTube and Vimeo videos (and local videos, e.g. from -teachers' phones) for indigenous/local/family learning libraries!** +teachers' phones) to expand your indigenous/local/family learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 71220324f3b1e1947b82bac00e67f2dd6d2f2efa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 1 Jan 2024 13:09:15 -0500 Subject: [PATCH 1383/1758] default_vars.yml: Install/enable Calibre-Web --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ff422e820..a2d202156 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -654,8 +654,8 @@ minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }} minetest_flat_world: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) From 0cbbd09db8bd2d80e5f54621fa6d432982cc56aa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 1 Jan 2024 13:09:56 -0500 Subject: [PATCH 1384/1758] local_vars_small.yml: Install/enable Calibre-Web --- vars/local_vars_small.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 88c2c2a89..c55fb4cc7 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -393,8 +393,8 @@ minetest_install: False minetest_enabled: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) From 40c2c71f521d431d395a84cfe2ada2abaf45a2c2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Jan 2024 23:23:15 -0500 Subject: [PATCH 1385/1758] calibre-web/tasks/install.yml: lb-wrapper.greedy gone! --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 51968b469..6a960b1b0 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -76,8 +76,8 @@ ln -sf /root/.local/bin/lb /usr/local/bin/lb ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi - cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ - chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ + chmod a+x /usr/local/bin/lb-wrapper fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From cc9d791f6caa2c6b65e35ff6673035c1acb41fd0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Jan 2024 23:30:05 -0500 Subject: [PATCH 1386/1758] calibre-web/tasks/install.yml: Link to wiki explanation --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 6a960b1b0..4a68ae34f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,7 +65,7 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs (CAN TAKE 3+ MINUTES, WIP) +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y From 9570f8d117139d42d9cf40be2ac3240909c0bb97 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Jan 2024 23:38:21 -0500 Subject: [PATCH 1387/1758] calibre-web/tasks/install.yml: Clarify wiki for PR #3696 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 4a68ae34f..5f055d3e7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,7 +65,7 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- https://github.com/iiab/calibre-web/wiki +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y From 1c432530620d35df300ea41e76017b67292dee79 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jan 2024 14:20:40 -0500 Subject: [PATCH 1388/1758] iiab-diagnostics: Show Calibre-Web "version" i.e. ~50 recent commits --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index adbaa73ea..dc758a42a 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -228,6 +228,7 @@ cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' +cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From fea5f9ccba3a79f00a8e2035fbfa877ac5fec77a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jan 2024 14:31:32 -0500 Subject: [PATCH 1389/1758] iiab-diagnostics: Add 3 more "log files" for Calibre-Web --- scripts/iiab-diagnostics | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index dc758a42a..d499f541a 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,9 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'journalctl -u calibre-web | tail -50' 'Calibre-Web systemd log' +cat_tail /var/log/calibre-web.log 100 +cat_tail /var/log/xklb.log 100 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From bed26162cf2b2531ad7c19616cd79fd4329dff42 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jan 2024 14:37:00 -0500 Subject: [PATCH 1390/1758] iiab-diagnostics: Also include 'systemctl status calibre-web' --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d499f541a..f1a9881f1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,7 +229,8 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' -cat_cmd 'journalctl -u calibre-web | tail -50' 'Calibre-Web systemd log' +cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' +cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 cat_tail /var/log/xklb.log 100 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' From d932684a115671147408e0f1f6bf4c9f54f2d382 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jan 2024 18:12:15 -0500 Subject: [PATCH 1391/1758] iiab-diagnostics.README.md: Fix line number for PR #3697 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 7216e8feb..e2b0aef85 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-254 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 5a443993000371a9dea05479cfd91689f7f69c81 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 Jan 2024 12:23:57 -0500 Subject: [PATCH 1392/1758] Update pbx/README.adoc w/ latest FreePBX 17 BETA tips / warning --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a69906f01..d4f831847 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,9 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of December 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) &mdash; sadly this remains true in December 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 4ae5991cb3c36398c655469a2f4730b86d739193 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 13 Jan 2024 12:36:02 -0500 Subject: [PATCH 1393/1758] pbx/README.adoc: WARN re: PHP 7 danger & unsupported/old OS's --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index d4f831847..41d57eb96 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 524709f31a37574917c0c7f1139237e8b84238b9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 14 Jan 2024 23:55:38 -0500 Subject: [PATCH 1394/1758] iiab-diagnostics: 300 last lines of xklb.log for now --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f1a9881f1..2c11b25d2 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -232,7 +232,7 @@ cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | h cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 -cat_tail /var/log/xklb.log 100 +cat_tail /var/log/xklb.log 300 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From 595de4e7f235ecd1f2b22aa94d33e986b5c4077f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 18 Jan 2024 22:35:58 -0500 Subject: [PATCH 1395/1758] Update (almost 10!) Calibre-Web app.db defaults --- roles/calibre-web/files/app.db | Bin 126976 -> 126976 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/roles/calibre-web/files/app.db b/roles/calibre-web/files/app.db index 01c0f038338a22ada9d7caaceb4b65880e84d183..3183544da1e04b9e5cb998dcbc2ea954dbfc8e9e 100644 GIT binary patch delta 659 zcmZ{g!Hd&S5QpC+scqc0uSHPA6>G)ILc+_-%WGZ{c7rF+)#IW`HeriN8*GsUS-L?y zc(a1`DtqwaDeED4T2CH5>|N=9V7<F&svy$Exz0DgZ)OhW<%4<o#TD3|uHP<gBmL1~ zw)19Kk#HN~DQ;)!MLdZm72Uh3s*Y3fT}D{QgvLE9)R-%{W>ev7lpCQRm|hq%em5A6 zTfN;N3R{#C$~0nVhG-GmHF%d8x?m>ntadtGX6u{^L1_$2UFElqo5Z?r`JTosv+#Ld zpb28z8ez=mgn7cU{C|ALiqGmYu5&><wz<+Nd|WS*OvVqB<Y=KZstQgJ{(?W?S2)Si z2Y7NrIfnqiktONubg^x*n;>m@38@8imMILvFqqkv3PuH|be5r(P6@Y#aUGV7>XiP* zH2?gp)1|by!R`?2D1lZE1WH6HqgpvjPpi_i$FuV>TmvcJh@k;8e3kQC1NaP5eUYUR z&i5wpoUGw}B-L|N&v7qH-_>b)8Jg(Qrj*{PHRTJnqM8+FC+-hM<G_u^yZw<j96sC% z_S`s$0^J|Rv)9MqRpjqK-6(ppKkFUChJp}!I!z}p7fP;tgj2kRe;^5;Ap8xVyobgo ctgp+P>VG4v@>LiNw}RO1M^cfcyq!bi7cVWOMF0Q* delta 195 zcmZp8z~1nHeS$Qj$3z)tRu2Zfq6HgM7UXYcY50@BXoA3|4=e&e_Fw(&j0TLX1}q#5 zyc`=F|M4)jmQLr)Wt3-R+^(6+D8R_X#IW5akMSJi#>PDU?G^Qmod(<t3=B;C!3_Mh z{J|R=-T9{n?`PDKY-C^*WDw_NYV_n4WESQH0znSPl-$g`=`Z&&CUG!){GXVUQ(e35 s03)LS#Dw<@{D1i0Z)OyD%rD5pEX$ae?~t0Cn3==G%*@NV>;a<y0QB`Zr2qf` From 2ed820777d3d06d6ae5c5da971bc08f9b5a9f03a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 Jan 2024 13:45:17 -0500 Subject: [PATCH 1396/1758] iiab-diagnostics: Pipe everything thru 'cat -v' so control chars visible --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 2c11b25d2..4a56837e5 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -49,11 +49,11 @@ function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail elif [ $# -eq 1 ]; then echo >> $outfile # Redact (mask) most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/*, /etc/NetworkManager/system-connections/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') - cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' "$1" | iconv -t UTF-8//IGNORE | cat -v >> $outfile else # e.g. last 100 lines, maximum echo " ...ITS LAST $2 LINES FOLLOW..." >> $outfile echo >> $outfile - tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE | cat -v >> $outfile fi echo >> $outfile elif [ -h "$1" ]; then From bd340aa6735af1054c6e3b47b4288a19508e29a7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 20 Jan 2024 14:53:24 -0500 Subject: [PATCH 1397/1758] iiab-diagnostics: sudo git log for Calibre-Web version --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 4a56837e5..0b979fcd3 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -228,7 +228,7 @@ cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' -cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorate | head -50' 'Calibre-Web version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 From 961acf9454c77165d19303819528c96494ab1364 Mon Sep 17 00:00:00 2001 From: tim-moody <tim@timmoody.com> Date: Sun, 21 Jan 2024 10:46:33 -0500 Subject: [PATCH 1398/1758] another auto install of a pet project --- vars/local_vars_none.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 871068689..6b3876fe8 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -11,3 +11,5 @@ awstats_enabled: False matomo_install: False matomo_enabled: False captiveportal_install: False +calibreweb_install: False +calibreweb_enabled: False From 6776c1d4a56da74766fdebf6332e1f9173a421d3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 29 Jan 2024 15:57:24 -0500 Subject: [PATCH 1399/1758] Recommend ansible-core 2.16.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0a268c480..3ef87dddd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.2] -GOOD_VER=2.16.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.3] +GOOD_VER=2.16.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From a852541ad4400322b7a984957347013a1033fa6e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 9 Feb 2024 08:48:23 -0500 Subject: [PATCH 1400/1758] 1-prep/tasks/hardware.yml: Comment out "NUC6" WiFi driver --- roles/1-prep/tasks/hardware.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 89efd2453..52ef34a97 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -7,17 +7,18 @@ when: first_run and rpi_model != "none" -- name: Check if the identifier for Intel's NUC6 built-in WiFi is present - shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" - register: usb_NUC6 - ignore_errors: True - -- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 - get_url: - url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages - dest: /lib/firmware - timeout: "{{ download_timeout }}" - when: usb_NUC6.stdout|int > 0 +# 2024-02-09: Code below appears stale for Shanti's #3707 hardware +#- name: Check if the identifier for Intel's NUC6 built-in WiFi is present +# shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" +# register: usb_NUC6 +# ignore_errors: True +# +#- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 +# get_url: +# url: "{{ iiab_download_url }}/Old/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages +# dest: /lib/firmware +# timeout: "{{ download_timeout }}" +# when: usb_NUC6.stdout|int > 0 - name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5" From 3455b6b848a951c82aee4b072c197aa437424db1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 20 Feb 2024 16:48:30 -0500 Subject: [PATCH 1401/1758] kolibri/tasks/main.yml: New pre-release option (kolibri-deb-next) --- roles/kolibri/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index d1529fb60..9d0f786af 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,8 +26,10 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2022-07-30: UNCOMMENT THE FOLLOWING LINE TO TEST A PARTICULAR .deb INSTALL +# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +# 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 +# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next # 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release: # https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb # From efc9705b1ab10ab217cb6eebbbd36cb4cc2cfb13 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 16:19:27 -0500 Subject: [PATCH 1402/1758] 2 ugly hacks for FreePBX 17: ignore 'install -n' error code & bypass 'fwconsole reload' --- roles/pbx/tasks/freepbx.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 8ca2cd83f..6564a26fe 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -256,15 +256,17 @@ args: chdir: "{{ freepbx_src_dir }}" #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx + ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 of 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 - name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!) command: fwconsole ma downloadinstall framework -# ERROR IF RUN BELOW: "Unable to connect to remote asterisk" -- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 - command: fwconsole reload +# 2024-02-25: UGLY / TEMPORARY WORKAROUND #2 OF 2, to bypass... 'In DialplanHooks.class.php line 163: Undefined array key "DialplanHooks"' -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 +## ERROR IF RUN BELOW: "Unable to connect to remote asterisk" +#- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +# command: fwconsole reload # DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 # YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 From 7c24fcc69536d3c475750b2f7421c5740903cb39 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 16:21:20 -0500 Subject: [PATCH 1403/1758] freepbx.yml: Consistent uppercase, documenting 2 hack/workarounds --- roles/pbx/tasks/freepbx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 6564a26fe..d472e9610 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -256,7 +256,7 @@ args: chdir: "{{ freepbx_src_dir }}" #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx - ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 of 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 + ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 OF 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 From 98d51224040af179f372f28f12e3b08b031eaf07 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 17:23:31 -0500 Subject: [PATCH 1404/1758] 18+1 FreePBX modules appear unchanged since May 2022 --- roles/pbx/tasks/freepbx.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index d472e9610..1bba7773c 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -270,7 +270,8 @@ # DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 # YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 -- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! +# NOTHING CHANGED (?) FEB 2024: https://github.com/iiab/iiab/pull/3675#issuecomment-1963081323 +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-17.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail From 65d6f9255e1acc0f8d2b2d95bb7d44f4d5bc6c1b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 17:26:27 -0500 Subject: [PATCH 1405/1758] WARNING: FreePBX 17.0 branch is still in flux! --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f7173c2b3..f0cb38124 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -32,7 +32,7 @@ asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # STILL IN FLUX AS OF FEB 2024: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From b5f3f44e96d3a6bc79df95b4f69534ef5c9584f8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 18:03:58 -0500 Subject: [PATCH 1406/1758] pbx/README.adoc: Require PHP 8.x (desupport EOL'd PHP 7.4!) --- roles/pbx/README.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 41d57eb96..7c040d3f3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,11 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required. +//// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* +//// //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From e6bf0ef177214b42f4674a29e828a34121505a28 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 18:05:49 -0500 Subject: [PATCH 1407/1758] pbx/README.adoc: Link to PR #3675 (Asterisk 21 & FreePBX 17) --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7c040d3f3..d99f0df82 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required. +As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* From 7991d486143da462e38eb09109ebbb657ae7a5d4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:10:47 -0500 Subject: [PATCH 1408/1758] default_vars.yml: Update PBX tips --- vars/default_vars.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a2d202156..912a83de3 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -684,7 +684,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 731829f199a6f4455c8975b2f433f755a223257f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:11:25 -0500 Subject: [PATCH 1409/1758] local_vars_unittest.yml: Update PBX tips --- vars/local_vars_unittest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 5b82be988..19c47ca74 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 586364bd8921629789f4c95a4c16804deb90053b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:12:04 -0500 Subject: [PATCH 1410/1758] local_vars_small.yml: Update PBX tips --- vars/local_vars_small.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index c55fb4cc7..a366e2863 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 5320b4e89164288963cb838747d1a9ee12920ff8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:12:43 -0500 Subject: [PATCH 1411/1758] local_vars_medium.yml: Update PBX tips --- vars/local_vars_medium.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index dcf291dd1..aa142dcc9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From ddfc2b003a998a4766979aff0d62d08ef139ddad Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 25 Feb 2024 20:13:27 -0500 Subject: [PATCH 1412/1758] local_vars_large.yml: Update PBX tips --- vars/local_vars_large.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 9059d9ca0..3903530ed 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 7a6ca9673879022cb962a8b949a5fbc88537c8e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 26 Feb 2024 09:36:24 -0500 Subject: [PATCH 1413/1758] runrole: Clarify/correct local_vars.yml warning --- runrole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runrole b/runrole index ad1387e2c..4e8657208 100755 --- a/runrole +++ b/runrole @@ -39,7 +39,7 @@ fi mkdir -p /etc/iiab # -p avoids errors, effectively like '|| true' if [ ! -f /etc/iiab/local_vars.yml ]; then - echo -e "\n\e[1mEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 + echo -e "\n\e[1mEXITING: /opt/iiab/iiab/runrole REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 From c3e7b4c10402a73d3cebfc35166e24e2975421e0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:53:58 -0500 Subject: [PATCH 1414/1758] Recommend ansible-core 2.16.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 3ef87dddd..898d57599 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.3] -GOOD_VER=2.16.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.4] +GOOD_VER=2.16.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 918758fbe9292ab50e1e966e0cff8752f72a14df Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 00:52:48 -0600 Subject: [PATCH 1415/1758] U2404 python2 --- scripts/U2404_python2.sh | 45 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 scripts/U2404_python2.sh diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh new file mode 100644 index 000000000..7721ccf01 --- /dev/null +++ b/scripts/U2404_python2.sh @@ -0,0 +1,45 @@ +!/bin/bash +export DEBIAN_FRONTEND=noninteractive + +cat << EOF > /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe +EOF + +apt update + +apt -y --allow-downgrades install python3.11=3.11.0~rc1-1~22.04 python3.11-minimal=3.11.0~rc1-1~22.04 libpython3.11-stdlib=3.11.0~rc1-1~22.04 libpython3.11-minimal=3.11.0~rc1-1~22.04 +apt-mark hold python3.11 python3.11-minimal libpython3.11-stdlib libpython3.11-minimal + +apt -y --allow-downgrades install python3-platformdirs=2.5.1-1 +apt-mark hold python3-platformdirs + +apt -y install python2 +apt -y install python2-pip-whl python2-setuptools-whl + +apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 +apt-mark hold python3-pip-whl + +apt -y --allow-downgrades install python3-virtualenv=20.13.0+ds-2 +apt-mark hold python3-virtualenv + +apt -y --allow-downgrades install virtualenv=20.13.0+ds-2 +apt-mark hold virtualenv + +virtualenv --always-copy --pip 20.3.4 --setuptools 44.1.1 --no-wheel -p python2.7 /usr/local/kalite/venv + +cd /usr/local/kalite/venv +source bin/activate +bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir +deactivate + +apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` +apt-mark unhold `apt-mark showhold` + +rm /etc/apt/sources.list.d/python2.list + +apt -y remove libmpdec3 python3-pip python3-wheel + +apt update +apt -y upgrade + From 3ae591a035a3877c7742c87e3de4a00a10d9fc8d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 00:55:09 -0600 Subject: [PATCH 1416/1758] U2404 python2 --- roles/kalite/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index bcf667d43..e2f44897b 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -48,6 +48,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" + when: ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) @@ -60,6 +61,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) + +- name: Use scripts/U2404_python2.sh to install python2 and virtualenv + command: "{{ iiab_dir }}/scripts/U2404_python2.sh" + when: (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: From 5fc495259539049c52bf61f41c0407200852ba22 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 01:28:11 -0600 Subject: [PATCH 1417/1758] U2404 python2 role --- scripts/U2404_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index 7721ccf01..9c6f6e4b1 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -1,4 +1,4 @@ -!/bin/bash +#!/bin/bash export DEBIAN_FRONTEND=noninteractive cat << EOF > /etc/apt/sources.list.d/python2.list From a737c8c05aad5eda76012a2ae422c732377315f3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 01:41:57 -0600 Subject: [PATCH 1418/1758] leave python2 packages --- scripts/U2404_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index 9c6f6e4b1..e9559cb85 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -33,7 +33,7 @@ source bin/activate bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate -apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` +#apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` apt-mark unhold `apt-mark showhold` rm /etc/apt/sources.list.d/python2.list From 66eb9862ee678d57fffcc69d21a02b6930396c84 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 4 Mar 2024 01:46:43 -0600 Subject: [PATCH 1419/1758] exec bit not set in git --- roles/kalite/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index e2f44897b..c3a48ccb0 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -64,7 +64,7 @@ when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: Use scripts/U2404_python2.sh to install python2 and virtualenv - command: "{{ iiab_dir }}/scripts/U2404_python2.sh" + command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" when: (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" From f871683c2db3c1718d53bcc1b13fbc99e954bc41 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 5 Mar 2024 05:02:18 -0600 Subject: [PATCH 1420/1758] conditionals --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index c3a48ccb0..0954d0925 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -48,7 +48,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) @@ -65,7 +65,7 @@ - name: Use scripts/U2404_python2.sh to install python2 and virtualenv command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" - when: (is_ubuntu_2404 is defined and is_ubuntu_2404) + when: is_ubuntu_2404 is defined and is_ubuntu_2404 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: From 6819123fed4eec333613b999eb15c5ea70e33e46 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 5 Mar 2024 21:06:59 -0600 Subject: [PATCH 1421/1758] no compilers --- scripts/U2404_python2.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index e9559cb85..ea26a3640 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -20,6 +20,9 @@ apt -y install python2-pip-whl python2-setuptools-whl apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 apt-mark hold python3-pip-whl +apt -y --no-install-recommends install python3-pip=22.0.2+dfsg-1 +apt-mark hold python3-pip + apt -y --allow-downgrades install python3-virtualenv=20.13.0+ds-2 apt-mark hold python3-virtualenv From 73e94abe3f93240c1f1c5a8847ba71a2f7c4fd9b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 6 Mar 2024 13:26:47 -0500 Subject: [PATCH 1422/1758] Touch-ups for: scripts/install_python2_kalite-venv_u2404.sh --- roles/kalite/tasks/install.yml | 4 ++-- ...{U2404_python2.sh => install_python2_kalite-venv_u2404.sh} | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) rename scripts/{U2404_python2.sh => install_python2_kalite-venv_u2404.sh} (95%) mode change 100644 => 100755 diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 0954d0925..51350ec10 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -63,8 +63,8 @@ extra_args: "--no-cache-dir" when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) -- name: Use scripts/U2404_python2.sh to install python2 and virtualenv - command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" +- name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 + command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" when: is_ubuntu_2404 is defined and is_ubuntu_2404 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" diff --git a/scripts/U2404_python2.sh b/scripts/install_python2_kalite-venv_u2404.sh old mode 100644 new mode 100755 similarity index 95% rename from scripts/U2404_python2.sh rename to scripts/install_python2_kalite-venv_u2404.sh index ea26a3640..0841704df --- a/scripts/U2404_python2.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -33,7 +33,7 @@ virtualenv --always-copy --pip 20.3.4 --setuptools 44.1.1 --no-wheel -p python2. cd /usr/local/kalite/venv source bin/activate -bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir +bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate #apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` @@ -45,4 +45,3 @@ apt -y remove libmpdec3 python3-pip python3-wheel apt update apt -y upgrade - From f8fe9f0af9833d89fcf871634f716609b1e59aaa Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 6 Mar 2024 19:57:05 -0500 Subject: [PATCH 1423/1758] Refine scripts/install_python2_kalite-venv_u2404.sh --- scripts/install_python2_kalite-venv_u2404.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2_kalite-venv_u2404.sh b/scripts/install_python2_kalite-venv_u2404.sh index 0841704df..1371b4b05 100755 --- a/scripts/install_python2_kalite-venv_u2404.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -14,8 +14,7 @@ apt-mark hold python3.11 python3.11-minimal libpython3.11-stdlib libpython3.11-m apt -y --allow-downgrades install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs -apt -y install python2 -apt -y install python2-pip-whl python2-setuptools-whl +apt -y install python2 python2-pip-whl python2-setuptools-whl apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 apt-mark hold python3-pip-whl @@ -37,11 +36,11 @@ bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate #apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` -apt-mark unhold `apt-mark showhold` +apt-mark unhold $(apt-mark showhold) || true rm /etc/apt/sources.list.d/python2.list apt -y remove libmpdec3 python3-pip python3-wheel apt update -apt -y upgrade +apt -y upgrade # Why 'apt upgrade' here? From f67660d30b58760352d5cfba5312b039e075547b Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 7 Mar 2024 00:44:42 -0500 Subject: [PATCH 1424/1758] Tighten kalite/tasks/install.yml; Introduce is_linuxmint_22 --- roles/kalite/tasks/install.yml | 15 +++++---------- scripts/local_facts.fact | 1 + vars/debian-12.yml | 15 --------------- vars/default_vars.yml | 1 + vars/linuxmint-22.yml | 7 +++++++ vars/raspbian-12.yml | 15 --------------- 6 files changed, 14 insertions(+), 40 deletions(-) create mode 100644 vars/linuxmint-22.yml diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 51350ec10..0ebf1b38b 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -22,9 +22,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: (is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204) # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... - #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. + when: is_ubuntu_2204 is defined and is_ubuntu_2204 # Also covers is_linuxmint_21 #- name: Install Ubuntu keyrings on Debian # get_url: @@ -37,8 +35,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... - #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 + when: not (is_ubuntu_2204 is defined and is_ubuntu_2204) and not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_21 and is_linuxmint_22 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: @@ -48,9 +45,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) - # long form of (is_debian_11+ or is_ubuntu_20+) + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 - name: Use pip to install ka-lite-static to {{ kalite_venv }} pip: @@ -61,11 +56,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 - name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" - when: is_ubuntu_2404 is defined and is_ubuntu_2404 + when: is_ubuntu_2404 is defined and is_ubuntu_2404 # Also covers is_linuxmint_22 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 24a3f044e..b1e53b885 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -89,6 +89,7 @@ case $OS_VER in "ubuntu-2310" | \ "ubuntu-2404" | \ "linuxmint-21" | \ + "linuxmint-22" | \ "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 3b51e4478..d06a61285 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -3,18 +3,3 @@ is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_12: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: openssh-server -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 912a83de3..55af7c382 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -788,6 +788,7 @@ is_ubuntu_2204: False #is_ubuntu_16: False is_linuxmint: False # Subset of is_ubuntu +is_linuxmint_22: False is_linuxmint_21: False #is_linuxmint_20: False diff --git a/vars/linuxmint-22.yml b/vars/linuxmint-22.yml new file mode 100644 index 000000000..53af5a21c --- /dev/null +++ b/vars/linuxmint-22.yml @@ -0,0 +1,7 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2404: True +is_linuxmint: True +is_linuxmint_22: True diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml index 9fa4b1e75..53858b6af 100644 --- a/vars/raspbian-12.yml +++ b/vars/raspbian-12.yml @@ -5,18 +5,3 @@ is_debian: True # Opposite of is_ubuntu for now is_debian_12: True is_raspbian: True is_raspbian_12: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: ssh -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" From a98d02248e7efa52ad64f7e6f7a98529e22ba4d6 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 7 Mar 2024 02:03:29 -0500 Subject: [PATCH 1425/1758] kalite/tasks/install.yml: Cleaner OS conditions --- roles/kalite/tasks/install.yml | 48 +++++++--------------------------- 1 file changed, 10 insertions(+), 38 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 0ebf1b38b..d2c2da478 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -15,29 +15,20 @@ # ignore_errors: yes # when: is_raspbian -- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2)' +- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2) -- if Ubuntu 22.04 / Mint 21' package: name: - python2 - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_ubuntu_2204 is defined and is_ubuntu_2204 # Also covers is_linuxmint_21 + when: is_ubuntu_2204 # Also covers is_linuxmint_21 -#- name: Install Ubuntu keyrings on Debian -# get_url: -# url: -# dest: /etc/apt/keyrings/ -# mode: 0644 -# timeout: "{{ download_timeout }}" -# when: is_debian_12 - -# use key retrieval from mongodb -- name: Use scripts/install_python2.sh to install python2 and virtualenv +- name: Run scripts/install_python2.sh to install python2 and virtualenv -- if Debian 12 or RasPiOS 12 command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_ubuntu_2204 is defined and is_ubuntu_2204) and not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_21 and is_linuxmint_22 + when: is_debian_12 # Also covers is_raspbian_12 -- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12 pip: name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv @@ -45,9 +36,9 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 + when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 -- name: Use pip to install ka-lite-static to {{ kalite_venv }} +- name: Use pip to install ka-lite-static to {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12 pip: name: ka-lite-static version: "{{ kalite_version }}" @@ -56,11 +47,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 + when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 -- name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 +- name: Run scripts/install_python2_kalite-venv_u2404.sh -- if Ubuntu 24.04+ or Mint 22 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" - when: is_ubuntu_2404 is defined and is_ubuntu_2404 # Also covers is_linuxmint_22 + when: is_ubuntu and not is_linuxmint and os_ver is version('ubuntu-2404', '>=') or is_linuxmint_22 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: @@ -71,30 +62,11 @@ - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755' } - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644' } -# Useless stanza, for 2 reasons: (1) http://box/kalite was never made to work -# (2) /etc/apache2/sites-available does not exist on many IIAB's w/o Apache -# - name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)" -# template: -# src: kalite.conf -# dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu -# when: apache_installed is defined - - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 replace: path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' replace: 'a-zA-Z0-9\-' - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? - -# - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 -# replace: -# path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" -# regexp: 'a-zA-Z0-9' -# replace: 'a-zA-Z0-9\-' -# when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 -# # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Create dir {{ kalite_root }} file: From 1070a3e7299ac1ce70c2488a460751301786e021 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 7 Mar 2024 03:09:21 -0500 Subject: [PATCH 1426/1758] install_python2_kalite-venv_u2404.sh: 'apt install python3-venv' (again) --- scripts/install_python2_kalite-venv_u2404.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/install_python2_kalite-venv_u2404.sh b/scripts/install_python2_kalite-venv_u2404.sh index 1371b4b05..cc40edcc2 100755 --- a/scripts/install_python2_kalite-venv_u2404.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -44,3 +44,8 @@ apt -y remove libmpdec3 python3-pip python3-wheel apt update apt -y upgrade # Why 'apt upgrade' here? + +# python3-venv is needed for other venv's like roles/jupyterhub, e.g. #3716. +# So we restore python3-venv originally installed by scripts/ansible -- this +# is nec b/c python3-pip-whl downgrade to 22.0.2 (line ~19 above) removes it: +apt -y install python3-venv From 4fb55f87c6570c302adb513830748eb54dcd389b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 7 Mar 2024 04:04:05 -0500 Subject: [PATCH 1427/1758] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.14 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 7b8738c4d..c0dbdd854 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.14 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From b5e60c9875e3d6c7c031dac2a362bdd496d274ca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Mar 2024 13:24:08 -0400 Subject: [PATCH 1428/1758] Interim stub to force Kolibri 0.16.0 for now, awaiting upstream #11892 --- roles/kolibri/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 9d0f786af..844d0b4ae 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,9 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL +# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting #11892 below... +kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb +# 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next From ea47f27b9dd01827051c62fb7dac57b75a5ded3d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 17 Mar 2024 13:31:28 -0400 Subject: [PATCH 1429/1758] kolibri/defaults/main.yml: Clarify 0.16.0 install hack/stub --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 844d0b4ae..fbb5b8409 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,7 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting #11892 below... +# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting upstream redirects etc, e.g. #11892 below... kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb # 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest From 9ce709e6e3b2d00431f4fbe35d93ed8e4ae24aad Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 25 Mar 2024 15:47:52 -0400 Subject: [PATCH 1430/1758] Recommend ansible-core 2.16.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 898d57599..76af1ae59 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.4] -GOOD_VER=2.16.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.5] +GOOD_VER=2.16.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 133cc0682b1150dc536b8a062a8901c78272fc1a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 25 Mar 2024 15:49:14 -0400 Subject: [PATCH 1431/1758] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.15 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index c0dbdd854..dfca60227 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.14 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.15 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 837b4ccaff4282542b4b31f75a8e2e2a65e0a5a8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 28 Mar 2024 19:07:51 -0400 Subject: [PATCH 1432/1758] MediaWiki 1.41.1 (security and maintenance release) --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 77a233ac1..077d1a967 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 812b549d3348a3d2b221197e61a4a99e87a60626 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 8 Apr 2024 11:48:53 -0400 Subject: [PATCH 1433/1758] Restore apt install of Kolibri 0.16.1+, thx to upstream changes --- roles/kolibri/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index fbb5b8409..02086f33a 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,9 +26,9 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting upstream redirects etc, e.g. #11892 below... -kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb -# 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL +# 2024-04-08: Kolibri 0.16.1 restores install via apt +# https://github.com/learningequality/kolibri/issues/11892#issuecomment-2043073998 +# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next From 824469e2805b02f0bfee4230deaf35eb6e83f762 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 8 Apr 2024 11:54:59 -0400 Subject: [PATCH 1434/1758] kolibri/defaults/main.yml: Clarify apt for Kolibri 0.16.1+ --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 02086f33a..80eb0c352 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,7 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-04-08: Kolibri 0.16.1 restores install via apt +# 2024-04-08: Kolibri 0.16.1+ restores install via apt # https://github.com/learningequality/kolibri/issues/11892#issuecomment-2043073998 # 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest From d6c48123437949d0fed48e7d1bafde8e760e45b4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Apr 2024 16:04:04 -0400 Subject: [PATCH 1435/1758] Sugarizer 1.8.0 (upgrade from 1.7.0!) --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 925e087b6..ad5e48843 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -9,8 +9,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -sugarizer_dir_version: sugarizer-1.7.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0 -sugarizer_git_version: v1.7.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0 +sugarizer_dir_version: sugarizer-1.8.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0, sugarizer-1.7.0 +sugarizer_git_version: v1.8.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0, v1.7.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 From 8079ca9a4b7cb26387c7e7c7f0384778ea97f793 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Apr 2024 22:13:32 -0400 Subject: [PATCH 1436/1758] Recommend ansible-core 2.16.6 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 76af1ae59..0df85beb5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.5] -GOOD_VER=2.16.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.6] +GOOD_VER=2.16.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From e279be79dff1a3d293e5ba38a7d3ab30c40196b8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Apr 2024 22:17:51 -0400 Subject: [PATCH 1437/1758] iiab-install: MIN_ANSIBLE_VER=2.14.16 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index dfca60227..ebf301117 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.15 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.16 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 81be4dda9aff533c5413797bdd9c5a074ccf72b9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 24 Apr 2024 10:34:32 -0400 Subject: [PATCH 1438/1758] New Moodle 4.4 instead of 4.3 --- roles/moodle/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 4597665b1..b6c607027 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -11,8 +11,8 @@ # 2023-04-25: Currently testing Moodle's master branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_403_STABLE # Moodle 4.3 -#moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 +moodle_version: MOODLE_404_STABLE # Moodle 4.4 +#moodle_version: master # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From e6d5b6aa0732af27e04263880f850a0ed0950100 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 30 Apr 2024 18:22:34 -0400 Subject: [PATCH 1439/1758] Safer /usr/local/bin/yt-dlp symlink creation --- roles/calibre-web/tasks/install.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5f055d3e7..9ecf1c0ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -74,7 +74,13 @@ else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if [ -f /root/.local/share/pipx/venvs/xklb/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/xklb/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + else + echo "ERROR: yt-dlp NOT FOUND" + fi fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper From a771260ce94f8691bd5c3cb6e711d8aa05f1d890 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 30 Apr 2024 21:02:25 -0400 Subject: [PATCH 1440/1758] Bypass KA Lite install during initial install of IIAB, on recent OS's --- roles/7-edu-apps/tasks/main.yml | 2 +- roles/kalite/tasks/install.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index c5f15e117..570c4b3d1 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -6,7 +6,7 @@ - name: KALITE include_role: name: kalite - when: kalite_install + when: kalite_install and (is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12) # Also covers is_linuxmint_21 and is_raspbian_12 - name: KOLIBRI include_role: diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index d2c2da478..5738c7301 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -49,6 +49,9 @@ extra_args: "--no-cache-dir" when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 +# 2024-04-30: Sadly no longer works with Ubuntu 24.04 LTS final release (#3731). +# So roles/kalite is OS-restricted during initial install, SEE: roles/7-edu-apps/tasks/main.yml +# CLARIF: If install_python2_kalite-venv_u2404.sh proves no longer useful, it will deprecated in coming months. - name: Run scripts/install_python2_kalite-venv_u2404.sh -- if Ubuntu 24.04+ or Mint 22 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" when: is_ubuntu and not is_linuxmint and os_ver is version('ubuntu-2404', '>=') or is_linuxmint_22 From 4ea8690dd38a8184701592ce8d1a1ec8f36b4a77 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 1 May 2024 10:31:09 -0400 Subject: [PATCH 1441/1758] Welcome Ubuntu 24.10 (Oracular Oriole) pre-releases --- scripts/local_facts.fact | 1 + vars/default_vars.yml | 1 + vars/ubuntu-2410.yml | 5 +++++ 3 files changed, 7 insertions(+) create mode 100644 vars/ubuntu-2410.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index b1e53b885..e6c6ca0f5 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -88,6 +88,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2310" | \ "ubuntu-2404" | \ + "ubuntu-2410" | \ "linuxmint-21" | \ "linuxmint-22" | \ "raspbian-12") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 55af7c382..754cba561 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -774,6 +774,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2410: False is_ubuntu_2404: False is_ubuntu_2310: False #is_ubuntu_2304: False diff --git a/vars/ubuntu-2410.yml b/vars/ubuntu-2410.yml new file mode 100644 index 000000000..6120c89a9 --- /dev/null +++ b/vars/ubuntu-2410.yml @@ -0,0 +1,5 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2410: True From ebb0e079af196a1a52d700393ae72e713569fcc1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 1 May 2024 15:52:06 -0400 Subject: [PATCH 1442/1758] 'echo Admin:changeme | chpasswd' for CUPS w/ ansible-core 2.17+ --- roles/cups/tasks/install.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index e4e2e04ed..5663528f0 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -58,15 +58,30 @@ AuthType Default Require user @SYSTEM -- name: "CUPS web administration: Create Linux username 'Admin' with password 'changeme' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)" +- name: "CUPS web administration: Create Linux username 'Admin' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)" user: name: Admin append: yes # Don't clobber other groups, that other IIAB Apps might need. groups: lpadmin - password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords + #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords create_home: no shell: /usr/sbin/nologin # Debian/Ubuntu norm -- instead of /sbin/nologin, /bin/false +# 2024-05-01: Above password-setting approach no longer works w/ Ansible 2.17 RC1 (#3727). +# Ansible STOPS with this error... +# +# "[DEPRECATION WARNING]: Encryption using the Python crypt module is deprecated. The Python crypt module is +# deprecated and will be removed from Python 3.13. Install the passlib library for continued encryption +# functionality. This feature will be removed in version 2.17. Deprecation warnings can be disabled by +# setting deprecation_warnings=False in ansible.cfg." +# +# ...so we instead use Linux's "chpasswd" command (below!) + +- name: Use chpasswd to set Linux username 'Admin' password to 'changeme' + command: chpasswd + args: + stdin: Admin:changeme + # - name: Add user '{{ iiab_admin_user }}' to Linux group 'lpadmin' -- for CUPS web administration (or modify default 'SystemGroup lpadmin' in /etc/cups/cups-files.conf -- in coordination with ~14 -> ~15 '@SYSTEM' lines in /etc/cups/cupsd.conf) # #command: "gpasswd -a {{ iiab_admin_user | quote }} lpadmin" # #command: "gpasswd -d {{ iiab_admin_user | quote }} lpadmin" From ff696899f3d1802f3ff8d458c881ad9092638886 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 1 May 2024 22:52:44 -0400 Subject: [PATCH 1443/1758] CUPS: Update Ansible password hashing link (#3735) --- roles/cups/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 5663528f0..55209a50b 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -63,7 +63,7 @@ name: Admin append: yes # Don't clobber other groups, that other IIAB Apps might need. groups: lpadmin - #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords + #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#hashing-and-encrypting-strings-and-passwords create_home: no shell: /usr/sbin/nologin # Debian/Ubuntu norm -- instead of /sbin/nologin, /bin/false From 673fff90e2e2eb92fadc1f97009eeb8795124f69 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 1 May 2024 23:29:00 -0400 Subject: [PATCH 1444/1758] Nextcloud 29: Update disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index d82f040bb..c43da3943 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~655 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~199 MB) to {{ nextcloud_root_dir }} (~689 MB initially, sometimes ~726 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From d4c97f45b093470385cecc25a4b96917152ebf08 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 3 May 2024 08:50:27 -0400 Subject: [PATCH 1445/1758] Node.js 22.x --- roles/internetarchive/tasks/install.yml | 6 +++--- vars/default_vars.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index b6df58f01..2821a9ffd 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 20.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 22.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('20.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 20.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('22.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 22.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 754cba561..3b233ca6c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -444,7 +444,7 @@ mosquitto_port: 1883 # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -nodejs_version: 20.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20 +nodejs_version: 22.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20, 20.x til 2024-05-03 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 9129644dff136f0aaddf71e831e1cee60eb02275 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 16 May 2024 17:23:47 -0400 Subject: [PATCH 1446/1758] Avoid initial install of Kolibri on Ubuntu 24.04+ (for now!) --- roles/7-edu-apps/tasks/main.yml | 2 +- scripts/ansible | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 570c4b3d1..56d21fd28 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install + when: kolibri_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also covers is_linuxmint_22. This is TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases. - name: KIWIX include_role: diff --git a/scripts/ansible b/scripts/ansible index 0df85beb5..1b8983975 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -305,7 +305,6 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " /usr/local/ansible/bin/pip3 show ansible-core" -echo -e " pip3 show ansible-core" echo -e ' apt -a list "ansible*"' echo -e " ansible-galaxy collection list\n" echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" From 2788f1062413f836e58e268826c09d72de236997 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 16 May 2024 18:01:17 -0400 Subject: [PATCH 1447/1758] Safer avoidance of Kolibri, if Python 3.12+ (for now!) --- roles/7-edu-apps/tasks/main.yml | 2 +- test.yml | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 56d21fd28..e4ac330bc 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also covers is_linuxmint_22. This is TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases. + when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases at the moment. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: diff --git a/test.yml b/test.yml index 8eb2e9be0..7afdab202 100644 --- a/test.yml +++ b/test.yml @@ -19,12 +19,17 @@ #- include_role: # name: 0-init - - debug: - msg: "{{ 'changeme' | password_hash('sha512') }}" + # 2024-05-16: ansible-core 2.17 RC2 still hasn't fixed this, as they migrate from Python's crypt library to passlib: + # https://github.com/iiab/iiab/blob/485a619bfa082716ec848b5b34893dd3046175a8/roles/cups/tasks/install.yml#L70-L78 + #- debug: + # msg: "{{ 'changeme' | password_hash('sha512') }}" # msg: "{{ 'changeme' | password_hash('yescrypt') }}" # crypt.crypt STILL doesn't support 'yescrypt' algorithm ? #- pause: + - debug: + var: "'3.12.3' is version('3.12', '<')" + - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini descriptions for azuracast, captiveportal, mosquitto, munin, nodejs, osm-vector-maps, sshd debug: msg: '"''"' # OR: '''' FAILS: '"\'"' From 583fa9a898b5f3bb0a7b29fdd64ecb64c1430aff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 16 May 2024 18:19:42 -0400 Subject: [PATCH 1448/1758] Clarify Kolibri avoidance w/ Python 3.12+ during initial iiab-install --- roles/7-edu-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index e4ac330bc..dc1f7e49b 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases at the moment. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). + when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: From daafd615217997bcee90e56c37234c68ac49710d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 May 2024 14:51:21 -0400 Subject: [PATCH 1449/1758] Recommend ansible-core 2.17.0 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1b8983975..02fc9e23f 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.6] -GOOD_VER=2.16.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.0] +GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 6b80af6832561007e6df3888a283dbf6d12b2a81 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 May 2024 14:53:10 -0400 Subject: [PATCH 1450/1758] 2.14 EOL, MIN_ANSIBLE_VER=2.15.12 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index ebf301117..59c22129f 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.16 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.15.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From ec4a884c4c10e20190ff0580eaef86d5c42ee3ef Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 20 May 2024 15:17:55 -0400 Subject: [PATCH 1451/1758] ansible-core 2.17 docs for PR #3743 --- scripts/ansible | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 02fc9e23f..1cf6953a5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -34,6 +34,8 @@ GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.17 +# https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst # https://github.com/ansible/ansible/commits/stable-2.16 # https://github.com/ansible/ansible/blob/stable-2.16/changelogs/CHANGELOG-v2.16.rst # https://github.com/ansible/ansible/commits/stable-2.15 From ed9c8929464e081b5a8dc4a61ac88457c68987d9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 27 May 2024 10:19:50 -0400 Subject: [PATCH 1452/1758] gitea/defaults/main.yml: gitea_version: "1.22" --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index c318acfd7..0032f1d3d 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: "1.21" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. +gitea_version: "1.22" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 9dc634f7de00cb7ec393e622fe1e5f19028a4ac3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 May 2024 00:27:54 -0400 Subject: [PATCH 1453/1758] calibre-web/tasks/install.yml: Refine venv tips --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 9ecf1c0ed..c3cbf6e94 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -99,8 +99,9 @@ # https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments # VIRTUALENV EXAMPLE COMMANDS: +# python3 -m venv /usr/local/calibre-web-py3 (create venv) # cd /usr/local/calibre-web-py3 -# source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) +# . bin/activate (or 'source bin/activate' -- this prepends '/usr/local/calibre-web-py3/bin' to yr PATH) # python3 -m pip list ('pip list' sufficient *IF* path set above!) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt From ddca185401acf3dd29e483dfb53dbb14141afb04 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 4 Jun 2024 10:20:02 -0400 Subject: [PATCH 1454/1758] iiab-diagnostics: try dpaste.com instead of sprunge.us --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 0b979fcd3..f0d47a52b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -272,12 +272,12 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023) + pastebinit -b dpaste.com < $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. + #pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins - #pastebinit -b dpaste.com < $outfile # Claims 1,000,000 character maximum pastebin size, but not reliable else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b sprunge.us < $outfile" + echo -e " pastebinit -b dpaste.com < $outfile" fi echo -e "\e[0m" From 17463eb8107baa37562f91e5111487d88e22d988 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 4 Jun 2024 10:21:20 -0400 Subject: [PATCH 1455/1758] iiab-diagnostics.README.md: sprunge.us -> dpaste.com --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index e2b0aef85..a2295b830 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b dpaste.com /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From b6ab7bf733a305a64c698330fda7de45bdef82f9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 5 Jun 2024 09:18:32 -0400 Subject: [PATCH 1456/1758] iiab-summary: Strip RPi model null char for dpaste.com --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 75102048d..7551aad08 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -67,7 +67,7 @@ echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $ uname -nrvm echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) if [ -f /proc/device-tree/model ]; then - cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo + cat /proc/device-tree/model | tr -d '\000' ; echo # dpaste.com pastebin doesn't allow null chars! MORE RPi DETAIL: tail -4 /proc/cpuinfo fi if [ -f /sys/class/thermal/thermal_zone0/temp ]; then echo "Temperature(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp From 14d605c643a44592b258e4ffffc3ffd75a9bb9cd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 5 Jun 2024 09:24:29 -0400 Subject: [PATCH 1457/1758] iiab-diagnostics: Make all odd chars visible (pastebins can be picky!) --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f0d47a52b..c8bb1f302 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -132,7 +132,7 @@ echo "This is: $outfile" >> $outfile echo >> $outfile echo -e "\n\n\n0. HW + SW Quick Summary" >> $outfile echo >> $outfile -/opt/iiab/iiab/scripts/iiab-summary >> $outfile +/opt/iiab/iiab/scripts/iiab-summary | iconv -t UTF-8//IGNORE | cat -v >> $outfile # Make odd chars visible, just in case (e.g. dpaste.com pastebin disallows null chars) if [ -f /etc/rpi-issue ]; then echo "stage2 = Raspberry Pi OS Lite" >> $outfile echo "stage4 = Raspberry Pi OS with desktop" >> $outfile From 27be239d9d0e5dc22c2e3de632a21fb6472ab0e0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 5 Jun 2024 12:09:57 -0400 Subject: [PATCH 1458/1758] iiab-diagnostics: Tweak pastebinit syntax for PR #3749 --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index c8bb1f302..a94b04f0c 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -272,9 +272,9 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b dpaste.com < $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. - #pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) - #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins + pastebinit -b dpaste.com $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. + #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) + #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins else echo -e "If you later decide to publish it, run:" echo From ddd09567e21e0ef820553f545d7caff2bfd88b6c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 13 Jun 2024 14:27:22 -0400 Subject: [PATCH 1459/1758] Kolibri on Python 3.12 OS's, during initial IIAB install --- roles/7-edu-apps/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index dc1f7e49b..69d1b0788 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,8 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). + when: kolibri_install + #when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: From 7020423b6e479197a598ea5c88b3ea94a2091a2b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 14 Jun 2024 09:14:23 -0400 Subject: [PATCH 1460/1758] calibre-web/README.rst: Document xklb-metadata.db (for videos) --- roles/calibre-web/README.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 42162c818..9e5d3dee8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -108,6 +108,10 @@ Whereas your e-book metadata is stored in a Calibre-style database:: /library/calibre-web/metadata.db +Videos' metadata is stored in database:: + + /library/calibre-web/xklb-metadata.db + See also:: /library/calibre-web/metadata_db_prefs_backup.json From cc130d7e0fe27a2ae5b5fe4a55b6b541bbc796fe Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jun 2024 07:45:54 -0400 Subject: [PATCH 1461/1758] iiab-diagnostics: xklb & yt-dlp version visibility --- scripts/iiab-diagnostics | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a94b04f0c..6fe38407d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,8 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'sudo lb --version' 'xklb version' +cat_cmd 'sudo yt-dlp --version' 'yt-dlp version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 From 2f83e7f266eb893fbc0efc217f90cbd85255b053 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Jun 2024 07:47:43 -0400 Subject: [PATCH 1462/1758] iiab-diagnostics.README.md: Fix line number --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index a2295b830..fa6c560e5 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-254 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-256 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From da3a69a885b4b1b8ecd977e37e3d3d0db29278b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Jun 2024 14:48:43 -0400 Subject: [PATCH 1463/1758] Recommend ansible-core 2.17.1 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1cf6953a5..46ef74659 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.0] -GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.1] +GOOD_VER=2.17.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 2f4151ec2eac33950402e82841fdcebe7ffce0e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 11:55:31 -0400 Subject: [PATCH 1464/1758] Temp hard-coding of Kolibri 0.17 Alpha 0, if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f0a06d292..0da1d724a 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -121,6 +121,12 @@ # codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) # when: is_debian or is_linuxmint_20 + +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' + set_fact: + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and Debian 13 (which still uses Python 3.11 for now!?) PLEASE SEE: learningequality/kolibri#11316 + - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: name: kolibri From 641b31d80007c7a64bd8d05bf8aebcb9375e8502 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 12:56:33 -0400 Subject: [PATCH 1465/1758] Nextcloud 29.0.3: Update disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index c43da3943..529988437 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~199 MB) to {{ nextcloud_root_dir }} (~689 MB initially, sometimes ~726 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~197 MB) to {{ nextcloud_root_dir }} (~692 MB initially, sometimes ~730 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From f274f36050870a3d6db2ce45fbb631d7dafd026d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 13:10:01 -0400 Subject: [PATCH 1466/1758] Clarify doc explanation of PR #3751 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 0da1d724a..5f242b475 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,7 +125,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and Debian 13 (which still uses Python 3.11 for now!?) PLEASE SEE: learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From 2a5046cd84b82b734724e324cf001c2844cc4874 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 14:30:49 -0400 Subject: [PATCH 1467/1758] Update IIAB Calibre-Web disk footprint estimates --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index c3cbf6e94..6af37dcc7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From 199424d4705be1c50c614850f1d63389e4953310 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 14:34:33 -0400 Subject: [PATCH 1468/1758] Support experimental install on RasPiOS 13 --- scripts/local_facts.fact | 3 ++- vars/default_vars.yml | 1 + vars/raspbian-13.yml | 7 +++++++ 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 vars/raspbian-13.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index e6c6ca0f5..a24a1a2da 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -91,7 +91,8 @@ case $OS_VER in "ubuntu-2410" | \ "linuxmint-21" | \ "linuxmint-22" | \ - "raspbian-12") + "raspbian-12" | \ + "raspbian-13") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install ;; diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3b233ca6c..c0e6e9f13 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -802,6 +802,7 @@ is_debian_12: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) +is_raspbian_13: False is_raspbian_12: False #is_raspbian_11: False #is_raspbian_10: False diff --git a/vars/raspbian-13.yml b/vars/raspbian-13.yml new file mode 100644 index 000000000..74c906488 --- /dev/null +++ b/vars/raspbian-13.yml @@ -0,0 +1,7 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_13: True +is_raspbian: True +is_raspbian_13: True From 355ebbc65e6a4378c4ec29de608159e8fafcdad9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 18:25:23 -0400 Subject: [PATCH 1469/1758] Tighten up adding of Kolibri PPA --- roles/kolibri/tasks/install.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 5f242b475..7798e81f0 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -76,17 +76,20 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 -- name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) +# 2024-06-24: Strongly consider PPA "kolibri-proposed" in future... +# https://github.com/learningequality/kolibri/issues/11892 +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html +- name: Add signed Kolibri PPA 'jammy' apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 +# #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 -- name: Add signed Kolibri PPA 'focal' (if other/older OS's) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" - when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) - #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) +# - name: Add signed Kolibri PPA 'focal' (if other/older OS's) +# apt_repository: +# repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" +# when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) +# #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) # apt_repository: From d75d6a0cb28aa857e65ed2d6df4ca6f6f8051605 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 25 Jun 2024 18:47:28 -0400 Subject: [PATCH 1470/1758] Fix date in comment re: kolibri-proposed --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 7798e81f0..0eb9f6e84 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -76,7 +76,7 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 -# 2024-06-24: Strongly consider PPA "kolibri-proposed" in future... +# 2024-06-25: Strongly consider PPA "kolibri-proposed" in future... # https://github.com/learningequality/kolibri/issues/11892 # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html - name: Add signed Kolibri PPA 'jammy' From a4a68604e1791830ed6b649722b264712c71ca78 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 27 Jun 2024 12:01:11 -0400 Subject: [PATCH 1471/1758] New MediaWiki 1.42.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 077d1a967..1787b2807 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero +mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" From 9d31afdc9f1f3785b4cfba69472fc4bcfe482fc7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 3 Jul 2024 23:18:07 -0400 Subject: [PATCH 1472/1758] Install Kolibri 0.17b0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 0eb9f6e84..129756d9b 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta0/kolibri_0.17.0b0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From c6b0164cbe97934a1b333bea5b605f084e7bf6fd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 9 Jul 2024 18:43:30 -0400 Subject: [PATCH 1473/1758] transmission/README.rst: Ubuntu timeout / crashing issue #3756 --- roles/transmission/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 727197b56..a851fe591 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -86,6 +86,8 @@ Known Issues * Random Ports: Currently it is not possible to use random ports in the range 49152-65535, as it's difficult to open multiple ports in IIAB's `iptables-based firewall <https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables>`_. +* transmission-daemon (4.0.6 or 4.1-dev) install onto Ubuntu 24.04 or 24.10, but (1) its systemd service times out (fails to start) (2) rebooting kinda helps, but service then crashes on 1st visit to http://box:9091 `#3756 <https://github.com/iiab/iiab/issues/3756>`_ + Troubleshooting --------------- From c1eea9d1a16b50df04c8eb8cdc69c88f35d31760 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 10 Jul 2024 09:38:03 -0400 Subject: [PATCH 1474/1758] callbre-web/README.rst: Update issues reporting URL --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9e5d3dee8..da7045ee1 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -228,5 +228,5 @@ Known Issues * |ss| Upload of not supported file formats gives no feedback to the user: `janeczku/calibre-web#828 <https://github.com/janeczku/calibre-web/issues/828>`_ |se| |nbsp| Fixed by `361a124 <https://github.com/janeczku/calibre-web/commit/361a1243d732116e6f520fabbaae017068b86037>`_ on 2019-02-27. -* *Please assist us in reporting serious issues here:* - https://github.com/janeczku/calibre-web/issues +* *Please report serious issues here:* + https://github.com/iiab/calibre-web/issues From 924f5802778ff3309e86637affbe5540bbd0713c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jul 2024 12:54:38 -0400 Subject: [PATCH 1475/1758] Clarify current Moodle is 4.4 (or 4.5dev !) --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 7a33421ae..a313ae75c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -101,7 +101,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) + version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" @@ -109,7 +109,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023) + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From afb7ed18fde6c3f6df3d57d1acde75856f69f016 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jul 2024 13:12:49 -0400 Subject: [PATCH 1476/1758] Update Moodle 4.5dev disk footprint estimates --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a313ae75c..44ba40349 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -104,7 +104,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From 2250f507fd306f7372a09c14adbb2a84d5cad44c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 11 Jul 2024 19:18:26 -0400 Subject: [PATCH 1477/1758] Kolibri 0.17.0 Beta 1 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 129756d9b..ba7d16651 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta0/kolibri_0.17.0b0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta1/kolibri_0.17.0b1-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 7c7f145b1716db6a950b6ff9105a90549103aa58 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 12 Jul 2024 19:44:36 -0400 Subject: [PATCH 1478/1758] Kolibri 0.17.0 Beta 2 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index ba7d16651..209fb3586 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta1/kolibri_0.17.0b1-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta2/kolibri_0.17.0b2-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 3b41fbca62d8605886435c7aa8c3786cd34a7f03 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Jul 2024 16:12:49 -0400 Subject: [PATCH 1479/1758] Recommend ansible-core 2.17.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 46ef74659..93755a5f6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.1] -GOOD_VER=2.17.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.2] +GOOD_VER=2.17.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 89c3d7873934f534aafdc30d50dc9a45963daf8a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 16 Jul 2024 00:33:24 -0400 Subject: [PATCH 1480/1758] Kolibri 0.17.0 Beta 3 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 209fb3586..f02dfde2e 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta2/kolibri_0.17.0b2-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta3/kolibri_0.17.0b3-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From fadee4caea0bcc009a47d060f34b66a66ad1f6fa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 17 Jul 2024 08:57:54 -0400 Subject: [PATCH 1481/1758] remote.it free/personal/non-commercial plan reconfirmed for 2024 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 051d3b7f5..910f55409 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [2024](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From e3d9a9a36e492107a9ebcc25138da2d4dc97dfe8 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 17 Jul 2024 22:26:11 -0400 Subject: [PATCH 1482/1758] Basic iiab-update command; also upgrades IIAB Calibre-Web --- roles/0-init/tasks/main.yml | 10 +++- scripts/ansible | 8 +-- scripts/iiab-update | 111 ++++++++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+), 5 deletions(-) create mode 100755 scripts/iiab-update diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 4c02c6ca5..8d423b8c6 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -34,15 +34,23 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ +- name: Copy iiab-update & iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ mode: '0755' with_items: + - iiab-update - iiab-summary - iiab-diagnostics +- name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update + file: + src: /usr/bin/iiab-update + path: /usr/bin/iiab-upgrade + state: link + force: yes + - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: state: directory diff --git a/scripts/ansible b/scripts/ansible index 93755a5f6..51cb3b689 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -99,8 +99,8 @@ echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'" #echo -e "(3) Remove all lines containing 'ansible' from..." #echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" -echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" -echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" +#echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" +#echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ") @@ -308,5 +308,5 @@ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " /usr/local/ansible/bin/pip3 show ansible-core" echo -e ' apt -a list "ansible*"' -echo -e " ansible-galaxy collection list\n" -echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" +echo -e " ansible-galaxy collection list\n\n" +#echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" diff --git a/scripts/iiab-update b/scripts/iiab-update new file mode 100755 index 000000000..8c498ff1e --- /dev/null +++ b/scripts/iiab-update @@ -0,0 +1,111 @@ +#!/bin/bash + +# Basic updating/upgrading of IIAB's core software (2 main repos) from GitHub. + +# With a focus on upgrading IIAB Calibre-Web, if that's installed: +# https://github.com/iiab/calibre-web/wiki + +if [[ $(id -un) != "root" ]]; then + echo -e "\nPlease run: sudo iiab-update\n" + exit 1 +fi + +if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" +else + echo -e "\n\n\e[44;1mBasic upgrade of IIAB core software (2 main repos) & Calibre-Web:\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y +fi + +cd /opt/iiab/iiab +if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 +fi +echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" +git pull https://github.com/iiab/iiab --no-rebase --no-edit +if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise Ansible (roles/0-init) does it below! + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin +fi + +if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" +else + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible +fi + +if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + echo + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + systemctl restart calibre-web + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + ./runrole --reinstall calibre-web + fi +fi + +# 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the +# time over 20 tests for me -- leading to 3+ different kinds of errors right +# after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the +# most common error -- once the error was "command not found" -- and another +# time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! +# +# Any chance this get_oer2go_catalog error ~15 lines up...might be related ? +# +# ... +# Finished writing to /etc/iiab/kiwix_catalog.json +# SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' +# php_parser = re.compile('\<\?php echo .+? \?>') +# Skipping module not needed by Internet in a Box 12 en-PhET +# ... +# [ ~15 lines ] +# ... +# (Restarting CMDSRV +# ... +# [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + +if [ -d /opt/admin ]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi +fi + +echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" From 4f98de9331eaa9c058cde34cfb628fb2f97163a9 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 17 Jul 2024 23:17:37 -0400 Subject: [PATCH 1483/1758] Untracked files in venv /usr/local/calibre-web-py3 should NOT block upgrade --- roles/0-init/tasks/main.yml | 2 +- scripts/iiab-update | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8d423b8c6..d6859c120 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -49,7 +49,7 @@ src: /usr/bin/iiab-update path: /usr/bin/iiab-upgrade state: link - force: yes + #force: yes - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: diff --git a/scripts/iiab-update b/scripts/iiab-update index 8c498ff1e..0c75dcc34 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -56,7 +56,7 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then yt-dlp --version echo cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi From 869ff84453c77e029c271fc2af8b6057c7feab09 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 00:25:50 -0400 Subject: [PATCH 1484/1758] iiab-update: Tiny code cleanup (Calibre-Web section) --- scripts/iiab-update | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 0c75dcc34..78b3cf859 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -54,13 +54,12 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then pipx install xklb echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo cd /usr/local/calibre-web-py3 if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi - echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/calibre-web --no-rebase --no-edit cd /opt/iiab/iiab if [[ $1 == "-f" || $1 == "--fast" ]]; then From 7d004495d3b79dc53be64e22874a8dea2bbeb9e6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 01:15:10 -0400 Subject: [PATCH 1485/1758] iiab-update: Document yt-dlp "nightly" option --- scripts/iiab-update | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-update b/scripts/iiab-update index 78b3cf859..eafe6897e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -52,6 +52,8 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then pipx uninstall xklb echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version cd /usr/local/calibre-web-py3 From af4715df6aa8717eac3f1e61c6bf413ee75de673 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 01:32:16 -0400 Subject: [PATCH 1486/1758] Explain 'cp iiab-update iiab-summary iiab-diagnostics /usr/bin' --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index eafe6897e..4c785c702 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -31,7 +31,7 @@ if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != " fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit -if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise Ansible (roles/0-init) does it below! +if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole and ./install do it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" cp iiab-update iiab-summary iiab-diagnostics /usr/bin From 49f59830c8d575a2dcc466dac208c69022ac002e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 02:09:33 -0400 Subject: [PATCH 1487/1758] Strengthen yt-dlp upgrading + document "nightly" version --- roles/calibre-web/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 6af37dcc7..2fc8d4f74 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -70,7 +70,7 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx upgrade --include-injected xklb + pipx reinstall xklb else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb @@ -82,6 +82,8 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper fi From c6815a55f757785400da1f4483bb52a2f24e5046 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 02:19:52 -0400 Subject: [PATCH 1488/1758] calibre-web/tasks/install.yml: Links to NEW iiab-update approach --- roles/calibre-web/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 2fc8d4f74..369bc09c1 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,3 +1,8 @@ +# To upgrade IIAB Calibre-Web: +# https://github.com/iiab/calibre-web/wiki#upgrading +# https://github.com/iiab/iiab/blob/master/scripts/iiab-update + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 From 4150ce342efff605c641981b0f54db5d3eac5711 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 03:09:13 -0400 Subject: [PATCH 1489/1758] calibre-web/README.rst: Revise "Upgrading" section --- roles/calibre-web/README.rst | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index da7045ee1..ef9423d1d 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -157,26 +157,31 @@ as it contains your Calibre-Web content **and** configuration settings! Upgrading --------- -"Reinstalling" Calibre-Web automatically installs the latest version — if your -Internet-in-a-Box (IIAB) is online. +Please see our `new/automated upgrade technique (iiab-update) <https://github.com/iiab/calibre-web/wiki#upgrading>`_ +introduced in July 2024. -But first: back up your content **and** configuration settings, as explained above. +But first: back up your content **and** configuration settings, as outlined +above! -**Also move your /library/calibre-web/config/app.db AND/OR -/library/calibre-web/metadata.db out of the way — if you're sure you want to -fully reset your Calibre-Web settings (to install defaults) AND/OR remove all -e-book metadata! Then run, as root**:: +**Conversely if you're sure you want to fully reset your Calibre-Web settings, +and remove all existing e-book/video/media metadata — then move your +/library/calibre-web/config/app.db, /library/calibre-web/metadata.db and +/library/calibre-web/xklb-metadata.db out of the way.** + +RECAP: In general, "reinstalling" Calibre-Web automatically installs the latest +version — if your Internet-in-a-Box (IIAB) is online. Strongly consider the +new ``iiab-update`` technique described above. But if you must use the +older/manual technique, you would need to run, as root:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web -Or, if you just want to upgrade Calibre-Web code alone, prior to proceeding -manually:: +Or, if you want to try upgrading Calibre-Web code alone:: cd /usr/local/calibre-web-py3 git pull -This older way is *no longer recommended*:: +Finally, this much older way is *no longer recommended*:: cd /opt/iiab/iiab ./iiab-install --reinstall # OR: ./iiab-configure From 514f0ea71457e4921f007771d6e7756648decdcd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 03:21:01 -0400 Subject: [PATCH 1490/1758] calibre-web/README.rst: Refine "Upgrading" grammar --- roles/calibre-web/README.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index ef9423d1d..a29896573 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -168,15 +168,15 @@ and remove all existing e-book/video/media metadata — then move your /library/calibre-web/config/app.db, /library/calibre-web/metadata.db and /library/calibre-web/xklb-metadata.db out of the way.** -RECAP: In general, "reinstalling" Calibre-Web automatically installs the latest -version — if your Internet-in-a-Box (IIAB) is online. Strongly consider the -new ``iiab-update`` technique described above. But if you must use the -older/manual technique, you would need to run, as root:: +RECAP: Either way, "reinstalling" Calibre-Web automatically installs the latest +version — so long as your Internet-in-a-Box (IIAB) is online. Most people +should stick with the new ``iiab-update`` technique above. However if you must +use the older/manual approach, you would need to run, as root:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web -Or, if you want to try upgrading Calibre-Web code alone:: +Or, if there's a need to try updating Calibre-Web's code alone:: cd /usr/local/calibre-web-py3 git pull From 3d6a11635278543680636e767f078e0acb61c7d2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 05:19:38 -0400 Subject: [PATCH 1491/1758] scripts/iiab-update: Clarify summary/purpose for PR #3768 --- scripts/iiab-update | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4c785c702..b5813075e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -1,8 +1,8 @@ #!/bin/bash -# Basic updating/upgrading of IIAB's core software (2 main repos) from GitHub. +# Upgrade IIAB core software (apt updates, Ansible, Admin Console, etc). -# With a focus on upgrading IIAB Calibre-Web, if that's installed: +# Also with a focus on upgrading IIAB Calibre-Web, if that's installed: # https://github.com/iiab/calibre-web/wiki if [[ $(id -un) != "root" ]]; then @@ -14,7 +14,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mBasic upgrade of IIAB core software (2 main repos) & Calibre-Web:\e[0m\n" + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" echo -e "\e[4mNow running: apt update\e[0m\n" apt update From 1e1998cb14568b60e3f2deceeebefafb06527a11 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 13:37:24 -0400 Subject: [PATCH 1492/1758] Preload all of iiab-update (bash script) into RAM for safety --- scripts/iiab-update | 192 +++++++++++++++++++++++--------------------- 1 file changed, 101 insertions(+), 91 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index b5813075e..36190e270 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -5,108 +5,118 @@ # Also with a focus on upgrading IIAB Calibre-Web, if that's installed: # https://github.com/iiab/calibre-web/wiki -if [[ $(id -un) != "root" ]]; then - echo -e "\nPlease run: sudo iiab-update\n" - exit 1 -fi +# 2024-07-18 fixes underway, thanks to: +# https://stackoverflow.com/questions/21096478/overwrite-executing-bash-script-files +# https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run +# https://stackoverflow.com/questions/2336977/can-a-shell-script-indicate-that-its-lines-be-loaded-into-memory-initially -if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" - echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" -else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" - echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" - echo -e "\e[4mNow running: apt update\e[0m\n" - apt update - echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" - apt dist-upgrade -y - echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" - apt autoremove -y -fi - -cd /opt/iiab/iiab -if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 -fi -echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" -git pull https://github.com/iiab/iiab --no-rebase --no-edit -if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole and ./install do it below! (as Ansible runs roles/0-init) - cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin -fi - -if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" -else - echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" - scripts/ansible -fi - -if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" +{ + if [[ $(id -un) != "root" ]]; then + echo -e "\nPlease run: sudo iiab-update\n" exit 1 fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" - systemctl restart calibre-web + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" - ./runrole --reinstall calibre-web + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y fi -fi -# 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the -# time over 20 tests for me -- leading to 3+ different kinds of errors right -# after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the -# most common error -- once the error was "command not found" -- and another -# time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! -# -# Any chance this get_oer2go_catalog error ~15 lines up...might be related ? -# -# ... -# Finished writing to /etc/iiab/kiwix_catalog.json -# SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' -# php_parser = re.compile('\<\?php echo .+? \?>') -# Skipping module not needed by Internet in a Box 12 en-PhET -# ... -# [ ~15 lines ] -# ... -# (Restarting CMDSRV -# ... -# [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + cd /opt/iiab/iiab + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab --no-rebase --no-edit + if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin + fi -if [ -d /opt/admin ]; then if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" else - cd /opt/iiab/iiab-admin-console - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible + fi + + if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install + systemctl stop calibre-web + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + systemctl restart calibre-web + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + ./runrole --reinstall calibre-web + fi fi -fi -echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + # 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the + # time over 20 tests for me -- leading to 3+ different kinds of errors right + # after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the + # most common error -- once the error was "command not found" -- and another + # time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! + # + # Any chance this get_oer2go_catalog error ~15 lines up...might be related ? + # + # ... + # Finished writing to /etc/iiab/kiwix_catalog.json + # SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' + # php_parser = re.compile('\<\?php echo .+? \?>') + # Skipping module not needed by Internet in a Box 12 en-PhET + # ... + # [ ~15 lines ] + # ... + # (Restarting CMDSRV + # ... + # [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + + if [ -d /opt/admin ]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi + fi + + echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + + exit # https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run +} From 280cea8b9d53a6825d7076a36c3664c1f29b7836 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:16:39 -0400 Subject: [PATCH 1493/1758] untabify iiab-update + 'systemctl stop calibre-web' output --- scripts/iiab-update | 115 ++++++++++++++++++++++---------------------- 1 file changed, 58 insertions(+), 57 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 36190e270..8f8ba2f94 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -12,72 +12,73 @@ { if [[ $(id -un) != "root" ]]; then - echo -e "\nPlease run: sudo iiab-update\n" - exit 1 + echo -e "\nPlease run: sudo iiab-update\n" + exit 1 fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" - echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" - echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" - echo -e "\e[4mNow running: apt update\e[0m\n" - apt update - echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" - apt dist-upgrade -y - echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" - apt autoremove -y + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y fi cd /opt/iiab/iiab if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) - cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" else - echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" - scripts/ansible + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - systemctl stop calibre-web - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: systemctl stop calibre-web\e[0m\n" + systemctl stop calibre-web + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" systemctl restart calibre-web - else - echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" ./runrole --reinstall calibre-web - fi + fi fi # 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the @@ -101,19 +102,19 @@ # [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] if [ -d /opt/admin ]; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" - else - cd /opt/iiab/iiab-admin-console - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install - fi + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi fi echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" From 291c049919185852724ef4584bdf2c059152e18e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:24:22 -0400 Subject: [PATCH 1494/1758] iiab-update: Try "bash -e" (exit on error) and "cp -u" (--update) --- scripts/iiab-update | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 8f8ba2f94..48a4f90ac 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/bash -e +# "-e" tries to exit right away on error. # Upgrade IIAB core software (apt updates, Ansible, Admin Console, etc). @@ -40,7 +41,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin + cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then From 732ddf80111ed6f47883fcc9a7798f8b55c14088 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:28:07 -0400 Subject: [PATCH 1495/1758] iiab-update: Clarify "cp -u" in live output too --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 48a4f90ac..eca416d60 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -40,7 +40,7 @@ git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin fi From cdd94f84d9f24224a70facd2c2bbad952a9e2604 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 18 Jul 2024 16:28:14 -0400 Subject: [PATCH 1496/1758] iiab-update: Permit /opt/iiab/iiab untracked files like adm-run-roles-tmp.yml --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index eca416d60..f51532503 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -32,7 +32,7 @@ fi cd /opt/iiab/iiab - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit detritus, e.g. untracked files like adm-run-roles-tmp.yml echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi From af3660045ffc581bcac4f3bbfb5bfa70790e94a1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 19 Jul 2024 01:19:00 -0400 Subject: [PATCH 1497/1758] iiab-update: Skip Admin Console ./install if already up-to-date --- scripts/iiab-update | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index f51532503..49cfdc939 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -111,10 +111,16 @@ echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi + GITHASH1=$(git rev-parse HEAD) echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install + GITHASH2=$(git rev-parse HEAD) + if [[ $GITHASH1 != $GITHASH2 ]]; then + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + else + echo -e "\n\e[33mSkipping Admin Console './install' — as it appears up-to-date!\e[0m" + fi fi fi From b1b9d49327d6429de7760e1559b9579c2456ddc3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 19 Jul 2024 04:34:16 -0400 Subject: [PATCH 1498/1758] Clean up RasPiOS Python/apt/pip doc links --- roles/calibre-web/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 369bc09c1..8b526d03e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -102,8 +102,9 @@ extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) -# https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi -# https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments +# https://www.raspberrypi.com/documentation/computers/os.html#use-python-on-a-raspberry-pi +# https://www.raspberrypi.com/documentation/computers/os.html#install-python-packages-using-apt +# https://www.raspberrypi.com/documentation/computers/os.html#install-python-libraries-using-pip # VIRTUALENV EXAMPLE COMMANDS: # python3 -m venv /usr/local/calibre-web-py3 (create venv) From 33ed99c030847daf4e32fce88aa3c4b82f3c6891 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 19 Jul 2024 06:26:19 -0400 Subject: [PATCH 1499/1758] iiab-update -f: Install CWeb requirements.txt + sharpen warning --- scripts/iiab-update | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 49cfdc939..91e0af9e1 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -21,7 +21,7 @@ echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\n\e[44;1mUpgrading IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" echo -e "\e[4mNow running: apt update\e[0m\n" apt update @@ -45,16 +45,13 @@ fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n\n" else echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" scripts/ansible fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" pipx uninstall xklb echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" @@ -72,11 +69,13 @@ systemctl stop calibre-web echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + echo -e "\n\e[4mNow running: bin/pip install -r requirements.txt --prefer-binary\e[0m\n" + bin/pip install -r requirements.txt --prefer-binary > /dev/null + echo -e "\e[4mNow running: systemctl restart calibre-web\e[0m\n" systemctl restart calibre-web else + cd /opt/iiab/iiab echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" ./runrole --reinstall calibre-web fi @@ -124,7 +123,12 @@ fi fi - echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\n\e[44;1m'iiab-update -f' COMPLETE!\e[0m\n" + echo -e "\e[44;1mIf Calibre-Web fails, please try 'iiab-update' WITHOUT '-f'\e[0m\n\n" # \e[7m == reverse video (e.g. black on white) + else + echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + fi exit # https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run } From 06a36706eb27dd4888464e4127a882ec35f14774 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 Jul 2024 11:52:53 -0400 Subject: [PATCH 1500/1758] iiab-update: Tighten up Calibre-Web upgrader (WIP: Ansible equiv soon) --- scripts/iiab-update | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 91e0af9e1..ec7a5d31e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -52,24 +52,25 @@ fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - echo -e "\n\e[4mNow running: systemctl stop calibre-web\e[0m\n" - systemctl stop calibre-web - echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\e[4mNow running: systemctl stop calibre-web\e[0m\n" + systemctl stop calibre-web + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit echo -e "\n\e[4mNow running: bin/pip install -r requirements.txt --prefer-binary\e[0m\n" bin/pip install -r requirements.txt --prefer-binary > /dev/null echo -e "\e[4mNow running: systemctl restart calibre-web\e[0m\n" From 37c6a7ef2950a659dbebcee2f7a09f895548631f Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 20 Jul 2024 13:43:35 -0400 Subject: [PATCH 1501/1758] Clarify yt-dlp "nightly" for better/experimental YouTube scraping --- scripts/iiab-update | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index ec7a5d31e..76095753f 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -59,13 +59,16 @@ pipx install xklb echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # + # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases + # https://pypi.org/project/yt-dlp/#history cd /usr/local/calibre-web-py3 if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 + echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 fi echo -e "\e[4mNow running: systemctl stop calibre-web\e[0m\n" systemctl stop calibre-web From 06dbdb178a6f2a171f609a23f9ecc159f7db525c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 01:51:06 -0400 Subject: [PATCH 1502/1758] Allow Calibre-Web upgrades via Ansible too, much like 'iiab-update -f' --- roles/calibre-web/tasks/install.yml | 33 +++++++++++++++++++---------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 8b526d03e..bdcca21f5 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,6 +1,9 @@ -# To upgrade IIAB Calibre-Web: +# Or try 'iiab-update -f' for a more rapid upgrade of IIAB Calibre-Web: +# +# https://wiki.iiab.io/go/FAQ#Can_I_upgrade_IIAB_software%3F # https://github.com/iiab/calibre-web/wiki#upgrading # https://github.com/iiab/iiab/blob/master/scripts/iiab-update +# https://github.com/iiab/iiab/tree/master/roles/calibre-web#upgrading - name: Record (initial) disk space used @@ -8,6 +11,13 @@ register: df1 +- name: Stop 'calibre-web' systemd service for safety (RED ERROR CAN BE IGNORED!) + systemd: + name: calibre-web + state: stopped + ignore_errors: True # Shows red errors, and continue... + #failed_when: False # Hides red errors, and continue... + - name: "Install packages: imagemagick, python3-netifaces" package: name: @@ -38,10 +48,10 @@ state: absent when: calibreweb_venv_wipe -- name: Does {{ calibreweb_venv_path }} exist? - stat: - path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 - register: calibreweb_venv +# - name: Does {{ calibreweb_venv_path }} exist? +# stat: +# path: "{{ calibreweb_venv_path }}" +# register: calibreweb_venv - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: @@ -52,7 +62,7 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" + - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -61,14 +71,15 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" +#- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ MB later)" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" - force: yes - #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing - version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 - when: not calibreweb_venv.stat.exists + force: yes # "any modified files in the working repository will be discarded" + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing + version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 + #when: not calibreweb_venv.stat.exists - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | From 663a35f5ced6b8bcbe0a416c53015b4b22418d63 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 02:31:21 -0400 Subject: [PATCH 1503/1758] Sharpen /usr/local/calibre-web-py3 disk usage estimates --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index bdcca21f5..d6320fb76 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -72,7 +72,7 @@ # https://github.com/janeczku/calibre-web/pull/1459 #- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" -- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ MB later)" +- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later)" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From ddfbbe7bf0e42eb5c2eda9c9cb68bf6190f26f85 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 02:46:48 -0400 Subject: [PATCH 1504/1758] calibre-web/tasks/install.yml: Clarify yt-dlp "nightly" option --- roles/calibre-web/tasks/install.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index d6320fb76..816fa5ac7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -98,8 +98,11 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release:: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # + # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases + # https://pypi.org/project/yt-dlp/#history cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper fi From 220bea18dcd597fb33501cdabe4d09bb8799bbe2 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 03:24:26 -0400 Subject: [PATCH 1505/1758] Explain yt-dlp 'nightly' releases, in Ansible output --- roles/calibre-web/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 816fa5ac7..34a89f211 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -81,6 +81,11 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 #when: not calibreweb_venv.stat.exists +- debug: + msg: + - "NEED BETTER/EXPERIMENTAL YouTube SCRAPING? RUN THE NEXT LINE -- for the latest yt-dlp 'nightly' release:" + - sudo pipx inject --pip-args='--upgrade --pre' -f xklb yt-dlp[default] + - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then @@ -98,7 +103,7 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi - # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release:: + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases From 46c1003f2c2c10a9487cc8974fe1ab402d701b87 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 21 Jul 2024 21:36:39 -0400 Subject: [PATCH 1506/1758] KA Lite dying: Time for Kolibri to become mainline --- vars/default_vars.yml | 8 ++++---- vars/local_vars_medical.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_none.yml | 4 ++-- vars/local_vars_small.yml | 8 ++++---- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c0e6e9f13..13291b20d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -476,14 +476,14 @@ wordpress_enabled: False # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False kalite_server_port: 8008 kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org -kolibri_install: False -kolibri_enabled: False +kolibri_install: True +kolibri_enabled: True kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri kolibri_user: kolibri # WARNING: https://github.com/learningequality/kolibri-installer-debian/issues/115 diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index f97113d63..66798cb05 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -1,7 +1,7 @@ # Default overrides kiwix_incl_apk: True -kalite_install: False -kalite_enabled: False +kolibri_install: False +kolibri_enabled: False captiveportal_install: True captiveportal_enabled: True mediawiki_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index aa142dcc9..40b960608 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -284,8 +284,8 @@ wordpress_enabled: True # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 6b3876fe8..a13c825ac 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -1,8 +1,8 @@ # turn off defaults remoteit_install: False openvpn_install: False -kalite_install: False -kalite_enabled: False +kolibri_install: False +kolibri_enabled: False kiwix_install: False kiwix_enabled: False osm_vector_maps_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index a366e2863..288395d69 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -284,12 +284,12 @@ wordpress_enabled: False # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org -kolibri_install: False -kolibri_enabled: False +kolibri_install: True +kolibri_enabled: True kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From 4cb61cf8b8c3f985d22cbeab8452f342a5f66596 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 22 Jul 2024 22:18:55 -0400 Subject: [PATCH 1507/1758] 'git pull' if upgrading Calibre-Web, bypassing Ansible --- roles/calibre-web/tasks/install.yml | 38 ++++++++++++++++------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 34a89f211..a6e8d4f56 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -42,17 +42,6 @@ line: ' <policy domain="coder" rights="read" pattern="PDF" />' state: present -- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" - file: - path: "{{ calibreweb_venv_path }}" - state: absent - when: calibreweb_venv_wipe - -# - name: Does {{ calibreweb_venv_path }} exist? -# stat: -# path: "{{ calibreweb_venv_path }}" -# register: calibreweb_venv - - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: state: directory @@ -62,7 +51,6 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -71,15 +59,31 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -#- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" -- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later)" +- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" + file: + path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + state: absent + when: calibreweb_venv_wipe + +- name: Does {{ calibreweb_venv_path }} exist? + stat: + path: "{{ calibreweb_venv_path }}" + register: calibreweb_venv + +- name: git clone Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later) -- if {{ calibreweb_venv_path }} doesns't exist git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" - force: yes # "any modified files in the working repository will be discarded" - #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing + #force: True # CLAIM: "If true, any modified files in the working repository will be discarded" -- REALITY: even if `force: no`, Ansible destructively reclones (also removing all test branch commits etc!) -- unless a git credential is provided to Ansible? + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 - #when: not calibreweb_venv.stat.exists + when: not calibreweb_venv.stat.exists + +- name: cd {{ calibreweb_venv_path }} ; git pull {{ calibreweb_repo_url }} {{ calibreweb_version }} --no-rebase --no-edit -- if {{ calibreweb_venv_path }} exists + command: git pull "{{ calibreweb_repo_url }}" "{{ calibreweb_version }}" --no-rebase --no-edit + args: + chdir: "{{ calibreweb_venv_path }}" + when: calibreweb_venv.stat.exists - debug: msg: From 078d896ef7cd5278ca730e4a28c400f18161f9ee Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 28 Jul 2024 14:34:51 -0400 Subject: [PATCH 1508/1758] pbx/README.adoc: Link to official FreePBX 17 install script --- roles/pbx/README.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index d99f0df82..9553cb8db 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -357,4 +357,8 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c * Ron Raikes' routine to install FreePBX from GitHub: https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +In 2024, see also the official: + +* FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install + Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 1116cbfb362a953358099f413160e2e3d73691d0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 28 Jul 2024 14:48:01 -0400 Subject: [PATCH 1509/1758] pbx/README.adoc: 2 more official FreePBX 17 install links --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 9553cb8db..2bbd70671 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -360,5 +360,7 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c In 2024, see also the official: * FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install +* FreePBX 17 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230326391/FreePBX+17+Installation +* Step By Step Debian 12 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/295403538/Step+By+Step+Debian+12+Installation Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 8f1a72e049cade6ffb55c7280af8170b823316dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 28 Jul 2024 15:03:00 -0400 Subject: [PATCH 1510/1758] pbx/README.adoc: Update FreePBX 17 pre-release news + link --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 2bbd70671..5d48feddf 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of July 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 pre-releases]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* @@ -359,7 +359,7 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c In 2024, see also the official: -* FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install +* https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install * FreePBX 17 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230326391/FreePBX+17+Installation * Step By Step Debian 12 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/295403538/Step+By+Step+Debian+12+Installation From 1ddbf01dfff87ce39973705aa1cee41d79f2ea93 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 30 Jul 2024 19:42:47 -0400 Subject: [PATCH 1511/1758] Kolibri 0.17 RC0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f02dfde2e..b0ea215bb 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta3/kolibri_0.17.0b3-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc0/kolibri_0.17.0rc0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From f20493cdc4dc8bad2edc1a218e827c3400b9a9f7 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 1 Aug 2024 11:10:37 -0400 Subject: [PATCH 1512/1758] Bypass initial install of Transmission on 24.04 & 24.10 & Mint 22 --- roles/8-mgmt-tools/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 8771b66a0..4d83e4422 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -6,7 +6,7 @@ - name: TRANSMISSION include_role: name: transmission - when: transmission_install + when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) - name: AWSTATS include_role: From cd7baf4b4f3e9a71f7737cc7bb2fc3dd0b593ea4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 1 Aug 2024 14:19:53 -0400 Subject: [PATCH 1513/1758] Kolibri 0.17 RC2 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index b0ea215bb..ede1a64b6 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc0/kolibri_0.17.0rc0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc2/kolibri_0.17.0rc2-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From a0e789a11126b33b34066081dfdb83c248208e28 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 4 Aug 2024 09:20:47 -0400 Subject: [PATCH 1514/1758] pbx/README.adoc: FreePBX 17 links --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 5d48feddf..f19260023 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of July 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 pre-releases]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of August 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* From 01f87f5e38196a863bb431d5ce6045cb26011736 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 5 Aug 2024 18:44:18 -0400 Subject: [PATCH 1515/1758] Kolibri 0.17 RC3 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index ede1a64b6..405beb896 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc2/kolibri_0.17.0rc2-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 0ab99a456ebef69c971d10154770365165704230 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 5 Aug 2024 18:51:04 -0400 Subject: [PATCH 1516/1758] kolibri/tasks/install.yml: Clarify 4 OS's now using Python 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 405beb896..86281875a 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -128,7 +128,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From fd3ff958b16407deb6ae507be0dcc48a91206d88 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 6 Aug 2024 19:29:48 -0400 Subject: [PATCH 1517/1758] Kolibri 0.17.0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 86281875a..e09616739 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,9 +125,9 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 6e51ecbdd6a29415fe9b5b3a601a87e8a9799899 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 6 Aug 2024 19:37:56 -0400 Subject: [PATCH 1518/1758] Kolibri 0.17.x: Clean/Clarify Python 3.12+ OS's / context --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index e09616739..217d68d73 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,10 +125,10 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From cac1c873f40ce9d89e1a344c980646ac6c577311 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 7 Aug 2024 01:03:29 -0400 Subject: [PATCH 1519/1758] scripts/iiab-root-login: Set + Enable sftp password, for FileZilla uploads --- roles/0-init/tasks/main.yml | 3 +- scripts/iiab-item-size.py | 0 scripts/iiab-network | 0 scripts/iiab-root-login | 60 +++++++++++++++++++++++++++++++++++++ scripts/iiab-size.py | 0 scripts/iiab-update | 2 +- 6 files changed, 63 insertions(+), 2 deletions(-) mode change 100644 => 100755 scripts/iiab-item-size.py mode change 100644 => 100755 scripts/iiab-network create mode 100755 scripts/iiab-root-login mode change 100644 => 100755 scripts/iiab-size.py diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index d6859c120..8eb1668eb 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -34,7 +34,7 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy iiab-update & iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ +- name: Copy iiab-update & iiab-summary & iiab-diagnostics & iiab-root-login from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ @@ -43,6 +43,7 @@ - iiab-update - iiab-summary - iiab-diagnostics + - iiab-root-login - name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update file: diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-network b/scripts/iiab-network old mode 100644 new mode 100755 diff --git a/scripts/iiab-root-login b/scripts/iiab-root-login new file mode 100755 index 000000000..2d968e857 --- /dev/null +++ b/scripts/iiab-root-login @@ -0,0 +1,60 @@ +#!/bin/bash -e +# "-e" tries to exit right away on error. + +# Enable (and set!) root login password for ssh and sftp. +# To help everyday IIAB implementers upload content with FileZilla: +# https://wiki.iiab.io/go/FAQ#How_do_I_add_my_own_content%3F + +# AT YOUR OWN RISK. If this absolutely must be run non-interactively, use: +# sudo iiab-root-login <PASSWORD> + +if [ ! -f /etc/ssh/sshd_config ]; then + echo -e '\n\e[41;1mERROR: /etc/ssh/sshd_config is missing (is openssh-server installed?)\e[0m\n' + exit 1 +fi + +if ! systemctl is-active ssh > /dev/null; then + echo -e "\n\e[41;1mERROR: ssh service is not active (run 'systemctl status ssh' ?)\e[0m\n" + exit 1 +fi + +if [ $# -eq 0 ]; then + echo -e '\n\e[1;33mPICK A STRONG PASSWORD TO PROTECT YOUR IIAB!\e[0m' + echo -en '\nWhat ssh and sftp password do you want for user "root" ? ' + read ans < /dev/tty +else + ans=$1 + echo +fi + +if [[ $ans == "" ]]; then + echo -e '\n\e[41;1mEXITING: User "root" cannot have an empty password.\e[0m\n' + exit 1 +else + echo root:"$ans" | chpasswd + echo -e 'Password changed, for user "root".\n' +fi + +# Comment out problematic line(s) in file(s) like... +# /etc/ssh/sshd_config.d/60-cloudimg-settings.conf +# ...that appear in Multipass VMs, etc: +sed -i 's/^PermitRootLogin[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true +sed -i 's/^PasswordAuthentication[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true + +if grep -q '^PermitRootLogin[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PermitRootLogin[[:blank:]].*/PermitRootLogin yes/' /etc/ssh/sshd_config +else + echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config +fi + +if grep -q '^PasswordAuthentication[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PasswordAuthentication[[:blank:]].*/PasswordAuthentication yes/' /etc/ssh/sshd_config +else + echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config +fi + +if systemctl reload ssh; then + echo -e '\e[44;1mUser "root" can now upload to IIAB using FileZilla!\e[0m\n' +else + echo -e '\e[41;1mERROR: Unable to reload ssh service.\e[0m\n' +fi diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-update b/scripts/iiab-update index 76095753f..689f715e0 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -41,7 +41,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin + cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then From 24def618bc41bcbff0acd55a112f4a034ce3f0b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Aug 2024 03:34:02 -0400 Subject: [PATCH 1520/1758] roles/iiab-admin/README.rst: Update 2 links --- roles/iiab-admin/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index 5017e4186..c7c4ec5fc 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -58,14 +58,14 @@ Remote Support Tools The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN <https://en.wikipedia.org/wiki/OpenVPN>`_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. -Similarly, `access.yml <tasks/access.yml>`_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: +Similarly, `tasks/main.yml <tasks/main.yml>`_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: * `lynx <https://en.wikipedia.org/wiki/Lynx_(web_browser)>`_ * `screen <https://linuxize.com/post/how-to-use-linux-screen/>`_ *More great tools to help you jumpstart community action at a distance:* -* http://FAQ.IIAB.IO > "How can I remotely manage my Internet-in-a-Box?" +* `FAQ.IIAB.IO <https://wiki.iiab.io/go/FAQ>`_ > "How can I remotely manage my Internet-in-a-Box?" Admin Console ------------- From 49b574409a052a77c7629ca12fe928f54db58e4d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Aug 2024 04:04:43 -0400 Subject: [PATCH 1521/1758] scripts/iiab-update: Touch up for PR #3784 --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 689f715e0..4e2fe7aff 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -40,7 +40,7 @@ git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi From 0d0772aac9eef7f8f990d5528fc9269a87f8a47c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 7 Aug 2024 23:34:30 -0400 Subject: [PATCH 1522/1758] Revert to installing Kolibri (i.e. 0.17.0+) via PPA, by default --- roles/kolibri/tasks/install.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 217d68d73..d95f36044 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,10 +125,13 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' - set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 +# 2024-08-07: Hack no longer needed! As Kolibri 0.17.0 now installs via "kolibri" PPA (https://launchpad.net/~learningequality/+archive/ubuntu/kolibri). +# Hopefully "kolibri-proposed" PPA will install 0.18 pre-releases soon, on Python 3.13 too! https://github.com/learningequality/kolibri/issues/11892 + +# - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +# set_fact: +# kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb +# when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From ee3781d38a66e353f45ff36ebda5f5815705f297 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 8 Aug 2024 20:53:13 -0400 Subject: [PATCH 1523/1758] README.md: Fix link to FAQ app list / descriptions --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2fcb5085c..b3416aca2 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ You can build your own tiny, affordable server (an offline digital library) for Internet-in-a-Box gives you the DIY tools to: 1. Download then drag-and-drop to arrange the [very best of the World’s Free Knowledge](https://internet-in-a-box.org/#quality-content). -2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). +2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_%28IIAB_apps%29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). 3. Exchange local/indigenous knowledge with nearby communities, using our [Manage Content](https://github.com/iiab/iiab-admin-console/blob/master/roles/console/files/help/InstContent.rst#manage-content) interface and possible mesh networking. FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* From 608d05e24082463c7a27c671bea7ba7846d76d30 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 10 Aug 2024 21:41:15 -0400 Subject: [PATCH 1524/1758] iiab-diagnostics: Try paste.centos.org instead of dpaste.com --- scripts/iiab-diagnostics | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 6fe38407d..a872b88bb 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -273,13 +273,15 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b dpaste.com $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. - #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) - #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? + #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days! + #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) + #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) + #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b dpaste.com < $outfile" + echo -e " pastebinit -b paste.centos.org $outfile" fi echo -e "\e[0m" From 2c5398dfb29333e72563ee37234fa3b2e34c0b3f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 10 Aug 2024 21:48:10 -0400 Subject: [PATCH 1525/1758] iiab-diagnostics: Clarify termbin.com rudimentary/reliable option --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a872b88bb..198ad864e 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -275,7 +275,7 @@ echo -e "\e[1m" if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? - #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days! + #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days (rudimentary but reliable option if nec in future?!) #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins From e1eb26ba687503f1655e4665d21c20e4250b2d1c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 13 Aug 2024 00:15:30 -0400 Subject: [PATCH 1526/1758] Recommend ansible-core 2.17.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 51cb3b689..975acda62 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.2] -GOOD_VER=2.17.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.3] +GOOD_VER=2.17.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 86fa7bd49c9594f36b407eb5501ef0213326fd79 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 15 Aug 2024 10:00:56 -0400 Subject: [PATCH 1527/1758] test.yml: Tips to try ad hoc Ansible commands --- test.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/test.yml b/test.yml index 7afdab202..067b7cddd 100644 --- a/test.yml +++ b/test.yml @@ -1,6 +1,13 @@ # TEST ANSIBLE COMMANDS/MODULES IN SECONDS -- BY RUNNING: # ansible-playbook -i ansible_hosts test.yml --connection=local +# TEST A SINGLE ANSIBLE COMMAND/MODULE: +# ansible localhost -m ansible.builtin.setup | grep -e "ansible_machine\b" -e ansible_architecture +# ansible localhost -m ansible.builtin.shell -a 'echo $TERM' +# ansible localhost -m ansible.builtin.copy -a "src=/etc/hosts dest=/tmp/hosts" +# ansible localhost -m ansible.builtin.systemd -a "name=nginx state=restarted" +# https://docs.ansible.com/ansible/latest/command_guide/intro_adhoc.html + - hosts: all become: yes # Optional privilege escalation @@ -19,7 +26,9 @@ #- include_role: # name: 0-init - # 2024-05-16: ansible-core 2.17 RC2 still hasn't fixed this, as they migrate from Python's crypt library to passlib: + # 2024-08-15: Still not working with ansible-core 2.17.3 -- instead of + # migrating from Python's crypt library to passlib, Ansible is deprecating: + # https://github.com/ansible/ansible/issues/81949 # https://github.com/iiab/iiab/blob/485a619bfa082716ec848b5b34893dd3046175a8/roles/cups/tasks/install.yml#L70-L78 #- debug: # msg: "{{ 'changeme' | password_hash('sha512') }}" From 3bb74ec09a6048b0551c666c4232abbd5ae7982c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 22 Aug 2024 21:32:24 -0400 Subject: [PATCH 1528/1758] Moodle dev branch renamed from 'master' to 'main' --- roles/moodle/defaults/main.yml | 4 ++-- roles/moodle/tasks/install.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index b6c607027..1e05a1a76 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2023-04-25: Currently testing Moodle's master branch is mandatory if your +# April 2024: Currently testing Moodle's main branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: moodle_version: MOODLE_404_STABLE # Moodle 4.4 -#moodle_version: master # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 +#moodle_version: main # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 44ba40349..840eeb4d9 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -104,12 +104,12 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From bea4aea7a0994e3fb97e84972aa9027f399f8b12 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:45:33 -0400 Subject: [PATCH 1529/1758] Recommend ansible-core 2.17.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 975acda62..701b46107 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.3] -GOOD_VER=2.17.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.4] +GOOD_VER=2.17.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From c7000f330be9c736b9c84dda489e4da899877d2c Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 15 Sep 2024 02:05:42 -0400 Subject: [PATCH 1530/1758] Introduce roles/tailscale w/ /usr/bin/iiab-vpn etc --- .../openvpn/defaults/main.yml | 0 .../openvpn/tasks/enable-or-disable.yml | 0 .../openvpn/tasks/install.yml | 0 .../openvpn/tasks/main.yml | 0 .../openvpn/templates/15-openvpn.unused | 0 .../openvpn/templates/announce | 0 .../openvpn/templates/announcer | 0 .../openvpn/templates/ca.crt | 0 .../openvpn/templates/client1.crt | 0 .../openvpn/templates/client1.key | 0 .../openvpn/templates/iiab-remote-off | 0 .../openvpn/templates/iiab-remote-on.j2 | 0 .../openvpn/templates/iiab-support | 0 .../openvpn/templates/iiab-support.older | 0 .../templates/openvpn_handle.j2.unused | 0 .../openvpn/templates/silence | 0 .../openvpn/templates/xscenet.conf.j2 | 0 roles/0-init/tasks/validate_vars.yml | 3 +- roles/1-prep/tasks/main.yml | 10 +- roles/4-server-options/tasks/main.yml | 5 - roles/iiab-admin/README.rst | 4 +- roles/iiab-admin/tasks/sudo-prereqs.yml | 2 +- roles/sshd/defaults/main.yml | 2 +- roles/tailscale/tasks/install.yml | 113 ++++++++++++++++++ roles/tailscale/tasks/main.yml | 47 ++++++++ roles/tailscale/templates/iiab-vpn | 54 +++++++++ roles/tailscale/templates/iiab-vpn-off | 7 ++ scripts/iiab-summary | 9 +- vars/default_vars.yml | 20 +--- vars/local_vars_large.yml | 13 +- vars/local_vars_medical.yml | 1 - vars/local_vars_medium.yml | 13 +- vars/local_vars_none.yml | 2 +- vars/local_vars_small.yml | 13 +- vars/local_vars_unittest.yml | 13 +- 35 files changed, 265 insertions(+), 66 deletions(-) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/defaults/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/enable-or-disable.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/install.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/15-openvpn.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/announce (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/announcer (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/ca.crt (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/client1.crt (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/client1.key (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-remote-off (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-remote-on.j2 (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-support (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-support.older (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/openvpn_handle.j2.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/silence (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/xscenet.conf.j2 (100%) create mode 100644 roles/tailscale/tasks/install.yml create mode 100644 roles/tailscale/tasks/main.yml create mode 100755 roles/tailscale/templates/iiab-vpn create mode 100755 roles/tailscale/templates/iiab-vpn-off diff --git a/roles/openvpn/defaults/main.yml b/roles/0-DEPRECATED-ROLES/openvpn/defaults/main.yml similarity index 100% rename from roles/openvpn/defaults/main.yml rename to roles/0-DEPRECATED-ROLES/openvpn/defaults/main.yml diff --git a/roles/openvpn/tasks/enable-or-disable.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/enable-or-disable.yml similarity index 100% rename from roles/openvpn/tasks/enable-or-disable.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/enable-or-disable.yml diff --git a/roles/openvpn/tasks/install.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/install.yml similarity index 100% rename from roles/openvpn/tasks/install.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/install.yml diff --git a/roles/openvpn/tasks/main.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/main.yml similarity index 100% rename from roles/openvpn/tasks/main.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/main.yml diff --git a/roles/openvpn/templates/15-openvpn.unused b/roles/0-DEPRECATED-ROLES/openvpn/templates/15-openvpn.unused similarity index 100% rename from roles/openvpn/templates/15-openvpn.unused rename to roles/0-DEPRECATED-ROLES/openvpn/templates/15-openvpn.unused diff --git a/roles/openvpn/templates/announce b/roles/0-DEPRECATED-ROLES/openvpn/templates/announce similarity index 100% rename from roles/openvpn/templates/announce rename to roles/0-DEPRECATED-ROLES/openvpn/templates/announce diff --git a/roles/openvpn/templates/announcer b/roles/0-DEPRECATED-ROLES/openvpn/templates/announcer similarity index 100% rename from roles/openvpn/templates/announcer rename to roles/0-DEPRECATED-ROLES/openvpn/templates/announcer diff --git a/roles/openvpn/templates/ca.crt b/roles/0-DEPRECATED-ROLES/openvpn/templates/ca.crt similarity index 100% rename from roles/openvpn/templates/ca.crt rename to roles/0-DEPRECATED-ROLES/openvpn/templates/ca.crt diff --git a/roles/openvpn/templates/client1.crt b/roles/0-DEPRECATED-ROLES/openvpn/templates/client1.crt similarity index 100% rename from roles/openvpn/templates/client1.crt rename to roles/0-DEPRECATED-ROLES/openvpn/templates/client1.crt diff --git a/roles/openvpn/templates/client1.key b/roles/0-DEPRECATED-ROLES/openvpn/templates/client1.key similarity index 100% rename from roles/openvpn/templates/client1.key rename to roles/0-DEPRECATED-ROLES/openvpn/templates/client1.key diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-off similarity index 100% rename from roles/openvpn/templates/iiab-remote-off rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-off diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-on.j2 similarity index 100% rename from roles/openvpn/templates/iiab-remote-on.j2 rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-on.j2 diff --git a/roles/openvpn/templates/iiab-support b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support similarity index 100% rename from roles/openvpn/templates/iiab-support rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support diff --git a/roles/openvpn/templates/iiab-support.older b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support.older similarity index 100% rename from roles/openvpn/templates/iiab-support.older rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support.older diff --git a/roles/openvpn/templates/openvpn_handle.j2.unused b/roles/0-DEPRECATED-ROLES/openvpn/templates/openvpn_handle.j2.unused similarity index 100% rename from roles/openvpn/templates/openvpn_handle.j2.unused rename to roles/0-DEPRECATED-ROLES/openvpn/templates/openvpn_handle.j2.unused diff --git a/roles/openvpn/templates/silence b/roles/0-DEPRECATED-ROLES/openvpn/templates/silence similarity index 100% rename from roles/openvpn/templates/silence rename to roles/0-DEPRECATED-ROLES/openvpn/templates/silence diff --git a/roles/openvpn/templates/xscenet.conf.j2 b/roles/0-DEPRECATED-ROLES/openvpn/templates/xscenet.conf.j2 similarity index 100% rename from roles/openvpn/templates/xscenet.conf.j2 rename to roles/0-DEPRECATED-ROLES/openvpn/templates/xscenet.conf.j2 diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 383f911a3..dee75addd 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -71,7 +71,8 @@ - dnsmasq - bluetooth - sshd - - openvpn + #- openvpn # Deprecated + - tailscale - remoteit - admin_console #- nginx # MANDATORY diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 929dd04da..16cf5976e 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,22 +3,22 @@ - name: ...IS BEGINNING ============================================ meta: noop -- name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml +- name: SSHD include_role: name: sshd when: sshd_install -- name: OPENVPN +- name: TAILSCALE (VPN) include_role: - name: openvpn - when: openvpn_install + name: tailscale + when: tailscale_install - name: REMOTE.IT include_role: name: remoteit when: remoteit_install -- name: IIAB-ADMIN -- includes roles/iiab-admin/tasks/access.yml +- name: IIAB-ADMIN -- includes {lynx, screen, sudo-prereqs.yml, admin-user.yml, pwd-warnings.yml} include_role: name: iiab-admin #when: iiab_admin_install # Flag might be created in future? diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 9bed4e5e8..583cb763d 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -19,11 +19,6 @@ #when: pylibs_installed is undefined #when: pylibs_install # Flag might be created in future? -- name: SSHD -- also run by roles/1-prep/tasks/main.yml as required by OpenVPN - include_role: - name: sshd - when: sshd_install - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index c7c4ec5fc..2dbadaa62 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -36,7 +36,7 @@ Security #. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml <https://github.com/iiab/iiab-admin-console/blob/master/vars/default_vars.yml>`_) #. ``sudo`` * Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md -* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security +* If your IIAB includes Tailscale (VPN), ``/root/.ssh/authorized_keys`` should be installed by `roles/tailscale/tasks/install.yml <../tailscale/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security * Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d <templates/sshpwd-profile-iiab.sh>`_ (and `/etc/xdg/lxsession/LXDE-pi <templates/sshpwd-lxde-iiab.sh>`_ when it exists, i.e. on Raspberry Pi OS with desktop). Example @@ -56,7 +56,7 @@ Historical Notes Remote Support Tools -------------------- -The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN <https://en.wikipedia.org/wiki/OpenVPN>`_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. +The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `Tailscale (VPN) <https://en.wikipedia.org/wiki/Tailscale>`_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. Similarly, `tasks/main.yml <tasks/main.yml>`_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: diff --git a/roles/iiab-admin/tasks/sudo-prereqs.yml b/roles/iiab-admin/tasks/sudo-prereqs.yml index 1b608fef1..9370666b2 100644 --- a/roles/iiab-admin/tasks/sudo-prereqs.yml +++ b/roles/iiab-admin/tasks/sudo-prereqs.yml @@ -1,6 +1,6 @@ - name: 'Install package: sudo' package: - name: sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) + name: sudo # (1) Should be installed prior to installing IIAB, (2) Can be installed by 1-prep's roles/tailscale/tasks/install.yml, (3) Can be installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) - name: Temporarily make file /etc/sudoers editable (0640) file: diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml index 5c9c5dc17..83a3cf36a 100644 --- a/roles/sshd/defaults/main.yml +++ b/roles/sshd/defaults/main.yml @@ -1,4 +1,4 @@ -# sshd_install: True # Required by OpenVPN +# sshd_install: True # sshd_enabled: True # sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml diff --git a/roles/tailscale/tasks/install.yml b/roles/tailscale/tasks/install.yml new file mode 100644 index 000000000..0e3bee8c1 --- /dev/null +++ b/roles/tailscale/tasks/install.yml @@ -0,0 +1,113 @@ +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 + register: df1 + + +- name: "Set up apt source (jammy) in /etc/apt/sources.list.d/tailscale.list and its key /usr/share/keyrings/tailscale-archive-keyring.gpg, to install Tailscale" + shell: | + curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg > /usr/share/keyrings/tailscale-archive-keyring.gpg + curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list > /etc/apt/sources.list.d/tailscale.list + +- name: "Install packages: jq, sudo, tailscale" + package: + name: + #- ncat # Newer versions of NMap do not include NCat, WAS needed to announce openvpn_handle (if Debian > 9 or Ubuntu > 18) + #- nmap + - jq # JSON parser used by /usr/bin/iiab-support == /usr/bin/iiab-vpn + - sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by 1-prep here, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) + - tailscale + update_cache: yes + +- name: Set up tab completion for 'tailscale' at the command-line + shell: tailscale completion bash > /etc/bash_completion.d/tailscale + +- name: "Install ssh public keys for remote support (only runs if 'tailscale_install: True')" + lineinfile: + line: "{{ item.pubkey }}" + regexp: "{{ item.regexp }}" + path: /root/.ssh/authorized_keys + with_items: + - regexp: "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" # Tim Moody + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhlQIh8ZPx4awdM0O6QNcPbx3qIZ39FHjF2YJ2SX3z7iLnYiz03Ek6Bux9P4HvaVAqlApiz2I68Vq8TfU2s/+LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=" + - regexp: "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxAmjU7VojyK+0Pjp2p8CCGTNBtE565A/L8IVbAT8MIucRE9LN1g5LjGnOHUShFJpwuTR1JLX2r9EDRMsf9MmyTgUAnuyP005giWVHXLPtjyjTzbsJ1DEtXRytulmF+GlCOaqPWNde6EOmReqPHbmjIQpRZ/Sc8hziS4jVSQuBA9EhaBmZ62CPqK33mPJvnpwMtdd6nHXAcXsZhStd3NhVDm27+B3sHI6mr2w7ExdBXE5DKiZL2po8n2y4hJYZreJopbjcQmv4oWdDWvPu5I92xDgYCsqcE7zSrv1um+tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal" + - regexp: "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApHPly+EA1M4bispl3AulTLjyYCjcJzh6s779K3epDkqh600a+fHsdIiddWCAfIonRq+9MJyOiaNQ+WYLOuajI1IiFZWFt45xDAiyCUnyuT+ytAX+IA3TgTwgTZPfzDOzI8rDRV9Sgl+LZLfPno7T3qxcGx2l51bRk+koRK+Txpph//M3jGvsFmTKhjvfxgEIUmMH9SkASxEdyqASr0+/+uLR92MnT+8CT1pOYYoJyZp9Lta5eGqJvbEmd3Dn7MXqD3vXE57o4rBJ0bR3q5LK59WVNxNQbulJ9z5V7aTJ4AbBFQWxm0fH0gBx+heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank" + +# CLARIF: plus signs (+) in public keys cause duplicate key additions (above) +# and failure during removal (below) as "+" has a special meaning as +# interpreted in a Python regexp, as implemented by Ansible's lineinfile module: +# https://docs.python.org/2/library/re.html + +# WORKAROUND: the tail end of each public key (after the last plus sign) is +# being used (instead of the full key) as an abbreviated regexp for now. +# A backslash in front of each plus sign (+) would also work. + +# - name: Remove those ssh public keys, if not tailscale_enabled +# lineinfile: +# regexp: "{{ item }}" +# path: /root/.ssh/authorized_keys +# state: absent +# with_items: +# - "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" +# - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" +# - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" +# when: not tailscale_enabled + +- name: Install /usr/bin/iiab-vpn & /usr/bin/iiab-vpn-off (BACKS UP FILES IF CHANGED) + template: + src: "{{ item }}" + dest: /usr/bin/ + mode: '0755' + backup: yes + with_items: + - iiab-vpn + - iiab-vpn-off + +- name: Symlink /usr/bin/iiab-vpn-on -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-vpn-on + state: link + +- name: Symlink /usr/bin/iiab-support -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-support + state: link + +- name: Symlink /usr/bin/iiab-support-on -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-support-on + state: link + +- name: Symlink /usr/bin/iiab-support-off -> /usr/bin/iiab-vpn-off + file: + src: /usr/bin/iiab-vpn-off + path: /usr/bin/iiab-support-off + state: link + + +# RECORD Tailscale AS INSTALLED + +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 + register: df2 + +- name: Add 'tailscale_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: tailscale + option: tailscale_disk_usage + value: "{{ df2.stdout|int - df1.stdout|int }}" + +- name: "Set 'tailscale_installed: True'" + set_fact: + tailscale_installed: True + +- name: "Add 'tailscale_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^tailscale_installed' + line: 'tailscale_installed: True' diff --git a/roles/tailscale/tasks/main.yml b/roles/tailscale/tasks/main.yml new file mode 100644 index 000000000..fc8af13e5 --- /dev/null +++ b/roles/tailscale/tasks/main.yml @@ -0,0 +1,47 @@ +# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" + + +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 + +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "tailscale_install is sameas true" (boolean not string etc) + assert: + that: tailscale_install is sameas true + fail_msg: "PLEASE SET 'tailscale_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "tailscale_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: tailscale_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'tailscale_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install Tailscale if 'tailscale_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: tailscale_installed is undefined + + +#- include_tasks: enable-or-disable.yml + + +- name: Add 'tailscale' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: tailscale + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Tailscale (VPN) + - option: description + value: '"Tailscale enables live/remote support by connecting machines anywhere on the Internet, using a software-defined mesh virtual private network (VPN), and optional web-based management service."' + - option: tailscale_install + value: "{{ tailscale_install }}" + - option: tailscale_enabled + value: "{{ tailscale_enabled }}" diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn new file mode 100755 index 000000000..05ae623f3 --- /dev/null +++ b/roles/tailscale/templates/iiab-vpn @@ -0,0 +1,54 @@ +#!/bin/bash + +# USEFUL DOC: https://tailscale.com/kb/1080/cli#status + +VPN_URL=https://iiab.net +VPN_KEY="$1" + +# if tailscale status > /dev/null; then # MANY IMPERFECT TESTS OF TAILNET CONNECTIVITY: tailscale0 CAN lose its IP address, as shown by 'ip a' and 'hostname -I' (testing 'systemctl is-active tailscaled' is likely no better!) Unclear if 'tailscale status --json | jq -r .Self.Online' is much better? Maybe explore 'tailscale debug --help' and 'tailscale debug prefs' for a cleaner/authoritative verdict? Or use + display string output of 'systemctl show tailscaled --property=StatusText' e.g. 'StatusText=Connected; iiab; 100.64.0.4' ? (OR JUST DON'T WORRY ABOUT IT, AS THE ~3 'tailscale up' COMMANDS BELOW ARE MORE PROACTIVE... AND APPEAR FAST + SAFE!) +# echo -e "\n\e[1;33mAlready connected to VPN!?\e[0m" +# else +# [NEST ~20 LINES OF IF STATEMENTS FURTHER BELOW?] + +# Check that current profile key still exists in /var/lib/tailscale/tailscaled.state ? (As 'tailscale logout' wipes it!) In the end, these are 3 lousy tests... +# if [ -f /var/lib/tailscale/tailscaled.state ] && [[ $(grep -c $(jq -r '."_current-profile"' /var/lib/tailscale/tailscaled.state) /var/lib/tailscale/tailscaled.state) > 1 ]]; then +# if ! [[ $(tailscale status | tr '[:upper:]' '[:lower:]') =~ "logged out" ]]; then +# if [[ $(tailscale status --json | jq -r .CurrentTailnet.Name) = "iiab.community" ]]; then + +# UX Optimization: {iiab-vpn, iiab-support} can be run WITHOUT key *IF* .BackendState is "Stopped" or "Running" *AND* .ControlURL is $VPN_URL (avoid their default, https://controlplane.tailscale.com !) +if [[ $(tailscale status --json | jq -r .BackendState) != "NeedsLogin" && $(tailscale debug prefs | jq -r .ControlURL) = $VPN_URL ]]; then + if ! tailscale up --login-server "$VPN_URL" --timeout 8s; then # (Re-)passing $VPN_URL is overkill on this line, but can't hurt! + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN\e[0m\n" + exit 1 + fi +elif [ -z $VPN_KEY ]; then + echo -e "\n\e[1;33mVPN key required!\e[0m\n\nEmail holt@unleashkids.org to explain your need?\n" + exit 1 +else + if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" + # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... + # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) + # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) + if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" + exit 1 + fi + fi +fi + +# jq 1.7 (2023-09-05) on new OS's also allows new syntax... jq -r .Node.Tags.[] +# Can also work: tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[]) +echo -e "\n\e[44;1mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\e[0m\n" +echo -e " hostname -I" +echo -e " tailscale ip" +echo -e " tailscale status" +echo -e " tailscale whois $(tailscale ip -1)" +echo -e " tailscale whois --json $(tailscale ip -1) | jq" +echo -e " tailscale ping [IP or HOSTNAME]" +echo -e " tailscale status --json | jq" +echo -e " systemctl status tailscaled\n" +echo -e "\e[4mTo disconnect from VPN:\e[0m\n" +echo -e " tailscale down\n" +echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" +echo -e " tailscale logout\n" diff --git a/roles/tailscale/templates/iiab-vpn-off b/roles/tailscale/templates/iiab-vpn-off new file mode 100755 index 000000000..75ea5c0f3 --- /dev/null +++ b/roles/tailscale/templates/iiab-vpn-off @@ -0,0 +1,7 @@ +#!/bin/bash + +tailscale down + +echo -e "\n\e[44;1mDisconnecting from VPN...\e[0m\n" +echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" # Expires machine node key, from /var/lib/tailscale/tailscaled.state +echo -e " tailscale logout\n" # ...as seen by 'tailscale status --json' (related: 'tailscale debug prefs') diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 7551aad08..80b6e521f 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -79,8 +79,13 @@ echo /opt/iiab/iiab/scripts/iiab-apps-to-be-installed > /dev/null echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(cat /tmp/iiab-apps-to-be-installed | wc -l)" echo +#grep "^openvpn_handle:" /etc/iiab/local_vars.yml +#grep "^tailscale_installed:" /etc/iiab/iiab_state.yml +if [[ $(command -v /usr/bin/tailscale) ]]; then + #echo "VPN: $(tailscale ip) $(tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[])" + echo "VPN: $(tailscale ip) $(tailscale status --json | jq -r .Self.Tags[])" +fi echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net -grep "^openvpn_enabled:" /etc/iiab/local_vars.yml -grep "^openvpn_handle:" /etc/iiab/local_vars.yml +echo $(echo $(hostname -A) $(hostname -a) | xargs -n1 | sort | uniq) hostname -I echo diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 13291b20d..68a520970 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -219,8 +219,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml @@ -232,17 +232,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -openvpn_handle: "" # Empty string on purpose since ~2016, for /etc/iiab/uuid -# SEE https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/main.yml#L5-L20 -# cron seemed necessary on CentOS: -openvpn_cron_enabled: False -# General OpenVPN settings -openvpn_server: xscenet.net -openvpn_server_real_ip: 3.89.148.185 -openvpn_server_virtual_ip: 10.8.0.1 -openvpn_server_port: 1194 +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo, @@ -289,8 +281,6 @@ nginx_log_dir: /var/log/nginx # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 3903530ed..7f0d398fe 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: LARGE - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 66798cb05..5df26eb52 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -12,7 +12,6 @@ munin_install: True munin_enabled: True vnstat_install: True vnstat_enabled: True -openvpn_handle: "MEDICAL - Put Your Name Here" usb_lib_umask0000_for_kolibri: False apache_allow_sudo: True # By default diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 40b960608..08afaab93 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: MEDIUM-sized - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index a13c825ac..1e5c03ead 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -1,6 +1,6 @@ # turn off defaults remoteit_install: False -openvpn_install: False +tailscale_install: False kolibri_install: False kolibri_enabled: False kiwix_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 288395d69..70206e9ec 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: SMALL - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 19c47ca74..026187075 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: True -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: UNITTEST - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) From f07832105d8a9af85086eeee0117256cc292950a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 15 Sep 2024 05:17:38 -0400 Subject: [PATCH 1531/1758] Add openvpn to unmaintained-roles.txt, per PR #3798 --- unmaintained-roles.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/unmaintained-roles.txt b/unmaintained-roles.txt index c30178fbc..3573e6f75 100644 --- a/unmaintained-roles.txt +++ b/unmaintained-roles.txt @@ -13,6 +13,7 @@ httpd-enable idmgr moodle-1.9 nodogsplash +openvpn osm owncloud pathagar From c88f1418adfb4540e526751c93e4d5445aa75ea5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 15 Sep 2024 05:48:08 -0400 Subject: [PATCH 1532/1758] nextcloud/README.md: Mention NEW Nextcloud 30 --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index e74518b32..c0eb0f9b3 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -42,7 +42,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre - https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- https://docs.nextcloud.com/server/30/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml ## Using It From 35bdd1181b5b16414f792d9658a3257d4fd24446 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Sep 2024 08:22:46 -0400 Subject: [PATCH 1533/1758] iiab-vpn doc for #3798: tailscale ping --verbose [IP or HOSTNAME] --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 05ae623f3..2bdc964af 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -45,7 +45,7 @@ echo -e " tailscale ip" echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" echo -e " tailscale whois --json $(tailscale ip -1) | jq" -echo -e " tailscale ping [IP or HOSTNAME]" +echo -e " tailscale ping --verbose [IP or HOSTNAME]" echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" From d3d0b9767c29fc3108dc6510993a20532bd9be0e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Sep 2024 09:39:44 -0400 Subject: [PATCH 1534/1758] iiab-vpn: Tailscale tips for Android, Mac/iOS, Windows --- roles/tailscale/templates/iiab-vpn | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 2bdc964af..2b02a7119 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -1,6 +1,10 @@ #!/bin/bash -# USEFUL DOC: https://tailscale.com/kb/1080/cli#status +# USEFUL DOCS: +# https://tailscale.com/kb/1080/cli#status +# https://headscale.net/android-client/ +# https://headscale.net/apple-client/ +# https://headscale.net/windows-client/ VPN_URL=https://iiab.net VPN_KEY="$1" From 5414eb3c384553728767e6b1b417ae2b2fc74ed3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Sep 2024 11:34:32 -0400 Subject: [PATCH 1535/1758] iiab-vpn tip: Show IPs tagged with usernames --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 2b02a7119..ad15f57c8 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -50,7 +50,7 @@ echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" echo -e " tailscale whois --json $(tailscale ip -1) | jq" echo -e " tailscale ping --verbose [IP or HOSTNAME]" -echo -e " tailscale status --json | jq" +echo -e " tailscale status --json | grep -B3 tag:" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" echo -e " tailscale down\n" From 71f6d0371b05edba0a0a72d2bed0576947e3e01e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Sep 2024 15:08:55 -0400 Subject: [PATCH 1536/1758] iiab-vpn shows status of each IP (+ better tips!) --- roles/tailscale/templates/iiab-vpn | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index ad15f57c8..41596b959 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -32,8 +32,8 @@ else if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... - # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) - # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) + # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) + # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" exit 1 @@ -48,11 +48,15 @@ echo -e " hostname -I" echo -e " tailscale ip" echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" -echo -e " tailscale whois --json $(tailscale ip -1) | jq" +echo -e " tailscale whois --json $(tailscale ip -1) | jq .Node.Endpoints,.Node.Hostinfo" echo -e " tailscale ping --verbose [IP or HOSTNAME]" -echo -e " tailscale status --json | grep -B3 tag:" +echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" echo -e " tailscale down\n" echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" + +# More useful output than 'tailscale status' +echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t From e98cd76ec00c1983aaabde49d5cc35fc4a07177e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Sep 2024 15:17:59 -0400 Subject: [PATCH 1537/1758] iiab-vpn: Trailing newline forgotten in PR #3800 --- roles/tailscale/templates/iiab-vpn | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 41596b959..a7ea67298 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -60,3 +60,4 @@ echo -e " tailscale logout\n" # More useful output than 'tailscale status' echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +echo From 086087b65bf1b28b3f0443b468b1a70416057893 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Sep 2024 19:51:15 -0400 Subject: [PATCH 1538/1758] iiab-vpn PR #3800 doc: Table of IPs/usernames/etc --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index a7ea67298..81cbe332c 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -57,7 +57,7 @@ echo -e " tailscale down\n" echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" -# More useful output than 'tailscale status' +# More useful table of IPs/usernames/etc than 'tailscale status' echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t echo From d72e60c87d62c1807732b9b88e0a22e956f3d8b3 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 22 Sep 2024 19:19:35 -0400 Subject: [PATCH 1539/1758] Doc fixes for Tailscale PRs #3798 & #3800 --- roles/1-prep/README.adoc | 2 +- roles/2-common/tasks/packages.yml | 1 - roles/firmware/templates/iiab-check-firmware | 2 +- roles/network/templates/gateway/iiab-gen-iptables | 2 +- roles/nginx/README.md | 2 +- 5 files changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index 9d0154d73..997ec812b 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -6,7 +6,7 @@ https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible[stage] hardware, low-level OS quirks, and basic security: * SSHD -* OpenVPN if/as needed later for remote support +* Tailscale if/as needed later for remote support * https://github.com/iiab/iiab/tree/master/roles/iiab-admin#iiab-admin-readme[iiab-admin] username and group, to log into Admin Console * dnsmasq (install now, configure later!) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 95b227d95..681d8b83f 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -29,7 +29,6 @@ - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download - #- sudo # 991kB download: RasPiOS installs this regardless -- (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml - tar # 799kB download: RasPiOS installs this regardless - unzip # 151kB download: RasPiOS installs this regardless #- usbmount # 18kB download: Moved to roles/usb_lib/tasks/install.yml diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index a7a36a626..b2f7a1cce 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -19,7 +19,7 @@ # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 -# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN +# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN iiab_var_value() { v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 0a8b6a80e..77717a748 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -39,7 +39,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 -# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN +# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and # (2) Chops up Ansible vars containing multiple words w/o surrounding quotes. diff --git a/roles/nginx/README.md b/roles/nginx/README.md index dd2311a15..2c5f65590 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -52,11 +52,11 @@ * kalite (menu goes directly to ports 8006-8008) * minetest * mosquitto - * openvpn * pbx [FreePBX is usable with _both_ NGINX and Apache as of 2021-08-18, thanks to PR [#2954](https://github.com/iiab/iiab/pull/2954)] * phpmyadmin [*, requires Apache for now, as in Section iii.] * samba [*, [PR #2923](https://github.com/iiab/iiab/pull/2923)] * sshd + * tailscale * transmission * vnstat From 95986ae681c8324f8ea3f8f436311aa726dd9620 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 22 Sep 2024 23:20:07 -0400 Subject: [PATCH 1540/1758] Refine iiab-vpn status table of Tailscale IPs/usernames/etc --- roles/tailscale/templates/iiab-vpn | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 81cbe332c..0157b02c4 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -58,6 +58,11 @@ echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' -echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +#echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +#tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " " + (.Online|tostring) + " " + .OS' | sort -V | column -t | \ + while read line; do + echo "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); + done echo From 13fcd0f9c57517df1964d8bfbb28b6bb94ca131a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 23 Sep 2024 03:52:37 -0400 Subject: [PATCH 1541/1758] Tighten & brighten iiab-vpn status table --- roles/tailscale/templates/iiab-vpn | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 0157b02c4..4df98d273 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -60,9 +60,11 @@ echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' #echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t -echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " " + (.Online|tostring) + " " + .OS' | sort -V | column -t | \ - while read line; do - echo "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); +#echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' +echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ + while read l; do + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From c81e3629ff213350b3dae4a41a16b6def80e55b6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 28 Sep 2024 11:11:22 -0400 Subject: [PATCH 1542/1758] `nodocs: True` in local_vars_unittest.yml --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 026187075..cbcf0d958 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -222,7 +222,7 @@ nginx_high_php_limits: False apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) -nodocs: False +nodocs: True # 5-XO-SERVICES From 278ec39f2c718236da05526289d106ecc1a665e1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sun, 29 Sep 2024 11:33:05 -0400 Subject: [PATCH 1543/1758] Internet access test..more relevant..for IIAB docs --- roles/www_options/tasks/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 1d5b642e0..b26256239 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -94,10 +94,12 @@ # 2022-06-30: internet_available var removed -- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' +- name: 'Test for Internet access, using: https://wiki.iiab.io' get_url: - url: "{{ iiab_download_url }}/heart-beat.txt" - dest: /tmp/heart-beat.txt + #url: "{{ iiab_download_url }}/heart-beat.txt" + url: https://wiki.iiab.io + #dest: /tmp/heart-beat.txt + dest: /tmp/internet_access_test.html #timeout: "{{ download_timeout }}" # @jvonau recommends: 100sec is too much (keep 10sec default) ignore_errors: True @@ -105,9 +107,9 @@ #poll: 2 register: internet_access_test -- name: Remove downloaded Internet test file /tmp/heart-beat.txt +- name: Remove downloaded Internet test file /tmp/internet_access_test.html file: - path: /tmp/heart-beat.txt + path: /tmp/internet_access_test.html state: absent - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml) From 90d6af32a782532c62aa15d07309d9d9596b27be Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Sep 2024 09:45:55 -0400 Subject: [PATCH 1544/1758] Mention Calibre-Web's official upstream install instructions --- roles/calibre-web/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a6e8d4f56..1d738a8df 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -18,6 +18,9 @@ ignore_errors: True # Shows red errors, and continue... #failed_when: False # Hides red errors, and continue... +# Official upstream instructions: +# apt install python3-pip python3-venv +# https://github.com/janeczku/calibre-web/wiki/Manual-installation - name: "Install packages: imagemagick, python3-netifaces" package: name: From 08f2f2191ccb6675f564a1679bbdb45d5b5aaa88 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Sep 2024 16:39:47 -0400 Subject: [PATCH 1545/1758] Cleaner columns in iiab-vpn output, when tag &/or relay missing --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 4df98d273..c79b1dccb 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -62,7 +62,7 @@ echo -e " tailscale logout\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t #echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ +tailscale status --json | jq -r '.Self,.Peer[] | (if .Tags[] == "" then "-" else .Tags[] end) + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); From d941a8ffbec9f44d6fa897f72ccfe72287afc39b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 30 Sep 2024 21:52:11 -0400 Subject: [PATCH 1546/1758] MediaWiki 1.42.3 (security & maintenance release) --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 1787b2807..4a7abf5de 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 1 +mediawiki_minor_version: 3 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 526dc22fb86a5678469adc7e83d13d3b0da2618f Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Tue, 1 Oct 2024 16:39:22 -0400 Subject: [PATCH 1547/1758] Make calibre-web role install cryptography --- roles/calibre-web/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1d738a8df..dae058820 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -24,6 +24,7 @@ - name: "Install packages: imagemagick, python3-netifaces" package: name: + - python3-cryptography - imagemagick - python3-netifaces state: present From 1f75537309cce53f5eeeef0801431c5c56685843 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 1 Oct 2024 17:59:46 -0400 Subject: [PATCH 1548/1758] calibre-web/tasks/install.yml: Explain python3-cryptography --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index dae058820..3ed72cc9b 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,11 +21,11 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install packages: imagemagick, python3-cryptography, python3-netifaces" package: name: - - python3-cryptography - imagemagick + - python3-cryptography # Required on Raspberry Pi OS - python3-netifaces state: present From 23e92b585322c67696a5fef67179212c096f5b04 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 1 Oct 2024 18:52:20 -0400 Subject: [PATCH 1549/1758] calibre-web/tasks/install.yml: Mention iiab/calibre-web#260 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 3ed72cc9b..5e1f66933 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -25,7 +25,7 @@ package: name: - imagemagick - - python3-cryptography # Required on Raspberry Pi OS + - python3-cryptography # Required on Raspberry Pi OS (see iiab/calibre-web#260) - python3-netifaces state: present From c7b566418bc4d541ccabd16f99317ed17a6fbf3a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Tue, 1 Oct 2024 19:58:33 -0400 Subject: [PATCH 1550/1758] scripts/iiab-update: Also update /usr/bin/iiab-vpn --- scripts/iiab-update | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4e2fe7aff..63f4a8a68 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -38,9 +38,14 @@ fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit + echo + if grep -q 'tailscale_installed: True' /etc/iiab/iiab_state.yml; then + echo -e "\e[4mNow running: cp -u roles/tailscale/templates/iiab-vpn /usr/bin\e[0m\n" + cp -u roles/tailscale/templates/iiab-vpn /usr/bin + fi if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" + echo -e "\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi From e7eb246a1d50369c02432099431767166de15b25 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 2 Oct 2024 13:24:45 -0400 Subject: [PATCH 1551/1758] local_vars_unittest.yml: SKIP roles/network, for FASTER UNIT TESTING --- vars/local_vars_unittest.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index cbcf0d958..fe44a58ab 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -12,6 +12,12 @@ # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. +# We SKIP roles/network, for FASTER UNIT TESTING! (so IF an internal hotspot +# is later desired, change these two lines to 'True', then run 'iiab-network') +network_install: False +network_enabled: False + + # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 100 From 297afc3b728eb35b016b3415e2ee1b805e2d977a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 2 Oct 2024 16:49:25 -0400 Subject: [PATCH 1552/1758] RIP apt package 'wireless-tools' (or Debian 13+ might keep it?) --- roles/network/tasks/install.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 680b95233..f7c1a5b9a 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -18,7 +18,7 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 12 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml @@ -32,10 +32,18 @@ - netmask # 25kB download: Handy utility -- helps determine network masks - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP state: present +# 2024-10-02: Legacy apt package 'wireless-tools' no longer offered by Ubuntu +# 24.10+ (#3805) but FYI: https://en.wikipedia.org/wiki/Wireless_tools_for_Linux +- name: "Install legacy apt package wireless-tools, if OS still supports it -- or intentionally show (HARMLESS!) red error -- helping to monitor Linux's evolution" + package: + name: wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions + state: present + ignore_errors: True # Intentionally show red error, and continue. + #failed_when: False # Hides red errors (stronger than 'ignore_errors: yes') + # 2021-08-17: Debian ignores this, according to 2013 post: # https://serverfault.com/questions/511099/debian-ignores-etc-network-if-pre-up-d-iptables # - name: Install /etc/network/if-pre-up.d/iptables from template (0755) From ccf87c8b90e79b82d40cabe2d91406a229806d64 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 2 Oct 2024 21:07:50 -0400 Subject: [PATCH 1553/1758] iiab-diagnostics: Note https://temp.sh for pastebin-like large file xfer --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 198ad864e..47a1ae015 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -273,7 +273,7 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs. ASIDE: Quirky pastebin-like https://temp.sh can sometimes work (like a file transfer service) for larger files. pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days (rudimentary but reliable option if nec in future?!) #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) From 8e09f02bed723179ea67c6ac3f5d3aa39ec09ee8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 7 Oct 2024 15:47:00 -0400 Subject: [PATCH 1554/1758] Recommend ansible-core 2.17.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 701b46107..b7c13abc7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.4] -GOOD_VER=2.17.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.5] +GOOD_VER=2.17.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From ab8c071374cb104e1afb6a7f2cea486964d037c9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 9 Oct 2024 00:25:05 -0400 Subject: [PATCH 1555/1758] moodle/tasks/install.yml: Install 4.6dev if PHP >= 8.4 --- roles/moodle/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 840eeb4d9..9fd5aee8b 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -96,21 +96,21 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.3 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.4 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) - when: php_version is version('8.3', '<') + when: php_version is version('8.4', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.4" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) - when: php_version is version('8.3', '>=') + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 4.6dev in Oct 2024) + when: php_version is version('8.4', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 49d7160116b1b95cfdcabdeeb357c84559041ccc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 9 Oct 2024 00:27:55 -0400 Subject: [PATCH 1556/1758] moodle/defaults/main.yml: Install 4.5 LTS by default, or... --- roles/moodle/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 1e05a1a76..7f668865d 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# April 2024: Currently testing Moodle's main branch is mandatory if your -# OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your -# OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_404_STABLE # Moodle 4.4 -#moodle_version: main # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 +# October 2024: Currently testing Moodle's main branch is mandatory if your +# OS PHP >= 8.4, see moodle/tasks/install.yml for detail! OR, *IF* your +# OS PHP < 8.4, then {{ moodle_version }} will be attempted: +moodle_version: MOODLE_405_STABLE # Moodle 4.5 +#moodle_version: main # e.g. to try Moodle's "weekly" 4.6dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From 4be68d3ac1a6e0ed73a9b887f5cfcd3e4b38ee04 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 9 Oct 2024 00:51:57 -0400 Subject: [PATCH 1557/1758] moodle/tasks/install.yml: Revise disk footprint estimates --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 9fd5aee8b..5f42508bc 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -96,7 +96,7 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.4 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} < 8.4 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle @@ -104,7 +104,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.4', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.4" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} >= 8.4" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From d07ae98898c08068311d37c2709308d89fdf6f6e Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 11 Oct 2024 01:29:45 -0400 Subject: [PATCH 1558/1758] Ubuntu 25.04 pre-release testing; Discourage 3 old OS's --- scripts/local_facts.fact | 7 ++++--- vars/default_vars.yml | 3 ++- vars/{linuxmint-21.yml => linuxmint-21.yml.unused} | 0 vars/{ubuntu-2310.yml => ubuntu-2310.yml.unused} | 0 vars/ubuntu-2504.yml | 5 +++++ 5 files changed, 11 insertions(+), 4 deletions(-) rename vars/{linuxmint-21.yml => linuxmint-21.yml.unused} (100%) rename vars/{ubuntu-2310.yml => ubuntu-2310.yml.unused} (100%) create mode 100644 vars/ubuntu-2504.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index a24a1a2da..e9f1fdb19 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -72,8 +72,11 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2104" | \ #"ubuntu-2110" | \ #"ubuntu-2210" | \ + #"ubuntu-2204" | \ #"ubuntu-2304" | \ + #"ubuntu-2310" | \ #"linuxmint-20" | \ + #"linuxmint-21" | \ #"raspbian-8" | \ #"raspbian-9" | \ #"raspbian-10" | \ @@ -85,11 +88,9 @@ OS_VER="$OS-$VERSION_ID" case $OS_VER in "debian-12" | \ "debian-13" | \ - "ubuntu-2204" | \ - "ubuntu-2310" | \ "ubuntu-2404" | \ "ubuntu-2410" | \ - "linuxmint-21" | \ + "ubuntu-2504" | \ "linuxmint-22" | \ "raspbian-12" | \ "raspbian-13") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 68a520970..caa6fd774 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -764,6 +764,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2504: False is_ubuntu_2410: False is_ubuntu_2404: False is_ubuntu_2310: False @@ -780,7 +781,7 @@ is_ubuntu_2204: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_22: False -is_linuxmint_21: False +#is_linuxmint_21: False #is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml.unused similarity index 100% rename from vars/linuxmint-21.yml rename to vars/linuxmint-21.yml.unused diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml.unused similarity index 100% rename from vars/ubuntu-2310.yml rename to vars/ubuntu-2310.yml.unused diff --git a/vars/ubuntu-2504.yml b/vars/ubuntu-2504.yml new file mode 100644 index 000000000..a548ba9a1 --- /dev/null +++ b/vars/ubuntu-2504.yml @@ -0,0 +1,5 @@ +# Every is_<OS_VER> var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2504: True From aedc893bd1a5af349b9ac44f7dfdcd497915fbee Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 11 Oct 2024 14:49:58 -0400 Subject: [PATCH 1559/1758] iiab-summary: Clean output, when tailscale has no IP --- scripts/iiab-summary | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 80b6e521f..73bcc9693 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -81,7 +81,8 @@ echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /l echo #grep "^openvpn_handle:" /etc/iiab/local_vars.yml #grep "^tailscale_installed:" /etc/iiab/iiab_state.yml -if [[ $(command -v /usr/bin/tailscale) ]]; then +#if [[ $(command -v /usr/bin/tailscale) ]]; then +if tailscale ip &> /dev/null; then #echo "VPN: $(tailscale ip) $(tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[])" echo "VPN: $(tailscale ip) $(tailscale status --json | jq -r .Self.Tags[])" fi From 194ac9b469c49fd234dcf1778862196f9bf4b61f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 12 Oct 2024 21:48:14 -0400 Subject: [PATCH 1560/1758] README.md: Mention 50+ FAQ.IIAB.IO questions + answers --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b3416aca2..2cabf030c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 50+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 75f9f613583a1b9d63181b06f1762471310d2179 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 15 Oct 2024 21:35:47 -0400 Subject: [PATCH 1561/1758] moodle/defaults/main.yml: 4.6dev -> 5.0dev for #3826 --- roles/moodle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 7f668865d..a687dc4b4 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -12,7 +12,7 @@ # OS PHP >= 8.4, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.4, then {{ moodle_version }} will be attempted: moodle_version: MOODLE_405_STABLE # Moodle 4.5 -#moodle_version: main # e.g. to try Moodle's "weekly" 4.6dev pre-release *EVEN IF* OS PHP < 8.4 +#moodle_version: main # e.g. to try Moodle's "weekly" 5.0dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From ec348fcc022934baa8010e08c3f6209616300eff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 15 Oct 2024 21:36:33 -0400 Subject: [PATCH 1562/1758] moodle/defaults/install.yml: 4.6dev -> 5.0dev for #3826 --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 5f42508bc..00cf13066 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -109,7 +109,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 4.6dev in Oct 2024) + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 5.0dev in Oct 2024) when: php_version is version('8.4', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From f00f225e280f17cf8719654bf5aa21ef1016e2c6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 17 Oct 2024 15:22:57 -0400 Subject: [PATCH 1563/1758] iiab-vpn: Fix PR #3813 output, when Tailscale tag is missing --- roles/tailscale/templates/iiab-vpn | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index c79b1dccb..bb9a32dc0 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -62,7 +62,8 @@ echo -e " tailscale logout\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t #echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | (if .Tags[] == "" then "-" else .Tags[] end) + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ +# (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null +tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); From 018b0d21b8d6d18744d7ab231f255cb18f9c0b20 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 18 Oct 2024 00:07:22 -0400 Subject: [PATCH 1564/1758] PR #3834: Tighten iiab-vpn output of online/offline --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index bb9a32dc0..438f627c1 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -65,7 +65,7 @@ echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + line=$(echo "$l" | sed 's/ XXXtrueXXX / ✅/ ; s/ XXXfalseXXX / ❌ /') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 759ebb48dd516a0c87415f22974bb0d7aec6a1d7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 18 Oct 2024 08:24:47 -0400 Subject: [PATCH 1565/1758] iiab-vpn: Revert 018b0d2, as online/offline colors failed on some terminals --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 438f627c1..bb9a32dc0 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -65,7 +65,7 @@ echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX / ✅/ ; s/ XXXfalseXXX / ❌ /') + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 965d4944124501bfb74622f0f2ce5dd5272a0084 Mon Sep 17 00:00:00 2001 From: tim-moody <tim@timmoody.com> Date: Wed, 23 Oct 2024 09:25:13 -0400 Subject: [PATCH 1566/1758] only support versioned zims if have YYYY-MM ending --- roles/pylibs/templates/iiab_lib.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/roles/pylibs/templates/iiab_lib.py b/roles/pylibs/templates/iiab_lib.py index ef9da7e82..13044c0c2 100644 --- a/roles/pylibs/templates/iiab_lib.py +++ b/roles/pylibs/templates/iiab_lib.py @@ -6,6 +6,7 @@ import os import json import subprocess import shlex +import re import xml.etree.ElementTree as ET import iiab.iiab_const as CONST @@ -46,11 +47,17 @@ def get_zim_list(path): if filename in CONST.old_zim_map: # handle old names that don't parse perma_ref = CONST.old_zim_map[filename] else: - ulpos = filename.rfind("_") - # but old gutenberg and some other names are not canonical - if filename.rfind("-") < 0: # non-canonical name - ulpos = filename[:ulpos].rfind("_") - perma_ref = filename[:ulpos] + # handle various zim name patterns: + # 1. canonical zim ending in _YYYY-MM + # as of 10/16/2024 it looks like all Kiwix zims fit this pattern + # 2. otherwise assume no versioning and perma_ref = filename + + match = re.search("_[0-5][0-9][0-5][0-9]-[0-5][0-9]$", filename) + if match: + perma_ref = filename[: match.span()[0]] + else: + perma_ref = filename + zim_info['file_name'] = filename zim_versions[perma_ref] = zim_info # if there are multiples, last should win return files_processed, zim_versions From ef868120a1ead3fb1276e6869b4db2f11004b7c6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 27 Oct 2024 10:19:18 -0600 Subject: [PATCH 1567/1758] Revert PR #3815: python3-cryptography no longer needed --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5e1f66933..a863f541e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,11 +21,11 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-cryptography, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - imagemagick - - python3-cryptography # Required on Raspberry Pi OS (see iiab/calibre-web#260) + #- python3-cryptography # Was needed on Raspberry Pi OS (SEE iiab/calibre-web#260, janeczku/calibre-web#3183) - python3-netifaces state: present From 0616e1c097f4c40abc40e36e6336500a60886366 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 28 Oct 2024 14:33:41 -0400 Subject: [PATCH 1568/1758] Fix tailscale tab completion (mkdir -p /etc/bash_completion.d) --- roles/tailscale/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/tasks/install.yml b/roles/tailscale/tasks/install.yml index 0e3bee8c1..97e939a84 100644 --- a/roles/tailscale/tasks/install.yml +++ b/roles/tailscale/tasks/install.yml @@ -19,7 +19,7 @@ update_cache: yes - name: Set up tab completion for 'tailscale' at the command-line - shell: tailscale completion bash > /etc/bash_completion.d/tailscale + shell: mkdir -p /etc/bash_completion.d && tailscale completion bash > /etc/bash_completion.d/tailscale - name: "Install ssh public keys for remote support (only runs if 'tailscale_install: True')" lineinfile: From 129f2842868c9c608b131a5d10d5a60e049b98e8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:42:08 -0500 Subject: [PATCH 1569/1758] 2.15 EOL November 2024, MIN_ANSIBLE_VER=2.16.13 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 59c22129f..17de8d2cb 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.15.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.16.13 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 8ff3c7c221fd62162248198f18527855e86fa83c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Nov 2024 19:27:32 -0500 Subject: [PATCH 1570/1758] 10min-iiab-test-install.yml: Tmp GHA hack using ubuntu-24.04 --- .github/workflows/10min-iiab-test-install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 2e567f984..24dfc6c79 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." @@ -27,7 +27,7 @@ jobs: # GITHUB_CONTEXT: ${{ toJSON(github) }} # run: echo "$GITHUB_CONTEXT" - name: Check out repository code - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v4 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | From abe18950243e4db4d613855828e11b62650a6dcb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 8 Nov 2024 19:31:06 -0500 Subject: [PATCH 1571/1758] Recommend ansible-core 2.18.0 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b7c13abc7..c110e9a12 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.5] -GOOD_VER=2.17.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.0] +GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 6f7855f3d94b1b829f66283ea973b413d155f7cd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:42:09 -0500 Subject: [PATCH 1572/1758] default_vars.yml: Mention that Lokole in UNMAINTAINED --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index caa6fd774..bcb038a53 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -412,7 +412,7 @@ jupyterhub_enabled: False jupyterhub_venv: /opt/iiab/jupyterhub jupyterhub_port: 8000 -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' From 1234d1163072e198c1754bb8bd276eb9b364ec25 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:42:28 -0500 Subject: [PATCH 1573/1758] local_vars_unittest.yml: Mention that Lokole in UNMAINTAINED --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index fe44a58ab..bd59f5bce 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -247,7 +247,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From 7b63f0b30e9f5b8c194a1b16af42314813acc3fd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:42:49 -0500 Subject: [PATCH 1574/1758] local_vars_small.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_small.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 70206e9ec..55c50ee23 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -241,7 +241,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From aae672963201a3712e054fd157361e1c999342db Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:43:08 -0500 Subject: [PATCH 1575/1758] local_vars_medium.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 08afaab93..7707afba2 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -241,7 +241,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From a646a45aea81c2656093d20d6283a9c53814b1d6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 9 Nov 2024 10:43:23 -0500 Subject: [PATCH 1576/1758] local_vars_large.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_large.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7f0d398fe..617ca9d93 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -241,7 +241,7 @@ gitea_enabled: True jupyterhub_install: True jupyterhub_enabled: True -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2023-09-06: wheel for mkwvconf still lokole_enabled: False # missing from Ubuntu 23.10 (#3572) From 13557b11729bf34bdd987f4ee607341e3a0fd1b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 16 Nov 2024 18:17:35 -0500 Subject: [PATCH 1577/1758] Defer install of Transmission on Ubuntu 25.04 too --- roles/8-mgmt-tools/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 4d83e4422..c6d497f15 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -6,7 +6,7 @@ - name: TRANSMISSION include_role: name: transmission - when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) + when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410 or is_ubuntu_2504) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) - name: AWSTATS include_role: From 750c15ade10f2e61f07a8617b49b9fad384b310c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Nov 2024 11:38:15 -0500 Subject: [PATCH 1578/1758] Update CONTRIBUTING.md link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8b4a07b84..36a45b7aa 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Technical-Contributors-Guide](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) +# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Contributors-Guide](https://github.com/iiab/iiab/wiki/Contributors-Guide) # THANKS! From 123a0cc5f130add3a9907118d279eddfc460f7ea Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Nov 2024 11:39:41 -0500 Subject: [PATCH 1579/1758] Update README.md link to RENAMED Contributors Guide --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2cabf030c..dd92224ff 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** -_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From defa139a34de2f46f2a29489b6e7cb3840dddedf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Nov 2024 17:00:50 -0500 Subject: [PATCH 1580/1758] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 36a45b7aa..4ddde9b53 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Contributors-Guide](https://github.com/iiab/iiab/wiki/Contributors-Guide) +# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Contributors-Guide-(EN)](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN)) # THANKS! From 537c6a84c26a7cf797418cfccea790627061a968 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 19 Nov 2024 17:04:54 -0500 Subject: [PATCH 1581/1758] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dd92224ff..fbfd30d35 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** -_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide) of all kinds!_ +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN)) ([versión en español](https://github.com/iiab/iiab/wiki/Gu%C3%ADa-para-Contribuidores-(ES))) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From 676f3eebeff5d690d27067501f4869c274744659 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Dec 2024 12:58:02 -0500 Subject: [PATCH 1582/1758] Recommend ansible-core 2.18.1 --- scripts/ansible | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index c110e9a12..968819464 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.0] -GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.1] +GOOD_VER=2.18.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.18 +# https://github.com/ansible/ansible/blob/stable-2.18/changelogs/CHANGELOG-v2.18.rst # https://github.com/ansible/ansible/commits/stable-2.17 # https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst # https://github.com/ansible/ansible/commits/stable-2.16 From c16d76ac2907d78c414263b474442e94b57723c5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 2 Dec 2024 12:59:26 -0500 Subject: [PATCH 1583/1758] MIN_ANSIBLE_VER=2.16.14 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 17de8d2cb..45e637c2a 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.16.13 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.16.14 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 0e6836181465c09b9af8362209b380bc24ff2d21 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 8 Dec 2024 12:08:42 -0600 Subject: [PATCH 1584/1758] drop netifaces workaround - replaced with netifaces-plus --- roles/calibre-web/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a863f541e..70d85a666 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -26,7 +26,7 @@ name: - imagemagick #- python3-cryptography # Was needed on Raspberry Pi OS (SEE iiab/calibre-web#260, janeczku/calibre-web#3183) - - python3-netifaces + #- python3-netifaces state: present # https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 @@ -125,7 +125,8 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 #virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + #virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) From 01304ab1331c1da7eb68d57f2315685cba8fa903 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Dec 2024 13:14:53 -0500 Subject: [PATCH 1585/1758] Nextcloud 30.0.4 disk footprint estimates --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 529988437..d0588aac9 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~197 MB) to {{ nextcloud_root_dir }} (~692 MB initially, sometimes ~730 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~180 MB) to {{ nextcloud_root_dir }} (~687 MB initially, sometimes ~721 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From adfc1cc6962e2d91ab8ecc943fadb6d3dd72b394 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 9 Dec 2024 13:44:56 -0500 Subject: [PATCH 1586/1758] RasPiOS compositor change (wayfire to labwc) so Chrome browser autostart needs work --- roles/www_options/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b26256239..ca1d7af16 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,6 +31,7 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network +# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so check for dir /home/{{ iiab_admin_user }}/.config/labwc/ instead? - name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini @@ -46,6 +47,7 @@ # path: /usr/bin/chromium # register: chromium_present +# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so try putting the line in NON-ini file /home/{{ iiab_admin_user }}/.config/labwc/autostart -- according to: https://forums.raspberrypi.com/viewtopic.php?t=379321 - name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini ini_file: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin From 7544b79285d48df48b48318afb98d778ff4c1c8a Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 12 Dec 2024 22:19:27 +0100 Subject: [PATCH 1587/1758] Enact Chrome browser autostart w/ compositor labwc (no longer wayfire) for RasPiOS --- roles/www_options/tasks/main.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index ca1d7af16..f55d43cb1 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,11 +31,11 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network -# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so check for dir /home/{{ iiab_admin_user }}/.config/labwc/ instead? -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +# 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir - name: Does /usr/bin/chromium-browser exist? stat: @@ -47,14 +47,14 @@ # path: /usr/bin/chromium # register: chromium_present -# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so try putting the line in NON-ini file /home/{{ iiab_admin_user }}/.config/labwc/autostart -- according to: https://forums.raspberrypi.com/viewtopic.php?t=379321 +# 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 - name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: chromium-browser - value: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: wayfire_ini.stat.exists and chromium_browser.stat.exists + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + regexp: '^/usr/bin/chromium' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: labwc_dir.stat.exists and labwc_dir.stat.isdir and chromium_browser.stat.exists # - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart # lineinfile: From ae40f78d23396f63cdb0e59b1439a23a621077e1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 12 Dec 2024 22:54:44 +0100 Subject: [PATCH 1588/1758] Put iiab-netwarn & iiab-pwdwarn-labwc in ~/.config/labwc/autostart --- roles/iiab-admin/tasks/pwd-warnings.yml | 27 +++++++++---------- ...dwarn-wayfire.j2 => iiab-pwdwarn-labwc.j2} | 0 roles/network/tasks/netwarn.yml | 21 +++++++-------- roles/network/templates/netwarn/iiab-netwarn | 5 +++- 4 files changed, 27 insertions(+), 26 deletions(-) rename roles/iiab-admin/templates/{iiab-pwdwarn-wayfire.j2 => iiab-pwdwarn-labwc.j2} (100%) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index 46d091bec..200ff30ab 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -8,17 +8,17 @@ dest: /etc/profile.d/iiab-pwdwarn-profile.sh mode: '0644' -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir -- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-wayfire" +- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-labwc" template: - src: iiab-pwdwarn-wayfire.j2 - dest: /usr/local/sbin/iiab-pwdwarn-wayfire + src: iiab-pwdwarn-labwc.j2 + dest: /usr/local/sbin/iiab-pwdwarn-labwc mode: '0755' - when: wayfire_ini.stat.exists + when: labwc_dir.stat.exists and labwc_dir.stat.isdir # 2019-03-07: This pop-up (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) did # not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop @@ -28,10 +28,9 @@ # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger iiab-pwdwarn-wayfire (& pop-up as nec) - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: iiab-pwdwarn-wayfire - value: /usr/local/sbin/iiab-pwdwarn-wayfire - when: wayfire_ini.stat.exists +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/labwc/autostart to trigger iiab-pwdwarn-labwc (& pop-up as nec) + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + line: /usr/local/sbin/iiab-pwdwarn-labwc + when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-labwc.j2 similarity index 100% rename from roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-labwc.j2 diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 2ce6aaac0..67b717358 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -5,18 +5,17 @@ # shell / ssh logins (across all OS's/distros/window managers) might also make sense? -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir -- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/wayfire.ini - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: iiab-netwarn - value: /usr/local/sbin/iiab-netwarn - when: wayfire_ini.stat.exists +- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/labwc/autostart + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + line: /usr/local/sbin/iiab-netwarn + when: labwc_dir.stat.exists and labwc_dir.stat.isdir # mate desktop detection based on 'register: nd_dir' in enable_services @@ -45,4 +44,4 @@ src: roles/network/templates/netwarn/iiab-netwarn # Invoked by 1-prep (so full path needed) dest: /usr/local/sbin/ mode: 0755 - when: wayfire_ini.stat.exists or (mate_dir.stat.exists and mate_dir.stat.isdir) + when: (labwc_dir.stat.exists and labwc_dir.stat.isdir) or (mate_dir.stat.exists and mate_dir.stat.isdir) diff --git a/roles/network/templates/netwarn/iiab-netwarn b/roles/network/templates/netwarn/iiab-netwarn index b20d18fc6..87865e0f1 100755 --- a/roles/network/templates/netwarn/iiab-netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -3,7 +3,10 @@ # CONFUSING BUT FYI: Steps below run *strictly sequentially* when this script # (/usr/local/sbin/iiab-netwarn) is run on boot, triggered by either autostart: # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html -# ...or by Wayland compositor Wayfire's ~/.config/wayfire.ini for RasPiOS 12+: +# ...or by Wayland compositor's ~/.config/labwc/autostart in new RasPiOS 12+: +# https://forums.raspberrypi.com/viewtopic.php?t=379321 +# (Prior to Dec 2024, RasPiOS compositor Wayfire did the same...) +# https://github.com/iiab/iiab/pull/3685 # https://github.com/WayfireWM/wayfire/wiki/Configuration#autostart # # This allows return codes ($rc) to be meaningful, at each successive step. From 36a5cd458f9863d68f190e9c5fde014447963859 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Thu, 12 Dec 2024 23:51:09 +0100 Subject: [PATCH 1589/1758] Parallelize 3 autostart cmds in ~/.config/labwc/autostart --- roles/iiab-admin/tasks/pwd-warnings.yml | 2 +- roles/network/tasks/netwarn.yml | 4 ++-- roles/www_options/tasks/main.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index 200ff30ab..600a935bb 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -32,5 +32,5 @@ lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes - line: /usr/local/sbin/iiab-pwdwarn-labwc + line: '/usr/local/sbin/iiab-pwdwarn-labwc &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 67b717358..78aae19be 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -10,11 +10,11 @@ path: /home/{{ iiab_admin_user }}/.config/labwc/ register: labwc_dir -- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/labwc/autostart +- name: If so, add '/usr/local/sbin/iiab-netwarn &' to /home/{{ iiab_admin_user }}/.config/labwc/autostart lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes - line: /usr/local/sbin/iiab-netwarn + line: '/usr/local/sbin/iiab-netwarn &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index f55d43cb1..8b2907823 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -48,12 +48,12 @@ # register: chromium_present # 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 -- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini +- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home &' to /home/{{ iiab_admin_user }}/.config/labwc/autostart lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir and chromium_browser.stat.exists # - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart From e2d646ee182a604a1f083bfabfe065d83144afe4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:48:37 -0500 Subject: [PATCH 1590/1758] calibre-web/tasks/install.yml: Rename xklb to library for pipx --- roles/calibre-web/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a863f541e..62cae7c56 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -92,27 +92,27 @@ - debug: msg: - "NEED BETTER/EXPERIMENTAL YouTube SCRAPING? RUN THE NEXT LINE -- for the latest yt-dlp 'nightly' release:" - - sudo pipx inject --pip-args='--upgrade --pre' -f xklb yt-dlp[default] + - sudo pipx inject --pip-args='--upgrade --pre' -f library yt-dlp[default] - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx reinstall xklb + pipx reinstall library else - pipx install xklb + pipx install library ln -sf /root/.local/bin/lb /usr/local/bin/lb - if [ -f /root/.local/share/pipx/venvs/xklb/bin/yt-dlp ]; then - ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp - elif [ -f /root/.local/pipx/venvs/xklb/bin/yt-dlp ]; then - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp else echo "ERROR: yt-dlp NOT FOUND" fi fi # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases # https://pypi.org/project/yt-dlp/#history From 9dfaccef74c780029462f641128508d726e95244 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:50:35 -0500 Subject: [PATCH 1591/1758] scripts/iiab-update: Rename xklb to library for pipx --- scripts/iiab-update | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 63f4a8a68..dcf7d04f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -58,15 +58,15 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library + echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default]\e[0m\n' # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases # https://pypi.org/project/yt-dlp/#history From ad57789c65a730ebbfbbedfbb4f290c9b0378ee6 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Sun, 15 Dec 2024 21:00:30 -0500 Subject: [PATCH 1592/1758] Check if older version of 'library' (xklb) is installed --- scripts/iiab-update | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/iiab-update b/scripts/iiab-update index dcf7d04f3..4e5d82547 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -58,6 +58,11 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\e[4mChecking if an older version of 'library' (formerly 'xklb') exists...\e[0m" + if pipx list | grep -q 'xklb'; then + echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" + pipx uninstall xklb + fi echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" pipx uninstall library echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" From 577a8f171f5378ef276e9e82757f8f2872ac6189 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Sun, 15 Dec 2024 21:20:52 -0500 Subject: [PATCH 1593/1758] Ensure script continues even if 'library' is not installed --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4e5d82547..2e3f9e4f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -64,7 +64,7 @@ pipx uninstall xklb fi echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library + pipx uninstall library || true echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 59470cd13464ecd8d0e428f64e0eec7f53ce8559 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Sun, 15 Dec 2024 21:42:07 -0500 Subject: [PATCH 1594/1758] Update install.yml to check if older xklb is present --- roles/calibre-web/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62cae7c56..67b53766c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -99,7 +99,12 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx reinstall library + if pipx list | grep -q 'xklb'; then + pipx uninstall xklb + pipx install library + else + pipx reinstall library + fi else pipx install library ln -sf /root/.local/bin/lb /usr/local/bin/lb From 58c5e8e71f9b367168fbc1502675b5fdf0a3a060 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Sun, 15 Dec 2024 22:00:40 -0500 Subject: [PATCH 1595/1758] Enhance library existence check --- scripts/iiab-update | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 2e3f9e4f3..6a6eeee34 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -63,8 +63,12 @@ echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" pipx uninstall xklb fi - echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library || true + if pipx list | grep -q 'library'; then + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library + else + echo -e "\e[4m'library' not found. Skipping uninstall.\e[0m\n" + fi echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 7f37ccd8dbac10e1ee377e63636eebbe87d3328c Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Mon, 16 Dec 2024 07:25:06 -0500 Subject: [PATCH 1596/1758] Remove grep step --- scripts/iiab-update | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 6a6eeee34..2e3f9e4f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -63,12 +63,8 @@ echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" pipx uninstall xklb fi - if pipx list | grep -q 'library'; then - echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library - else - echo -e "\e[4m'library' not found. Skipping uninstall.\e[0m\n" - fi + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library || true echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 943dcccf7d1ddca7e542d0f7e340f6fc1cf574b8 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR <blondel.md@gmail.com> Date: Mon, 16 Dec 2024 07:31:07 -0500 Subject: [PATCH 1597/1758] Make yt-dlp symlink failsafe --- roles/calibre-web/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 67b53766c..b678763ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -107,14 +107,14 @@ fi else pipx install library - ln -sf /root/.local/bin/lb /usr/local/bin/lb - if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then - ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp - elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then - ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp - else - echo "ERROR: yt-dlp NOT FOUND" - fi + fi + ln -sf /root/.local/bin/lb /usr/local/bin/lb + if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + else + echo "ERROR: yt-dlp NOT FOUND" fi # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] From 325d27a32ba97e0478228b9ab04e05870834f1d6 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:37:47 -0500 Subject: [PATCH 1598/1758] Asterisk 22 (instead of 21, tested on Debian 13) --- roles/pbx/README.adoc | 2 +- roles/pbx/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f19260023..99791114e 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of August 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of December 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-22-0-0-now-available/[Asterisk 22] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f0cb38124..647ad700d 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,7 +26,7 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-21-current.tar.gz +asterisk_src_file: asterisk-22-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From 8b5ea641d4f447f48d9f852c78605233801c4319 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Dec 2024 21:30:00 -0500 Subject: [PATCH 1599/1758] Bypass /etc/ImageMagick-6/policy.xml PDF surgery w/ ImageMagick 7+ --- roles/calibre-web/tasks/install.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62cae7c56..3bad3f9ae 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -38,6 +38,13 @@ # state: present # when: python_version is version('3.10', '>=') +- name: Does /etc/ImageMagick-6/policy.xml exist? + stat: + path: /etc/ImageMagick-6/policy.xml + register: imagemagick6_policy_xml + +# 2024-12-16: Debian 13 uses /etc/ImageMagick-7/policy.xml instead, which doesn't need this lineinfile surgery: +# https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -45,8 +52,9 @@ backrefs: yes line: ' <policy domain="coder" rights="read" pattern="PDF" />' state: present + when: imagemagick6_policy_xml.stat.exists -- name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" +- name: "Create 2 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_config }} (each set to {{ calibreweb_user }}:{{ apache_user }}, default to 0755)" file: state: directory path: "{{ item }}" From b8a868e231043dd217b162b2b1c3c1aa91bcfa94 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 16 Dec 2024 22:25:36 -0500 Subject: [PATCH 1600/1758] Fix Ansible comment RE: python3-netifaces (PR #3852) --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 229cd3d34..d293afe23 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,7 +21,7 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install package: imagemagick" package: name: - imagemagick From f722cd783e00e282fcdf938ac87034eb407beb7e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 17 Dec 2024 00:04:20 -0500 Subject: [PATCH 1601/1758] rpi_debian.yml: rfkill unblock wifi --- roles/network/tasks/rpi_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index fc02dccd7..df9ddb7c3 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -55,7 +55,7 @@ # This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill - shell: rfkill unblock 0 + shell: rfkill unblock wifi ignore_errors: True - name: Copy the bridge script for RPi From 6a6d153034e90d05d817d5424873cf8035318b68 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 18 Dec 2024 08:47:43 -0600 Subject: [PATCH 1602/1758] deal with unblocking wifi while NM is active on newer RaspiOS --- roles/network/tasks/main.yml | 5 +++++ roles/network/tasks/rpi_debian.yml | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 7a1e6d5f5..30e1942d3 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -68,6 +68,11 @@ #### End services #### Start network layout + - name: Unblock WiFi on RaspiOS + shell: raspi-config nonint do_wifi_country {{ host_country_code }} + ignore_errors: True + when: is_raspbian + #- name: Redhat networking # include_tasks: ifcfg_mods.yml # when: is_redhat diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index df9ddb7c3..d2a15da5b 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -53,11 +53,6 @@ line: country={{ host_country_code }} when: country_code.stdout is defined and country_code.stdout | length == 0 -# This should go away, should only be unblocked by raspi-config -- name: Enable the WiFi with rfkill - shell: rfkill unblock wifi - ignore_errors: True - - name: Copy the bridge script for RPi template: dest: /etc/network/interfaces.d/iiab From 4a3e9517dcac8d3ee3b3a363d6635343cceeddd1 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 18 Dec 2024 19:55:14 -0500 Subject: [PATCH 1603/1758] Clarify 'raspi-config nonint do_wifi_country XX' --- roles/network/tasks/main.yml | 8 +++++--- roles/network/tasks/rpi_debian.yml | 6 ++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 30e1942d3..1f493067b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -68,10 +68,12 @@ #### End services #### Start network layout - - name: Unblock WiFi on RaspiOS - shell: raspi-config nonint do_wifi_country {{ host_country_code }} - ignore_errors: True + + # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml isn't enough, especially with NM (NetworkManager) + - name: Run 'raspi-config nonint do_wifi_country {{ host_country_code }}' (using var host_country_code) to unblock WiFi, if RasPiOS + command: raspi-config nonint do_wifi_country {{ host_country_code }} when: is_raspbian + #ignore_errors: True #- name: Redhat networking # include_tasks: ifcfg_mods.yml diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index d2a15da5b..e85c673dd 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -53,6 +53,12 @@ line: country={{ host_country_code }} when: country_code.stdout is defined and country_code.stdout | length == 0 +# 2024-12-18: SEE 'raspi-config nonint do_wifi_country {{ host_country_code }}' in roles/network/tasks/main.yml +# # This should go away, should only be unblocked by raspi-config +# - name: Enable the WiFi with rfkill +# shell: rfkill unblock wifi +# ignore_errors: True + - name: Copy the bridge script for RPi template: dest: /etc/network/interfaces.d/iiab From 1c9a784d2a1a61303c4e0d1c0f60d93797ef6255 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 18 Dec 2024 22:59:25 -0500 Subject: [PATCH 1604/1758] WiFi unblock via "rpi_debian.yml wasn't enough, especially with NM" --- roles/network/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 1f493067b..7e2f1eabb 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -69,7 +69,7 @@ #### Start network layout - # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml isn't enough, especially with NM (NetworkManager) + # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml wasn't enough, especially with NM (NetworkManager) - name: Run 'raspi-config nonint do_wifi_country {{ host_country_code }}' (using var host_country_code) to unblock WiFi, if RasPiOS command: raspi-config nonint do_wifi_country {{ host_country_code }} when: is_raspbian From 3c32db26bdb0d34697afc8ef09be5479466b9115 Mon Sep 17 00:00:00 2001 From: tim-moody <tim@timmoody.com> Date: Thu, 19 Dec 2024 14:28:03 -0500 Subject: [PATCH 1605/1758] rename apache_allow_sudo and make True default --- roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml | 2 +- roles/www_options/tasks/main.yml | 6 +++--- roles/www_options/tasks/php-settings.yml | 2 +- vars/default_vars.yml | 6 +++--- vars/local_vars_large.yml | 6 +++--- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 6 +++--- vars/local_vars_small.yml | 6 +++--- vars/local_vars_unittest.yml | 6 +++--- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml index f728ffca8..e39bea703 100644 --- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml +++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml @@ -8,7 +8,7 @@ # apache_interface: 127.0.0.1 # Make this False to disable http://box/common/services/power_off.php button: -# apache_allow_sudo: True +# allow_www_data_sudo: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 8b2907823..2319c58f5 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -77,7 +77,7 @@ # COMPARE nginx_high_php_limits further above. -# 2020-03-08: DOES THE FLAG BELOW (apache_allow_sudo) PRESUMABLY WORK +# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_sudo) PRESUMABLY WORK # WITH NGINX TOO ? (The single-click poweroff button on IIAB's home # page certainly does still work with NGINX.) @@ -86,13 +86,13 @@ src: 020_apache_poweroff.j2 dest: /etc/sudoers.d/020_apache_poweroff mode: '0440' - when: apache_allow_sudo + when: allow_www_data_sudo - name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff file: path: /etc/sudoers.d/020_apache_poweroff state: absent - when: not apache_allow_sudo + when: not allow_www_data_sudo # 2022-06-30: internet_available var removed diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 46955cf16..184c07b21 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -207,4 +207,4 @@ # name: php{{ php_version }}-fpm # state: restarted -# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_sudo conditionals below. diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bcb038a53..1e84fd3e0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -274,7 +274,7 @@ nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # roles/www_base runs here (mandatory) @@ -340,8 +340,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True apache_service: apache2 apache_user: www-data # Admin Console uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 617ca9d93..ac2e78128 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 5df26eb52..45d6db53f 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -13,7 +13,7 @@ munin_enabled: True vnstat_install: True vnstat_enabled: True usb_lib_umask0000_for_kolibri: False -apache_allow_sudo: True +allow_www_data_sudo: True # By default # kiwix # awstats diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 7707afba2..c12fcb04f 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 55c50ee23..88253e035 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index bd59f5bce..39d8cf05c 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -178,7 +178,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -224,8 +224,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: True From 6b9608505079d5d78baefbaec14b4b6dfe1582d6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 19 Dec 2024 23:26:00 -0500 Subject: [PATCH 1606/1758] iiab-vpn: Update 3 Headscale doc URLs (Android, Apple, Windows) --- roles/tailscale/templates/iiab-vpn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index bb9a32dc0..14508809e 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -2,9 +2,9 @@ # USEFUL DOCS: # https://tailscale.com/kb/1080/cli#status -# https://headscale.net/android-client/ -# https://headscale.net/apple-client/ -# https://headscale.net/windows-client/ +# https://headscale.net/stable/usage/connect/android/ +# https://headscale.net/stable/usage/connect/apple/ +# https://headscale.net/stable/usage/connect/windows/ VPN_URL=https://iiab.net VPN_KEY="$1" From 079c7f5fa27983c2e0af8e2181b825023497e635 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 21 Dec 2024 10:11:53 -0500 Subject: [PATCH 1607/1758] New MediaWiki 1.42.4 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 4a7abf5de..ce95ff076 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 3 +mediawiki_minor_version: 4 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From afa8ae0eeba6a876ebdb14ff1f4c84f5826e2690 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:44:30 -0500 Subject: [PATCH 1608/1758] roles/usb_lib/README.rst: Fix 2 URLs --- roles/usb_lib/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index c27dc0e53..22fd711d2 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -2,7 +2,7 @@ usb_lib README ============== -**PLEASE SEE "Can teachers display their own content?" WITHIN http://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** +**PLEASE SEE "Can teachers display their own content?" WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** This role implements functionality similar to LibraryBox, to mount "teacher content" from USB drives. @@ -22,7 +22,7 @@ USB drives must be formatted with one of the filesystems listed under "FILESYSTE IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). -Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/releases>`_ documentation: +Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) * https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) From 1950a5ba6d97f4b129490170c3359e0bcf7d8a86 Mon Sep 17 00:00:00 2001 From: Avni Khatri/Fein <avni321@gmail.com> Date: Sat, 28 Dec 2024 15:59:56 -0500 Subject: [PATCH 1609/1758] Update iiab-vpn to fix ANSI color codes on OSX and change text color on blue bg. - Update iiab-vpn to fix ANSI color codes on OSX by using \033 instead of \e - Change text color to light gray when using blue bg --- roles/tailscale/templates/iiab-vpn | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 14508809e..77e8c13be 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -10,7 +10,7 @@ VPN_URL=https://iiab.net VPN_KEY="$1" # if tailscale status > /dev/null; then # MANY IMPERFECT TESTS OF TAILNET CONNECTIVITY: tailscale0 CAN lose its IP address, as shown by 'ip a' and 'hostname -I' (testing 'systemctl is-active tailscaled' is likely no better!) Unclear if 'tailscale status --json | jq -r .Self.Online' is much better? Maybe explore 'tailscale debug --help' and 'tailscale debug prefs' for a cleaner/authoritative verdict? Or use + display string output of 'systemctl show tailscaled --property=StatusText' e.g. 'StatusText=Connected; iiab; 100.64.0.4' ? (OR JUST DON'T WORRY ABOUT IT, AS THE ~3 'tailscale up' COMMANDS BELOW ARE MORE PROACTIVE... AND APPEAR FAST + SAFE!) -# echo -e "\n\e[1;33mAlready connected to VPN!?\e[0m" +# echo -e "\n\033[1;33mAlready connected to VPN!?\033[0m" # else # [NEST ~20 LINES OF IF STATEMENTS FURTHER BELOW?] @@ -22,20 +22,20 @@ VPN_KEY="$1" # UX Optimization: {iiab-vpn, iiab-support} can be run WITHOUT key *IF* .BackendState is "Stopped" or "Running" *AND* .ControlURL is $VPN_URL (avoid their default, https://controlplane.tailscale.com !) if [[ $(tailscale status --json | jq -r .BackendState) != "NeedsLogin" && $(tailscale debug prefs | jq -r .ControlURL) = $VPN_URL ]]; then if ! tailscale up --login-server "$VPN_URL" --timeout 8s; then # (Re-)passing $VPN_URL is overkill on this line, but can't hurt! - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN\033[0m\n" exit 1 fi elif [ -z $VPN_KEY ]; then - echo -e "\n\e[1;33mVPN key required!\e[0m\n\nEmail holt@unleashkids.org to explain your need?\n" + echo -e "\n\033[1;33mVPN key required!\033[0m\n\nEmail holt@unleashkids.org to explain your need?\n" exit 1 else if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\033[0m\n" # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\033[0m\n" exit 1 fi fi @@ -43,7 +43,7 @@ fi # jq 1.7 (2023-09-05) on new OS's also allows new syntax... jq -r .Node.Tags.[] # Can also work: tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[]) -echo -e "\n\e[44;1mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\e[0m\n" +echo -e "\n\033[44;37mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\033[0m\n" echo -e " hostname -I" echo -e " tailscale ip" echo -e " tailscale status" @@ -52,20 +52,20 @@ echo -e " tailscale whois --json $(tailscale ip -1) | jq .Node.Endpoints,.Nod echo -e " tailscale ping --verbose [IP or HOSTNAME]" echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" -echo -e "\e[4mTo disconnect from VPN:\e[0m\n" +echo -e "\033[4mTo disconnect from VPN:\033[0m\n" echo -e " tailscale down\n" -echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" +echo -e "\033[4mTo permanently log out of VPN:\033[0m\n" echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' -#echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +#echo -e "\033[44;37mVPN peers: (rightmost column = online/offline)\033[0m\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t -#echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' -echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' +#echo -e '\033[44;37mVPN peers: ("true" in 6th column means online)\033[0m\n' +echo -e '\033[44;37mVPN peers: (6th column = online/offline)\033[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\033[0;32m ✅\\033[0m/ ; s/ XXXfalseXXX /\\033[0;31m ❌ \\033[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 3ebf210c991b35ccc612c43c17df5b4457d862f2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 31 Dec 2024 21:56:16 -0500 Subject: [PATCH 1610/1758] New MediaWiki 1.43.0 LTS --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index ce95ff076..5c37610af 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 4 +mediawiki_major_version: "1.43" # "1.40" quotes nec if trailing zero +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 59956f2a913e9912432536c2b8b94e7916ffe968 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 31 Dec 2024 22:20:48 -0500 Subject: [PATCH 1611/1758] default_vars.yml: Launch 8.3 Release Cycle --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1e84fd3e0..4e61819a2 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.2 +iiab_base_ver: 8.3 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From 8d0f45bd4d674e7583f39fbe29317d6bc2ee4020 Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Sun, 5 Jan 2025 16:35:38 -0500 Subject: [PATCH 1612/1758] Initial commit(x3) of Upload2USB stick app: 3 *.php files + UK logo --- roles/usb_lib/files/upload2usb/index.php | 50 +++++++++++++ roles/usb_lib/files/upload2usb/uk-swing.png | Bin 0 -> 4880 bytes .../usb_lib/files/upload2usb/upload-file.php | 70 ++++++++++++++++++ roles/usb_lib/files/upload2usb/upload2usb.php | 68 +++++++++++++++++ 4 files changed, 188 insertions(+) create mode 100644 roles/usb_lib/files/upload2usb/index.php create mode 100644 roles/usb_lib/files/upload2usb/uk-swing.png create mode 100644 roles/usb_lib/files/upload2usb/upload-file.php create mode 100644 roles/usb_lib/files/upload2usb/upload2usb.php diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload2usb/index.php new file mode 100644 index 000000000..ad4156876 --- /dev/null +++ b/roles/usb_lib/files/upload2usb/index.php @@ -0,0 +1,50 @@ +<?php +/* +* index.php +* Upload2USB App Index Page +*/ + +include("upload2usb.php"); + +//Check if folder for today exists, and get file count if it does + +$file_count = getFileCount(getTargetFolderPath(0)); + +?> + +<!DOCTYPE html> +<html> + + <head> + <title>IIAB Homework Submission App</title> + <meta http-equiv="content-type" content="text/html; charset=UTF-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> + <link rel="stylesheet" href="/common/css/fa.all.min.css"/> + <link rel="stylesheet" href="/common/css/font-faces.css"/> + <script src="/common/js/jquery.min.js"></script> + <script src="/common/js/bootstrap4.min.js"></script> + </head> + <body class="text-center" style="background-color:#f5f5f5;"> + <div id="container" class="container"> + <div class="row"> + <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> + + <form action="submit-hw.php" id="hw_submission_form" method="post" enctype="multipart/form-data"> + <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> + <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Homework Submission</h1> + + <label for="submit_hw" style="font-weight:bold;padding-bottom:10px;">Submit your homework here!</label> + <input type="file" name="hw_submission" id="hw_submission"><br/><br/> + <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> + </form> + <br/> + <?php echo $file_count ?> homework files have been submitted today! + + </div> + </div> + </div> + +</body> +</html> diff --git a/roles/usb_lib/files/upload2usb/uk-swing.png b/roles/usb_lib/files/upload2usb/uk-swing.png new file mode 100644 index 0000000000000000000000000000000000000000..c5470365e784b58dde5eb8e9f2a1975621b700fc GIT binary patch literal 4880 zcma)A2UJtb77azv(4>hEDWQl6LJA550#fBsLJ2`ak(wa+kYW-bQ~^<n4G}3y3mv74 zh)7qYC{mRsMG+|)z(QB~L4ErEfA5!M-8*My_St8jGk0d)bz`k9P56M~KmY*1XZpJl ziq)c7m;O#J*4>JHW{%acQBfuafYPTD+npdB#?%Xm1SqlWod6CtApplVg!KooK>_S6 zTZ(nTqVWLEZ{q-fHLC^aV@V!3khM37MxuI?$RI=8BOs)^C!V<72LL#-*naV3vH$c% zXL0<r^|yJ<FEcg(08Tm{jiF(X7FwPpf~xyAw<?`L-Ua{=bS;)iz|q`6bb>FDszuk4 z{f5wD+1tZlS<p8K%|}NTgR}-2k|;Qkx++8!BC87ofj|ff)=LXzbnJ&atEVIDO{0;u zz~F#@0M!6BRTAYS7z&5O!4Mc222)`nRH%VOnmb*ENR|6e@&}I*j_OIllWBMo5wy+g z?m_aS>B!1%2m1N@p_4%V8Hh;zkrgXHFx{ODhN?oq|G^1~{O@iA!ryvQX(-&U%>FhY z6&*;%fl)Xr$&ccRW5MPAP67?@^&fb)XTB@{R@m?PB3P@VWk|uf(?}FFiR7#MUmpzw z_}}5bD!0vqL~0q~D0qJy_85gk_*P=FJB5ndR<0xahxDIo@<YP6+_msTD$Skfi8D3Q zWihGZ@mMX0nkEDa)i?~%fI-wXp-{L!)Iie^0yi)^rlASf)I@;);`&PuiyZNN8cXu@ zBjAX%AI#WoX4wD7{3q96%-^c;uc`i9MYkva8WesQVhn-6)L=%MhES-n8r(=<&FBck z2x?#e)qv?6{p9`S`lq1Z%WL}AD*d2^{V&=-x&DRLih@6hC%XIojq3khs_)AFhT>0Q zwjVw%7KF77?%Uf>7m5J?W$XtY0p8x5f7+|x4}x!_tdl?&$STwyr;0A{*3HBv)^XWn zYNU^*voX{7Xy{haw&6qa5pFHf@|`c$VhYj593?TayBjRl3#GHN3+y8H_z3E>Qqeb6 zUNP3}4poO8KJI<%nXD{9a2GpUtf243LLHCSqj3~8yA7woPSev{)AfF<)66%_(a^{C zGif(c?@?!-rf+&JytubW2sy(o&@evpvCGF_9_doyVO(KDOyv6w_F5^vn{BQs*SqTZ zQx0x^Ut+7n+u+rOWji!l0@$iOH^?xIKDUEsj|4w6psKTBuD_rlF**5YZ%+?omyCa2 zZm#pnh)<c_(5{EC`)+8EzOoaNIeZwBK&Gzt$W_r9*ZLqo!(`PH&lzd5i9M37Z&0pv zp_?n>w@^*brr*3d9x-UfM7g@URuD$3&6LMFoUM9a+svz0W^!<c%M`b0w-ba%Lw4}( z*P~jr`gyipS{@b3$ZZcdI1+FWxI@Qn_NBkCPnbwL!q`d28gt@AXoO_CNP2SeU`r{} z=+U~t0S&jNa9hV}-*urH_olZg5rY2es7`|`=b-||h$x4i243DroN2~7XDU(R@xU%s zavnFo1bvrNy+#j(eQTF(;Tt$@wx>bS{a~wY#I8dx?zK22Tow&cj=Rp`5}g1VH4t{x z;p~P<^$biuPHx;cLe9Rn?;u*($ibEuXO|r#UF>|1lC$*S9G~|24YHg3GelO&5;Pb2 zsh%y&$8(nId}TxlU0ue?9Sjq`XR^g9#YL-h<w@hJu~ejKlaYA*T%)rZ{G2um_My_O z+x=RDL4~$8Ulp6swQ*B(^L>@rjs%@p4|?&^u8a@IBZiXpHK`n4ibdyRTrf^f!RgJL zQJu0%i9T<3_;x{Ey7r9c_?dr<+v<Jgqs_3%Id;dR<#PG-{lNWuKU0%boD>G<qs*#- zttZpMVLbI|2R|zhmY#5$n%=v#@-h`WrBM)su#69tJIgPv`<doQ;zQAG3r!dw-Nz>R zHsze5PQv$mi>HLLADcYn(7XaWjPgElVoZ~3Hnm;fmmbQhBV$^9Ek;pQBAH!7OjOh_ z=65W<sW?r*j4hL07H1j@k7`x)TgFabsBWJ&UY2BsO=#kZ%Vo?``M#V*#DF`Hi*ial zZ?frUP?!tLJ3DVQx&x6`R*MfH)y<bU1tx6#FJ_TTgd4a8q&^9<@o>i5pbnTz4|nkU zGMz`N#Qku`0d@Px@E+be*Jht<^_K2HTsbwuqKy0O>E;Zb;IQcWh8tJI0&J)J<_C)Q zY*;bgM!(V$5I<Zfb}FKI0IcVrW8)#v>F^r(<S@*0G9jsjYf#v-uf6i*(Po#eM;*%i z_2YUDsKVo;C1H(Qh9BA@VzX4Ukqd(gZn`y_9c>(|?53BAXG^T3Y|w>C&icIRD@;JQ z&=k!AiM$4zm*7R=dfL?r^&0MC@@`-%q?=F53CyUyqxA5pxiHfN#`ZR4rl(6*(<Ls< z#K~JQq6MVGxKwdN%EqZuxrpbY_A}|7?_QNK#{59P#i3%Xm1%<HeP0@O=G{)R@z!yP zI9`&F3CG*hGg?H<IK6q~fY)C>NR9C5j?#nLJUGqiy>Rx8Gm)sVFwr>S%-Fn+%0CD> z-+~TOQr7e>RX}D_M+qR;%du(6v(3eyQ^+n`U%xmxzQ1|9HY|o$P0^)_G||vMJf3et zR*z1Vvo$*XQ6^XDf@$a5y`u$>`rox-afUib3;F@~x?{Ss_vMn`pA<hcll7#ai2GIf zYj{fj^Qt3rl6uPG>)CkU^<3wp1kpH#bQ89|8t!EM<iSweF>ax_p5u$Yis-n#*u-nN z-*!h<f?IOLU265P)|O_VNB)o1*5ER-^XO+jZ;Zz8FYlQI`mSipOmW5)KNY-i`i`hH zs@urakztwOTZrv;yV5?qiWpW(w6TI7OWLFf<LZw(`cA&^a*PE!TD6!;KX}}@h54<+ zom+#)8%I!^A8Bx`V9HfRGi<Wirz+EnIvg3*PEu^2@~OhrKKuv%u^*Sdfy3t5U6R4y z@9^u5+lq@;yQIOkIJ%q+J2f=Z>tBl89Go-*1WL(;9|JxME?;4eW}Xwe53>Y|6h>ba zXs1bVEz;}^7j#*oo_$0d+R+>ppS~N0A>9NpC&CK?6`kO(zXHDK%}>aYa;+C$1uku= z^^CTxN)IGAPn{_)F7_*ahabQRaZREKoMqZ|3oEs4s}B_d_Al~Q-ClZcD29LL^!wDU z5v767zP0j~77D)VbK+}k)_|cA1#c&4?5S{e)$3K&V+6%lClngS5f^|wJm<3l6IM#~ zAibx>l~*dP+cHm3lJuA4=qK2aT7l$g8~zmm6+L@k*{Z=Qmur#-(P!im=i2NlVMJ^; z3EDj4U8@^O&M6U&G9i)kYGZo?B)`z?Bm^+_134*N!+m;vp_w$bYkHqz5MAMV!NR9A z4#cU$9Y`3abkW5q#YwXs`|QMMEVl!GhLP47xp|2%5K%}8>9@&eztG+%dErR!j((vh zU7G%ecQ!t_jV!s9W(|oc7BG#e1%*0-9Tf&8XBd-nlVP~lHizUJR8jTMeD7Z}<~-dl z_S!D*y~?gAM_<dN-qw<y=8GQuoj#j|x|#EJFEFE;HrIE?#QOb~Ux_t;0=w_TgrLlP zD1uAyt#wnnqFeR*=}z!$@BufUoSgS(yMt5mGWD+_1K9(mcGut?HW>raBUN}c6&qK* z`we{Qryl(lEVu&W9Ei9Y^YBGTYDmv$sokyPwr+Hu$)QKlJF}Li8jE~<tad!*jN}%> z`G_~|i=gSkT)MbhKTxO4N<~LXobFn1Hb(Rc`^^jzuXJmQ#81qt$94~g)8S(gwf{Kz zi8&gue2#A)|9wf!7um7Iw55Trla0bH^8Gc}g@NgDnVW^WAIM5&k|q5IhP-(VLhySx zj#e<s2m^Epxs+~djf1TP_<@!v;_Pz??3rfeak5M~m$b$j@yQ*7BfFuGi*_!>bRNJs zwnhYt*$)FHj|bIfT)EPFnWtmbq2ocyEelkWGi=K%H8s^<#j$D@H`jEr*S=BDqi33T z34Tq2V_N;{*aom%YmK<xI!fB@V$iWLc3<q3RM-;<uve*J2Vwba_Gk)6ZKa0Sj6ZWE zv<XB>e}xQkrHR!MWy>xkr#|@lLB}3&L$2qpaYk&_Shvz4*}Hc68y*`XoWR@~k(<n> zt2g)xta!tSw|TX`?rj!DoMHw()T}A(Bgr*Js(%Q)+d4EMe>CRBNM3|UvOz1GNr>FA zjviv+T;h;GPv}@zNemHspevMieviuhx=d@C&HVlW(cD-+DebxY{SrDdx7^=8FIjvU zU(kZ?Etoo(-Z{Uqdwq~2IKn<PI`XYp8zgoHKJEIVE|5B@pG$VVw5qr3Lf2&pFKfk1 z`tjKK`3DzKT-P~=hJ&P;gO5dFQTQgQag%k?9Aa|EimIpGQ}!^kz+>Kr^d2{yKT(D` zHPr7Ib?;(WTO4XDGPEvA7}K2Op|ItI^{Gm4cI^cA`wPftTTO)bbI>2?r4CCaZfPQT zpu+Z^3i)hS2iH7=6s;Jy`J<xbql(<~#@V|aAjRf8ZC5R-=L)pFX8Bz!d5;SWm4B35 z#4hP)N*IT7Er^rB0PTqNraVOw3^9Q<4nvNquLpmc?G+t;UqQIVBOmaRYpo<|F`2fd z8eh)6M?Z~gNxCv9H_EY-(#+46*Zy815X2ZdmzI`xC&c_3pFwXy&j82hJ&uiKg@j7q z`Ny0QNlTD8)~o2gY9XYS&%)w(eej;6z5YhNOo@_95R$N7;8oL=NL3lH{VjAy2glua zIX+sy3vpwcN&*>T(x`2hB>n1xmV?p>qx&2?a0;mnA&Dd5y8eFehAOJ9GIhJ|9h?&z zynplN&Az5Q!Hazy=dXvn;H)f%*5=U@Vs3bOwq+PV&h{hBmrkE6Q8KCPco=-B{)rPG z?Y7KUkviS@9;M{$q778xU6AX}C%mEEIOgJAU1Meax@8ro>UUEe=4&sP%wkLg^%V%C z8Y$hU<*K-Q-?f)POtpr2&a{(wQbllkMB<a`*q<%WYe~o7Sk}Eq=o4N-%*nsr)r|!W zYnLVH_MZCO6mPO}XZ$S0W&$K{%n+*0&wpcAIVtnfL$<dzq>H~MGdcJJTynoit!N8I zU`i#W%&wQ~_v;4B-P|dkB%(}nwev(*fYBC$D<6}uc%=9P6%`fNI786Wm`$0jtB*9Q zp69#i$k=y-?kWI>GWdq>RmU%rA_q)A7VN$_1A}@#yJ=TZTIEH_DbJx)h=2mJqt9OO z(>M@1utN|kKaD*`^j;H_SY7IG1J7#n&+>Z1YL9M)WBNSmuIgE9Bv~@5){<{^c6R0q zZ%V}Oil1<9RT`KpoiH}dfBu>q4?ZdO`AW34@W@1|#9R4y^qQ8JrGEPDmOHg~aM^QM zVjUiFX69L$4_D?_XWBM@GCu5zvVVL3bB}INSAVVF+ggkZR6EsZcJD3~^CHM0wx`6% z_o^d{92v`fCy54JCS9fzANCYcip-0yBrH6k*uKeXpD>ZtN?J0pWB9IH4K>uRm{mMS zx2z=D_efn&vGi2V!9Kq{pEPI`+oq(ozcp206%ZE^xp7F9(=HpH(Pv|?*lE_$-F-U# zGryZoXZ^{p>qpEF1_$1Xtk>vp79A%CJh~%wnyheF;!99jT}@3*pTpfP+jJ4}HR%}G Wk%K$rjbygJ8krhf8kHKjMg9{3Sx(si literal 0 HcmV?d00001 diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php new file mode 100644 index 000000000..e2053864e --- /dev/null +++ b/roles/usb_lib/files/upload2usb/upload-file.php @@ -0,0 +1,70 @@ +<?php +/* +* upload-file.php +* Upload2USB App - Process Submission +*/ + +include("upload2usb.php"); + +//get folder path where homework will be stored +$target_folder_path = getTargetFolderPath(1); +$target_file = $target_folder_path . "/" . basename($_FILES["hw_submission"]["name"]); +$upload_ok = 1; +$upload_msg = ""; + +if(!isset($_POST["submit"]) || empty(basename($_FILES["hw_submission"]["name"]))) { + $upload_msg = "No file submitted."; + $upload_ok = 0; +} elseif (file_exists($target_file)) { + $upload_msg = "This file already exists."; + $upload_ok = 0; +} + +// Check if $upload_ok is set to 0 by an error +if ($upload_ok == 0) { + $upload_msg = "&#x274C; Your file was not uploaded. " . $upload_msg; + +// if everything is ok, try to upload file +} else { + if (move_uploaded_file($_FILES["hw_submission"]["tmp_name"], $target_file)) { + $upload_msg = "&#x1F60A; &#x2705; Your homework file ". htmlspecialchars( basename( $_FILES["hw_submission"]["name"])). " was successfully uploaded!"; + } else { + $upload_msg = "&#x274C; There was an error uploading your file. " . $upload_msg; + } +} + +$file_count = getFileCount($target_folder_path) + +?> + +<!DOCTYPE html> +<html> + + <head> + <title>IIAB Homework Submission App</title> + <meta http-equiv="content-type" content="text/html; charset=UTF-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> + <link rel="stylesheet" href="/common/css/fa.all.min.css"/> + <link rel="stylesheet" href="/common/css/font-faces.css"/> + <script src="/common/js/jquery.min.js"></script> + <script src="/common/js/bootstrap4.min.js"></script> + </head> + <body class="text-center" style="background-color:#f5f5f5;"> + <div id="container" class="container"> + <div class="row"> + <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> + + <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> + <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Homework Submission</h1> + <?php echo $upload_msg ?> <br/> + <?php echo $file_count ?> homework files have been submitted today! + + </div> + </div> + </div> + +</body> +</html> + diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php new file mode 100644 index 000000000..20b98e162 --- /dev/null +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -0,0 +1,68 @@ +<?php +/* +* upload2usb.php +* Upload2USB App Helper Functions +*/ + + +//return the first removable USB drive location +function getTargetUSBDriveLocation () { + // Get the first removal USB drive using + // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 + // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 + + $removable_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + + if (empty($removable_usb_path)) { + return "/library/www/html/local_content/"; + } else { + + return $removable_usb_path . "/"; + } + +} + +//returns folder path where homework will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist +function getTargetFolderPath ($create_folder_p) { + $parent_dir = getTargetUSBDriveLocation(); + + +error_log("PARENTDIR: " . $parent_dir); + + $today_folder_name = "UPLOADS." . date("Y-m-d"); + $target_folder_path = $parent_dir . $today_folder_name; + + if (!file_exists($target_folder_path) && $create_folder_p) { + mkdir($target_folder_path, 0777); + + } + + return $target_folder_path; + +} + +//return number of files within a specified folder +function getFileCount ($folder_path) { + return count(glob($folder_path . "/*")); +} + +//*** TODO *** check file content to see if it's unique or not +function isFileContentUnique ($file) { + + +} + + +//*** TODO **** check if file exists based on file name and return unique name if does +function getUniqueFileName ($filename) { + +} + + +// Check file size - we are not going to check file size for now. +// elseif ($_FILES["hw_submission"]["size"] > 5000000) { +// $upload_msg = "Your file is too large."; +// $upload_ok = 0; +// } + +?> From 8d167ab98192454479c481d738d8b621412dcff9 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Mon, 6 Jan 2025 01:12:24 +0100 Subject: [PATCH 1613/1758] roles/usb_lib/tasks/install.yml: Add yaml to copy upload2usb app files to local_content folder --- roles/usb_lib/tasks/install.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e0699a652..c26746a61 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,6 +76,18 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } +# 2025-01-05: Copy upload2usb app files (#3875) to local_content +- name: 'Copy upload2usb app files from files/upload2usb/' + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: "0755" + with_fileglob: + - upload2usb/* + + # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 From 2706381a382c8e7326adcf1ab41769f350b0b380 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Mon, 6 Jan 2025 04:46:28 +0100 Subject: [PATCH 1614/1758] usb_lib/tasks/install.yml: Fixing yaml so upload2usb directory is created before files are copied --- roles/usb_lib/tasks/install.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index c26746a61..e05eeefc0 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,14 +76,19 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -# 2025-01-05: Copy upload2usb app files (#3875) to local_content -- name: 'Copy upload2usb app files from files/upload2usb/' +- name: '2025-01-05: Add upload2usb directory to local_content' + file: + state: directory + path: "{{ doc_root }}/local_content/upload2usb" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: 0755 + + +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload2usb/ to local_content' copy: src: "{{ item }}" dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - mode: "0755" with_fileglob: - upload2usb/* From 99ff433a90f8d49d559d57a1540221766bb350a0 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Mon, 6 Jan 2025 04:48:19 +0100 Subject: [PATCH 1615/1758] usb_lib/files/upload2usb/*: renaming app to Upload To USB instead of HW Submission, other minor cleanup/styling --- roles/usb_lib/files/upload2usb/index.php | 14 +++++++------- roles/usb_lib/files/upload2usb/upload-file.php | 16 ++++++++-------- roles/usb_lib/files/upload2usb/upload2usb.php | 16 +++------------- 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload2usb/index.php index ad4156876..8151458b4 100644 --- a/roles/usb_lib/files/upload2usb/index.php +++ b/roles/usb_lib/files/upload2usb/index.php @@ -16,7 +16,7 @@ $file_count = getFileCount(getTargetFolderPath(0)); <html> <head> - <title>IIAB Homework Submission App</title> + <title>IIAB Upload to USB App</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> @@ -31,16 +31,16 @@ $file_count = getFileCount(getTargetFolderPath(0)); <div class="row"> <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <form action="submit-hw.php" id="hw_submission_form" method="post" enctype="multipart/form-data"> - <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> - <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Homework Submission</h1> + <form action="upload-file.php" id="upload2usb_form" method="post" enctype="multipart/form-data"> + <img class="mb-4" src="uk-swing.png" alt="" width="75"> + <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> - <label for="submit_hw" style="font-weight:bold;padding-bottom:10px;">Submit your homework here!</label> - <input type="file" name="hw_submission" id="hw_submission"><br/><br/> + <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label> + <input type="file" name="uploaded_file" id="uploaded_file"><br/><br/> <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> </form> <br/> - <?php echo $file_count ?> homework files have been submitted today! + <?php echo $file_count ?> files have been uploaded today! </div> </div> diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php index e2053864e..ef23713ab 100644 --- a/roles/usb_lib/files/upload2usb/upload-file.php +++ b/roles/usb_lib/files/upload2usb/upload-file.php @@ -6,13 +6,13 @@ include("upload2usb.php"); -//get folder path where homework will be stored +//get folder path where file will be stored $target_folder_path = getTargetFolderPath(1); -$target_file = $target_folder_path . "/" . basename($_FILES["hw_submission"]["name"]); +$target_file = $target_folder_path . "/" . basename($_FILES["uploaded_file"]["name"]); $upload_ok = 1; $upload_msg = ""; -if(!isset($_POST["submit"]) || empty(basename($_FILES["hw_submission"]["name"]))) { +if(!isset($_POST["submit"]) || empty(basename($_FILES["uploaded_file"]["name"]))) { $upload_msg = "No file submitted."; $upload_ok = 0; } elseif (file_exists($target_file)) { @@ -26,8 +26,8 @@ if ($upload_ok == 0) { // if everything is ok, try to upload file } else { - if (move_uploaded_file($_FILES["hw_submission"]["tmp_name"], $target_file)) { - $upload_msg = "&#x1F60A; &#x2705; Your homework file ". htmlspecialchars( basename( $_FILES["hw_submission"]["name"])). " was successfully uploaded!"; + if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { + $upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( basename( $_FILES["uploaded_file"]["name"])). "</span> was successfully uploaded!"; } else { $upload_msg = "&#x274C; There was an error uploading your file. " . $upload_msg; } @@ -41,7 +41,7 @@ $file_count = getFileCount($target_folder_path) <html> <head> - <title>IIAB Homework Submission App</title> + <title>IIAB Upload to USB App</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> @@ -57,9 +57,9 @@ $file_count = getFileCount($target_folder_path) <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> - <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Homework Submission</h1> + <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> <?php echo $upload_msg ?> <br/> - <?php echo $file_count ?> homework files have been submitted today! + <?php echo $file_count ?> files have been submitted today! </div> </div> diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 20b98e162..15a94290d 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -16,19 +16,14 @@ function getTargetUSBDriveLocation () { if (empty($removable_usb_path)) { return "/library/www/html/local_content/"; } else { - return $removable_usb_path . "/"; } - } -//returns folder path where homework will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist +//returns folder path where file will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist function getTargetFolderPath ($create_folder_p) { $parent_dir = getTargetUSBDriveLocation(); - - -error_log("PARENTDIR: " . $parent_dir); - +// error_log("PARENTDIR: " . $parent_dir); $today_folder_name = "UPLOADS." . date("Y-m-d"); $target_folder_path = $parent_dir . $today_folder_name; @@ -36,9 +31,7 @@ error_log("PARENTDIR: " . $parent_dir); mkdir($target_folder_path, 0777); } - return $target_folder_path; - } //return number of files within a specified folder @@ -48,19 +41,16 @@ function getFileCount ($folder_path) { //*** TODO *** check file content to see if it's unique or not function isFileContentUnique ($file) { - - } //*** TODO **** check if file exists based on file name and return unique name if does function getUniqueFileName ($filename) { - } // Check file size - we are not going to check file size for now. -// elseif ($_FILES["hw_submission"]["size"] > 5000000) { +// elseif ($_FILES["uploaded_file"]["size"] > 5000000) { // $upload_msg = "Your file is too large."; // $upload_ok = 0; // } From 8fb56561893419e08e592f954a69f4444d3c118e Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:43:52 -0500 Subject: [PATCH 1616/1758] usb_lib/templates/content_dir.conf.unused: rename unused file --- .../templates/{content_dir.conf => content_dir.conf.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/usb_lib/templates/{content_dir.conf => content_dir.conf.unused} (100%) diff --git a/roles/usb_lib/templates/content_dir.conf b/roles/usb_lib/templates/content_dir.conf.unused similarity index 100% rename from roles/usb_lib/templates/content_dir.conf rename to roles/usb_lib/templates/content_dir.conf.unused From 1da4d45509868e5fe0fc5c6bf0ed71bf1fd9b8a1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 6 Jan 2025 00:29:57 -0500 Subject: [PATCH 1617/1758] Update LICENSING.md --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index 33776a06e..77c1ed0b9 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2024, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2025, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From 956257f6cb57a7382b2bcfc2c92ebba41238a454 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:45:00 +0100 Subject: [PATCH 1618/1758] usb_lib/upload/*.php, usb_lib/tasks/install.yml: Moving app from upload2usb/ to upload/; Fixing UK image on upload-file page; Minor formatting changes --- .../usb_lib/files/{upload2usb => upload}/index.php | 2 +- .../files/{upload2usb => upload}/uk-swing.png | Bin .../files/{upload2usb => upload}/upload-file.php | 2 +- .../files/{upload2usb => upload}/upload2usb.php | 1 + roles/usb_lib/tasks/install.yml | 10 +++++----- 5 files changed, 8 insertions(+), 7 deletions(-) rename roles/usb_lib/files/{upload2usb => upload}/index.php (96%) rename roles/usb_lib/files/{upload2usb => upload}/uk-swing.png (100%) rename roles/usb_lib/files/{upload2usb => upload}/upload-file.php (96%) rename roles/usb_lib/files/{upload2usb => upload}/upload2usb.php (96%) diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload/index.php similarity index 96% rename from roles/usb_lib/files/upload2usb/index.php rename to roles/usb_lib/files/upload/index.php index 8151458b4..0287e44f2 100644 --- a/roles/usb_lib/files/upload2usb/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -35,7 +35,7 @@ $file_count = getFileCount(getTargetFolderPath(0)); <img class="mb-4" src="uk-swing.png" alt="" width="75"> <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> - <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label> + <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label><br/> <input type="file" name="uploaded_file" id="uploaded_file"><br/><br/> <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> </form> diff --git a/roles/usb_lib/files/upload2usb/uk-swing.png b/roles/usb_lib/files/upload/uk-swing.png similarity index 100% rename from roles/usb_lib/files/upload2usb/uk-swing.png rename to roles/usb_lib/files/upload/uk-swing.png diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload/upload-file.php similarity index 96% rename from roles/usb_lib/files/upload2usb/upload-file.php rename to roles/usb_lib/files/upload/upload-file.php index ef23713ab..684372823 100644 --- a/roles/usb_lib/files/upload2usb/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -56,7 +56,7 @@ $file_count = getFileCount($target_folder_path) <div class="row"> <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <img class="mb-4" src="unleash-kids-swing.png" alt="" width="75"> + <img class="mb-4" src="uk-swing.png" alt="" width="75"> <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> <?php echo $upload_msg ?> <br/> <?php echo $file_count ?> files have been submitted today! diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php similarity index 96% rename from roles/usb_lib/files/upload2usb/upload2usb.php rename to roles/usb_lib/files/upload/upload2usb.php index 15a94290d..bd13d1f6b 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -16,6 +16,7 @@ function getTargetUSBDriveLocation () { if (empty($removable_usb_path)) { return "/library/www/html/local_content/"; } else { +// error_log ("REMOVABLE USB PATH: " . $removable_usb_path); return $removable_usb_path . "/"; } } diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e05eeefc0..de16e83a7 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,21 +76,21 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb directory to local_content' +- name: '2025-01-05: Add upload2usb app directory to local_content' file: state: directory - path: "{{ doc_root }}/local_content/upload2usb" + path: "{{ doc_root }}/local_content/upload" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload2usb/ to local_content' +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html + dest: "{{ doc_root }}/local_content/upload" # /library/www/html with_fileglob: - - upload2usb/* + - upload/* # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ From 30f940a5f4c8f13e94fbcef8591747035273a014 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 12 Jan 2025 12:04:47 +0100 Subject: [PATCH 1619/1758] error.php, header.php, footer.php - Add custom exception handling, header, footer; index.php, upload-file.php, upload-2-usb.php - Require exactly 1 USB stick to be inserted, allow same file name but different content (using incremental numbering), reject duplicate content, restrict file types --- roles/usb_lib/files/upload/error.php | 16 +++++ roles/usb_lib/files/upload/footer.php | 14 +++++ roles/usb_lib/files/upload/header.php | 32 ++++++++++ roles/usb_lib/files/upload/index.php | 34 ++--------- roles/usb_lib/files/upload/upload-file.php | 56 +++++++----------- roles/usb_lib/files/upload/upload2usb.php | 68 ++++++++++++++++++---- 6 files changed, 142 insertions(+), 78 deletions(-) create mode 100644 roles/usb_lib/files/upload/error.php create mode 100644 roles/usb_lib/files/upload/footer.php create mode 100644 roles/usb_lib/files/upload/header.php diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php new file mode 100644 index 000000000..75d4f5a2d --- /dev/null +++ b/roles/usb_lib/files/upload/error.php @@ -0,0 +1,16 @@ +<?php +/* +* error.php +* Upload2USB App error +*/ + +?> + +AN ERROR occurred! Please make sure <span style="color:red; font-weight:bold"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. <!-- Also make sure the <span style="color:red; font-weight:bold;">usb_lib_umask0000_for_kolibri</span> parameter in your IIAB configuration file is set to True. --> Reach out to TK for help if you have any questions or continue having trouble with the setup. +<br/><br/> + +Share the below error message with IIAB developers at TK for debugging: +<pre><?php if (isset($exception)) {echo (string)$exception;} ?></pre> + + + diff --git a/roles/usb_lib/files/upload/footer.php b/roles/usb_lib/files/upload/footer.php new file mode 100644 index 000000000..2e1fef0f7 --- /dev/null +++ b/roles/usb_lib/files/upload/footer.php @@ -0,0 +1,14 @@ +<?php +/* +* footer.php +* Upload2USB App Footer for all User Facing Pages +*/ + +?> + + </div> + </div> + </div> + +</body> +</html> diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload/header.php new file mode 100644 index 000000000..78592e86d --- /dev/null +++ b/roles/usb_lib/files/upload/header.php @@ -0,0 +1,32 @@ +<?php +/* +* header.php +* Upload2USB App Header for all User Facing Pages +*/ + + +include("upload2usb.php"); + +?> + +<!DOCTYPE html> +<html> + + <head> + <title><?php echo $title ?></title> + <meta http-equiv="content-type" content="text/html; charset=UTF-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> + <link rel="stylesheet" href="/common/css/fa.all.min.css"/> + <link rel="stylesheet" href="/common/css/font-faces.css"/> + <script src="/common/js/jquery.min.js"></script> + <script src="/common/js/bootstrap4.min.js"></script> + </head> + <body class="text-center" style="background-color:#f5f5f5;"> + <div id="container" class="container"> + <div class="row"> + <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> + + <img class="mb-4" src="uk-swing.png" alt="" width="75"> + <h1 class="h3 mb-3 font-weight-normal"><?php echo $title ?></h1> diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index 0287e44f2..670d8499e 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -4,47 +4,21 @@ * Upload2USB App Index Page */ -include("upload2usb.php"); +$title = "IIAB Upload to USB"; +include("header.php"); //Check if folder for today exists, and get file count if it does - $file_count = getFileCount(getTargetFolderPath(0)); ?> -<!DOCTYPE html> -<html> - - <head> - <title>IIAB Upload to USB App</title> - <meta http-equiv="content-type" content="text/html; charset=UTF-8"> - <meta name="viewport" content="width=device-width, initial-scale=1"> - - <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> - <link rel="stylesheet" href="/common/css/fa.all.min.css"/> - <link rel="stylesheet" href="/common/css/font-faces.css"/> - <script src="/common/js/jquery.min.js"></script> - <script src="/common/js/bootstrap4.min.js"></script> - </head> - <body class="text-center" style="background-color:#f5f5f5;"> - <div id="container" class="container"> - <div class="row"> - <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <form action="upload-file.php" id="upload2usb_form" method="post" enctype="multipart/form-data"> - <img class="mb-4" src="uk-swing.png" alt="" width="75"> - <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> - <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label><br/> <input type="file" name="uploaded_file" id="uploaded_file"><br/><br/> <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> </form> <br/> - <?php echo $file_count ?> files have been uploaded today! + <?php echo $file_count ?> files have been uploaded today! - </div> - </div> - </div> -</body> -</html> +<?php include ("footer.php"); ?> \ No newline at end of file diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 684372823..d86f9aa60 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -4,20 +4,29 @@ * Upload2USB App - Process Submission */ -include("upload2usb.php"); +$title = "IIAB Upload to USB App Results"; +include("header.php"); //get folder path where file will be stored $target_folder_path = getTargetFolderPath(1); -$target_file = $target_folder_path . "/" . basename($_FILES["uploaded_file"]["name"]); +$uploaded_filename = basename($_FILES["uploaded_file"]["name"]); +$target_file = $target_folder_path . "/" . $uploaded_filename; $upload_ok = 1; $upload_msg = ""; -if(!isset($_POST["submit"]) || empty(basename($_FILES["uploaded_file"]["name"]))) { - $upload_msg = "No file submitted."; +if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_name'])) { + $upload_msg = "No file submitted!"; + $upload_ok = 0; +} elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; + $upload_ok = 0; +} elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "This file already exists!"; $upload_ok = 0; } elseif (file_exists($target_file)) { - $upload_msg = "This file already exists."; - $upload_ok = 0; + // rename file so name is unique + $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); + $target_file = $target_folder_path . "/" . $new_filename; } // Check if $upload_ok is set to 0 by an error @@ -27,44 +36,19 @@ if ($upload_ok == 0) { // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { - $upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( basename( $_FILES["uploaded_file"]["name"])). "</span> was successfully uploaded!"; + $upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( $uploaded_filename ). "</span> was successfully uploaded!"; } else { - $upload_msg = "&#x274C; There was an error uploading your file. " . $upload_msg; + $upload_msg = "&#x274C; There was an error uploading your file. " . $_FILES["upload_file"]["error"] . $upload_msg; } } -$file_count = getFileCount($target_folder_path) +$file_count = getFileCount($target_folder_path); ?> -<!DOCTYPE html> -<html> - - <head> - <title>IIAB Upload to USB App</title> - <meta http-equiv="content-type" content="text/html; charset=UTF-8"> - <meta name="viewport" content="width=device-width, initial-scale=1"> - - <link rel="stylesheet" href="/common/css/bootstrap4.min.css"/> - <link rel="stylesheet" href="/common/css/fa.all.min.css"/> - <link rel="stylesheet" href="/common/css/font-faces.css"/> - <script src="/common/js/jquery.min.js"></script> - <script src="/common/js/bootstrap4.min.js"></script> - </head> - <body class="text-center" style="background-color:#f5f5f5;"> - <div id="container" class="container"> - <div class="row"> - <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - - <img class="mb-4" src="uk-swing.png" alt="" width="75"> - <h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1> <?php echo $upload_msg ?> <br/> <?php echo $file_count ?> files have been submitted today! - </div> - </div> - </div> - -</body> -</html> +<?php include ("footer.php"); ?> + diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index bd13d1f6b..3de51297d 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -4,6 +4,12 @@ * Upload2USB App Helper Functions */ +set_exception_handler(function (Throwable $exception) { + error_log('UPLOAD2USB ERROR: ' . (string)$exception); + + include ("error.php"); +}); + //return the first removable USB drive location function getTargetUSBDriveLocation () { @@ -11,26 +17,32 @@ function getTargetUSBDriveLocation () { // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 - $removable_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + # error if 1<>usb sticks are installed + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); + if ($rmv_usb_path_count == 0) { + throw new RuntimeException('0 USB sticks found <br/><br/>'); + } elseif ($rmv_usb_path_count > 1) { + throw new RuntimeException('More than 1 USB sticks installed <br/><br/>'); + } - if (empty($removable_usb_path)) { - return "/library/www/html/local_content/"; + $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + + if (empty($rmv_usb_path)) { + throw new RuntimeException('Not able to find USB stick <br/><br/>'); } else { -// error_log ("REMOVABLE USB PATH: " . $removable_usb_path); - return $removable_usb_path . "/"; + return $rmv_usb_path . "/"; } } //returns folder path where file will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist function getTargetFolderPath ($create_folder_p) { $parent_dir = getTargetUSBDriveLocation(); -// error_log("PARENTDIR: " . $parent_dir); + $today_folder_name = "UPLOADS." . date("Y-m-d"); $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777); - + mkdir($target_folder_path, 0777); } return $target_folder_path; } @@ -40,15 +52,45 @@ function getFileCount ($folder_path) { return count(glob($folder_path . "/*")); } -//*** TODO *** check file content to see if it's unique or not -function isFileContentUnique ($file) { +//check if file mimetype is acceptable for upload +function isFileMimeTypeAcceptable ($file) { + $mimetype = strtolower(mime_content_type($file)); + $invalid_mimetypes_str = array ("compress", "octet", "xml", "zip"); + foreach ($invalid_mimetypes_str as $invalid_mt_str) { + if (str_contains($mimetype, $invalid_mt_str)) { + return false; + } + } + return true; } +//check file content to see if it's unique or not +function isFileContentUnique ($target_folder_path, $file) { + $file_to_upload_md5 = md5_file($file); + $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); + foreach ($usb_dir as $dir_file) { + $dir_file = $target_folder_path . "/" . $dir_file; -//*** TODO **** check if file exists based on file name and return unique name if does -function getUniqueFileName ($filename) { + if (!is_dir($dir_file)) { + $dir_file_md5 = md5_file($dir_file); + if ($file_to_upload_md5 == $dir_file_md5) { + return false; + } + } + } + return true; } +//return unique filename +function getUniqueFileName ($target_folder_path, $filename) { + $new_filename = $filename; + $counter = 1; + while (file_exists($target_folder_path . "/" . $new_filename)) { + $counter++; + $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); + } + return $new_filename; +} // Check file size - we are not going to check file size for now. // elseif ($_FILES["uploaded_file"]["size"] > 5000000) { @@ -56,4 +98,6 @@ function getUniqueFileName ($filename) { // $upload_ok = 0; // } + + ?> From 312ddce9ecbeda749e70e9e66cc2cc5ab33363e9 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 12 Jan 2025 12:07:37 +0100 Subject: [PATCH 1620/1758] Adding PR number to beginning of upload2usb block --- roles/usb_lib/tasks/install.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index de16e83a7..670c2f61a 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,7 +76,7 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app directory to local_content' +- name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' file: state: directory path: "{{ doc_root }}/local_content/upload" @@ -84,7 +84,6 @@ group: "{{ apache_user }}" mode: 0755 - - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" @@ -92,7 +91,6 @@ with_fileglob: - upload/* - # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 From 917c6840d69e43d16155cb0035cd91e4fcdc69a2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 8 Jan 2025 19:26:27 -0600 Subject: [PATCH 1621/1758] better visual feedback when running --- roles/network/tasks/hostapd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 4d64bf843..afc3d701c 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -3,7 +3,7 @@ hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap -- name: Disable the Access Point 'hostapd' service +- name: Disable the Access Point 'hostapd' service hostapd_enabled False systemd: name: hostapd enabled: no @@ -15,7 +15,7 @@ ignore_errors: True when: wifi_up_down and can_be_ap and has_wifi_gateway is defined -- name: Set Wifi Region country code for hostapd when present +- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 From 9391d37f40944de7a61efffa68c76b51b246e19f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 9 Jan 2025 16:43:01 -0600 Subject: [PATCH 1622/1758] move country code detection --- roles/network/tasks/detected_network.yml | 13 +++++++++++++ roles/network/tasks/hostapd.yml | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 0fe997598..34c5ade8d 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -239,6 +239,17 @@ iiab_lan_iface: "{{ iiab_wireless_lan_iface }}" when: iiab_wireless_lan_iface is defined and nobridge is defined +- name: Detect WiFi country code in use + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -295,6 +306,8 @@ value: "{{ iiab_wan_iface }}" - option: can_be_ap value: "{{ can_be_ap }}" + - option: host_country_code_found + value: "{{ host_country_code }}" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index afc3d701c..ac5df14d9 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,17 +9,6 @@ enabled: no when: not hostapd_enabled -- name: Detect WiFi country code in use - shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" - register: REG_DOM - ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - -- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present - set_fact: - host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel From fa8cc5637e044f4cf46ebf96c0db51e96cbf356b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 12 Jan 2025 10:26:51 -0600 Subject: [PATCH 1623/1758] move channel detection also --- roles/network/tasks/detected_network.yml | 16 ++++++++++++++++ roles/network/tasks/hostapd.yml | 16 ---------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 34c5ade8d..aaaf06a7e 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -250,6 +250,11 @@ host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 +- name: Detect current Wifi channel + shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 + register: current_client_channel + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -309,6 +314,17 @@ - option: host_country_code_found value: "{{ host_country_code }}" +- name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: client_wifi_channel_found + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined + # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired - name: I'm not guessing declare gateway please diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index ac5df14d9..67e04f798 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,11 +9,6 @@ enabled: no when: not hostapd_enabled -- name: Detect current Wifi channel - shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 - register: current_client_channel - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: host_channel: "{{ current_client_channel.stdout }}" @@ -120,14 +115,3 @@ value: "{{ host_country_code }}" - option: host_channel value: "{{ host_channel }}" - -- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} - ini_file: - dest: "{{ iiab_ini_file }}" - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined From a9c916e2199988c63faf2c4d51449d627d0dc108 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 8 Jan 2025 19:26:32 -0600 Subject: [PATCH 1624/1758] dont start hostapd when no_net_restart is True --- roles/network/tasks/restart.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index ec1dda7b6..9220e2d92 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -28,12 +28,12 @@ state: restarted when: wifi_up_down and can_be_ap and ansible_ap0 is undefined -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd state: restarted daemon_reload: yes - when: hostapd_enabled and (wifi_up_down or not no_net_restart) + when: hostapd_enabled and not no_net_restart # 2022-07-22: @jvonau suggests commenting this out as: "we really don't touch # any of the config files... netplan.yml renames one file if it's a container @@ -107,7 +107,7 @@ systemd: name: hostapd state: restarted - when: hostapd_enabled and wifi_slave.stdout is defined and wifi_slave.stdout == 0 + when: hostapd_enabled and not no_net_restart and wifi_slave.stdout is defined and wifi_slave.stdout == 0 #both interfaces.d and systemd-networkd should have br0 available and Appliance lacks br0 #keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address From fb008640ef031e476f8b11262e8a724b4a027880 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 8 Jan 2025 23:49:37 -0600 Subject: [PATCH 1625/1758] deal with tailscale0 --- roles/network/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 82de51aff..6b81d5a58 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -55,7 +55,7 @@ strict_networking: False iiab_demo_mode: False gui_static_wan: False wan_cidr: "" -virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" +virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e tailscale0" # Set defaults for discovery process as strings wifi1: "not found-1" From e75a8e5449e58b672fa776202411ea2755406af4 Mon Sep 17 00:00:00 2001 From: tim-moody <tim@timmoody.com> Date: Mon, 13 Jan 2025 19:43:02 -0500 Subject: [PATCH 1626/1758] set www_data poweroff false with rename --- roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml | 2 +- roles/www_options/tasks/main.yml | 16 ++++++++-------- roles/www_options/tasks/php-settings.yml | 2 +- ...ache_poweroff.j2 => 020_www_data_poweroff.j2} | 0 vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- 10 files changed, 21 insertions(+), 21 deletions(-) rename roles/www_options/templates/{020_apache_poweroff.j2 => 020_www_data_poweroff.j2} (100%) diff --git a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml index e39bea703..a28c2da61 100644 --- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml +++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml @@ -8,7 +8,7 @@ # apache_interface: 127.0.0.1 # Make this False to disable http://box/common/services/power_off.php button: -# allow_www_data_sudo: True +# allow_www_data_poweroff: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 2319c58f5..5795ea7e6 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -77,22 +77,22 @@ # COMPARE nginx_high_php_limits further above. -# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_sudo) PRESUMABLY WORK +# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_poweroff) PRESUMABLY WORK # WITH NGINX TOO ? (The single-click poweroff button on IIAB's home # page certainly does still work with NGINX.) -- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template +- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_www_data_poweroff from template template: - src: 020_apache_poweroff.j2 - dest: /etc/sudoers.d/020_apache_poweroff + src: 020_www_data_poweroff.j2 + dest: /etc/sudoers.d/020_www_data_poweroff mode: '0440' - when: allow_www_data_sudo + when: allow_www_data_poweroff -- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff +- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_www_data_poweroff file: - path: /etc/sudoers.d/020_apache_poweroff + path: /etc/sudoers.d/020_www_data_poweroff state: absent - when: not allow_www_data_sudo + when: not allow_www_data_poweroff # 2022-06-30: internet_available var removed diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 184c07b21..23c85d24b 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -207,4 +207,4 @@ # name: php{{ php_version }}-fpm # state: restarted -# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_sudo conditionals below. +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_poweroff conditionals below. diff --git a/roles/www_options/templates/020_apache_poweroff.j2 b/roles/www_options/templates/020_www_data_poweroff.j2 similarity index 100% rename from roles/www_options/templates/020_apache_poweroff.j2 rename to roles/www_options/templates/020_www_data_poweroff.j2 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4e61819a2..4494cbd72 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -274,7 +274,7 @@ nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # roles/www_base runs here (mandatory) @@ -341,7 +341,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False apache_service: apache2 apache_user: www-data # Admin Console uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index ac2e78128..920cf7ba1 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 45d6db53f..d997362a4 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -13,7 +13,7 @@ munin_enabled: True vnstat_install: True vnstat_enabled: True usb_lib_umask0000_for_kolibri: False -allow_www_data_sudo: True +allow_www_data_poweroff: False # By default # kiwix # awstats diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index c12fcb04f..a554dc34b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 88253e035..8689b3ae9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 39d8cf05c..30720a49e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -178,7 +178,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -225,7 +225,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: True From 2981a7deaa5df95dfc5064e68c84901ac2a4a1c0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 13 Jan 2025 22:19:43 -0500 Subject: [PATCH 1627/1758] hostapd.yml: "Disable the Access Point 'hostapd' service if hostapd_enabled False" --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 67e04f798..c845bd637 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -3,7 +3,7 @@ hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap -- name: Disable the Access Point 'hostapd' service hostapd_enabled False +- name: Disable the Access Point 'hostapd' service if hostapd_enabled False systemd: name: hostapd enabled: no From a16be49be576b2f059a384c895c32ae3bd02b9dd Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 15 Jan 2025 03:16:16 -0600 Subject: [PATCH 1628/1758] add recording of firmware selection and force wifi_up_down false when required --- roles/network/tasks/detected_network.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index aaaf06a7e..bd657010b 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -255,6 +255,11 @@ register: current_client_channel when: wifi_up_down and can_be_ap and has_wifi_gateway is defined +- name: Forcing wifi_up_down to False based on firmware selection "24" + set_fact: + wifi_up_down: False + when: rpi3bplus_rpi4_wifi_firmware == "24" + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -313,6 +318,10 @@ value: "{{ can_be_ap }}" - option: host_country_code_found value: "{{ host_country_code }}" + - option: firmware_option_1 + value: "{{ rpi3bplus_rpi4_wifi_firmware }}" + - option: firmware_option_2 + value: "{{ rpizerow_rpi3_wifi_firmware }}" - name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} ini_file: From 3bb41e2e07fbc0d40027e1b2e0eabd38640549d1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 15 Jan 2025 03:17:01 -0600 Subject: [PATCH 1629/1758] move firmware replacement --- roles/network/tasks/main.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 7e2f1eabb..221ea61b6 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,8 +1,3 @@ -- name: Select RPi firmware mode - include_role: - name: firmware - when: rpi_model != "none" - - name: detected_network include_tasks: detected_network.yml @@ -108,6 +103,10 @@ # end block when: network_installed is defined and network_enabled +- name: Select RPi firmware mode + include_role: + name: firmware + when: rpi_model != "none" - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: From d52fe013cd07b8bef45d070237c535ec72861f37 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 16 Jan 2025 07:07:51 -0600 Subject: [PATCH 1630/1758] don't restart wpa_supplicant when network_manager_active is set --- roles/network/tasks/restart.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 9220e2d92..5902f5d50 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -12,7 +12,7 @@ state: restarted with_items: - wpa_supplicant - when: wifi_up_down and hostapd_enabled + when: wifi_up_down and hostapd_enabled and not network_manager_active - name: Enable & Restart networkd-dispatcher.service systemd: From ca22622c7d30b4981f4ebfe679bbd6d8d1aac777 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 16 Jan 2025 09:51:32 -0500 Subject: [PATCH 1631/1758] detected_network.yml: Record WiFi firmware vars (43430 & 43455) --- roles/network/tasks/detected_network.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index bd657010b..ba104f5d6 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -318,10 +318,10 @@ value: "{{ can_be_ap }}" - option: host_country_code_found value: "{{ host_country_code }}" - - option: firmware_option_1 - value: "{{ rpi3bplus_rpi4_wifi_firmware }}" - - option: firmware_option_2 - value: "{{ rpizerow_rpi3_wifi_firmware }}" + - option: wifi_firmware_43430 + value: "{{ rpizerow_rpi3_wifi_firmware }}" + - option: wifi_firmware_43455 + value: "{{ rpi3bplus_rpi4_wifi_firmware }}" - name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} ini_file: From a5e90f65111f11d2976a861bcf43e44499460643 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 16 Jan 2025 09:54:44 -0500 Subject: [PATCH 1632/1758] network/tasks/main.yml: Blank line --- roles/network/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 221ea61b6..bb05482f5 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -108,6 +108,7 @@ name: firmware when: rpi_model != "none" + - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" From f8b743dafc003cecb57043eea42295ddf12649d3 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Fri, 17 Jan 2025 09:34:15 +0100 Subject: [PATCH 1633/1758] error.php, index.php, upload-file.php, upload2usb.php: Updating error message to refer to FAQs, titles to be more succinct, adding exception when directory can't be created. --- roles/usb_lib/files/upload/error.php | 4 ++-- roles/usb_lib/files/upload/index.php | 2 +- roles/usb_lib/files/upload/upload-file.php | 2 +- roles/usb_lib/files/upload/upload2usb.php | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index 75d4f5a2d..c5210d229 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -6,10 +6,10 @@ ?> -AN ERROR occurred! Please make sure <span style="color:red; font-weight:bold"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. <!-- Also make sure the <span style="color:red; font-weight:bold;">usb_lib_umask0000_for_kolibri</span> parameter in your IIAB configuration file is set to True. --> Reach out to TK for help if you have any questions or continue having trouble with the setup. +ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQs for additional support: <a href="https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content%3F">FAQ #4 - Can teachers display their own content?</a>, <a href="https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F">FAQ #49 - What are the best places for community support?.</a> + <br/><br/> -Share the below error message with IIAB developers at TK for debugging: <pre><?php if (isset($exception)) {echo (string)$exception;} ?></pre> diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index 670d8499e..e77b079ff 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -4,7 +4,7 @@ * Upload2USB App Index Page */ -$title = "IIAB Upload to USB"; +$title = "Upload to USB"; include("header.php"); //Check if folder for today exists, and get file count if it does diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index d86f9aa60..0d132d1d3 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -4,7 +4,7 @@ * Upload2USB App - Process Submission */ -$title = "IIAB Upload to USB App Results"; +$title = "Upload to USB Results"; include("header.php"); //get folder path where file will be stored diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index 3de51297d..31623ea6f 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -20,15 +20,15 @@ function getTargetUSBDriveLocation () { # error if 1<>usb sticks are installed $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); if ($rmv_usb_path_count == 0) { - throw new RuntimeException('0 USB sticks found <br/><br/>'); + throw new RuntimeException('0 USB sticks found. <br/><br/>'); } elseif ($rmv_usb_path_count > 1) { - throw new RuntimeException('More than 1 USB sticks installed <br/><br/>'); + throw new RuntimeException('More than 1 USB sticks installed. <br/><br/>'); } $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); if (empty($rmv_usb_path)) { - throw new RuntimeException('Not able to find USB stick <br/><br/>'); + throw new RuntimeException('Not able to find USB stick. <br/><br/>'); } else { return $rmv_usb_path . "/"; } @@ -42,7 +42,7 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777); + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_umask0000_for_kolibri' is set to 'True'. <br/><br/>"); } return $target_folder_path; } From ebbe9c066e8bb5e45cea30cca956c0eb82efaf96 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 17 Jan 2025 10:16:37 -0500 Subject: [PATCH 1634/1758] iiab-diagnostics: wpa_supplicant, NetworkManager, dmesg | grep Firmware --- scripts/iiab-diagnostics | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 47a1ae015..248cbb70d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -219,11 +219,14 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' +cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' +cat_cmd 'journalctl -b | grep NetworkManager' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' -cat_cmd 'lspci -nn' 'Devices on PCI buses' +cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' From 59f1d1b090e11e8c9c0bdecc31fcd7de551d56ff Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 17 Jan 2025 10:23:36 -0500 Subject: [PATCH 1635/1758] iiab-diagnostics: rpi-eeprom-update to show bootloader version --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 248cbb70d..d1e6e0b2b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -195,6 +195,7 @@ echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' +cat_cmd 'rpi-eeprom-update' 'RPi Bootloader EEPROM' cat_cmd 'df -h' 'Disk usage' cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' From 720e328ab6c35167b7cbbd02b528a75fd9ef61c6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 17 Jan 2025 10:55:43 -0500 Subject: [PATCH 1636/1758] iiab-diagnostics: Cap NetworkManager logging at 100 lines for now --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d1e6e0b2b..51063f9f7 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -221,7 +221,7 @@ cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' -cat_cmd 'journalctl -b | grep NetworkManager' 'NetworkManager log since boot' +cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' From d09842245b16b2baa8d64e02c5aaabb8d2693e78 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 17 Jan 2025 13:09:48 -0500 Subject: [PATCH 1637/1758] iiab-diagnostics: Clarify RPi WiFi firmware / HW models --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 51063f9f7..273bdd495 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -224,8 +224,8 @@ cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' -cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' -cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' +cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'WiFi firmware for: RPi 3 B+, 4, 5 & 500' cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' From 271da50114dfc80f983d513cb3597c4e12f683ea Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Fri, 17 Jan 2025 23:03:01 +0100 Subject: [PATCH 1638/1758] upload-file.php: Allow upload of redundant files --- roles/usb_lib/files/upload/upload-file.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 0d132d1d3..0b92ee4e5 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -20,15 +20,17 @@ if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_n } elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; $upload_ok = 0; -} elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { - $upload_msg = "This file already exists!"; - $upload_ok = 0; } elseif (file_exists($target_file)) { // rename file so name is unique $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); $target_file = $target_folder_path . "/" . $new_filename; } +#elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { +# $upload_msg = "This file already exists!"; +# $upload_ok = 0; +#} + // Check if $upload_ok is set to 0 by an error if ($upload_ok == 0) { $upload_msg = "&#x274C; Your file was not uploaded. " . $upload_msg; From a81856db5d3f056c781478cacd09e6157627c6bc Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 00:09:09 -0500 Subject: [PATCH 1639/1758] iiab-diagnostics: Cleaner output if COMMAND NOT FOUND --- scripts/iiab-diagnostics | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 273bdd495..eae728eac 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -101,10 +101,18 @@ function cat_cmd() { # $1 = command + params, $2 = explanation spc_params=$(echo "$1" | sed 's/^\s*\S\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim #spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) - if [[ $2 == "" ]]; then - echo "COMMAND: $path_cmd$spc_params" >> $outfile + if [[ $path_cmd == "" ]]; then + if [[ $2 == "" ]]; then + echo "COMMAND: $1" >> $outfile + else + echo "COMMAND: $1 # $2" >> $outfile + fi else - echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile + if [[ $2 == "" ]]; then + echo "COMMAND: $path_cmd$spc_params" >> $outfile + else + echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile + fi fi echo >> $outfile if [[ $path_cmd == "" ]]; then From 803197e8179774ebf67a21b3680af29fccf4862e Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 00:23:47 -0500 Subject: [PATCH 1640/1758] iiab-diagnostics.README.md: Update key line numbers --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index fa6c560e5..8e60124a3 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-256 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-268 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From d6b7114afc168989202e18f02d6a16c2b3ebd2c5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 01:35:36 -0500 Subject: [PATCH 1641/1758] CI: Revert ARM tests to run on Ubuntu 22.04 for now --- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- ...aspios.yml => 30min-iiab-test-install-raspios-on-zero2w.yml} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{30min-iiab-test-install-raspios.yml => 30min-iiab-test-install-raspios-on-zero2w.yml} (99%) diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index 9940b2781..403b1e7a7 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: matrix: arch: [debian12] diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml similarity index 99% rename from .github/workflows/30min-iiab-test-install-raspios.yml rename to .github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index ea89758ed..9a51536ab 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: matrix: arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] From 66fd7fad394c5fee13e4572647fb029823179bc8 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 01:46:50 -0500 Subject: [PATCH 1642/1758] Cleaner 30min-iiab-test-install-raspios-on-zero2w.yml --- .../30min-iiab-test-install-raspios-on-zero2w.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index 9a51536ab..63105bd68 100644 --- a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install raspios' +name: '"30 min" IIAB test install raspios on zero2w' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html @@ -65,13 +65,13 @@ jobs: uname -a # uname -srm whoami # Typically 'root' instead of 'runner' pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} - sudo apt-get update -y --allow-releaseinfo-change - sudo apt-get install --no-install-recommends -y git + apt-get update -y --allow-releaseinfo-change + apt-get install --no-install-recommends -y git ls /opt/iiab/iiab - sudo mkdir /etc/iiab - sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml - sudo /opt/iiab/iiab/scripts/ansible - sudo ./iiab-install + mkdir /etc/iiab + cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + /opt/iiab/iiab/scripts/ansible + ./iiab-install cd /opt/iiab/iiab iiab-summary cat /etc/iiab/iiab_state.yml From 6f63de16223a3bcae3003972c664f120de103221 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 18 Jan 2025 02:42:28 -0500 Subject: [PATCH 1643/1758] Clarify & tighten up all 3 GHA workflow names (titles) --- .github/workflows/10min-iiab-test-install.yml | 2 +- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- .github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 24dfc6c79..d2b8bd056 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -1,4 +1,4 @@ -name: '"10 min" IIAB test install' +name: '"10 min" IIAB on Ubuntu 24.04 on x86-64' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index 403b1e7a7..a8703346e 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install deb12 on rpi3' +name: '"30 min" IIAB on Debian 12 on RPi 3' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html diff --git a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index 63105bd68..9b521fee6 100644 --- a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install raspios on zero2w' +name: '"30 min" IIAB on RasPiOS on Zero 2 W' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html From f60a61ea4bfa1f83ef74d6fdd43e1303f1763303 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 18 Jan 2025 14:04:33 -0600 Subject: [PATCH 1644/1758] replace is_raspbian with dhcpcd_result == enabled --- roles/network/templates/hostapd/iiab-hotspot-off | 4 ++-- roles/network/templates/hostapd/iiab-hotspot-on | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 25a5053be..fb45603a6 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -14,7 +14,7 @@ echo " IIAB hotspot access point Disabled" #exit 0 {% else %} echo " IIAB hotspot access point Disabled" -{% if is_raspbian %} +{% if dhcpcd_result == "enabled" %} # hotspot-off before ap0_updown sed -i "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf #systemctl disable dnsmasq @@ -37,7 +37,7 @@ fi echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" #exit 0 {% endif %} -#is_raspbian +#if dhcpcd_result == "enabled" {% endif %} #wifi_up_down {% endif %} diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 03ca2d4ae..35ccc7adf 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -16,7 +16,7 @@ systemctl enable hostapd systemctl enable iiab-wifi-test.service #exit 0 {% else %} -{% if is_raspbian %} +{% if dhcpcd_result == "enabled" %} # just do what we have always done in hotspot-on cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf @@ -44,7 +44,7 @@ fi systemctl enable hostapd #exit 0 {% endif %} -#is_raspbian +#if dhcpcd_result == "enabled" {% endif %} #wifi_up_down {% endif %} From 9426e6ac98802ebbfdd8a2c74d964a9a6f0b5293 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 19 Jan 2025 08:21:27 +0100 Subject: [PATCH 1645/1758] upload-file.php: throw error when user uploads a file that has the same content and name as an already uploaded file on the same day. --- roles/usb_lib/files/upload/upload-file.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 0b92ee4e5..510a308ab 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -21,15 +21,16 @@ if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_n $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; $upload_ok = 0; } elseif (file_exists($target_file)) { - // rename file so name is unique - $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); - $target_file = $target_folder_path . "/" . $new_filename; -} -#elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { -# $upload_msg = "This file already exists!"; -# $upload_ok = 0; -#} + if (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "This file already exists!"; + $upload_ok = 0; + } else { + // rename file so name is unique + $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); + $target_file = $target_folder_path . "/" . $new_filename; + } +} // Check if $upload_ok is set to 0 by an error if ($upload_ok == 0) { From e4bdc4ddabc50ef89bfafe6c112c367076b5956f Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 19 Jan 2025 09:04:01 +0100 Subject: [PATCH 1646/1758] install.yml: add comment that usb_lib_umask0000_for_kolibri must be set to true in order to write to USB sticks. --- roles/usb_lib/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 670c2f61a..94d9b5e9a 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,6 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) +# usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 0994a5786d87b96f56cfdd4461725caa1a29108d Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Mon, 20 Jan 2025 08:27:49 -0600 Subject: [PATCH 1647/1758] detect Firmware rejected country setting --- roles/network/defaults/main.yml | 1 + roles/network/tasks/detected_network.yml | 26 +++++++++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 6b81d5a58..100b1f6ff 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -71,6 +71,7 @@ iiab_lan_iface: none discovered_lan_iface: none discovered_wired_iface: none discovered_wireless_iface: none +host_country_code_found: unset # Red Hat #iiab_wired_lan_iface: "none" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index ba104f5d6..f75ad3f06 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -243,12 +243,16 @@ shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set host_country_code_found + set_fact: + host_country_code_found: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 and wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 @@ -260,6 +264,11 @@ wifi_up_down: False when: rpi3bplus_rpi4_wifi_firmware == "24" +- name: Detect "Firmware rejected country setting" in dmesg + shell: dmesg | grep ieee80211 | grep "Firmware rejected country setting" + register: FW_rejected_country + ignore_errors: True + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -317,7 +326,7 @@ - option: can_be_ap value: "{{ can_be_ap }}" - option: host_country_code_found - value: "{{ host_country_code }}" + value: "{{ host_country_code_found }}" - option: wifi_firmware_43430 value: "{{ rpizerow_rpi3_wifi_firmware }}" - option: wifi_firmware_43455 @@ -334,6 +343,17 @@ value: "{{ current_client_channel.stdout }}" when: current_client_channel.stdout is defined +- name: Add 'detected_network' variable 'FW_rejected_country' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: FW_rejected_country + value: "{{ host_country_code_found }}" + when: FW_rejected_country.stdout is defined + # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired - name: I'm not guessing declare gateway please From f15a50610ee446ed966eeb95c65f5678d5eaf9a2 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Wed, 22 Jan 2025 05:18:41 +0100 Subject: [PATCH 1648/1758] install.yml: Adding instructions on how to unmount and mount drive manually if writing to the USB stick still doesn't work. --- roles/usb_lib/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 94d9b5e9a..181bd8819 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -8,6 +8,7 @@ # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) # usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 0caa16491df4df543e94813bad138e48ed65aac6 Mon Sep 17 00:00:00 2001 From: Avni Khatri/Fein <avni321@gmail.com> Date: Tue, 21 Jan 2025 23:27:45 -0500 Subject: [PATCH 1649/1758] install.yml: adding e.g. to make clear that variable doesn't have to be in local_vars.yml" roles/usb_lib/tasks/install.yml Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 94d9b5e9a..f5172b190 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,7 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_umask0000_for_kolibri (e.g. in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From f79a43e305675ae2178266921573f72be0d98f98 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Wed, 22 Jan 2025 10:16:21 +0100 Subject: [PATCH 1650/1758] install.yml: merging comments related to usb_lib_umask0000_for_kolibri --- roles/usb_lib/tasks/install.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index afc36e4f8..e435719dc 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,8 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) - -# usb_lib_umask0000_for_kolibri (e.g. in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_umask0000_for_kolibri (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks # If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). From 335d8ad4c1551db1725b0532b815f387e3899177 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Wed, 22 Jan 2025 10:22:38 +0100 Subject: [PATCH 1651/1758] nginx/templates/iiab.conf.j2, usb_lib/files/upload/button.html: Adding button to upload2usb app on every usb/ directory listing page. --- roles/nginx/templates/iiab.conf.j2 | 2 ++ roles/usb_lib/files/upload/button.html | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 roles/usb_lib/files/upload/button.html diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index df2fc6a94..e25a2b08c 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,10 +5,12 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; + add_before_body /usb/upload/button.html; } location /local_content/ { fancyindex on; # autoindex on; + add_before_body /usb/upload/button.html; } location /info { diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html new file mode 100644 index 000000000..276baa839 --- /dev/null +++ b/roles/usb_lib/files/upload/button.html @@ -0,0 +1,19 @@ +<style> +.button { + background-color: #343a40; + border: none; + border-radius:.25rem; + color: white; + padding: .5rem .75rem; + text-align: center; + text-decoration: none; + display: inline-block; + font-size: 1rem; + font-weight:bold; + float:right; +} +.button:hover { + color: #ddd; +} +</style> +<a class="button" href="/local_content/upload/">Upload to USB</a> From 01baaa661a7e274c451198ab80b3bacdb3bb1411 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Jan 2025 16:53:44 -0500 Subject: [PATCH 1652/1758] iiab-diagnostics: Refine 3+ 'sudo dmesg | grep ...' cmds --- scripts/iiab-diagnostics | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index eae728eac..6f93f0359 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -201,6 +201,7 @@ cat_dir /etc/netplan # Redacts most passwords above echo -e "\n 4. Output of Commands:\n" echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' +cat_cmd 'sudo dmesg | grep -i "command line:"' 'Kernel boot parameters' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' cat_cmd 'rpi-eeprom-update' 'RPi Bootloader EEPROM' @@ -230,11 +231,11 @@ cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' -#cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' +#cat_cmd 'sudo dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +cat_cmd 'sudo dmesg | grep Firmware:' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'WiFi firmware for: RPi 3 B+, 4, 5 & 500' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'sudo dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' From 765e1cd4b1060d787e7b580e2368e3701eac9c98 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Jan 2025 17:42:56 -0500 Subject: [PATCH 1653/1758] iiab-diagnostics: Use sudo with journalctl (in all 6 cases_ --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 6f93f0359..ca1ee4d67 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,8 +229,8 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' -cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' -cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' +cat_cmd 'sudo journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' +cat_cmd 'sudo journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'sudo dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'sudo dmesg | grep Firmware:' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' @@ -245,10 +245,10 @@ cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorat cat_cmd 'sudo lb --version' 'xklb version' cat_cmd 'sudo yt-dlp --version' 'yt-dlp version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' -cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' +cat_cmd 'sudo journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 cat_tail /var/log/xklb.log 300 -cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' +cat_cmd 'sudo journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" From 89a06d6e5e5706a81faf5345acc7cb8bef785a84 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 22 Jan 2025 18:26:43 -0500 Subject: [PATCH 1654/1758] Update iiab-diagnostics.README.md for PR #3909 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 8e60124a3..f766e922e 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-268 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-269 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From ad175fb3caf50a66935afbcef7616ea18affff56 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Thu, 23 Jan 2025 06:19:13 +0100 Subject: [PATCH 1655/1758] index.php, upload-file.php: change 'submit' to 'upload' in user-facing text --- roles/usb_lib/files/upload/index.php | 2 +- roles/usb_lib/files/upload/upload-file.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index e77b079ff..6eab98dbf 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -15,7 +15,7 @@ $file_count = getFileCount(getTargetFolderPath(0)); <form action="upload-file.php" id="upload2usb_form" method="post" enctype="multipart/form-data"> <label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label><br/> <input type="file" name="uploaded_file" id="uploaded_file"><br/><br/> - <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button> + <button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Upload</button> </form> <br/> <?php echo $file_count ?> files have been uploaded today! diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 510a308ab..a3c6e9674 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -15,10 +15,10 @@ $upload_ok = 1; $upload_msg = ""; if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_name'])) { - $upload_msg = "No file submitted!"; + $upload_msg = "No file uploaded!"; $upload_ok = 0; } elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { - $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; + $upload_msg = "You cannot upload zips, executables, xml, or binary files!"; $upload_ok = 0; } elseif (file_exists($target_file)) { @@ -50,7 +50,7 @@ $file_count = getFileCount($target_folder_path); ?> <?php echo $upload_msg ?> <br/> - <?php echo $file_count ?> files have been submitted today! + <?php echo $file_count ?> files have been uploaded today! <?php include ("footer.php"); ?> From 91533f5fb3eb4a4e2eda0d807cfacbb6cec8b7a1 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Thu, 23 Jan 2025 06:19:25 +0100 Subject: [PATCH 1656/1758] iiab.conf.j2: modify config to route /usb/upload/*.php to the upload2usb app! --- roles/nginx/templates/iiab.conf.j2 | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index e25a2b08c..e3fdee774 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,7 +5,20 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /usb/upload/button.html; +} + +location ~ ^/usb/upload/(.*)\.php$ { + alias /library/www/html/local_content/upload/$1.php; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + include fastcgi_params; } location /local_content/ { From 68dafdbc399bd493bee8cd5b2c6a55cb707e9846 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Thu, 23 Jan 2025 06:27:32 +0100 Subject: [PATCH 1657/1758] button.html: change button href to point to /usb/upload instead of /local_content/upload --- roles/usb_lib/files/upload/button.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html index 276baa839..658f74fb2 100644 --- a/roles/usb_lib/files/upload/button.html +++ b/roles/usb_lib/files/upload/button.html @@ -16,4 +16,4 @@ color: #ddd; } </style> -<a class="button" href="/local_content/upload/">Upload to USB</a> +<a class="button" href="/usb/upload/">Upload to USB</a> From 6dfda009e424dbdcb4531433c2d752364cd2edf7 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Thu, 23 Jan 2025 06:51:43 +0100 Subject: [PATCH 1658/1758] upload2usb.php: allow all word files, be more specific about xml mimetypes; log error message if user uploads invalid mimetype --- roles/usb_lib/files/upload/upload2usb.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index 31623ea6f..f2b3aa883 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -55,9 +55,10 @@ function getFileCount ($folder_path) { //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "octet", "xml", "zip"); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml", "zip"); foreach ($invalid_mimetypes_str as $invalid_mt_str) { if (str_contains($mimetype, $invalid_mt_str)) { + error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); return false; } } From 0cc63d8895dd6b07dcee71a61db2c3dbd8304151 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 23 Jan 2025 02:38:56 -0600 Subject: [PATCH 1659/1758] detect cmdline country code passed --- roles/network/tasks/detected_network.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index f75ad3f06..5e95182d3 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -269,6 +269,11 @@ register: FW_rejected_country ignore_errors: True +- name: Detect country code passed from cmdline + shell: dmesg | awk -F cfg80211.ieee80211_regdom= '{print $2}' + register: cmdline_country_code + ignore_errors: True + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -351,7 +356,7 @@ value: "{{ item.value | string }}" with_items: - option: FW_rejected_country - value: "{{ host_country_code_found }}" + value: "{{ cmdline_country_code }}" when: FW_rejected_country.stdout is defined # well if there ever was a point to tell the user things are FUBAR this is it. From eb21c8654aa4a24d6be41e9dab43f35609c5ba03 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 23 Jan 2025 06:45:38 -0600 Subject: [PATCH 1660/1758] UNSET --- roles/network/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 100b1f6ff..593f14922 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -71,7 +71,8 @@ iiab_lan_iface: none discovered_lan_iface: none discovered_wired_iface: none discovered_wireless_iface: none -host_country_code_found: unset +# use the same case as what `iw reg get` would return with 00 present +host_country_code_found: UNSET # Red Hat #iiab_wired_lan_iface: "none" From 999127339102c443a6d2ed9a7612f5ea2a552b73 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 23 Jan 2025 12:36:55 -0600 Subject: [PATCH 1661/1758] grep & stdout --- roles/network/tasks/detected_network.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 5e95182d3..e4ec63bd8 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -269,8 +269,8 @@ register: FW_rejected_country ignore_errors: True -- name: Detect country code passed from cmdline - shell: dmesg | awk -F cfg80211.ieee80211_regdom= '{print $2}' +- name: Detect country code passed from cmdline in dmesg + shell: dmesg | grep ieee80211 | awk -F cfg80211.ieee80211_regdom= '{print $2}' register: cmdline_country_code ignore_errors: True @@ -356,7 +356,7 @@ value: "{{ item.value | string }}" with_items: - option: FW_rejected_country - value: "{{ cmdline_country_code }}" + value: "{{ cmdline_country_code.stdout }}" when: FW_rejected_country.stdout is defined # well if there ever was a point to tell the user things are FUBAR this is it. From dcc9862527f92153ba90affaabdfdc436eb7722f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 23 Jan 2025 15:36:19 -0600 Subject: [PATCH 1662/1758] use systemd-udev-trigger.service --- roles/usb_lib/templates/usbmount@.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 34d75d9f3..52da18ba5 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -1,7 +1,7 @@ [Unit] BindTo=%i.device After=%i.device -After=rc-local.service +After=systemd-udev-trigger.service [Service] #Type=oneshot From e319b394e87177ccf440d62077c9baab2fee735f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Fri, 24 Jan 2025 08:14:42 -0600 Subject: [PATCH 1663/1758] Update roles/network/tasks/detected_network.yml future proof Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index e4ec63bd8..a5fc5eaf0 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -270,7 +270,7 @@ ignore_errors: True - name: Detect country code passed from cmdline in dmesg - shell: dmesg | grep ieee80211 | awk -F cfg80211.ieee80211_regdom= '{print $2}' + shell: dmesg | grep -m1 'cfg80211\.ieee80211_regdom=' | awk -F 'cfg80211\.ieee80211_regdom=' '{print $2}' register: cmdline_country_code ignore_errors: True From eecf6f83064c3eda3c5574711720b2d28fd6a4d9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 24 Jan 2025 10:06:30 -0500 Subject: [PATCH 1664/1758] Wifi Country Code might in the middle of dmesg line (not on the right) --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index a5fc5eaf0..1663f8c39 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -270,7 +270,7 @@ ignore_errors: True - name: Detect country code passed from cmdline in dmesg - shell: dmesg | grep -m1 'cfg80211\.ieee80211_regdom=' | awk -F 'cfg80211\.ieee80211_regdom=' '{print $2}' + shell: dmesg | grep -om1 'cfg80211\.ieee80211_regdom=\S*' | cut -d= -f2 register: cmdline_country_code ignore_errors: True From 3b9edfdfc0282cb2218bdcb3a3147302991b50a7 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sat, 25 Jan 2025 07:13:09 +0100 Subject: [PATCH 1665/1758] multiple files in vars/ and usb_lib/: rename usb_lib_umask0000_for_kolibri to usb_lib_writable_sticks so it is more generally applicable --- roles/usb_lib/README.rst | 2 +- roles/usb_lib/defaults/main.yml | 4 ++-- roles/usb_lib/files/upload/upload2usb.php | 2 +- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/tasks/main.yml | 14 +++++++------- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 2 +- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 22fd711d2..54d9714ca 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L76>`_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri and other app exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index 2a4b19308..c53591f8f 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -5,8 +5,8 @@ # iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -# usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# usb_lib_writable_sticks: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index f2b3aa883..cfd87775f 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -42,7 +42,7 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_umask0000_for_kolibri' is set to 'True'. <br/><br/>"); + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_writable_sticks' is set to 'True'. <br/><br/>"); } return $target_folder_path; } diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..4e40a99eb 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,7 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_umask0000_for_kolibri (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks # If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 7836f2d3a..52d192da8 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -32,28 +32,28 @@ # If setup.yml becomes the norm in future, put the 2-3 stanzas below in there: -- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri exports work" +- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"' path: /etc/usbmount/usbmount.conf - when: usb_lib_umask0000_for_kolibri + when: usb_lib_writable_sticks # Setting 'umask=0000' for all filesystems: (much the same thing as above, as # the mount command does not use this umask setting for filesystems like ext4) -#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work" +#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" # lineinfile: # regexp: '^MOUNTOPTIONS=.*' # line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"' # path: /etc/usbmount/usbmount.conf -# when: usb_lib_umask0000_for_kolibri +# when: usb_lib_writable_sticks - name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole path: /etc/usbmount/usbmount.conf - when: not usb_lib_umask0000_for_kolibri + when: not usb_lib_writable_sticks - name: Enable/Disable/Restart NGINX @@ -88,5 +88,5 @@ value: "{{ usb_lib_install }}" - option: usb_lib_enabled value: "{{ usb_lib_enabled }}" - - option: usb_lib_umask0000_for_kolibri - value: "{{ usb_lib_umask0000_for_kolibri }}" + - option: usb_lib_writable_sticks + value: "{{ usb_lib_writable_sticks }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4494cbd72..11ed238a7 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -310,8 +310,8 @@ usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True systemd_location: /lib/systemd/system # 2-common iiab-startup also uses # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 920cf7ba1..91b744051 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: True diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index d997362a4..445c9bb2f 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -12,7 +12,7 @@ munin_install: True munin_enabled: True vnstat_install: True vnstat_enabled: True -usb_lib_umask0000_for_kolibri: False +usb_lib_writable_sticks: False allow_www_data_poweroff: False # By default # kiwix diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a554dc34b..f55dd8ce8 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8689b3ae9..5cfa34bec 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 30720a49e..89accf217 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -202,7 +202,7 @@ bluetooth_term_enabled: False iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False From 286890b0d097e84ab404e8f40dc25432f3009d6d Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sat, 25 Jan 2025 08:14:44 +0100 Subject: [PATCH 1666/1758] error.php: updating FAQ reference to refer to new upload2usb-specific FAQ. --- roles/usb_lib/files/upload/error.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index c5210d229..2e51003e0 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -5,8 +5,7 @@ */ ?> - -ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQs for additional support: <a href="https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content%3F">FAQ #4 - Can teachers display their own content?</a>, <a href="https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F">FAQ #49 - What are the best places for community support?.</a> +ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, <a href="https://wiki.iiab.io/go/FAQ#Can_students_upload_their_own_work%3F" style="font-style:italic;">Can students upload their own work?,</a> for additional support. <br/><br/> From 44e2772ccc4eec963ed610f0b94cde422a990b71 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 09:44:02 -0500 Subject: [PATCH 1667/1758] Update README to clarify Kolibri exports --- roles/usb_lib/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 54d9714ca..bb8b82e4e 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L76>`_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri and other app exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: From 7c2f0c9c6ef42ef2ffe44f230d8245555d7de979 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sat, 25 Jan 2025 21:30:36 +0100 Subject: [PATCH 1668/1758] usb_lib/*, vars/*: prevent Cheating (Copying) of homeworks, when teacher creates 'PUBLIC' folder on their USB stick --- roles/usb_lib/files/upload/error.php | 2 +- roles/usb_lib/tasks/install.yml | 6 +- roles/usb_lib/tasks/main.yml | 11 +-- roles/usb_lib/tasks/nginx.yml | 32 +++++---- roles/usb_lib/templates/iiab-clean-usb.sh | 4 +- ...l-off => iiab-usb_lib-show-all-off.unused} | 0 ...all-on => iiab-usb_lib-show-all-on.unused} | 0 .../usb_lib/templates/mount.d/70-usb-library | 72 ------------------- .../templates/mount.d/70-usb-library.j2 | 45 ++++++++++++ .../70-usb-library | 4 +- vars/default_vars.yml | 3 +- vars/local_vars_large.yml | 3 +- vars/local_vars_medium.yml | 3 +- vars/local_vars_small.yml | 3 +- vars/local_vars_unittest.yml | 3 +- 15 files changed, 85 insertions(+), 106 deletions(-) rename roles/usb_lib/templates/{iiab-usb_lib-show-all-off => iiab-usb_lib-show-all-off.unused} (100%) rename roles/usb_lib/templates/{iiab-usb_lib-show-all-on => iiab-usb_lib-show-all-on.unused} (100%) delete mode 100644 roles/usb_lib/templates/mount.d/70-usb-library create mode 100644 roles/usb_lib/templates/mount.d/70-usb-library.j2 rename roles/usb_lib/templates/{umount.d => umount.d.unused}/70-usb-library (75%) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index 2e51003e0..46dd0e667 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -5,7 +5,7 @@ */ ?> -ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, <a href="https://wiki.iiab.io/go/FAQ#Can_students_upload_their_own_work%3F" style="font-style:italic;">Can students upload their own work?,</a> for additional support. +ERROR: Please make sure <span style="color:red; font-weight:bold;"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, "<a href="https://wiki.iiab.io/go/FAQ#Can_students_upload_their_own_work%3F" style="font-weight:bold;">Can students upload their own work?</a>", for additional support. <br/><br/> diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..f4c5d671e 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -75,8 +75,6 @@ with_items: - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - - { src: 'iiab-usb_lib-show-all-on', dest: '/usr/bin/', mode: '0755' } - - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } - name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' @@ -90,7 +88,7 @@ - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload" # /library/www/html + dest: "{{ doc_root }}/local_content/upload/" # /library/www/html with_fileglob: - upload/* diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 7836f2d3a..af9d22790 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,11 +66,12 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -- name: Put variable in iiab.env that enables display of content at root of USB - lineinfile: - path: "{{ iiab_env_file }}" - regexp: "^IIAB_USB_LIB_SHOW_ALL.*" - line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +#- name: Put variable in iiab.env that enables display of content at root of USB +# lineinfile: +# path: "{{ iiab_env_file }}" +# regexp: "^IIAB_USB_LIB_SHOW_ALL.*" +# line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} diff --git a/roles/usb_lib/tasks/nginx.yml b/roles/usb_lib/tasks/nginx.yml index 7e572142a..1e6be6d21 100644 --- a/roles/usb_lib/tasks/nginx.yml +++ b/roles/usb_lib/tasks/nginx.yml @@ -1,20 +1,21 @@ - name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled template: - src: mount.d/70-usb-library - dest: /etc/usbmount/mount.d/ + src: mount.d/70-usb-library.j2 + dest: /etc/usbmount/mount.d/70-usb-library owner: root group: root mode: '0751' when: usb_lib_enabled -- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled - template: - src: umount.d/70-usb-library - dest: /etc/usbmount/umount.d - owner: root - group: root - mode: '0751' - when: usb_lib_enabled +# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh +# - name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled +# template: +# src: umount.d/70-usb-library +# dest: /etc/usbmount/umount.d +# owner: root +# group: root +# mode: '0751' +# when: usb_lib_enabled - name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled file: @@ -22,11 +23,12 @@ state: absent when: not usb_lib_enabled -- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled - file: - path: /etc/usbmount/umount.d/70-usb-library - state: absent - when: not usb_lib_enabled +# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh +# - name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled +# file: +# path: /etc/usbmount/umount.d/70-usb-library +# state: absent +# when: not usb_lib_enabled - name: Restart 'nginx' systemd service systemd: diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index a1876551c..56d63292d 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -5,10 +5,10 @@ DEVICE=`echo $@ | sed -s 's|-|/|'` MNT_POINT=`findmnt -n /$DEVICE | awk '{print $1}'` CONTENT_LINK_USB=`basename $MNT_POINT | awk '{print toupper($0)}'` CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usbmount" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK - logger -p user.notice -t "usbmount" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed." fi diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-off b/roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused similarity index 100% rename from roles/usb_lib/templates/iiab-usb_lib-show-all-off rename to roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-on b/roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused similarity index 100% rename from roles/usb_lib/templates/iiab-usb_lib-show-all-on rename to roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused diff --git a/roles/usb_lib/templates/mount.d/70-usb-library b/roles/usb_lib/templates/mount.d/70-usb-library deleted file mode 100644 index 5b9cfefe8..000000000 --- a/roles/usb_lib/templates/mount.d/70-usb-library +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -# Create symlink in DocumentRoot/content to autmounted usb drive -# -# based on a similar script in the xs-rsync package -# by Martin Langhoff <martin@laptop.org> -# -# and the adaptation for xs-activity-server by Douglas Bagnall -# <douglas@paradise.net.nz> -# -# by Tim Moody tim@timmoody.com - -source {{ iiab_env_file }} -case $IIAB_USB_LIB_SHOW_ALL in -'True'|'true'|'TRUE') - logger -p user.notice -t "70-usb-library" -- "Display entire USB drive is True. Checking for rootfs or /library on $UM_MOUNTPOINT." - # regularize the variable - IIAB_USB_LIB_SHOW_ALL=True - ;; -*) - logger -p user.notice -t "70-usb-library" -- "Looking for /share, /Share, /Piratebox/Share, /USB, or /usb on $UM_MOUNTPOINT." - ;; -esac - -VERBOSE=yes - -SHARE_DIR="" -# Only show content if in these directories - -if [ -d $UM_MOUNTPOINT/share ]; then - SHARE_DIR="$UM_MOUNTPOINT/share" -fi -if [ -d $UM_MOUNTPOINT/Share ]; then - SHARE_DIR="$UM_MOUNTPOINT/Share" -fi -if [ -d $UM_MOUNTPOINT/Piratebox/Share ]; then - SHARE_DIR="$UM_MOUNTPOINT/Piratebox/Share" -fi -if [ -d $UM_MOUNTPOINT/USB ]; then - SHARE_DIR="$UM_MOUNTPOINT/USB" -fi -if [ -d $UM_MOUNTPOINT/usb ]; then - SHARE_DIR="$UM_MOUNTPOINT/usb" -fi - -if [ "$IIAB_USB_LIB_SHOW_ALL" == "True" ]; then - UM_DEV=`findmnt $UM_MOUNTPOINT | grep / | awk '{print $2}'` - LIB_DEV=`findmnt /library | grep / | awk '{print $2}' |awk -F '[' '{print $1}'` - ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` - if [ "$UM_DEV" == "$LIB_DEV" ]; then - logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing /library" - #echo "lib on dev" - elif [ "$UM_DEV" == "$ROOT_DEV" ]; then - logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing rootfs" - #echo "rootfs on dev" - else - SHARE_DIR="$UM_MOUNTPOINT" - fi -fi - -if [ ! -z "$SHARE_DIR" ]; then - logger -p user.notice -t "70-usb-library" -- "Found Share Directory $SHARE_DIR." -else - logger -p user.notice -t "70-usb-library" -- "did not find /share, /Share, /Piratebox/Share, /USB, or /usb on USB" -fi - - -if [ "$SHARE_DIR" != "" ];then - CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` - CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" - logger -p user.notice -t "70-usb-library" -- "Creating link to $CONTENT_LINK." - ln -s $SHARE_DIR $CONTENT_LINK -fi diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 new file mode 100644 index 000000000..d124e79c0 --- /dev/null +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -0,0 +1,45 @@ +#!/bin/bash +# Create symlink in DocumentRoot/content to automounted usb drive +# +# based on a similar script in the xs-rsync package +# by Martin Langhoff <martin@laptop.org> +# +# and the adaptation for xs-activity-server by Douglas Bagnall +# <douglas@paradise.net.nz> +# +# by Tim Moody tim@timmoody.com + +VERBOSE=yes + +# UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +SHARE_DIR=$UM_MOUNTPOINT +if [ -d $UM_MOUNTPOINT/PUBLIC ]; then + SHARE_DIR="$UM_MOUNTPOINT/PUBLIC" + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" +else + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" +fi + +LIB_DEV=`findmnt /library | grep / | awk '{print $2}' | awk -F '[' '{print $1}'` +ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` +BOOT_DEV=`findmnt /boot | grep / | awk '{print $2}'` +BOOTFW_DEV=`findmnt /boot/firmware | grep / | awk '{print $2}'` +if [ "$UM_DEVICE" == "$LIB_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" + exit +elif [ "$UM_DEVICE" == "$ROOT_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" + exit +elif [ "$UM_DEVICE" == "$BOOT_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" + exit +elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" + exit +fi + +CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` +CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" +ln -s $SHARE_DIR $CONTENT_LINK + diff --git a/roles/usb_lib/templates/umount.d/70-usb-library b/roles/usb_lib/templates/umount.d.unused/70-usb-library similarity index 75% rename from roles/usb_lib/templates/umount.d/70-usb-library rename to roles/usb_lib/templates/umount.d.unused/70-usb-library index 5af914c01..d8e095008 100644 --- a/roles/usb_lib/templates/umount.d/70-usb-library +++ b/roles/usb_lib/templates/umount.d.unused/70-usb-library @@ -12,7 +12,7 @@ CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "70-usb-library" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Attempting to remove link $CONTENT_LINK." if [ -L $CONTENT_LINK ]; then {% if is_debuntu %} @@ -20,5 +20,5 @@ if [ -L $CONTENT_LINK ]; then {% else %} /usr/bin/rm -f $CONTENT_LINK {% endif %} - logger -p user.notice -t "70-usb-library" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (70-usb-library)" -- "$CONTENT_LINK removed." fi diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4494cbd72..c42a4ca99 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -308,7 +308,8 @@ bluetooth_term_enabled: False usb_lib_install: True usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 920cf7ba1..c84b30736 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a554dc34b..ff46f8a9b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8689b3ae9..1190ec377 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 30720a49e..744148cc0 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -199,7 +199,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True From fe633b2cd72d55b0266c19e37cb3253033185fe7 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Jan 2025 15:36:05 -0500 Subject: [PATCH 1669/1758] Upload2USB initial doc cleanup --- roles/usb_lib/README.rst | 32 +++++++++++++++----------------- roles/usb_lib/defaults/main.yml | 4 ++-- roles/usb_lib/tasks/main.yml | 4 ++-- vars/default_vars.yml | 6 ++---- vars/local_vars_large.yml | 6 ++---- vars/local_vars_medium.yml | 6 ++---- vars/local_vars_small.yml | 6 ++---- vars/local_vars_unittest.yml | 6 ++---- 8 files changed, 29 insertions(+), 41 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index bb8b82e4e..33d93e2dc 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -2,30 +2,28 @@ usb_lib README ============== -**PLEASE SEE "Can teachers display their own content?" WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** +**PLEASE SEE** `"Can teachers display their own content?" <https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content?>`_ **AND** `"Can students upload their own work?" <https://wiki.iiab.io/go/FAQ#Can_students_upload_their_own_work?>`_ **WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION!** -This role implements functionality similar to LibraryBox, to mount "teacher content" from USB drives. +This role (1) implements functionality similar to LibraryBox, to mount "teacher content" from USB sticks / drives for students, and (2) allows students to upload their work to the teacher's USB stick / drive: -Users should have nearly immediate access to this "teacher content" (on all inserted USB drives) by browsing to http://box/usb +#. Students should have nearly immediate access to "teacher content" (on all inserted USB sticks) by browsing to http://box/usb. +#. Students can also click the "Upload to USB" button on top of this same page (http://box/usb), to upload their work to the teacher's USB stick. (FYI student uploads appear in folders like ``UPLOADS.YYYY-MM-DD`` within the root of the teacher's USB stick). -Automount is handled by usbmount, and scripts in this role look in the root of the mounted drive for... +As of January 2025, automount is handled by usbmount: (`devmon included with udevil <https://ignorantguru.github.io/udevil/>`_ might be considered in future) -* /usb -* /USB -* /share -* /Share -* /Piratebox/Share +* A script in this role (/etc/usbmount/mount.d/70-usb-library) looks in the root of the mounted USB stick for folder /PUBLIC and if found, creates a symlink of the form /library/www/html/local_content/USBn pointing to /media/usbn/PUBLIC — where n is generally one of {0, 1, 2, 3, 4, 5, 6, 7}. *RESULT: Only documents within /PUBLIC are browsable by students.* This option is very useful to **prevent students from copying uploaded homework!** +* If however folder /PUBLIC is not found, the symlink is created to the root of the mounted USB stick. *RESULT: EVERYTHING on the USB stick is browsable by students — just like with a traditional community bulletin board.* This option is very useful when students are uploading artwork, photo essays, personal audio recordings and **science projects that are intended to be shared!** -...and if found, creates a symlink of the form /library/www/html/local_content/USBn pointing to /media/usbn — where n is generally one of {0, 1, 2, 3, 4, 5, 6, 7}. +Technical Details: -USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L76>`_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 100 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L100>`_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB). +* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` -Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: +* Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: -* https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) -* https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) -* https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) + * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) + * https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) + * https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -Legacy warning: There is also a patch for problems with automount on Fedora 21+. Please note that as of 4.1.8-200.fc22.x86_64 not all USB drives will mount, even with this patch. +* Dev Notes at the top of: https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index c53591f8f..427a26ea7 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -4,8 +4,8 @@ # Show entire contents of USB sticks/drives (at http://box/usb) # iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) # usb_lib_writable_sticks: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 52d192da8..ab6f0f19e 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -32,7 +32,7 @@ # If setup.yml becomes the norm in future, put the 2-3 stanzas below in there: -- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" +- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf -- for Kolibri exports AND student uploads to teacher's USB stick (using http://box/usb)" lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"' @@ -41,7 +41,7 @@ # Setting 'umask=0000' for all filesystems: (much the same thing as above, as # the mount command does not use this umask setting for filesystems like ext4) -#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" +#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work" # lineinfile: # regexp: '^MOUNTOPTIONS=.*' # line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"' diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 11ed238a7..a45384e1e 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -307,10 +307,8 @@ bluetooth_term_enabled: False # USB_LIB usb_lib_install: True usb_lib_enabled: True -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True systemd_location: /lib/systemd/system # 2-common iiab-startup also uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 91b744051..7228bb506 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f55dd8ce8..153401d26 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 5cfa34bec..b17fcc9ae 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 89accf217..840d0d9b8 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -198,10 +198,8 @@ bluetooth_install: False bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) From d15493b399553f519a55beed5d11848e8907af83 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Sat, 25 Jan 2025 15:47:56 -0500 Subject: [PATCH 1670/1758] Begin to remove iiab_usb_lib_show_all and IIAB_USB_LIB_SHOW_ALL --- roles/usb_lib/defaults/main.yml | 3 --- roles/usb_lib/tasks/main.yml | 6 ------ 2 files changed, 9 deletions(-) diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index 427a26ea7..f7cbf10b6 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -1,9 +1,6 @@ # usb_lib_install: True # usb_lib_enabled: True -# Show entire contents of USB sticks/drives (at http://box/usb) -# iiab_usb_lib_show_all: True - # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for # Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) # usb_lib_writable_sticks: True diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index ab6f0f19e..023b714a7 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,12 +66,6 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -- name: Put variable in iiab.env that enables display of content at root of USB - lineinfile: - path: "{{ iiab_env_file }}" - regexp: "^IIAB_USB_LIB_SHOW_ALL.*" - line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} ini_file: From 6562a4a12d4067858b962802aaad696af5fd8e41 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 16:02:01 -0500 Subject: [PATCH 1671/1758] 70-usb-library.j2: remove blank at EOF Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index d124e79c0..7e52c0329 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -42,4 +42,3 @@ CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" ln -s $SHARE_DIR $CONTENT_LINK - From 13f5227824fd15bd4ed95e08f1d48b7a9de495e4 Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sat, 25 Jan 2025 22:39:00 +0100 Subject: [PATCH 1672/1758] vars/local_vars*, vars/default_vars.yml, roles/usb_lib/tasks/main.yml: reverting comment of iiab_usb_lib_show_all --- roles/usb_lib/tasks/main.yml | 11 +++++------ vars/default_vars.yml | 3 +-- vars/local_vars_large.yml | 3 +-- vars/local_vars_medium.yml | 3 +-- vars/local_vars_small.yml | 3 +-- vars/local_vars_unittest.yml | 3 +-- 6 files changed, 10 insertions(+), 16 deletions(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index af9d22790..7836f2d3a 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,12 +66,11 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -#- name: Put variable in iiab.env that enables display of content at root of USB -# lineinfile: -# path: "{{ iiab_env_file }}" -# regexp: "^IIAB_USB_LIB_SHOW_ALL.*" -# line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" +- name: Put variable in iiab.env that enables display of content at root of USB + lineinfile: + path: "{{ iiab_env_file }}" + regexp: "^IIAB_USB_LIB_SHOW_ALL.*" + line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c42a4ca99..4494cbd72 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -308,8 +308,7 @@ bluetooth_term_enabled: False usb_lib_install: True usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c84b30736..920cf7ba1 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index ff46f8a9b..a554dc34b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 1190ec377..8689b3ae9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 744148cc0..30720a49e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -199,8 +199,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True From f9538a48340fe97ee373dd30418eeec2cdc132b5 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:04:46 -0500 Subject: [PATCH 1673/1758] mount.d/70-usb-library.j2: move lib/root/boot check above check for PUBLIC dir Co-authored-by: A Holt <holta@users.noreply.github.com> --- .../templates/mount.d/70-usb-library.j2 | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 7e52c0329..f0d41f22d 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -12,18 +12,11 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts -SHARE_DIR=$UM_MOUNTPOINT -if [ -d $UM_MOUNTPOINT/PUBLIC ]; then - SHARE_DIR="$UM_MOUNTPOINT/PUBLIC" - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" -else - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" -fi -LIB_DEV=`findmnt /library | grep / | awk '{print $2}' | awk -F '[' '{print $1}'` -ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` -BOOT_DEV=`findmnt /boot | grep / | awk '{print $2}'` -BOOTFW_DEV=`findmnt /boot/firmware | grep / | awk '{print $2}'` +LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) +ROOT_DEV=$(findmnt -no source /) +BOOT_DEV=$(findmnt -no source /boot) +BOOTFW_DEV=$(findmnt -no source /boot/firmware) if [ "$UM_DEVICE" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit @@ -38,6 +31,14 @@ elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then exit fi +if [ -d $UM_MOUNTPOINT/PUBLIC ]; then + SHARE_DIR=$UM_MOUNTPOINT/PUBLIC + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" +else + SHARE_DIR=$UM_MOUNTPOINT + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" +fi + CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" From 18c5fe711d147fff379d5823e03698117e4838d4 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:30:14 -0500 Subject: [PATCH 1674/1758] Update roles/usb_lib/templates/mount.d/70-usb-library.j2 Add thanks and reference to PR #3254 Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index f0d41f22d..6e167656c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,6 +13,8 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# 2022-06-16 better security thanks to @tim-moody and @jvonau: +# https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) From 64756b6772d64ae7465ad292b2cde93f068a647e Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:35:43 -0500 Subject: [PATCH 1675/1758] Update roles/usb_lib/templates/mount.d/70-usb-library.j2 Add thanks and reference to PR #3254 Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 6e167656c..2d77abceb 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,6 +13,8 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# 2022-06-16 better security thanks to @tim-moody and @jvonau: +# https://github.com/iiab/iiab/pull/3254 # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) From 2462bba6f5ad2745bb56deb4d69487d5df3dceb2 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:45:11 -0500 Subject: [PATCH 1676/1758] 70-usb-library.j2: Fix symlink from/to in comment Thank you! Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 2d77abceb..1c05f001c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -45,5 +45,5 @@ fi CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" ln -s $SHARE_DIR $CONTENT_LINK From 427dc57ed0b9563b52ae8d4c1b14649d769fe8bc Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 17:45:54 -0500 Subject: [PATCH 1677/1758] 70-usb-library.j2: revert duplicate comment Revert duplicate comment Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 1c05f001c..850693a1c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,8 +13,6 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts -# 2022-06-16 better security thanks to @tim-moody and @jvonau: -# https://github.com/iiab/iiab/pull/3254 # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) From d0a00da60127fddb52aaa6715e9d6df09dcde8e8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 25 Jan 2025 20:08:37 -0500 Subject: [PATCH 1678/1758] usb_lib/README.rst: Clarify usbmount supported filesystems line --- roles/usb_lib/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 33d93e2dc..e51db625a 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -16,7 +16,7 @@ As of January 2025, automount is handled by usbmount: (`devmon included with ude Technical Details: -* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 100 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L100>`_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L103>`_ * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` From 2401ff3d60aa2ee14c9c6f7deceb8dd287072c78 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 20:49:12 -0500 Subject: [PATCH 1679/1758] 70-usb-library.j2: Add additional logging of lib/root/boot mount points Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 850693a1c..7f63f3ea5 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -19,6 +19,12 @@ LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) BOOTFW_DEV=$(findmnt -no source /boot/firmware) +# Verbose logging to illuminate occasional boot bugginess: +logger -t "usb_lib (70-usb-library)" "UM_DEVICE is: $UM_DEVICE" +logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV" +logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" +logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" +logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEVICE" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit From cd160da6799c7bc425e2088d94285c75b8e98246 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 20:52:04 -0500 Subject: [PATCH 1680/1758] 70-usb-library.j2: syntax change to CONTENT_LINK_USB var Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 7f63f3ea5..3f29c7f45 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -47,7 +47,7 @@ else logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" fi -CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` +CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" ln -s $SHARE_DIR $CONTENT_LINK From 425cbf494cf79c59c9518e341dc5cd86f3c19f59 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 25 Jan 2025 20:54:32 -0500 Subject: [PATCH 1681/1758] iiab-clean-usb.sh: $() instead of `` for command substitution --- roles/usb_lib/templates/iiab-clean-usb.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index 56d63292d..dcdf987d3 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -1,9 +1,9 @@ #!/bin/bash # Remove symlink in /library/content to automounted usb drive # -DEVICE=`echo $@ | sed -s 's|-|/|'` -MNT_POINT=`findmnt -n /$DEVICE | awk '{print $1}'` -CONTENT_LINK_USB=`basename $MNT_POINT | awk '{print toupper($0)}'` +DEVICE=$(echo $@ | sed -s 's|-|/|') +MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') +CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." From 27e286b8aeff45f9b564e9e72fa236bd47e4ab00 Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 20:55:13 -0500 Subject: [PATCH 1682/1758] 70-usb-library.j2: comm Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 3f29c7f45..8b54568c6 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -9,7 +9,8 @@ # # by Tim Moody tim@timmoody.com -VERBOSE=yes +# Better to set this in /etc/usbmount/usbmount.conf +# VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts From 920235d54ccbb5219898bc2bbf47712d5131c36e Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 26 Jan 2025 04:41:10 +0100 Subject: [PATCH 1683/1758] 70-usb-library.j2: use findmnt instead of UM_DEVICE from usbmount to find device given the missing leading /; adding comment about public folder --- .../usb_lib/templates/mount.d/70-usb-library.j2 | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 8b54568c6..164d66598 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -12,7 +12,8 @@ # Better to set this in /etc/usbmount/usbmount.conf # VERBOSE=yes -# UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# UM_MOUNTPOINT is documented at: https://github.com/rbrito/usbmount#hook-scripts +UM_DEV=$(findmnt -no source $UM_MOUNTPOINT) # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 @@ -20,26 +21,29 @@ LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) BOOTFW_DEV=$(findmnt -no source /boot/firmware) + # Verbose logging to illuminate occasional boot bugginess: -logger -t "usb_lib (70-usb-library)" "UM_DEVICE is: $UM_DEVICE" +logger -t "usb_lib (70-usb-library)" "UM_DEV is: $UM_DEV" logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV" logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" -if [ "$UM_DEVICE" == "$LIB_DEV" ]; then + +if [ "$UM_DEV" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit -elif [ "$UM_DEVICE" == "$ROOT_DEV" ]; then +elif [ "$UM_DEV" == "$ROOT_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" exit -elif [ "$UM_DEVICE" == "$BOOT_DEV" ]; then +elif [ "$UM_DEV" == "$BOOT_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" exit -elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then +elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" exit fi +# 2025-01-25: check for existence of PUBLIC folder on USB stick to determine if all stick content is public or private if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" From 5663a84d276c26ea1b8644133b9f9e0bd3bc69cb Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Sat, 25 Jan 2025 23:57:27 -0500 Subject: [PATCH 1684/1758] 70-usb-library.j2: update comment explaining PUBLIC folder better (from @holta) Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 164d66598..803313f7e 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -43,7 +43,9 @@ elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then exit fi -# 2025-01-25: check for existence of PUBLIC folder on USB stick to determine if all stick content is public or private +# 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable. +# Teachers can set their stick for 1 of 2 two "personalities" — students can either upload "confidential homework" or +# "public artwork" — as summarized here: https://github.com/iiab/iiab/blob/master/roles/usb_lib/README.rst if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" From d4e66748f34f2932588ad14e31857658c47f01c0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Jan 2025 00:42:32 -0500 Subject: [PATCH 1685/1758] usb_lib/install.yml: Clarify usb_lib_writable_sticks and umask=0000 --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 4e40a99eb..2fb9bd2a6 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,8 +7,8 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks -# If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). +# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. +# If you are still not able to write to a mounted USB stick, try unmounting the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). - name: Record (initial) disk space used From cea4cac7f23f9a2edb673f46b5f78c8ffd7a1e3d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Jan 2025 09:28:48 -0500 Subject: [PATCH 1686/1758] Clarify reset of FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, if usb_lib_writable_sticks False --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 023b714a7..fdd7a2751 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -48,7 +48,7 @@ # path: /etc/usbmount/usbmount.conf # when: usb_lib_writable_sticks -- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used' +- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. Kolibri exports AND student uploads to teacher's USB stick are not needed' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole From 7812edfed0ce091cdf1ac99eeed73707fb29df90 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 26 Jan 2025 09:32:49 -0500 Subject: [PATCH 1687/1758] Fix 2 typos (explanation of when: not usb_lib_writable_sticks) --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index fdd7a2751..4def69c4f 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -48,7 +48,7 @@ # path: /etc/usbmount/usbmount.conf # when: usb_lib_writable_sticks -- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. Kolibri exports AND student uploads to teacher's USB stick are not needed' +- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. if Kolibri exports AND student uploads to teacher USB stick are not needed' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole From 1795276b20694af9eb69d784570c775890add10c Mon Sep 17 00:00:00 2001 From: avni <avni@users.noreply.github.com> Date: Sun, 26 Jan 2025 16:36:43 +0100 Subject: [PATCH 1688/1758] upload/upload-file.php: fix var name bug and add better error handling --- roles/usb_lib/files/upload/upload-file.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index a3c6e9674..8c81c731d 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -41,7 +41,8 @@ if ($upload_ok == 0) { if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { $upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( $uploaded_filename ). "</span> was successfully uploaded!"; } else { - $upload_msg = "&#x274C; There was an error uploading your file. " . $_FILES["upload_file"]["error"] . $upload_msg; + $upload_ok = 0; + throw new RuntimeException('There was an error uploading your file. <br/><br/>'); } } From fb07b9e3e531915bc6f84c47092d63e7e2fd14a4 Mon Sep 17 00:00:00 2001 From: root <albert@einstein.edu> Date: Sun, 26 Jan 2025 21:18:30 -0500 Subject: [PATCH 1689/1758] nginx/templates/iiab.conf.j2, usb_lib/files/upload/header.php, usb_lib/tasks/install.yml: move app out of local_content and into /library/www/html/ --- roles/nginx/templates/iiab.conf.j2 | 8 ++++---- roles/usb_lib/files/upload/button.html | 2 +- roles/usb_lib/tasks/install.yml | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index e3fdee774..20773967f 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,11 +5,11 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /upload2usb/button.html; } -location ~ ^/usb/upload/(.*)\.php$ { - alias /library/www/html/local_content/upload/$1.php; +location ~ ^/upload2usb/(.*)\.php$ { + alias /library/www/html/upload2usb/$1.php; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; @@ -23,7 +23,7 @@ location ~ ^/usb/upload/(.*)\.php$ { location /local_content/ { fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /upload2usb/button.html; } location /info { diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html index 658f74fb2..52cc493ce 100644 --- a/roles/usb_lib/files/upload/button.html +++ b/roles/usb_lib/files/upload/button.html @@ -16,4 +16,4 @@ color: #ddd; } </style> -<a class="button" href="/usb/upload/">Upload to USB</a> +<a class="button" href="/upload2usb/">Upload to USB</a> diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..98606005f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -79,18 +79,18 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' +- name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' file: state: directory - path: "{{ doc_root }}/local_content/upload" + path: "{{ doc_root }}/upload2usb" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to upload2usb' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload" # /library/www/html + dest: "{{ doc_root }}/upload2usb" # /library/www/html with_fileglob: - upload/* From 48f4fc56f8bb2913746c00c861716ea81bd2bd1e Mon Sep 17 00:00:00 2001 From: root <albert@einstein.edu> Date: Sun, 26 Jan 2025 21:20:12 -0500 Subject: [PATCH 1690/1758] usb_lib/files/upload/header.php: link swing image back to upload2usb main page --- roles/usb_lib/files/upload/header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload/header.php index 78592e86d..fc8218800 100644 --- a/roles/usb_lib/files/upload/header.php +++ b/roles/usb_lib/files/upload/header.php @@ -28,5 +28,5 @@ include("upload2usb.php"); <div class="row"> <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <img class="mb-4" src="uk-swing.png" alt="" width="75"> + <a href="/upload2usb/"><img class="mb-4" src="uk-swing.png" alt="" width="75"></a> <h1 class="h3 mb-3 font-weight-normal"><?php echo $title ?></h1> From c49c7b0d8d6f8b4c86161f1497894852e4df89e8 Mon Sep 17 00:00:00 2001 From: root <albert@einstein.edu> Date: Sun, 26 Jan 2025 21:26:16 -0500 Subject: [PATCH 1691/1758] usb_lib/files/upload/upload2usb.php: allow zip files given some MacOS files, e.g., Pages files, have a mimetype of application/aip --- roles/usb_lib/files/upload/upload2usb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index f2b3aa883..b1ce329fc 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -55,7 +55,7 @@ function getFileCount ($folder_path) { //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml", "zip"); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); foreach ($invalid_mimetypes_str as $invalid_mt_str) { if (str_contains($mimetype, $invalid_mt_str)) { error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); From 765d7854c3d9ab0c26f7d5c585065c834b28a2ac Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 27 Jan 2025 15:45:34 -0500 Subject: [PATCH 1692/1758] Recommend ansible-core 2.18.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 968819464..c5ab3e074 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.1] -GOOD_VER=2.18.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.2] +GOOD_VER=2.18.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 00d45099eada43798be62125ec497f05ded1f000 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 28 Jan 2025 11:23:29 -0600 Subject: [PATCH 1693/1758] 1520 --- roles/network/tasks/NM-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 9cb2cf1db..a0af7adcc 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -78,7 +78,7 @@ - name: Reload systemd systemd: daemon_reload: yes - when: not iiab_lan_iface == "br0" + when: not no_net_restart or not iiab_lan_iface == "br0" - name: Restart the NetworkManager service systemd: From 16b745d7341451482488bc19ae7be95ba93979fd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 00:42:08 -0500 Subject: [PATCH 1694/1758] iiab-diagnostics: 3 commands to record locale info --- scripts/iiab-diagnostics | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ca1ee4d67..51a7d6797 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -162,17 +162,20 @@ for f in "$@"; do done if [ $# -eq 0 ]; then - echo -e " 2. Regular Files:\n" + echo -e " 2. Regular Files etc:\n" else - echo -e "\n 2. Regular Files:\n" + echo -e "\n 2. Regular Files etc:\n" fi -echo -e "\n\n\n2. REGULAR FILES\n" >> $outfile +echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /dev/sda # Device "file" test #cat_file /nonsense # Non-existence test #cat_file /opt/iiab/iiab # Directory test #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image +cat_file /etc/default/locale +cat_cmd 'localectl' 'Locale settings' +cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini cat_file /etc/iiab/local_vars.yml # Redacts most passwords above From 18efafc23e19aaedc6b273bc878749c12e772c76 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 00:53:18 -0500 Subject: [PATCH 1695/1758] iiab-diagnostics.README.md: Update lines numbers --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index f766e922e..d11c13720 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-269 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-272 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 957cf6976ae773a907c5849f150c74b14831dd3f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 01:20:22 -0500 Subject: [PATCH 1696/1758] PHP defaults TOO LOW, so run www_options/tasks/php-settings.yml every time --- roles/www_options/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 5795ea7e6..f157abb26 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -69,7 +69,8 @@ # WordPress) so './runrole <ROLE>' and similar are fully self-sufficient! - name: "Run php-settings.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" include_tasks: php-settings.yml - when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + # 2025-01-29: PHP's own defaults (presumably from the 1990s?) were Way Too Low -- for usb-lib's upload2usb, and in general -- so let's run php-settings.yml every time! + # when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From 668d57cb977fada20e6535aa07e111c80faa27dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 02:26:49 -0500 Subject: [PATCH 1697/1758] php-settings.yml; Fix typo in TZ explanation (PR #3927, GHA) --- roles/www_options/tasks/php-settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 23c85d24b..de8326d67 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -21,7 +21,7 @@ # # This takes care of essentially everything (e.g. output "America/New_York") # by checking (1) symlink /etc/localtime then (2) text file /etc/timezone if -# nec, then (3) if neither exist, "UTC" is declated (correctly!) Potential +# nec, then (3) if neither exist, "UTC" is declared (correctly!) Potential # drawback: timedatectl is not easily usable within chroot environments. - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) From 4da759a84b9913a04186c97c4e30c73cbf4784a8 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 03:43:03 -0500 Subject: [PATCH 1698/1758] php-settings.yml: Note lack of systemd on chroot GHA runners for RPi --- roles/www_options/tasks/php-settings.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index de8326d67..adedee11b 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -24,6 +24,12 @@ # nec, then (3) if neither exist, "UTC" is declared (correctly!) Potential # drawback: timedatectl is not easily usable within chroot environments. +# 2025-01-29: Current GitHub Actions chroot environments for RPi (using guyot/arm-runner-action@v2) surface this error, after PR #3927 mainlined php-settings.yml... +# "System has not been booted with systemd as init system (PID 1). Can't operate.\nFailed to connect to bus: Host is down" +# ...which might be mitigated in 2 ways: +# 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true +# 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' + - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) command: timedatectl show -p Timezone --value register: tz_cli From 519daacc2af19bf3848c9f7926fec241400bbe85 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 11:05:07 -0500 Subject: [PATCH 1699/1758] iiab-network: Run Ansible with --extra-vars "{\"skip_role_on_error\":false}" --- iiab-network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-network b/iiab-network index 5dc831b8e..c888c27bf 100755 --- a/iiab-network +++ b/iiab-network @@ -42,7 +42,7 @@ fi echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log" Start=`date` ansible -m setup -i ansible_hosts localhost --connection=local | grep python -ansible-playbook -i ansible_hosts iiab-network.yml --connection=local +ansible-playbook -i ansible_hosts iiab-network.yml --extra-vars "{\"skip_role_on_error\":false}" --connection=local End=`date` From 4e7541fc1ea055487faac67336bcc04a05af79b6 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 14:00:56 -0500 Subject: [PATCH 1700/1758] usb_lib/README.rst: Punctuation cleanup & link to PR #3916 WIP --- roles/usb_lib/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index e51db625a..da2564f36 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -18,7 +18,7 @@ Technical Details: * USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L103>`_ -* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` +* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` * Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: @@ -27,3 +27,5 @@ Technical Details: * https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) * Dev Notes at the top of: https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml + + * January 2025 work to improve automount reliability during boot: `PR #3916 <https://github.com/iiab/iiab/pull/3916>`_ From 6c5b4c35ecf7cf2601004f49aabf158de591c705 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 12:24:44 -0600 Subject: [PATCH 1701/1758] delay hostapd to allow ap0 to stabilize --- roles/network/tasks/restart.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 5902f5d50..d5de9e27d 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -28,6 +28,10 @@ state: restarted when: wifi_up_down and can_be_ap and ansible_ap0 is undefined +- name: Waiting {{ hostapd_wait }} seconds for network to stabilize for ap0 + shell: sleep {{ hostapd_wait }} + when: ansible_ap0 is undefined + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd From 57fa6bb08f6ba6a392351556a8c91eae9a8d64da Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 14:53:50 -0600 Subject: [PATCH 1702/1758] Files from usbmount_0.0.22_all.deb --- roles/usb_lib/files/usbmount/copyright | 17 ++ roles/usb_lib/files/usbmount/usbmount | 210 +++++++++++++++++++++ roles/usb_lib/files/usbmount/usbmount.conf | 53 ++++++ roles/usb_lib/tasks/install.yml | 15 +- roles/usb_lib/templates/usbmount.rules.j2 | 6 +- 5 files changed, 295 insertions(+), 6 deletions(-) create mode 100644 roles/usb_lib/files/usbmount/copyright create mode 100644 roles/usb_lib/files/usbmount/usbmount create mode 100644 roles/usb_lib/files/usbmount/usbmount.conf diff --git a/roles/usb_lib/files/usbmount/copyright b/roles/usb_lib/files/usbmount/copyright new file mode 100644 index 000000000..75fae2dde --- /dev/null +++ b/roles/usb_lib/files/usbmount/copyright @@ -0,0 +1,17 @@ +Format: http://dep.debian.net/deps/dep5/ +Upstream-Name: usbmount +Upstream-Contact: Martin Dickopp <martin@zero-based.org>, Rogério Brito <rbrito@ime.usp.br> +Source: git://git.debian.org/usbmount/usbmount.git + +Files: * +Copyright: 2004-2007, Martin Dickopp <martin@zero-based.org> + 2008-2011, Rogério Brito <rbrito@ime.usp.br> +License: BSD-2 + This package is free software; the copyright holder gives unlimited + permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY, to the extent permitted by law; without + even the implied warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount new file mode 100644 index 000000000..75f249ab6 --- /dev/null +++ b/roles/usb_lib/files/usbmount/usbmount @@ -0,0 +1,210 @@ +#!/bin/sh +# This script mounts USB mass storage devices when they are plugged in +# and unmounts them when they are removed. +# Copyright © 2004, 2005 Martin Dickopp +# Copyright © 2008, 2009, 2010 Rogério Theodoro de Brito +# +# This file is free software; the copyright holder gives unlimited +# permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. +# +set -e +exec > /dev/null 2>&1 + +###################################################################### +# Auxiliary functions + +# Log a string via the syslog facility. +log() +{ + if [ $1 != debug ] || expr "$VERBOSE" : "[yY]" > /dev/null; then + logger -p user.$1 -t "usbmount[$$]" -- "$2" + fi +} + + +# Test if the first parameter is in the list given by the second +# parameter. +in_list() +{ + for v in $2; do + [ "$1" != "$v" ] || return 0 + done + return 1 +} + + +###################################################################### +# Main program + +# Default values for configuration variables. +ENABLED=1 +MOUNTPOINTS= +FILESYSTEMS= +MOUNTOPTIONS= +FS_MOUNTOPTIONS= +VERBOSE=no + +if [ -r /etc/usbmount/usbmount.conf ]; then + . /etc/usbmount/usbmount.conf + log debug "loaded usbmount configurations" +fi + +if [ "${ENABLED:-1}" -eq 0 ]; then + log info "usbmount is disabled, see /etc/usbmount/usbmount.conf" + exit 0 +fi + +if [ ! -x /sbin/blkid ]; then + log err "cannot execute /sbin/blkid" + exit 1 +fi + +# Per Policy 9.3.2, directories under /var/run have to be created +# after every reboot. +if [ ! -e /var/run/usbmount ]; then + mkdir -p /var/run/usbmount + log debug "creating /var/run/usbmount directory" +fi + +umask 022 + + +if [ "$1" = add ]; then + + # Acquire lock. + log debug "trying to acquire lock /var/run/usbmount/.mount.lock" + lockfile-create --retry 3 /var/run/usbmount/.mount || \ + { log err "cannot acquire lock /var/run/usbmount/.mount.lock"; exit 1; } + trap '( lockfile-remove /var/run/usbmount/.mount )' 0 + log debug "acquired lock /var/run/usbmount/.mount.lock" + + # Grab device information from device and "divide it" + # FIXME: improvement: implement mounting by label (notice that labels + # can contain spaces, which makes things a little bit less comfortable). + DEVINFO=$(/sbin/blkid -p $DEVNAME) + FSTYPE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]TYPE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + UUID=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]UUID="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + + if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then + log info "$DEVNAME does not contain a filesystem or disklabel" + exit 1 + fi + + # Try to use specifications in /etc/fstab first. + if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then + log info "executing command: mount $DEVNAME" + mount $DEVNAME || log err "mount by DEVNAME with $DEVNAME wasn't successful; return code $?" + + elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then + log info "executing command: mount -U $UUID" + mount -U $UUID || log err "mount by UUID with $UUID wasn't successful; return code $?" + + else + log debug "$DEVNAME contains filesystem type $FSTYPE" + + fstype=$FSTYPE + # Test if the filesystem type is in the list of filesystem + # types to mount. + if in_list "$fstype" "$FILESYSTEMS"; then + # Search an available mountpoint. + for v in $MOUNTPOINTS; do + if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then + mountpoint="$v" + log debug "mountpoint $mountpoint is available for $DEVNAME" + break + fi + done + if [ -n "$mountpoint" ]; then + # Determine mount options. + options= + for v in $FS_MOUNTOPTIONS; do + if expr "$v" : "-fstype=$fstype,."; then + options="$(echo "$v" | sed 's/^[^,]*,//')" + break + fi + done + if [ -n "$MOUNTOPTIONS" ]; then + options="$MOUNTOPTIONS${options:+,$options}" + fi + + # Mount the filesystem. + log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" + mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" + + # Determine vendor and model. + vendor= + if [ -r "/sys$DEVPATH/device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/device/vendor\"`" + elif [ -r "/sys$DEVPATH/../device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" + elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" + elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" + fi + vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + + model= + if [ -r "/sys$DEVPATH/device/model" ]; then + model="`cat \"/sys$DEVPATH/device/model\"`" + elif [ -r "/sys$DEVPATH/../device/model" ]; then + model="`cat \"/sys$DEVPATH/../device/model\"`" + elif [ -r "/sys$DEVPATH/device/../product" ]; then + model="`cat \"/sys$DEVPATH/device/../product\"`" + elif [ -r "/sys$DEVPATH/../device/../product" ]; then + model="`cat \"/sys$DEVPATH/../device/../product\"`" + fi + model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + export UM_MOUNTOPTIONS="$options" + export UM_VENDOR="$vendor" + export UM_MODEL="$model" + log info "executing command: run-parts /etc/usbmount/mount.d" + run-parts /etc/usbmount/mount.d || : + else + # No suitable mount point found. + log warning "no mountpoint found for $DEVNAME" + exit 1 + fi + fi + fi +elif [ "$1" = remove ]; then + + # A block or partition device has been removed. + # Test if it is mounted. + while read device mountpoint fstype remainder; do + if [ "$DEVNAME" = "$device" ]; then + # If the mountpoint and filesystem type are maintained by + # this script, unmount the filesystem. + if in_list "$mountpoint" "$MOUNTPOINTS" && + in_list "$fstype" "$FILESYSTEMS"; then + log info "executing command: umount -l $mountpoint" + umount -l "$mountpoint" + + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + log info "executing command: run-parts /etc/usbmount/umount.d" + run-parts /etc/usbmount/umount.d || : + fi + break + fi + done < /proc/mounts +else + log err "unexpected: action '$1'" + exit 1 +fi + +log debug "usbmount execution finished" diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf new file mode 100644 index 000000000..97f7ccc20 --- /dev/null +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -0,0 +1,53 @@ +# Configuration file for the usbmount package, which mounts removable +# storage devices when they are plugged in and unmounts them when they +# are removed. + +# Change to zero to disable usbmount +ENABLED=1 + +# Mountpoints: These directories are eligible as mointpoints for +# removable storage devices. A newly plugged in device is mounted on +# the first directory in this list that exists and on which nothing is +# mounted yet. +MOUNTPOINTS="/media/usb0 /media/usb1 /media/usb2 /media/usb3 + /media/usb4 /media/usb5 /media/usb6 /media/usb7" + +# Filesystem types: removable storage devices are only mounted if they +# contain a filesystem type which is in this list. +FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus" + +############################################################################# +# WARNING! # +# # +# The "sync" option may not be a good choice to use with flash drives, as # +# it forces a greater amount of writing operating on the drive. This makes # +# the writing speed considerably lower and also leads to a faster wear out # +# of the disk. # +# # +# If you omit it, don't forget to use the command "sync" to synchronize the # +# data on your disk before removing the drive or you may experience data # +# loss. # +# # +# It is highly recommended that you use the pumount command (as a regular # +# user) before unplugging the device. It makes calling the "sync" command # +# and mounting with the sync option unnecessary---this is similar to other # +# operating system's "safely disconnect the device" option. # +############################################################################# +# Mount options: Options passed to the mount command with the -o flag. +# See the warning above regarding removing "sync" from the options. +MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime" + +# Filesystem type specific mount options: This variable contains a space +# separated list of strings, each which the form "-fstype=TYPE,OPTIONS". +# +# If a filesystem with a type listed here is mounted, the corresponding +# options are appended to those specificed in the MOUNTOPTIONS variable. +# +# For example, "-fstype=vfat,gid=floppy,dmask=0007,fmask=0117" would add +# the options "gid=floppy,dmask=0007,fmask=0117" when a vfat filesystem +# is mounted. +FS_MOUNTOPTIONS="" + +# If set to "yes", more information will be logged via the syslog +# facility. +VERBOSE=no diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index ba8b3a164..d8a13e945 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,18 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' +- name: Setup directories for usbmount + file: + path: "{{ item }}" + # owner: root + # group: root + # mode: '0755' + state: directory + with_items: + - /etc/usbmount/mount.d + - /etc/usbmount/umount.d + +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -82,7 +93,7 @@ state: directory path: "{{ doc_root }}/upload2usb" owner: "{{ apache_user }}" - group: "{{ apache_user }}" + group: "{{ apache_user }}" mode: 0755 - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ into {{ doc_root }}/upload2usb/' diff --git a/roles/usb_lib/templates/usbmount.rules.j2 b/roles/usb_lib/templates/usbmount.rules.j2 index 564186c5a..939a31041 100644 --- a/roles/usb_lib/templates/usbmount.rules.j2 +++ b/roles/usb_lib/templates/usbmount.rules.j2 @@ -1,5 +1,3 @@ -KERNEL=="sd*", DRIVERS=="sbp2", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="ub*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="remove", PROGRAM="/usr/share/usbmount/usbmount remove" +ACTION=="add", SUBSYSTEMS=="usb", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem" PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" +ACTION=="remove", SUBSYSTEMS=="usb", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem" PROGRAM="/bin/systemd-escape -p /usr/share/usbmount/usbmount remove" From 229a913ba4f370cc78bbbefa1abb4f61b8f8df79 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 15:29:35 -0600 Subject: [PATCH 1703/1758] filesystems supported --- roles/usb_lib/files/usbmount/usbmount.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf index 97f7ccc20..c92ced73d 100644 --- a/roles/usb_lib/files/usbmount/usbmount.conf +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -14,7 +14,7 @@ MOUNTPOINTS="/media/usb0 /media/usb1 /media/usb2 /media/usb3 # Filesystem types: removable storage devices are only mounted if they # contain a filesystem type which is in this list. -FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus" +FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs" ############################################################################# # WARNING! # From 36485a109d167465f7f38b996d94749d8a661de0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 15:30:36 -0600 Subject: [PATCH 1704/1758] turn on debug --- roles/usb_lib/files/usbmount/usbmount.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf index c92ced73d..7bd194873 100644 --- a/roles/usb_lib/files/usbmount/usbmount.conf +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -50,4 +50,4 @@ FS_MOUNTOPTIONS="" # If set to "yes", more information will be logged via the syslog # facility. -VERBOSE=no +VERBOSE=yes From a5af8c89d4370a83891de10a647a128ea6a941a6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 15:36:56 -0600 Subject: [PATCH 1705/1758] move mkdir and copyright --- roles/usb_lib/files/usbmount/usbmount | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 75f249ab6..e144c46d3 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -3,6 +3,7 @@ # and unmounts them when they are removed. # Copyright © 2004, 2005 Martin Dickopp # Copyright © 2008, 2009, 2010 Rogério Theodoro de Brito +# Copyright © 2025, Jerry Vonau # # This file is free software; the copyright holder gives unlimited # permission to copy and/or distribute it, with or without @@ -12,7 +13,7 @@ # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# +# Add web link to copyright notice help in iiab on github set -e exec > /dev/null 2>&1 @@ -65,18 +66,19 @@ if [ ! -x /sbin/blkid ]; then exit 1 fi -# Per Policy 9.3.2, directories under /var/run have to be created -# after every reboot. -if [ ! -e /var/run/usbmount ]; then - mkdir -p /var/run/usbmount - log debug "creating /var/run/usbmount directory" -fi - -umask 022 - - if [ "$1" = add ]; then + # Per Policy 9.3.2, directories under /var/run have to be created + # after every reboot. + if [ ! -e /var/run/usbmount ]; then + mkdir -p /var/run/usbmount + log debug "creating /var/run/usbmount directory" + else + log debug "/var/run/usbmount exists" + fi + + umask 022 + # Acquire lock. log debug "trying to acquire lock /var/run/usbmount/.mount.lock" lockfile-create --retry 3 /var/run/usbmount/.mount || \ From f58ef267681da61f52eb3df0263802cc2934fa9b Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 15:39:08 -0600 Subject: [PATCH 1706/1758] just exit to quite down systemd logging of umount failed on stuff we don't care about --- roles/usb_lib/files/usbmount/usbmount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index e144c46d3..cd4d50ae6 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,7 +96,7 @@ if [ "$1" = add ]; then if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then log info "$DEVNAME does not contain a filesystem or disklabel" - exit 1 + exit fi # Try to use specifications in /etc/fstab first. From 60ca24d63a820d4e36b7b16853e3c451d7e5a93e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 16:37:22 -0600 Subject: [PATCH 1707/1758] replace deb with local files --- roles/usb_lib/tasks/install.yml | 36 +++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index d8a13e945..02e55b36b 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -47,10 +47,10 @@ when: udev_unit.stat.exists is defined and udev_unit.stat.exists # http://raspbian.raspberrypi.org/raspbian/pool/main/u/usbmount/usbmount_0.0.22_all.deb -- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS, Debian, Ubuntu} - apt: - deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" - # when: is_debian +#- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS, Debian, Ubuntu} +# apt: +# deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" +# # when: is_debian # check status of usbmount on mintlinux - should be ok Ubuntu variant # - name: Install usbmount from OS repo for Ubuntu variants @@ -73,11 +73,21 @@ # owner: root # group: root # mode: '0755' + mode: 0644 state: directory with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d +- name: '2025-01-25: Copy files from files/usbmount to filesystem' + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } + - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } + - name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" @@ -106,16 +116,16 @@ # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 -- name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf - lineinfile: - regexp: '^FILESYSTEMS=.*' - line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' - path: /etc/usbmount/usbmount.conf +#- name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf +# lineinfile: +# regexp: '^FILESYSTEMS=.*' +# line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' +# path: /etc/usbmount/usbmount.conf -- name: Remove /etc/usbmount/mount.d/00_create_model_symlink - file: - path: /etc/usbmount/mount.d/00_create_model_symlink - state: absent +#- name: Remove /etc/usbmount/mount.d/00_create_model_symlink +# file: +# path: /etc/usbmount/mount.d/00_create_model_symlink +# state: absent # RECORD 'USB_LIB' AS INSTALLED From 257dc008ec6502f5c355e484f24c54d277093bfd Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 16:56:21 -0600 Subject: [PATCH 1708/1758] bump number of lock tries --- roles/usb_lib/files/usbmount/usbmount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index cd4d50ae6..b1abf49cb 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -81,7 +81,7 @@ if [ "$1" = add ]; then # Acquire lock. log debug "trying to acquire lock /var/run/usbmount/.mount.lock" - lockfile-create --retry 3 /var/run/usbmount/.mount || \ + lockfile-create --retry 6 /var/run/usbmount/.mount || \ { log err "cannot acquire lock /var/run/usbmount/.mount.lock"; exit 1; } trap '( lockfile-remove /var/run/usbmount/.mount )' 0 log debug "acquired lock /var/run/usbmount/.mount.lock" From 640ab00d26d73d3e825098713ddfe402d8edbdcd Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 17:05:03 -0600 Subject: [PATCH 1709/1758] update iiab-clean-usb.sh --- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/templates/usbmount@.service.j2 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 02e55b36b..daf0fcc96 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -96,7 +96,7 @@ with_items: - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } + - { src: 'iiab-clean-usb.sh', dest: '/usr/local/sbin/', mode: '0755' } - name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' file: diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 52da18ba5..0671ce296 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -7,8 +7,8 @@ After=systemd-udev-trigger.service #Type=oneshot TimeoutStartSec=0 Environment=DEVNAME=%I -ExecStart=/usr/share/usbmount/usbmount add -ExecStop=/usr/sbin/iiab-clean-usb.sh %I +ExecStart=/usr/local/sbin/usbmount add +ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes From 34b4a8a7ad74a26a5cfca397a0ed94dcd325bd7f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sat, 25 Jan 2025 17:17:04 -0600 Subject: [PATCH 1710/1758] ConditionPathExists=/var/run --- roles/usb_lib/templates/usbmount@.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 0671ce296..dca318ac7 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -2,6 +2,7 @@ BindTo=%i.device After=%i.device After=systemd-udev-trigger.service +ConditionPathExists=/var/run [Service] #Type=oneshot From e6051088fcebfff891c2b1bab7c5be8620759406 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 26 Jan 2025 08:34:46 -0600 Subject: [PATCH 1711/1758] RuntimeDirectory=usbmount --- roles/usb_lib/templates/usbmount@.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index dca318ac7..2dc0177c0 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -12,4 +12,5 @@ ExecStart=/usr/local/sbin/usbmount add ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes +RuntimeDirectory=usbmount From 76d5b5fc1780322bf6db0aba217e59de795f99e5 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Wed, 29 Jan 2025 06:00:07 -0500 Subject: [PATCH 1712/1758] usb_lib: Minor whitespace typos --- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/templates/usbmount@.service.j2 | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index daf0fcc96..6c7660748 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -59,7 +59,7 @@ # state: present # when: is_ubuntu -- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) +- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory path: "{{ doc_root }}/local_content" diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 2dc0177c0..6cf1f990b 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -13,4 +13,3 @@ ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes RuntimeDirectory=usbmount - From 190d66409f0265c81548584e9b52c28a5f6d1c48 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 29 Jan 2025 08:59:24 -0600 Subject: [PATCH 1713/1758] Update roles/usb_lib/templates/iiab-clean-usb.sh to restore previous search-ability Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/iiab-clean-usb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index dcdf987d3..2223c15a5 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -5,7 +5,7 @@ DEVICE=$(echo $@ | sed -s 's|-|/|') MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK, as auto-created earlier by usbmount." if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK From daa3deb034c661000025321efcd07eb01983a67f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 29 Jan 2025 08:59:49 -0600 Subject: [PATCH 1714/1758] Update roles/usb_lib/templates/iiab-clean-usb.sh to restore previous search-ability Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/templates/iiab-clean-usb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index 2223c15a5..c04c8c5f7 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -9,6 +9,6 @@ logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK - logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed, as auto-created earlier by usbmount." fi From eca12605b91148c8c0f109b39ee8833e083eb8ce Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 03:19:31 -0600 Subject: [PATCH 1715/1758] forgot the dependencies --- roles/usb_lib/tasks/install.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 6c7660748..a4f608698 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -52,12 +52,12 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -# check status of usbmount on mintlinux - should be ok Ubuntu variant -# - name: Install usbmount from OS repo for Ubuntu variants -# package: -# name: usbmount -# state: present -# when: is_ubuntu +- name: Install lockfile-progs util-linux for usbmount from OS repo + package: + name: + - lockfile-progs + - util-linux + state: present - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: From 0dec3fe8108f52832b9398e329119920a3ba5a96 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 09:52:41 -0600 Subject: [PATCH 1716/1758] indent --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index a4f608698..ac444d05f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -55,8 +55,8 @@ - name: Install lockfile-progs util-linux for usbmount from OS repo package: name: - - lockfile-progs - - util-linux + - lockfile-progs + - util-linux state: present - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} From 78924e84bab6118d2333995b403058adb9b9209a Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 11:59:15 -0600 Subject: [PATCH 1717/1758] create /media/usb0-7 --- roles/usb_lib/tasks/install.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index ac444d05f..bd4d4ab7f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: Setup directories for usbmount +- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, and /media/usb0-7 file: path: "{{ item }}" # owner: root @@ -78,6 +78,14 @@ with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d + - /media/usb0 + - /media/usb1 + - /media/usb2 + - /media/usb3 + - /media/usb4 + - /media/usb5 + - /media/usb6 + - /media/usb7 - name: '2025-01-25: Copy files from files/usbmount to filesystem' copy: From 97eeae48455c6950b01bccb35859990306c02eac Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 14:07:51 -0600 Subject: [PATCH 1718/1758] wording --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index bd4d4ab7f..2993865fd 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, and /media/usb0-7 +- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, /media/usb0-7 file: path: "{{ item }}" # owner: root @@ -96,7 +96,7 @@ - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 80bdfc677e6845aa6f86b1e0adbcbf4642da2186 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Thu, 30 Jan 2025 14:13:26 -0600 Subject: [PATCH 1719/1758] Update roles/usb_lib/tasks/install.yml missed during rebase Co-authored-by: A Holt <holta@users.noreply.github.com> --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 2993865fd..77abac259 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -96,7 +96,7 @@ - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/local/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 6b4b94dae2081ffab88339479d3a147faf83071e Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 31 Jan 2025 01:41:23 -0500 Subject: [PATCH 1720/1758] usb_lib / usbmount: Refine, lint, clarify --- .../files/{upload => upload2usb}/button.html | 0 .../files/{upload => upload2usb}/error.php | 0 .../files/{upload => upload2usb}/footer.php | 0 .../files/{upload => upload2usb}/header.php | 0 .../files/{upload => upload2usb}/index.php | 0 .../files/{upload => upload2usb}/uk-swing.png | Bin .../{upload => upload2usb}/upload-file.php | 0 .../{upload => upload2usb}/upload2usb.php | 0 roles/usb_lib/tasks/install.yml | 23 ++++++++---------- roles/usb_lib/templates/iiab-clean-usb.sh | 16 ++++++------ .../templates/mount.d/70-usb-library.j2 | 16 ++++++------ 11 files changed, 26 insertions(+), 29 deletions(-) rename roles/usb_lib/files/{upload => upload2usb}/button.html (100%) rename roles/usb_lib/files/{upload => upload2usb}/error.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/footer.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/header.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/index.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/uk-swing.png (100%) rename roles/usb_lib/files/{upload => upload2usb}/upload-file.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/upload2usb.php (100%) diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload2usb/button.html similarity index 100% rename from roles/usb_lib/files/upload/button.html rename to roles/usb_lib/files/upload2usb/button.html diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload2usb/error.php similarity index 100% rename from roles/usb_lib/files/upload/error.php rename to roles/usb_lib/files/upload2usb/error.php diff --git a/roles/usb_lib/files/upload/footer.php b/roles/usb_lib/files/upload2usb/footer.php similarity index 100% rename from roles/usb_lib/files/upload/footer.php rename to roles/usb_lib/files/upload2usb/footer.php diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload2usb/header.php similarity index 100% rename from roles/usb_lib/files/upload/header.php rename to roles/usb_lib/files/upload2usb/header.php diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload2usb/index.php similarity index 100% rename from roles/usb_lib/files/upload/index.php rename to roles/usb_lib/files/upload2usb/index.php diff --git a/roles/usb_lib/files/upload/uk-swing.png b/roles/usb_lib/files/upload2usb/uk-swing.png similarity index 100% rename from roles/usb_lib/files/upload/uk-swing.png rename to roles/usb_lib/files/upload2usb/uk-swing.png diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php similarity index 100% rename from roles/usb_lib/files/upload/upload-file.php rename to roles/usb_lib/files/upload2usb/upload-file.php diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php similarity index 100% rename from roles/usb_lib/files/upload/upload2usb.php rename to roles/usb_lib/files/upload2usb/upload2usb.php diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 77abac259..107ae9a4c 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -52,7 +52,7 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -- name: Install lockfile-progs util-linux for usbmount from OS repo +- name: Install lockfile-progs and util-linux for usbmount from OS repo package: name: - lockfile-progs @@ -62,19 +62,16 @@ - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory - path: "{{ doc_root }}/local_content" - owner: "{{ apache_user }}" + path: "{{ doc_root }}/local_content" # /library/www/html + owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 - name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, /media/usb0-7 file: - path: "{{ item }}" - # owner: root - # group: root - # mode: '0755' - mode: 0644 state: directory + path: "{{ item }}" + mode: 0755 with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d @@ -87,7 +84,7 @@ - /media/usb6 - /media/usb7 -- name: '2025-01-25: Copy files from files/usbmount to filesystem' +- name: Copy files from files/usbmount to filesystem copy: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -106,7 +103,7 @@ - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - { src: 'iiab-clean-usb.sh', dest: '/usr/local/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' +- name: Add dir {{ doc_root }}/upload2usb (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory path: "{{ doc_root }}/upload2usb" @@ -114,12 +111,12 @@ group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ into {{ doc_root }}/upload2usb/' +- name: Copy files from files/upload2usb/ into {{ doc_root }}/upload2usb/ copy: src: "{{ item }}" - dest: "{{ doc_root }}/upload2usb/" # /library/www/html + dest: "{{ doc_root }}/upload2usb/" with_fileglob: - - upload/* + - upload2usb/* # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index c04c8c5f7..360d737f4 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -1,14 +1,14 @@ #!/bin/bash -# Remove symlink in /library/content to automounted usb drive -# -DEVICE=$(echo $@ | sed -s 's|-|/|') -MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') +# Remove symlink in /library/www/html/local_content to automounted USB drive + +DEVICE="/$(echo $1 | sed 's|-|/|')" +MNT_POINT=$(findmnt -no target $DEVICE) CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK, as auto-created earlier by usbmount." + +logger -t "usb_lib (iiab-clean-usb.sh)" "Attempting to remove symlink $CONTENT_LINK, as auto-created earlier by usbmount." if [ -L $CONTENT_LINK ]; then - /bin/rm $CONTENT_LINK - logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed, as auto-created earlier by usbmount." + /usr/bin/rm $CONTENT_LINK + logger -t "usb_lib (iiab-clean-usb.sh)" "Symlink $CONTENT_LINK removed, as auto-created earlier by usbmount." fi - diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 803313f7e..62d15b27a 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -30,16 +30,16 @@ logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEV" == "$LIB_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /library" exit elif [ "$UM_DEV" == "$ROOT_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" exit elif [ "$UM_DEV" == "$BOOT_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" exit elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" exit fi @@ -48,13 +48,13 @@ fi # "public artwork" — as summarized here: https://github.com/iiab/iiab/blob/master/roles/usb_lib/README.rst if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" + logger -t "usb_lib (70-usb-library)" "Found /PUBLIC on $UM_MOUNTPOINT" else SHARE_DIR=$UM_MOUNTPOINT - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" + logger -t "usb_lib (70-usb-library)" "Did not find /PUBLIC on $UM_MOUNTPOINT" fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" -ln -s $SHARE_DIR $CONTENT_LINK +logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" +ln -sf $SHARE_DIR $CONTENT_LINK From 3077a39cd607c9d4b034aa6802c2ebbd7bd3ecb6 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Fri, 31 Jan 2025 03:45:23 -0500 Subject: [PATCH 1721/1758] Invert rejected country red error; Clarify 3 channel/country vars for iiab.ini --- roles/network/tasks/detected_network.yml | 34 +++++++++++++----------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 1663f8c39..c72028d53 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -264,8 +264,8 @@ wifi_up_down: False when: rpi3bplus_rpi4_wifi_firmware == "24" -- name: Detect "Firmware rejected country setting" in dmesg - shell: dmesg | grep ieee80211 | grep "Firmware rejected country setting" +- name: Detect "Firmware rejected country setting" in dmesg (invert return code, for intentional red error) + shell: '! dmesg | grep ieee80211 | grep "Firmware rejected country setting"' register: FW_rejected_country ignore_errors: True @@ -337,27 +337,29 @@ - option: wifi_firmware_43455 value: "{{ rpi3bplus_rpi4_wifi_firmware }}" -- name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} +- name: Add 'detected_network' variable 'current_client_channel_found' stdout value ({{ current_client_channel.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: detected_network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel_found - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined + option: client_wifi_channel_found + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined and current_client_channel.stdout != "" -- name: Add 'detected_network' variable 'FW_rejected_country' value if defined, to {{ iiab_ini_file }} +- name: Add 'detected_network' variable 'FW_rejected_country' stdout value ({{ FW_rejected_country.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: detected_network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: FW_rejected_country - value: "{{ cmdline_country_code.stdout }}" - when: FW_rejected_country.stdout is defined + option: FW_rejected_country + value: "{{ FW_rejected_country.stdout }}" + when: FW_rejected_country.stdout is defined and FW_rejected_country.stdout != "" + +- name: Add 'detected_network' variable 'cmdline_country_code' stdout value ({{ cmdline_country_code.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: cmdline_country_code + value: "{{ cmdline_country_code.stdout }}" + when: cmdline_country_code.stdout is defined and cmdline_country_code.stdout != "" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired From b6b2f3a0d771a0e84bf931f2aec6341985b30caa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Fri, 31 Jan 2025 04:24:07 -0500 Subject: [PATCH 1722/1758] usbmount copyright URL clarifs for PR #3929 --- roles/usb_lib/files/usbmount/usbmount | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index b1abf49cb..7541b5335 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -13,7 +13,8 @@ # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# Add web link to copyright notice help in iiab on github +# https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/copyright +# https://github.com/rbrito/usbmount/blob/master/debian/copyright set -e exec > /dev/null 2>&1 From c975dd21fce3227e7d54413eecb91b198caa178d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Feb 2025 00:35:54 -0500 Subject: [PATCH 1723/1758] php-settings.yml: TZ hack that avoids systemd, for GHA --- roles/www_options/tasks/php-settings.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index adedee11b..4693db885 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -30,8 +30,10 @@ # 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true # 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' -- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) - command: timedatectl show -p Timezone --value +#- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) +# command: timedatectl show -p Timezone --value +- name: Extract Time Zone from symlink /etc/localtime, or declare UTC + shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || echo UTC register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From f22ba85c49f9cfa7b890db9a362e1ad21511d481 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Feb 2025 00:54:47 -0500 Subject: [PATCH 1724/1758] php-settings.yml: More complete shell hack, equiv to timedatectl --- roles/www_options/tasks/php-settings.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 4693db885..7109ccfeb 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -30,10 +30,10 @@ # 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true # 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' -#- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) -# command: timedatectl show -p Timezone --value -- name: Extract Time Zone from symlink /etc/localtime, or declare UTC - shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || echo UTC +- name: Extract Time Zone from symlink /etc/localtime, text file /etc/timezone, or if all else fails declare Etc/UTC + # command: timedatectl show -p Timezone --value + # 2025-02-01: "guyot/arm-runner-action@v2" GHA workflows don't seem to work with "use_systemd_nspawn: true", so hack in the equivalent of timedatectl... + shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || cat /etc/timezone || echo Etc/UTC register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From fb787e0649cd1817d0e4bef0e2025e6353a91906 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Feb 2025 01:24:47 -0500 Subject: [PATCH 1725/1758] Update USB_LIB description for iiab.ini --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 4def69c4f..4d2710874 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -77,7 +77,7 @@ - option: name value: USB_LIB - option: description - value: '"USB_LIB automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"' + value: '"USB_LIB automounts Teacher Content on USB sticks to /library/www/html/local_content, so students can browse the USB AND upload their work to the USB, all at http://box/usb"' - option: usb_lib_install value: "{{ usb_lib_install }}" - option: usb_lib_enabled From 8eed5e3face334dca474063043b07fbd63915f8c Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Sun, 2 Feb 2025 20:44:02 +0000 Subject: [PATCH 1726/1758] usb_lib/README.rst, usb_lib/tasks/install.yml: Add docs on how to disable Desktop auto-mount functionality on RPi Desktop; other minor doc cleanup --- roles/usb_lib/README.rst | 3 +++ roles/usb_lib/tasks/install.yml | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index da2564f36..aa5409d90 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,6 +20,9 @@ Technical Details: * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` +* If you are using a Desktop install of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the auto-mount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the auto-mount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". + + * Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 107ae9a4c..35f533652 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,9 +7,10 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. -# If you are still not able to write to a mounted USB stick, try unmounting the drive (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). - +# The variable, usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml), must be set to true +# in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. +# If you are still not able to write to a mounted USB stick, try unmounting the drive +# (sudo umount <mountpoint>) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 <device name> <mountpoint>). - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 38a860d3c5734b361f2a898e74809fcd84b7a3e4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 2 Feb 2025 16:12:11 -0500 Subject: [PATCH 1727/1758] Update usb_lib/README.rst --- roles/usb_lib/README.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index aa5409d90..e874e9525 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -16,13 +16,12 @@ As of January 2025, automount is handled by usbmount: (`devmon included with ude Technical Details: -* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L103>`_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 17 of: `/opt/iiab/iiab/roles/usb_lib/files/usbmount/usbmount.conf <https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/usbmount.conf#L17>`_ + +* If you are using a Graphical Desktop version of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the automount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` -* If you are using a Desktop install of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the auto-mount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the auto-mount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". - - * Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/tags>`_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) From 3596963d5cfdf547f8c777e161d320eaf7ef90b7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 2 Feb 2025 16:22:38 -0500 Subject: [PATCH 1728/1758] Further update usb_lib/README.rst --- roles/usb_lib/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index e874e9525..b7536387c 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -18,7 +18,9 @@ Technical Details: * USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 17 of: `/opt/iiab/iiab/roles/usb_lib/files/usbmount/usbmount.conf <https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/usbmount.conf#L17>`_ -* If you are using a Graphical Desktop version of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the automount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". +* If your IIAB was built on a Graphical Desktop OS (instead of a headless OS, like Raspberry Pi OS Lite), USB sticks will problematically be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. + + * EXAMPLE: To disable Desktop automount within "Raspberry Pi OS with desktop", go to File Manager (pcmanfm) → Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/pull/2715>`_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 <https://github.com/iiab/iiab/pull/3875>`_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` From c2c36b178edc71d103b34e1f991c9cf75af7f667 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 6 Feb 2025 08:07:00 -0600 Subject: [PATCH 1729/1758] iiab-check-firmware: Mention 'sudo iiab-network' --- roles/firmware/templates/iiab-check-firmware | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index b2f7a1cce..f10cd752b 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -60,7 +60,7 @@ else echo -e " cd /opt/iiab/iiab" echo -e " sudo iiab-hotspot-off # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo ./runrole --reinstall firmware" - echo -e " sudo ./iiab-network # SOMETIMES NECESSARY" + echo -e " sudo iiab-network # SOMETIMES NECESSARY" echo -e " sudo iiab-hotspot-on # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo reboot\n" #echo From 2398313918991a755c25c4d8789aacf48bfa3aae Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 11 Feb 2025 03:13:51 -0500 Subject: [PATCH 1730/1758] 70-usb-library.j2: Forcibly delete e.g. stale /library/www/html/local_content/USB0 --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 62d15b27a..441cebb74 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -57,4 +57,7 @@ fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" -ln -sf $SHARE_DIR $CONTENT_LINK +# 'rm -rf' even stronger than 'ln -nsf' and 'ln -Tsf' +# https://serverfault.com/questions/147787/how-to-update-a-symbolic-link-target-ln-f-s-not-working/522483#522483 +rm -rf $CONTENT_LINK +ln -s $SHARE_DIR $CONTENT_LINK From 94ca58aa0cad87225ee39bf55bdc3de298521700 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 11 Feb 2025 03:45:52 -0500 Subject: [PATCH 1731/1758] 70-usb-library.j2: Cleaner logging & error handling (e.g. exit code 1) --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 441cebb74..89dfea840 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -31,16 +31,16 @@ logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEV" == "$LIB_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /library" - exit + exit 1 elif [ "$UM_DEV" == "$ROOT_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" - exit + exit 1 elif [ "$UM_DEV" == "$BOOT_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" - exit + exit 1 elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" - exit + exit 1 fi # 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable. @@ -55,9 +55,13 @@ else fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') +if [ -z "$CONTENT_LINK_USB" ]; then + logger -t "usb_lib (70-usb-library)" "ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" might be dangerous!)" + exit 1 +fi CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" # 'rm -rf' even stronger than 'ln -nsf' and 'ln -Tsf' # https://serverfault.com/questions/147787/how-to-update-a-symbolic-link-target-ln-f-s-not-working/522483#522483 +logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" rm -rf $CONTENT_LINK ln -s $SHARE_DIR $CONTENT_LINK From 1ec743a65428cd307b0fb951e5525b5d2a805cee Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Tue, 11 Feb 2025 10:42:05 -0500 Subject: [PATCH 1732/1758] 70-usb-library.j2: Fix logger string quotation marks --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 89dfea840..8263bde1f 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -56,7 +56,7 @@ fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') if [ -z "$CONTENT_LINK_USB" ]; then - logger -t "usb_lib (70-usb-library)" "ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" might be dangerous!)" + logger -t "usb_lib (70-usb-library)" 'ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" would be dangerous!)' exit 1 fi CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" From 9bc2006ba3ea40dead77090d40808dc680474447 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Tue, 11 Feb 2025 16:25:06 -0600 Subject: [PATCH 1733/1758] exclude usb based device that host usbbooted filesytems --- roles/usb_lib/files/usbmount/usbmount | 39 ++++++++++++++++++++------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 7541b5335..284069a19 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,22 +96,41 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log info "$DEVNAME does not contain a filesystem or disklabel" + log info "/$DEVNAME does not contain a filesystem or disklabel" exit fi - # Try to use specifications in /etc/fstab first. + log debug "DEVNAME /$DEVNAME" + BOOTFW_DEV=$(/usr/bin/findmnt -no source /boot/firmware) + log debug "BOOTFW_DEV $BOOTFW_DEV" + if [ $BOOTFW_DEV = /$DEVNAME ]; then + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + exit + fi + ROOT_DEV=$(/usr/bin/findmnt -no source /) + log debug "ROOT_DEV $ROOT_DEV" + if [ $ROOT_DEV = /$DEVNAME ]; then + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + exit + fi + BOOT_DEV=$(/usr/bin/findmnt -no source /boot) + log debug "BOOT_DEV $BOOT_DEV" + if [ $BOOT_DEV = /$DEVNAME ]; then + log debug "skipping BOOTFS_DEV $BOOT_DEV mount as /boot" + exit + fi + + # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then - log info "executing command: mount $DEVNAME" - mount $DEVNAME || log err "mount by DEVNAME with $DEVNAME wasn't successful; return code $?" - + log debug "skipping /$DEVNAME exit" + exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then - log info "executing command: mount -U $UUID" - mount -U $UUID || log err "mount by UUID with $UUID wasn't successful; return code $?" - + log debug "skipping $UUID" + exit else - log debug "$DEVNAME contains filesystem type $FSTYPE" - + log debug "/$DEVNAME contains filesystem type $FSTYPE" fstype=$FSTYPE # Test if the filesystem type is in the list of filesystem # types to mount. From fda19ad7f95a25acb8d369e39a4c1ed742422a7b Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Wed, 12 Feb 2025 02:18:16 -0500 Subject: [PATCH 1734/1758] upload2usb/header.php: update swing logo to point to /usb/ instead of /upload2usb/ --- roles/usb_lib/files/upload2usb/header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload2usb/header.php b/roles/usb_lib/files/upload2usb/header.php index fc8218800..ef75c2c01 100644 --- a/roles/usb_lib/files/upload2usb/header.php +++ b/roles/usb_lib/files/upload2usb/header.php @@ -28,5 +28,5 @@ include("upload2usb.php"); <div class="row"> <div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;"> - <a href="/upload2usb/"><img class="mb-4" src="uk-swing.png" alt="" width="75"></a> + <a href="/usb/"><img class="mb-4" src="uk-swing.png" alt="" width="75"></a> <h1 class="h3 mb-3 font-weight-normal"><?php echo $title ?></h1> From 759126414edeb21a6cd0445f1d5d3237db1efffe Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 10:26:21 -0600 Subject: [PATCH 1735/1758] #set -e, lockfile-remove, typo, missing debug line --- roles/usb_lib/files/usbmount/usbmount | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 284069a19..3a4e26c29 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -15,7 +15,7 @@ # PARTICULAR PURPOSE. # https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/copyright # https://github.com/rbrito/usbmount/blob/master/debian/copyright -set -e +#set -e exec > /dev/null 2>&1 ###################################################################### @@ -106,6 +106,7 @@ if [ "$1" = add ]; then if [ $BOOTFW_DEV = /$DEVNAME ]; then log debug "/$DEVNAME contains filesystem type $FSTYPE" log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + lockfile-remove /var/run/usbmount/.mount exit fi ROOT_DEV=$(/usr/bin/findmnt -no source /) @@ -113,12 +114,15 @@ if [ "$1" = add ]; then if [ $ROOT_DEV = /$DEVNAME ]; then log debug "/$DEVNAME contains filesystem type $FSTYPE" log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + lockfile-remove /var/run/usbmount/.mount exit fi BOOT_DEV=$(/usr/bin/findmnt -no source /boot) log debug "BOOT_DEV $BOOT_DEV" if [ $BOOT_DEV = /$DEVNAME ]; then - log debug "skipping BOOTFS_DEV $BOOT_DEV mount as /boot" + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" + lockfile-remove /var/run/usbmount/.mount exit fi From 9a95a046c4bd16c88ea29b092e49917d120cc95e Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 10:36:22 -0600 Subject: [PATCH 1736/1758] lockfile-remove for fstab check --- roles/usb_lib/files/usbmount/usbmount | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 3a4e26c29..939a76c45 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -129,9 +129,11 @@ if [ "$1" = add ]; then # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then log debug "skipping /$DEVNAME exit" + lockfile-remove /var/run/usbmount/.mount exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then log debug "skipping $UUID" + lockfile-remove /var/run/usbmount/.mount exit else log debug "/$DEVNAME contains filesystem type $FSTYPE" From 52da42c14638e2ab2816a6af958e0f7bf981cb31 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 11:19:54 -0600 Subject: [PATCH 1737/1758] touchups and ordering --- roles/usb_lib/files/usbmount/usbmount | 36 ++++++++++++--------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 939a76c45..08b9e81c3 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,34 +96,30 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log info "/$DEVNAME does not contain a filesystem or disklabel" + log debug "/$DEVNAME does not contain a filesystem or disklabel" exit fi - log debug "DEVNAME /$DEVNAME" + log debug "/$DEVNAME contains filesystem type $FSTYPE" BOOTFW_DEV=$(/usr/bin/findmnt -no source /boot/firmware) log debug "BOOTFW_DEV $BOOTFW_DEV" - if [ $BOOTFW_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" - lockfile-remove /var/run/usbmount/.mount - exit - fi ROOT_DEV=$(/usr/bin/findmnt -no source /) log debug "ROOT_DEV $ROOT_DEV" - if [ $ROOT_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" - lockfile-remove /var/run/usbmount/.mount - exit - fi BOOT_DEV=$(/usr/bin/findmnt -no source /boot) log debug "BOOT_DEV $BOOT_DEV" - if [ $BOOT_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" - lockfile-remove /var/run/usbmount/.mount - exit + + if [ $BOOTFW_DEV = /$DEVNAME ]; then + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + lockfile-remove /var/run/usbmount/.mount + exit + elif [ $ROOT_DEV = /$DEVNAME ]; then + log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + lockfile-remove /var/run/usbmount/.mount + exit + elif [ $BOOT_DEV = /$DEVNAME ]; then + log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" + lockfile-remove /var/run/usbmount/.mount + exit fi # Try to use specifications in /etc/fstab to skip. @@ -145,7 +141,7 @@ if [ "$1" = add ]; then for v in $MOUNTPOINTS; do if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then mountpoint="$v" - log debug "mountpoint $mountpoint is available for $DEVNAME" + log debug "mountpoint $mountpoint is available for /$DEVNAME" break fi done From bd8c131ef667fd7e9c8eec674ad051872862c328 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 11:45:04 -0600 Subject: [PATCH 1738/1758] clearer dependencies --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 35f533652..660df7eb2 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -53,7 +53,7 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -- name: Install lockfile-progs and util-linux for usbmount from OS repo +- name: Install lockfile-progs and util-linux (findmnt blkid) for usbmount from OS repo package: name: - lockfile-progs From ebceb4a6ac970c00a22a2a4255e927695f158f52 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Wed, 12 Feb 2025 13:28:05 -0600 Subject: [PATCH 1739/1758] upload2usb.php add 'grep media' to device filter --- roles/usb_lib/files/upload2usb/upload2usb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 38b5e0c86..643a46ed4 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -18,7 +18,7 @@ function getTargetUSBDriveLocation () { // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 # error if 1<>usb sticks are installed - $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | grep media | wc -l'); if ($rmv_usb_path_count == 0) { throw new RuntimeException('0 USB sticks found. <br/><br/>'); } elseif ($rmv_usb_path_count > 1) { From a96b46c22320876021ec336efb991f3c91576304 Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Thu, 13 Feb 2025 15:50:02 -0500 Subject: [PATCH 1740/1758] upload2usb/upload2usb.php: using existence of /media to determine if a USB stick is mounted or not for both count and upload location; changing tabs to spaces for the whole file --- roles/usb_lib/files/upload2usb/upload2usb.php | 91 +++++++++---------- 1 file changed, 44 insertions(+), 47 deletions(-) diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 643a46ed4..555a40f5a 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -10,27 +10,25 @@ set_exception_handler(function (Throwable $exception) { include ("error.php"); }); - //return the first removable USB drive location function getTargetUSBDriveLocation () { - // Get the first removal USB drive using - // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 - // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 + // Get the count of storage mounted at /media, and error if there is <>1 otherwise return upload path - # error if 1<>usb sticks are installed - $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | grep media | wc -l'); - if ($rmv_usb_path_count == 0) { - throw new RuntimeException('0 USB sticks found. <br/><br/>'); - } elseif ($rmv_usb_path_count > 1) { - throw new RuntimeException('More than 1 USB sticks installed. <br/><br/>'); - } + # error if 1<>usb sticks are installed + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs | cut -d " " -f 4 | grep "^MOUNTPOINT=\"/media" | wc -l'); - $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + if ($rmv_usb_path_count == 0) { + throw new RuntimeException('0 USB sticks found. <br/><br/>'); + } elseif ($rmv_usb_path_count > 1) { + throw new RuntimeException('More than 1 USB sticks installed. <br/><br/>'); + } + + $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs | cut -d " " -f 4 | grep "^MOUNTPOINT=\"/media" | cut -d "=" -f 2'))); if (empty($rmv_usb_path)) { - throw new RuntimeException('Not able to find USB stick. <br/><br/>'); + throw new RuntimeException('Not able to find USB stick. <br/><br/>'); } else { - return $rmv_usb_path . "/"; + return $rmv_usb_path . "/"; } } @@ -42,55 +40,55 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_writable_sticks' is set to 'True'. <br/><br/>"); - } - return $target_folder_path; + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory. <br/>Make sure 'usb_lib_writable_sticks' is set to 'True'. <br/><br/>"); + } + return $target_folder_path; } //return number of files within a specified folder function getFileCount ($folder_path) { - return count(glob($folder_path . "/*")); + return count(glob($folder_path . "/*")); } //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { - $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); - foreach ($invalid_mimetypes_str as $invalid_mt_str) { - if (str_contains($mimetype, $invalid_mt_str)) { - error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); - return false; - } - } - return true; + $mimetype = strtolower(mime_content_type($file)); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); + foreach ($invalid_mimetypes_str as $invalid_mt_str) { + if (str_contains($mimetype, $invalid_mt_str)) { + error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); + return false; + } + } + return true; } //check file content to see if it's unique or not function isFileContentUnique ($target_folder_path, $file) { - $file_to_upload_md5 = md5_file($file); - $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); - foreach ($usb_dir as $dir_file) { - $dir_file = $target_folder_path . "/" . $dir_file; + $file_to_upload_md5 = md5_file($file); + $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); + foreach ($usb_dir as $dir_file) { + $dir_file = $target_folder_path . "/" . $dir_file; - if (!is_dir($dir_file)) { - $dir_file_md5 = md5_file($dir_file); - if ($file_to_upload_md5 == $dir_file_md5) { - return false; - } - } - } - return true; + if (!is_dir($dir_file)) { + $dir_file_md5 = md5_file($dir_file); + if ($file_to_upload_md5 == $dir_file_md5) { + return false; + } + } + } + return true; } //return unique filename function getUniqueFileName ($target_folder_path, $filename) { - $new_filename = $filename; - $counter = 1; - while (file_exists($target_folder_path . "/" . $new_filename)) { - $counter++; - $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); - } - return $new_filename; + $new_filename = $filename; + $counter = 1; + while (file_exists($target_folder_path . "/" . $new_filename)) { + $counter++; + $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); + } + return $new_filename; } // Check file size - we are not going to check file size for now. @@ -100,5 +98,4 @@ function getUniqueFileName ($target_folder_path, $filename) { // } - ?> From fe6516b2e953682b59a2c7bb0940b0ebff8bc44a Mon Sep 17 00:00:00 2001 From: avni <avni321@gmail.com> Date: Fri, 14 Feb 2025 15:56:09 -0500 Subject: [PATCH 1741/1758] Add lockfile removal before exit in usbmount script per Jerry's recommendation. Add lockfile removal before exit in usbmount script per Jerry's recommendation. Also adjusted spacing! Read up on file locking a bit: - https://www.baeldung.com/linux/file-locking - https://linux.die.net/man/1/lockfile-create --- roles/usb_lib/files/usbmount/usbmount | 175 +++++++++++++------------- 1 file changed, 88 insertions(+), 87 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 08b9e81c3..8104564e7 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,8 +96,9 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log debug "/$DEVNAME does not contain a filesystem or disklabel" - exit + log debug "/$DEVNAME does not contain a filesystem or disklabel" + lockfile-remove /var/run/usbmount/.mount + exit fi log debug "/$DEVNAME contains filesystem type $FSTYPE" @@ -109,7 +110,7 @@ if [ "$1" = add ]; then log debug "BOOT_DEV $BOOT_DEV" if [ $BOOTFW_DEV = /$DEVNAME ]; then - log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" lockfile-remove /var/run/usbmount/.mount exit elif [ $ROOT_DEV = /$DEVNAME ]; then @@ -124,107 +125,107 @@ if [ "$1" = add ]; then # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then - log debug "skipping /$DEVNAME exit" - lockfile-remove /var/run/usbmount/.mount - exit + log debug "skipping /$DEVNAME exit" + lockfile-remove /var/run/usbmount/.mount + exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then - log debug "skipping $UUID" - lockfile-remove /var/run/usbmount/.mount + log debug "skipping $UUID" + lockfile-remove /var/run/usbmount/.mount exit else - log debug "/$DEVNAME contains filesystem type $FSTYPE" - fstype=$FSTYPE - # Test if the filesystem type is in the list of filesystem - # types to mount. - if in_list "$fstype" "$FILESYSTEMS"; then - # Search an available mountpoint. - for v in $MOUNTPOINTS; do - if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then - mountpoint="$v" - log debug "mountpoint $mountpoint is available for /$DEVNAME" - break - fi - done - if [ -n "$mountpoint" ]; then - # Determine mount options. - options= - for v in $FS_MOUNTOPTIONS; do - if expr "$v" : "-fstype=$fstype,."; then - options="$(echo "$v" | sed 's/^[^,]*,//')" - break - fi - done - if [ -n "$MOUNTOPTIONS" ]; then - options="$MOUNTOPTIONS${options:+,$options}" - fi + log debug "/$DEVNAME contains filesystem type $FSTYPE" + fstype=$FSTYPE + # Test if the filesystem type is in the list of filesystem + # types to mount. + if in_list "$fstype" "$FILESYSTEMS"; then + # Search an available mountpoint. + for v in $MOUNTPOINTS; do + if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then + mountpoint="$v" + log debug "mountpoint $mountpoint is available for /$DEVNAME" + break + fi + done + if [ -n "$mountpoint" ]; then + # Determine mount options. + options= + for v in $FS_MOUNTOPTIONS; do + if expr "$v" : "-fstype=$fstype,."; then + options="$(echo "$v" | sed 's/^[^,]*,//')" + break + fi + done + if [ -n "$MOUNTOPTIONS" ]; then + options="$MOUNTOPTIONS${options:+,$options}" + fi - # Mount the filesystem. - log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" - mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" + # Mount the filesystem. + log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" + mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" - # Determine vendor and model. - vendor= - if [ -r "/sys$DEVPATH/device/vendor" ]; then - vendor="`cat \"/sys$DEVPATH/device/vendor\"`" - elif [ -r "/sys$DEVPATH/../device/vendor" ]; then - vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" - elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then - vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" - elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then - vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" - fi - vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + # Determine vendor and model. + vendor= + if [ -r "/sys$DEVPATH/device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/device/vendor\"`" + elif [ -r "/sys$DEVPATH/../device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" + elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" + elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" + fi + vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" - model= - if [ -r "/sys$DEVPATH/device/model" ]; then - model="`cat \"/sys$DEVPATH/device/model\"`" - elif [ -r "/sys$DEVPATH/../device/model" ]; then - model="`cat \"/sys$DEVPATH/../device/model\"`" - elif [ -r "/sys$DEVPATH/device/../product" ]; then - model="`cat \"/sys$DEVPATH/device/../product\"`" - elif [ -r "/sys$DEVPATH/../device/../product" ]; then - model="`cat \"/sys$DEVPATH/../device/../product\"`" - fi - model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + model= + if [ -r "/sys$DEVPATH/device/model" ]; then + model="`cat \"/sys$DEVPATH/device/model\"`" + elif [ -r "/sys$DEVPATH/../device/model" ]; then + model="`cat \"/sys$DEVPATH/../device/model\"`" + elif [ -r "/sys$DEVPATH/device/../product" ]; then + model="`cat \"/sys$DEVPATH/device/../product\"`" + elif [ -r "/sys$DEVPATH/../device/../product" ]; then + model="`cat \"/sys$DEVPATH/../device/../product\"`" + fi + model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" - # Run hook scripts; ignore errors. - export UM_DEVICE="$DEVNAME" - export UM_MOUNTPOINT="$mountpoint" - export UM_FILESYSTEM="$fstype" - export UM_MOUNTOPTIONS="$options" - export UM_VENDOR="$vendor" - export UM_MODEL="$model" - log info "executing command: run-parts /etc/usbmount/mount.d" - run-parts /etc/usbmount/mount.d || : - else - # No suitable mount point found. - log warning "no mountpoint found for $DEVNAME" - exit 1 - fi + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + export UM_MOUNTOPTIONS="$options" + export UM_VENDOR="$vendor" + export UM_MODEL="$model" + log info "executing command: run-parts /etc/usbmount/mount.d" + run-parts /etc/usbmount/mount.d || : + else + # No suitable mount point found. + log warning "no mountpoint found for $DEVNAME" + exit 1 + fi fi - fi +fi elif [ "$1" = remove ]; then # A block or partition device has been removed. # Test if it is mounted. while read device mountpoint fstype remainder; do - if [ "$DEVNAME" = "$device" ]; then + if [ "$DEVNAME" = "$device" ]; then # If the mountpoint and filesystem type are maintained by # this script, unmount the filesystem. if in_list "$mountpoint" "$MOUNTPOINTS" && - in_list "$fstype" "$FILESYSTEMS"; then - log info "executing command: umount -l $mountpoint" - umount -l "$mountpoint" + in_list "$fstype" "$FILESYSTEMS"; then + log info "executing command: umount -l $mountpoint" + umount -l "$mountpoint" - # Run hook scripts; ignore errors. - export UM_DEVICE="$DEVNAME" - export UM_MOUNTPOINT="$mountpoint" - export UM_FILESYSTEM="$fstype" - log info "executing command: run-parts /etc/usbmount/umount.d" - run-parts /etc/usbmount/umount.d || : - fi - break - fi + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + log info "executing command: run-parts /etc/usbmount/umount.d" + run-parts /etc/usbmount/umount.d || : + fi + break + fi done < /proc/mounts else log err "unexpected: action '$1'" From f52b3908218f38e2b4b62d05e7ececb74c133eda Mon Sep 17 00:00:00 2001 From: root <avni@users.noreply.github.com> Date: Sat, 15 Feb 2025 18:36:28 +0000 Subject: [PATCH 1742/1758] usb_lib/tasks/main.yml: updating USB_LIB description to be more clear about the two-way information/data exchange between teachers and students --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 4d2710874..0c4e3c1c4 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -77,7 +77,7 @@ - option: name value: USB_LIB - option: description - value: '"USB_LIB automounts Teacher Content on USB sticks to /library/www/html/local_content, so students can browse the USB AND upload their work to the USB, all at http://box/usb"' + value: '"USB_LIB (1) automounts teacher content on USB sticks to /library/www/html/local_content, so students can browse the USB; AND (2) allows students to upload their work to USB sticks / drives, all from http://box/usb"' - option: usb_lib_install value: "{{ usb_lib_install }}" - option: usb_lib_enabled From e80b912eeab2c0173f16e6f85229ccc73b4990af Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 15 Feb 2025 15:12:20 -0500 Subject: [PATCH 1743/1758] usb_lib/tasks/main.yml: Tiny comment update RE: iiab.conf.j2 --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 0c4e3c1c4..ee4bd18ea 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -1,7 +1,7 @@ # TO DO: (2020-02-13) # - Look at analogous NGINX logic for http://box/usb in # nginx/templates/iiab.conf.j2 and make that visually meaningful for teachers: -# https://github.com/iiab/iiab/blob/master/roles/nginx/templates/iiab.conf.j2#L5-L8 +# https://github.com/iiab/iiab/blob/master/roles/nginx/templates/iiab.conf.j2#L5-L9 # "How do i fail a task in Ansible if the variable contains a boolean value? From 66a35ee9508925ac11bf3aa0b47ebb2a3811d165 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Feb 2025 02:42:17 -0600 Subject: [PATCH 1744/1758] jupyterhub drop --system-site-packages --- roles/jupyterhub/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 4e23f9ccc..d4d9d99e8 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -51,7 +51,8 @@ - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 + #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --prefer-binary" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 @@ -68,7 +69,8 @@ - ipywidgets virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 + #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" From 2ef96ad0ff6601d80d16c3da494d690e5fc2517f Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Feb 2025 02:49:09 -0600 Subject: [PATCH 1745/1758] jupyterhub drop python3-psutil --- roles/jupyterhub/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d4d9d99e8..d55fdf696 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -17,11 +17,11 @@ shell: df -B1 --output=used / | tail -1 register: df1 - -- name: "Install package: python3-psutil" - package: - name: python3-psutil - state: present +# 2025-02-16 +#- name: "Install package: python3-psutil" +# package: +# name: python3-psutil +# state: present - name: Remove previous virtual environment {{ jupyterhub_venv }} file: From bbdd45365d1c457f709e30bbac47f397b3f809a1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau <jvonau3@gmail.com> Date: Sun, 16 Feb 2025 12:36:27 -0600 Subject: [PATCH 1746/1758] update ansible.cfg for use with python3.13 --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index 4030a931e..deb5328ed 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -5,4 +5,4 @@ # Disallowed by Ansible 2.11+ -- see https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.7.html#using-a-loop-on-a-package-module-via-squash-actions #squash_actions = apk, apt, dnf, homebrew, openbsd_pkg, pacman, pkgng, yum, zypper, package [defaults] -interpreter_python=/usr/bin/python3 +interpreter_python=/usr/local/ansible/bin/python3 From f16bd2a6b5674027f9262a100a639cccc2aed5d9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 16 Feb 2025 15:02:50 -0500 Subject: [PATCH 1747/1758] jupyterhub/tasks/install.yml touchup: Comment out `virtualenv_site_packages: no` as tested on PR #3948 --- roles/jupyterhub/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d55fdf696..b6f6c4c83 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -50,7 +50,7 @@ - wheel - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) @@ -68,7 +68,7 @@ - jupyterhub-systemdspawner - ipywidgets virtualenv: "{{ jupyterhub_venv }}" - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 From d1dd071c814f560e5bee73784a2b45e7c893372f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sun, 16 Feb 2025 22:02:54 -0500 Subject: [PATCH 1748/1758] jupyterhub/tasks/install.yml: Mention disk footprint is ~316 MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index b6f6c4c83..57a503014 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -43,7 +43,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~326 MB total, after 2 Ansible calls)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~316 MB total, after 2 Ansible calls)" pip: name: - pip From 957a89d67ca182ce0c2660b0ce14d8aa32527a1d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 17 Feb 2025 01:59:15 -0500 Subject: [PATCH 1749/1758] pip install {pymysql,psycopg,passlib} to Ansible venv, on demand --- roles/munin/tasks/install.yml | 10 ++++++++-- roles/mysql/tasks/install.yml | 10 ++++++++-- roles/postgresql/tasks/install.yml | 10 ++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 3895b7bf9..89fe254cf 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -9,7 +9,7 @@ name: net.ipv6.conf.all.disable_ipv6 value: 0 -- name: "Install 5 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra, python3-passlib" +- name: "Install 4 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra" package: name: #- libapache2-mod-fcgid @@ -17,9 +17,15 @@ - munin - munin-node - munin-plugins-extra - - python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below + #- python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below state: present +- name: pip install 'passlib' into venv /usr/local/ansible -- for Ansible module 'htpasswd' in Ansible collection community.general -- used just below + pip: + name: passlib + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + # SEE ALSO roles/network/tasks/install.yml - name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 sysctl: diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 87bcd9c1a..5bcfbb9bd 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -3,16 +3,22 @@ register: df1 -- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql, python3-pymysql' +- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql' package: name: - mariadb-server - mariadb-client #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx.yml, wordpress/tasks/install.yml - - python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} + #- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} state: present +- name: pip install 'pymysql' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} + pip: + name: pymysql + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + # 2020-07-11: 10 PHP package installs moved to roles/www_base/tasks/main.yml # php{{ php_version }}-sqlite3 install moved to roles/osm-vector-maps/tasks/install.yml diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index f07cf943d..04c6c41d2 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -3,14 +3,20 @@ register: df1 -- name: 'Install packages: postgresql, postgresql-client, python3-psycopg2' +- name: 'Install packages: postgresql, postgresql-client' package: name: - postgresql - postgresql-client - - python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml + #- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present +- name: pip install 'psycopg' into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml + pip: + name: psycopg + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + - name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s) shell: pg_config --version | sed 's/^[^0-9]*//; s/[^0-9].*//' register: pg_config_version From 36e43227752d9d013a6f2a04f36dee2fe9d27ff3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Feb 2025 03:56:40 -0500 Subject: [PATCH 1750/1758] mysql/tasks/install.yml: Respect original typography 'PyMySQL' --- roles/mysql/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 5bcfbb9bd..1b8a04388 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -13,9 +13,9 @@ #- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} state: present -- name: pip install 'pymysql' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} +- name: pip install 'PyMySQL' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} pip: - name: pymysql + name: PyMySQL virtualenv: /usr/local/ansible extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 From 96324233d8b33afcf03ef93b219d755472113f29 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 17 Feb 2025 04:21:44 -0500 Subject: [PATCH 1751/1758] Clarify PR #3950: 'pip install psycopg' is NEW "Psycopg 3" for PostgreSQL --- roles/postgresql/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 04c6c41d2..ce14600c5 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -11,7 +11,7 @@ #- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present -- name: pip install 'psycopg' into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml +- name: pip install 'psycopg' (NEW Psycopg 3) into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml pip: name: psycopg virtualenv: /usr/local/ansible From 1308fb86708c00b4f7ac49c24e8cd1f515dfc4dd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Wed, 19 Feb 2025 15:21:00 -0500 Subject: [PATCH 1752/1758] Update Nextcloud 30.0.6 disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index d0588aac9..2fae98551 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~180 MB) to {{ nextcloud_root_dir }} (~687 MB initially, sometimes ~721 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~183 MB) to {{ nextcloud_root_dir }} (~707 MB initially, sometimes ~741 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 6d5fcdbcc288c68da89821441253393f869ed0aa Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 24 Feb 2025 18:25:07 -0600 Subject: [PATCH 1753/1758] Recommend ansible-core 2.18.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index c5ab3e074..22c8cbacd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.2] -GOOD_VER=2.18.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.3] +GOOD_VER=2.18.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 89b1487dc2849dd70fd01e7bf68067a4c777e5e7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Thu, 27 Feb 2025 15:40:39 -0500 Subject: [PATCH 1754/1758] Update Nextcloud 31.0.0 disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 2fae98551..37429ea0e 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~183 MB) to {{ nextcloud_root_dir }} (~707 MB initially, sometimes ~741 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~216 MB) to {{ nextcloud_root_dir }} (~844 MB initially, sometimes ~878 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 2461a8fde39fcf4d399f40c6ef342d34d0ceb6c4 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Mar 2025 11:41:34 -0500 Subject: [PATCH 1755/1758] iiab-diagnostics: Also record /etc/locale.conf --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 51a7d6797..383f714e9 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -173,7 +173,8 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image -cat_file /etc/default/locale +cat_file /etc/default/locale 'e.g. on Debian 12' +cat_file /etc/locale.conf 'e.g. on Debian 13' cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env From ac12c6db0b2da14247bde6d2859a4ca6347b73d0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Mar 2025 11:42:37 -0500 Subject: [PATCH 1756/1758] iiab-diagnostics.README.md: Update line number --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index d11c13720..7c064b757 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-272 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-273 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From cb42942699f2b4cfe6485ea5a0bbc8c853abd412 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Mar 2025 11:46:21 -0500 Subject: [PATCH 1757/1758] iiab-diagnostics: Clarify that Ubuntu too uses /etc/locale.conf --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 383f714e9..ae7376648 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -174,7 +174,7 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image cat_file /etc/default/locale 'e.g. on Debian 12' -cat_file /etc/locale.conf 'e.g. on Debian 13' +cat_file /etc/locale.conf 'e.g. on Debian 13+ and Ubuntu' cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env From 96ddd6620d8601c54d0d729c7d07c9725b2442d0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Sat, 1 Mar 2025 11:51:09 -0500 Subject: [PATCH 1758/1758] iiab-diagnostics: Fix comments --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ae7376648..193ba4fc7 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -173,13 +173,13 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image -cat_file /etc/default/locale 'e.g. on Debian 12' -cat_file /etc/locale.conf 'e.g. on Debian 13+ and Ubuntu' +cat_file /etc/default/locale # e.g. on Debian 12 +cat_file /etc/locale.conf # e.g. on Debian 13+ and Ubuntu cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini -cat_file /etc/iiab/local_vars.yml # Redacts most passwords above +cat_file /etc/iiab/local_vars.yml # Redacts most passwords above cat_file /etc/iiab/iiab_state.yml cat_file /etc/resolv.conf cat_file /etc/network/interfaces